static private SetSecurityInfo ( Microsoft.Win32.ResourceType type, string name, |
||
type | Microsoft.Win32.ResourceType | |
name | string | |
handle | ||
securityInformation | SecurityInfos | |
owner | System.Security.Principal.SecurityIdentifier | |
group | System.Security.Principal.SecurityIdentifier | |
sacl | ||
dacl | ||
return | int |
internal static int SetSecurityInfo(
ResourceType type,
string name,
SafeHandle handle,
SecurityInfos securityInformation,
SecurityIdentifier owner,
SecurityIdentifier group,
GenericAcl sacl,
GenericAcl dacl)
{
int errorCode;
int Length;
byte[] OwnerBinary = null, GroupBinary = null, SaclBinary = null, DaclBinary = null;
Privilege securityPrivilege = null;
if (owner != null)
{
Length = owner.BinaryLength;
OwnerBinary = new byte[Length];
owner.GetBinaryForm(OwnerBinary, 0);
}
if (group != null)
{
Length = group.BinaryLength;
GroupBinary = new byte[Length];
group.GetBinaryForm(GroupBinary, 0);
}
if (dacl != null)
{
Length = dacl.BinaryLength;
DaclBinary = new byte[Length];
dacl.GetBinaryForm(DaclBinary, 0);
}
if (sacl != null)
{
Length = sacl.BinaryLength;
SaclBinary = new byte[Length];
sacl.GetBinaryForm(SaclBinary, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != 0)
{
//
// Enable security privilege if trying to set a SACL.
// Note: even setting it by handle needs this privilege enabled!
//
securityPrivilege = new Privilege(Privilege.Security);
}
try
{
if (securityPrivilege != null)
{
try
{
securityPrivilege.Enable();
}
catch (PrivilegeNotHeldException)
{
// we will ignore this exception and press on just in case this is a remote resource
}
}
if (name != null)
{
errorCode = (int)Interop.Advapi32.SetSecurityInfoByName(name, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
else if (handle != null)
{
if (handle.IsInvalid)
{
throw new ArgumentException(
SR.Argument_InvalidSafeHandle,
nameof(handle));
}
else
{
errorCode = (int)Interop.Advapi32.SetSecurityInfoByHandle(handle, (uint)type, (uint)securityInformation, OwnerBinary, GroupBinary, DaclBinary, SaclBinary);
}
}
else
{
// both are null, shouldn't happen
Debug.Assert(false, "Internal error: both name and handle are null");
throw new ArgumentException();
}
if (errorCode == Interop.Errors.ERROR_NOT_ALL_ASSIGNED ||
errorCode == Interop.Errors.ERROR_PRIVILEGE_NOT_HELD)
{
throw new PrivilegeNotHeldException(Privilege.Security);
}
else if (errorCode == Interop.Errors.ERROR_ACCESS_DENIED ||
errorCode == Interop.Errors.ERROR_CANT_OPEN_ANONYMOUS)
{
throw new UnauthorizedAccessException();
}
else if (errorCode != Interop.Errors.ERROR_SUCCESS)
{
goto Error;
}
}
catch
{
// protection against exception filter-based luring attacks
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
throw;
}
finally
{
if (securityPrivilege != null)
{
securityPrivilege.Revert();
}
}
return 0;
Error:
if (errorCode == Interop.Errors.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
return errorCode;
}
}
private void Persist(string name, SafeHandle handle, AccessControlSections includeSections, object exceptionContext) { this.WriteLock(); try { SecurityInfos securityInformation = (SecurityInfos)0; SecurityIdentifier owner = (SecurityIdentifier)null; SecurityIdentifier group = (SecurityIdentifier)null; SystemAcl systemAcl = (SystemAcl)null; DiscretionaryAcl discretionaryAcl = (DiscretionaryAcl)null; if ((includeSections & AccessControlSections.Owner) != AccessControlSections.None && this._securityDescriptor.Owner != (SecurityIdentifier)null) { securityInformation |= SecurityInfos.Owner; owner = this._securityDescriptor.Owner; } if ((includeSections & AccessControlSections.Group) != AccessControlSections.None && this._securityDescriptor.Group != (SecurityIdentifier)null) { securityInformation |= SecurityInfos.Group; group = this._securityDescriptor.Group; } if ((includeSections & AccessControlSections.Audit) != AccessControlSections.None) { SecurityInfos securityInfos = securityInformation | SecurityInfos.SystemAcl; systemAcl = !this._securityDescriptor.IsSystemAclPresent || this._securityDescriptor.SystemAcl == null || this._securityDescriptor.SystemAcl.Count <= 0 ? (SystemAcl)null : this._securityDescriptor.SystemAcl; securityInformation = (this._securityDescriptor.ControlFlags & ControlFlags.SystemAclProtected) == ControlFlags.None ? securityInfos | (SecurityInfos)this.UnprotectedSystemAcl : securityInfos | (SecurityInfos)this.ProtectedSystemAcl; } if ((includeSections & AccessControlSections.Access) != AccessControlSections.None && this._securityDescriptor.IsDiscretionaryAclPresent) { SecurityInfos securityInfos = securityInformation | SecurityInfos.DiscretionaryAcl; discretionaryAcl = !this._securityDescriptor.DiscretionaryAcl.EveryOneFullAccessForNullDacl ? this._securityDescriptor.DiscretionaryAcl : (DiscretionaryAcl)null; securityInformation = (this._securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclProtected) == ControlFlags.None ? securityInfos | (SecurityInfos)this.UnprotectedDiscretionaryAcl : securityInfos | (SecurityInfos)this.ProtectedDiscretionaryAcl; } if (securityInformation == (SecurityInfos)0) { return; } int errorCode = Win32.SetSecurityInfo(this._resourceType, name, handle, securityInformation, owner, group, (GenericAcl)systemAcl, (GenericAcl)discretionaryAcl); if (errorCode != 0) { Exception exception = (Exception)null; if (this._exceptionFromErrorCode != null) { exception = this._exceptionFromErrorCode(errorCode, name, handle, exceptionContext); } if (exception == null) { if (errorCode == 5) { exception = (Exception) new UnauthorizedAccessException(); } else if (errorCode == 1307) { exception = (Exception) new InvalidOperationException(Environment.GetResourceString("AccessControl_InvalidOwner")); } else if (errorCode == 1308) { exception = (Exception) new InvalidOperationException(Environment.GetResourceString("AccessControl_InvalidGroup")); } else if (errorCode == 123) { exception = (Exception) new ArgumentException(Environment.GetResourceString("Argument_InvalidName"), "name"); } else if (errorCode == 6) { exception = (Exception) new NotSupportedException(Environment.GetResourceString("AccessControl_InvalidHandle")); } else if (errorCode == 2) { exception = (Exception) new FileNotFoundException(); } else if (errorCode == 1350) { exception = (Exception) new NotSupportedException(Environment.GetResourceString("AccessControl_NoAssociatedSecurity")); } else { exception = (Exception) new InvalidOperationException(Environment.GetResourceString("AccessControl_UnexpectedError", (object)errorCode)); } } throw exception; } this.OwnerModified = false; this.GroupModified = false; this.AccessRulesModified = false; this.AuditRulesModified = false; } finally { this.WriteUnlock(); } }