protected void AddAccessRule(ObjectAccessRule rule) { if (rule == null) { throw new ArgumentNullException("rule"); } base.WriteLock(); try { bool flag; this.ModifyAccess(AccessControlModification.Add, rule, out flag); } finally { base.WriteUnlock(); } }
protected void RemoveAccessRuleSpecific(ObjectAccessRule rule) { throw new NotImplementedException(); }
protected void AddAccessRule(ObjectAccessRule rule) { throw new NotImplementedException(); }
protected void RemoveAccessRuleSpecific(ObjectAccessRule rule) { if (rule == null) { throw new ArgumentNullException("rule"); } if (base._securityDescriptor != null) { base.WriteLock(); try { bool flag; this.ModifyAccess(AccessControlModification.RemoveSpecific, rule, out flag); } finally { base.WriteUnlock(); } } }
public bool RemoveAccess(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule) { return RemoveAccess(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); }
protected bool RemoveAccessRule(ObjectAccessRule rule) { if (rule == null) { throw new ArgumentNullException("rule"); } Contract.EndContractBlock(); WriteLock(); try { if (_securityDescriptor == null) { return true; } bool modified; return ModifyAccess(AccessControlModification.Remove, rule, out modified); } finally { WriteUnlock(); } }
protected bool RemoveAccessRule(ObjectAccessRule rule) { return(default(bool)); }
public new bool RemoveAccessRule(ObjectAccessRule rule) { return(base.RemoveAccessRule(rule)); }
protected void SetAccessRule(ObjectAccessRule rule) { }
protected void AddAccessRule(ObjectAccessRule rule) { }
protected void RemoveAccessRuleSpecific(ObjectAccessRule rule) { }
protected void RemoveAccessRuleAll(ObjectAccessRule rule) { }
protected void SetAccessRule (ObjectAccessRule rule) { bool modified; ModifyAccess (AccessControlModification.Set, rule, out modified); }
public bool RemoveAccess(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule) { return(RemoveAccess(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType)); }
public new void RemoveAccessRuleSpecific(ObjectAccessRule rule) { base.RemoveAccessRuleSpecific(rule); }
public new void SetAccessRule(ObjectAccessRule rule) { base.SetAccessRule(rule); }
// // Modifies the DACL // private bool ModifyAccess(AccessControlModification modification, ObjectAccessRule rule, out bool modified) { bool result = true; if (_securityDescriptor.DiscretionaryAcl == null) { if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific) { modified = false; return result; } //_securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1); //_securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent); _securityDescriptor.AddDiscretionaryAcl(GenericAcl.AclRevisionDS, 1); } else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) && (rule.ObjectFlags != ObjectAceFlags.None)) { // // This will result in an object ace being added to the dacl, so the dacl revision must be AclRevisionDS // if (_securityDescriptor.DiscretionaryAcl.Revision < GenericAcl.AclRevisionDS) { // // we need to create a new dacl with the same aces as the existing one but the revision should be AclRevisionDS // byte[] binaryForm = new byte[_securityDescriptor.DiscretionaryAcl.BinaryLength]; _securityDescriptor.DiscretionaryAcl.GetBinaryForm(binaryForm, 0); binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form _securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0)); } } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; if (rule.AccessControlType == AccessControlType.Allow) { switch (modification) { case AccessControlModification.Add: //_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule); break; case AccessControlModification.Set: //_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule); break; case AccessControlModification.Reset: _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); //_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule); break; case AccessControlModification.Remove: //result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule); break; case AccessControlModification.RemoveAll: result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (result == false) { Debug.Assert(false, "Invalid operation"); throw new Exception(); } break; case AccessControlModification.RemoveSpecific: //_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule); break; default: throw new ArgumentOutOfRangeException( "modification", SR.ArgumentOutOfRange_Enum); } } else if (rule.AccessControlType == AccessControlType.Deny) { switch (modification) { case AccessControlModification.Add: //_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule); break; case AccessControlModification.Set: //_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule); break; case AccessControlModification.Reset: _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); //_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule); break; case AccessControlModification.Remove: //result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule); break; case AccessControlModification.RemoveAll: result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (result == false) { Debug.Assert(false, "Invalid operation"); throw new Exception(); } break; case AccessControlModification.RemoveSpecific: //_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule); break; default: throw new ArgumentOutOfRangeException( "modification", SR.ArgumentOutOfRange_Enum); } } else { Debug.Assert(false, "rule.AccessControlType unrecognized"); throw new Exception(); } modified = result; AccessRulesModified |= modified; return result; }
