diff --git a/PInvoke/Security/AdvApi32/AccCtrl.cs b/PInvoke/Security/AdvApi32/AccCtrl.cs
index 7c0246c2..cfcd0d8f 100644
--- a/PInvoke/Security/AdvApi32/AccCtrl.cs
+++ b/PInvoke/Security/AdvApi32/AccCtrl.cs
@@ -3,977 +3,915 @@ using System.Runtime.InteropServices;
using Vanara.Extensions;
using Vanara.InteropServices;
-namespace Vanara.PInvoke
+namespace Vanara.PInvoke;
+
+public static partial class AdvApi32
{
- public static partial class AdvApi32
+ ///
+ ///
+ /// The ACCESS_MODE enumeration contains values that indicate how the access rights in an EXPLICIT_ACCESS structure apply to the
+ /// trustee. Functions such as SetEntriesInAcl and GetExplicitEntriesFromAcl use these values to set or retrieve information in an access
+ /// control entry (ACE).
+ ///
+ ///
+ // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ne-accctrl-_access_mode typedef enum _ACCESS_MODE { NOT_USED_ACCESS,
+ // GRANT_ACCESS, SET_ACCESS, DENY_ACCESS, REVOKE_ACCESS, SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE } ACCESS_MODE;
+ [PInvokeData("accctrl.h", MSDNShortId = "52d1b3a3-eed5-4603-9056-520320da2a52")]
+ public enum ACCESS_MODE
+ {
+ /// Value not used.
+ NOT_USED_ACCESS,
+
+ ///
+ /// Indicates an ACCESS_ALLOWED_ACE structure. The new ACE combines the specified rights with any existing allowed or denied rights
+ /// of the trustee.
+ ///
+ GRANT_ACCESS,
+
+ ///
+ /// Indicates an ACCESS_ALLOWED_ACEstructure that allows the specified rights. On input, this value discards any existing access
+ /// control information for the trustee.
+ ///
+ SET_ACCESS,
+
+ ///
+ /// Indicates an ACCESS_DENIED_ACEstructure that denies the specified rights. On input, this value denies the specified rights in
+ /// addition to any currently denied rights of the trustee.
+ ///
+ DENY_ACCESS,
+
+ /// Indicates that all existing ACCESS_ALLOWED_ACE or SYSTEM_AUDIT_ACE structures for the specified trustee are removed.
+ REVOKE_ACCESS,
+
+ ///
+ /// Indicates a SYSTEM_AUDIT_ACEstructure that generates audit messages for successful attempts to use the specified access rights.
+ /// On input, this value combines the specified rights with any existing audited access rights for the trustee.
+ ///
+ SET_AUDIT_SUCCESS,
+ }
+
+ /// Indicates how the access rights specified by the Access and ProvSpecificAccess members apply to the trustee.
+ [PInvokeData("accctrl.h", MSDNShortId = "bcb2ad72-7b00-4582-b05e-e00720a4db77")]
+ [Flags]
+ public enum ACTRL_ACCESS_FLAGS : uint
+ {
+ /// The rights are allowed.
+ ACTRL_ACCESS_ALLOWED = 0x00000001,
+
+ /// The rights are denied.
+ ACTRL_ACCESS_DENIED = 0x00000002,
+
+ /// The system generates audit messages for failed attempts to use the rights.
+ ACTRL_AUDIT_SUCCESS = 0x00000004,
+
+ /// The system generates audit messages for successful attempts to use the rights.
+ ACTRL_AUDIT_FAILURE = 0x00000008,
+ }
+
+ /// Flags that specify information about the pProperty property.
+ [PInvokeData("accctrl.h", MSDNShortId = "90b13dd1-0ca6-4674-b9fa-a61aed4637d7")]
+ [Flags]
+ public enum ACTRL_PROPERTY_FLAGS : uint
+ {
+ /// Protects the object or property from inheriting access-control entries.
+ ACTRL_ACCESS_PROTECTED = 0x00000001
+ }
+
+ ///
+ /// A set of bit flags that determine whether other containers or objects can inherit the ACE from the primary object to which the ACL is
+ /// attached. The value of this member corresponds to the inheritance portion (low-order byte) of the AceFlags member of the ACE_HEADER structure.
+ ///
+ [Flags]
+ public enum INHERIT_FLAGS : uint
+ {
+ ///
+ /// The specific access permissions will only be applied to the container, and will not be inherited by objects created within the container.
+ ///
+ NO_INHERITANCE = 0,
+
+ /// Noncontainer objects contained by the primary object inherit the entry.
