Пример #1
0
        public static Boolean CreateDir(String strSitePath, String strUserName)
        {
            Boolean bOk;
            try
            {
                Directory.CreateDirectory(strSitePath);
                SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
                Dacl dacl = secDesc.Dacl;
                Sid sidUser = new Sid (strUserName);

                // allow: folder, subfolder and files
                // modify
                dacl.AddAce (new AceAccessAllowed (sidUser, AccessType.GENERIC_WRITE | AccessType.GENERIC_READ | AccessType.DELETE | AccessType.GENERIC_EXECUTE , AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE));

                // deny: this folder
                // write attribs
                // write extended attribs
                // delete
                // change permissions
                // take ownership
                DirectoryAccessType DAType = DirectoryAccessType.FILE_WRITE_ATTRIBUTES | DirectoryAccessType.FILE_WRITE_EA | DirectoryAccessType.DELETE | DirectoryAccessType.WRITE_OWNER | DirectoryAccessType.WRITE_DAC;
                AccessType AType = (AccessType)DAType;
                dacl.AddAce (new AceAccessDenied (sidUser, AType));
                secDesc.SetDacl(dacl);
                secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
                bOk = true;
            }
            catch
            {
                bOk = false;
            }
            return bOk;
        }
Пример #2
0
 public void SetOwner(Sid owner)
 {
     SetOwner(owner, false);
 }
Пример #3
0
 public void SetGroup(Sid group, bool defaulted)
 {
     UnsafeSetGroup(this, group, defaulted);
 }
Пример #4
0
 public void SetGroup(Sid group)
 {
     SetGroup(group, false);
 }
Пример #5
0
 internal TokenGroup(MemoryMarshaler m)
 {
     SID_AND_ATTRIBUTES sa = (SID_AND_ATTRIBUTES)m.ParseStruct(typeof(SID_AND_ATTRIBUTES));
     _sid = new Sid(sa.Sid);
     _attributes = (GroupAttributes)sa.Attributes;
 }
Пример #6
0
 public void SetOwner(Sid owner, bool bDefaulted)
 {
     UnsafeSetOwner(this, owner, bDefaulted);
 }
Пример #7
0
        internal static unsafe void UnsafeSetSecurityInfo(
			HANDLE handle,
			SE_OBJECT_TYPE ObjectType,
			SECURITY_INFORMATION SecurityInfo,
			Sid sidOwner,
			Sid sidGroup,
			Dacl dacl,
			Sacl sacl)
        {
            fixed(byte *pSidOwner = (sidOwner != null ? sidOwner.GetNativeSID() : null))
            {
                fixed(byte *pSidGroup = (sidGroup != null ? sidGroup.GetNativeSID() : null))
                {
                    fixed(byte *pDacl = (dacl != null ? dacl.GetNativeACL() : null))
                    {
                        fixed(byte *pSacl = (sacl != null ? sacl.GetNativeACL() : null))
                        {
                            DWORD rc = Win32.SetSecurityInfo(handle, ObjectType, SecurityInfo,
                                (IntPtr)pSidOwner, (IntPtr)pSidGroup, (IntPtr)pDacl, (IntPtr)pSacl);
                            if (rc != Win32.ERROR_SUCCESS)
                            {
                                Win32.SetLastError(rc);
                                Win32.ThrowLastError();
                            }
                        }
                    }
                }
            }
        }
Пример #8
0
        public static void SetNamedSecurityInfo(
			string objectName,
			SE_OBJECT_TYPE objectType,
			SECURITY_INFORMATION securityInfo,
			Sid sidOwner,
			Sid sidGroup,
			Dacl dacl,
			Sacl sacl)
        {
            UnsafeSetNamedSecurityInfo (objectName, objectType, securityInfo,
                sidOwner, sidGroup, dacl, sacl);
        }
Пример #9
0
		private static unsafe bool UnsafeEqualsPrefixSids(Sid s1, Sid s2)
		{
            if (object.ReferenceEquals(s1, null) && object.ReferenceEquals(s2, null))
                return true;

			if (object.ReferenceEquals(s1, null) || object.ReferenceEquals(s2, null))
				return false;

			if (!s1.IsValid)
				return false;

			if (!s2.IsValid)
				return false;

			fixed(byte *psid1 = s1._psid, psid2 = s2._psid)
			{
				IntPtr psid1Ptr = (IntPtr)psid1;
				IntPtr psid2Ptr = (IntPtr)psid2;

