public SecurityDescriptor(
SecurityIdentifier owner,
SecurityIdentifier group,
AccessControlList dacl,
AccessControlList sacl,
SecurityDescriptorControl control)
{
// create security descriptor
_pSd = CreateSecurityDescriptor(
owner == null ? IntPtr.Zero : owner.Handle,
group == null ? IntPtr.Zero : group.Handle,
dacl == null ? IntPtr.Zero : dacl.Handle,
sacl == null ? IntPtr.Zero : sacl.Handle,
control);
// query properties
uint revision;
uint controlFlags;
if (!SecurityNative.GetSecurityDescriptorControl(_pSd, out controlFlags, out revision))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
_revision = (int)revision;
_control = (SecurityDescriptorControl)controlFlags;
_owner = owner;
_group = group;
_dacl = dacl;
_sacl = sacl;
}
public static void BlockCopy(LocalAllocHandle from, LocalAllocHandle to, IntPtr length)
{
if (length == IntPtr.Zero)
{
return;
}
bool fromRefAdded = false;
bool toRefAdded = false;
try
{
from.DangerousAddRef(ref fromRefAdded);
to.DangerousAddRef(ref toRefAdded);
if (sizeof(IntPtr) == 4)
{
BlockCopyImpl(from: (byte *)from.DangerousGetHandle(), to: (byte *)to.DangerousGetHandle(), byteCount: (uint)length.ToInt32());
}
else
{
BlockCopyImpl(from: (byte *)from.DangerousGetHandle(), to: (byte *)to.DangerousGetHandle(), byteCount: (ulong)length.ToInt64());
}
}
finally
{
if (fromRefAdded)
{
from.DangerousRelease();
}
if (toRefAdded)
{
to.DangerousRelease();
}
}
}
public SecurityIdentifier(byte[] authorityIdentifier, uint[] rids)
{
// parameters validation
if (authorityIdentifier == null)
{
throw new ArgumentNullException("authorityIdentifier");
}
if (rids == null)
{
throw new ArgumentNullException("rids");
}
// get SID size
byte subAuthCount = (byte)rids.Length;
_size = SecurityNative.GetSidLengthRequired(subAuthCount);
// allocate memory for security identifier
_pSid = new LocalAllocHandle(_size);
// initialize security identifier
GCHandle gcAuthId = GCHandle.Alloc(authorityIdentifier, GCHandleType.Pinned);
if (!SecurityNative.InitializeSid(_pSid, gcAuthId.AddrOfPinnedObject(), subAuthCount))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
gcAuthId.Free();
// initialize subauthorities
for (byte i = 0; i < subAuthCount; ++i)
{
Marshal.WriteInt32(SecurityNative.GetSidSubAuthority(_pSid, i), (int)rids[i]);
}
}
internal SecurityIdentifier(IntPtr pSid, bool copy)
{
// parameters validation
if (pSid == IntPtr.Zero)
{
throw new ArgumentNullException("pSid");
}
// get SID size
_size = SecurityNative.GetLengthSid(pSid);
if (copy)
{
// allocate memory for security identifier
_pSid = new LocalAllocHandle(_size);
// copy security identifier
if (!SecurityNative.CopySid((uint)_size, (IntPtr)_pSid, pSid))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
else
{
// store pointer
_pSid = new LocalAllocHandle(pSid);
}
}
// http://msdn.microsoft.com/en-us/library/windows/desktop/hh706811(v=vs.85).aspx
internal static extern int NCryptUnprotectSecret(
[Out] out NCryptDescriptorHandle phDescriptor,
[In] uint dwFlags,
[In] byte *pbProtectedBlob,
[In] uint cbProtectedBlob,
[In] IntPtr pMemPara,
[In] IntPtr hWnd,
[Out] out LocalAllocHandle ppbData,
[Out] out uint pcbData);
public static extern int FormatMessage(
[In] uint dwFlags,
[In] SafeLibraryHandle lpSource,
[In] uint dwMessageId,
[In] uint dwLanguageId,
[Out] out LocalAllocHandle lpBuffer,
[In] uint nSize,
[In] IntPtr Arguments
);
internal static extern int NCryptUnprotectSecret(
#endif
out NCryptDescriptorHandle phDescriptor,
uint dwFlags,
byte *pbProtectedBlob,
uint cbProtectedBlob,
IntPtr pMemPara,
IntPtr hWnd,
out LocalAllocHandle ppbData,
out uint pcbData);
public static extern int FormatMessage(
#endif
uint dwFlags,
SafeLibraryHandle lpSource,
uint dwMessageId,
uint dwLanguageId,
out LocalAllocHandle lpBuffer,
uint nSize,
IntPtr Arguments
);
/// <summary>
/// Creates security descriptor
/// </summary>
private static LocalAllocHandle CreateSecurityDescriptor(
IntPtr pOwner,
IntPtr pGroup,
IntPtr pDacl,
IntPtr pSacl,
SecurityDescriptorControl control)
{
// correct control flags
if (pDacl != IntPtr.Zero)
{
control |= SecurityDescriptorControl.DaclPresent;
}
if (pSacl != IntPtr.Zero)
{
control |= SecurityDescriptorControl.SaclPresent;
}
// allocate memory for security descriptor
