/// <summary>
/// Process Record.
/// </summary>
protected override void ProcessRecord()
{
if (SecurityDescriptor == null)
{
SecurityDescriptor = new SecurityDescriptor();
if (SecurityInformation.HasFlag(SecurityInformation.Dacl))
{
SecurityDescriptor.Dacl = new Acl();
}
if (SecurityInformation.HasFlag(SecurityInformation.Sacl))
{
SecurityDescriptor.Sacl = new Acl();
}
}
bool do_callback = ShowProgress || PassThru;
TreeProgressFunction fn = ProgressFunction;
NtStatus status = Win32Security.ResetSecurityInfo(Name, Type, SecurityInformation, SecurityDescriptor, do_callback ? fn : null,
ShowProgress ? ProgressInvokeSetting.PrePostError : ProgressInvokeSetting.EveryObject, KeepExplicit, !PassThru);
if (!PassThru)
{
status.ToNtException();
}
}
internal SecurityDescriptorInheritanceSource(
Ace ace, INHERITED_FROM inherited_from, SeObjectType type,
NtType native_type,
bool container,
bool query_security, bool sacl)
{
InheritedAce = ace;
if (native_type != null)
{
Access = NtSecurity.AccessMaskToString(ace.Mask, container
? native_type.ContainerAccessRightsType
: native_type.AccessRightsType,
native_type.GenericMapping, false);
GenericAccess = NtSecurity.AccessMaskToString(ace.Mask, container
? native_type.ContainerAccessRightsType
: native_type.AccessRightsType,
native_type.GenericMapping, true);
}
else
{
Access = NtSecurity.AccessMaskToString(ace.Mask.ToGenericAccess());
GenericAccess = NtSecurity.AccessMaskToString(ace.Mask.ToGenericAccess());
}
Depth = inherited_from.GenerationGap;
Name = Marshal.PtrToStringUni(inherited_from.AncestorName);
if (query_security && Name != null)
{
SecurityInformation sec_info = sacl ? SecurityInformation.All : SecurityInformation.AllNoSacl;
var sd = Win32Security.GetSecurityInfo(Name, type, sec_info, false);
if (sd.IsSuccess)
{
SecurityDescriptor = sd.Result;
}
}
}
/// <summary>
/// Checks to see if a path can become an iFolder.
/// </summary>
/// <param name="path">The path that is tested.</param>
/// <returns>The method returns <b>true</b> if the specified path can become an ifolder; otherwise, <b>false</b>.</returns>
public bool CanBeiFolder([MarshalAs(UnmanagedType.LPWStr)] string path)
{
try
{
// Make sure the user has read/write access to the directory.
if (Win32Security.AccessAllowed(path))
{
connectToWebService();
if (ifWebService != null)
{
return(ifWebService.CanBeiFolder(path));
}
}
}
catch (WebException e)
{
ifWebService = null;
if (e.Status == WebExceptionStatus.ProtocolError)
{
LocalService.ClearCredentials();
}
}
catch (Exception e)
{
System.Diagnostics.Debug.WriteLine("Caught exception - " + e.Message);
}
return(false);
}
private static void AllowFileAccess(AppContainerProfile container, string folder, FileAccessRights accessRights)
{
var securityInfo = Win32Security.GetSecurityInfo(
folder,
SeObjectType.File,
SecurityInformation.Dacl);
var existingAce = securityInfo.Dacl.FirstOrDefault(d => d.Sid == container.Sid);
if (existingAce is not null &&
existingAce.Type == AceType.Allowed &&
existingAce.Mask == accessRights &&
existingAce.Flags == (AceFlags.ContainerInherit | AceFlags.ObjectInherit))
{
// Ace already exists.
