public static void GetNamedSecurityInfo( string objectName, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, out Sid sidOwner, out Sid sidGroup, out Dacl dacl, out Sacl sacl, out SecurityDescriptor secDesc) { sidOwner = null; sidGroup = null; dacl = null; sacl = null; secDesc = null; IntPtr ptrOwnerSid = IntPtr.Zero; IntPtr ptrGroupSid = IntPtr.Zero; IntPtr ptrDacl = IntPtr.Zero; IntPtr ptrSacl = IntPtr.Zero; IntPtr ptrSecDesc = IntPtr.Zero; DWORD rc = Win32.GetNamedSecurityInfo(objectName, objectType, securityInfo, ref ptrOwnerSid, ref ptrGroupSid, ref ptrDacl, ref ptrSacl, ref ptrSecDesc); if (rc != Win32.ERROR_SUCCESS) { Win32.SetLastError(rc); Win32.ThrowLastError(); } try { if (ptrOwnerSid != IntPtr.Zero) sidOwner = new Sid(ptrOwnerSid); if (ptrGroupSid != IntPtr.Zero) sidGroup = new Sid(ptrGroupSid); if (ptrDacl != IntPtr.Zero) dacl = new Dacl(ptrDacl); if (ptrSacl != IntPtr.Zero) sacl = new Sacl(ptrSacl); if (ptrSecDesc != IntPtr.Zero) secDesc = new SecurityDescriptor(ptrSecDesc, true); } catch { if (ptrSecDesc != IntPtr.Zero) Win32.LocalFree(ptrSecDesc); throw; } }
public System.IntPtr MarshalManagedToNative(object ManagedObj) { SecurityDescriptor sdIn = (SecurityDescriptor)ManagedObj; IntPtr sdPtr = IntPtr.Zero; if (sdIn != null) { _wrapper = sdIn; // Keep a ref to the managed object sdPtr = sdIn.Ptr; } Debug.Assert(sdPtr != IntPtr.Zero, "Warning: It's almost always a bad idea to use a NULL security descriptor"); return sdPtr; }
private static void UnsafeSetSacl(SecurityDescriptor secDesc, Sacl sacl, bool defaulted) { if (sacl == null) throw new ArgumentException("Can't set null SACL on a security descriptor", "sacl"); secDesc.MakeAbsolute(); // First we have to get a copy of the old group ptr, so that // we can free it if everything goes well. BOOL rc; IntPtr pOldSacl = IntPtr.Zero; if(!secDesc.IsNull) { BOOL oldDefaulted, oldPresent; rc = Win32.GetSecurityDescriptorSacl(secDesc._secDesc, out oldPresent, ref pOldSacl, out oldDefaulted); Win32.CheckCall(rc); } else { secDesc.AllocateAndInitializeSecurityDescriptor(); } IntPtr pNewSacl = IntPtr.Zero; try { if(!sacl.IsNull && !sacl.IsEmpty) { byte []pacl = sacl.GetNativeACL(); pNewSacl = Win32.AllocGlobal(pacl.Length); Marshal.Copy(pacl, 0, pNewSacl, pacl.Length); } bool present = (sacl.IsNull || (pNewSacl != IntPtr.Zero)); rc = Win32.SetSecurityDescriptorSacl( secDesc._secDesc, (present ? Win32.TRUE : Win32.FALSE), pNewSacl, (defaulted ? Win32.TRUE : Win32.FALSE)); Win32.CheckCall(rc); Win32.FreeGlobal(pOldSacl); } catch { Win32.FreeGlobal(pNewSacl); throw; } }
private static unsafe void UnsafeSetOwner(SecurityDescriptor secDesc, Sid owner, bool defaulted) { if (! owner.IsValid) throw new ArgumentException("SID must be valid to set as owner of a security descriptor", "owner"); secDesc.MakeAbsolute(); // First we have to get a copy of the old owner ptr, so that // we can free it if everything goes well. BOOL rc; IntPtr pOldOwner; if(!secDesc.IsNull) { BOOL oldDefaulted; rc = Win32.GetSecurityDescriptorOwner(secDesc._secDesc, out pOldOwner, out oldDefaulted); Win32.CheckCall(rc); } else { secDesc.AllocateAndInitializeSecurityDescriptor(); pOldOwner = IntPtr.Zero; } DWORD cbSidSize = (DWORD)owner.Size; IntPtr pNewOwner = Win32.AllocGlobal(cbSidSize); try { // Copy the SID content to pNewOwner memory fixed (byte *pNewSid = owner.GetNativeSID()) { rc = Win32.CopySid(cbSidSize, pNewOwner, (IntPtr)pNewSid); Win32.CheckCall(rc); } // Set the new owner SID rc = Win32.SetSecurityDescriptorOwner(secDesc._secDesc, pNewOwner, (defaulted ? Win32.TRUE : Win32.FALSE)); Win32.CheckCall(rc); // Now, we can free the old owner Win32.FreeGlobal(pOldOwner); } catch { Win32.FreeGlobal(pNewOwner); throw; } }
// // Only called from the custom marshaler // internal void Parse(IntPtr pSecAttr) { if (pSecAttr == IntPtr.Zero) throw new ArgumentException("Can't parse a NULL struct", "pSecAttr"); SECURITY_ATTRIBUTES attrs = (SECURITY_ATTRIBUTES) new MemoryMarshaler(pSecAttr).ParseStruct(typeof(SECURITY_ATTRIBUTES)); _inheritHandles = Win32.ToBool(attrs.bInheritHandle); if (attrs.lpSecurityDescriptor != IntPtr.Zero) { // Create a new SecDesc only if we don't already have one or // if the one we have hasn't the same ptr to unmanged memory if (_secDesc == null || _secDesc.Ptr != attrs.lpSecurityDescriptor) _secDesc = new SecurityDescriptor(attrs.lpSecurityDescriptor); } }