public void GetBinaryForm(byte[] binaryForm, int offset)
{
ControlFlags controlFlags = ControlFlags;
binaryForm[offset + 0x00] = Revision;
binaryForm[offset + 0x01] = InternalReservedField;
WriteUShort((ushort)controlFlags, binaryForm,
offset + 0x02);
// Skip 'offset' fields (will fill later)
int pos = 0x14;
if (Owner != null)
{
WriteInt(pos, binaryForm, offset + 0x04);
Owner.GetBinaryForm(binaryForm, offset + pos);
pos += Owner.BinaryLength;
}
else
{
WriteInt(0, binaryForm, offset + 0x04);
}
if (Group != null)
{
WriteInt(pos, binaryForm, offset + 0x08);
Group.GetBinaryForm(binaryForm, offset + pos);
pos += Group.BinaryLength;
}
else
{
WriteInt(0, binaryForm, offset + 0x08);
}
GenericAcl sysAcl = InternalSacl;
if (SaclPresent)
{
WriteInt(pos, binaryForm, offset + 0x0C);
sysAcl.GetBinaryForm(binaryForm, offset + pos);
pos += InternalSacl.BinaryLength;
}
else
{
WriteInt(0, binaryForm, offset + 0x0C);
}
GenericAcl discAcl = InternalDacl;
if (DaclPresent)
{
WriteInt(pos, binaryForm, offset + 0x10);
discAcl.GetBinaryForm(binaryForm, offset + pos);
pos += InternalDacl.BinaryLength;
}
else
{
WriteInt(0, binaryForm, offset + 0x10);
}
}
internal AceEnumerator(GenericAcl collection)
{
if (collection == null)
{
throw new ArgumentNullException("collection");
}
this._acl = collection;
this.Reset();
}
internal AceEnumerator(GenericAcl collection)
{
if (collection == null)
{
throw new ArgumentNullException("collection");
}
this._acl = collection;
this.Reset();
}
internal AceEnumerator( GenericAcl collection )
{
if ( collection == null )
{
throw new ArgumentNullException( "collection" );
}
Contract.EndContractBlock();
_acl = collection;
Reset();
}
public void GetBinaryForm(byte[] binaryForm, int offset)
{
if (null == binaryForm)
{
throw new ArgumentNullException("binaryForm");
}
int binaryLength = BinaryLength;
if (offset < 0 || offset > binaryForm.Length - binaryLength)
{
throw new ArgumentOutOfRangeException("offset");
}
ControlFlags controlFlags = ControlFlags;
if (DaclIsUnmodifiedAefa)
{
controlFlags &= ~ControlFlags.DiscretionaryAclPresent;
}
binaryForm[offset + 0x00] = Revision;
binaryForm[offset + 0x01] = InternalReservedField;
WriteUShort((ushort)controlFlags, binaryForm,
offset + 0x02);
// Skip 'offset' fields (will fill later)
int pos = 0x14;
if (Owner != null)
{
WriteInt(pos, binaryForm, offset + 0x04);
Owner.GetBinaryForm(binaryForm, offset + pos);
pos += Owner.BinaryLength;
}
else
{
WriteInt(0, binaryForm, offset + 0x04);
}
if (Group != null)
{
WriteInt(pos, binaryForm, offset + 0x08);
Group.GetBinaryForm(binaryForm, offset + pos);
pos += Group.BinaryLength;
}
else
{
WriteInt(0, binaryForm, offset + 0x08);
}
GenericAcl sysAcl = InternalSacl;
if (SaclPresent)
{
WriteInt(pos, binaryForm, offset + 0x0C);
sysAcl.GetBinaryForm(binaryForm, offset + pos);
pos += InternalSacl.BinaryLength;
}
else
{
WriteInt(0, binaryForm, offset + 0x0C);
}
GenericAcl discAcl = InternalDacl;
if (DaclPresent && !DaclIsUnmodifiedAefa)
{
WriteInt(pos, binaryForm, offset + 0x10);
discAcl.GetBinaryForm(binaryForm, offset + pos);
pos += InternalDacl.BinaryLength;
}
else
{
WriteInt(0, binaryForm, offset + 0x10);
}
}
[HandleProcessCorruptedStateExceptions] //
#endif // FEATURE_CORRUPTING_EXCEPTIONS
internal static int SetSecurityInfo(
ResourceType type,
string name,
SafeHandle handle,
SecurityInfos securityInformation,
SecurityIdentifier owner,
SecurityIdentifier group,
GenericAcl sacl,
GenericAcl dacl)
{
int errorCode;
int Length;
byte[] OwnerBinary = null, GroupBinary = null, SaclBinary = null, DaclBinary = null;
Privilege securityPrivilege = null;
//
// Demand unmanaged code permission
// The integrator layer is free to assert this permission
// and, in turn, demand another permission of its caller
//
new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand();
if (owner != null)
{
Length = owner.BinaryLength;
OwnerBinary = new byte[Length];
owner.GetBinaryForm(OwnerBinary, 0);
}
if (group != null)
{
Length = group.BinaryLength;
GroupBinary = new byte[Length];
group.GetBinaryForm(GroupBinary, 0);
}
if (dacl != null)
{
Length = dacl.BinaryLength;
DaclBinary = new byte[Length];
dacl.GetBinaryForm(DaclBinary, 0);
}
if (sacl != null)
{
Length = sacl.BinaryLength;
SaclBinary = new byte[Length];
sacl.GetBinaryForm(SaclBinary, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != 0)
{
//
// Enable security privilege if trying to set a SACL.
