// FUNCTION: SetPrinterDACL
//
// PURPOSE: Applies DACL to specified printer
//
// RETURN VALUE: true or false
//
// COMMENTS:
static bool SetPrinterDACL(string szPrinterName, PACL pDacl)
{
var PrnDefs = new PRINTER_DEFAULTS
{
DesiredAccess = ACCESS_MASK.READ_CONTROL | ACCESS_MASK.WRITE_DAC
};
if (!OpenPrinter(szPrinterName, out var hPrinter, PrnDefs))
{
return(false);
}
using (hPrinter)
{
var NewSD = new SafePSECURITY_DESCRIPTOR();
if (!SetSecurityDescriptorDacl(NewSD, true, pDacl, false))
{
return(false);
}
if (!SetPrinter(hPrinter, new PRINTER_INFO_3 {
pSecurityDescriptor = NewSD
}))
{
return(false);
}
}
return(true);
}
/// <summary>Enumerates the ACEs in an ACL.</summary>
/// <param name="pAcl">A pointer to an ACL that contains the ACE to be retrieved.</param>
/// <returns>A sequence of PACE values from the ACL.</returns>
public static IEnumerable <PACE> EnumerateAces(this PACL pAcl)
{
for (var i = 0U; i < pAcl.AceCount(); i++)
{
yield return(GetAce(pAcl, i));
}
}
public static extern DWORD SetSecurityInfo(
HANDLE handle,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID psidOwner,
PSID psidGroup,
PACL pDacl,
PACL pSacl);
public static ACCESS_ALLOWED_ACE GetAce(PACL pAcl, int aceIndex)
{
if (AdvApi32.GetAce(pAcl, aceIndex, out var acePtr))
{
return((ACCESS_ALLOWED_ACE)Marshal.PtrToStructure((IntPtr)acePtr, typeof(ACCESS_ALLOWED_ACE)));
}
throw new System.ComponentModel.Win32Exception();
}
public static RawAcl RawAclFromPtr(PACL pAcl)
{
var len = GetAclSize(pAcl);
var dest = new byte[len];
Marshal.Copy((IntPtr)pAcl, dest, 0, (int)len);
return(new RawAcl(dest, 0));
}
public static extern DWORD SetNamedSecurityInfo(
LPCTSTR pObjectName, //REVIEW: Why is it documented as LPTSTR
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID psidOwner,
PSID psidGroup,
PACL pDacl,
PACL pSacl);
internal static extern DWORD GetSecurityInfo(
SafeFileHandle handle,
ObjectType objectType,
SecurityInformationClass infoClass,
PSID owner,
PSID group,
PACL dacl,
PACL sacl,
out PSECURITY_DESCRIPTOR securityDescriptor);
public static extern DWORD GetNamedSecurityInfo(
LPCTSTR pObjectName, //REVIEW: Why is it documented as LPTSTR
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
ref PSID ppsidOwner,
ref PSID ppsidGroup,
ref PACL ppDacl,
ref PACL ppSacl,
ref PSECURITY_DESCRIPTOR ppSecurityDescriptor);
public static extern DWORD GetSecurityInfo(
HANDLE handle,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
ref PSID ppsidOwner,
ref PSID ppsidGroup,
ref PACL ppDacl,
ref PACL ppSacl,
ref PSECURITY_DESCRIPTOR ppSecurityDescriptor);
public static ACL_SIZE_INFORMATION GetAclInfo(PACL pAcl)
{
var si = new ACL_SIZE_INFORMATION();
if (!GetAclInformation(pAcl, ref si, (uint)Marshal.SizeOf(si), ACL_INFORMATION_CLASS.AclSizeInformation))
{
throw new System.ComponentModel.Win32Exception();
}
return(si);
}
public static extern BOOL MakeAbsoluteSD(
PSECURITY_DESCRIPTOR pSelfRelativeSD,
PSECURITY_DESCRIPTOR pAbsoluteSD,
ref DWORD lpdwAbsoluteSDSize,
PACL pDacl,
ref DWORD lpdwDaclSize,
PACL pSacl,
ref DWORD lpdwSaclSize,
PSID pOwner,
ref DWORD lpdwOwnerSize,
PSID pPrimaryGroup,
ref DWORD lpdwPrimaryGroupSize
);
public static extern BOOL AddAce(PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength);
public static extern BOOL InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision);
public static extern BOOL SetSecurityDescriptorSacl( PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bSaclPresent, PACL pSacl, BOOL bSaclDefaulted );