+ OBJECT_INHERIT_ACE = 1,
+
+ ///
+ /// Noncontainer objects contained by the primary object inherit the ACE. This flag corresponds to the OBJECT_INHERIT_ACE flag.
+ ///
+ SUB_OBJECTS_ONLY_INHERIT = OBJECT_INHERIT_ACE,
+
+ /// Other containers that are contained by the primary object inherit the entry.
+ CONTAINER_INHERIT_ACE = 2,
+
+ ///
+ /// Other containers that are contained by the primary object inherit the ACE. This flag corresponds to the CONTAINER_INHERIT_ACE flag.
+ ///
+ SUB_CONTAINERS_ONLY_INHERIT = CONTAINER_INHERIT_ACE,
+
+ ///
+ /// Both containers and noncontainer objects that are contained by the primary object inherit the ACE. This flag corresponds to the
+ /// combination of the CONTAINER_INHERIT_ACE and OBJECT_INHERIT_ACE flags.
+ ///
+ SUB_CONTAINERS_AND_OBJECTS_INHERIT = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
+
+ /// The ObjectInheritAce and ContainerInheritAce bits are not propagated to an inherited ACE.
+ NO_PROPAGATE_INHERIT_ACE = 4,
+
+ ///
+ /// The ACE does not apply to the primary object to which the ACL is attached, but objects contained by the primary object inherit
+ /// the entry.
+ ///
+ INHERIT_ONLY_ACE = 8,
+
+ ///
+ /// The ACE is inherited. Operations that change the security on a tree of objects may modify inherited ACEs without changing ACEs
+ /// that were directly applied to the object.
+ ///
+ INHERITED_ACE = 0x10,
+
+ /// The access right is displayed on the advanced security pages.
+ SI_ACCESS_SPECIFIC = 0x00010000,
+
+ /// The access right is displayed on the basic security page.
+ SI_ACCESS_GENERAL = 0x00020000,
+
+ ///
+ /// Indicates an access right that applies only to containers. If this flag is set, the access right is displayed on the basic
+ /// security page only if the SI_CONTAINER flag is also set.
+ ///
+ SI_ACCESS_CONTAINER = 0x00040000,
+
+ /// Indicates a property-specific access right.
+ SI_ACCESS_PROPERTY = 0x00080000,
+ }
+
+ ///
+ /// The MULTIPLE_TRUSTEE_OPERATION enumeration contains values that indicate whether a TRUSTEE structure is an impersonation trustee.
+ ///
+ [PInvokeData("AccCtrl.h", MSDNShortId = "aa379284")]
+ public enum MULTIPLE_TRUSTEE_OPERATION
+ {
+ /// The trustee is not an impersonation trustee.
+ NO_MULTIPLE_TRUSTEE,
+
+ ///
+ /// The trustee is an impersonation trustee. The pMultipleTrustee member of the TRUSTEE structure points to a trustee for a server
+ /// that can impersonate the client trustee.
+ ///
+ TRUSTEE_IS_IMPERSONATE
+ }
+
+ ///
+ ///
+ /// The PROG_INVOKE_SETTING enumeration indicates the initial setting of the function used to track the progress of a call to the
+ /// TreeSetNamedSecurityInfo or TreeResetNamedSecurityInfo function.
+ ///
+ ///
+ // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ne-accctrl-_progress_invoke_setting typedef enum _PROGRESS_INVOKE_SETTING
+ // { ProgressInvokeNever, ProgressInvokeEveryObject, ProgressInvokeOnError, ProgressCancelOperation, ProgressRetryOperation,
+ // ProgressInvokePrePostError } PROG_INVOKE_SETTING, *PPROG_INVOKE_SETTING;
+ [PInvokeData("accctrl.h", MSDNShortId = "3eee30d6-7d9d-468f-b6ba-e172da523169")]
+ public enum PROG_INVOKE_SETTING
+ {
+ /// Never invoke the progress function.
+ ProgressInvokeNever = 1,
+
+ /// Invoke the progress function for every object.
+ ProgressInvokeEveryObject,
+
+ /// Invoke the progress function only when an error is encountered.
+ ProgressInvokeOnError,
+
+ /// Discontinue the tree operation.
+ ProgressCancelOperation,
+
+ /// Retry the tree operation.
+ ProgressRetryOperation,
+
+ /// Invoke the progress function before and after applying security on the object and on the error.
+ ProgressInvokePrePostError,
+ }
+
+ ///
+ /// The SE_OBJECT_TYPE enumeration contains values that correspond to the types of Windows objects that support security. The functions,
+ /// such as GetSecurityInfo and SetSecurityInfo, that set and retrieve the security information of an object, use these values to
+ /// indicate the type of object.