protected void RemoveAccessRuleSpecific (ObjectAccessRule rule) { bool modified; ModifyAccess (AccessControlModification.RemoveSpecific, rule, out modified); }
protected bool RemoveAccessRule(ObjectAccessRule rule) { return default(bool); }
protected bool RemoveAccessRule(ObjectAccessRule rule) { bool flag2; if (rule == null) { throw new ArgumentNullException("rule"); } base.WriteLock(); try { bool flag; if (base._securityDescriptor == null) { return true; } flag2 = this.ModifyAccess(AccessControlModification.Remove, rule, out flag); } finally { base.WriteUnlock(); } return flag2; }
/// <summary>从当前 <see cref="T:System.Security.AccessControl.DiscretionaryAcl" /> 对象移除指定的访问控制项 (ACE)。</summary> /// <param name="accessType">要移除的访问控制类型(允许或拒绝)。</param> /// <param name="sid">要为其移除 ACE 的 <see cref="T:System.Security.Principal.SecurityIdentifier" />。</param> /// <param name="rule"> /// <see cref="T:System.Security.AccessControl.ObjectAccessRule" />为其删除的访问权限。</param> public void RemoveAccessSpecific(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule) { this.RemoveAccessSpecific(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); }
// // Modifies the DACL // private bool ModifyAccess(AccessControlModification modification, ObjectAccessRule rule, out bool modified) { bool result = true; if (SecurityDescriptor.DiscretionaryAcl == null) { if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific) { modified = false; return(result); } //_securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1); //_securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent); SecurityDescriptor.AddDiscretionaryAcl(GenericAcl.AclRevisionDS, 1); } else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) && (rule.ObjectFlags != ObjectAceFlags.None)) { // // This will result in an object ace being added to the dacl, so the dacl revision must be AclRevisionDS // if (SecurityDescriptor.DiscretionaryAcl.Revision < GenericAcl.AclRevisionDS) { // // we need to create a new dacl with the same aces as the existing one but the revision should be AclRevisionDS // byte[] binaryForm = new byte[SecurityDescriptor.DiscretionaryAcl.BinaryLength]; SecurityDescriptor.DiscretionaryAcl.GetBinaryForm(binaryForm, 0); binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form SecurityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0)); } } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; if (rule.AccessControlType == AccessControlType.Allow) { switch (modification) { case AccessControlModification.Add: //_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule); break; case AccessControlModification.Set: //_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule); break; case AccessControlModification.Reset: SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); //_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule); break; case AccessControlModification.Remove: //result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); result = SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule); break; case AccessControlModification.RemoveAll: result = SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (result == false) { throw new InvalidOperationException(SR.InvalidOperation_RemoveFail); } break; case AccessControlModification.RemoveSpecific: //_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule); break; default: throw new ArgumentOutOfRangeException( nameof(modification), SR.ArgumentOutOfRange_Enum); } } else if (rule.AccessControlType == AccessControlType.Deny) { switch (modification) { case AccessControlModification.Add: //_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule); break; case AccessControlModification.Set: //_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule); break; case AccessControlModification.Reset: SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); //_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule); break; case AccessControlModification.Remove: //result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); result = SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule); break; case AccessControlModification.RemoveAll: result = SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (result == false) { throw new InvalidOperationException(SR.InvalidOperation_RemoveFail); } break; case AccessControlModification.RemoveSpecific: //_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule); break; default: throw new ArgumentOutOfRangeException( nameof(modification), SR.ArgumentOutOfRange_Enum); } } else { throw new ArgumentException(SR.Format(SR.TypeUnrecognized_AccessControl, rule.AccessControlType)); } modified = result; AccessRulesModified |= modified; return(result); }