return;
}
var ace = new Ace(
AceType.Allowed,
AceFlags.ContainerInherit | AceFlags.ObjectInherit,
accessRights,
container.Sid);
securityInfo.AddAce(ace);
Win32Security.SetSecurityInfo(
folder,
SeObjectType.File,
SecurityInformation.Dacl,
securityInfo,
true);
}
private void SetNamedSecurityInfo()
{
bool do_callback = ShowProgress || PassThru;
if (Type == SeObjectType.Service)
{
SecurityInformation &= SecurityInformation.Owner |
SecurityInformation.Group | SecurityInformation.Dacl |
SecurityInformation.Label | SecurityInformation.Sacl;
}
string path = Name;
if (Type == SeObjectType.File)
{
path = PSUtils.ResolveWin32Path(SessionState, path, false);
}
if (do_callback || Action != TreeSecInfo.Set)
{
TreeProgressFunction fn = ProgressFunction;
NtStatus status = Win32Security.SetSecurityInfo(path, Type, SecurityInformation, SecurityDescriptor, Action, do_callback ? fn : null,
ShowProgress ? ProgressInvokeSetting.PrePostError : ProgressInvokeSetting.EveryObject, !PassThru);
if (!PassThru)
{
status.ToNtException();
}
}
else
{
Win32Security.SetSecurityInfo(path, Type, SecurityInformation, SecurityDescriptor);
}
}
/// <summary>
/// Abstract method to get the NT type for the access check.
/// </summary>
/// <returns>The NT type.</returns>
protected override NtType GetNtType()
{
if (Type == SeObjectType.Printer)
{
return(PrintSpoolerUtils.GetTypeForPath(Name));
}
return(Win32Security.GetNativeType(Type));
}
internal AccountRight(string system_name, string name, List <Sid> cached_sids)
{
Name = name;
_display_name = new Lazy <string>(() => Win32Security.LookupPrivilegeDisplayName(system_name, name));
_cached_sids = cached_sids;
_sids = new Lazy <List <Sid> >(() => GetSids(system_name, name, false).GetResultOrDefault(new List <Sid>()));
_system_name = system_name;
}
private GenericMapping GetGenericMapping()
{
if (GenericMapping.HasValue)
{
return(GenericMapping.Value);
}
return(Win32Security.GetNativeType(Type)?.GenericMapping
?? throw new ArgumentException("Must specify a Generic Mapping for the type"));
}
/// <summary>
/// Process Record.
/// </summary>
protected override void ProcessRecord()
{
if (SecurityDescriptor == null)
{
SecurityDescriptor = Win32Security.GetSecurityInfo(Name, Type,
Sacl ? SecurityInformation.All : SecurityInformation.AllNoSacl);
}
WriteObject(Win32Security.GetInheritanceSource(Name, Type, IsContainer(), ObjectType,
SecurityDescriptor, Sacl, GetGenericMapping(), QuerySecurity), true);
}
/// <summary>
/// Abstract method to get the security descriptor for access checking.
/// </summary>
/// <returns>The security descriptor.</returns>
protected override SecurityDescriptor GetSecurityDescriptor()
{
SecurityInformation security_info = SecurityInformation.AllBasic;
if (Type == SeObjectType.Service)
{
security_info = SecurityInformation.Owner |
SecurityInformation.Group | SecurityInformation.Dacl |
SecurityInformation.Label | SecurityInformation.Sacl;
}
return(Win32Security.GetSecurityInfo(GetPath(), Type, security_info));
}
private void GetServiceToken(string name)
{
try
{
IEnumerable <UserGroup> groups = GetServiceSids();
TokenForm.OpenForm(Win32Security.LsaLogonUser(name, "NT AUTHORITY", null,
SecurityLogonType.Service, Logon32Provider.Default, groups), "Service", false);
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private void btnTestS4U_Click(object sender, EventArgs e)
{
try
{
SecurityLogonType logon_type = (SecurityLogonType)comboBoxS4ULogonType.SelectedItem;
if (radioLUNormal.Checked)
{
SecureString str = new SecureString();
foreach (var ch in txtLUPassword.Text)
{
str.AppendChar(ch);
}
switch (logon_type)
{
case SecurityLogonType.Batch:
case SecurityLogonType.Interactive:
case SecurityLogonType.Network:
case SecurityLogonType.NetworkCleartext:
case SecurityLogonType.NewCredentials:
case SecurityLogonType.Service:
break;
default:
throw new ArgumentException("Invalid logon type for Logon");
}
using (NtToken token = Win32Security.LsaLogonUser(txtS4UUserName.Text, txtS4URealm.Text, str, logon_type, Logon32Provider.Default))
{
TokenForm.OpenForm(token, "LogonUser", true);
}
}
else
{
using (NtToken token = TokenUtils.GetLogonS4UToken(txtS4UUserName.Text, txtS4URealm.Text, logon_type))
{
TokenForm.OpenForm(token, "S4U", true);
}
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
/// <summary>
/// Process Record.