+ ///
+ [PInvokeData("AccCtrl.h", MSDNShortId = "aa379593")]
+ public enum SE_OBJECT_TYPE
+ {
+ /// Unknown object type.
+ SE_UNKNOWN_OBJECT_TYPE = 0,
+
+ /// Indicates a file or directory. The name string that identifies a file or directory object can be in one of the following formats:
+ ///
+ /// A relative path, such as FileName.dat or ..\FileName
+ /// An absolute path, such as FileName.dat, C:\DirectoryName\FileName.dat, or G:\RemoteDirectoryName\FileName.dat.
+ /// A UNC name, such as \\ComputerName\ShareName\FileName.dat.
+ ///
+ ///
+ SE_FILE_OBJECT,
+
+ ///
+ /// Indicates a Windows service. A service object can be a local service, such as ServiceName, or a remote service, such as \\ComputerName\ServiceName.
+ ///
+ SE_SERVICE,
+
+ /// Indicates a printer. A printer object can be a local printer, such as PrinterName, or a remote printer, such as \\ComputerName\PrinterName.
+ SE_PRINTER,
+
+ ///
+ /// Indicates a registry key. A registry key object can be in the local registry, such as CLASSES_ROOT\SomePath or in a remote
+ /// registry, such as \\ComputerName\CLASSES_ROOT\SomePath.
+ ///
+ /// The names of registry keys must use the following literal strings to identify the predefined registry keys: "CLASSES_ROOT",
+ /// "CURRENT_USER", "MACHINE", and "USERS".
+ ///
+ ///
+ SE_REGISTRY_KEY,
+
+ /// Indicates a network share. A share object can be local, such as ShareName, or remote, such as \\ComputerName\ShareName.
+ SE_LMSHARE,
+
+ ///
+ /// Indicates a local kernel object. The GetSecurityInfo and SetSecurityInfo functions support all types of kernel objects. The
+ /// GetNamedSecurityInfo and SetNamedSecurityInfo functions work only with the following kernel objects: semaphore, event, mutex,
+ /// waitable timer, and file mapping.
+ ///
+ SE_KERNEL_OBJECT,
+
+ ///
+ /// Indicates a window station or desktop object on the local computer. You cannot use GetNamedSecurityInfo and SetNamedSecurityInfo
+ /// with these objects because the names of window stations or desktops are not unique.
+ ///
+ SE_WINDOW_OBJECT,
+
+ ///
+ /// Indicates a directory service object or a property set or property of a directory service object. The name string for a directory
+ /// service object must be in X.500 form, for example:
+ /// CN=SomeObject,OU=ou2,OU=ou1,DC=DomainName,DC=CompanyName,DC=com,O=internet
+ ///
+ SE_DS_OBJECT,
+
+ /// Indicates a directory service object and all of its property sets and properties.
+ SE_DS_OBJECT_ALL,
+
+ /// Indicates a provider-defined object.
+ SE_PROVIDER_DEFINED_OBJECT,
+
+ /// Indicates a WMI object.
+ SE_WMIGUID_OBJECT,
+
+ /// Indicates an object for a registry entry under WOW64.
+ SE_REGISTRY_WOW64_32KEY
+ }
+
+ ///
+ /// The TRUSTEE_FORM enumeration contains values that indicate the type of data pointed to by the ptstrName member of the structure.
+ ///
+ [PInvokeData("AccCtrl.h", MSDNShortId = "aa379638")]
+ public enum TRUSTEE_FORM
+ {
+ /// The ptstrName member is a pointer to a security identifier (SID) that identifies the trustee.
+ TRUSTEE_IS_SID,
+
+ /// The ptstrName member is a pointer to a null-terminated string that identifies the trustee.
+ TRUSTEE_IS_NAME,
+
+ /// Indicates a trustee form that is not valid.
+ TRUSTEE_BAD_FORM,
+
+ ///
+ /// The ptstrName member is a pointer to an OBJECTS_AND_SID structure that contains the SID of the trustee and the GUIDs of the
+ /// object types in an object-specific access control entry (ACE).
+ ///
+ TRUSTEE_IS_OBJECTS_AND_SID,
+
+ ///
+ /// The ptstrName member is a pointer to an OBJECTS_AND_NAME structure that contains the name of the trustee and the names of the
+ /// object types in an object-specific ACE.
+ ///
+ TRUSTEE_IS_OBJECTS_AND_NAME
+ }
+
+ ///
+ /// The TRUSTEE_TYPE enumeration contains values that indicate the type of trustee identified by a structure.
