/// <summary> /// Gets the effective permissions for the provided Sid within the Security Descriptor. /// </summary> /// <param name="pUserSid">A pointer to the Sid of the identity to check.</param> /// <param name="serverName">Name of the server. This can be <c>null</c>.</param> /// <param name="pSecurityDescriptor">A pointer to the security descriptor.</param> /// <returns>An array of access masks.</returns> public virtual uint[] GetEffectivePermission(PSID pUserSid, string serverName, IntPtr pSecurityDescriptor) { var sd = new SafeSecurityDescriptor(pSecurityDescriptor, false); var mask = pUserSid.GetEffectiveRights(sd); return(new[] { mask }); }
public static extern Win32Error GetNamedSecurityInfo( string pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, out IntPtr ppsidOwner, out IntPtr ppsidGroup, out IntPtr ppDacl, out IntPtr ppSacl, out SafeSecurityDescriptor ppSecurityDescriptor);
public static uint GetEffectiveRights(this PSID pSid, SafeSecurityDescriptor pSD) { var t = new TRUSTEE(pSid); GetSecurityDescriptorDacl(pSD, out bool daclPresent, out IntPtr pDacl, out bool daclDefaulted); uint access = 0; GetEffectiveRightsFromAcl(pDacl, t, ref access); return(access); }
public static SafeSecurityDescriptor GetPrivateObjectSecurity(this PSECURITY_DESCRIPTOR pSD, SECURITY_INFORMATION si) { var pResSD = SafeSecurityDescriptor.Null; AdvApi32.GetPrivateObjectSecurity(pSD, si, pResSD, 0, out var ret); if (ret > 0) { pResSD = new SafeSecurityDescriptor((int)ret); if (!pResSD.IsInvalid && !AdvApi32.GetPrivateObjectSecurity(pSD, si, pResSD, ret, out ret)) { Win32Error.GetLastError().ThrowIfFailed(); } } return(pResSD); }
public static NamedPipeServerStream CreatePipe(string name) { var sa = new SecurityAttributes(); sa.Length = Marshal.SizeOf(typeof(SecurityAttributes)); sa.Inheritable = true; Debugger.Debug(LogLevel.Info, $"Created SA: {sa}"); // Create a YOLO security descriptor to get around Access Denied problems // This is a pipe for a game; nothing of value to steal SafeSecurityDescriptor securityDescriptor = SafeSecurityDescriptor.FromSDDL("D:(A;OICI;GA;;;WD)"); Debugger.Debug(LogLevel.Info, $"Got security descriptor: {securityDescriptor}"); sa.SecurityDescriptor = securityDescriptor.DangerousGetHandle(); IntPtr pipeHandle = CreateNamedPipe($@"\\.\pipe\{name}", PIPE_ACCESS_DUPLEX, PIPE_TYPE_BYTE, 1, 64 * 1024, 64 * 1024, 0, sa); Debugger.Debug(LogLevel.Info, $"Created pipe: {pipeHandle.ToString("X")}"); securityDescriptor.Dispose(); return(new NamedPipeServerStream(PipeDirection.InOut, false, false, new SafePipeHandle(pipeHandle, true))); }
public SecurityEventArg(SafeSecurityDescriptor sd, SECURITY_INFORMATION parts) { Parts = parts; SecurityDesciptor = sd; }
public static string ToSddl(this SafeSecurityDescriptor pSD, SECURITY_INFORMATION si) => ConvertSecurityDescriptorToStringSecurityDescriptor(pSD, si);
public static SafeSecurityDescriptor GetPrivateObjectSecurity(this SafeSecurityDescriptor pSD, SECURITY_INFORMATION si) => GetPrivateObjectSecurity((PSECURITY_DESCRIPTOR)pSD, si);
public static string ToSddl(this SafeSecurityDescriptor pSD, SECURITY_INFORMATION si) => ConvertSecurityDescriptorToStringSecurityDescriptor(pSD, SDDL_REVISION.SDDL_REVISION_1, si, out var ssd, out var _) ? ssd : null;
public static extern bool ConvertSecurityDescriptorToStringSecurityDescriptor(SafeSecurityDescriptor SecurityDescriptor, SDDL_REVISION RequestedStringSDRevision, SECURITY_INFORMATION SecurityInformation, [MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(LocalStringMarshaler), MarshalCookie = "Auto")] out string StringSecurityDescriptor, out uint StringSecurityDescriptorLen);
public static extern bool ConvertStringSecurityDescriptorToSecurityDescriptor(string StringSecurityDescriptor, SDDL_REVISION StringSDRevision, out SafeSecurityDescriptor SecurityDescriptor, out uint SecurityDescriptorSize);
private static extern bool ConvertStringSecurityDescriptorToSecurityDescriptor( string stringSecurityDescriptor, int stringSdRevision, out SafeSecurityDescriptor pSecurityDescriptor, IntPtr securityDescriptorSize);