From 578e84ac802fcbaac700de503ebda305dc8eeee5 Mon Sep 17 00:00:00 2001
From: David Hall <dahall@byu.net>
Date: Mon, 8 Apr 2019 19:45:04 -0600
Subject: [PATCH] Updated to match changes to AclUI interfaces.

---
 .../Dialogs/AccessControlEditor/Providers.cs       | 31 ++++++++----
 .../Dialogs/AccessControlEditor/SecuredObject.cs   |  2 +-
 .../AccessControlEditor/SecurityInfoImpl.cs        | 57 +++++++++++++---------
 3 files changed, 58 insertions(+), 32 deletions(-)

diff --git a/WIndows.Forms/Dialogs/AccessControlEditor/Providers.cs b/WIndows.Forms/Dialogs/AccessControlEditor/Providers.cs
index 0ca20f8c..146fdc6d 100644
--- a/WIndows.Forms/Dialogs/AccessControlEditor/Providers.cs
+++ b/WIndows.Forms/Dialogs/AccessControlEditor/Providers.cs
@@ -56,8 +56,9 @@ namespace Vanara.Security.AccessControl
 		/// <param name="serverName">Name of the server. This can be <c>null</c>.</param>
 		/// <param name="pSecurityDescriptor">A pointer to the security descriptor.</param>
 		/// <param name="objectTypeList">The object type list.</param>
+		/// <param name="grantedAccessList">An array of access masks.</param>
 		/// <returns>An array of access masks.</returns>
-		uint[] GetEffectivePermission(Guid objTypeId, PSID pUserSid, string serverName, PSECURITY_DESCRIPTOR pSecurityDescriptor, out OBJECT_TYPE_LIST[] objectTypeList);
+		HRESULT GetEffectivePermission(Guid objTypeId, PSID pUserSid, string serverName, PSECURITY_DESCRIPTOR pSecurityDescriptor, out OBJECT_TYPE_LIST[] objectTypeList, out uint[] grantedAccessList);
 
 		/// <summary>Gets the generic mapping for standard rights.</summary>
 		/// <param name="aceFlags">The ace flags.</param>
@@ -126,10 +127,7 @@ namespace Vanara.Security.AccessControl
 
 		/// <summary>Gets a default Security Descriptor for resetting the security of the object.</summary>
 		/// <returns>Pointer to a Security Descriptor.</returns>
-		public virtual IntPtr GetDefaultSecurity()
-		{
-			throw new NotImplementedException();
-		}
+		public virtual IntPtr GetDefaultSecurity() => IntPtr.Zero;
 
 		/// <summary>
 		/// Gets the effective permissions for the provided Sid within the Security Descriptor.
@@ -153,11 +151,14 @@ namespace Vanara.Security.AccessControl
 		/// <param name="serverName">Name of the server. This can be <c>null</c>.</param>
 		/// <param name="pSecurityDescriptor">A pointer to the security descriptor.</param>
 		/// <param name="objectTypeList">The object type list.</param>
-		/// <returns>An array of access masks.</returns>
+		/// <param name="grantedAccessList">An array of access masks.</param>
+		/// <returns></returns>
 		/// <exception cref="System.NotImplementedException"></exception>
-		public virtual uint[] GetEffectivePermission(Guid objTypeId, PSID pUserSid, string serverName, PSECURITY_DESCRIPTOR pSecurityDescriptor, out OBJECT_TYPE_LIST[] objectTypeList)
+		public virtual HRESULT GetEffectivePermission(Guid objTypeId, PSID pUserSid, string serverName, PSECURITY_DESCRIPTOR pSecurityDescriptor, out OBJECT_TYPE_LIST[] objectTypeList, out uint[] grantedAccessList)
 		{
-			throw new NotImplementedException();
+			objectTypeList = null;
+			grantedAccessList = null;
+			return HRESULT.E_NOTIMPL;
 		}
 
