private static byte[] GetBytes(System.Security.Principal.SecurityIdentifier si)
{
var b = new byte[si.BinaryLength];
si.GetBinaryForm(b, 0);
return(b);
}
public void SecurityIdentifierExtensions_GetBinaryForm_Test1()
{
SecurityIdentifier sid = new SecurityIdentifier("S-1-5-21-3180365339-800773672-3767752645-500");
byte[] binary = sid.GetBinaryForm();
SecurityIdentifier sid2 = new SecurityIdentifier(binary, 0);
Assert.AreEqual(sid, sid2);
}
private void CheckStringCtor (string strValue, byte[] expectedBinary)
{
SecurityIdentifier sid = new SecurityIdentifier (strValue);
byte[] buffer = new byte[sid.BinaryLength];
sid.GetBinaryForm (buffer, 0);
Assert.AreEqual (expectedBinary.Length, buffer.Length, "SID length mismatch");
Assert.AreEqual (expectedBinary, buffer, "SIDs different in binary form");
}
public static bool ConvertStringSidToSid (string StringSid, out IntPtr ptrSid)
{
unsafe {
var ident = new SecurityIdentifier (StringSid);
byte[] pSID = new byte[ident.BinaryLength];
ident.GetBinaryForm (pSID, 0);
ptrSid = GCHandle.ToIntPtr (GCHandle.Alloc (pSID));
}
return true;
}
// use this for binding string...
internal static string SecurityIdentifierToLdapHexBindingString(SecurityIdentifier sid)
{
byte[] sidB = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidB, 0);
StringBuilder stringizedBinarySid = new StringBuilder();
foreach (byte b in sidB)
{
stringizedBinarySid.Append(b.ToString("x2", CultureInfo.InvariantCulture));
}
return stringizedBinarySid.ToString();
}
//work around way to create a new userProxyFull object
public static void CreateProxy(string server, string path, string name, SecurityIdentifier sid)
{
var sidInBytes = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidInBytes, 0);
var ouDE = new DirectoryEntry(string.Format("LDAP://{0}/{1}", server, path));
var proxyDE = ouDE.Children.Add(String.Format("CN={0}", name), "userProxyFull");
proxyDE.Properties["objectSid"].Clear();
proxyDE.Properties["objectSid"].Value = sidInBytes;
proxyDE.Properties["userPrincipalName"].Value = name;
proxyDE.CommitChanges();
}
//work around way to create a new userProxyFull object
public static UserProxyFullPrincipal CreateProxy(PrincipalContext context, string name, SecurityIdentifier sid)
{
var sidInBytes = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidInBytes, 0);
var ouDE = new DirectoryEntry(string.Format("LDAP://{0}/{1}", context.ConnectedServer, context.Container));
var proxyDE = ouDE.Children.Add(String.Format("CN={0}", name), "userProxyFull");
proxyDE.Properties["objectSid"].Clear();
proxyDE.Properties["objectSid"].Value = sidInBytes;
proxyDE.Properties["userPrincipalName"].Value = name;
proxyDE.CommitChanges();
return FindByIdentity(context, name);
}
private static object[] CommonAce_CreateTestData(int intFlags, int intQualifier, int accessMask, string stringsid, bool isCallback, int opaqueLength, int offset)
{
AceFlags flags = (AceFlags)intFlags;
AceQualifier qualifier = (AceQualifier)intQualifier;
SecurityIdentifier sid = new SecurityIdentifier(stringsid);
byte[] opaque = new byte[opaqueLength];
CommonAce ace = new CommonAce(flags, qualifier, accessMask, sid, isCallback, opaque);
Assert.Equal(flags, ace.AceFlags);
Assert.Equal(accessMask, ace.AccessMask);
Assert.Equal(sid, ace.SecurityIdentifier);
