public override string ToString() { StringBuilder sb = new StringBuilder(); if (Owner != null) { sb.AppendLineEnv($"{nameof(Owner)}: {Owner.ToString()}"); } if (Group != null) { sb.AppendLineEnv($"{nameof(Group)}: {Group.ToString()}"); } if (Dacl != null) { sb.AppendLineEnv($"{nameof(Dacl)}:"); sb.AppendIndentEnv(Dacl.ToString()); } if (Sacl != null) { sb.AppendLineEnv($"{nameof(Sacl)}:"); sb.AppendIndentEnv(Sacl.ToString()); } return(sb.ToString()); }
public JObject ToJObject() { JObject parsedSddl = new JObject(); if (Owner != null) { parsedSddl.Add("Owner", Owner.Alias); } if (Group != null) { parsedSddl.Add("Group", Group.Alias); } if (Dacl != null) { parsedSddl.Add("DACL", Dacl.ToJObject()); } /* * if (Sacl != null) * { * parsedSDDL.Add("SACL", Sacl.ToString()); * }*/ return(parsedSddl); }
public static Boolean CreateDir(String strSitePath, String strUserName) { Boolean bOk; try { Directory.CreateDirectory(strSitePath); SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION); Dacl dacl = secDesc.Dacl; Sid sidUser = new Sid(strUserName); // allow: folder, subfolder and files // modify dacl.AddAce(new AceAccessAllowed(sidUser, AccessType.GENERIC_WRITE | AccessType.GENERIC_READ | AccessType.DELETE | AccessType.GENERIC_EXECUTE, AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE)); // deny: this folder // write attribs // write extended attribs // delete // change permissions // take ownership DirectoryAccessType DAType = DirectoryAccessType.FILE_WRITE_ATTRIBUTES | DirectoryAccessType.FILE_WRITE_EA | DirectoryAccessType.DELETE | DirectoryAccessType.WRITE_OWNER | DirectoryAccessType.WRITE_DAC; AccessType AType = (AccessType)DAType; dacl.AddAce(new AceAccessDenied(sidUser, AType)); secDesc.SetDacl(dacl); secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION); bOk = true; } catch { bOk = false; } return(bOk); } /* CreateDir */
private void AddUsers(string[] users, bool useSid) { Dacl dacl = new Dacl(); if (users.Length > 0) { foreach (string user in users) { string sOperation = null; try { sOperation = "Creating a sid for: " + user; Sid sid = new Sid(user, useSid); sOperation = "Creating a new AceAccessAllowed"; AceAccessAllowed ace = new AceAccessAllowed(sid, (AccessType)(FileAccessType.FILE_READ_DATA | FileAccessType.FILE_READ_ATTRIBUTES)); sOperation = "Adding the ace to the DACL"; dacl.AddAce(ace); } catch { throw; } } } SetDacl(dacl); }
private void AddAce(AceType type, AccessMask mask, AceFlags flags, Sid sid) { if (Dacl == null) { Dacl = new Acl(); } Dacl.NullAcl = false; Dacl.Add(new Ace(type, flags, mask, sid)); }
/// <summary> /// Add an ACE to the DACL, creating the DACL if needed. /// </summary> /// <param name="ace">The ACE to add to the DACL.</param> public void AddAce(Ace ace) { if (Dacl == null) { Dacl = new Acl(); } Dacl.NullAcl = false; Dacl.Add(ace); }
private SecurityDescriptor CreateNewSecurityDescriptor() { return(new SecurityDescriptor { Dacl = Dacl?.Clone() ?? CreateAcl(EmptyDacl, NullDacl), Sacl = Sacl?.Clone() ?? CreateAcl(EmptySacl, NullSacl), Owner = Owner != null ? new SecurityDescriptorSid(Owner, false) : null, Group = Group != null ? new SecurityDescriptorSid(Group, false) : null }); }