 		/// <summary>Gets the generic mapping for standard rights.</summary>
@@ -219,6 +220,10 @@ namespace Vanara.Security.AccessControl
 
 	internal class FileProvider : GenericProvider
 	{
+		private const string defaultSecuritySddl = "O:WDG:BAD:AI(A;CIIO;FA;;;WD)(A;;FA;;;BA)S:AI(AU;SAFACIIO;FA;;;WD)";
+
+		public static readonly SafeSecurityDescriptor defaultSd = ConvertStringSecurityDescriptorToSecurityDescriptor(defaultSecuritySddl);
+
 		public override ResourceType ResourceType => ResourceType.FileObject;
 
 		public override void GetAccessListInfo(SI_OBJECT_INFO_Flags flags, out SI_ACCESS[] rights, out uint defaultIndex)
@@ -252,6 +257,8 @@ namespace Vanara.Security.AccessControl
 			defaultIndex = 3;
 		}
 
+		public override IntPtr GetDefaultSecurity() => defaultSd.DangerousGetHandle();
+
 		public override GENERIC_MAPPING GetGenericMapping(sbyte aceFlags) =>
 			new GENERIC_MAPPING((uint)(FileSystemRights.Read | FileSystemRights.Synchronize),
 				(uint)(FileSystemRights.Write | FileSystemRights.Synchronize), 0x1200A0, (uint)FileSystemRights.FullControl);
@@ -270,6 +277,8 @@ namespace Vanara.Security.AccessControl
 	internal class KernelProvider : GenericProvider
 	{
 		public override ResourceType ResourceType => ResourceType.KernelObject;
+
+		//public override IntPtr GetDefaultSecurity() => IntPtr.Zero;
 	}
 
 	internal class RegistryProvider : GenericProvider
@@ -296,6 +305,8 @@ namespace Vanara.Security.AccessControl
 			defaultIndex = 11;
 		}
 
+		//public override IntPtr GetDefaultSecurity() => IntPtr.Zero;
+
 		public override GENERIC_MAPPING GetGenericMapping(sbyte aceFlags) => new GENERIC_MAPPING((uint)RegistryRights.ReadKey, (uint)RegistryRights.WriteKey, (uint)RegistryRights.ExecuteKey, (uint)RegistryRights.FullControl);
 
 		public override INHERITED_FROM[] GetInheritSource(string objName, string serverName, bool isContainer, uint si, PACL pAcl)
@@ -355,6 +366,8 @@ namespace Vanara.Security.AccessControl
 			defaultIndex = 3;
 		}
 
+		//public override IntPtr GetDefaultSecurity() => IntPtr.Zero;
+
 		public override GENERIC_MAPPING GetGenericMapping(sbyte aceFlags) => new GENERIC_MAPPING(0x120089, 0x120116, 0x1200A0, 0x1F01FF);
 
 		public override INHERITED_FROM[] GetInheritSource(string objName, string serverName, bool isContainer, uint si, PACL pAcl)
@@ -373,7 +386,7 @@ namespace Vanara.Security.AccessControl
 			// var acl = RawAclFromPtr(pAcl);
 			// for (int i = 0; i < acl.Count; i++) { }
 
-			return new INHERITED_FROM[GetAceCount(pAcl)];
+			return new INHERITED_FROM[pAcl.GetAceCount()];
 		}
 	}
 }
\ No newline at end of file
diff --git a/WIndows.Forms/Dialogs/AccessControlEditor/SecuredObject.cs b/WIndows.Forms/Dialogs/AccessControlEditor/SecuredObject.cs
index 3a9e0a2f..6b12f4b0 100644
--- a/WIndows.Forms/Dialogs/AccessControlEditor/SecuredObject.cs
+++ b/WIndows.Forms/Dialogs/AccessControlEditor/SecuredObject.cs
@@ -89,7 +89,7 @@ namespace Vanara.Security.AccessControl
 				catch { }
 			}
 			if (ObjectSecurity == null)
-				throw new ArgumentException("Object must have a GetAccessControl member.");
+				throw new ArgumentException("Object must be valid and have a GetAccessControl member.");
 
