GetSecurityDescriptorBinaryForm() 공개 메소드

public GetSecurityDescriptorBinaryForm ( ) : byte[]
리턴 byte[]
예제 #1
0
 public NativeSecurityAttributes(ObjectSecurity managedSecurityObject, bool inheritHandle)
 {
   length = Marshal.SizeOf(typeof(NativeSecurityAttributes));
   byte[] binarySecurityDescriptor = managedSecurityObject.GetSecurityDescriptorBinaryForm();
   securityDescriptor = Marshal.AllocHGlobal(binarySecurityDescriptor.Length);
   Marshal.Copy(binarySecurityDescriptor, 0, securityDescriptor, binarySecurityDescriptor.Length);
   this.inheritHandle = inheritHandle;
 }
예제 #2
0
        /// <summary>Sort ACEs according to canonical form for this <see cref="ObjectSecurity"/>.</summary>
        /// <param name="objectSecurity">The object security whose DiscretionaryAcl will be made canonical.</param>
        public static void CanonicalizeAccessRules(this ObjectSecurity objectSecurity)
        {
            if (objectSecurity == null)
            {
                throw new ArgumentNullException(nameof(objectSecurity));
            }
            if (objectSecurity.AreAccessRulesCanonical)
            {
                return;
            }

            // Get raw SD from objectSecurity and canonicalize DACL
            var sd = new RawSecurityDescriptor(objectSecurity.GetSecurityDescriptorBinaryForm(), 0);

            sd.DiscretionaryAcl.Canonicalize();

            // Convert SD back into objectSecurity
            objectSecurity.SetSecurityDescriptorBinaryForm(sd.GetBinaryForm());
        }
예제 #3
0
 private static SafeGlobalMemoryBufferHandle ToUnmanagedSecurityAttributes(ObjectSecurity securityDescriptor)
 {
    if (securityDescriptor == null)
       return new SafeGlobalMemoryBufferHandle();
    
    
    byte[] src = securityDescriptor.GetSecurityDescriptorBinaryForm();
    var safeBuffer = new SafeGlobalMemoryBufferHandle(src.Length);
    try
    {
       safeBuffer.CopyFrom(src, 0, src.Length);
       return safeBuffer;
    }
    catch
    {
       safeBuffer.Close();
       throw;
    }
 }
예제 #4
0
 private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections)
 {
     byte[] securityDescriptorBinaryForm = sd.GetSecurityDescriptorBinaryForm();
     if (Directory.Exists(path))
     {
         DirectorySecurity directorySecurity = new DirectorySecurity();
         directorySecurity.SetSecurityDescriptorBinaryForm(securityDescriptorBinaryForm, sections);
         Directory.SetAccessControl(path, directorySecurity);
         base.WriteSecurityDescriptorObject(directorySecurity, path);
     }
     else
     {
         FileSecurity fileSecurity = new FileSecurity();
         fileSecurity.SetSecurityDescriptorBinaryForm(securityDescriptorBinaryForm, sections);
         File.SetAccessControl(path, fileSecurity);
         base.WriteSecurityDescriptorObject(fileSecurity, path);
     }
 }
예제 #5
0
      internal static void SetAccessControlInternal(string path, SafeHandle handle, ObjectSecurity objectSecurity, AccessControlSections includeSections, PathFormat pathFormat)
      {
         if (pathFormat == PathFormat.RelativePath)
            Path.CheckValidPath(path, true, true);

         if (objectSecurity == null)
            throw new ArgumentNullException("objectSecurity");

         byte[] managedDescriptor = objectSecurity.GetSecurityDescriptorBinaryForm();
         using (var safeBuffer = new SafeGlobalMemoryBufferHandle(managedDescriptor.Length))
         {
            string pathLp = Path.GetExtendedLengthPathInternal(null, path, pathFormat, GetFullPathOptions.RemoveTrailingDirectorySeparator | GetFullPathOptions.CheckInvalidPathChars);

            safeBuffer.CopyFrom(managedDescriptor, 0, managedDescriptor.Length);

            SecurityDescriptorControl control;
            uint revision;
            if (!Security.NativeMethods.GetSecurityDescriptorControl(safeBuffer, out control, out revision))
               NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);

            PrivilegeEnabler privilegeEnabler = null;
            try
            {
               var securityInfo = SecurityInformation.None;

