/// <summary>
/// Constructor
/// </summary>
/// <param name="base_object">Base object for security descriptor</param>
/// <param name="token">Token for determining user rights</param>
/// <param name="is_directory">True if a directory security descriptor</param>
public SecurityDescriptor(NtObject base_object, NtToken token, bool is_directory) : this()
{
if ((base_object == null) && (token == null))
{
throw new ArgumentNullException();
}
SecurityDescriptor parent_sd = null;
if (base_object != null)
{
parent_sd = base_object.SecurityDescriptor;
}
SecurityDescriptor creator_sd = null;
if (token != null)
{
creator_sd = new SecurityDescriptor
{
Owner = new SecurityDescriptorSid(token.Owner, false),
Group = new SecurityDescriptorSid(token.PrimaryGroup, false),
Dacl = token.DefaultDacl
};
}
NtType type = base_object.NtType;
SafeBuffer parent_sd_buffer = SafeHGlobalBuffer.Null;
SafeBuffer creator_sd_buffer = SafeHGlobalBuffer.Null;
SafeSecurityObjectBuffer security_obj = null;
try
{
if (parent_sd != null)
{
parent_sd_buffer = parent_sd.ToSafeBuffer();
}
if (creator_sd != null)
{
creator_sd_buffer = creator_sd.ToSafeBuffer();
}
GenericMapping mapping = type.GenericMapping;
NtRtl.RtlNewSecurityObject(parent_sd_buffer, creator_sd_buffer, out security_obj, is_directory,
token.GetHandle(), ref mapping).ToNtException();
ParseSecurityDescriptor(security_obj);
}
finally
{
parent_sd_buffer?.Close();
creator_sd_buffer?.Close();
security_obj?.Close();
}
}
public static NtResult <NtToken> CreateAppContainerToken(NtToken token, Sid appcontainer_sid,
IEnumerable <Sid> capabilities, bool throw_on_error)
{
using (var resources = new DisposableList())
{
SECURITY_CAPABILITIES caps = Win32Utils.CreateSecuityCapabilities(appcontainer_sid, capabilities ?? new Sid[0], resources);
if (!Win32NativeMethods.CreateAppContainerToken(token.GetHandle(), ref caps, out SafeKernelObjectHandle new_token))
{
return(Win32Utils.GetLastWin32Error().CreateResultFromDosError <NtToken>(throw_on_error));
}
return(NtToken.FromHandle(new_token).CreateResult());
}
}