/// </summary>
protected override void ProcessRecord()
{
switch (ParameterSetName)
{
case "FromName":
SetNamedSecurityInfo();
break;
case "FromObject":
Win32Security.SetSecurityInfo(Object, Type, SecurityInformation, SecurityDescriptor);
break;
case "FromHandle":
Win32Security.SetSecurityInfo(Handle, Type, SecurityInformation, SecurityDescriptor);
break;
}
}
private NtToken GetLogonToken(TokenAccessRights desired_access, string user,
string domain, SecureString password, SecurityLogonType logon_type)
{
IEnumerable <UserGroup> groups = null;
if (AdditionalGroup != null && AdditionalGroup.Length > 0)
{
groups = AdditionalGroup.Select(s => new UserGroup(s,
GetAttributes(s)));
}
using (NtToken token = Win32Security.LsaLogonUser(user, domain, password, logon_type, LogonProvider, groups))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
private void SetNamedSecurityInfo()
{
bool do_callback = ShowProgress || PassThru;
if (do_callback || Action != TreeSecInfo.Set)
{
TreeProgressFunction fn = ProgressFunction;
NtStatus status = Win32Security.SetSecurityInfo(Name, Type, SecurityInformation, SecurityDescriptor, Action, do_callback ? fn : null,
ShowProgress ? ProgressInvokeSetting.PrePostError : ProgressInvokeSetting.EveryObject, !PassThru);
if (!PassThru)
{
status.ToNtException();
}
}
else
{
Win32Security.SetSecurityInfo(Name, Type, SecurityInformation, SecurityDescriptor);
}
}
/// <summary>
/// Process Record.
/// </summary>
protected override void ProcessRecord()
{
SecurityDescriptor sd = null;
switch (ParameterSetName)
{
case "FromName":
string path = Name;
if (Type == SeObjectType.File)
{
path = PSUtils.ResolveWin32Path(SessionState, Name, false);
}
if (Type == SeObjectType.Service)
{
SecurityInformation &= SecurityInformation.Owner |
SecurityInformation.Group | SecurityInformation.Dacl | SecurityInformation.Label;
if (Name == ".")
{
sd = ServiceUtils.GetScmSecurityDescriptor(SecurityInformation);
break;
}
}
sd = Win32Security.GetSecurityInfo(path, Type, SecurityInformation);
break;
case "FromObject":
sd = Win32Security.GetSecurityInfo(Object.Handle, Type, SecurityInformation);
break;
case "FromHandle":
sd = Win32Security.GetSecurityInfo(Handle, Type, SecurityInformation);
break;
}
if (sd != null)
{
WriteObject(sd);
}
}
/// <summary>
/// Process Record.
