sean-m
/
Vanara
mirror of https://github.com/dahall/Vanara.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated to match changes to AclUI interfaces.

pull/60/head
David Hall 2019-04-08 19:45:04 -06:00
parent 73792290f6
commit 578e84ac80
3 changed files with 58 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
WIndows.Forms/Dialogs/AccessControlEditor/Providers.cs
View File

@ -56,8 +56,9 @@ namespace Vanara.Security.AccessControl
/// <param name="serverName">Name of the server. This can be <c>null</c>.</param> /// <param name="serverName">Name of the server. This can be <c>null</c>.</param>
/// <param name="pSecurityDescriptor">A pointer to the security descriptor.</param> /// <param name="pSecurityDescriptor">A pointer to the security descriptor.</param>
/// <param name="objectTypeList">The object type list.</param> /// <param name="objectTypeList">The object type list.</param>
/// <param name="grantedAccessList">An array of access masks.</param>
/// <returns>An array of access masks.</returns> /// <returns>An array of access masks.</returns>
uint[] GetEffectivePermission(Guid objTypeId, PSID pUserSid, string serverName, PSECURITY_DESCRIPTOR pSecurityDescriptor, out OBJECT_TYPE_LIST[] objectTypeList); HRESULT GetEffectivePermission(Guid objTypeId, PSID pUserSid, string serverName, PSECURITY_DESCRIPTOR pSecurityDescriptor, out OBJECT_TYPE_LIST[] objectTypeList, out uint[] grantedAccessList);
/// <summary>Gets the generic mapping for standard rights.</summary> /// <summary>Gets the generic mapping for standard rights.</summary>
/// <param name="aceFlags">The ace flags.</param> /// <param name="aceFlags">The ace flags.</param>
@ -126,10 +127,7 @@ namespace Vanara.Security.AccessControl
/// <summary>Gets a default Security Descriptor for resetting the security of the object.</summary> /// <summary>Gets a default Security Descriptor for resetting the security of the object.</summary>
/// <returns>Pointer to a Security Descriptor.</returns> /// <returns>Pointer to a Security Descriptor.</returns>
public virtual IntPtr GetDefaultSecurity() public virtual IntPtr GetDefaultSecurity() => IntPtr.Zero;
{
throw new NotImplementedException();
}
/// <summary> /// <summary>
/// Gets the effective permissions for the provided Sid within the Security Descriptor. /// Gets the effective permissions for the provided Sid within the Security Descriptor.
@ -153,11 +151,14 @@ namespace Vanara.Security.AccessControl
/// <param name="serverName">Name of the server. This can be <c>null</c>.</param> /// <param name="serverName">Name of the server. This can be <c>null</c>.</param>
/// <param name="pSecurityDescriptor">A pointer to the security descriptor.</param> /// <param name="pSecurityDescriptor">A pointer to the security descriptor.</param>
/// <param name="objectTypeList">The object type list.</param> /// <param name="objectTypeList">The object type list.</param>
/// <returns>An array of access masks.</returns> /// <param name="grantedAccessList">An array of access masks.</param>
/// <returns></returns>
/// <exception cref="System.NotImplementedException"></exception> /// <exception cref="System.NotImplementedException"></exception>