private SafeHGlobalBuffer CreateAbsoluteSecurityDescriptor() { SafeStructureInOutBuffer <SecurityDescriptorStructure> sd_buffer = null; try { byte[] dacl = Dacl?.ToByteArray(); byte[] sacl = Sacl?.ToByteArray(); byte[] owner = Owner?.Sid.ToArray(); byte[] group = Group?.Sid.ToArray(); int total_size = GetLength(dacl) + GetLength(sacl) + GetLength(owner) + GetLength(group); sd_buffer = new SafeStructureInOutBuffer <SecurityDescriptorStructure>(total_size, true); NtRtl.RtlCreateSecurityDescriptor(sd_buffer, Revision).ToNtException(); SecurityDescriptorControl control = Control & SecurityDescriptorControl.ValidControlSetMask; NtRtl.RtlSetControlSecurityDescriptor(sd_buffer, control, control).ToNtException(); int current_ofs = 0; if (Dacl != null) { IntPtr ptr = UpdateBuffer(sd_buffer, Dacl.NullAcl ? null : dacl, ref current_ofs); NtRtl.RtlSetDaclSecurityDescriptor(sd_buffer, true, ptr, Dacl.Defaulted).ToNtException(); } if (Sacl != null) { IntPtr ptr = UpdateBuffer(sd_buffer, Sacl.NullAcl ? null : sacl, ref current_ofs); NtRtl.RtlSetSaclSecurityDescriptor(sd_buffer, true, ptr, Sacl.Defaulted).ToNtException(); } if (Owner != null) { IntPtr ptr = UpdateBuffer(sd_buffer, owner, ref current_ofs); NtRtl.RtlSetOwnerSecurityDescriptor(sd_buffer, ptr, Owner.Defaulted); } if (Group != null) { IntPtr ptr = UpdateBuffer(sd_buffer, group, ref current_ofs); NtRtl.RtlSetGroupSecurityDescriptor(sd_buffer, ptr, Group.Defaulted); } return(Interlocked.Exchange(ref sd_buffer, null)); } finally { sd_buffer?.Close(); } }
/// <summary> /// Convert security descriptor to a byte array /// </summary> /// <returns>The binary security descriptor</returns> public byte[] ToByteArray() { SafeStructureInOutBuffer <SecurityDescriptorStructure> sd_buffer = null; SafeHGlobalBuffer dacl_buffer = null; SafeHGlobalBuffer sacl_buffer = null; SafeSidBufferHandle owner_buffer = null; SafeSidBufferHandle group_buffer = null; try { sd_buffer = new SafeStructureInOutBuffer <SecurityDescriptorStructure>(); NtRtl.RtlCreateSecurityDescriptor(sd_buffer, Revision).ToNtException(); SecurityDescriptorControl control = Control & SecurityDescriptorControl.ValidControlSetMask; NtRtl.RtlSetControlSecurityDescriptor(sd_buffer, control, control).ToNtException(); if (Dacl != null) { if (!Dacl.NullAcl) { dacl_buffer = new SafeHGlobalBuffer(Dacl.ToByteArray()); } else { dacl_buffer = new SafeHGlobalBuffer(IntPtr.Zero, 0, false); } NtRtl.RtlSetDaclSecurityDescriptor(sd_buffer, true, dacl_buffer.DangerousGetHandle(), Dacl.Defaulted).ToNtException(); } if (Sacl != null) { if (!Sacl.NullAcl) { sacl_buffer = new SafeHGlobalBuffer(Sacl.ToByteArray()); } else { sacl_buffer = new SafeHGlobalBuffer(IntPtr.Zero, 0, false); } NtRtl.RtlSetSaclSecurityDescriptor(sd_buffer, true, sacl_buffer.DangerousGetHandle(), Sacl.Defaulted).ToNtException(); } if (Owner != null) { owner_buffer = Owner.Sid.ToSafeBuffer(); NtRtl.RtlSetOwnerSecurityDescriptor(sd_buffer, owner_buffer.DangerousGetHandle(), Owner.Defaulted); } if (Group != null) { group_buffer = Group.Sid.ToSafeBuffer(); NtRtl.RtlSetGroupSecurityDescriptor(sd_buffer, group_buffer.DangerousGetHandle(), Group.Defaulted); } int total_length = 0; NtStatus status = NtRtl.RtlAbsoluteToSelfRelativeSD(sd_buffer, new SafeHGlobalBuffer(IntPtr.Zero, 0, false), ref total_length); if (status != NtStatus.STATUS_BUFFER_TOO_SMALL) { status.ToNtException(); } using (SafeHGlobalBuffer relative_sd = new SafeHGlobalBuffer(total_length)) { NtRtl.RtlAbsoluteToSelfRelativeSD(sd_buffer, relative_sd, ref total_length).ToNtException(); return(relative_sd.ToArray()); } } finally { sd_buffer?.Close(); dacl_buffer?.Close(); sacl_buffer?.Close(); owner_buffer?.Close(); group_buffer?.Close(); } }
