Exemplo n.º 1
0
        /// <summary>
        /// Gets the security information of specified handle from file system
        /// </summary>
        /// <param name="sidHandle">Handle to get file security information</param>
        /// <returns><see cref="CommonObjectSecurity"/>Result</returns>
        private CommonObjectSecurity ReceiveFileSystemSecurityInformation(out IntPtr sidHandle)
        {
            var zeroHandle          = new IntPtr();
            var pSecurityDescriptor = new IntPtr();

            try
            {
                var namedSecInfoResult = Win32SafeNativeMethods.GetNamedSecurityInfo(PathInfo.FullNameUnc, Win32SecurityObjectType.SeFileObject,
                                                                                     Win32FileSystemEntrySecurityInformation.OwnerSecurityInformation | Win32FileSystemEntrySecurityInformation.DaclSecurityInformation,
                                                                                     out sidHandle, out zeroHandle, out zeroHandle, out zeroHandle, out pSecurityDescriptor);
                var win32Error = Marshal.GetLastWin32Error();
                // Cancel if call failed

                if (namedSecInfoResult != 0)
                {
                    NativeExceptionMapping(PathInfo.FullName, win32Error);
                }

                var securityDescriptorLength    = Win32SafeNativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor);
                var securityDescriptorDataArray = new byte[securityDescriptorLength];
                Marshal.Copy(pSecurityDescriptor, securityDescriptorDataArray, 0, (int)securityDescriptorLength);

                CommonObjectSecurity securityInfo;
                if (ContainsFileAttribute(PathInfo.Attributes, FileAttributes.Directory))
                {
                    securityInfo = new DirectorySecurity();
                    securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray);
                }
                else
                {
                    securityInfo = new System.Security.AccessControl.FileSecurity();
                    securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray);
                }

                return(securityInfo);
            }
            finally
            {
                Win32SafeNativeMethods.LocalFree(zeroHandle);
                Win32SafeNativeMethods.LocalFree(pSecurityDescriptor);
            }
        }
Exemplo n.º 2
0
        /// <summary>
        /// Copies the Access Control List (ACL) from one file to another and specify additional ACL rules on the destination file.
        /// </summary>
        /// <param name="pathToSourceFile">The path to the source file.</param>
        /// <param name="pathToDestinationFile">The path to the destination file.</param>
        /// <param name="additionalFileSystemAccessRules">An array of <see cref="FileSystemAccessRule"/>. The additional ACLs.</param>
        public static void CopyAccessControlList(string pathToSourceFile, string pathToDestinationFile, FileSystemAccessRule[] additionalFileSystemAccessRules)
        {
            if (additionalFileSystemAccessRules == null)
            {
                throw new ArgumentNullException("additionalFileSystemAccessRules");
            }

            CheckFilePathParameter("pathToSourceFile", pathToSourceFile);
            CheckFilePathParameter("pathToDestinationFile", pathToDestinationFile);
            FileSecurity sourceFileSecurity = File.GetAccessControl(pathToSourceFile);
            FileSecurity destinationFileSecurity = new FileSecurity();
            byte[] securityDescriptor = sourceFileSecurity.GetSecurityDescriptorBinaryForm();
            destinationFileSecurity.SetSecurityDescriptorBinaryForm(securityDescriptor);
            foreach (FileSystemAccessRule fileSystemAccessRule in additionalFileSystemAccessRules)
            {
                destinationFileSecurity.AddAccessRule(fileSystemAccessRule);
            }

            File.SetAccessControl(pathToDestinationFile, destinationFileSecurity);
        }
Exemplo n.º 3
0
        public static FileSecurity GetAccessControl(string path, AccessControlSections includeSections)
        {
            var normalizedPath = Path.NormalizeLongPath(Path.GetFullPath(path));

            IntPtr SidOwner, SidGroup, Dacl, Sacl, ByteArray;
            SecurityInfos SecurityInfos =
                Common.ToSecurityInfos(includeSections);

            int errorCode = (int)NativeMethods.GetSecurityInfoByName(normalizedPath,
                (uint)ResourceType.FileObject,
                (uint)SecurityInfos,
                out SidOwner,
                out SidGroup,
                out Dacl,
                out Sacl,
                out ByteArray);

            ThrowIfError(errorCode, ByteArray);

            uint Length = NativeMethods.GetSecurityDescriptorLength(ByteArray);

            byte[] BinaryForm = new byte[Length];

            Marshal.Copy(ByteArray, BinaryForm, 0, (int)Length);

