示例#1
0
 internal static extern Win32Error TreeResetNamedSecurityInfo(
     string pObjectName,
     SeObjectType ObjectType,
     SecurityInformation SecurityInfo,
     byte[] psidOwner,
     byte[] psidGroup,
     byte[] pDacl,
     byte[] pSacl,
     [MarshalAs(UnmanagedType.Bool)] bool KeepExplicit,
     TreeSetNamedSecurityProgress fnProgress,
     ProgressInvokeSetting ProgressInvokeSetting,
     IntPtr Args
     );
示例#2
0
 internal static extern Win32Error TreeSetNamedSecurityInfo(
     string pObjectName,
     SeObjectType ObjectType,
     SecurityInformation SecurityInfo,
     byte[] psidOwner,
     byte[] psidGroup,
     byte[] pDacl,
     byte[] pSacl,
     TreeSecInfo dwAction,
     TreeSetNamedSecurityProgress fnProgress,
     ProgressInvokeSetting ProgressInvokeSetting,
     IntPtr Args
     );
 /// <summary>
 /// Get the source of inherited ACEs.
 /// </summary>
 /// <param name="name">The name of the resource.</param>
 /// <param name="type">The type of the resource.</param>
 /// <param name="container">Whether the resource is a container.</param>
 /// <param name="object_types">Optional list of object types.</param>
 /// <param name="security_descriptor">The security descriptor for the resource.</param>
 /// <param name="sacl">True to check the SACL otherwise checks the DACL.</param>
 /// <param name="generic_mapping">Generic mapping for the resource.</param>
 /// <param name="query_security">Query security descriptors for sources.</param>
 /// <returns>The list of inheritance sources.</returns>
 public static IEnumerable <SecurityDescriptorInheritanceSource> GetInheritanceSource(
     string name,
     SeObjectType type,
     bool container,
     Guid[] object_types,
     SecurityDescriptor security_descriptor,
     bool sacl,
     GenericMapping generic_mapping,
     bool query_security)
 {
     return(GetInheritanceSource(name, type, container, object_types,
                                 security_descriptor, sacl, generic_mapping,
                                 query_security, true).Result);
 }
        /// <summary>
        /// Get the source of inherited ACEs.
        /// </summary>
        /// <param name="name">The name of the resource.</param>
        /// <param name="type">The type of the resource.</param>
        /// <param name="container">Whether the resource is a container.</param>
        /// <param name="object_types">Optional list of object types.</param>
        /// <param name="security_descriptor">The security descriptor for the resource.</param>
        /// <param name="sacl">True to check the SACL otherwise checks the DACL.</param>
        /// <param name="generic_mapping">Generic mapping for the resource.</param>
        /// <param name="query_security">Query security descriptors for sources.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The list of inheritance sources.</returns>
        public static NtResult <IEnumerable <SecurityDescriptorInheritanceSource> > GetInheritanceSource(
            string name,
            SeObjectType type,
            bool container,
            Guid[] object_types,
            SecurityDescriptor security_descriptor,
            bool sacl,
            GenericMapping generic_mapping,
            bool query_security,
            bool throw_on_error)
        {
            Acl acl = sacl ? security_descriptor.Sacl : security_descriptor.Dacl;

            if (acl == null || acl.NullAcl)
            {
                return(NtStatus.STATUS_INVALID_ACL.CreateResultFromError <IEnumerable <SecurityDescriptorInheritanceSource> >(throw_on_error));
            }

            using (var list = new DisposableList())
            {
                SafeGuidArrayBuffer guids = SafeGuidArrayBuffer.Null;
                if (object_types?.Length > 0)
                {
                    guids = list.AddResource(new SafeGuidArrayBuffer(object_types));
                }

                NtType native_type = GetNativeType(type);

