|
static private SetSecurityInfo ( Microsoft.Win32.ResourceType type, string name, |
||
| type | Microsoft.Win32.ResourceType | |
| name | string | |
| handle | ||
| securityInformation | SecurityInfos | |
| owner | System.Security.Principal.SecurityIdentifier | |
| group | System.Security.Principal.SecurityIdentifier | |
| sacl | ||
| dacl | ||
| return | int | |
private void Persist(string name, SafeHandle handle, AccessControlSections includeSections, object exceptionContext)
{
this.WriteLock();
try
{
SecurityInfos securityInformation = (SecurityInfos)0;
SecurityIdentifier owner = (SecurityIdentifier)null;
SecurityIdentifier group = (SecurityIdentifier)null;
SystemAcl systemAcl = (SystemAcl)null;
DiscretionaryAcl discretionaryAcl = (DiscretionaryAcl)null;
if ((includeSections & AccessControlSections.Owner) != AccessControlSections.None && this._securityDescriptor.Owner != (SecurityIdentifier)null)
{
securityInformation |= SecurityInfos.Owner;
owner = this._securityDescriptor.Owner;
}
if ((includeSections & AccessControlSections.Group) != AccessControlSections.None && this._securityDescriptor.Group != (SecurityIdentifier)null)
{
securityInformation |= SecurityInfos.Group;
group = this._securityDescriptor.Group;
}
if ((includeSections & AccessControlSections.Audit) != AccessControlSections.None)
{
SecurityInfos securityInfos = securityInformation | SecurityInfos.SystemAcl;
systemAcl = !this._securityDescriptor.IsSystemAclPresent || this._securityDescriptor.SystemAcl == null || this._securityDescriptor.SystemAcl.Count <= 0 ? (SystemAcl)null : this._securityDescriptor.SystemAcl;
securityInformation = (this._securityDescriptor.ControlFlags & ControlFlags.SystemAclProtected) == ControlFlags.None ? securityInfos | (SecurityInfos)this.UnprotectedSystemAcl : securityInfos | (SecurityInfos)this.ProtectedSystemAcl;
}
if ((includeSections & AccessControlSections.Access) != AccessControlSections.None && this._securityDescriptor.IsDiscretionaryAclPresent)
{
SecurityInfos securityInfos = securityInformation | SecurityInfos.DiscretionaryAcl;
discretionaryAcl = !this._securityDescriptor.DiscretionaryAcl.EveryOneFullAccessForNullDacl ? this._securityDescriptor.DiscretionaryAcl : (DiscretionaryAcl)null;
securityInformation = (this._securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclProtected) == ControlFlags.None ? securityInfos | (SecurityInfos)this.UnprotectedDiscretionaryAcl : securityInfos | (SecurityInfos)this.ProtectedDiscretionaryAcl;
}
if (securityInformation == (SecurityInfos)0)
{
return;
}
int errorCode = Win32.SetSecurityInfo(this._resourceType, name, handle, securityInformation, owner, group, (GenericAcl)systemAcl, (GenericAcl)discretionaryAcl);
if (errorCode != 0)
{
Exception exception = (Exception)null;
if (this._exceptionFromErrorCode != null)
{
exception = this._exceptionFromErrorCode(errorCode, name, handle, exceptionContext);
}
if (exception == null)
{
if (errorCode == 5)
{
exception = (Exception) new UnauthorizedAccessException();
}
else if (errorCode == 1307)
{
exception = (Exception) new InvalidOperationException(Environment.GetResourceString("AccessControl_InvalidOwner"));
}
else if (errorCode == 1308)
{
exception = (Exception) new InvalidOperationException(Environment.GetResourceString("AccessControl_InvalidGroup"));
}
else if (errorCode == 123)
{
exception = (Exception) new ArgumentException(Environment.GetResourceString("Argument_InvalidName"), "name");
}
else if (errorCode == 6)
{
exception = (Exception) new NotSupportedException(Environment.GetResourceString("AccessControl_InvalidHandle"));
}
else if (errorCode == 2)
{
exception = (Exception) new FileNotFoundException();
}
else if (errorCode == 1350)
{
exception = (Exception) new NotSupportedException(Environment.GetResourceString("AccessControl_NoAssociatedSecurity"));