private bool ModifyAccess(AccessControlModification modification, ObjectAccessRule rule, out bool modified) { bool flag = true; if (this._securityDescriptor.DiscretionaryAcl == null) { if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific) { modified = false; return(flag); } this._securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(this.IsContainer, this.IsDS, GenericAcl.AclRevisionDS, 1); this._securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent); } else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) && (rule.ObjectFlags != ObjectAceFlags.None && (int)this._securityDescriptor.DiscretionaryAcl.Revision < (int)GenericAcl.AclRevisionDS)) { byte[] binaryForm = new byte[this._securityDescriptor.DiscretionaryAcl.BinaryLength]; this._securityDescriptor.DiscretionaryAcl.GetBinaryForm(binaryForm, 0); binaryForm[0] = GenericAcl.AclRevisionDS; this._securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(this.IsContainer, this.IsDS, new RawAcl(binaryForm, 0)); } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; if (rule.AccessControlType == AccessControlType.Allow) { switch (modification) { case AccessControlModification.Add: this._securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Set: this._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Reset: this._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); this._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Remove: flag = this._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.RemoveAll: flag = this._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (!flag) { throw new SystemException(); } break; case AccessControlModification.RemoveSpecific: this._securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; default: throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum")); } } else { if (rule.AccessControlType != AccessControlType.Deny) { throw new SystemException(); } switch (modification) { case AccessControlModification.Add: this._securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Set: this._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Reset: this._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); this._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Remove: flag = this._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.RemoveAll: flag = this._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (!flag) { throw new SystemException(); } break; case AccessControlModification.RemoveSpecific: this._securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; default: throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum")); } } modified = flag; this.AccessRulesModified = this.AccessRulesModified | modified; return(flag); }
protected bool RemoveAccessRule(ObjectAccessRule rule) { throw new NotImplementedException(); }
protected void AddAccessRule (ObjectAccessRule rule) { throw new NotImplementedException (); }
protected void AddAccessRule(ObjectAccessRule rule) { if (rule == null) { throw new ArgumentNullException(nameof(rule)); } Contract.EndContractBlock(); WriteLock(); try { bool modified; ModifyAccess(AccessControlModification.Add, rule, out modified); } finally { WriteUnlock(); } return; }
protected bool RemoveAccessRule (ObjectAccessRule rule) { throw new NotImplementedException (); }
public void AddAccess(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule) { AddAccess(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); }
protected void RemoveAccessRuleSpecific (ObjectAccessRule rule) { throw new NotImplementedException (); }
public new void RemoveAccessRuleAll(ObjectAccessRule rule) { base.RemoveAccessRuleAll(rule); }
protected bool RemoveAccessRule(ObjectAccessRule rule) { bool modified; return(ModifyAccess(AccessControlModification.Remove, rule, out modified)); }
public new void ResetAccessRule(ObjectAccessRule rule) { base.ResetAccessRule(rule); }
protected void RemoveAccessRuleSpecific(ObjectAccessRule rule) { bool modified; ModifyAccess(AccessControlModification.RemoveSpecific, rule, out modified); }
public new void AddAccessRule(ObjectAccessRule rule) { base.AddAccessRule(rule); }
protected void SetAccessRule(ObjectAccessRule rule) { bool modified; ModifyAccess(AccessControlModification.Set, rule, out modified); }
public void RemoveAccessSpecific(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule) { RemoveAccessSpecific(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); }