                INHERITED_FROM[] inherited_from = new INHERITED_FROM[acl.Count];
                NtStatus         status         = NtStatus.STATUS_INVALID_PARAMETER;
                try
                {
                    status = Win32NativeMethods.GetInheritanceSource(name, type, sacl ? SecurityInformation.Sacl : SecurityInformation.Dacl,
                                                                     container, guids, guids.Count, acl.ToByteArray(), IntPtr.Zero, ref generic_mapping, inherited_from).MapDosErrorToStatus();
                    return(status.CreateResult(throw_on_error, () => (IEnumerable <SecurityDescriptorInheritanceSource>)inherited_from
                                               .Select((s, i) => new SecurityDescriptorInheritanceSource(acl[i], s, type,
                                                                                                         native_type, container, query_security, sacl)).Where(s => s.Depth != -1).ToArray()));
                }
                finally
                {
                    if (status.IsSuccess())
                    {
                        Win32NativeMethods.FreeInheritedFromArray(inherited_from, (ushort)inherited_from.Length, IntPtr.Zero);
                    }
                }
            }
        }
        /// <summary>
        /// Get the security descriptor for a named resource.
        /// </summary>
        /// <param name="name">The name of the resource.</param>
        /// <param name="type">The type of the resource.</param>
        /// <param name="security_information">The security information to get.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The security descriptor.</returns>
        public static NtResult <SecurityDescriptor> GetSecurityInfo(
            string name,
            SeObjectType type,
            SecurityInformation security_information,
            bool throw_on_error)
        {
            using (var result = Win32NativeMethods.GetNamedSecurityInfo(name, type,
                                                                        security_information, null,
                                                                        null, null, null, out SafeLocalAllocBuffer sd).MapDosErrorToStatus().CreateResult(throw_on_error, () => sd))
            {
                if (!result.IsSuccess)
                {
                    return(result.Cast <SecurityDescriptor>());
                }

                return(SecurityDescriptor.Parse(result.Result, GetNativeType(type), throw_on_error));
            }
        }
示例#6
0
        /// <summary>
        /// Gets the security descriptor of an object.
        /// </summary>
        /// <param name="handle">A handle to an object.</param>
        /// <param name="objectType">The type of the object.</param>
        /// <param name="securityInformation">The information to retrieve.</param>
        /// <returns>A security descriptor.</returns>
        public static SecurityDescriptor GetSecurity(IntPtr handle, SeObjectType objectType, SecurityInformation securityInformation)
        {
            Win32Error result;
            IntPtr     dummy, securityDescriptor;

            if ((result = Win32.GetSecurityInfo(
                     handle,
                     objectType,
                     securityInformation,
                     out dummy, out dummy, out dummy, out dummy,
                     out securityDescriptor
                     )) != 0)
            {
                Win32.Throw(result);
            }

            return(new SecurityDescriptor(new LocalMemoryAlloc(securityDescriptor)));
        }
 /// <summary>
 /// Reset security using a named object.
 /// </summary>
 /// <param name="name">The name of the object.</param>
 /// <param name="type">The type of named object.</param>
 /// <param name="security_information">The security information to set.</param>
 /// <param name="security_descriptor">The security descriptor to set.</param>
 /// <param name="invoke_setting">Specify to indicate when to execute progress function.</param>
 /// <param name="keep_explicit">True to keep explicit ACEs.</param>
 /// <param name="progress_function">Progress function.</param>
 /// <param name="throw_on_error">True to throw on error.</param>
 /// <returns>The NT status code.</returns>
 public static NtStatus ResetSecurityInfo(string name, SeObjectType type,
                                          SecurityInformation security_information,
                                          SecurityDescriptor security_descriptor,
                                          TreeProgressFunction progress_function,
                                          ProgressInvokeSetting invoke_setting,
                                          bool keep_explicit,
                                          bool throw_on_error)
 {
     return(Win32NativeMethods.TreeResetNamedSecurityInfo(
                name, type, security_information,
                security_descriptor.Owner?.Sid.ToArray(),
                security_descriptor.Group?.Sid.ToArray(),
                security_descriptor.Dacl?.ToByteArray(),
                security_descriptor.Sacl?.ToByteArray(),
                keep_explicit,
                CreateCallback(progress_function),
                invoke_setting,
                IntPtr.Zero
                ).ToNtException(throw_on_error));
 }
示例#8
0
        /// <summary>
        /// Sets the security descriptor of an object.
        /// </summary>
        /// <param name="handle">A handle to an object.</param>
        /// <param name="objectType">The type of the object.</param>
        /// <param name="securityInformation">The information to modify.</param>
        /// <param name="securityDescriptor">The security descriptor.</param>
        public static void SetSecurity(IntPtr handle, SeObjectType objectType, SecurityInformation securityInformation, SecurityDescriptor securityDescriptor)
        {
            Win32Error result;
            IntPtr     dacl  = IntPtr.Zero;
            IntPtr     group = IntPtr.Zero;
            IntPtr     owner = IntPtr.Zero;
            IntPtr     sacl  = IntPtr.Zero;

