/// <summary> /// Constructor /// </summary> /// <param name="base_object">Base object for security descriptor</param> /// <param name="token">Token for determining user rights</param> /// <param name="is_directory">True if a directory security descriptor</param> public SecurityDescriptor(NtObject base_object, NtToken token, bool is_directory) : this() { if ((base_object == null) && (token == null)) { throw new ArgumentNullException(); } SecurityDescriptor parent_sd = null; if (base_object != null) { parent_sd = base_object.SecurityDescriptor; } SecurityDescriptor creator_sd = null; if (token != null) { creator_sd = new SecurityDescriptor { Owner = new SecurityDescriptorSid(token.Owner, false), Group = new SecurityDescriptorSid(token.PrimaryGroup, false), Dacl = token.DefaultDacl }; } NtType type = base_object.NtType; SafeBuffer parent_sd_buffer = SafeHGlobalBuffer.Null; SafeBuffer creator_sd_buffer = SafeHGlobalBuffer.Null; SafeSecurityObjectBuffer security_obj = null; try { if (parent_sd != null) { parent_sd_buffer = parent_sd.ToSafeBuffer(); } if (creator_sd != null) { creator_sd_buffer = creator_sd.ToSafeBuffer(); } GenericMapping mapping = type.GenericMapping; NtRtl.RtlNewSecurityObject(parent_sd_buffer, creator_sd_buffer, out security_obj, is_directory, token.GetHandle(), ref mapping).ToNtException(); ParseSecurityDescriptor(security_obj); } finally { parent_sd_buffer?.Close(); creator_sd_buffer?.Close(); security_obj?.Close(); } }
public static NtResult <NtToken> CreateAppContainerToken(NtToken token, Sid appcontainer_sid, IEnumerable <Sid> capabilities, bool throw_on_error) { using (var resources = new DisposableList()) { SECURITY_CAPABILITIES caps = Win32Utils.CreateSecuityCapabilities(appcontainer_sid, capabilities ?? new Sid[0], resources); if (!Win32NativeMethods.CreateAppContainerToken(token.GetHandle(), ref caps, out SafeKernelObjectHandle new_token)) { return(Win32Utils.GetLastWin32Error().CreateResultFromDosError <NtToken>(throw_on_error)); } return(NtToken.FromHandle(new_token).CreateResult()); } }