LocalAllocHandle pSd = new LocalAllocHandle(SecurityNative.SecurityDescriptor.Size);
// initialize security descriptor
if (!SecurityNative.InitializeSecurityDescriptor(pSd, SecurityNative.SECURITY_DESCRIPTOR_REVISION))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
// set security descriptor control
if (!SecurityNative.SetSecurityDescriptorControl(pSd, (uint)SecurityDescriptorControl.InheritenceMask, (uint)(control & SecurityDescriptorControl.InheritenceMask)))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
// set SIDs
if (!SecurityNative.SetSecurityDescriptorOwner(pSd, pOwner, (control & SecurityDescriptorControl.OwnerDefaulted) != 0))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
if (!SecurityNative.SetSecurityDescriptorGroup(pSd, pGroup, (control & SecurityDescriptorControl.GroupDefaulted) != 0))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
// set ACLs
if (!SecurityNative.SetSecurityDescriptorDacl(pSd, (control & SecurityDescriptorControl.DaclPresent) != 0, pDacl, (control & SecurityDescriptorControl.DaclDefaulted) != 0))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
if (!SecurityNative.SetSecurityDescriptorSacl(pSd, (control & SecurityDescriptorControl.SaclPresent) != 0, pSacl, (control & SecurityDescriptorControl.SaclDefaulted) != 0))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
return(pSd);
}
public static void BlockCopy(byte *from, LocalAllocHandle to, uint byteCount)
{
bool refAdded = false;
try
{
to.DangerousAddRef(ref refAdded);
BlockCopy(from, (void *)to.DangerousGetHandle(), byteCount);
}
finally
{
if (refAdded)
{
to.DangerousRelease();
}
}
}
public static void BlockCopy(LocalAllocHandle from, void *to, uint byteCount)
{
bool refAdded = false;
try
{
from.DangerousAddRef(ref refAdded);
BlockCopy((void *)from.DangerousGetHandle(), to, byteCount);
}
finally
{
if (refAdded)
{
from.DangerousRelease();
}
}
}
public SecurityIdentifier(string sid)
{
// parameters validation
if (sid == null)
{
throw new ArgumentNullException("sid");
}
// convert string to SID
IntPtr pSid;
if (!SecurityNative.ConvertStringSidToSid(sid, out pSid))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
// store pointer
_pSid = new LocalAllocHandle(pSid);
// get SID size
_size = SecurityNative.GetLengthSid(pSid);
}
// https://msdn.microsoft.com/en-us/library/windows/desktop/hh706801(v=vs.85).aspx
internal static extern int NCryptGetProtectionDescriptorInfo(
[In] NCryptDescriptorHandle hDescriptor,
[In] IntPtr pMemPara,
[In] uint dwInfoType,
[Out] out LocalAllocHandle ppvInfo);
internal static extern int NCryptGetProtectionDescriptorInfo(
#endif
NCryptDescriptorHandle hDescriptor,
IntPtr pMemPara,
uint dwInfoType,
out LocalAllocHandle ppvInfo);
/// <summary>
/// Initializes unmanaged Overlapped structure
/// </summary>
private void InitializeOverlapped()
{
_pOverlapped = new LocalAllocHandle(PipeNative.Overlapped.Size);
_asyncEvent = new ManualResetEvent(false);
Marshal.WriteIntPtr(_pOverlapped, PipeNative.Overlapped.hEventOffset, _asyncEvent.Handle);
}
internal SecurityDescriptor(IntPtr pSd, bool copy)
{
// get security descriptor information
IntPtr pOwner;
IntPtr pGroup;
IntPtr pDacl;
IntPtr pSacl;
SecurityDescriptorControl control;
GetSecurityDescriptorInfo(
pSd,
out pOwner,
out pGroup,
out pDacl,
out pSacl,
out control);
bool copyStructs;
if (copy)
{
// create security descriptor
_pSd = CreateSecurityDescriptor(pOwner, pGroup, pDacl, pSacl, control);
copyStructs = true;
}
else
{
// store pointer
_pSd = new LocalAllocHandle(pSd);
copyStructs = (control & SecurityDescriptorControl.SelfRelative) != 0;
}
// query properties
uint revision;
uint controlFlags;
if (!SecurityNative.GetSecurityDescriptorControl(_pSd, out controlFlags, out revision))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
_revision = (int)revision;
_control = (SecurityDescriptorControl)controlFlags;
if (pOwner != IntPtr.Zero)
{
_owner = new SecurityIdentifier(pOwner, copyStructs);
}
if (pGroup != IntPtr.Zero)
{
_group = new SecurityIdentifier(pGroup, copyStructs);
}
if (pDacl != IntPtr.Zero)
{
_dacl = new AccessControlList(pDacl, copyStructs);
}
if (pSacl != IntPtr.Zero)
{
_sacl = new AccessControlList(pSacl, copyStructs);
}
}