/// <summary>
/// Add an access denied ACE to the DACL
/// </summary>
/// <param name="mask">The access mask</param>
/// <param name="sid">The SID in SDDL form</param>
public void AddAccessDeniedAce(AccessMask mask, string sid)
{
AddAccessDeniedAceInternal(mask, AceFlags.None, sid);
}
/// <summary>
/// Add an access allowed ace to the ACL
/// </summary>
/// <param name="mask">The ACE access mask</param>
/// <param name="sid">The ACE SID</param>
public void AddAccessAllowedAce(AccessMask mask, string sid)
{
AddAccessAllowedAce(mask, AceFlags.None, sid);
}
/// <summary>
/// Add an access denied ace to the ACL
/// </summary>
/// <param name="mask">The ACE access mask</param>
/// <param name="flags">The ACE flags</param>
/// <param name="sid">The ACE SID</param>
public void AddAccessDeniedAce(AccessMask mask, AceFlags flags, Sid sid)
{
Add(new Ace(AceType.Denied, flags, mask, sid));
}
/// <summary> /// Duplicate object. /// </summary> /// <param name="access_rights">Access rights to duplicate with.</param> /// <param name="flags">Attribute flags.</param> /// <param name="options">Duplicate options</param> /// <param name="throw_on_error">True to throw an exception on error.</param> /// <returns>The duplicated object.</returns> public abstract NtResult <NtObject> DuplicateObject(AccessMask access_rights, AttributeFlags flags, DuplicateObjectOptions options, bool throw_on_error);
/// <summary>
/// Duplicate object with specific access rights.
/// </summary>
/// <param name="access_rights">Access rights to duplicate with.</param>
/// <returns>The duplicated object.</returns>
public NtObject DuplicateObject(AccessMask access_rights)
{
return(DuplicateObject(access_rights, AttributeFlags.None, DuplicateObjectOptions.None, true).Result);
}
public static extern NtStatus NtOpenPartition(
out SafeKernelObjectHandle PartitionHandle,
AccessMask DesiredAccess,
[In] ObjectAttributes ObjectAttributes
);
/// <summary>
/// Open an NT object with a specified type.
/// </summary>
/// <param name="typename">The name of the type to open (e.g. Event). If null the method will try and lookup the appropriate type.</param>
/// <param name="path">The path to the object to open.</param>
/// <param name="root">A root directory to open from.</param>
/// <param name="access">Generic access rights to the object.</param>
/// <param name="attributes">Attributes to open the object.</param>
/// <param name="security_quality_of_service">Security quality of service.</param>
/// <returns>The opened object.</returns>
/// <exception cref="NtException">Thrown if an error occurred opening the object.</exception>
public static NtObject OpenWithType(string typename, string path, NtObject root,
AttributeFlags attributes, AccessMask access, SecurityQualityOfService security_quality_of_service)
{
return(OpenWithType(typename, path, root, attributes, access, security_quality_of_service, true).Result);
}
/// <summary>
/// Convert an enumerable access rights to a string
/// </summary>
/// <param name="container">True to use the container access type.</param>
/// <param name="granted_access">The granted access mask.</param>
/// <param name="map_to_generic">True to try and convert to generic rights where possible.</param>
/// <returns>The string format of the access rights</returns>
public string AccessMaskToString(bool container, AccessMask granted_access, bool map_to_generic)
{
return(AccessMaskToString(container, granted_access, map_to_generic, false));
}
/// <summary>
/// Convert an enumerable access rights to a string
/// </summary>
/// <param name="granted_access">The granted access mask.</param>
/// <param name="map_to_generic">True to try and convert to generic rights where possible.</param>
/// <returns>The string format of the access rights</returns>
public string AccessMaskToString(AccessMask granted_access, bool map_to_generic)
{
return(NtSecurity.AccessMaskToString(granted_access, AccessRightsType, GenericMapping, map_to_generic));
}
/// <summary>
/// Duplicate object.