// Note: even setting it by handle needs this privilege enabled!
//
securityPrivilege = new Privilege(Privilege.Security);
}
// Ensure that the finally block will execute
RuntimeHelpers.PrepareConstrainedRegions();
try
{
if (securityPrivilege != null)
{
try
{
securityPrivilege.Enable();
}
catch (PrivilegeNotHeldException)
{
// we will ignore this exception and press on just in case this is a remote resource
}
}
if (name != null)
{
errorCode = ( int )Win32Native.SetSecurityInfoByName(name, ( uint )type, ( uint )securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
else if (handle != null)
{
if (handle.IsInvalid)
{
throw new ArgumentException(
Environment.GetResourceString("Argument_InvalidSafeHandle"),
"handle");
}
else
{
errorCode = ( int )Win32Native.SetSecurityInfoByHandle(handle, ( uint )type, ( uint )securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
}
else
{
// both are null, shouldn't happen
Contract.Assert(false, "Internal error: both name and handle are null");
throw new InvalidProgramException();
}
if (errorCode == Win32Native.ERROR_NOT_ALL_ASSIGNED ||
errorCode == Win32Native.ERROR_PRIVILEGE_NOT_HELD)
{
throw new PrivilegeNotHeldException(Privilege.Security);
}
else if (errorCode == Win32Native.ERROR_ACCESS_DENIED ||
errorCode == Win32Native.ERROR_CANT_OPEN_ANONYMOUS)
{
throw new UnauthorizedAccessException();
}
else if (errorCode != Win32Native.ERROR_SUCCESS)
{
goto Error;
}
}
catch
{
// protection against exception filter-based luring attacks
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
throw;
}
finally
{
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
}
return(0);
Error:
if (errorCode == Win32Native.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
return(errorCode);
}
internal AceEnumerator(GenericAcl owner)
{
this.owner = owner;
}
//
// Wrapper around advapi32.SetNamedSecurityInfoW and advapi32.SetSecurityInfo
//
internal static int SetSecurityInfo(
ResourceType type,
string name,
SafeHandle handle,
SecurityInfos securityInformation,
SecurityIdentifier owner,
SecurityIdentifier group,
GenericAcl sacl,
GenericAcl dacl)
{
int errorCode;
int Length;
byte[] OwnerBinary = null, GroupBinary = null, SaclBinary = null, DaclBinary = null;
Privilege securityPrivilege = null;
if (owner != null)
{
Length = owner.BinaryLength;
OwnerBinary = new byte[Length];
owner.GetBinaryForm(OwnerBinary, 0);
}
if (group != null)
{
Length = group.BinaryLength;
GroupBinary = new byte[Length];
group.GetBinaryForm(GroupBinary, 0);
}
if (dacl != null)
{
Length = dacl.BinaryLength;
DaclBinary = new byte[Length];
dacl.GetBinaryForm(DaclBinary, 0);
}
if (sacl != null)
{
Length = sacl.BinaryLength;
SaclBinary = new byte[Length];
sacl.GetBinaryForm(SaclBinary, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != 0)
{
//
// Enable security privilege if trying to set a SACL.
// Note: even setting it by handle needs this privilege enabled!