public static extern BOOL AddAce(PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength);
/// <summary>Gets the <see cref="RawAcl"/> equivalent of an ACL.</summary> /// <param name="pAcl">The pointer to an ACL structure.</param> /// <returns>The <see cref="RawAcl"/> instance.</returns> public static RawAcl RawAclFromPtr(PACL pAcl) => new RawAcl(((IntPtr)pAcl).ToArray <byte>((int)pAcl.Length()), 0);
public static extern bool AddResourceAttributeAce(PACL pAcl, uint dwAceRevision, uint AceFlags, uint AccessMask, PSID pSid, ref CLAIM_SECURITY_ATTRIBUTES_INFORMATION pAttributeInfo, ref uint pReturnLength);
public static uint GetAceCount(this PACL pAcl) => pAcl.AceCount();
public static uint GetAceCount(PACL pAcl) => GetAclInfo(pAcl).AceCount;
public static extern DWORD GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, ref PSID ppsidOwner, ref PSID ppsidGroup, ref PACL ppDacl, ref PACL ppSacl, ref PSECURITY_DESCRIPTOR ppSecurityDescriptor);
public static extern DWORD SetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl);
public static extern DWORD GetNamedSecurityInfo( LPCTSTR pObjectName, //REVIEW: Why is it documented as LPTSTR SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, ref PSID ppsidOwner, ref PSID ppsidGroup, ref PACL ppDacl, ref PACL ppSacl, ref PSECURITY_DESCRIPTOR ppSecurityDescriptor);
public static uint GetAclSize(PACL pAcl) => pAcl.Length();
public static uint GetAclSize(PACL pAcl) => GetAclInfo(pAcl).AclBytesInUse;
public static extern bool AddScopedPolicyIDAce(PACL pAcl, uint dwAceRevision, uint AceFlags, uint AccessMask, PSID pSid);
/// <summary>Gets the number of ACEs held by an ACL.</summary> /// <param name="pACL">The pointer to the ACL structure to query.</param> /// <returns>The ace count.</returns> public static uint AceCount(this PACL pACL) => IsValidAcl(pACL) && GetAclInformation(pACL, out ACL_SIZE_INFORMATION si) ? si.AceCount : 0;
public static extern BOOL InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision);
/// <summary>Validates an access control list (ACL).</summary> /// <param name="pAcl">The pointer to the ACL structure to query.</param> /// <returns><c>true</c> if the ACL is valid; otherwise, <c>false</c>.</returns> public static bool IsValidAcl(this PACL pAcl) => IsValidAcl(pAcl);
public static extern BOOL GetSecurityDescriptorSacl(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
out BOOL lpbSaclPresent,
ref PACL pSacl, // By ref, because if "present" == false, value is unchanged
out BOOL lpbSaclDefaulted
);
/// <summary>Gets the size, in bytes, of an ACL. If the ACL is not valid, 0 is returned.</summary> /// <param name="pACL">The pointer to the ACL structure to query.</param> /// <returns>The size, in bytes, of an ACL. If the ACL is not valid, 0 is returned.</returns> public static uint Length(this PACL pACL) => IsValidAcl(pACL) && GetAclInformation(pACL, out ACL_SIZE_INFORMATION si) ? si.AclBytesInUse : 0;
public static extern BOOL SetSecurityDescriptorSacl(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
BOOL bSaclPresent,
PACL pSacl,
BOOL bSaclDefaulted
);
/// <summary>The <c>GetAce</c> function obtains a pointer to an access control entry (ACE) in an access control list (ACL).</summary>
/// <param name="pAcl">A pointer to an ACL that contains the ACE to be retrieved.</param>
/// <param name="aceIndex">
/// The index of the ACE to be retrieved. A value of zero corresponds to the first ACE in the ACL, a value of one to the second ACE,
/// and so on.