/// </summary>
/// <param name="access_rights">Access rights to duplicate with.</param>
/// <param name="flags">Attribute flags.</param>
/// <param name="options">Duplicate options</param>
/// <param name="throw_on_error">True to throw an exception on error.</param>
/// <returns>The duplicated object.</returns>
public sealed override NtResult <NtObject> DuplicateObject(AccessMask access_rights, AttributeFlags flags, DuplicateObjectOptions options, bool throw_on_error)
{
return(Duplicate(access_rights.ToSpecificAccess <A>(), flags, options, throw_on_error).Cast <NtObject>());
}
/// <summary>
/// Convert an enumerable access rights to a string
/// </summary>
/// <param name="container">True to use the container access type.</param>
/// <param name="granted_access">The granted access mask.</param>
/// <param name="map_to_generic">True to try and convert to generic rights where possible.</param>
/// <param name="sdk_names">Set to true to use SDK style names.</param>
/// <returns>The string format of the access rights</returns>
public string AccessMaskToString(bool container, AccessMask granted_access, bool map_to_generic, bool sdk_names)
{
return(NtSecurity.AccessMaskToString(granted_access, container ? ContainerAccessRightsType : AccessRightsType,
GenericMapping, map_to_generic, sdk_names));
}
/// <summary>
/// Open an NT object with a specified type.
/// </summary>
/// <param name="typename">The name of the type to open (e.g. Event). If null the method will try and lookup the appropriate type.</param>
/// <param name="path">The path to the object to open.</param>
/// <param name="root">A root directory to open from.</param>
/// <param name="access">Generic access rights to the object.</param>
/// <returns>The opened object.</returns>
/// <exception cref="NtException">Thrown if an error occurred opening the object.</exception>
/// <exception cref="ArgumentException">Thrown if type of resource couldn't be found.</exception>
public static NtObject OpenWithType(string typename, string path, NtObject root, AccessMask access)
{
if (typename == null)
{
typename = NtDirectory.GetDirectoryEntryType(path, root);
if (typename == null)
{
throw new ArgumentException(String.Format("Can't find type for path {0}", path));
}
}
NtType type = NtType.GetTypeByName(typename, false);
if (type != null && type.CanOpen)
{
return(type.Open(path, root, access));
}
else
{
throw new ArgumentException(String.Format("Can't open type {0}", typename));
}
}
/// <summary>
/// Convert an enumerable access rights to a string
/// </summary>
/// <param name="granted_access">The granted access mask.</param>
/// <param name="map_to_generic">True to try and convert to generic rights where possible.</param>
/// <returns>The string format of the access rights</returns>
public string AccessMaskToString(AccessMask granted_access, bool map_to_generic)
{
return(NtObjectUtils.GrantedAccessAsString(granted_access, GenericMapping, AccessRightsType, map_to_generic));
}
/// <summary>
/// Add an access denied ACE to the DACL
/// </summary>
/// <param name="mask">The access mask</param>
/// <param name="flags">The ACE flags</param>
/// <param name="sid">The SID</param>
public void AddAccessDeniedAce(AccessMask mask, AceFlags flags, Sid sid)
{
AddAccessDeniedAceInternal(mask, flags, sid);
}
internal static NtResult <NtObject> FromName(ObjectAttributes object_attributes, AccessMask desired_access, bool throw_on_error)
{
return(Open(object_attributes, desired_access.ToSpecificAccess <MemoryPartitionAccessRights>(), throw_on_error).Cast <NtObject>());
}
/// <summary>
/// Convert an enumerable access rights to a string
/// </summary>
/// <param name="granted_access">The granted access mask.</param>
/// <returns>The string format of the access rights</returns>
public string AccessMaskToString(AccessMask granted_access)
{
return(AccessMaskToString(granted_access, false));
}
public static extern NtStatus NtCreatePartition(
out SafeKernelObjectHandle PartitionHandle,
AccessMask DesiredAccess,
[In] ObjectAttributes ObjectAttributes,
int PreferredNode
);
/// <summary>
/// Checks if an access mask represents a read permission on this type
/// </summary>
/// <param name="access_mask">The access mask to check</param>
/// <returns>True if it has read permissions</returns>
public bool HasReadPermission(AccessMask access_mask)
{
return(GenericMapping.HasRead(access_mask));
}
/// <summary>
/// Duplicate a handle from and to the current process to a new handle with new access rights.
/// </summary>
/// <param name="src_handle">The source handle to duplicate</param>
/// <param name="access_rights">The access for the new handle.</param>
/// <returns>The duplicated handle.</returns>
internal static SafeKernelObjectHandle DuplicateHandle(SafeKernelObjectHandle src_handle, AccessMask access_rights)
{
return(DuplicateHandle(src_handle, NtProcess.Current, access_rights, DuplicateObjectOptions.None));
}
/// <summary>
/// Checks if an access mask represents a execute permission on this type
/// </summary>
/// <param name="access_mask">The access mask to check</param>
/// <returns>True if it has execute permissions</returns>
public bool HasExecutePermission(AccessMask access_mask)
{
return(GenericMapping.HasExecute(access_mask));
}
/// <summary>
/// Open an NT object with a specified type.
