本文整理匯總了C#中System.Security.AccessControl.RawSecurityDescriptor.GetBinaryForm方法的典型用法代碼示例。如果您正苦於以下問題:C# RawSecurityDescriptor.GetBinaryForm方法的具體用法?C# RawSecurityDescriptor.GetBinaryForm怎麽用?C# RawSecurityDescriptor.GetBinaryForm使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類System.Security.AccessControl.RawSecurityDescriptor
的用法示例。
在下文中一共展示了RawSecurityDescriptor.GetBinaryForm方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的C#代碼示例。
示例1: SetProcessSecurityDescriptor
public static void SetProcessSecurityDescriptor(IntPtr hWnd)
{
RawSecurityDescriptor sd = new RawSecurityDescriptor(ControlFlags.None, new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), null, null, new RawAcl(2, 0));
sd.SetFlags(ControlFlags.DiscretionaryAclPresent | ControlFlags.DiscretionaryAclDefaulted);
byte[] rawSd = new byte[sd.BinaryLength];
sd.GetBinaryForm(rawSd, 0);
if (!NativeMethods.Advapi32.SetKernelObjectSecurity(hWnd, (int)SecurityInfos.DiscretionaryAcl, rawSd))
Console.WriteLine("Win32Exception(): {0}", new Win32Exception().Message);
}
示例2: CheckSddlConstructor
private void CheckSddlConstructor (string sddl, byte[] expectedBinary)
{
RawSecurityDescriptor sd = new RawSecurityDescriptor (sddl);
Assert.GreaterOrEqual (sd.BinaryLength, 0);
byte[] buffer = new byte[sd.BinaryLength];
sd.GetBinaryForm (buffer, 0);
Assert.AreEqual (expectedBinary, buffer);
}
示例3: CheckRoundTrip
private void CheckRoundTrip (string sddl)
{
RawSecurityDescriptor sd = new RawSecurityDescriptor (sddl);
byte[] buffer = new byte[sd.BinaryLength];
sd.GetBinaryForm (buffer, 0);
sd = new RawSecurityDescriptor (buffer, 0);
Assert.AreEqual (sddl, sd.GetSddlForm (AccessControlSections.All));
}
示例4: AccessCheck
private ACCESS_MASK AccessCheck(SafeAuthzContextHandle userClientCtxt, RawSecurityDescriptor descriptor)
{
ACCESS_MASK accessGranted;
// Prepare the Access Check request
var request = new NativeMethods.AUTHZ_ACCESS_REQUEST();
request.DesiredAccess = ACCESS_MASK.MAXIMUM_ALLOWED;
request.PrincipalSelfSid = null;
request.ObjectTypeList = IntPtr.Zero;
request.ObjectTypeListLength = 0;
request.OptionalArguments = IntPtr.Zero;
using (var grantedAccessBuffer = SafeAllocation.Create<ACCESS_MASK>())
using (var errorBuffer = SafeAllocation.Create<uint>())
{
// Prepare the access check reply
var reply = new NativeMethods.AUTHZ_ACCESS_REPLY();
reply.ResultListLength = 1;
reply.SaclEvaluationResults = IntPtr.Zero;
reply.GrantedAccessMask = grantedAccessBuffer.DangerousGetHandle();
reply.Error = errorBuffer.DangerousGetHandle();
var rawSD = new byte[descriptor.BinaryLength];
descriptor.GetBinaryForm(rawSD, 0);
if (!NativeMethods.AuthzAccessCheck(
NativeMethods.AuthzACFlags.None,
userClientCtxt,
ref request,
IntPtr.Zero,
rawSD,
null,
0,
ref reply,
IntPtr.Zero))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
accessGranted = grantedAccessBuffer.ToStructure();
}
return accessGranted;
}
示例5: FlagMismatch
public void FlagMismatch ()
{
// Check setting DACL-present flag on empty SD
RawSecurityDescriptor sd = new RawSecurityDescriptor ("");
Assert.AreEqual (20, sd.BinaryLength);
sd.SetFlags (ControlFlags.DiscretionaryAclPresent);
Assert.AreEqual (20, sd.BinaryLength);
byte[] buffer = new byte[sd.BinaryLength];
sd.GetBinaryForm (buffer, 0);
byte[] sdBinary = new byte[] {
0x01, 0x00, 0x04, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
Assert.AreEqual (sdBinary, buffer);
// Check unsetting DACL-present flag on SD with DACL
sd = new RawSecurityDescriptor ("O:BUG:BAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)");
Assert.AreEqual (80, sd.BinaryLength);
sd.SetFlags (sd.ControlFlags & ~ControlFlags.DiscretionaryAclPresent);
Assert.AreEqual (ControlFlags.SelfRelative, sd.ControlFlags);
Assert.AreEqual (52, sd.BinaryLength);
buffer = new byte[sd.BinaryLength];
sd.GetBinaryForm (buffer, 0);
sdBinary = new byte[] {
0x01, 0x00, 0x00, 0x80, 0x14, 0x00, 0x00, 0x00, 0x24, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00,
0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02,
0x00, 0x00 };
Assert.AreEqual (sdBinary, buffer);
}
示例6: SetServiceObjectSecurity
/// <summary>The SetServiceObjectSecurity function sets the security descriptor of a service object.</summary>
/// <param name="hService">
/// A handle to the service. This handle is returned by the <see cref="OpenService" /> or
/// <see cref="CreateService(SafeServiceHandle,string,string,ACCESS_MASK,ServiceType,ServiceStartType,ServiceErrorControl,string,string,int, string,string,string)" /> function. The access required for this handle depends on the security information
/// specified in the <paramref name="dwSecurityInformation" /> parameter.