}
else
{
exception = (Exception) new InvalidOperationException(Environment.GetResourceString("AccessControl_UnexpectedError", (object)errorCode));
}
}
throw exception;
}
this.OwnerModified = false;
this.GroupModified = false;
this.AccessRulesModified = false;
this.AuditRulesModified = false;
}
finally
{
this.WriteUnlock();
}
}
//
// Attempts to persist the security descriptor onto the object
//
private void Persist(string name, SafeHandle handle, AccessControlSections includeSections, object exceptionContext)
{
WriteLock();
try
{
int error;
SecurityInfos securityInfo = 0;
SecurityIdentifier owner = null, group = null;
SystemAcl sacl = null;
DiscretionaryAcl dacl = null;
if ((includeSections & AccessControlSections.Owner) != 0 && _securityDescriptor.Owner != null)
{
securityInfo |= SecurityInfos.Owner;
owner = _securityDescriptor.Owner;
}
if ((includeSections & AccessControlSections.Group) != 0 && _securityDescriptor.Group != null)
{
securityInfo |= SecurityInfos.Group;
group = _securityDescriptor.Group;
}
if ((includeSections & AccessControlSections.Audit) != 0)
{
securityInfo |= SecurityInfos.SystemAcl;
if (_securityDescriptor.IsSystemAclPresent &&
_securityDescriptor.SystemAcl != null &&
_securityDescriptor.SystemAcl.Count > 0)
{
sacl = _securityDescriptor.SystemAcl;
}
else
{
sacl = null;
}
if ((_securityDescriptor.ControlFlags & ControlFlags.SystemAclProtected) != 0)
{
securityInfo = (SecurityInfos)((uint)securityInfo | ProtectedSystemAcl);
}
else
{
securityInfo = (SecurityInfos)((uint)securityInfo | UnprotectedSystemAcl);
}
}
if ((includeSections & AccessControlSections.Access) != 0 && _securityDescriptor.IsDiscretionaryAclPresent)
{
securityInfo |= SecurityInfos.DiscretionaryAcl;
// if the DACL is in fact a crafted replaced for NULL replacement, then we will persist it as NULL
if (_securityDescriptor.DiscretionaryAcl.EveryOneFullAccessForNullDacl)
{
dacl = null;
}
else
{
dacl = _securityDescriptor.DiscretionaryAcl;
}
if ((_securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclProtected) != 0)
{
securityInfo = unchecked ((SecurityInfos)((uint)securityInfo | ProtectedDiscretionaryAcl));
}
else
{
securityInfo = (SecurityInfos)((uint)securityInfo | UnprotectedDiscretionaryAcl);
}
}
if (securityInfo == 0)
{
//
// Nothing to persist
//
return;
}
error = Win32.SetSecurityInfo(_resourceType, name, handle, securityInfo, owner, group, sacl, dacl);
if (error != Interop.Errors.ERROR_SUCCESS)
{
System.Exception exception = null;
if (_exceptionFromErrorCode != null)
{
exception = _exceptionFromErrorCode(error, name, handle, exceptionContext);
}
if (exception == null)
{
if (error == Interop.Errors.ERROR_ACCESS_DENIED)
{
exception = new UnauthorizedAccessException();
}
else if (error == Interop.Errors.ERROR_INVALID_OWNER)
{
exception = new InvalidOperationException(SR.AccessControl_InvalidOwner);
}
else if (error == Interop.Errors.ERROR_INVALID_PRIMARY_GROUP)
{
exception = new InvalidOperationException(SR.AccessControl_InvalidGroup);
}
else if (error == Interop.Errors.ERROR_INVALID_NAME)
{
exception = new ArgumentException(SR.Argument_InvalidName, nameof(name));
}
else if (error == Interop.Errors.ERROR_INVALID_HANDLE)
{
exception = new NotSupportedException(SR.AccessControl_InvalidHandle);
}
else if (error == Interop.Errors.ERROR_FILE_NOT_FOUND)
{
exception = new FileNotFoundException();
}
else if (error == Interop.Errors.ERROR_NO_SECURITY_ON_OBJECT)
{
exception = new NotSupportedException(SR.AccessControl_NoAssociatedSecurity);
}
else
{
Debug.Fail($"Unexpected error code {error}");
exception = new InvalidOperationException(SR.Format(SR.AccessControl_UnexpectedError, error));
}
}
throw exception;
}
//
// Everything goes well, let us clean the modified flags.