/// </summary>
protected override void ProcessRecord()
{
SecurityDescriptor sd = null;
switch (ParameterSetName)
{
case "FromName":
sd = Win32Security.GetSecurityInfo(Name, Type, SecurityInformation);
break;
case "FromObject":
sd = Win32Security.GetSecurityInfo(Object.Handle, Type, SecurityInformation);
break;
case "FromHandle":
sd = Win32Security.GetSecurityInfo(Handle, Type, SecurityInformation);
break;
}
if (sd != null)
{
WriteObject(sd);
}
}
private static NtToken GetSystemToken()
{
NtToken.EnableDebugPrivilege();
using (var ps = NtProcess.GetProcesses(ProcessAccessRights.QueryLimitedInformation).ToDisposableList())
{
Sid local_system = KnownSids.LocalSystem;
foreach (var p in ps)
{
using (var result = NtToken.OpenProcessToken(p, TokenAccessRights.Query | TokenAccessRights.Duplicate, false))
{
if (!result.IsSuccess)
{
continue;
}
var token = result.Result;
if (token.User.Sid == local_system &&
!token.Filtered &&
token.GetPrivilege(TokenPrivilegeValue.SeTcbPrivilege) != null &&
token.IntegrityLevel == TokenIntegrityLevel.System)
{
using (var imp_token = token.DuplicateToken(SecurityImpersonationLevel.Impersonation))
{
if (imp_token.SetPrivilege(TokenPrivilegeValue.SeTcbPrivilege, PrivilegeAttributes.Enabled))
{
using (imp_token.Impersonate())
{
return(Win32Security.LsaLogonUser("SYSTEM", "NT AUTHORITY", null,
SecurityLogonType.Service, Logon32Provider.Default, false).GetResultOrDefault());
}
}
}
}
}
}
}
return(null);
}
public static NtResult <NtToken> Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider,
IEnumerable <UserGroup> groups, bool throw_on_error)
{
return(Win32Security.LsaLogonUser(user, domain, password.ToSecureString(), type, provider, groups, throw_on_error));
}
/// <summary>
/// Function to resolve the conflict
/// </summary>
/// <param name="localCopy"></param>
private void enhancedConflictResolve(bool localCopy)
{
string path = null;
foreach (ListViewItem lvi in conflictsView.SelectedItems)
{
Conflicts conflicts = (Conflicts)lvi.Tag;
if (!conflicts.ServerConflict.IsNameConflict)
{
try
{
// Display a warning and return if the user has not specified the conflict bin path
if (conflictBinEnable.Checked)
{
if (pathTxtBox.Text == "")
{
MyMessageBox mmb = new MyMessageBox(resources.GetString("emptyConflictBinMsg"), resources.GetString("emptyConflictBinTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error);
mmb.ShowDialog();
return;
}
path = pathTxtBox.Text;
if (!path.EndsWith(resources.GetString("pathSeparator")))
{
path = path + resources.GetString("pathSeparator");
}
if (!Directory.Exists(path))
{
try
{
Directory.CreateDirectory(path);
}
catch
{
MyMessageBox mmb = new MyMessageBox(resources.GetString("invalidConflictBinMsg"), resources.GetString("invalidConflictBinTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error);
mmb.ShowDialog();
return;
}
}
// Check to make sure the user has rights to this directory.
if (!Win32Security.AccessAllowed(path))
{
MyMessageBox mmb = new MyMessageBox(resources.GetString("accessDenied"), resources.GetString("accessDeniedTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error);
mmb.ShowDialog();
return;
}
else
{
ifWebService.ResolveEnhancedFileConflict(ifolder.ID, conflicts.ServerConflict.ConflictID, localCopy, path);
}
//ifWebService.ResolveEnhancedFileConflict(ifolder.ID, conflicts.ServerConflict.ConflictID, localCopy, path);
}
else
{
ifWebService.ResolveEnhancedFileConflict(ifolder.ID, conflicts.ServerConflict.ConflictID, localCopy, string.Empty);
}
lvi.Remove();
}
catch (Exception ex)
{
MyMessageBox mmb = new MyMessageBox(conflictErrorMsg, conflictErrorTitle, ex.Message, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error);
mmb.ShowDialog();
}
}
}
if (conflictsView.Items.Count == 0)
{
// If all the conflicts have been resolved, fire the ConflictsResolved event.