/// </param>
/// <param name="dwSecurityInformation">
/// Specifies the components of the security descriptor to set. This parameter can be a
/// combination of the following values : <see cref="SECURITY_INFORMATION.DACL_SECURITY_INFORMATION" />,
/// <see cref="SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION" />,
/// <see cref="SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION" />,
/// <see cref="SECURITY_INFORMATION.SACL_SECURITY_INFORMATION" />. Note that flags not handled by
/// SetServiceObjectSecurity will be silently ignored.
/// </param>
/// <param name="lpSecurityDescriptor">The new security information.</param>
public static void SetServiceObjectSecurity(
SafeServiceHandle hService,
SECURITY_INFORMATION dwSecurityInformation,
RawSecurityDescriptor lpSecurityDescriptor)
{
var binaryForm = new byte[lpSecurityDescriptor.BinaryLength];
lpSecurityDescriptor.GetBinaryForm(binaryForm, 0);
if (!SetServiceObjectSecurity(hService, dwSecurityInformation, binaryForm))
{
throw new Win32Exception();
}
}
示例7: GetSecurity
public byte[] GetSecurity(SecurityInformation requestedInformation, bool wantDefault)
{
//FileSecurity fsec= new FileSecurity(@"c:\Test1\test.txt",~AccessControlSections.Audit);
//return fsec.GetSecurityDescriptorBinaryForm();
WindowsIdentity user = WindowsIdentity.GetCurrent();
if (user != null)
{
int length = 0;
IntPtr token = user.Token;
GetTokenInformation(token, TOKEN_INFORMATION_CLASS.TokenDefaultDacl, IntPtr.Zero, 0, out length);
IntPtr TokenInformation = Marshal.AllocHGlobal((int) length);
bool Result = GetTokenInformation(token, TOKEN_INFORMATION_CLASS.TokenDefaultDacl, TokenInformation, (uint) length,
out length);
TOKEN_DEFAULT_DACL dacl =
(TOKEN_DEFAULT_DACL) Marshal.PtrToStructure(TokenInformation, typeof (TOKEN_DEFAULT_DACL));
ACL acl = (ACL) Marshal.PtrToStructure(dacl.DefaultDacl, typeof (ACL));
byte[] aceArr = new byte[acl.AclSize];
Marshal.Copy(dacl.DefaultDacl, aceArr, 0, acl.AclSize);
RawAcl rawAcl = new RawAcl(aceArr, 0);
Marshal.FreeHGlobal(TokenInformation);
GetTokenInformation(token, TOKEN_INFORMATION_CLASS.TokenOwner, IntPtr.Zero, 0, out length);
TokenInformation = Marshal.AllocHGlobal((int) length);
GetTokenInformation(token, TOKEN_INFORMATION_CLASS.TokenOwner, TokenInformation, (uint)length,
out length);
TOKEN_OWNER tokOwner = (TOKEN_OWNER) Marshal.PtrToStructure(TokenInformation, typeof (TOKEN_OWNER));
SecurityIdentifier ownerSID= new SecurityIdentifier(tokOwner.Owner);
Marshal.FreeHGlobal(TokenInformation);
GetTokenInformation(token, TOKEN_INFORMATION_CLASS.TokenPrimaryGroup, IntPtr.Zero, 0, out length);
TokenInformation = Marshal.AllocHGlobal((int)length);
GetTokenInformation(token, TOKEN_INFORMATION_CLASS.TokenPrimaryGroup, TokenInformation, (uint)length,
out length);