public virtual uint[] GetEffectivePermission(Guid objTypeId, PSID pUserSid, string serverName, PSECURITY_DESCRIPTOR pSecurityDescriptor, out OBJECT_TYPE_LIST[] objectTypeList) public virtual HRESULT GetEffectivePermission(Guid objTypeId, PSID pUserSid, string serverName, PSECURITY_DESCRIPTOR pSecurityDescriptor, out OBJECT_TYPE_LIST[] objectTypeList, out uint[] grantedAccessList)
{ {
throw new NotImplementedException(); objectTypeList = null;
grantedAccessList = null;
return HRESULT.E_NOTIMPL;
} }
/// <summary>Gets the generic mapping for standard rights.</summary> /// <summary>Gets the generic mapping for standard rights.</summary>
@ -219,6 +220,10 @@ namespace Vanara.Security.AccessControl
internal class FileProvider : GenericProvider internal class FileProvider : GenericProvider
{ {
private const string defaultSecuritySddl = "O:WDG:BAD:AI(A;CIIO;FA;;;WD)(A;;FA;;;BA)S:AI(AU;SAFACIIO;FA;;;WD)";
public static readonly SafeSecurityDescriptor defaultSd = ConvertStringSecurityDescriptorToSecurityDescriptor(defaultSecuritySddl);
public override ResourceType ResourceType => ResourceType.FileObject; public override ResourceType ResourceType => ResourceType.FileObject;
public override void GetAccessListInfo(SI_OBJECT_INFO_Flags flags, out SI_ACCESS[] rights, out uint defaultIndex) public override void GetAccessListInfo(SI_OBJECT_INFO_Flags flags, out SI_ACCESS[] rights, out uint defaultIndex)
@ -252,6 +257,8 @@ namespace Vanara.Security.AccessControl
defaultIndex = 3; defaultIndex = 3;
} }
public override IntPtr GetDefaultSecurity() => defaultSd.DangerousGetHandle();
public override GENERIC_MAPPING GetGenericMapping(sbyte aceFlags) => public override GENERIC_MAPPING GetGenericMapping(sbyte aceFlags) =>
new GENERIC_MAPPING((uint)(FileSystemRights.Read | FileSystemRights.Synchronize), new GENERIC_MAPPING((uint)(FileSystemRights.Read | FileSystemRights.Synchronize),
(uint)(FileSystemRights.Write | FileSystemRights.Synchronize), 0x1200A0, (uint)FileSystemRights.FullControl); (uint)(FileSystemRights.Write | FileSystemRights.Synchronize), 0x1200A0, (uint)FileSystemRights.FullControl);
@ -270,6 +277,8 @@ namespace Vanara.Security.AccessControl
internal class KernelProvider : GenericProvider internal class KernelProvider : GenericProvider
{ {
public override ResourceType ResourceType => ResourceType.KernelObject; public override ResourceType ResourceType => ResourceType.KernelObject;
//public override IntPtr GetDefaultSecurity() => IntPtr.Zero;
} }
internal class RegistryProvider : GenericProvider internal class RegistryProvider : GenericProvider
@ -296,6 +305,8 @@ namespace Vanara.Security.AccessControl
defaultIndex = 11; defaultIndex = 11;
} }
//public override IntPtr GetDefaultSecurity() => IntPtr.Zero;
public override GENERIC_MAPPING GetGenericMapping(sbyte aceFlags) => new GENERIC_MAPPING((uint)RegistryRights.ReadKey, (uint)RegistryRights.WriteKey, (uint)RegistryRights.ExecuteKey, (uint)RegistryRights.FullControl); public override GENERIC_MAPPING GetGenericMapping(sbyte aceFlags) => new GENERIC_MAPPING((uint)RegistryRights.ReadKey, (uint)RegistryRights.WriteKey, (uint)RegistryRights.ExecuteKey, (uint)RegistryRights.FullControl);