            NativeMethods.LocalFree(ByteArray);
            var fs = new FileSecurity();
            fs.SetSecurityDescriptorBinaryForm(BinaryForm);
            return fs;
        }
Exemplo n.º 4
0
      public FileSecurity GetAccessControl()
      {
         IntPtr pSidOwner, pSidGroup, pDacl, pSacl;
         SafeGlobalMemoryBufferHandle pSecurityDescriptor;

         uint lastError = SecurityNativeMethods.GetSecurityInfo(SafeFileHandle, ObjectType.FileObject,
            SecurityInformation.Group | SecurityInformation.Owner | SecurityInformation.Label | SecurityInformation.Dacl | SecurityInformation.Sacl,
            out pSidOwner, out pSidGroup, out pDacl, out pSacl, out pSecurityDescriptor);

         try
         {
            if (lastError != Win32Errors.ERROR_SUCCESS)
               NativeError.ThrowException((int)lastError);

            if (pSecurityDescriptor.IsInvalid)
               throw new IOException(Resources.InvalidSecurityDescriptorReturnedFromSystem);

            uint length = SecurityNativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor);

            byte[] managedBuffer = new byte[length];

            // See File.GetAccessControlInternal(): .CopyTo() does not work there?
            pSecurityDescriptor.CopyTo(managedBuffer, 0, (int)length);

            FileSecurity fs = new FileSecurity();
            fs.SetSecurityDescriptorBinaryForm(managedBuffer);

            return fs;
         }
         finally
         {
            if (pSecurityDescriptor != null)
               pSecurityDescriptor.Close();
         }
      }
Exemplo n.º 5
0
 private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections)
 {
     byte[] securityDescriptorBinaryForm = sd.GetSecurityDescriptorBinaryForm();
     if (Directory.Exists(path))
     {
         DirectorySecurity directorySecurity = new DirectorySecurity();
         directorySecurity.SetSecurityDescriptorBinaryForm(securityDescriptorBinaryForm, sections);
         Directory.SetAccessControl(path, directorySecurity);
         base.WriteSecurityDescriptorObject(directorySecurity, path);
     }
     else
     {
         FileSecurity fileSecurity = new FileSecurity();
         fileSecurity.SetSecurityDescriptorBinaryForm(securityDescriptorBinaryForm, sections);
         File.SetAccessControl(path, fileSecurity);
         base.WriteSecurityDescriptorObject(fileSecurity, path);
     }
 }
Exemplo n.º 6
0
        /// <summary>
        /// Gets the security information of specified handle from file system
        /// </summary>
        /// <param name="sidHandle">Handle to get file security information</param>
        /// <returns><see cref="CommonObjectSecurity"/>Result</returns>
        private CommonObjectSecurity ReceiveFileSystemSecurityInformation(out IntPtr sidHandle)
        {
            var zeroHandle = new IntPtr();
            var pSecurityDescriptor = new IntPtr();

            try
            {
                var namedSecInfoResult = Win32SafeNativeMethods.GetNamedSecurityInfo(PathInfo.FullNameUnc, Win32SecurityObjectType.SeFileObject,
                    Win32FileSystemEntrySecurityInformation.OwnerSecurityInformation | Win32FileSystemEntrySecurityInformation.DaclSecurityInformation,
                    out sidHandle, out zeroHandle, out zeroHandle, out zeroHandle, out pSecurityDescriptor);
                var win32Error = Marshal.GetLastWin32Error();
                // Cancel if call failed

                if (namedSecInfoResult != 0)
                {
                    NativeExceptionMapping(PathInfo.FullName, win32Error);
                }

                var securityDescriptorLength = Win32SafeNativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor);
                var securityDescriptorDataArray = new byte[securityDescriptorLength];
                Marshal.Copy(pSecurityDescriptor, securityDescriptorDataArray, 0, (int)securityDescriptorLength);

                CommonObjectSecurity securityInfo;
                if (ContainsFileAttribute(PathInfo.Attributes, FileAttributes.Directory))
                {
                    securityInfo = new DirectorySecurity();
                    securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray);
                }
                else
                {
                    securityInfo = new System.Security.AccessControl.FileSecurity();
                    securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray);
                }

                return securityInfo;
            }
            finally
            {
                Win32SafeNativeMethods.LocalFree(zeroHandle);
                Win32SafeNativeMethods.LocalFree(pSecurityDescriptor);
            }
        }
Exemplo n.º 7
0
        } // SetSecurityDescriptor

        private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections)
        {
            var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE();
            byte[] securityDescriptorBinary = null;

            try
            {
                // Get the binary form of the descriptor.
                PlatformInvokes.EnableTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
                securityDescriptorBinary = sd.GetSecurityDescriptorBinaryForm();
            }
            finally
            {
                PlatformInvokes.RestoreTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
            }

            try
            {
                PlatformInvokes.EnableTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState);

                // Transfer it to the new file / directory.
                // We keep these two code branches so that we can have more 
                // granular information when we ouput the object type via 
                // WriteSecurityDescriptorObject.
                if (Directory.Exists(path))
                {
                    DirectorySecurity newDescriptor = new DirectorySecurity();
                    newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections);
                    new DirectoryInfo(path).SetAccessControl(newDescriptor);
                    WriteSecurityDescriptorObject(newDescriptor, path);
                }
                else
                {
                    FileSecurity newDescriptor = new FileSecurity();
                    newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections);
                    new FileInfo(path).SetAccessControl(newDescriptor);
                    WriteSecurityDescriptorObject(newDescriptor, path);
                }
            }
            finally
            {
                PlatformInvokes.RestoreTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState);
            }
        }