+ ///
+ [PInvokeData("AccCtrl.h", MSDNShortId = "aa379639")]
+ public enum TRUSTEE_TYPE
+ {
+ /// The trustee type is unknown, but it may be valid.
+ TRUSTEE_IS_UNKNOWN,
+
+ /// Indicates a user.
+ TRUSTEE_IS_USER,
+
+ /// Indicates a group.
+ TRUSTEE_IS_GROUP,
+
+ /// Indicates a domain.
+ TRUSTEE_IS_DOMAIN,
+
+ /// Indicates an alias.
+ TRUSTEE_IS_ALIAS,
+
+ /// Indicates a well-known group.
+ TRUSTEE_IS_WELL_KNOWN_GROUP,
+
+ /// Indicates a deleted account.
+ TRUSTEE_IS_DELETED,
+
+ /// Indicates a trustee type that is not valid.
+ TRUSTEE_IS_INVALID,
+
+ /// Indicates a computer.
+ TRUSTEE_IS_COMPUTER
+ }
+
+ ///
+ /// Contains access-control information for a specified trustee. This structure stores information equivalent to the access-control
+ /// information stored in an ACE.
+ ///
+ // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_actrl_access_entrya typedef struct _ACTRL_ACCESS_ENTRYA {
+ // TRUSTEE_A Trustee; ULONG fAccessFlags; ACCESS_RIGHTS Access; ACCESS_RIGHTS ProvSpecificAccess; INHERIT_FLAGS Inheritance; LPSTR
+ // lpInheritProperty; } ACTRL_ACCESS_ENTRYA, *PACTRL_ACCESS_ENTRYA;
+ [PInvokeData("accctrl.h", MSDNShortId = "bcb2ad72-7b00-4582-b05e-e00720a4db77")]
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
+ public struct ACTRL_ACCESS_ENTRY
+ {
+ ///
+ /// A TRUSTEE structure that identifies the user, group, or program (such as a service) to which the access-control entry applies.
+ ///
+ public TRUSTEE Trustee;
+
+ ///
+ ///
+ /// Indicates how the access rights specified by the Access and ProvSpecificAccess members apply to the trustee. This
+ /// member can be one of the following values. If you are using this structure with the COM implementation of IAccessControl, this
+ /// member must be ACTRL_ACCESS_ALLOWED or ACTRL_ACCESS_DENIED.
+ ///
+ ///
+ ///
+ /// Value
+ /// Meaning
+ ///
+ /// -
+ /// ACTRL_ACCESS_ALLOWED 0x00000001
+ /// The rights are allowed.
+ ///
+ /// -
+ /// ACTRL_ACCESS_DENIED 0x00000002
+ /// The rights are denied.
+ ///
+ /// -
+ /// ACTRL_AUDIT_SUCCESS 0x00000004
+ /// The system generates audit messages for failed attempts to use the rights.
+ ///
+ /// -
+ /// ACTRL_AUDIT_FAILURE 0x00000008
+ /// The system generates audit messages for successful attempts to use the rights.
+ ///
+ ///
+ ///
+ public ACTRL_ACCESS_FLAGS fAccessFlags;
+
+ ///
+ /// A bitmask that specifies the access rights that the entry allows, denies, or audits for the trustee.
+ ///
+ /// This member must use the provider-independent access flags, such as ACTRL_READ_CONTROL, rather than access flags such as
+ /// READ_CONTROL. The provider for the object type converts these provider-independent flags to the corresponding provider-specific flags.
+ ///
+ /// If you are using this structure with the COM implementation of IAccessControl, this member must be COM_RIGHTS_EXECUTE.
+ /// ACTRL_SYSTEM_ACCESS
+ /// ACTRL_DELETE
+ /// ACTRL_READ_CONTROL
+ /// ACTRL_CHANGE_ACCESS
+ /// ACTRL_CHANGE_OWNER
+ /// ACTRL_SYNCHRONIZE
+ /// ACTRL_STD_RIGHTS_ALL
+ /// ACTRL_STD_RIGHT_REQUIRED
+ /// COM_RIGHTS_EXECUTE
+ /// COM_RIGHTS_EXECUTE_LOCAL
+ /// COM_RIGHTS_EXECUTE_REMOTE
+ /// COM_RIGHTS_ACTIVATE_LOCAL
+ /// COM_RIGHTS_ACTIVATE_REMOTE
+ ///
+ public uint Access;
+
+ ///
+ /// A bitmask that specifies access rights specific to the provider type. The functions that use the ACTRL_ACCESS_ENTRY
+ /// structure pass these bits on to the provider without interpreting them. In most cases, this member should be 0.
