private IntPtr GetSaclWithCapId(string capStr)
{
IntPtr zero;
IntPtr cAPID = IntPtr.Zero;
IntPtr intPtr = IntPtr.Zero;
IntPtr zero1 = IntPtr.Zero;
bool sid = true;
bool flag = true;
int num = 0;
try
{
sid = NativeMethods.ConvertStringSidToSid(capStr, out cAPID);
if (!sid)
{
flag = false;
int num1 = 0;
num = NativeMethods.LsaQueryCAPs(null, 0, out zero1, out num1);
if (num == 0)
{
if (num1 == 0 || zero1 == IntPtr.Zero)
{
zero = IntPtr.Zero;
return zero;
}
else
{
IntPtr intPtr1 = zero1;
uint num2 = 0;
while (num2 < num1)
{
NativeMethods.CENTRAL_ACCESS_POLICY structure = (NativeMethods.CENTRAL_ACCESS_POLICY)Marshal.PtrToStructure(intPtr1, typeof(NativeMethods.CENTRAL_ACCESS_POLICY));
string stringUni = Marshal.PtrToStringUni(structure.Name.Buffer, structure.Name.Length / 2);
if (!stringUni.Equals(capStr, StringComparison.OrdinalIgnoreCase))
{
intPtr1 = intPtr1 + Marshal.SizeOf(structure);
num2++;
}
else
{
cAPID = structure.CAPID;
break;
}
}
}
}
else
{
throw new Win32Exception(num);
}
}
if (cAPID != IntPtr.Zero)
{
sid = NativeMethods.IsValidSid(cAPID);
if (sid)
{
uint lengthSid = NativeMethods.GetLengthSid(cAPID);
NativeMethods.ACL aCL = new NativeMethods.ACL();
NativeMethods.SYSTEM_AUDIT_ACE sYSTEMAUDITACE = new NativeMethods.SYSTEM_AUDIT_ACE();
int num3 = (int)((long)(Marshal.SizeOf(aCL) + Marshal.SizeOf(sYSTEMAUDITACE)) + (long)lengthSid - (long)1) & -4;
intPtr = Marshal.AllocHGlobal(num3);
sid = NativeMethods.InitializeAcl(intPtr, num3, 2);
if (sid)
{
num = NativeMethods.RtlAddScopedPolicyIDAce(intPtr, 2, 3, 0, cAPID);
if (num == 0)
{
return intPtr;
}
else
{
if (num != -1073741811)
{
throw new Win32Exception(num);
}
else
{
throw new ArgumentException(UtilsStrings.InvalidCentralAccessPolicyIdentifier);
}
}
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
else
{
Exception argumentException = new ArgumentException(UtilsStrings.InvalidCentralAccessPolicyIdentifier);
base.WriteError(new ErrorRecord(argumentException, "SetAcl_CentralAccessPolicy", ErrorCategory.InvalidArgument, this.AclObject));
zero = IntPtr.Zero;
}
}
finally
{
if (!sid || num != 0)
{
Marshal.FreeHGlobal(intPtr);
}
num = NativeMethods.LsaFreeMemory(zero1);
if (flag)
{
NativeMethods.LocalFree(cAPID);
}
}
return zero;
}
/// <summary>
/// Gets the central access policy ID of the provided PSObject.
/// </summary>
/// <param name="instance">
/// The PSObject for which to obtain the central access policy ID.
/// </param>
/// <returns>
/// The central access policy ID of the provided PSObject.
/// </returns>
public static SecurityIdentifier GetCentralAccessPolicyId(PSObject instance)
{
SessionState sessionState = new SessionState();
string path = sessionState.Path.GetUnresolvedProviderPathFromPSPath(
GetPath(instance));
IntPtr pOwner = IntPtr.Zero, pGroup = IntPtr.Zero;
IntPtr pDacl = IntPtr.Zero, pSacl = IntPtr.Zero, pSd = IntPtr.Zero;
try
{
// Get the file's SACL containing the CAPID ACE.
uint rs = NativeMethods.GetNamedSecurityInfo(
path,
NativeMethods.SeObjectType.SE_FILE_OBJECT,
NativeMethods.SecurityInformation.SCOPE_SECURITY_INFORMATION,
out pOwner,
out pGroup,
out pDacl,
out pSacl,
out pSd);
if (rs != NativeMethods.ERROR_SUCCESS)
{
throw new Win32Exception((int)rs);
}
if (pSacl == IntPtr.Zero)
{
return null;
}
NativeMethods.ACL sacl = new NativeMethods.ACL();
sacl = ClrFacade.PtrToStructure<NativeMethods.ACL>(pSacl);
if (sacl.AceCount == 0)
{
return null;
}
// Extract the first CAPID from the SACL that does not have INHERIT_ONLY_ACE flag set.