 			// Get the object names
 			switch (knownObject.GetType().Name)
diff --git a/WIndows.Forms/Dialogs/AccessControlEditor/SecurityInfoImpl.cs b/WIndows.Forms/Dialogs/AccessControlEditor/SecurityInfoImpl.cs
index 207f5e96..f9472b2b 100644
--- a/WIndows.Forms/Dialogs/AccessControlEditor/SecurityInfoImpl.cs
+++ b/WIndows.Forms/Dialogs/AccessControlEditor/SecurityInfoImpl.cs
@@ -47,7 +47,7 @@ namespace Vanara.Security.AccessControl
 			get => pSD.ToArray(); set => pSD = new SafeByteArray(value);
 		}
 
-		void IEffectivePermission.GetEffectivePermission(in Guid pguidObjectType, PSID pUserSid, string pszServerName, PSECURITY_DESCRIPTOR pSecDesc, out OBJECT_TYPE_LIST[] ppObjectTypeList, out uint pcObjectTypeListLength, out uint[] ppGrantedAccessList, out uint pcGrantedAccessListLength)
+		HRESULT IEffectivePermission.GetEffectivePermission(in Guid pguidObjectType, PSID pUserSid, string pszServerName, PSECURITY_DESCRIPTOR pSecDesc, out OBJECT_TYPE_LIST[] ppObjectTypeList, out uint pcObjectTypeListLength, out uint[] ppGrantedAccessList, out uint pcGrantedAccessListLength)
 		{
 			System.Diagnostics.Debug.WriteLine($"GetEffectivePermission: {pguidObjectType}, {pszServerName}");
 			if (pguidObjectType == Guid.Empty)
@@ -59,36 +59,41 @@ namespace Vanara.Security.AccessControl
 			}
 			else
 			{
-				ppGrantedAccessList = prov.GetEffectivePermission(pguidObjectType, pUserSid, pszServerName, pSecDesc, out ppObjectTypeList);
-				pcGrantedAccessListLength = (uint)ppGrantedAccessList.Length;
-				pcObjectTypeListLength = (uint)ppObjectTypeList.Length;
+				var hr = prov.GetEffectivePermission(pguidObjectType, pUserSid, pszServerName, pSecDesc, out ppObjectTypeList, out ppGrantedAccessList);
+				pcGrantedAccessListLength = (uint)(ppGrantedAccessList?.Length ?? 0);
+				pcObjectTypeListLength = (uint)(ppObjectTypeList?.Length ?? 0);
+				if (hr.Failed) return hr;
 			}
+			return HRESULT.S_OK;
 		}
 
-		void ISecurityInformation.GetAccessRights(in Guid guidObject, int dwFlags, out SI_ACCESS[] access, ref uint accessCount, out uint defaultAccess)
+		HRESULT ISecurityInformation.GetAccessRights(in Guid guidObject, int dwFlags, out SI_ACCESS[] access, ref uint accessCount, out uint defaultAccess)
 		{
 			System.Diagnostics.Debug.WriteLine($"GetAccessRight: {guidObject}, {(SI_OBJECT_INFO_Flags)dwFlags}");
 			prov.GetAccessListInfo((SI_OBJECT_INFO_Flags)dwFlags, out var ari, out var defAcc);
 			defaultAccess = defAcc;
 			access = ari;
 			accessCount = (uint)access.Length;
+			return HRESULT.S_OK;
 		}
 
-		void ISecurityInformation.GetInheritTypes(out SI_INHERIT_TYPE[] inheritTypes, out uint inheritTypesCount)
+		HRESULT ISecurityInformation.GetInheritTypes(out SI_INHERIT_TYPE[] inheritTypes, out uint inheritTypesCount)
 		{
 			System.Diagnostics.Debug.WriteLine("GetInheritTypes");
 			inheritTypes = prov.GetInheritTypes();
 			inheritTypesCount = (uint)inheritTypes.Length;
+			return HRESULT.S_OK;
 		}
 
-		void ISecurityInformation.GetObjectInformation(ref SI_OBJECT_INFO objInfo)
+		HRESULT ISecurityInformation.GetObjectInformation(ref SI_OBJECT_INFO objInfo)
 		{
 			System.Diagnostics.Debug.WriteLine($"GetObjectInformation: {objInfo.dwFlags} {currentElevation}");
 			objInfo = objectInfo;
 			objInfo.dwFlags &= ~(currentElevation);
+			return HRESULT.S_OK;
 		}
 