+ ///
+ public uint ProvSpecificAccess;
+
+ ///
+ ///
+ /// A set of bit flags that determines whether other containers or objects can inherit the access-control entry from the primary
+ /// object to which the access list is attached. If you are using this structure with the COM implementation of IAccessControl, this
+ /// value must be NO_INHERITANCE, which indicates that the access-control entry is not inheritable. Otherwise, this value can be
+ /// NO_INHERITANCE or it can be a combination of the following values.
+ ///
+ ///
+ ///
+ /// Value
+ /// Meaning
+ ///
+ /// -
+ /// CONTAINER_INHERIT_ACE 0x2
+ /// Other containers that are contained by the primary object inherit the entry.
+ ///
+ /// -
+ /// INHERIT_ONLY_ACE 0x8
+ ///
+ /// The ACE does not apply to the primary object to which the ACL is attached, but objects contained by the primary object inherit
+ /// the entry.
+ ///
+ ///
+ /// -
+ /// NO_PROPAGATE_INHERIT_ACE 0x4
+ /// The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags are not propagated to an inherited entry.
+ ///
+ /// -
+ /// OBJECT_INHERIT_ACE 0x1
+ /// Noncontainer objects contained by the primary object inherit the entry.
+ ///
+ /// -
+ /// SUB_CONTAINERS_AND_OBJECTS_INHERIT 0x3
+ ///
+ /// Both containers and noncontainer objects that are contained by the primary object inherit the entry. This flag corresponds to the
+ /// combination of the CONTAINER_INHERIT_ACE and OBJECT_INHERIT_ACE flags.
+ ///
+ ///
+ /// -
+ /// SUB_CONTAINERS_ONLY_INHERIT 0x2
+ ///
+ /// Other containers that are contained by the primary object inherit the entry. This flag corresponds to the CONTAINER_INHERIT_ACE flag.
+ ///
+ ///
+ /// -
+ /// SUB_OBJECTS_ONLY_INHERIT 0x1
+ ///
+ /// Noncontainer objects contained by the primary object inherit the entry. This flag corresponds to the OBJECT_INHERIT_ACE flag.
+ ///
+ ///
+ ///
+ ///
+ public INHERIT_FLAGS Inheritance;
+
+ ///
+ /// A pointer to a null-terminated string that identifies the object types that can inherit the entry. If you are using this
+ /// structure with the COM implementation of IAccessControl, this member must be NULL.
+ ///
+ public string lpInheritProperty;
+ }
+
+ /// Contains a list of access entries.
+ ///
+ ///
+ /// To create an empty access list, set cEntries to zero and pAccessList to NULL. An empty list does not grant
+ /// access to any trustee, and thus, denies all access to an object.
+ ///
+ ///
+ /// To create a null access list, set the pAccessEntryList member of the ACTRL_PROPERTY_ENTRY structure to NULL. A null
+ /// access list grants everyone full access to the object.
+ ///
+ ///
+ // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_actrl_access_entry_lista typedef struct
+ // _ACTRL_ACCESS_ENTRY_LISTA { ULONG cEntries; ACTRL_ACCESS_ENTRYA *pAccessList; } ACTRL_ACCESS_ENTRY_LISTA, *PACTRL_ACCESS_ENTRY_LISTA;
+ [PInvokeData("accctrl.h", MSDNShortId = "d0e71756-0247-4c6b-b8b5-a343121b7406")]
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
+ public struct ACTRL_ACCESS_ENTRY_LIST
+ {
+ /// The number of entries in the pAccessList array.
+ public uint cEntries;
+
+ ///
+ /// A pointer to an array of ACTRL_ACCESS_ENTRY structures. Each structure specifies access-control information for a specified trustee.
+ ///
+ public IntPtr pAccessList;
+ }
+
+ /// Contains an array of access-control lists for an object and its properties.
+ /// Note the following type definition.
+ // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_actrl_alista typedef struct _ACTRL_ALISTA { ULONG cEntries;
+ // PACTRL_PROPERTY_ENTRYA pPropertyAccessList; } ACTRL_ACCESSA, *PACTRL_ACCESSA, ACTRL_AUDITA, *PACTRL_AUDITA;
+ [PInvokeData("accctrl.h", MSDNShortId = "d7fb10c1-ebb8-44cf-b61c-a70a787b324f")]
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
+ public struct ACTRL_ALIST
+ {
+ /// The number of entries in the pPropertyAccessList array.
+ public uint cEntries;
+
+ ///
+ /// An array of ACTRL_PROPERTY_ENTRY structures. Each structure contains a list of access-control entries for an object or a
+ /// specified property on the object.
+ ///
+ public IntPtr pPropertyAccessList;
+ }
+
+ /// Contains a list of access-control entries for an object or a specified property on an object.