TOKEN_PRIMARY_GROUP tokGroup= (TOKEN_PRIMARY_GROUP)Marshal.PtrToStructure(TokenInformation, typeof(TOKEN_PRIMARY_GROUP));
SecurityIdentifier groupSID = new SecurityIdentifier(tokGroup.PrimaryGroup);
RawSecurityDescriptor rawDesc = new RawSecurityDescriptor(ControlFlags.DiscretionaryAclPresent, ownerSID, groupSID, null, rawAcl);
byte[] ret = new byte[rawDesc.BinaryLength];
rawDesc.GetBinaryForm(ret, 0);
return ret;
}
return null;
}
示例8: SetCurrentProcessTokenDacl
private void SetCurrentProcessTokenDacl(RawAcl dacl)
{
IntPtr hProcess = IntPtr.Zero;
IntPtr hProcessToken = IntPtr.Zero;
IntPtr securityDescriptorPtr = IntPtr.Zero;
try
{
hProcess = NativeMethods.GetCurrentProcess();
if (!NativeMethods.OpenProcessToken(hProcess, NativeMethods.TOKEN_ALL_ACCESS, out hProcessToken))
Marshal.ThrowExceptionForHR(Marshal.GetHRForLastWin32Error());
// Get security descriptor associated with the kernel object and modify it.
uint returnLength;
NativeMethods.GetKernelObjectSecurity(hProcessToken, NativeMethods.SECURITY_INFORMATION.DACL_SECURITY_INFORMATION, IntPtr.Zero, 0, out returnLength);
int lasterror = Marshal.GetLastWin32Error(); //#pragma warning disable 56523 doesnt recognize 56523
securityDescriptorPtr = Marshal.AllocCoTaskMem((int)returnLength);
if (!NativeMethods.GetKernelObjectSecurity(hProcessToken, NativeMethods.SECURITY_INFORMATION.DACL_SECURITY_INFORMATION, securityDescriptorPtr, returnLength, out returnLength))
Marshal.ThrowExceptionForHR(Marshal.GetHRForLastWin32Error());
byte[] sdBytes = new byte[returnLength];
Marshal.Copy(securityDescriptorPtr, sdBytes, 0, (int)returnLength);
RawSecurityDescriptor rawSecurityDescriptor = new RawSecurityDescriptor(sdBytes, 0);
rawSecurityDescriptor.DiscretionaryAcl = dacl;
sdBytes = new byte[rawSecurityDescriptor.BinaryLength];
rawSecurityDescriptor.GetBinaryForm(sdBytes, 0);
Marshal.FreeCoTaskMem(securityDescriptorPtr);
securityDescriptorPtr = Marshal.AllocCoTaskMem(rawSecurityDescriptor.BinaryLength);
Marshal.Copy(sdBytes, 0, securityDescriptorPtr, rawSecurityDescriptor.BinaryLength);
if (!NativeMethods.SetKernelObjectSecurity(hProcessToken, NativeMethods.SECURITY_INFORMATION.DACL_SECURITY_INFORMATION, securityDescriptorPtr))
Marshal.ThrowExceptionForHR(Marshal.GetHRForLastWin32Error());
}
finally
{
if (hProcess != IntPtr.Zero && hProcess != (IntPtr)(-1))
if (!NativeMethods.CloseHandle(hProcess))
Marshal.ThrowExceptionForHR(Marshal.GetHRForLastWin32Error());
if (hProcessToken != IntPtr.Zero)
if (!NativeMethods.CloseHandle(hProcessToken))
Marshal.ThrowExceptionForHR(Marshal.GetHRForLastWin32Error());
if (securityDescriptorPtr != IntPtr.Zero)
Marshal.FreeCoTaskMem(securityDescriptorPtr);
}
}
示例9: CreateWithFullAccess
/// <summary>
/// Creates pipe with full access rights for everyone.