public override INHERITED_FROM[] GetInheritSource(string objName, string serverName, bool isContainer, uint si, PACL pAcl) public override INHERITED_FROM[] GetInheritSource(string objName, string serverName, bool isContainer, uint si, PACL pAcl)
@ -355,6 +366,8 @@ namespace Vanara.Security.AccessControl
defaultIndex = 3; defaultIndex = 3;
} }
//public override IntPtr GetDefaultSecurity() => IntPtr.Zero;
public override GENERIC_MAPPING GetGenericMapping(sbyte aceFlags) => new GENERIC_MAPPING(0x120089, 0x120116, 0x1200A0, 0x1F01FF); public override GENERIC_MAPPING GetGenericMapping(sbyte aceFlags) => new GENERIC_MAPPING(0x120089, 0x120116, 0x1200A0, 0x1F01FF);
public override INHERITED_FROM[] GetInheritSource(string objName, string serverName, bool isContainer, uint si, PACL pAcl) public override INHERITED_FROM[] GetInheritSource(string objName, string serverName, bool isContainer, uint si, PACL pAcl)
@ -373,7 +386,7 @@ namespace Vanara.Security.AccessControl
// var acl = RawAclFromPtr(pAcl); // var acl = RawAclFromPtr(pAcl);
// for (int i = 0; i < acl.Count; i++) { } // for (int i = 0; i < acl.Count; i++) { }
return new INHERITED_FROM[GetAceCount(pAcl)]; return new INHERITED_FROM[pAcl.GetAceCount()];
} }
} }
} }

2
WIndows.Forms/Dialogs/AccessControlEditor/SecuredObject.cs
View File

@ -89,7 +89,7 @@ namespace Vanara.Security.AccessControl
catch { } catch { }
} }
if (ObjectSecurity == null) if (ObjectSecurity == null)
throw new ArgumentException("Object must have a GetAccessControl member."); throw new ArgumentException("Object must be valid and have a GetAccessControl member.");
// Get the object names // Get the object names
switch (knownObject.GetType().Name) switch (knownObject.GetType().Name)

57
WIndows.Forms/Dialogs/AccessControlEditor/SecurityInfoImpl.cs
View File

@ -47,7 +47,7 @@ namespace Vanara.Security.AccessControl
get => pSD.ToArray(); set => pSD = new SafeByteArray(value); get => pSD.ToArray(); set => pSD = new SafeByteArray(value);
} }
void IEffectivePermission.GetEffectivePermission(in Guid pguidObjectType, PSID pUserSid, string pszServerName, PSECURITY_DESCRIPTOR pSecDesc, out OBJECT_TYPE_LIST[] ppObjectTypeList, out uint pcObjectTypeListLength, out uint[] ppGrantedAccessList, out uint pcGrantedAccessListLength) HRESULT IEffectivePermission.GetEffectivePermission(in Guid pguidObjectType, PSID pUserSid, string pszServerName, PSECURITY_DESCRIPTOR pSecDesc, out OBJECT_TYPE_LIST[] ppObjectTypeList, out uint pcObjectTypeListLength, out uint[] ppGrantedAccessList, out uint pcGrantedAccessListLength)
{ {
System.Diagnostics.Debug.WriteLine($"GetEffectivePermission: {pguidObjectType}, {pszServerName}"); System.Diagnostics.Debug.WriteLine($"GetEffectivePermission: {pguidObjectType}, {pszServerName}");
if (pguidObjectType == Guid.Empty) if (pguidObjectType == Guid.Empty)
@ -59,36 +59,41 @@ namespace Vanara.Security.AccessControl
} }
else else
{ {
ppGrantedAccessList = prov.GetEffectivePermission(pguidObjectType, pUserSid, pszServerName, pSecDesc, out ppObjectTypeList); var hr = prov.GetEffectivePermission(pguidObjectType, pUserSid, pszServerName, pSecDesc, out ppObjectTypeList, out ppGrantedAccessList);
pcGrantedAccessListLength = (uint)ppGrantedAccessList.Length; pcGrantedAccessListLength = (uint)(ppGrantedAccessList?.Length ?? 0);