+ ///
+ ///
+ /// To create an ACTRL_PROPERTY_ENTRY structure that grants everyone full access to an object, set the pAccessEntryList
+ /// member to NULL.
+ ///
+ ///
+ /// To create an ACTRL_PROPERTY_ENTRY structure that denies all access to an object, set the pAccessEntryList member to
+ /// point to an ACTRL_ACCESS_ENTRY_LIST structure whose cEntries member is 0 and pAccessList member is NULL.
+ ///
+ ///
+ // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_actrl_property_entrya typedef struct _ACTRL_PROPERTY_ENTRYA {
+ // LPSTR lpProperty; PACTRL_ACCESS_ENTRY_LISTA pAccessEntryList; ULONG fListFlags; } ACTRL_PROPERTY_ENTRYA, *PACTRL_PROPERTY_ENTRYA;
+ [PInvokeData("accctrl.h", MSDNShortId = "90b13dd1-0ca6-4674-b9fa-a61aed4637d7")]
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
+ public struct ACTRL_PROPERTY_ENTRY
+ {
+ ///
+ /// The GUID of a property on an object. Use the UuidToString function to generate a string representation of a property GUID.
+ ///
+ public string lpProperty;
+
+ /// A pointer to an ACTRL_ACCESS_ENTRY_LIST structure that contains a list of access-control entries.
+ public IntPtr pAccessEntryList;
+
+ ///
+ /// Flags that specify information about the pProperty property. This member can be 0 or the following value.
+ ///
+ ///
+ /// Value
+ /// Meaning
+ ///
+ /// -
+ /// ACTRL_ACCESS_PROTECTED 0x00000001
+ /// Protects the object or property from inheriting access-control entries.
+ ///
+ ///
+ ///
+ public ACTRL_PROPERTY_FLAGS fListFlags;
+ }
+
+ ///
+ /// The EXPLICIT_ACCESS structure defines access control information for a specified trustee. Access control functions, such as
+ /// SetEntriesInAcl and GetExplicitEntriesFromAcl, use this structure to describe the information in an access control entry(ACE) of an
+ /// access control list (ACL).
+ ///
+ // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_explicit_access_a typedef struct _EXPLICIT_ACCESS_A { DWORD
+ // grfAccessPermissions; ACCESS_MODE grfAccessMode; DWORD grfInheritance; TRUSTEE_A Trustee; } EXPLICIT_ACCESS_A,
+ // *PEXPLICIT_ACCESS_A, EXPLICIT_ACCESSA, *PEXPLICIT_ACCESSA;
+ [PInvokeData("accctrl.h", MSDNShortId = "6fe09542-10dd-439c-adf8-a4e06943ddb2")]
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
+ public struct EXPLICIT_ACCESS
+ {
+ ///
+ /// A set of bit flags that use the ACCESS_MASK format to specify the access rights that an ACE allows, denies, or audits for the
+ /// trustee. The functions that use the EXPLICIT_ACCESS structure do not convert, interpret, or validate the bits in this mask.
+ ///
+ public ACCESS_MASK grfAccessPermissions;
+
+ ///
+ /// A value from the ACCESS_MODE enumeration. For a discretionary access control list (DACL), this flag indicates whether the ACL
+ /// allows or denies the specified access rights. For a system access control list (SACL), this flag indicates whether the ACL
+ /// generates audit messages for successful attempts to use the specified access rights, or failed attempts, or both. When modifying
+ /// an existing ACL, you can specify the REVOKE_ACCESS flag to remove any existing ACEs for the specified trustee.
+ ///
+ public ACCESS_MODE grfAccessMode;
+
+ ///
+ ///
+ /// A set of bit flags that determines whether other containers or objects can inherit the ACE from the primary object to which the
+ /// ACL is attached. The value of this member corresponds to the inheritance portion (low-order byte) of the AceFlags member
+ /// of the ACE_HEADER structure. This parameter can be NO_INHERITANCE to indicate that the ACE is not inheritable; or it can be a
+ /// combination of the following values.
+ ///
+ ///
+ ///
+ /// Value
+ /// Meaning
+ ///
+ /// -
+ /// CONTAINER_INHERIT_ACE
+ /// Other containers that are contained by the primary object inherit the ACE.
+ ///
+ /// -
+ /// INHERIT_NO_PROPAGATE
+ /// Inherit but do not propagate.
+ ///
+ /// -
+ /// INHERIT_ONLY
+ /// Inherit only.
+ ///
+ /// -
+ /// INHERIT_ONLY_ACE
+ ///
+ /// The ACE does not apply to the primary object to which the ACL is attached, but objects contained by the primary object inherit
+ /// the ACE.