/// </summary>
/// <exception cref="System.InvalidOperationException">Pipe is already open.</exception>
/// <exception cref="System.IO.IOException">Cannot create named pipe.</exception>
public void CreateWithFullAccess()
{
if (this.SafeHandle != null) { throw new InvalidOperationException("Pipe is already open."); }
var sec = new RawSecurityDescriptor(ControlFlags.DiscretionaryAclPresent, null, null, null, null);
var sa = new NativeMethods.SECURITY_ATTRIBUTES();
sa.nLength = Marshal.SizeOf(typeof(NativeMethods.SECURITY_ATTRIBUTES));
sa.bInheritHandle = true;
byte[] secBinary = new byte[sec.BinaryLength];
sec.GetBinaryForm(secBinary, 0);
sa.lpSecurityDescriptor = Marshal.AllocHGlobal(secBinary.Length);
Marshal.Copy(secBinary, 0, sa.lpSecurityDescriptor, secBinary.Length);
this.SafeHandle = NativeMethods.CreateNamedPipe(this.FullPipeName, NativeMethods.PIPE_ACCESS_DUPLEX, NativeMethods.PIPE_TYPE_BYTE | NativeMethods.PIPE_READMODE_BYTE | NativeMethods.PIPE_WAIT, NativeMethods.PIPE_UNLIMITED_INSTANCES, 4096, 4096, NativeMethods.NMPWAIT_USE_DEFAULT_WAIT, ref sa);
if (this.SafeHandle.IsInvalid) { throw new IOException("Cannot create named pipe.", new Win32Exception()); }
}
示例10: ToSecurityDescriptor
/// <summary>
/// Covert SDDL string to _SECURITY_DESCRIPTOR in self-relative format.
/// </summary>
/// <param name="sddlString">SDDL string to convert.</param>
/// <returns>_SECURITY_DESCRIPTOR</returns>
public static _SECURITY_DESCRIPTOR ToSecurityDescriptor(string sddlString)
{
RawSecurityDescriptor rawSecurityDescriptor = new RawSecurityDescriptor(sddlString);
byte[] rawSecurityDescriptorBytes = new byte[rawSecurityDescriptor.BinaryLength];
rawSecurityDescriptor.GetBinaryForm(rawSecurityDescriptorBytes, 0);
return DtypUtility.DecodeSecurityDescriptor(rawSecurityDescriptorBytes);
}
示例11: CreateSecurityDescriptor
/// <summary>
/// Create a _SECURITY_DESCRIPTOR structure in self-relative format.
/// </summary>
/// <param name="control">An unsigned 16-bit field that specifies control access bit flags.</param>
/// <param name="ownerSid">The SID of the owner of the object</param>
/// <param name="groupSid">The SID of the group of the object.</param>
/// <param name="sacl">The SACL of the object.</param>
/// <param name="dacl">The DACL of the object.</param>
/// <returns> Output security descriptor for the object.</returns>
public static _SECURITY_DESCRIPTOR CreateSecurityDescriptor(
SECURITY_DESCRIPTOR_Control control,
_SID? ownerSid,
_SID? groupSid,
_ACL? sacl,
_ACL? dacl)
{
RawAcl sRawAcl = null;
RawAcl dRawAcl = null;
SecurityIdentifier rawOwnerSid = null;
SecurityIdentifier rawGroupSid = null;
if (ownerSid != null)
{
rawOwnerSid = new SecurityIdentifier(TypeMarshal.ToBytes(ownerSid.Value), 0);
}
if (groupSid != null)
{
rawGroupSid = new SecurityIdentifier(TypeMarshal.ToBytes(groupSid.Value), 0);
}
if (sacl != null)
{
sRawAcl = new RawAcl(DtypUtility.EncodeAcl(sacl.Value), 0);
}
if (dacl != null)
{
dRawAcl = new RawAcl(DtypUtility.EncodeAcl(dacl.Value), 0);
}
RawSecurityDescriptor rawSecurityDescriptor = new RawSecurityDescriptor(
(ControlFlags)control,
rawOwnerSid,
rawGroupSid,
sRawAcl,
dRawAcl);
byte[] rawSecurityDescriptorBytes = new byte[rawSecurityDescriptor.BinaryLength];
rawSecurityDescriptor.GetBinaryForm(rawSecurityDescriptorBytes, 0);
return DtypUtility.DecodeSecurityDescriptor(rawSecurityDescriptorBytes);
}
示例12: SetProcessSecurityDescriptor
public static void SetProcessSecurityDescriptor(IntPtr processHandle, RawSecurityDescriptor dacl)
{
const int DACL_SECURITY_INFORMATION = 0x00000004;
byte[] rawsd = new byte[dacl.BinaryLength];
dacl.GetBinaryForm(rawsd, 0);
if (!SetKernelObjectSecurity(processHandle, DACL_SECURITY_INFORMATION, rawsd))
throw new Win32Exception();
}
示例13: SetAcl
public static bool SetAcl(this ServiceController controller, Action<DiscretionaryAcl> fn)
{
// from http://pinvoke.net/default.aspx/advapi32/QueryServiceObjectSecurity.html (thx!)