InvokeConflictResolvedEvent(this, new EventArgs());
}
}
/// <summary>
/// Event Handler for OK button click
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void ok_Click(object sender, System.EventArgs e)
{
successful = true;
if (GetDriveType(Path.GetPathRoot(iFolderLocation.Text)) == DRIVE_FIXED)
{
if (!Directory.Exists(iFolderLocation.Text))
{
// If a leaf node is specified, the directory will be created
// under the current working directory ... display this path.
bool parentExists = false;
string parent = Path.GetDirectoryName(iFolderLocation.Text);
while ((parent != null) && !parent.Equals(string.Empty))
{
if (Directory.Exists(parent))
{
iFolderLocation.Text = iFolderLocation.Text.Replace(parent, CreateiFolder.FixPath(parent));
parentExists = true;
break;
}
parent = Path.GetDirectoryName(parent);
}
if (!parentExists)
{
iFolderLocation.Text = Path.Combine(Environment.CurrentDirectory, iFolderLocation.Text);
}
// The directory doesn't exist ...
if (MessageBox.Show(resourceManager.GetString("createDirectoryMessage"), resourceManager.GetString("createDirectoryTitle"), MessageBoxButtons.YesNo, MessageBoxIcon.Question, MessageBoxDefaultButton.Button1) == DialogResult.Yes)
{
// Create the directory.
try
{
Directory.CreateDirectory(iFolderLocation.Text);
}
catch (Exception ex)
{
MyMessageBox mmb = new MyMessageBox(resourceManager.GetString("createDirectoryError"), string.Empty, ex.Message, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error);
mmb.ShowDialog();
iFolderLocation.Focus();
successful = false;
}
}
else
{
iFolderLocation.Focus();
successful = false;
}
}
if (successful)
{
// Check to make sure the user has rights to this directory.
if (Win32Security.AccessAllowed(iFolderLocation.Text))
{
try
{
// Display wait cursor.
Cursor = Cursors.WaitCursor;
// Accept the invitation.
ifWebService.AcceptiFolderInvitation(ifolder.DomainID, ifolder.ID, iFolderLocation.Text);
Cursor = Cursors.Default;
}
catch (Exception ex)
{
Cursor = Cursors.Default;
MyMessageBox mmb;
if (ex.Message.IndexOf("PathExists") != -1)
{
mmb = new MyMessageBox(resourceManager.GetString("pathExistsError"), resourceManager.GetString("pathInvalidErrorTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error);
mmb.ShowDialog();
iFolderLocation.Focus();
}
else if (ex.Message.IndexOf("AtOrInsideStorePath") != -1)
{
mmb = new MyMessageBox(resourceManager.GetString("pathInStoreError"), resourceManager.GetString("pathInvalidErrorTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error);
mmb.ShowDialog();
iFolderLocation.Focus();
}
else if (ex.Message.IndexOf("AtOrInsideCollectionPath") != -1)
{
mmb = new MyMessageBox(resourceManager.GetString("pathIniFolderError"), resourceManager.GetString("pathInvalidErrorTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error);
mmb.ShowDialog();
iFolderLocation.Focus();
}
else if (ex.Message.IndexOf("IncludesWinDirPath") != -1)
{
mmb = new MyMessageBox(resourceManager.GetString("pathIncludesWinDirError"), resourceManager.GetString("pathInvalidErrorTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error);
mmb.ShowDialog();
iFolderLocation.Focus();
}
else if (ex.Message.IndexOf("IncludesProgFilesPath") != -1)
{
mmb = new MyMessageBox(resourceManager.GetString("pathIncludesProgFilesDirError"), resourceManager.GetString("pathInvalidErrorTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error);
mmb.ShowDialog();
iFolderLocation.Focus();
}
else
{
mmb = new MyMessageBox(resourceManager.GetString("acceptError"), string.Empty, ex.Message, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error);
mmb.ShowDialog();
}
successful = false;
}
}
else
{
successful = false;
MyMessageBox mmb = new MyMessageBox(resourceManager.GetString("accessDenied"), string.Empty, string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error);
mmb.ShowDialog();
}
}
}
else
{
MessageBox.Show(resourceManager.GetString("networkPath"), resourceManager.GetString("pathInvalidErrorTitle"));
iFolderLocation.Focus();
successful = false;
}
}