               IntPtr pDacl = IntPtr.Zero;
               if ((includeSections & AccessControlSections.Access) != 0)
               {
                  bool daclDefaulted, daclPresent;
                  if (!Security.NativeMethods.GetSecurityDescriptorDacl(safeBuffer, out daclPresent, out pDacl, out daclDefaulted))
                     NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);

                  if (daclPresent)
                  {
                     securityInfo |= SecurityInformation.Dacl;
                     securityInfo |= (control & SecurityDescriptorControl.DaclProtected) != 0
                        ? SecurityInformation.ProtectedDacl
                        : SecurityInformation.UnprotectedDacl;
                  }
               }

               IntPtr pSacl = IntPtr.Zero;
               if ((includeSections & AccessControlSections.Audit) != 0)
               {
                  bool saclDefaulted, saclPresent;
                  if (!Security.NativeMethods.GetSecurityDescriptorSacl(safeBuffer, out saclPresent, out pSacl, out saclDefaulted))
                     NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);

                  if (saclPresent)
                  {
                     securityInfo |= SecurityInformation.Sacl;
                     securityInfo |= (control & SecurityDescriptorControl.SaclProtected) != 0
                        ? SecurityInformation.ProtectedSacl
                        : SecurityInformation.UnprotectedSacl;

                     privilegeEnabler = new PrivilegeEnabler(Privilege.Security);
                  }
               }

               IntPtr pOwner = IntPtr.Zero;
               if ((includeSections & AccessControlSections.Owner) != 0)
               {
                  bool ownerDefaulted;
                  if (!Security.NativeMethods.GetSecurityDescriptorOwner(safeBuffer, out pOwner, out ownerDefaulted))
                     NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);

                  if (pOwner != IntPtr.Zero)
                     securityInfo |= SecurityInformation.Owner;
               }

               IntPtr pGroup = IntPtr.Zero;
               if ((includeSections & AccessControlSections.Group) != 0)
               {
                  bool groupDefaulted;
                  if (!Security.NativeMethods.GetSecurityDescriptorGroup(safeBuffer, out pGroup, out groupDefaulted))
                     NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);

                  if (pGroup != IntPtr.Zero)
                     securityInfo |= SecurityInformation.Group;
               }


               uint lastError;
               if (!Utils.IsNullOrWhiteSpace(pathLp))
               {
                  // SetNamedSecurityInfo()
                  // In the ANSI version of this function, the name is limited to MAX_PATH characters.
                  // To extend this limit to 32,767 wide characters, call the Unicode version of the function and prepend "\\?\" to the path.
                  // 2013-01-13: MSDN does not confirm LongPath usage but a Unicode version of this function exists.

                  lastError = Security.NativeMethods.SetNamedSecurityInfo(pathLp, ObjectType.FileObject, securityInfo, pOwner, pGroup, pDacl, pSacl);
                  if (lastError != Win32Errors.ERROR_SUCCESS)
                     NativeError.ThrowException(lastError, pathLp);
               }
               else if (NativeMethods.IsValidHandle(handle))
               {
                  lastError = Security.NativeMethods.SetSecurityInfo(handle, ObjectType.FileObject, securityInfo, pOwner, pGroup, pDacl, pSacl);
                  if (lastError != Win32Errors.ERROR_SUCCESS)
                     NativeError.ThrowException((int)lastError);
               }
            }
            finally
            {
               if (privilegeEnabler != null)
                  privilegeEnabler.Dispose();
            }
         }
      }
예제 #6
0
        } // SetSecurityDescriptor

        private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections)
        {
            var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE();
            byte[] securityDescriptorBinary = null;

            try
            {
                // Get the binary form of the descriptor.
                PlatformInvokes.EnableTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
                securityDescriptorBinary = sd.GetSecurityDescriptorBinaryForm();
            }
            finally
            {
                PlatformInvokes.RestoreTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
            }

            try
            {
                PlatformInvokes.EnableTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState);

                // Transfer it to the new file / directory.
                // We keep these two code branches so that we can have more 
                // granular information when we ouput the object type via 
                // WriteSecurityDescriptorObject.
                if (Directory.Exists(path))
                {
                    DirectorySecurity newDescriptor = new DirectorySecurity();
                    newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections);
                    new DirectoryInfo(path).SetAccessControl(newDescriptor);
                    WriteSecurityDescriptorObject(newDescriptor, path);
                }
                else
                {
                    FileSecurity newDescriptor = new FileSecurity();
                    newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections);
                    new FileInfo(path).SetAccessControl(newDescriptor);
                    WriteSecurityDescriptorObject(newDescriptor, path);
                }
            }
            finally
            {
                PlatformInvokes.RestoreTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState);
            }
        }