public static bool AclPartialEqual(GenericAcl acl1, GenericAcl acl2, int acl1StartAceIndex, int acl1EndAceIndex, int acl2StartAceIndex, int acl2EndAceIndex)
{
int index1 = 0;
int index2 = 0;
bool result = true;
if (null != acl1 && null != acl2)
{
if (acl1StartAceIndex < 0 || acl1EndAceIndex < 0 || acl1StartAceIndex > acl1.Count - 1 || acl1EndAceIndex > acl1.Count - 1 ||
acl2StartAceIndex < 0 || acl2EndAceIndex < 0 || acl2StartAceIndex > acl2.Count - 1 || acl2EndAceIndex > acl2.Count - 1)
{
//the caller has garenteeed the index calculation is correct so if any above condition hold,
//that means the range of the index is invalid
return(true);
}
if (acl1EndAceIndex - acl1StartAceIndex != acl2EndAceIndex - acl2StartAceIndex)
{
result = false;
}
else
{
for (index1 = acl1StartAceIndex, index2 = acl2StartAceIndex; index1 <= acl1EndAceIndex; index1++, index2++)
{
if (!Utils.IsAceEqual(acl1[index1], acl2[index2]))
{
result = false;
break;
}
}
}
}
else if (null == acl1 && null == acl2)
{
}
else
{
result = false;
}
return(result);
}
public static bool AclPartialEqual(GenericAcl acl1, GenericAcl acl2, int acl1StartAceIndex, int acl1EndAceIndex, int acl2StartAceIndex, int acl2EndAceIndex)
{
int index1 = 0;
int index2 = 0;
bool result = true;
if (null != acl1 && null != acl2)
{
if (acl1StartAceIndex < 0 || acl1EndAceIndex < 0 || acl1StartAceIndex > acl1.Count - 1 || acl1EndAceIndex > acl1.Count - 1 ||
acl2StartAceIndex < 0 || acl2EndAceIndex < 0 || acl2StartAceIndex > acl2.Count - 1 || acl2EndAceIndex > acl2.Count - 1)
{
//the caller has garenteeed the index calculation is correct so if any above condition hold,
//that means the range of the index is invalid
return true;
}
if (acl1EndAceIndex - acl1StartAceIndex != acl2EndAceIndex - acl2StartAceIndex)
{
result = false;
}
else
{
for (index1 = acl1StartAceIndex, index2 = acl2StartAceIndex; index1 <= acl1EndAceIndex; index1++, index2++)
{
if (!Utils.IsAceEqual(acl1[index1], acl2[index2]))
{
result = false;
break;
}
}
}
}
else if (null == acl1 && null == acl2)
{
}
else
result = false;
return result;
}
internal static int SetSecurityInfo(
ResourceType type,
string name,
SafeHandle handle,
SecurityInfos securityInformation,
SecurityIdentifier owner,
SecurityIdentifier group,
GenericAcl sacl,
GenericAcl dacl)
{
int errorCode;
int Length;
byte[] OwnerBinary = null, GroupBinary = null, SaclBinary = null, DaclBinary = null;
Privilege securityPrivilege = null;
//
// Demand unmanaged code permission
// The integrator layer is free to assert this permission
// and, in turn, demand another permission of its caller
//
new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand();
if (owner != null)
{
Length = owner.BinaryLength;
OwnerBinary = new byte[Length];
owner.GetBinaryForm(OwnerBinary, 0);
}
if (@group != null)
{
Length = @group.BinaryLength;
GroupBinary = new byte[Length];
@group.GetBinaryForm(GroupBinary, 0);
}
if (dacl != null)
{
Length = dacl.BinaryLength;
DaclBinary = new byte[Length];
dacl.GetBinaryForm(DaclBinary, 0);
}
if (sacl != null)
{
Length = sacl.BinaryLength;
SaclBinary = new byte[Length];
sacl.GetBinaryForm(SaclBinary, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != 0)
{
//
// Enable security privilege if trying to set a SACL.
// Note: even setting it by handle needs this privilege enabled!