using (SafeHandle handle = controller.ServiceHandle)
{
var psd = new byte[0];
uint bufSizeNeeded;
bool success = QueryServiceObjectSecurity(handle, SecurityInfos.DiscretionaryAcl, psd, 0,
out bufSizeNeeded);
if (!success)
{
int error = Marshal.GetLastWin32Error();
if (error == ErrorInsufficientBuffer)
{
psd = new byte[bufSizeNeeded];
success = QueryServiceObjectSecurity(handle, SecurityInfos.DiscretionaryAcl, psd, bufSizeNeeded,
out bufSizeNeeded);
}
else
{
return false;
}
}
if (!success)
{
return false;
}
// get security descriptor via raw into DACL form so ACE
// ordering checks are done for us.
var rsd = new RawSecurityDescriptor(psd, 0);
var dacl = new DiscretionaryAcl(false, false, rsd.DiscretionaryAcl);
fn(dacl);
// convert discretionary ACL back to raw form; looks like via byte[] is only way
var rawdacl = new byte[dacl.BinaryLength];
dacl.GetBinaryForm(rawdacl, 0);
rsd.DiscretionaryAcl = new RawAcl(rawdacl, 0);
// set raw security descriptor on service again
var rawsd = new byte[rsd.BinaryLength];
rsd.GetBinaryForm(rawsd, 0);
success = SetServiceObjectSecurity(handle, SecurityInfos.DiscretionaryAcl, rawsd);
return success;
}
}
示例14: EnsureServiceAclsCorrect
internal static void EnsureServiceAclsCorrect()
{
var psd = new byte[0];
uint bufSizeNeeded;
var ok = Advapi32.QueryServiceObjectSecurity(Controller.Value.ServiceHandle, SecurityInfos.DiscretionaryAcl, psd, 0, out bufSizeNeeded);
if (!ok) {
int err = Marshal.GetLastWin32Error();
if (err == 122) {
// ERROR_INSUFFICIENT_BUFFER
// expected; now we know bufsize
psd = new byte[bufSizeNeeded];
ok = Advapi32.QueryServiceObjectSecurity(
Controller.Value.ServiceHandle, SecurityInfos.DiscretionaryAcl, psd, bufSizeNeeded, out bufSizeNeeded);
} else {
throw new ApplicationException("error calling QueryServiceObjectSecurity() to get DACL for Service: error code=" + err);
}
}
if (!ok) {
throw new ApplicationException("error calling QueryServiceObjectSecurity(2) to get DACL for Service: error code=" + Marshal.GetLastWin32Error());
}
// get security descriptor via raw into DACL form so ACE
// ordering checks are done for us.
var rsd = new RawSecurityDescriptor(psd, 0);
var dacl = new DiscretionaryAcl(false, false, rsd.DiscretionaryAcl);
dacl.AddAccess(AccessControlType.Allow, new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null), (int)ServiceAccess.ServiceCoapp, InheritanceFlags.None, PropagationFlags.None);
// convert discretionary ACL back to raw form; looks like via byte[] is only way
var rawdacl = new byte[dacl.BinaryLength];
dacl.GetBinaryForm(rawdacl, 0);
rsd.DiscretionaryAcl = new RawAcl(rawdacl, 0);
// set raw security descriptor on service again
var rawsd = new byte[rsd.BinaryLength];
rsd.GetBinaryForm(rawsd, 0);
ok = Advapi32.SetServiceObjectSecurity(Controller.Value.ServiceHandle, SecurityInfos.DiscretionaryAcl, rawsd);
if (!ok) {
throw new ApplicationException("error calling SetServiceObjectSecurity(); error code=" + Marshal.GetLastWin32Error());
}
}
示例15: SetProcessSecurityDescriptor
internal bool SetProcessSecurityDescriptor(IntPtr processHandle, RawSecurityDescriptor dacl)
{
const int DACL_SECURITY_INFORMATION = 0x00000004;
byte[] rawsd = new byte[dacl.BinaryLength];
dacl.GetBinaryForm(rawsd, 0);
if (!SetKernelObjectSecurity(processHandle, DACL_SECURITY_INFORMATION, rawsd))
{
Program.Log(String.Format("SetKernelObjectSecurity error:{0}", Abstractions.WindowsApi.pInvokes.LastError()), EventLogEntryType.Error);
return false;
}
return true;
}