Assert.Equal(opaque, ace.GetOpaque());
Assert.Equal(qualifier, ace.AceQualifier);
Assert.Equal(isCallback, ace.IsCallback);
byte[] binaryForm = new byte[ace.BinaryLength + offset];
switch (qualifier)
{
case AceQualifier.AccessAllowed:
binaryForm[offset + 0] = isCallback ? (byte)AceType.AccessAllowedCallback : (byte)AceType.AccessAllowed;
break;
case AceQualifier.AccessDenied:
binaryForm[offset + 0] = isCallback ? (byte)AceType.AccessDeniedCallback : (byte)AceType.AccessDenied;
break;
case AceQualifier.SystemAudit:
binaryForm[offset + 0] = isCallback ? (byte)AceType.SystemAuditCallback : (byte)AceType.SystemAudit;
break;
case AceQualifier.SystemAlarm:
binaryForm[offset + 0] = isCallback ? (byte)AceType.SystemAlarmCallback : (byte)AceType.SystemAlarm;
break;
default:
return null;
}
binaryForm[offset + 1] = (byte)flags;
binaryForm[offset + 2] = (byte)(ace.BinaryLength >> 0);
binaryForm[offset + 3] = (byte)(ace.BinaryLength >> 8);
int baseOffset = offset + 4;
int offsetLocal = 0;
binaryForm[baseOffset + 0] = (byte)(accessMask >> 0);
binaryForm[baseOffset + 1] = (byte)(accessMask >> 8);
binaryForm[baseOffset + 2] = (byte)(accessMask >> 16);
binaryForm[baseOffset + 3] = (byte)(accessMask >> 24);
offsetLocal += 4;
sid.GetBinaryForm(binaryForm, baseOffset + offsetLocal);
offsetLocal += sid.BinaryLength;
opaque.CopyTo(binaryForm, baseOffset + offsetLocal);
return new object[] { ace, binaryForm, offset };
}
public static string EncodeSidToString(string sid)
{
try
{
var realsid = new System.Security.Principal.SecurityIdentifier(sid);
var bytesid = new byte[realsid.BinaryLength];
realsid.GetBinaryForm(bytesid, 0);
return("\\" + BitConverter.ToString(bytesid).Replace("-", "\\"));
}
catch (ArgumentException)
{
Trace.WriteLine("Unable to encode " + sid);
throw;
}
}
//creates Everyone,Full, inherit security descriptor
private ManagementObject SecurityDescriptor()
{
SecurityIdentifier sec = new SecurityIdentifier(System.Security.Principal.WellKnownSidType.WorldSid, null);
byte[] sidArray = new byte[sec.BinaryLength];
sec.GetBinaryForm(sidArray, 0);
ManagementObject Trustee = new ManagementClass(new ManagementPath("Win32_Trustee"), null);
Trustee["Domain"] = "NT Authority";
Trustee["Name"] = "Everyone";
Trustee["SID"] = sidArray;
ManagementObject ACE = new ManagementClass(new ManagementPath("Win32_Ace"), null);
ACE["AccessMask"] = 2032127; // 0x1f01ff Full Access
ACE["AceFlags"] = 3; //Non-container and container child objects to inherit ace
ACE["AceType"] = 0; //defines access allowed (1 would be defining access denied
ACE["Trustee"] = Trustee;
ManagementObject SecDesc = new ManagementClass(new ManagementPath("Win32_SecurityDescriptor"), null);
SecDesc["ControlFlags"] = 4; //SE_DACL_present
SecDesc["DACL"] = new object[] { ACE };
return SecDesc;
}
public static bool CreateUncShare(string shareName, string localPath)
{
ManagementScope scope = new System.Management.ManagementScope(@"root\CIMV2");
scope.Connect();
using (ManagementClass managementClass = new ManagementClass(scope, new ManagementPath("Win32_Share"), (ObjectGetOptions) null))
{
SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.WorldSid, (SecurityIdentifier) null);
byte[] binaryForm = new byte[securityIdentifier.BinaryLength];
securityIdentifier.GetBinaryForm(binaryForm, 0);