private NtResult <SafeHGlobalBuffer> CreateAbsoluteSecurityDescriptor(bool throw_on_error) { byte[] dacl = Dacl?.ToByteArray(); byte[] sacl = Sacl?.ToByteArray(); byte[] owner = Owner?.Sid.ToArray(); byte[] group = Group?.Sid.ToArray(); int total_size = GetLength(dacl) + GetLength(sacl) + GetLength(owner) + GetLength(group); using (var sd_buffer = new SafeStructureInOutBuffer <SecurityDescriptorStructure>(total_size, true)) { NtStatus status = NtRtl.RtlCreateSecurityDescriptor(sd_buffer, Revision); if (!status.IsSuccess()) { return(status.CreateResultFromError <SafeHGlobalBuffer>(throw_on_error)); } SecurityDescriptorControl control = Control & SecurityDescriptorControl.ValidControlSetMask; status = NtRtl.RtlSetControlSecurityDescriptor(sd_buffer, control, control); if (!status.IsSuccess()) { return(status.CreateResultFromError <SafeHGlobalBuffer>(throw_on_error)); } int current_ofs = 0; if (Dacl != null) { IntPtr ptr = UpdateBuffer(sd_buffer, Dacl.NullAcl ? null : dacl, ref current_ofs); status = NtRtl.RtlSetDaclSecurityDescriptor(sd_buffer, true, ptr, Dacl.Defaulted); if (!status.IsSuccess()) { return(status.CreateResultFromError <SafeHGlobalBuffer>(throw_on_error)); } } if (Sacl != null) { IntPtr ptr = UpdateBuffer(sd_buffer, Sacl.NullAcl ? null : sacl, ref current_ofs); status = NtRtl.RtlSetSaclSecurityDescriptor(sd_buffer, true, ptr, Sacl.Defaulted); if (!status.IsSuccess()) { return(status.CreateResultFromError <SafeHGlobalBuffer>(throw_on_error)); } } if (Owner != null) { IntPtr ptr = UpdateBuffer(sd_buffer, owner, ref current_ofs); status = NtRtl.RtlSetOwnerSecurityDescriptor(sd_buffer, ptr, Owner.Defaulted); if (!status.IsSuccess()) { return(status.CreateResultFromError <SafeHGlobalBuffer>(throw_on_error)); } } if (Group != null) { IntPtr ptr = UpdateBuffer(sd_buffer, group, ref current_ofs); status = NtRtl.RtlSetGroupSecurityDescriptor(sd_buffer, ptr, Group.Defaulted); if (!status.IsSuccess()) { return(status.CreateResultFromError <SafeHGlobalBuffer>(throw_on_error)); } } return(status.CreateResult <SafeHGlobalBuffer>(throw_on_error, () => sd_buffer.Detach())); } }
/// <summary> /// 对用户 strUserName 赋予对文件夹strSitePath 所有的访问权限 /// </summary> /// <param name="strSitePath"></param> /// <param name="strUserName"></param> /// <returns></returns> public static Boolean SetDirPermission(String strSitePath, String strUserName) { bool IsDir = false; if (System.IO.File.Exists(strSitePath)) { IsDir = false; } else if (!IsDir && !System.IO.Directory.Exists(strSitePath)) { return(false); } else { IsDir = true; } Boolean bOk; try { // Directory.CreateDirectory(strSitePath); SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION); Dacl dacl = secDesc.Dacl;//The discretionary access control list (DACL) of an object Sid sidUser = new Sid(strUserName); dacl.RemoveAces(sidUser); AccessType AType = AccessType.GENERIC_ALL; AceFlags flag = AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE | AceFlags.SUCCESSFUL_ACCESS_ACE_FLAG; AceAccessAllowed ace = new AceAccessAllowed(sidUser, AType, flag); dacl.AddAce(ace); secDesc.SetDacl(dacl); secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION); bOk = true; } catch (Exception ee) { throw ee; } //对所有的子文件和子文件夹附权 if (IsDir) { string[] files = System.IO.Directory.GetFiles(strSitePath); if (files != null && files.Length > 0) { foreach (string file in files) { SetDirPermission(file, strUserName); } } string[] dirs = System.IO.Directory.GetDirectories(strSitePath); if (dirs != null && dirs.Length > 0) { foreach (string dir in dirs) { SetDirPermission(dir, strUserName); } } } return(bOk); } /* CreateDir */