//
securityPrivilege = new Privilege(Privilege.Security);
}
// Ensure that the finally block will execute
RuntimeHelpers.PrepareConstrainedRegions();
try
{
if (securityPrivilege != null)
{
try
{
securityPrivilege.Enable();
}
catch (PrivilegeNotHeldException)
{
// we will ignore this exception and press on just in case this is a remote resource
}
}
if (name != null)
{
errorCode = (int)NativeMethods.SetSecurityInfoByName(name, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
else if (handle != null)
{
if (handle.IsInvalid)
{
throw new ArgumentException("Invalid safe handle");
}
else
{
errorCode = (int)NativeMethods.SetSecurityInfoByHandle(handle, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
}
else
{
// both are null, shouldn't happen
throw new InvalidProgramException();
}
if (errorCode == NativeMethods.ERROR_NOT_ALL_ASSIGNED ||
errorCode == NativeMethods.ERROR_PRIVILEGE_NOT_HELD)
{
throw new PrivilegeNotHeldException(Privilege.Security);
}
else if (errorCode == NativeMethods.ERROR_ACCESS_DENIED ||
errorCode == NativeMethods.ERROR_CANT_OPEN_ANONYMOUS)
{
throw new UnauthorizedAccessException();
}
else if (errorCode != NativeMethods.ERROR_SUCCESS)
{
goto Error;
}
}
catch
{
// protection against exception filter-based luring attacks
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
throw;
}
finally
{
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
}
return(0);
Error:
if (errorCode == NativeMethods.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
return(errorCode);
}
public static Int32 SetSecurityInfo(ResourceType type, [NotNull] String name, SecurityInfos securityInformation,
[CanBeNull] SecurityIdentifier owner, [CanBeNull] SecurityIdentifier group, [CanBeNull] GenericAcl sacl, [CanBeNull] GenericAcl dacl)
{
name = name.ThrowIfBlank();
if (!Enum.IsDefined(enumType: typeof(ResourceType), type))
{
throw new InvalidEnumArgumentException(argumentName: nameof(type), invalidValue: ( Int32 )type, enumClass: typeof(ResourceType));
}
if (!Enum.IsDefined(enumType: typeof(SecurityInfos), securityInformation))
{
throw new InvalidEnumArgumentException(argumentName: nameof(securityInformation), invalidValue: ( Int32 )securityInformation,
enumClass: typeof(SecurityInfos));
}
Int32 errorCode;
Int32 Length;
Byte[] OwnerBinary = null, GroupBinary = null, SaclBinary = null, DaclBinary = null;
Privilege securityPrivilege = null;
// Demand unmanaged code permission
// The integrator layer is free to assert this permission and, in turn, demand another permission of its caller
new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand();
if (owner != null)
{
Length = owner.BinaryLength;
OwnerBinary = new Byte[Length];
owner.GetBinaryForm(OwnerBinary, 0);
}
if (group != null)
{
Length = group.BinaryLength;
GroupBinary = new Byte[Length];
group.GetBinaryForm(GroupBinary, 0);
}
if (dacl != null)
{
Length = dacl.BinaryLength;
DaclBinary = new Byte[Length];
dacl.GetBinaryForm(DaclBinary, 0);
}
if (sacl != null)
{
Length = sacl.BinaryLength;
SaclBinary = new Byte[Length];
sacl.GetBinaryForm(SaclBinary, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != 0)
{
// Enable security privilege if trying to set a SACL.
// Note: even setting it by handle needs this privilege enabled!
securityPrivilege = new Privilege(Privilege.Security);
}
// Ensure that the finally block will execute
RuntimeHelpers.PrepareConstrainedRegions();
try {
if (securityPrivilege != null)
{
try {
securityPrivilege.Enable();
}
catch (PrivilegeNotHeldException) {
// we will ignore this exception and press on just in case this is a remote resource
}
}
errorCode = ( Int32 )NativeMethods.SetSecurityInfoByName(name, ( UInt32 )type, ( UInt32 )securityInformation, OwnerBinary, GroupBinary, DaclBinary,
SaclBinary);
switch (errorCode)
{
case NativeMethods.ERROR_NOT_ALL_ASSIGNED:
case NativeMethods.ERROR_PRIVILEGE_NOT_HELD:
throw new PrivilegeNotHeldException(Privilege.Security);
case NativeMethods.ERROR_ACCESS_DENIED:
case NativeMethods.ERROR_CANT_OPEN_ANONYMOUS:
throw new UnauthorizedAccessException();
}
if (errorCode != NativeMethods.ERROR_SUCCESS)
{
goto Error;
}
}
catch {
// protection against exception filter-based luring attacks
securityPrivilege?.Revert();
throw;
}
finally {
securityPrivilege?.Revert();
}
return(0);
Error:
if (errorCode == NativeMethods.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
return(errorCode);
}