				BOOL rc = Win32.EqualPrefixSid(psid1Ptr, psid2Ptr);
				return (rc != Win32.FALSE);
			}
		}
Пример #10
0
 protected void BaseInit(ACE_HEADER header, AccessType accessType, Sid sid)
 {
     _header = header;
     _accessType = accessType;
     _sid = sid;
 }
Пример #11
0
        protected void BaseInit(AceType type, int size, AceFlags flags, Sid sid, AccessType accessType)
        {
            if (size >= ushort.MaxValue)
                throw new ArgumentException("Ace size is limited to an 16-bit integer", "size");
            if (size <= ACE_HEADER.SizeOf)
                throw new ArgumentException("Ace size must be at least the size of an ACE_HEADER", "size");

            _header.AceType = type;
            _header.AceSize = (ushort)size;
            _header.AceFlags = flags;
            _accessType = accessType;
            _sid = sid;
        }
Пример #12
0
    private static void AddAceForAccount(Dacl dacl, string account)
    {
      bool accountExists = true;

      Sid sid = null; 
      try
      {
        sid = new Sid(account); 
      }
      catch (COMException)
      {
        accountExists = false; 
      }

      if (accountExists)
      {
        AceAccessAllowed netAce = new AceAccessAllowed(sid, AccessType.GENERIC_ALL, AceFlags.CONTAINER_INHERIT_ACE | AceFlags.OBJECT_INHERIT_ACE); 
        dacl.AddAce(netAce); 
      }

    }
Пример #13
0
 public void SetGroup(Sid group, bool defaulted)
 {
     UnsafeSetGroup(this, group, defaulted);
 }
Пример #14
0
 public void SetGroup(Sid group)
 {
     SetGroup(group, false);
 }
Пример #15
0
 public void SetOwner(Sid owner, bool bDefaulted)
 {
     UnsafeSetOwner(this, owner, bDefaulted);
 }
Пример #16
0
		public bool EqualsPrefix(Sid other)
		{
			return UnsafeEqualsPrefixSids(this, other);
		}
Пример #17
0
        private static unsafe void UnsafeSetOwner(SecurityDescriptor secDesc, Sid owner, bool defaulted)
        {
            if (! owner.IsValid)
            throw new ArgumentException("SID must be valid to set as owner of a security descriptor", "owner");

              secDesc.MakeAbsolute();

              // First we have to get a copy of the old owner ptr, so that
              // we can free it if everything goes well.
              BOOL rc;
              IntPtr pOldOwner;
              if(!secDesc.IsNull)
              {
            BOOL oldDefaulted;
            rc = Win32.GetSecurityDescriptorOwner(secDesc._secDesc, out pOldOwner, out oldDefaulted);
            Win32.CheckCall(rc);
              }
              else
              {
            secDesc.AllocateAndInitializeSecurityDescriptor();
            pOldOwner = IntPtr.Zero;
              }

              DWORD cbSidSize = (DWORD)owner.Size;
              IntPtr pNewOwner = Win32.AllocGlobal(cbSidSize);
              try
              {
            // Copy the SID content to pNewOwner memory
            fixed (byte *pNewSid = owner.GetNativeSID())
            {
              rc = Win32.CopySid(cbSidSize, pNewOwner, (IntPtr)pNewSid);
              Win32.CheckCall(rc);
            }
            // Set the new owner SID
            rc = Win32.SetSecurityDescriptorOwner(secDesc._secDesc,
              pNewOwner, (defaulted ? Win32.TRUE : Win32.FALSE));
            Win32.CheckCall(rc);