//
securityPrivilege = new Privilege(Privilege.Security);
}
try
{
if (securityPrivilege != null)
{
try
{
securityPrivilege.Enable();
}
catch (PrivilegeNotHeldException)
{
// we will ignore this exception and press on just in case this is a remote resource
}
}
if (name != null)
{
errorCode = (int)Interop.mincore.SetSecurityInfoByName(name, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
else if (handle != null)
{
if (handle.IsInvalid)
{
throw new ArgumentException(
SR.Argument_InvalidSafeHandle,
nameof(handle));
}
else
{
errorCode = (int)Interop.mincore.SetSecurityInfoByHandle(handle, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
}
else
{
// both are null, shouldn't happen
Contract.Assert(false, "Internal error: both name and handle are null");
throw new ArgumentException();
}
if (errorCode == Interop.mincore.Errors.ERROR_NOT_ALL_ASSIGNED ||
errorCode == Interop.mincore.Errors.ERROR_PRIVILEGE_NOT_HELD)
{
throw new PrivilegeNotHeldException(Privilege.Security);
}
else if (errorCode == Interop.mincore.Errors.ERROR_ACCESS_DENIED ||
errorCode == Interop.mincore.Errors.ERROR_CANT_OPEN_ANONYMOUS)
{
throw new UnauthorizedAccessException();
}
else if (errorCode != Interop.mincore.Errors.ERROR_SUCCESS)
{
goto Error;
}
}
catch
{
// protection against exception filter-based luring attacks
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
throw;
}
finally
{
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
}
return 0;
Error:
if (errorCode == Interop.mincore.Errors.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
return errorCode;
}
// Constructor.
internal AceEnumerator(GenericAcl acl)
{
this.acl = acl;
this.index = -1;
}
internal static int SetSecurityInfo(
ResourceType type,
string name,
SafeHandle handle,
SecurityInfos securityInformation,
SecurityIdentifier owner,
SecurityIdentifier group,
GenericAcl sacl,
GenericAcl dacl)
{
int errorCode;
int Length;
byte[] OwnerBinary = null, GroupBinary = null, SaclBinary = null, DaclBinary = null;
Privilege securityPrivilege = null;
//
// Demand unmanaged code permission
// The integrator layer is free to assert this permission
// and, in turn, demand another permission of its caller
//
new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand();
if (owner != null)
{
Length = owner.BinaryLength;
OwnerBinary = new byte[Length];
owner.GetBinaryForm(OwnerBinary, 0);
}
if (@group != null)
{
Length = @group.BinaryLength;
GroupBinary = new byte[Length];
@group.GetBinaryForm(GroupBinary, 0);
}
if (dacl != null)
{
Length = dacl.BinaryLength;
DaclBinary = new byte[Length];
dacl.GetBinaryForm(DaclBinary, 0);
}
if (sacl != null)
{
Length = sacl.BinaryLength;
SaclBinary = new byte[Length];
sacl.GetBinaryForm(SaclBinary, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != 0)
{
//
// Enable security privilege if trying to set a SACL.
// Note: even setting it by handle needs this privilege enabled!
//
securityPrivilege = new Privilege(Privilege.Security);
}
// Ensure that the finally block will execute
RuntimeHelpers.PrepareConstrainedRegions();
try
{
if (securityPrivilege != null)
{
try
{
securityPrivilege.Enable();
}
catch (PrivilegeNotHeldException)
{
// we will ignore this exception and press on just in case this is a remote resource
}
}
if (name != null)
{
errorCode = (int)NativeMethods.SetSecurityInfoByName(name, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
else if (handle != null)
{
if (handle.IsInvalid)
{
throw new ArgumentException("Invalid safe handle");
}
else
{
errorCode = (int)NativeMethods.SetSecurityInfoByHandle(handle, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
}
else
{
// both are null, shouldn't happen
throw new InvalidProgramException();
}
if (errorCode == NativeMethods.ERROR_NOT_ALL_ASSIGNED ||
errorCode == NativeMethods.ERROR_PRIVILEGE_NOT_HELD)
{
throw new PrivilegeNotHeldException(Privilege.Security);
}
else if (errorCode == NativeMethods.ERROR_ACCESS_DENIED ||
errorCode == NativeMethods.ERROR_CANT_OPEN_ANONYMOUS)
{
throw new UnauthorizedAccessException();
}
else if (errorCode != NativeMethods.ERROR_SUCCESS)
{
goto Error;
}
}
catch
{
// protection against exception filter-based luring attacks
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
throw;
}
finally
{
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
}
return 0;
Error:
if (errorCode == NativeMethods.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
return errorCode;
}
// Constructor.