            if ((securityInformation & SecurityInformation.Dacl) == SecurityInformation.Dacl)
            {
                dacl = securityDescriptor.Dacl ?? IntPtr.Zero;
            }
            if ((securityInformation & SecurityInformation.Group) == SecurityInformation.Group)
            {
                group = securityDescriptor.Group;
            }
            if ((securityInformation & SecurityInformation.Owner) == SecurityInformation.Owner)
            {
                owner = securityDescriptor.Owner;
            }
            if ((securityInformation & SecurityInformation.Sacl) == SecurityInformation.Sacl)
            {
                sacl = securityDescriptor.Sacl ?? IntPtr.Zero;
            }

            if ((result = Win32.SetSecurityInfo(
                     handle,
                     objectType,
                     securityInformation,
                     owner,
                     group,
                     dacl,
                     sacl
                     )) != 0)
            {
                Win32.Throw(result);
            }
        }
示例#9
0
        /// <summary>
        /// Get the security descriptor for a resource.
        /// </summary>
        /// <param name="handle">The handle to the resource.</param>
        /// <param name="type">The type of the resource.</param>
        /// <param name="security_information">The security information to get.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The security descriptor.</returns>
        public static NtResult <SecurityDescriptor> GetSecurityInfo(
            SafeHandle handle,
            SeObjectType type,
            SecurityInformation security_information,
            bool throw_on_error)
        {
            using (var result = SecurityNativeMethods.GetSecurityInfo(handle, type,
                                                                      security_information, null,
                                                                      null, null, null, out SafeLocalAllocBuffer sd).MapDosErrorToStatus().CreateResult(throw_on_error, () => sd)) {
                if (!result.IsSuccess)
                {
                    return(result.Cast <SecurityDescriptor>());
                }

                NtType sd_type = null;
                if (handle is SafeKernelObjectHandle kernel_handle)
                {
                    sd_type = NtType.GetTypeByName(kernel_handle.NtTypeName, false);
                }

                return(SecurityDescriptor.Parse(result.Result, sd_type ?? GetNativeType(type), throw_on_error));
            }
        }
 internal SecurityDescriptorInheritanceSource(
     Ace ace, INHERITED_FROM inherited_from, SeObjectType type,
     NtType native_type,
     bool container,
     bool query_security, bool sacl)
 {
     InheritedAce = ace;
     Sid          = ace.Sid;
     if (native_type != null)
     {
         Access = NtSecurity.AccessMaskToString(ace.Mask, container
             ? native_type.ContainerAccessRightsType
             : native_type.AccessRightsType,
                                                native_type.GenericMapping, false);
         GenericAccess = NtSecurity.AccessMaskToString(ace.Mask, container
             ? native_type.ContainerAccessRightsType
             : native_type.AccessRightsType,
                                                       native_type.GenericMapping, true);
     }
     else
     {
         Access        = NtSecurity.AccessMaskToString(ace.Mask.ToGenericAccess());
         GenericAccess = NtSecurity.AccessMaskToString(ace.Mask.ToGenericAccess());
     }
     Depth = inherited_from.GenerationGap;
     Name  = Marshal.PtrToStringUni(inherited_from.AncestorName);
     if (query_security && Name != null)
     {
         SecurityInformation sec_info = sacl ? SecurityInformation.All : SecurityInformation.AllNoSacl;
         var sd = Win32Security.GetSecurityInfo(Name, type, sec_info, false);
         if (sd.IsSuccess)
         {
             SecurityDescriptor = sd.Result;
         }
     }
 }
        /// <summary>
        /// Get the NT type for a SE Object Type.
        /// </summary>
        /// <param name="type">The type of the resource.</param>
        /// <returns>The NT type if known, otherwise null.</returns>
        public static NtType GetNativeType(SeObjectType type)
        {
            switch (type)
            {
            case SeObjectType.File:
                return(NtType.GetTypeByType <NtFile>());