using (ManagementObject wmiTrustee = new ManagementClass(scope, new ManagementPath("Win32_Trustee"), (ObjectGetOptions) null).CreateInstance())
{
wmiTrustee["SID"] = (object) binaryForm;
using (ManagementObject wmiACE = new ManagementClass(scope, new ManagementPath("Win32_ACE"), (ObjectGetOptions) null).CreateInstance())
{
wmiACE["AccessMask"] = 131241; //READ_CONTROL | FILE_READ | FILE_TRAVERSE | FILE_READ_EA | FILE_LIST_DIRECTORY
wmiACE["AceFlags"] = 3; //OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE
wmiACE["AceType"] = 0; //ACCESS_ALLOWED
wmiACE["Trustee"] = wmiTrustee;
using (ManagementObject wmiSecurityDescriptor = new ManagementClass(scope, new ManagementPath("Win32_SecurityDescriptor"), (ObjectGetOptions) null).CreateInstance())
{
wmiSecurityDescriptor["ControlFlags"] = 4;
wmiSecurityDescriptor["DACL"] = new ManagementObject[] { wmiACE };
using (ManagementBaseObject inParamsCreate = managementClass.GetMethodParameters("Create"))
{
inParamsCreate["Access"] = wmiSecurityDescriptor;
inParamsCreate["Path"] = localPath;
inParamsCreate["Name"] = shareName;
inParamsCreate["Type"] = 0;
inParamsCreate["Description"] = "TVServerXBMC share";
using (ManagementBaseObject outParams = managementClass.InvokeMethod("Create", inParamsCreate, (InvokeMethodOptions) null))
return ((int) (uint) outParams["returnValue"] == 0);
}
}
}
}
}
}
//
// Wrapper around advapi32.IsWellKnownSid
//
internal static bool IsWellKnownSid(
SecurityIdentifier sid,
WellKnownSidType type
)
{
byte[] BinaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(BinaryForm, 0);
if (FALSE == Interop.mincore.IsWellKnownSid(BinaryForm, (int)type))
{
return false;
}
else
{
return true;
}
}
//
// Wrapper around avdapi32.GetWindowsAccountDomainSid
//
internal static int GetWindowsAccountDomainSid(
SecurityIdentifier sid,
out SecurityIdentifier resultSid
)
{
//
// Passing an array as big as it can ever be is a small price to pay for
// not having to P/Invoke twice (once to get the buffer, once to get the data)
//
byte[] BinaryForm = new Byte[sid.BinaryLength];
sid.GetBinaryForm(BinaryForm, 0);
uint sidLength = (uint)SecurityIdentifier.MaxBinaryLength;
byte[] resultSidBinary = new byte[sidLength];
if (FALSE != Interop.mincore.GetWindowsAccountDomainSid(BinaryForm, resultSidBinary, ref sidLength))
{
resultSid = new SecurityIdentifier(resultSidBinary, 0);
return Interop.mincore.Errors.ERROR_SUCCESS;
}
else
{
resultSid = null;
return Marshal.GetLastWin32Error();
}
}
//
// Wrapper around advapi32.EqualDomainSid
//
internal static bool IsEqualDomainSid(SecurityIdentifier sid1, SecurityIdentifier sid2)
{
if (sid1 == null || sid2 == null)
{
return false;
}
else
{
bool result;
byte[] BinaryForm1 = new Byte[sid1.BinaryLength];
sid1.GetBinaryForm(BinaryForm1, 0);
byte[] BinaryForm2 = new Byte[sid2.BinaryLength];
sid2.GetBinaryForm(BinaryForm2, 0);
return (Interop.mincore.IsEqualDomainSid(BinaryForm1, BinaryForm2, out result) == FALSE ? false : result);
}
}
internal unsafe bool TemplateT_SID(
ref EventDescriptor eventDescriptor,
SecurityIdentifier Prop_SID
)
{
int argumentCount = 1;
bool status = true;
if (IsEnabled(eventDescriptor.Level, eventDescriptor.Keywords))
{
byte* userData = stackalloc byte[sizeof(EventData) * argumentCount];
EventData* userDataPtr = (EventData*)userData;
byte [] Prop_SIDBin = new byte[Prop_SID.BinaryLength];
