internal static UnsafeNativeMethods.SECURITY_ATTRIBUTES GetSecAttrs(HandleInheritability inheritability) {
UnsafeNativeMethods.SECURITY_ATTRIBUTES secAttrs = null;
if ((inheritability & HandleInheritability.Inheritable) != 0) {
secAttrs = new UnsafeNativeMethods.SECURITY_ATTRIBUTES();
secAttrs.nLength = (int)Marshal.SizeOf(secAttrs);
secAttrs.bInheritHandle = 1;
}
return secAttrs;
}
internal LogStream(String path, int bufferSize, LogRetentionOption retention, long maxFileSize, int maxNumOfFiles)
{
Debug.Assert(!String.IsNullOrEmpty(path));
// Get absolute path - Security needs this to prevent something
// like trying to create a file in c:\tmp with the name
// "..\WinNT\System32\ntoskrnl.exe". Store it for user convenience.
//String filePath = Path.GetFullPathInternal(path);
String filePath = Path.GetFullPath(path);
_fileName = filePath;
// Prevent access to your disk drives as raw block devices.
if (filePath.StartsWith("\\\\.\\", StringComparison.Ordinal))
throw new NotSupportedException(SR.GetString(SR.NotSupported_IONonFileDevices));
UnsafeNativeMethods.SECURITY_ATTRIBUTES secAttrs = GetSecAttrs(FileShare.Read);
// For mitigating local elevation of privilege attack through named pipes
// make sure we always call CreateFile with SECURITY_ANONYMOUS so that the
// named pipe server can't impersonate a high privileged client security context
int flagsAndAttributes = (int)FileOptions.None | (UnsafeNativeMethods.SECURITY_SQOS_PRESENT | UnsafeNativeMethods.SECURITY_ANONYMOUS);
// Only write is enabled
//_canRead = false;
//_canSeek = false;
_canWrite = true;
_pathSav = filePath;
_fAccessSav = UnsafeNativeMethods.GENERIC_WRITE;
_shareSav = FileShare.Read;
_secAttrsSav = secAttrs;
_secAccessSav = FileIOPermissionAccess.Write;
_modeSav = (retention != LogRetentionOption.SingleFileUnboundedSize)? FileMode.Create : FileMode.OpenOrCreate;
_flagsAndAttributesSav = flagsAndAttributes;
_seekToEndSav = (retention != LogRetentionOption.SingleFileUnboundedSize)? false : true;
this.bufferSize = bufferSize;
_retention = retention;
_maxFileSize = maxFileSize;
_maxNumberOfFiles = maxNumOfFiles;
_Init(filePath, _fAccessSav, _shareSav, _secAttrsSav, _secAccessSav, _modeSav, _flagsAndAttributesSav, _seekToEndSav);
}
internal unsafe static UnsafeNativeMethods.SECURITY_ATTRIBUTES GetSecAttrs(HandleInheritability inheritability, PipeSecurity pipeSecurity, out Object pinningHandle) {
pinningHandle = null;
UnsafeNativeMethods.SECURITY_ATTRIBUTES secAttrs = null;
if ((inheritability & HandleInheritability.Inheritable) != 0 || pipeSecurity != null) {
secAttrs = new UnsafeNativeMethods.SECURITY_ATTRIBUTES();
secAttrs.nLength = (int)Marshal.SizeOf(secAttrs);
if ((inheritability & HandleInheritability.Inheritable) != 0) {
secAttrs.bInheritHandle = 1;
}
// For ACLs, get the security descriptor from the PipeSecurity.
if (pipeSecurity != null) {
byte[] sd = pipeSecurity.GetSecurityDescriptorBinaryForm();
pinningHandle = GCHandle.Alloc(sd, GCHandleType.Pinned);
fixed (byte* pSecDescriptor = sd) {
secAttrs.pSecurityDescriptor = pSecDescriptor;
}
}
}
return secAttrs;
}
private static UnsafeNativeMethods.SECURITY_ATTRIBUTES GetSecAttrs(FileShare share)
{
UnsafeNativeMethods.SECURITY_ATTRIBUTES secAttrs = null;
if ((share & FileShare.Inheritable) != 0) {
secAttrs = new UnsafeNativeMethods.SECURITY_ATTRIBUTES();
secAttrs.nLength = (int)Marshal.SizeOf(secAttrs);
secAttrs.bInheritHandle = 1;
}
return secAttrs;
}
