/// <summary> /// Constructor /// </summary> /// <param name="base_object">Base object for security descriptor</param> /// <param name="token">Token for determining user rights</param> /// <param name="is_directory">True if a directory security descriptor</param> public SecurityDescriptor(NtObject base_object, NtToken token, bool is_directory) : this() { if ((base_object == null) && (token == null)) { throw new ArgumentNullException(); } SecurityDescriptor parent_sd = null; if (base_object != null) { parent_sd = base_object.SecurityDescriptor; } SecurityDescriptor creator_sd = null; if (token != null) { creator_sd = new SecurityDescriptor { Owner = new SecurityDescriptorSid(token.Owner, false), Group = new SecurityDescriptorSid(token.PrimaryGroup, false), Dacl = token.DefaultDacl }; } NtType type = base_object.NtType; SafeBuffer parent_sd_buffer = SafeHGlobalBuffer.Null; SafeBuffer creator_sd_buffer = SafeHGlobalBuffer.Null; SafeSecurityObjectHandle security_obj = null; try { if (parent_sd != null) { parent_sd_buffer = parent_sd.ToSafeBuffer(); } if (creator_sd != null) { creator_sd_buffer = creator_sd.ToSafeBuffer(); } GenericMapping mapping = type.GenericMapping; NtRtl.RtlNewSecurityObject(parent_sd_buffer, creator_sd_buffer, out security_obj, is_directory, token != null ? token.Handle : SafeKernelObjectHandle.Null, ref mapping).ToNtException(); ParseSecurityDescriptor(security_obj); } finally { parent_sd_buffer?.Close(); creator_sd_buffer?.Close(); security_obj?.Close(); } }
public static extern NtStatus RtlNewSecurityObject(SafeBuffer ParentDescriptor, SafeBuffer CreatorDescriptor, out SafeSecurityObjectHandle NewDescriptor, bool IsDirectoryObject, SafeKernelObjectHandle Token, ref GenericMapping GenericMapping);