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified) { if (null == rule) { throw new ArgumentNullException("rule"); } ObjectAccessRule orule = rule as ObjectAccessRule; if (null == orule) { throw new ArgumentException("rule"); } modified = true; WriteLock(); try { switch (modification) { case AccessControlModification.Add: descriptor.DiscretionaryAcl.AddAccess(orule.AccessControlType, SidFromIR(orule.IdentityReference), orule.AccessMask, orule.InheritanceFlags, orule.PropagationFlags, orule.ObjectFlags, orule.ObjectType, orule.InheritedObjectType); break; case AccessControlModification.Set: descriptor.DiscretionaryAcl.SetAccess(orule.AccessControlType, SidFromIR(orule.IdentityReference), orule.AccessMask, orule.InheritanceFlags, orule.PropagationFlags, orule.ObjectFlags, orule.ObjectType, orule.InheritedObjectType); break; case AccessControlModification.Reset: PurgeAccessRules(orule.IdentityReference); goto case AccessControlModification.Add; case AccessControlModification.Remove: modified = descriptor.DiscretionaryAcl.RemoveAccess(orule.AccessControlType, SidFromIR(orule.IdentityReference), rule.AccessMask, orule.InheritanceFlags, orule.PropagationFlags, orule.ObjectFlags, orule.ObjectType, orule.InheritedObjectType); break; case AccessControlModification.RemoveAll: PurgeAccessRules(orule.IdentityReference); break; case AccessControlModification.RemoveSpecific: descriptor.DiscretionaryAcl.RemoveAccessSpecific(orule.AccessControlType, SidFromIR(orule.IdentityReference), orule.AccessMask, orule.InheritanceFlags, orule.PropagationFlags, orule.ObjectFlags, orule.ObjectType, orule.InheritedObjectType); break; default: throw new ArgumentOutOfRangeException("modification"); } if (modified) { AccessRulesModified = true; } } finally { WriteUnlock(); } return(modified); }
protected void ResetAccessRule(ObjectAccessRule rule) { if (rule == null) { throw new ArgumentNullException("rule"); } Contract.EndContractBlock(); WriteLock(); try { bool modified; ModifyAccess(AccessControlModification.Reset, rule, out modified); } finally { WriteUnlock(); } }
private bool ModifyAccess(AccessControlModification modification, ObjectAccessRule rule, out bool modified) { bool flag = true; if (base._securityDescriptor.DiscretionaryAcl == null) { if (((modification == AccessControlModification.Remove) || (modification == AccessControlModification.RemoveAll)) || (modification == AccessControlModification.RemoveSpecific)) { modified = false; return flag; } base._securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(base.IsContainer, base.IsDS, GenericAcl.AclRevisionDS, 1); base._securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent); } else if ((((modification == AccessControlModification.Add) || (modification == AccessControlModification.Set)) || (modification == AccessControlModification.Reset)) && ((rule.ObjectFlags != ObjectAceFlags.None) && (base._securityDescriptor.DiscretionaryAcl.Revision < GenericAcl.AclRevisionDS))) { byte[] binaryForm = new byte[base._securityDescriptor.DiscretionaryAcl.BinaryLength]; base._securityDescriptor.DiscretionaryAcl.GetBinaryForm(binaryForm, 0); binaryForm[0] = GenericAcl.AclRevisionDS; base._securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(base.IsContainer, base.IsDS, new RawAcl(binaryForm, 0)); } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; if (rule.AccessControlType == AccessControlType.Allow) { switch (modification) { case AccessControlModification.Add: base._securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); goto Label_045E; case AccessControlModification.Set: base._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); goto Label_045E; case AccessControlModification.Reset: base._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); base._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); goto Label_045E; case AccessControlModification.Remove: flag = base._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); goto Label_045E; case AccessControlModification.RemoveAll: flag = base._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (!flag) { throw new SystemException(); } goto Label_045E; case AccessControlModification.RemoveSpecific: base._securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); goto Label_045E; } throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum")); } if (rule.AccessControlType != AccessControlType.Deny) { throw new SystemException(); } switch (modification) { case AccessControlModification.Add: base._securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Set: base._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Reset: base._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); base._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Remove: flag = base._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.RemoveAll: flag = base._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (!flag) { throw new SystemException(); } break; case AccessControlModification.RemoveSpecific: base._securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; default: throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum")); } Label_045E: modified = flag; base.AccessRulesModified |= modified; return flag; }
protected void RemoveAccessRuleSpecific(ObjectAccessRule rule) { if (rule == null) { throw new ArgumentNullException("rule"); } Contract.EndContractBlock(); if (_securityDescriptor == null) { return; } WriteLock(); try { bool modified; ModifyAccess(AccessControlModification.RemoveSpecific, rule, out modified); } finally { WriteUnlock(); } }
protected bool RemoveAccessRule (ObjectAccessRule rule) { bool modified; return ModifyAccess (AccessControlModification.Remove, rule, out modified); }