IntPtr pAce = pSacl + Marshal.SizeOf(new NativeMethods.ACL());
for (uint aceIdx = 0; aceIdx < sacl.AceCount; aceIdx++)
{
NativeMethods.ACE_HEADER ace = new NativeMethods.ACE_HEADER();
ace = ClrFacade.PtrToStructure<NativeMethods.ACE_HEADER>(pAce);
Dbg.Diagnostics.Assert(ace.AceType ==
NativeMethods.SYSTEM_SCOPED_POLICY_ID_ACE_TYPE,
"Unexpected ACE type: " + ace.AceType.ToString(CultureInfo.CurrentCulture));
if ((ace.AceFlags & NativeMethods.INHERIT_ONLY_ACE) == 0)
{
break;
}
pAce += ace.AceSize;
}
IntPtr pSid = pAce + Marshal.SizeOf(new NativeMethods.SYSTEM_AUDIT_ACE()) -
Marshal.SizeOf(new uint());
bool ret = NativeMethods.IsValidSid(pSid);
if (!ret)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
return new SecurityIdentifier(pSid);
}
finally
{
NativeMethods.LocalFree(pSd);
}
}
private IntPtr GetEmptySacl()
{
IntPtr zero = IntPtr.Zero;
bool flag = true;
try
{
NativeMethods.ACL aCL = new NativeMethods.ACL();
int num = Marshal.SizeOf(aCL) + Marshal.SizeOf((int)0) - 1 & -4;
zero = Marshal.AllocHGlobal(num);
flag = NativeMethods.InitializeAcl(zero, num, 2);
if (!flag)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
finally
{
if (!flag)
{
Marshal.FreeHGlobal(zero);
zero = IntPtr.Zero;
}
}
return zero;
}
public static SecurityIdentifier GetCentralAccessPolicyId(PSObject instance)
{
SecurityIdentifier securityIdentifier;
SessionState sessionState = new SessionState();
string unresolvedProviderPathFromPSPath = sessionState.Path.GetUnresolvedProviderPathFromPSPath(SecurityDescriptorCommandsBase.GetPath(instance));
IntPtr zero = IntPtr.Zero;
IntPtr intPtr = IntPtr.Zero;
IntPtr zero1 = IntPtr.Zero;
IntPtr intPtr1 = IntPtr.Zero;
IntPtr zero2 = IntPtr.Zero;
try
{
int namedSecurityInfo = NativeMethods.GetNamedSecurityInfo(unresolvedProviderPathFromPSPath, NativeMethods.SeObjectType.SE_FILE_OBJECT, NativeMethods.SecurityInformation.SCOPE_SECURITY_INFORMATION, out zero, out intPtr, out zero1, out intPtr1, out zero2);
if (namedSecurityInfo == 0)
{
if (intPtr1 != IntPtr.Zero)
{
NativeMethods.ACL structure = (NativeMethods.ACL)Marshal.PtrToStructure(intPtr1, typeof(NativeMethods.ACL));
if (structure.AceCount != 0)
{
NativeMethods.ACL aCL = new NativeMethods.ACL();
IntPtr aceSize = intPtr1 + Marshal.SizeOf(aCL);
for (uint i = 0; i < structure.AceCount; i++)
{
NativeMethods.ACE_HEADER aCEHEADER = (NativeMethods.ACE_HEADER)Marshal.PtrToStructure(aceSize, typeof(NativeMethods.ACE_HEADER));
if ((aCEHEADER.AceFlags & 8) == 0)
{
break;
}
aceSize = aceSize + aCEHEADER.AceSize;
}
NativeMethods.SYSTEM_AUDIT_ACE sYSTEMAUDITACE = new NativeMethods.SYSTEM_AUDIT_ACE();
IntPtr intPtr2 = aceSize + Marshal.SizeOf(sYSTEMAUDITACE) - Marshal.SizeOf((uint)0);
bool flag = NativeMethods.IsValidSid(intPtr2);
if (flag)
{
securityIdentifier = new SecurityIdentifier(intPtr2);
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
else
{
securityIdentifier = null;
}
}
else
{
securityIdentifier = null;
}
}
else
{
throw new Win32Exception(namedSecurityInfo);
}
}
finally
{
NativeMethods.LocalFree(zero2);
}
return securityIdentifier;
}