/// <summary>
/// Set the security descriptor for a service.
/// </summary>
/// <param name="name">The name of the service.</param>
/// <param name="security_descriptor">The security descriptor to set.</param>
/// <param name="security_information">The security information to set.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The NT status.</returns>
public static NtStatus SetServiceSecurityDescriptor(string name, SecurityDescriptor security_descriptor,
SecurityInformation security_information, bool throw_on_error)
{
var desired_access = NtSecurity.SetSecurityAccessMask(security_information).ToSpecificAccess <ServiceAccessRights>();
using (var service = OpenService(name, desired_access, throw_on_error)) {
if (!service.IsSuccess)
{
return(service.Status);
}
return(SetServiceSecurityDescriptor(service.Result, security_information, security_descriptor, throw_on_error));
}
}
/// <summary>
/// Set the SCM security descriptor.
/// </summary>
/// <param name="security_descriptor">The security descriptor to set.</param>
/// <param name="security_information">The parts of the security descriptor to set.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The NT status code.</returns>
public static NtStatus SetScmSecurityDescriptor(SecurityDescriptor security_descriptor,
SecurityInformation security_information, bool throw_on_error)
{
var desired_access = NtSecurity.SetSecurityAccessMask(security_information).ToSpecificAccess <ServiceControlManagerAccessRights>();
using (SafeServiceHandle scm = Win32NativeMethods.OpenSCManager(null, null,
ServiceControlManagerAccessRights.Connect | desired_access)) {
if (scm.IsInvalid)
{
return(Win32Utils.GetLastWin32Error().ToNtException(throw_on_error));
}
return(SetServiceSecurityDescriptor(scm, security_information, security_descriptor, throw_on_error));
}
}
/// <summary>
/// Overridden ProcessRecord
/// </summary>
protected override void ProcessRecord()
{
AccessMask mask;
switch (ParameterSetName)
{
case "FromAce":
mask = AccessControlEntry.Mask;
break;
case "FromSecurityInformation":
if (SetSecurity)
{
mask = NtSecurity.SetSecurityAccessMask(SecurityInformation);
}
else
{
mask = NtSecurity.QuerySecurityAccessMask(SecurityInformation);
}
break;
default:
mask = AccessMask;
mask |= MapGeneric(SpecificAccessType.File, FileAccess);
mask |= MapGeneric(SpecificAccessType.File, FileDirectoryAccess);
mask |= MapGeneric(SpecificAccessType.IoCompletion, IoCompletionAccess);
mask |= MapGeneric(SpecificAccessType.Mutant, MutantAccess);
mask |= MapGeneric(SpecificAccessType.Semaphore, SemaphoreAccess);
mask |= MapGeneric(SpecificAccessType.RegistryTransaction, RegistryTransactionAccess);
mask |= MapGeneric(SpecificAccessType.ALPCPort, AlpcPortAccess);
mask |= MapGeneric(SpecificAccessType.Section, SectionAccess);
mask |= MapGeneric(SpecificAccessType.Key, KeyAccess);
mask |= MapGeneric(SpecificAccessType.Event, EventAccess);
mask |= MapGeneric(SpecificAccessType.SymbolicLink, SymbolicLinkAccess);
mask |= MapGeneric(SpecificAccessType.Token, TokenAccess);
mask |= GenericAccess;
mask |= MapGeneric(SpecificAccessType.Directory, DirectoryAccess);
mask |= MapGeneric(SpecificAccessType.Thread, ThreadAccess);
mask |= MapGeneric(SpecificAccessType.DebugObject, DebugObjectAccess);
mask |= MapGeneric(SpecificAccessType.Job, JobAccess);
mask |= MapGeneric(SpecificAccessType.Process, ProcessAccess);
mask |= MapGeneric(SpecificAccessType.Transaction, TransactionAccess);
mask |= MapGeneric(SpecificAccessType.TransactionManager, TransactionManagerAccess);
mask |= MapGeneric(SpecificAccessType.ResourceManager, ResourceManagerAccess);
mask |= MapGeneric(SpecificAccessType.Enlistment, EnlistmentAccess);
mask |= (uint)ManadatoryLabelPolicy;
break;
}
if (ToGenericAccess)
{
WriteObject(mask.ToGenericAccess());
}
else if (ToMandatoryLabelPolicy)
{
WriteObject(mask.ToMandatoryLabelPolicy());
}
else if (ToSpecificAccess == SpecificAccessType.None && ToTypeAccess == null)
{
WriteObject(mask);
}
else
{
NtType type = ToTypeAccess ?? GetTypeObject(ToSpecificAccess);
WriteObject(mask.ToSpecificAccess(type.AccessRightsType));
}
}