internal AceEnumerator(GenericAcl acl)
{
this.acl = acl;
this.index = -1;
}
//
// Wrapper around advapi32.SetNamedSecurityInfoW and advapi32.SetSecurityInfo
//
internal static int SetSecurityInfo(
ResourceType type,
string name,
SafeHandle handle,
SecurityInfos securityInformation,
SecurityIdentifier owner,
SecurityIdentifier group,
GenericAcl sacl,
GenericAcl dacl)
{
int errorCode;
int Length;
byte[] OwnerBinary = null, GroupBinary = null, SaclBinary = null, DaclBinary = null;
Privilege securityPrivilege = null;
if (owner != null)
{
Length = owner.BinaryLength;
OwnerBinary = new byte[Length];
owner.GetBinaryForm(OwnerBinary, 0);
}
if (group != null)
{
Length = group.BinaryLength;
GroupBinary = new byte[Length];
group.GetBinaryForm(GroupBinary, 0);
}
if (dacl != null)
{
Length = dacl.BinaryLength;
DaclBinary = new byte[Length];
dacl.GetBinaryForm(DaclBinary, 0);
}
if (sacl != null)
{
Length = sacl.BinaryLength;
SaclBinary = new byte[Length];
sacl.GetBinaryForm(SaclBinary, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != 0)
{
//
// Enable security privilege if trying to set a SACL.
// Note: even setting it by handle needs this privilege enabled!
//
securityPrivilege = new Privilege(Privilege.Security);
}
try
{
if (securityPrivilege != null)
{
try
{
securityPrivilege.Enable();
}
catch (PrivilegeNotHeldException)
{
// we will ignore this exception and press on just in case this is a remote resource
}
}
if (name != null)
{
errorCode = (int)Interop.mincore.SetSecurityInfoByName(name, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
else if (handle != null)
{
if (handle.IsInvalid)
{
throw new ArgumentException(
SR.Argument_InvalidSafeHandle,
nameof(handle));
}
else
{
errorCode = (int)Interop.mincore.SetSecurityInfoByHandle(handle, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
}
else
{
// both are null, shouldn't happen
Contract.Assert(false, "Internal error: both name and handle are null");
throw new ArgumentException();
}
if (errorCode == Interop.mincore.Errors.ERROR_NOT_ALL_ASSIGNED ||
errorCode == Interop.mincore.Errors.ERROR_PRIVILEGE_NOT_HELD)
{
throw new PrivilegeNotHeldException(Privilege.Security);
}
else if (errorCode == Interop.mincore.Errors.ERROR_ACCESS_DENIED ||
errorCode == Interop.mincore.Errors.ERROR_CANT_OPEN_ANONYMOUS)
{
throw new UnauthorizedAccessException();
}
else if (errorCode != Interop.mincore.Errors.ERROR_SUCCESS)
{
goto Error;
}
}
catch
{
// protection against exception filter-based luring attacks
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
throw;
}
finally
{
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
}
return(0);
Error:
if (errorCode == Interop.mincore.Errors.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
return(errorCode);
}
internal AceEnumerator (GenericAcl owner)
{
this.owner = owner;
}
internal static int SetSecurityInfo(ResourceType type, string name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
{
byte[] array = null;
byte[] array2 = null;
byte[] array3 = null;
byte[] array4 = null;
Privilege privilege = null;
new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand();
if (owner != null)
{
int binaryLength = owner.BinaryLength;
array = new byte[binaryLength];
owner.GetBinaryForm(array, 0);
}
if (group != null)
{
int binaryLength = group.BinaryLength;
array2 = new byte[binaryLength];
group.GetBinaryForm(array2, 0);
}
if (dacl != null)
{
int binaryLength = dacl.BinaryLength;
array4 = new byte[binaryLength];
dacl.GetBinaryForm(array4, 0);
}
if (sacl != null)
{
int binaryLength = sacl.BinaryLength;
array3 = new byte[binaryLength];
sacl.GetBinaryForm(array3, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != (SecurityInfos)0)
{
privilege = new Privilege("SeSecurityPrivilege");
}
RuntimeHelpers.PrepareConstrainedRegions();
int num;
try
{
if (privilege != null)
{
try
{
privilege.Enable();
}
catch (PrivilegeNotHeldException)
{
}
}
if (name != null)
{
num = (int)Win32Native.SetSecurityInfoByName(name, (uint)type, (uint)securityInformation, array, array2, array4, array3);
}
else
{
if (handle == null)
{
throw new InvalidProgramException();
}
if (handle.IsInvalid)
{
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidSafeHandle"), "handle");
}
num = (int)Win32Native.SetSecurityInfoByHandle(handle, (uint)type, (uint)securityInformation, array, array2, array4, array3);
}
if (num == 1300 || num == 1314)
{
throw new PrivilegeNotHeldException("SeSecurityPrivilege");
}
if (num == 5 || num == 1347)
{
throw new UnauthorizedAccessException();
}
if (num != 0)
{
goto IL_159;
}
}
catch
{
if (privilege != null)
{
privilege.Revert();
}
throw;
}
finally
{
if (privilege != null)
{
privilege.Revert();
}
}
return(0);
IL_159:
if (num == 8)
{
throw new OutOfMemoryException();
}
return(num);
}