-		void ISecurityInformation.GetSecurity(SECURITY_INFORMATION requestInformation, out PSECURITY_DESCRIPTOR ppSecurityDescriptor, bool fDefault)
+		HRESULT ISecurityInformation.GetSecurity(SECURITY_INFORMATION requestInformation, out PSECURITY_DESCRIPTOR ppSecurityDescriptor, bool fDefault)
 		{
 			System.Diagnostics.Debug.WriteLine($"GetSecurity: {requestInformation}{(fDefault ? " (Def)" : "")}");
 			var sd = new PSECURITY_DESCRIPTOR(fDefault ? prov.GetDefaultSecurity() : (IntPtr)pSD);
@@ -97,32 +102,40 @@ namespace Vanara.Security.AccessControl
 				$"GetSecurity={ret.ToSddl(requestInformation) ?? "null"} <- {sd.ToSddl(requestInformation) ?? "null"}");
 			ppSecurityDescriptor = ret.DangerousGetHandle();
 			ret.SetHandleAsInvalid();
+			return HRESULT.S_OK;
 		}
 
-		void ISecurityInformation.MapGeneric(in Guid guidObjectType, ref sbyte AceFlags, ref uint Mask)
+		HRESULT ISecurityInformation.MapGeneric(in Guid guidObjectType, ref sbyte AceFlags, ref uint Mask)
 		{
 			var stMask = Mask;
 			var gm = prov.GetGenericMapping(AceFlags);
-			MapGenericMask(ref Mask, ref gm);
+			MapGenericMask(ref Mask, gm);
 			//if (Mask != gm.GenericAll)
 			//	Mask &= ~(uint)FileSystemRights.Synchronize;
 			System.Diagnostics.Debug.WriteLine($"MapGeneric: {guidObjectType}, {(AceFlags)AceFlags}, 0x{stMask:X}->0x{Mask:X}");
+			return HRESULT.S_OK;
 		}
 
-		void ISecurityInformation.PropertySheetPageCallback(HWND hwnd, PropertySheetCallbackMessage uMsg, SI_PAGE_TYPE uPage)
+		HRESULT ISecurityInformation.PropertySheetPageCallback(HWND hwnd, PropertySheetCallbackMessage uMsg, SI_PAGE_TYPE uPage)
 		{
 			System.Diagnostics.Debug.WriteLine($"PropertySheetPageCallback: {hwnd}, {uMsg}, {uPage}");
 			prov.PropertySheetPageCallback(hwnd, uMsg, uPage);
+			return HRESULT.S_OK;
 		}
 
-		void ISecurityInformation.SetSecurity(SECURITY_INFORMATION requestInformation, PSECURITY_DESCRIPTOR sd)
+		HRESULT ISecurityInformation.SetSecurity(SECURITY_INFORMATION requestInformation, PSECURITY_DESCRIPTOR sd)
 		{
 			OnSetSecurity?.Invoke(this, new SecurityEventArg(new SafeSecurityDescriptor((IntPtr)sd, false), requestInformation));
+			return HRESULT.S_OK;
 		}
 
-		string ISecurityInformation3.GetFullResourceName() => fullObjectName;
+		HRESULT ISecurityInformation3.GetFullResourceName(out string name)
+		{
+			name = fullObjectName;
+			return HRESULT.S_OK;
+		}
 
-		void ISecurityInformation3.OpenElevatedEditor(HWND hWnd, SI_PAGE_TYPE uPage)
+		HRESULT ISecurityInformation3.OpenElevatedEditor(HWND hWnd, SI_PAGE_TYPE uPage)
 		{
 			var pgType = (SI_PAGE_TYPE)LOWORD((uint)uPage);
 			var pgActv = (SI_PAGE_ACTIVATED)HIWORD((uint)uPage);
@@ -160,31 +173,31 @@ namespace Vanara.Security.AccessControl
 			}
 			ShowDialog(hWnd, pgType, pgActv);
 			currentElevation = lastElev;
+			return HRESULT.S_OK;
 		}
 