Prop_SID.GetBinaryForm(Prop_SIDBin, 0);
userDataPtr[0].Size = (uint)(Prop_SID.BinaryLength);
fixed (byte* a0 = Prop_SIDBin)
{
userDataPtr[0].DataPointer = (ulong)a0;
status = WriteEvent(ref eventDescriptor, argumentCount, (IntPtr)(userData));
}
}
return status;
}
private static object[] ObjectAce_CreateTestData(int intFlags, int intQualifier, int accessMask, string stringsid, int intObjectAceFlags, string stringType, string stringInheritedType, bool isCallback, int opaqueLength, int offset)
{
AceFlags aceFlags = (AceFlags)intFlags;
AceQualifier qualifier = (AceQualifier)intQualifier;
SecurityIdentifier sid = new SecurityIdentifier(stringsid);
ObjectAceFlags flags = (ObjectAceFlags)intObjectAceFlags;
Guid type = new Guid(stringType);
Guid inheritedType = new Guid(stringInheritedType);
byte[] opaque = new byte[opaqueLength];
ObjectAce ace = new ObjectAce(aceFlags, qualifier, accessMask, sid, flags, type, inheritedType, isCallback, opaque);
VerifyObjectAce(ace, aceFlags, qualifier, accessMask, sid, flags, type, inheritedType, isCallback, opaque);
byte[] binaryForm = new byte[ace.BinaryLength + offset];
switch (qualifier)
{
case AceQualifier.AccessAllowed:
binaryForm[offset + 0] = isCallback ? (byte)AceType.AccessAllowedCallbackObject : (byte)AceType.AccessAllowedObject;
break;
case AceQualifier.AccessDenied:
binaryForm[offset + 0] = isCallback ? (byte)AceType.AccessDeniedCallbackObject : (byte)AceType.AccessDeniedObject;
break;
case AceQualifier.SystemAudit:
binaryForm[offset + 0] = isCallback ? (byte)AceType.SystemAuditCallbackObject : (byte)AceType.SystemAuditObject;
break;
case AceQualifier.SystemAlarm:
binaryForm[offset + 0] = isCallback ? (byte)AceType.SystemAlarmCallbackObject : (byte)AceType.SystemAlarmObject;
break;
default:
return null;
}
binaryForm[offset + 1] = (byte)aceFlags;
binaryForm[offset + 2] = (byte)(ace.BinaryLength >> 0);
binaryForm[offset + 3] = (byte)(ace.BinaryLength >> 8);
int baseOffset = offset + 4;
int offsetLocal = 0;
binaryForm[baseOffset + 0] = (byte)(accessMask >> 0);
binaryForm[baseOffset + 1] = (byte)(accessMask >> 8);
binaryForm[baseOffset + 2] = (byte)(accessMask >> 16);
binaryForm[baseOffset + 3] = (byte)(accessMask >> 24);
offsetLocal += 4;
binaryForm[baseOffset + offsetLocal + 0] = (byte)(((uint)flags) >> 0);
binaryForm[baseOffset + offsetLocal + 1] = (byte)(((uint)flags) >> 8);
binaryForm[baseOffset + offsetLocal + 2] = (byte)(((uint)flags) >> 16);
binaryForm[baseOffset + offsetLocal + 3] = (byte)(((uint)flags) >> 24);
offsetLocal += 4;
if ((flags & ObjectAceFlags.ObjectAceTypePresent) != 0)
{
type.ToByteArray().CopyTo(binaryForm, baseOffset + offsetLocal);
offsetLocal += 16;
}
if ((flags & ObjectAceFlags.InheritedObjectAceTypePresent) != 0)
{
inheritedType.ToByteArray().CopyTo(binaryForm, baseOffset + offsetLocal);
offsetLocal += 16;
}
sid.GetBinaryForm(binaryForm, baseOffset + offsetLocal);
offsetLocal += sid.BinaryLength;
opaque.CopyTo(binaryForm, baseOffset + offsetLocal);
return new object[] { ace, binaryForm, offset };
}
internal static bool IsWellKnownSid(SecurityIdentifier sid, WellKnownSidType type)
{
if (!WellKnownSidApisSupported)
{
throw new PlatformNotSupportedException(Environment.GetResourceString("PlatformNotSupported_RequiresW2kSP3"));
}