pcObjectTypeListLength = (uint)ppObjectTypeList.Length; pcObjectTypeListLength = (uint)(ppObjectTypeList?.Length ?? 0);
if (hr.Failed) return hr;
} }
return HRESULT.S_OK;
} }
void ISecurityInformation.GetAccessRights(in Guid guidObject, int dwFlags, out SI_ACCESS[] access, ref uint accessCount, out uint defaultAccess) HRESULT ISecurityInformation.GetAccessRights(in Guid guidObject, int dwFlags, out SI_ACCESS[] access, ref uint accessCount, out uint defaultAccess)
{ {
System.Diagnostics.Debug.WriteLine($"GetAccessRight: {guidObject}, {(SI_OBJECT_INFO_Flags)dwFlags}"); System.Diagnostics.Debug.WriteLine($"GetAccessRight: {guidObject}, {(SI_OBJECT_INFO_Flags)dwFlags}");
prov.GetAccessListInfo((SI_OBJECT_INFO_Flags)dwFlags, out var ari, out var defAcc); prov.GetAccessListInfo((SI_OBJECT_INFO_Flags)dwFlags, out var ari, out var defAcc);
defaultAccess = defAcc; defaultAccess = defAcc;
access = ari; access = ari;
accessCount = (uint)access.Length; accessCount = (uint)access.Length;
return HRESULT.S_OK;
} }
void ISecurityInformation.GetInheritTypes(out SI_INHERIT_TYPE[] inheritTypes, out uint inheritTypesCount) HRESULT ISecurityInformation.GetInheritTypes(out SI_INHERIT_TYPE[] inheritTypes, out uint inheritTypesCount)
{ {
System.Diagnostics.Debug.WriteLine("GetInheritTypes"); System.Diagnostics.Debug.WriteLine("GetInheritTypes");
inheritTypes = prov.GetInheritTypes(); inheritTypes = prov.GetInheritTypes();
inheritTypesCount = (uint)inheritTypes.Length; inheritTypesCount = (uint)inheritTypes.Length;
return HRESULT.S_OK;
} }
void ISecurityInformation.GetObjectInformation(ref SI_OBJECT_INFO objInfo) HRESULT ISecurityInformation.GetObjectInformation(ref SI_OBJECT_INFO objInfo)
{ {
System.Diagnostics.Debug.WriteLine($"GetObjectInformation: {objInfo.dwFlags} {currentElevation}"); System.Diagnostics.Debug.WriteLine($"GetObjectInformation: {objInfo.dwFlags} {currentElevation}");
objInfo = objectInfo; objInfo = objectInfo;
objInfo.dwFlags &= ~(currentElevation); objInfo.dwFlags &= ~(currentElevation);
return HRESULT.S_OK;
} }
void ISecurityInformation.GetSecurity(SECURITY_INFORMATION requestInformation, out PSECURITY_DESCRIPTOR ppSecurityDescriptor, bool fDefault) HRESULT ISecurityInformation.GetSecurity(SECURITY_INFORMATION requestInformation, out PSECURITY_DESCRIPTOR ppSecurityDescriptor, bool fDefault)
{ {
System.Diagnostics.Debug.WriteLine($"GetSecurity: {requestInformation}{(fDefault ? " (Def)" : "")}"); System.Diagnostics.Debug.WriteLine($"GetSecurity: {requestInformation}{(fDefault ? " (Def)" : "")}");
var sd = new PSECURITY_DESCRIPTOR(fDefault ? prov.GetDefaultSecurity() : (IntPtr)pSD); var sd = new PSECURITY_DESCRIPTOR(fDefault ? prov.GetDefaultSecurity() : (IntPtr)pSD);
@ -97,32 +102,40 @@ namespace Vanara.Security.AccessControl
$"GetSecurity={ret.ToSddl(requestInformation) ?? "null"} <- {sd.ToSddl(requestInformation) ?? "null"}"); $"GetSecurity={ret.ToSddl(requestInformation) ?? "null"} <- {sd.ToSddl(requestInformation) ?? "null"}");
ppSecurityDescriptor = ret.DangerousGetHandle(); ppSecurityDescriptor = ret.DangerousGetHandle();
ret.SetHandleAsInvalid(); ret.SetHandleAsInvalid();
return HRESULT.S_OK;
} }
void ISecurityInformation.MapGeneric(in Guid guidObjectType, ref sbyte AceFlags, ref uint Mask) HRESULT ISecurityInformation.MapGeneric(in Guid guidObjectType, ref sbyte AceFlags, ref uint Mask)