/// </param>
/// <returns>A pointer to the ACE.</returns>
public static PACE GetAce(this PACL pAcl, uint aceIndex)
{
Win32Error.ThrowLastErrorIfFalse(AdvApi32.GetAce(pAcl, aceIndex, out var acePtr));
return(acePtr);
}
/// <summary>Gets the total number of bytes allocated to the ACL.</summary> /// <param name="pACL">The pointer to the ACL structure to query.</param> /// <returns>The total of the free and used bytes in the ACL.</returns> public static uint BytesAllocated(this PACL pACL) => IsValidAcl(pACL) && GetAclInformation(pACL, out ACL_SIZE_INFORMATION si) ? si.AclBytesFree + si.AclBytesInUse : 0;
public static extern BOOL GetSecurityDescriptorSacl( PSECURITY_DESCRIPTOR pSecurityDescriptor, out BOOL lpbSaclPresent, ref PACL pSacl, // By ref, because if "present" == false, value is unchanged out BOOL lpbSaclDefaulted );
public override INHERITED_FROM[] GetInheritSource(string objName, string serverName, bool isContainer, uint si, PACL pAcl)
{
// Get list of all parents
//var obj = SecuredObject.GetKnownObject(Windows.Forms.AccessControlEditorDialog.TaskResourceType, objName, serverName);
//var parents = new System.Collections.Generic.List<object>();
//var folder = obj.GetPropertyValue(isContainer ? "Parent" : "Folder");
//while (folder != null)
//{
// parents.Add(folder);
// folder = folder.GetPropertyValue("Parent");
//}
// For each ACE, walk up list of lists of parents to determine if there's a matching one.
// var acl = RawAclFromPtr(pAcl);
// for (int i = 0; i < acl.Count; i++) { }
return(new INHERITED_FROM[pAcl.GetAceCount()]);
}
internal static extern DWORD GetSecurityInfo(
SafeFileHandle handle,
ObjectType objectType,
SecurityInformationClass infoClass,
PSID owner,
PSID group,
PACL dacl,
PACL sacl,
out PSECURITY_DESCRIPTOR securityDescriptor);
/// <summary>
/// Determines the source of inherited access control entries (ACEs) in discretionary access
/// control lists (DACLs) and system access control lists (SACLs).
/// </summary>
/// <param name="objName">Name of the object.</param>
/// <param name="serverName">Name of the server.</param>
/// <param name="isContainer">If set to <c>true</c> object is a container.</param>
/// <param name="si">
/// The object-related security information being queried. See SECURITY_INFORMATION type in
/// Windows documentation.
/// </param>
/// <param name="pAcl">A pointer to the ACL.</param>
/// <returns>
/// An array of <see cref="INHERITED_FROM"/> structures. The length of this array is the
/// same as the number of ACEs in the ACL referenced by pACL. Each <see
/// cref="INHERITED_FROM"/> entry provides inheritance information for the corresponding
/// ACE entry in pACL.
/// </returns>
public virtual INHERITED_FROM[] GetInheritSource(string objName, string serverName, bool isContainer, uint si, PACL pAcl)
{
var gMap = GetGenericMapping(0);
return(GetInheritanceSource(objName, ResourceType, (SECURITY_INFORMATION)si, isContainer, pAcl, ref gMap).ToArray());
}
public override INHERITED_FROM[] GetInheritSource(string objName, string serverName, bool isContainer, uint si, PACL pAcl)
{
var ret = base.GetInheritSource(objName, serverName, isContainer, si, pAcl);
for (var i = 0; i < ret.Length; i++)
{
if (ret[i].GenerationGap == -1)
{
var idx = objName.StartsWith(@"\\") ? 1 : 0;
var parts = objName.TrimStart('\\').Split('\\');
if (parts.Length > idx)
{
ret[i].AncestorName = parts[idx].Replace("HKEY_", "");
}
}
}
return(ret);
}
public static extern BOOL MakeAbsoluteSD( PSECURITY_DESCRIPTOR pSelfRelativeSD, PSECURITY_DESCRIPTOR pAbsoluteSD, ref DWORD lpdwAbsoluteSDSize, PACL pDacl, ref DWORD lpdwDaclSize, PACL pSacl, ref DWORD lpdwSaclSize, PSID pOwner, ref DWORD lpdwOwnerSize, PSID pPrimaryGroup, ref DWORD lpdwPrimaryGroupSize );