byte[] binaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(binaryForm, 0);
if (Win32Native.IsWellKnownSid(binaryForm, (int) type) == 0)
{
return false;
}
return true;
}
public ActiveDirectoryMembershipUser(string providerName,
string name,
object providerUserKey,
string email,
string passwordQuestion,
string comment,
bool isApproved,
bool isLockedOut,
DateTime creationDate,
DateTime lastLoginDate,
DateTime lastActivityDate,
DateTime lastPasswordChangedDate,
DateTime lastLockoutDate)
:base(providerName,
name,
null,
email,
passwordQuestion,
comment,
isApproved,
isLockedOut,
creationDate,
lastLoginDate,
lastActivityDate,
lastPasswordChangedDate,
lastLockoutDate)
{
if ((providerUserKey != null) && !(providerUserKey is SecurityIdentifier))
throw new ArgumentException( SR.GetString(SR.ADMembership_InvalidProviderUserKey) , "providerUserKey" );
sid = (SecurityIdentifier) providerUserKey;
if (sid != null)
{
//
// store the sid in binary form for serialization
//
sidBinaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBinaryForm, 0);
}
}
internal static int GetWindowsAccountDomainSid(SecurityIdentifier sid, out SecurityIdentifier resultSid)
{
if (!WellKnownSidApisSupported)
{
throw new PlatformNotSupportedException(Environment.GetResourceString("PlatformNotSupported_RequiresW2kSP3"));
}
byte[] binaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(binaryForm, 0);
uint maxBinaryLength = (uint) SecurityIdentifier.MaxBinaryLength;
byte[] buffer2 = new byte[maxBinaryLength];
if (Win32Native.GetWindowsAccountDomainSid(binaryForm, buffer2, ref maxBinaryLength) != 0)
{
resultSid = new SecurityIdentifier(buffer2, 0);
return 0;
}
resultSid = null;
return Marshal.GetLastWin32Error();
}
public static bool CreateUncShare(string shareName, string localPath)
{
ManagementScope scope = new System.Management.ManagementScope(@"root\CIMV2");
scope.Connect();
using (ManagementClass wmiShare = new ManagementClass(scope, new ManagementPath("Win32_Share"), null))
{
SecurityIdentifier worldSid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
byte[] worldSidBytes = new byte[worldSid.BinaryLength];
worldSid.GetBinaryForm(worldSidBytes, 0);
using (ManagementObject wmiTrustee =
new ManagementClass(scope, new ManagementPath("Win32_Trustee"), null).CreateInstance())
{
wmiTrustee["SID"] = worldSidBytes;
using (ManagementObject wmiAce =
new ManagementClass(scope, new ManagementPath("Win32_ACE"), null).CreateInstance())
{
wmiAce["AccessMask"] = 0x0200A9; // 0x1F01FF;
wmiAce["AceFlags"] = 3;
wmiAce["AceType"] = 0;
wmiAce["Trustee"] = wmiTrustee;
using (ManagementObject secDescriptor =
new ManagementClass(scope, new ManagementPath("Win32_SecurityDescriptor"), null).CreateInstance())
{
secDescriptor["ControlFlags"] = 4;
secDescriptor["DACL"] = new ManagementObject[] { wmiAce };
using (ManagementBaseObject inParams = wmiShare.GetMethodParameters("Create"))
{
inParams["Access"] = secDescriptor;
inParams["Path"] = localPath;
inParams["Name"] = shareName;
inParams["Type"] = 0;
inParams["Description"] = "ARGUS TV Recordings";
using (ManagementBaseObject outParams = wmiShare.InvokeMethod("Create", inParams, null))
{
return ((uint)outParams["ReturnValue"] == 0);
}
}
}
}
}
}
}
public void ConstructorBinary ()
{
byte[] inForm = new byte[] {
0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x4E, 0x01,