            // Now, we can free the old owner
            Win32.FreeGlobal(pOldOwner);
              }
              catch
              {
            Win32.FreeGlobal(pNewOwner);
            throw;
              }
        }
Пример #18
0
        /// <summary>
        ///  Remove all ACEs having 'sid' as their sid.
        /// </summary>
        /// <param name="sid"></param>
        /// <returns></returns>
        public bool RemoveAces(Sid sid)
        {
            if (IsNull)
                return false;

            // Remove from end to start to avoid indices issues
            bool found = false;
            for(int i = AceCount - 1; i >= 0; i--)
            {
                if (GetAce(i).Sid == sid)
                {
                    found = true;
                    _aces.RemoveAt(i);
                }
            }

            // If at least one was remove, mark us as "Dirty"
            if (found)
                Dirty();

            return found;
        }
Пример #19
0
        public static void SetSecurityInfo(
			HANDLE handle,
			SE_OBJECT_TYPE ObjectType,
			SECURITY_INFORMATION SecurityInfo,
			Sid sidOwner,
			Sid sidGroup,
			Dacl dacl,
			Sacl sacl)
        {
            UnsafeSetSecurityInfo (handle, ObjectType, SecurityInfo,
                sidOwner, sidGroup, dacl, sacl);
        }
Пример #20
0
		internal unsafe static void UnsafeSetNamedSecurityInfo(
			string objectName,
			SE_OBJECT_TYPE objectType,
			SECURITY_INFORMATION securityInfo,
			Sid sidOwner,
			Sid sidGroup,
			Dacl dacl,
			Sacl sacl)
		{
            byte[] pSidOwner = (sidOwner != null) ? sidOwner.GetNativeSID() : null;
            byte[] pSidGroup = (sidGroup != null) ? sidGroup.GetNativeSID() : null;
            byte[] pDacl = (dacl != null) ? dacl.GetNativeACL() : null;
            byte[] pSacl = (sacl != null) ? sacl.GetNativeACL() : null;

            DWORD rc = Win32.SetNamedSecurityInfo(objectName, objectType, securityInfo,
              pSidOwner, pSidGroup, pDacl, pSacl);

            if (rc != Win32.ERROR_SUCCESS)
            {
                Win32.SetLastError(rc);
                Win32.ThrowLastError();
            }
		}
Пример #21
0
 public void SetOwner(Sid owner)
 {
     SetOwner(owner, false);
 }
Пример #22
-4
        public static void GetSecurityInfo(
			HANDLE handle,
			SE_OBJECT_TYPE objectType,
			SECURITY_INFORMATION securityInfo,
			out Sid sidOwner,
			out Sid sidGroup,
			out Dacl dacl,
			out Sacl sacl,
			out SecurityDescriptor secDesc)
        {
            sidOwner = null;
            sidGroup = null;
            dacl = null;
            sacl = null;
            secDesc = null;

            IntPtr ptrOwnerSid = IntPtr.Zero;
            IntPtr ptrGroupSid = IntPtr.Zero;
            IntPtr ptrDacl = IntPtr.Zero;
            IntPtr ptrSacl = IntPtr.Zero;
            IntPtr ptrSecDesc = IntPtr.Zero;

            DWORD rc = Win32.GetSecurityInfo(handle, objectType, securityInfo,
                ref ptrOwnerSid, ref ptrGroupSid, ref ptrDacl, ref ptrSacl, ref ptrSecDesc);

            if (rc != Win32.ERROR_SUCCESS)
            {
                Win32.SetLastError(rc);
                Win32.ThrowLastError();
            }

            try
            {
                if (ptrOwnerSid != IntPtr.Zero)
                    sidOwner = new Sid(ptrOwnerSid);

                if (ptrGroupSid != IntPtr.Zero)
                    sidGroup = new Sid(ptrGroupSid);

                if (ptrDacl != IntPtr.Zero)
                    dacl = new Dacl(ptrDacl);

                if (ptrSacl != IntPtr.Zero)
                    sacl = new Sacl(ptrSacl);

                if (ptrSecDesc != IntPtr.Zero)
                    secDesc = new SecurityDescriptor(ptrSecDesc, true);
            }
            catch
            {
                if (ptrSecDesc != IntPtr.Zero)
                    Win32.LocalFree(ptrSecDesc);
                throw;
            }
        }