+ ///
+ ///
+ /// -
+ /// NO_INHERITANCE
+ /// Do not inherit.
+ ///
+ /// -
+ /// NO_PROPAGATE_INHERIT_ACE
+ /// The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags are not propagated to an inherited ACE.
+ ///
+ /// -
+ /// OBJECT_INHERIT_ACE
+ /// Noncontainer objects contained by the primary object inherit the ACE.
+ ///
+ /// -
+ /// SUB_CONTAINERS_AND_OBJECTS_INHERIT
+ ///
+ /// Both containers and noncontainer objects that are contained by the primary object inherit the ACE. This flag corresponds to the
+ /// combination of the CONTAINER_INHERIT_ACE and OBJECT_INHERIT_ACE flags.
+ ///
+ ///
+ /// -
+ /// SUB_CONTAINERS_ONLY_INHERIT
+ ///
+ /// Other containers that are contained by the primary object inherit the ACE. This flag corresponds to the CONTAINER_INHERIT_ACE flag.
+ ///
+ ///
+ /// -
+ /// SUB_OBJECTS_ONLY_INHERIT
+ /// Noncontainer objects contained by the primary object inherit the ACE. This flag corresponds to the OBJECT_INHERIT_ACE flag.
+ ///
+ ///
+ ///
+ public INHERIT_FLAGS grfInheritance;
+
+ /// A TRUSTEE structure that identifies the user, group, or program (such as a Windows service) to which the ACE applies.
+ public TRUSTEE Trustee;
+ }
+
+ /// Provides information about an object's inherited access control entry (ACE).
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
+ [PInvokeData("AccCtrl.h", MSDNShortId = "aa378845")]
+ public struct INHERITED_FROM
+ {
+ ///
+ /// Number of levels, or generations, between the object and the ancestor. Set this to zero for an explicit ACE. If the ancestor
+ /// cannot be determined for the inherited ACE, set this member to –1.
+ ///
+ public int GenerationGap;
+
+ /// Name of the ancestor from which the ACE was inherited. For an explicit ACE, set this to null.
+ [MarshalAs(UnmanagedType.LPTStr)]
+ public string AncestorName;
+
+ /// Initializes a new instance of the structure.
+ /// The generation gap.
+ /// Name of the ancestor.
+ public INHERITED_FROM(int generationGap, string ancestorName)
+ {
+ GenerationGap = generationGap;
+ AncestorName = ancestorName;
+ }
+
+ /// Returns a that represents this instance.
+ /// A that represents this instance.
+ public override string ToString() => $"{AncestorName} : 0x{GenerationGap:X}";
+
+ /// ACE is explicit.
+ public static readonly INHERITED_FROM Explicit = new(0, null);
+
+ /// ACE inheritance cannot be determined.
+ public static readonly INHERITED_FROM Indeterminate = new(-1, null);
+ }
+
+ ///
+ /// The OBJECTS_AND_NAME structure contains a string that identifies a trustee by name and additional strings that identify the
+ /// object types of an object-specific access control entry (ACE).
+ ///
+ ///
+ /// The ptstrName member of a TRUSTEE structure can be a pointer to an OBJECTS_AND_NAME structure. This enables functions
+ /// such as SetEntriesInAcl and GetExplicitEntriesFromAcl to store object-specific ACE information in the Trustee member of an
+ /// EXPLICIT_ACCESS structure.
+ ///
+ // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_objects_and_name_a typedef struct _OBJECTS_AND_NAME_A { DWORD
+ // ObjectsPresent; SE_OBJECT_TYPE ObjectType; LPSTR ObjectTypeName; LPSTR InheritedObjectTypeName; LPSTR ptstrName; } OBJECTS_AND_NAME_A, *POBJECTS_AND_NAME_A;
+ [PInvokeData("accctrl.h", MSDNShortId = "ad91a302-f693-44e9-9655-ec4488ff78c4")]
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto, Pack = 4)]
+ public struct OBJECTS_AND_NAME
{
///
///
- /// The ACCESS_MODE enumeration contains values that indicate how the access rights in an EXPLICIT_ACCESS structure apply to
- /// the trustee. Functions such as SetEntriesInAcl and GetExplicitEntriesFromAcl use these values to set or retrieve information in
- /// an access control entry (ACE).
+ /// Indicates whether the ObjectTypeName and InheritedObjectTypeName members contain strings. This parameter can be a
+ /// combination of the following values.
+ ///
+ ///
+ ///
+ /// Value
+ /// Meaning
+ ///
+ /// -
+ /// ACE_OBJECT_TYPE_PRESENT 0x1
+ /// The ObjectTypeName member contains a string.