0x00, 0x00, 0xEA, 0x00, 0x00, 0x00 };
SecurityIdentifier sid = new SecurityIdentifier (inForm, 0);
byte[] outForm = new byte[inForm.Length];
sid.GetBinaryForm (outForm, 0);
Assert.AreEqual (inForm, outForm);
}
public unsafe void IntPtrRoundtrip ()
{
SecurityIdentifier sidIn, sidOut;
byte[] binaryFormIn, binaryFormOut;
sidIn = new SecurityIdentifier ("WD");
binaryFormIn = new byte[sidIn.BinaryLength];
sidIn.GetBinaryForm (binaryFormIn, 0);
fixed (byte* pointerForm = binaryFormIn)
sidOut = new SecurityIdentifier ((IntPtr)pointerForm);
binaryFormOut = new byte[sidOut.BinaryLength];
sidOut.GetBinaryForm (binaryFormOut, 0);
Assert.AreEqual (sidIn, sidOut);
Assert.AreEqual (binaryFormIn, binaryFormOut);
}
[System.Security.SecurityCritical] // auto-generated
internal static int GetWindowsAccountDomainSid(
SecurityIdentifier sid,
out SecurityIdentifier resultSid
)
{
//
// Check if the api is supported
//
if (!WellKnownSidApisSupported) {
throw new PlatformNotSupportedException( Environment.GetResourceString( "PlatformNotSupported_RequiresW2kSP3" ));
}
//
// Passing an array as big as it can ever be is a small price to pay for
// not having to P/Invoke twice (once to get the buffer, once to get the data)
//
byte[] BinaryForm = new Byte[sid.BinaryLength];
sid.GetBinaryForm( BinaryForm, 0 );
uint sidLength = ( uint )SecurityIdentifier.MaxBinaryLength;
byte[] resultSidBinary = new byte[ sidLength ];
if ( FALSE != Win32Native.GetWindowsAccountDomainSid( BinaryForm, resultSidBinary, ref sidLength ))
{
resultSid = new SecurityIdentifier( resultSidBinary, 0 );
return Win32Native.ERROR_SUCCESS;
}
else
{
resultSid = null;
return Marshal.GetLastWin32Error();
}
}
internal static string SecurityIdentifierToLdapHexBindingString(SecurityIdentifier sid)
{
byte[] numArray = new byte[sid.BinaryLength];
sid.GetBinaryForm(numArray, 0);
StringBuilder stringBuilder = new StringBuilder();
byte[] numArray1 = numArray;
for (int i = 0; i < (int)numArray1.Length; i++)
{
byte num = numArray1[i];
stringBuilder.Append(num.ToString("x2", CultureInfo.InvariantCulture));
}
return stringBuilder.ToString();
}
internal static int SetSecurityInfo(
ResourceType type,
string name,
SafeHandle handle,
SecurityInfos securityInformation,
SecurityIdentifier owner,
SecurityIdentifier group,
GenericAcl sacl,
GenericAcl dacl)
{
int errorCode;
int Length;
byte[] OwnerBinary = null, GroupBinary = null, SaclBinary = null, DaclBinary = null;
Privilege securityPrivilege = null;
//
// Demand unmanaged code permission
// The integrator layer is free to assert this permission
// and, in turn, demand another permission of its caller
//
new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand();
if (owner != null)
{
Length = owner.BinaryLength;
OwnerBinary = new byte[Length];
owner.GetBinaryForm(OwnerBinary, 0);
}
if (@group != null)
{
Length = @group.BinaryLength;
GroupBinary = new byte[Length];
@group.GetBinaryForm(GroupBinary, 0);
}
if (dacl != null)
{
Length = dacl.BinaryLength;
DaclBinary = new byte[Length];
dacl.GetBinaryForm(DaclBinary, 0);
}
if (sacl != null)
{
Length = sacl.BinaryLength;
SaclBinary = new byte[Length];
sacl.GetBinaryForm(SaclBinary, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != 0)
{
//
// Enable security privilege if trying to set a SACL.
