static MessageQueueAccessRights GetPermissions(string formatName, string sid)
{
var SecurityDescriptor = new byte[100];
var sdHandle = GCHandle.Alloc(SecurityDescriptor, GCHandleType.Pinned);
try
{
int lengthNeeded;
var mqResult = MQGetQueueSecurity(formatName,
DACL_SECURITY_INFORMATION,
sdHandle.AddrOfPinnedObject(),
SecurityDescriptor.Length,
out lengthNeeded);
if (mqResult == MQ_ERROR_SECURITY_DESCRIPTOR_TOO_SMALL)
{
sdHandle.Free();
SecurityDescriptor = new byte[lengthNeeded];
sdHandle = GCHandle.Alloc(SecurityDescriptor, GCHandleType.Pinned);
mqResult = MQGetQueueSecurity(formatName,
DACL_SECURITY_INFORMATION,
sdHandle.AddrOfPinnedObject(),
SecurityDescriptor.Length,
out lengthNeeded);
}
if (mqResult != MQ_OK)
{
throw new Exception($"Unable to read the security descriptor of queue [{formatName}]");
}
bool daclPresent, daclDefaulted;
IntPtr pDacl;
var success = GetSecurityDescriptorDacl(sdHandle.AddrOfPinnedObject(),
out daclPresent,
out pDacl,
out daclDefaulted);
if (!success)
{
throw new Win32Exception();
}
var allowedAce = GetAce(pDacl, sid);
return (MessageQueueAccessRights) allowedAce.Mask;
}
finally
{
if (sdHandle.IsAllocated)
{
sdHandle.Free();
}
}
}