internal static int SetSecurityInfo(
ResourceType type,
string name,
SafeHandle handle,
SecurityInfos securityInformation,
SecurityIdentifier owner,
SecurityIdentifier group,
GenericAcl sacl,
GenericAcl dacl)
{
int errorCode;
int Length;
byte[] OwnerBinary = null, GroupBinary = null, SaclBinary = null, DaclBinary = null;
Privilege securityPrivilege = null;
//
// Demand unmanaged code permission
// The integrator layer is free to assert this permission
// and, in turn, demand another permission of its caller
//
new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand();
if (owner != null)
{
Length = owner.BinaryLength;
OwnerBinary = new byte[Length];
owner.GetBinaryForm(OwnerBinary, 0);
}
if (@group != null)
{
Length = @group.BinaryLength;
GroupBinary = new byte[Length];
@group.GetBinaryForm(GroupBinary, 0);
}
if (dacl != null)
{
Length = dacl.BinaryLength;
DaclBinary = new byte[Length];
dacl.GetBinaryForm(DaclBinary, 0);
}
if (sacl != null)
{
Length = sacl.BinaryLength;
SaclBinary = new byte[Length];
sacl.GetBinaryForm(SaclBinary, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != 0)
{
//
// Enable security privilege if trying to set a SACL.
// Note: even setting it by handle needs this privilege enabled!
//
securityPrivilege = new Privilege(Privilege.Security);
}
// Ensure that the finally block will execute
RuntimeHelpers.PrepareConstrainedRegions();
try
{
if (securityPrivilege != null)
{
try
{
securityPrivilege.Enable();
}
catch (PrivilegeNotHeldException)
{
// we will ignore this exception and press on just in case this is a remote resource
}
}
if (name != null)
{
errorCode = (int)NativeMethods.SetSecurityInfoByName(name, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
else if (handle != null)
{
if (handle.IsInvalid)
{
throw new ArgumentException("Invalid safe handle");
}
else
{
errorCode = (int)NativeMethods.SetSecurityInfoByHandle(handle, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
}
else
{
// both are null, shouldn't happen
throw new InvalidProgramException();
}
if (errorCode == NativeMethods.ERROR_NOT_ALL_ASSIGNED ||
errorCode == NativeMethods.ERROR_PRIVILEGE_NOT_HELD)
{
throw new PrivilegeNotHeldException(Privilege.Security);
}
else if (errorCode == NativeMethods.ERROR_ACCESS_DENIED ||
errorCode == NativeMethods.ERROR_CANT_OPEN_ANONYMOUS)
{
throw new UnauthorizedAccessException();
}
else if (errorCode != NativeMethods.ERROR_SUCCESS)
{
goto Error;
}
}
catch
{
// protection against exception filter-based luring attacks
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
throw;
}
finally
{
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
}
return(0);
Error:
if (errorCode == NativeMethods.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
return(errorCode);
}
public static void RunWithPrivilege( string privilege, bool enabled, PrivilegedCallback callback, object state )
{
if ( callback == null )
{
throw new ArgumentNullException( "callback" );
}
Privilege p = new Privilege( privilege );
RuntimeHelpers.PrepareConstrainedRegions();
try
{
if (enabled)
{
p.Enable();
}
else
{
p.Disable();
}
callback(state);
}
catch
{
p.Revert();
throw;
}
finally
{
p.Revert();
}
}
public static Int32 SetSecurityInfo(ResourceType type, [NotNull] String name, SecurityInfos securityInformation,
[CanBeNull] SecurityIdentifier owner, [CanBeNull] SecurityIdentifier group, [CanBeNull] GenericAcl sacl, [CanBeNull] GenericAcl dacl)
{
name = name.ThrowIfBlank();
if (!Enum.IsDefined(enumType: typeof(ResourceType), type))
{
throw new InvalidEnumArgumentException(argumentName: nameof(type), invalidValue: ( Int32 )type, enumClass: typeof(ResourceType));
}
if (!Enum.IsDefined(enumType: typeof(SecurityInfos), securityInformation))
{
throw new InvalidEnumArgumentException(argumentName: nameof(securityInformation), invalidValue: ( Int32 )securityInformation,
enumClass: typeof(SecurityInfos));
}
Int32 errorCode;
Int32 Length;
Byte[] OwnerBinary = null, GroupBinary = null, SaclBinary = null, DaclBinary = null;
Privilege securityPrivilege = null;
// Demand unmanaged code permission
// The integrator layer is free to assert this permission and, in turn, demand another permission of its caller
new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand();
if (owner != null)
{
Length = owner.BinaryLength;
OwnerBinary = new Byte[Length];
owner.GetBinaryForm(OwnerBinary, 0);
}
if (group != null)
{
Length = group.BinaryLength;
GroupBinary = new Byte[Length];
group.GetBinaryForm(GroupBinary, 0);
}
if (dacl != null)
{
Length = dacl.BinaryLength;
DaclBinary = new Byte[Length];
dacl.GetBinaryForm(DaclBinary, 0);
}
if (sacl != null)
{
Length = sacl.BinaryLength;
SaclBinary = new Byte[Length];
sacl.GetBinaryForm(SaclBinary, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != 0)
{
// Enable security privilege if trying to set a SACL.
// Note: even setting it by handle needs this privilege enabled!
securityPrivilege = new Privilege(Privilege.Security);
}
// Ensure that the finally block will execute
RuntimeHelpers.PrepareConstrainedRegions();
try {
if (securityPrivilege != null)
{
try {
securityPrivilege.Enable();
}
catch (PrivilegeNotHeldException) {
// we will ignore this exception and press on just in case this is a remote resource
}
}
errorCode = ( Int32 )NativeMethods.SetSecurityInfoByName(name, ( UInt32 )type, ( UInt32 )securityInformation, OwnerBinary, GroupBinary, DaclBinary,
SaclBinary);
switch (errorCode)
{
case NativeMethods.ERROR_NOT_ALL_ASSIGNED:
case NativeMethods.ERROR_PRIVILEGE_NOT_HELD:
throw new PrivilegeNotHeldException(Privilege.Security);
case NativeMethods.ERROR_ACCESS_DENIED:
case NativeMethods.ERROR_CANT_OPEN_ANONYMOUS:
throw new UnauthorizedAccessException();
}
if (errorCode != NativeMethods.ERROR_SUCCESS)
{
goto Error;
}
}
catch {
// protection against exception filter-based luring attacks
securityPrivilege?.Revert();
throw;
}
finally {
securityPrivilege?.Revert();
}
return(0);
Error:
if (errorCode == NativeMethods.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
return(errorCode);
}