// Note: even setting it by handle needs this privilege enabled!
//
securityPrivilege = new Privilege(Privilege.Security);
}
// Ensure that the finally block will execute
RuntimeHelpers.PrepareConstrainedRegions();
try
{
if (securityPrivilege != null)
{
try
{
securityPrivilege.Enable();
}
catch (PrivilegeNotHeldException)
{
// we will ignore this exception and press on just in case this is a remote resource
}
}
if (name != null)
{
errorCode = (int)NativeMethods.SetSecurityInfoByName(name, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
else if (handle != null)
{
if (handle.IsInvalid)
{
throw new ArgumentException("Invalid safe handle");
}
else
{
errorCode = (int)NativeMethods.SetSecurityInfoByHandle(handle, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
}
else
{
// both are null, shouldn't happen
throw new InvalidProgramException();
}
if (errorCode == NativeMethods.ERROR_NOT_ALL_ASSIGNED ||
errorCode == NativeMethods.ERROR_PRIVILEGE_NOT_HELD)
{
throw new PrivilegeNotHeldException(Privilege.Security);
}
else if (errorCode == NativeMethods.ERROR_ACCESS_DENIED ||
errorCode == NativeMethods.ERROR_CANT_OPEN_ANONYMOUS)
{
throw new UnauthorizedAccessException();
}
else if (errorCode != NativeMethods.ERROR_SUCCESS)
{
goto Error;
}
}
catch
{
// protection against exception filter-based luring attacks
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
throw;
}
finally
{
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
}
return 0;
Error:
if (errorCode == NativeMethods.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
return errorCode;
}
internal static bool IsEqualDomainSid(SecurityIdentifier sid1, SecurityIdentifier sid2)
{
bool flag;
if (!WellKnownSidApisSupported)
{
throw new PlatformNotSupportedException(Environment.GetResourceString("PlatformNotSupported_RequiresW2kSP3"));
}
if ((sid1 == null) || (sid2 == null))
{
return false;
}
byte[] binaryForm = new byte[sid1.BinaryLength];
sid1.GetBinaryForm(binaryForm, 0);
byte[] buffer2 = new byte[sid2.BinaryLength];
sid2.GetBinaryForm(buffer2, 0);
return ((Win32Native.IsEqualDomainSid(binaryForm, buffer2, out flag) != 0) && flag);
}
[System.Security.SecurityCritical] // auto-generated
internal static bool IsEqualDomainSid( SecurityIdentifier sid1, SecurityIdentifier sid2 )
{
//
// Check if the api is supported
//
if (!WellKnownSidApisSupported) {
throw new PlatformNotSupportedException( Environment.GetResourceString( "PlatformNotSupported_RequiresW2kSP3" ));
}
if ( sid1 == null || sid2 == null )
{
return false;
}
else
{
bool result;
byte[] BinaryForm1 = new Byte[sid1.BinaryLength];
sid1.GetBinaryForm( BinaryForm1, 0 );
byte[] BinaryForm2 = new Byte[sid2.BinaryLength];
sid2.GetBinaryForm( BinaryForm2, 0 );
return ( Win32Native.IsEqualDomainSid( BinaryForm1, BinaryForm2, out result ) == FALSE ? false : result );
}
}
public void SecurityIdentifierExtensions_GetBinaryForm_Test3()
{
SecurityIdentifier sid1 = new SecurityIdentifier("S-1-5-21-3180365339-800773672-3767752645-1234");
SecurityIdentifier sid2 = sid1.GetBinaryForm(false).ToSecurityIdentifier(false);
Assert.AreEqual(sid1, sid2);
}
[System.Security.SecurityCritical] // auto-generated
internal static bool IsWellKnownSid(
SecurityIdentifier sid,
WellKnownSidType type
)
{
//
// Check if the api is supported
//
if (!WellKnownSidApisSupported) {
throw new PlatformNotSupportedException( Environment.GetResourceString( "PlatformNotSupported_RequiresW2kSP3" ));