{ {
var stMask = Mask; var stMask = Mask;
var gm = prov.GetGenericMapping(AceFlags); var gm = prov.GetGenericMapping(AceFlags);
MapGenericMask(ref Mask, ref gm); MapGenericMask(ref Mask, gm);
//if (Mask != gm.GenericAll) //if (Mask != gm.GenericAll)
// Mask &= ~(uint)FileSystemRights.Synchronize; // Mask &= ~(uint)FileSystemRights.Synchronize;
System.Diagnostics.Debug.WriteLine($"MapGeneric: {guidObjectType}, {(AceFlags)AceFlags}, 0x{stMask:X}->0x{Mask:X}"); System.Diagnostics.Debug.WriteLine($"MapGeneric: {guidObjectType}, {(AceFlags)AceFlags}, 0x{stMask:X}->0x{Mask:X}");
return HRESULT.S_OK;
} }
void ISecurityInformation.PropertySheetPageCallback(HWND hwnd, PropertySheetCallbackMessage uMsg, SI_PAGE_TYPE uPage) HRESULT ISecurityInformation.PropertySheetPageCallback(HWND hwnd, PropertySheetCallbackMessage uMsg, SI_PAGE_TYPE uPage)
{ {
System.Diagnostics.Debug.WriteLine($"PropertySheetPageCallback: {hwnd}, {uMsg}, {uPage}"); System.Diagnostics.Debug.WriteLine($"PropertySheetPageCallback: {hwnd}, {uMsg}, {uPage}");
prov.PropertySheetPageCallback(hwnd, uMsg, uPage); prov.PropertySheetPageCallback(hwnd, uMsg, uPage);
return HRESULT.S_OK;
} }
void ISecurityInformation.SetSecurity(SECURITY_INFORMATION requestInformation, PSECURITY_DESCRIPTOR sd) HRESULT ISecurityInformation.SetSecurity(SECURITY_INFORMATION requestInformation, PSECURITY_DESCRIPTOR sd)
{ {
OnSetSecurity?.Invoke(this, new SecurityEventArg(new SafeSecurityDescriptor((IntPtr)sd, false), requestInformation)); OnSetSecurity?.Invoke(this, new SecurityEventArg(new SafeSecurityDescriptor((IntPtr)sd, false), requestInformation));
return HRESULT.S_OK;
} }
string ISecurityInformation3.GetFullResourceName() => fullObjectName; HRESULT ISecurityInformation3.GetFullResourceName(out string name)
{
name = fullObjectName;
return HRESULT.S_OK;
}
void ISecurityInformation3.OpenElevatedEditor(HWND hWnd, SI_PAGE_TYPE uPage) HRESULT ISecurityInformation3.OpenElevatedEditor(HWND hWnd, SI_PAGE_TYPE uPage)
{ {
var pgType = (SI_PAGE_TYPE)LOWORD((uint)uPage); var pgType = (SI_PAGE_TYPE)LOWORD((uint)uPage);
var pgActv = (SI_PAGE_ACTIVATED)HIWORD((uint)uPage); var pgActv = (SI_PAGE_ACTIVATED)HIWORD((uint)uPage);
@ -160,31 +173,31 @@ namespace Vanara.Security.AccessControl
} }
ShowDialog(hWnd, pgType, pgActv); ShowDialog(hWnd, pgType, pgActv);
currentElevation = lastElev; currentElevation = lastElev;
return HRESULT.S_OK;
} }
public void GetSecondarySecurity(out SECURITY_OBJECT[] securityObjects, out uint securityObjectCount) public HRESULT GetSecondarySecurity(out SECURITY_OBJECT[] securityObjects, out uint securityObjectCount)
{ {
System.Diagnostics.Debug.WriteLine("GetSecondarySecurity:"); System.Diagnostics.Debug.WriteLine("GetSecondarySecurity:");
securityObjects = new SECURITY_OBJECT[0]; securityObjects = new SECURITY_OBJECT[0];
securityObjectCount = 0; securityObjectCount = 0;
return HRESULT.S_OK;
} }
void ISecurityObjectTypeInfo.GetInheritSource(int si, PACL pAcl, out INHERITED_FROM[] ppInheritArray) HRESULT ISecurityObjectTypeInfo.GetInheritSource(int si, PACL pAcl, out INHERITED_FROM[] ppInheritArray)
{ {