-		public void GetSecondarySecurity(out SECURITY_OBJECT[] securityObjects, out uint securityObjectCount)
+		public HRESULT GetSecondarySecurity(out SECURITY_OBJECT[] securityObjects, out uint securityObjectCount)
 		{
 			System.Diagnostics.Debug.WriteLine("GetSecondarySecurity:");
 			securityObjects = new SECURITY_OBJECT[0];
 			securityObjectCount = 0;
+			return HRESULT.S_OK;
 		}
 
-		void ISecurityObjectTypeInfo.GetInheritSource(int si, PACL pAcl, out INHERITED_FROM[] ppInheritArray)
+		HRESULT ISecurityObjectTypeInfo.GetInheritSource(int si, PACL pAcl, out INHERITED_FROM[] ppInheritArray)
 		{
 			System.Diagnostics.Debug.WriteLine($"GetInheritSource: {(SECURITY_INFORMATION)si}");
 			ppInheritArray = prov.GetInheritSource(fullObjectName, objectInfo.pszServerName, objectInfo.IsContainer, (uint)si, pAcl);
+			return HRESULT.S_OK;
 		}
 
-		public void SetProvider(IAccessControlEditorDialogProvider provider)
-		{
-			prov = provider;
-		}
+		public void SetProvider(IAccessControlEditorDialogProvider provider) => prov = provider;
 
 		public RawSecurityDescriptor ShowDialog(HWND hWnd, SI_PAGE_TYPE pageType = SI_PAGE_TYPE.SI_PAGE_PERM, SI_PAGE_ACTIVATED pageAct = SI_PAGE_ACTIVATED.SI_SHOW_DEFAULT)
 		{
 			System.Diagnostics.Debug.WriteLine($"ShowDialog: {pageType} {pageAct}");
 			SecurityEventArg sd = null;
-			EventHandler<SecurityEventArg> fn = (o, e) => sd = e;
+			void fn(object o, SecurityEventArg e) => sd = e;
 			try
 			{
 				OnSetSecurity += fn;
@@ -215,7 +228,7 @@ namespace Vanara.Security.AccessControl
 			return null;
 		}
 
-		public uint ComputeEffectivePermissionWithSecondarySecurity(PSID pSid, PSID pDeviceSid, string pszServerName, SECURITY_OBJECT[] pSecurityObjects, uint dwSecurityObjectCount, in TOKEN_GROUPS pUserGroups, Authz.AUTHZ_SID_OPERATION[] pAuthzUserGroupsOperations, in TOKEN_GROUPS pDeviceGroups, Authz.AUTHZ_SID_OPERATION[] pAuthzDeviceGroupsOperations, in Authz.AUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAuthzUserClaims, Authz.AUTHZ_SECURITY_ATTRIBUTE_OPERATION[] pAuthzUserClaimsOperations, in Authz.AUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAuthzDeviceClaims, Authz.AUTHZ_SECURITY_ATTRIBUTE_OPERATION[] pAuthzDeviceClaimsOperations, EFFPERM_RESULT_LIST[] pEffpermResultLists)
+		public HRESULT ComputeEffectivePermissionWithSecondarySecurity(PSID pSid, PSID pDeviceSid, string pszServerName, SECURITY_OBJECT[] pSecurityObjects, uint dwSecurityObjectCount, in TOKEN_GROUPS pUserGroups, Authz.AUTHZ_SID_OPERATION[] pAuthzUserGroupsOperations, in TOKEN_GROUPS pDeviceGroups, Authz.AUTHZ_SID_OPERATION[] pAuthzDeviceGroupsOperations, in Authz.AUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAuthzUserClaims, Authz.AUTHZ_SECURITY_ATTRIBUTE_OPERATION[] pAuthzUserClaimsOperations, in Authz.AUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAuthzDeviceClaims, Authz.AUTHZ_SECURITY_ATTRIBUTE_OPERATION[] pAuthzDeviceClaimsOperations, EFFPERM_RESULT_LIST[] pEffpermResultLists)
 		{
 			System.Diagnostics.Debug.WriteLine($"ComputeEffectivePermissionWithSecondarySecurity({dwSecurityObjectCount}):{new SecurityIdentifier((IntPtr)pSid).Value};{new SecurityIdentifier((IntPtr)pDeviceSid).Value}");
 			if (dwSecurityObjectCount != 1)