            case SeObjectType.RegistryKey:
            case SeObjectType.RegistryWow6432Key:
            case SeObjectType.RegistryWow6464Key:
                return(NtType.GetTypeByType <NtKey>());

            case SeObjectType.Service:
                return(ServiceUtils.GetServiceNtType("Service"));

            case SeObjectType.WmiGuid:
                return(NtType.GetTypeByType <NtEtwRegistration>());

            case SeObjectType.Ds:
            case SeObjectType.DsAll:
                return(DirectoryServiceUtils.NtType);
            }
            return(null);
        }
 /// <summary>
 /// Constructor.
 /// </summary>
 public GetWin32GrantedAccessCmdlet()
 {
     Type = SeObjectType.File;
 }
示例#13
0
 internal static int SetNamedSecurityInfo(string pObjectName, SeObjectType ObjectType, SecurityInformation SecurityInfo, IntPtr psidOwner, IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl)
 {
     return(0);
 }
示例#14
0
 public static ISecurable GetSecurableWrapper(SeObjectType objectType, IntPtr handle)
 {
     return(GetSecurableWrapper(objectType, (access) => new NativeHandle <StandardRights>(handle, access)));
 }
示例#15
0
 public static ISecurable GetSecurableWrapper(SeObjectType objectType, Func <StandardRights, NativeHandle> openMethod)
 {
     return(new SeSecurableObjectWrapper(objectType, openMethod));
 }
示例#16
0
 private static extern uint SetSecurityInfo(IntPtr handle, SeObjectType ObjectType,
                                            SecurityInformation SecurityInfo, IntPtr psidOwner,
                                            IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl);
        /// <summary>
        /// Sets the security descriptor of an object.
        /// </summary>
        /// <param name="handle">A handle to an object.</param>
        /// <param name="objectType">The type of the object.</param>
        /// <param name="securityInformation">The information to modify.</param>
        /// <param name="securityDescriptor">The security descriptor.</param>
        public static void SetSecurity(IntPtr handle, SeObjectType objectType, SecurityInformation securityInformation, SecurityDescriptor securityDescriptor)
        {
            Win32Error result;
            IntPtr dacl = IntPtr.Zero;
            IntPtr group = IntPtr.Zero;
            IntPtr owner = IntPtr.Zero;
            IntPtr sacl = IntPtr.Zero;

            if (securityInformation.HasFlag(SecurityInformation.Dacl))
                dacl = securityDescriptor.Dacl ?? IntPtr.Zero;
            if (securityInformation.HasFlag(SecurityInformation.Group))
                group = securityDescriptor.Group;
            if (securityInformation.HasFlag(SecurityInformation.Owner))
                owner = securityDescriptor.Owner;
            if (securityInformation.HasFlag(SecurityInformation.Sacl))
                sacl = securityDescriptor.Sacl ?? IntPtr.Zero;