}
byte[] BinaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm( BinaryForm, 0 );
if ( FALSE == Win32Native.IsWellKnownSid( BinaryForm, ( int )type ))
{
return false;
}
else
{
return true;
}
}
static void SerializeSid(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
{
byte[] sidBytes = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBytes, 0);
writer.WriteBase64(sidBytes, 0, sidBytes.Length);
}
//
// Wrapper around advapi32.SetNamedSecurityInfoW and advapi32.SetSecurityInfo
//
internal static int SetSecurityInfo(
ResourceType type,
string name,
SafeHandle handle,
SecurityInfos securityInformation,
SecurityIdentifier owner,
SecurityIdentifier group,
GenericAcl sacl,
GenericAcl dacl)
{
int errorCode;
int Length;
byte[] OwnerBinary = null, GroupBinary = null, SaclBinary = null, DaclBinary = null;
Privilege securityPrivilege = null;
if (owner != null)
{
Length = owner.BinaryLength;
OwnerBinary = new byte[Length];
owner.GetBinaryForm(OwnerBinary, 0);
}
if (group != null)
{
Length = group.BinaryLength;
GroupBinary = new byte[Length];
group.GetBinaryForm(GroupBinary, 0);
}
if (dacl != null)
{
Length = dacl.BinaryLength;
DaclBinary = new byte[Length];
dacl.GetBinaryForm(DaclBinary, 0);
}
if (sacl != null)
{
Length = sacl.BinaryLength;
SaclBinary = new byte[Length];
sacl.GetBinaryForm(SaclBinary, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != 0)
{
//
// Enable security privilege if trying to set a SACL.
// Note: even setting it by handle needs this privilege enabled!
//
securityPrivilege = new Privilege(Privilege.Security);
}
try
{
if (securityPrivilege != null)
{
try
{
securityPrivilege.Enable();
}
catch (PrivilegeNotHeldException)
{
// we will ignore this exception and press on just in case this is a remote resource
}
}
if (name != null)
{
errorCode = (int)Interop.mincore.SetSecurityInfoByName(name, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
else if (handle != null)
{
if (handle.IsInvalid)
{
throw new ArgumentException(
SR.Argument_InvalidSafeHandle,
nameof(handle));
}
else
{
errorCode = (int)Interop.mincore.SetSecurityInfoByHandle(handle, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
}
else
{
// both are null, shouldn't happen
Contract.Assert(false, "Internal error: both name and handle are null");
throw new ArgumentException();
}
if (errorCode == Interop.mincore.Errors.ERROR_NOT_ALL_ASSIGNED ||
errorCode == Interop.mincore.Errors.ERROR_PRIVILEGE_NOT_HELD)
{
throw new PrivilegeNotHeldException(Privilege.Security);
}
else if (errorCode == Interop.mincore.Errors.ERROR_ACCESS_DENIED ||
errorCode == Interop.mincore.Errors.ERROR_CANT_OPEN_ANONYMOUS)
{
throw new UnauthorizedAccessException();
}
else if (errorCode != Interop.mincore.Errors.ERROR_SUCCESS)
{
goto Error;
}
}
catch
{
// protection against exception filter-based luring attacks
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
throw;
}
finally
{
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
}
return 0;
Error:
if (errorCode == Interop.mincore.Errors.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
return errorCode;
}
static void WriteSidAttribute(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
{
byte[] sidBytes = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBytes, 0);
writer.WriteAttributeString(dictionary.Sid, dictionary.EmptyString, Convert.ToBase64String(sidBytes));
}