/// </summary>
/// <param name="typename">The name of the type to open (e.g. Event). If null the method will try and lookup the appropriate type.</param>
/// <param name="path">The path to the object to open.</param>
/// <param name="root">A root directory to open from.</param>
/// <param name="access">Generic access rights to the object.</param>
/// <returns>The opened object.</returns>
/// <exception cref="NtException">Thrown if an error occurred opening the object.</exception>
/// <exception cref="ArgumentException">Thrown if type of resource couldn't be found.</exception>
public static NtObject OpenWithType(string typename, string path, NtObject root, AccessMask access)
{
return(OpenWithType(typename, path, root, AttributeFlags.CaseInsensitive, access, null, true).Result);
}
/// <summary>
/// Checks if an access mask represents a full permission on this type
/// </summary>
/// <param name="access_mask">The access mask to check</param>
/// <returns>True if it has full permissions</returns>
public bool HasFullPermission(AccessMask access_mask)
{
return(GenericMapping.HasAll(access_mask));
}
/// <summary>
/// Duplicate object.
/// </summary>
/// <param name="access_rights">Access rights to duplicate with.</param>
/// <param name="flags">Attribute flags.</param>
/// <param name="options">Duplicate options</param>
/// <returns>The duplicated object.</returns>
public NtObject DuplicateObject(AccessMask access_rights, AttributeFlags flags, DuplicateObjectOptions options)
{
return(DuplicateObject(access_rights, flags, options, true).Result);
}
/// <summary>
/// Unmap specific access rights to generic access rights for this type
/// </summary>
/// <param name="access_mask">The access mask to unmap</param>
/// <returns>The unmapped access mask</returns>
public AccessMask UnmapGenericRights(AccessMask access_mask)
{
return(GenericMapping.UnmapMask(access_mask));
}
/// <summary>
/// Check if access is granted to a set of rights
/// </summary>
/// <param name="access">The access rights to check</param>
/// <returns>True if all the access rights are granted</returns>
public bool IsAccessMaskGranted(AccessMask access)
{
return(GrantedAccessMask.IsAllAccessGranted(access));
}
/// <summary>
/// Checks if an access mask is valid for access of this object type.
/// </summary>
/// <param name="access_mask">The access mask to check</param>
/// <returns>True if it valid access</returns>
public bool IsValidAccess(AccessMask access_mask)
{
return((GenericMapping.MapMask(access_mask) & ~ValidAccess).IsEmpty);
}
/// <summary>
/// Add an access denied ace to the ACL
/// </summary>
/// <param name="mask">The ACE access mask</param>
/// <param name="flags">The ACE flags</param>
/// <param name="sid">The ACE SID</param>
public void AddAccessDeniedAce(AccessMask mask, AceFlags flags, string sid)
{
Add(new Ace(AceType.Denied, flags, mask, new Sid(sid)));
}
/// <summary>
/// Get a fake type object. This can be used in access checking for operations which need an NtType object
/// but there's no real NT object.
/// </summary>
/// <param name="name">The name of the fake type. Informational only.</param>
/// <param name="generic_read">The GENERIC_READ for security checking.</param>
/// <param name="generic_write">The GENERIC_WRITE for security checking.</param>
/// <param name="generic_exec">The GENERIC_EXECUTE for security checking.</param>
/// <param name="generic_all">The GENERIC_ALL for security checking.</param>
/// <param name="access_rights_type">The access rights enumeration type.</param>
/// <returns>The fake NT type object.</returns>
public static NtType GetFakeType(string name, AccessMask generic_read, AccessMask generic_write,
AccessMask generic_exec, AccessMask generic_all, Type access_rights_type)
{
return(GetFakeType(name, generic_read, generic_write, generic_exec, generic_all, access_rights_type, access_rights_type));
}
/// <summary>
/// Add an access denied ace to the ACL
/// </summary>
/// <param name="mask">The ACE access mask</param>
/// <param name="sid">The ACE SID</param>
public void AddAccessDeniedAce(AccessMask mask, Sid sid)
{
AddAccessDeniedAce(mask, AceFlags.None, sid);
}
/// <summary>
/// Add an access allowed ACE to the DACL
/// </summary>
/// <param name="mask">The access mask</param>
/// <param name="sid">The SID</param>
public void AddAccessAllowedAce(AccessMask mask, Sid sid)
{
AddAccessAllowedAceInternal(mask, AceFlags.None, sid);
}