// We are in proper write lock, so just go ahead
//
this.OwnerModified = false;
this.GroupModified = false;
this.AccessRulesModified = false;
this.AuditRulesModified = false;
}
finally
{
WriteUnlock();
}
}
private void Persist(string name, SafeHandle handle, AccessControlSections includeSections, object exceptionContext)
{
base.WriteLock();
try
{
SecurityInfos securityInfos = (SecurityInfos)0;
SecurityIdentifier owner = null;
SecurityIdentifier group = null;
SystemAcl sacl = null;
DiscretionaryAcl dacl = null;
if ((includeSections & AccessControlSections.Owner) != AccessControlSections.None && this._securityDescriptor.Owner != null)
{
securityInfos |= SecurityInfos.Owner;
owner = this._securityDescriptor.Owner;
}
if ((includeSections & AccessControlSections.Group) != AccessControlSections.None && this._securityDescriptor.Group != null)
{
securityInfos |= SecurityInfos.Group;
group = this._securityDescriptor.Group;
}
if ((includeSections & AccessControlSections.Audit) != AccessControlSections.None)
{
securityInfos |= SecurityInfos.SystemAcl;
if (this._securityDescriptor.IsSystemAclPresent && this._securityDescriptor.SystemAcl != null && this._securityDescriptor.SystemAcl.Count > 0)
{
sacl = this._securityDescriptor.SystemAcl;
}
else
{
sacl = null;
}
if ((this._securityDescriptor.ControlFlags & ControlFlags.SystemAclProtected) != ControlFlags.None)
{
securityInfos |= (SecurityInfos)this.ProtectedSystemAcl;
}
else
{
securityInfos |= (SecurityInfos)this.UnprotectedSystemAcl;
}
}
if ((includeSections & AccessControlSections.Access) != AccessControlSections.None && this._securityDescriptor.IsDiscretionaryAclPresent)
{
securityInfos |= SecurityInfos.DiscretionaryAcl;
if (this._securityDescriptor.DiscretionaryAcl.EveryOneFullAccessForNullDacl)
{
dacl = null;
}
else
{
dacl = this._securityDescriptor.DiscretionaryAcl;
}
if ((this._securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclProtected) != ControlFlags.None)
{
securityInfos |= (SecurityInfos)this.ProtectedDiscretionaryAcl;
}
else
{
securityInfos |= (SecurityInfos)this.UnprotectedDiscretionaryAcl;
}
}
if (securityInfos != (SecurityInfos)0)
{
int num = Win32.SetSecurityInfo(this._resourceType, name, handle, securityInfos, owner, group, sacl, dacl);
if (num != 0)
{
Exception ex = null;
if (this._exceptionFromErrorCode != null)
{
ex = this._exceptionFromErrorCode(num, name, handle, exceptionContext);
}
if (ex == null)
{
if (num == 5)
{
ex = new UnauthorizedAccessException();
}
else if (num == 1307)
{
ex = new InvalidOperationException(Environment.GetResourceString("AccessControl_InvalidOwner"));
}
else if (num == 1308)
{
ex = new InvalidOperationException(Environment.GetResourceString("AccessControl_InvalidGroup"));
}
else if (num == 123)
{
ex = new ArgumentException(Environment.GetResourceString("Argument_InvalidName"), "name");
}
else if (num == 6)
{
ex = new NotSupportedException(Environment.GetResourceString("AccessControl_InvalidHandle"));
}
else if (num == 2)
{
ex = new FileNotFoundException();
}
else if (num == 1350)
{
ex = new NotSupportedException(Environment.GetResourceString("AccessControl_NoAssociatedSecurity"));
}
else
{
ex = new InvalidOperationException(Environment.GetResourceString("AccessControl_UnexpectedError", new object[]
{
num
}));
}
}
throw ex;
}
base.OwnerModified = false;
base.GroupModified = false;
base.AccessRulesModified = false;
base.AuditRulesModified = false;
}
}
finally
{
base.WriteUnlock();
}
}