            if ((result = Win32.SetSecurityInfo(
                handle,
                objectType,
                securityInformation,
                owner,
                group,
                dacl,
                sacl
                )) != 0)
                Win32.Throw(result);
        }
示例#18
0
 /// <summary>
 /// Sets the security descriptor of the object.
 /// </summary>
 /// <param name="objectType">The type of the object.</param>
 /// <param name="securityInformation">The information to modify.</param>
 /// <param name="securityDescriptor">The security descriptor.</param>
 protected void SetSecurity(SeObjectType objectType, SecurityInformation securityInformation, SecurityDescriptor securityDescriptor)
 {
     SecurityDescriptor.SetSecurity(this, objectType, securityInformation, securityDescriptor);
 }
示例#19
0
		internal static int GetNamedSecurityInfo(string pObjectName, SeObjectType ObjectType, SecurityInformation SecurityInfo, out IntPtr ppsidOwner, out IntPtr ppsidGroup, out IntPtr ppDacl, out IntPtr ppSacl, out IntPtr ppSecurityDescriptor)
		{
			ppsidOwner = IntPtr.Zero;
			ppsidGroup = IntPtr.Zero;
			ppDacl = IntPtr.Zero;
			ppSacl = IntPtr.Zero;
			ppSecurityDescriptor = IntPtr.Zero;
			return 0;
		}
示例#20
0
 public SeSecurableObjectWrapper(SeObjectType objectType, Func <StandardRights, NativeHandle> openMethod)
 {
     _objectType = objectType;
     _openMethod = openMethod;
 }
示例#21
0
		internal static int SetNamedSecurityInfo(string pObjectName, SeObjectType ObjectType, SecurityInformation SecurityInfo, IntPtr psidOwner, IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl) {
			return 0;
		}
 /// <summary>
 /// Set security using a named object.
 /// </summary>
 /// <param name="name">The name of the object.</param>
 /// <param name="type">The type of named object.</param>
 /// <param name="security_information">The security information to set.</param>
 /// <param name="security_descriptor">The security descriptor to set.</param>
 /// <returns>The Win32 Error Code.</returns>
 public static void SetSecurityInfo(string name, SeObjectType type,
                                    SecurityInformation security_information,
                                    SecurityDescriptor security_descriptor)
 {
     SetSecurityInfo(name, type, security_information, security_descriptor, true);
 }
示例#23
0
 /// <summary>
 /// Gets the security descriptor of the object.
 /// </summary>
 /// <param name="objectType">The type of the object.</param>
 /// <param name="securityInformation">The information to retrieve.</param>
 /// <returns>A security descriptor.</returns>
 protected SecurityDescriptor GetSecurity(SeObjectType objectType, SecurityInformation securityInformation)
 {
     return(SecurityDescriptor.GetSecurity(this, objectType, securityInformation));
 }
 /// <summary>
 /// Set security using an object handle.
 /// </summary>
 /// <param name="handle">The handle of the object.</param>
 /// <param name="type">The type of object.</param>
 /// <param name="security_information">The security information to set.</param>
 /// <param name="security_descriptor">The security descriptor to set.</param>
 public static void SetSecurityInfo(SafeHandle handle, SeObjectType type,
                                    SecurityInformation security_information,
                                    SecurityDescriptor security_descriptor)
 {
     SetSecurityInfo(handle, type, security_information, security_descriptor, true);
 }
 /// <summary>
 /// Constructor.
 /// </summary>
 public GetWin32SecurityDescriptorCmdlet()
 {
     Type = SeObjectType.File;
     SecurityInformation = SecurityInformation.AllBasic;
 }
 /// <summary>
 /// Set security using an object handle.
 /// </summary>
 /// <param name="obj">The handle of the object.</param>
 /// <param name="type">The type of object.</param>
 /// <param name="security_information">The security information to set.</param>
 /// <param name="security_descriptor">The security descriptor to set.</param>
 /// <param name="throw_on_error">True to throw on error.</param>
 /// <returns>The NT status code.</returns>
 public static NtStatus SetSecurityInfo(NtObject obj, SeObjectType type,
                                        SecurityInformation security_information,
                                        SecurityDescriptor security_descriptor, bool throw_on_error)
 {
     return(SetSecurityInfo(obj.Handle, type, security_information, security_descriptor, throw_on_error));
 }
 /// <summary>
 /// Set security using an object handle.
 /// </summary>
 /// <param name="obj">The handle of the object.</param>
 /// <param name="type">The type of object.</param>
 /// <param name="security_information">The security information to set.</param>
 /// <param name="security_descriptor">The security descriptor to set.</param>
 public static void SetSecurityInfo(NtObject obj, SeObjectType type,
                                    SecurityInformation security_information,
                                    SecurityDescriptor security_descriptor)
 {
     SetSecurityInfo(obj, type, security_information, security_descriptor, true);
 }
        /// <summary>
        /// Gets the security descriptor of an object.
        /// </summary>
        /// <param name="handle">A handle to an object.</param>
        /// <param name="objectType">The type of the object.</param>
        /// <param name="securityInformation">The information to retrieve.</param>
        /// <returns>A security descriptor.</returns>
        public static SecurityDescriptor GetSecurity(IntPtr handle, SeObjectType objectType, SecurityInformation securityInformation)
        {
            Win32Error result;
            IntPtr dummy, securityDescriptor;

            if ((result = Win32.GetSecurityInfo(
                handle,
                objectType,
                securityInformation,
                out dummy, out dummy, out dummy, out dummy,
                out securityDescriptor
                )) != 0)
                Win32.Throw(result);

            return new SecurityDescriptor(new LocalMemoryAlloc(securityDescriptor));
        }