System.Diagnostics.Debug.WriteLine($"GetInheritSource: {(SECURITY_INFORMATION)si}"); System.Diagnostics.Debug.WriteLine($"GetInheritSource: {(SECURITY_INFORMATION)si}");
ppInheritArray = prov.GetInheritSource(fullObjectName, objectInfo.pszServerName, objectInfo.IsContainer, (uint)si, pAcl); ppInheritArray = prov.GetInheritSource(fullObjectName, objectInfo.pszServerName, objectInfo.IsContainer, (uint)si, pAcl);
return HRESULT.S_OK;
} }
public void SetProvider(IAccessControlEditorDialogProvider provider) public void SetProvider(IAccessControlEditorDialogProvider provider) => prov = provider;
{
prov = provider;
}
public RawSecurityDescriptor ShowDialog(HWND hWnd, SI_PAGE_TYPE pageType = SI_PAGE_TYPE.SI_PAGE_PERM, SI_PAGE_ACTIVATED pageAct = SI_PAGE_ACTIVATED.SI_SHOW_DEFAULT) public RawSecurityDescriptor ShowDialog(HWND hWnd, SI_PAGE_TYPE pageType = SI_PAGE_TYPE.SI_PAGE_PERM, SI_PAGE_ACTIVATED pageAct = SI_PAGE_ACTIVATED.SI_SHOW_DEFAULT)
{ {
System.Diagnostics.Debug.WriteLine($"ShowDialog: {pageType} {pageAct}"); System.Diagnostics.Debug.WriteLine($"ShowDialog: {pageType} {pageAct}");
SecurityEventArg sd = null; SecurityEventArg sd = null;
EventHandler<SecurityEventArg> fn = (o, e) => sd = e; void fn(object o, SecurityEventArg e) => sd = e;
try try
{ {
OnSetSecurity += fn; OnSetSecurity += fn;
@ -215,7 +228,7 @@ namespace Vanara.Security.AccessControl
return null; return null;
} }
public uint ComputeEffectivePermissionWithSecondarySecurity(PSID pSid, PSID pDeviceSid, string pszServerName, SECURITY_OBJECT[] pSecurityObjects, uint dwSecurityObjectCount, in TOKEN_GROUPS pUserGroups, Authz.AUTHZ_SID_OPERATION[] pAuthzUserGroupsOperations, in TOKEN_GROUPS pDeviceGroups, Authz.AUTHZ_SID_OPERATION[] pAuthzDeviceGroupsOperations, in Authz.AUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAuthzUserClaims, Authz.AUTHZ_SECURITY_ATTRIBUTE_OPERATION[] pAuthzUserClaimsOperations, in Authz.AUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAuthzDeviceClaims, Authz.AUTHZ_SECURITY_ATTRIBUTE_OPERATION[] pAuthzDeviceClaimsOperations, EFFPERM_RESULT_LIST[] pEffpermResultLists) public HRESULT ComputeEffectivePermissionWithSecondarySecurity(PSID pSid, PSID pDeviceSid, string pszServerName, SECURITY_OBJECT[] pSecurityObjects, uint dwSecurityObjectCount, in TOKEN_GROUPS pUserGroups, Authz.AUTHZ_SID_OPERATION[] pAuthzUserGroupsOperations, in TOKEN_GROUPS pDeviceGroups, Authz.AUTHZ_SID_OPERATION[] pAuthzDeviceGroupsOperations, in Authz.AUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAuthzUserClaims, Authz.AUTHZ_SECURITY_ATTRIBUTE_OPERATION[] pAuthzUserClaimsOperations, in Authz.AUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAuthzDeviceClaims, Authz.AUTHZ_SECURITY_ATTRIBUTE_OPERATION[] pAuthzDeviceClaimsOperations, EFFPERM_RESULT_LIST[] pEffpermResultLists)
{ {
System.Diagnostics.Debug.WriteLine($"ComputeEffectivePermissionWithSecondarySecurity({dwSecurityObjectCount}):{new SecurityIdentifier((IntPtr)pSid).Value};{new SecurityIdentifier((IntPtr)pDeviceSid).Value}"); System.Diagnostics.Debug.WriteLine($"ComputeEffectivePermissionWithSecondarySecurity({dwSecurityObjectCount}):{new SecurityIdentifier((IntPtr)pSid).Value};{new SecurityIdentifier((IntPtr)pDeviceSid).Value}");
if (dwSecurityObjectCount != 1) if (dwSecurityObjectCount != 1)