+ ///
+ /// -
+ /// ACE_INHERITED_OBJECT_TYPE_PRESENT 0x2
+ /// The InheritedObjectTypeName member contains a string.
+ ///
+ ///
+ ///
+ public AceObjectPresence ObjectsPresent;
+
+ /// Specifies a value from the SE_OBJECT_TYPE enumeration that indicates the type of object.
+ public SE_OBJECT_TYPE ObjectType;
+
+ ///
+ /// A pointer to a null-terminated string that identifies the type of object to which the ACE applies.
+ /// This string must be a valid LDAP display name in the Active Directory schema.
+ ///
+ public StrPtrAuto ObjectTypeName;
+
+ ///
+ /// A pointer to a null-terminated string that identifies the type of object that can inherit the ACE.
+ /// This string must be a valid LDAP display name in the Active Directory schema.
+ ///
+ /// If the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is not set in the ObjectsPresent member, the InheritedObjectTypeName
+ /// member is ignored, and all types of child objects can inherit the ACE. Otherwise, only the specified object type can inherit the
+ /// ACE. In either case, inheritance is also controlled by the inheritance flags in the ACE_HEADERstructure as well as by any
+ /// protection against inheritance placed on the child objects.
///
///
- // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ne-accctrl-_access_mode typedef enum _ACCESS_MODE { NOT_USED_ACCESS,
- // GRANT_ACCESS, SET_ACCESS, DENY_ACCESS, REVOKE_ACCESS, SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE } ACCESS_MODE;
- [PInvokeData("accctrl.h", MSDNShortId = "52d1b3a3-eed5-4603-9056-520320da2a52")]
- public enum ACCESS_MODE
- {
- /// Value not used.
- NOT_USED_ACCESS,
+ public StrPtrAuto InheritedObjectTypeName;
- ///
- /// Indicates an ACCESS_ALLOWED_ACE structure. The new ACE combines the specified rights with any existing allowed or denied
- /// rights of the trustee.
- ///
- GRANT_ACCESS,
-
- ///
- /// Indicates an ACCESS_ALLOWED_ACEstructure that allows the specified rights. On input, this value discards any existing access
- /// control information for the trustee.
- ///
- SET_ACCESS,
-
- ///
- /// Indicates an ACCESS_DENIED_ACEstructure that denies the specified rights. On input, this value denies the specified rights in
- /// addition to any currently denied rights of the trustee.
- ///
- DENY_ACCESS,
-
- ///
- /// Indicates that all existing ACCESS_ALLOWED_ACE or SYSTEM_AUDIT_ACE structures for the specified trustee are removed.
- ///
- REVOKE_ACCESS,
-
- ///
- /// Indicates a SYSTEM_AUDIT_ACEstructure that generates audit messages for successful attempts to use the specified access
- /// rights. On input, this value combines the specified rights with any existing audited access rights for the trustee.
- ///
- SET_AUDIT_SUCCESS,
- }
+ /// A pointer to a null-terminated string that contains the name of the trustee.
+ public StrPtrAuto ptstrName;
+ }
+ ///
+ /// The OBJECTS_AND_SID structure contains a security identifier (SID) that identifies a trustee and GUIDs that identify the
+ /// object types of an object-specific access control entry (ACE).
+ ///
+ ///
+ ///
+ /// The ptstrName member of a TRUSTEE structure can be a pointer to an OBJECTS_AND_SID structure. This enables functions
+ /// such as SetEntriesInAcl and GetExplicitEntriesFromAcl to store object-specific ACE information in the Trustee member of an
+ /// EXPLICIT_ACCESS structure.
+ ///
+ ///
+ /// When you use this structure in a call to SetEntriesInAcl, ObjectTypeGuid and InheritedObjectTypeGuid must be valid
+ /// schema identifiers in the Active Directory schema. The system does not verify the GUIDs; they are used as is.
+ ///
+ ///
+ // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_objects_and_sid typedef struct _OBJECTS_AND_SID { DWORD
+ // ObjectsPresent; GUID ObjectTypeGuid; GUID InheritedObjectTypeGuid; SID *pSid; } OBJECTS_AND_SID, *POBJECTS_AND_SID;
+ [PInvokeData("accctrl.h", MSDNShortId = "77ba8a3c-01e5-4a3e-835f-c7b9ef60035a")]
+ [StructLayout(LayoutKind.Sequential, Pack = 4)]
+ public struct OBJECTS_AND_SID
+ {
///
- /// Indicates how the access rights specified by the Access and ProvSpecificAccess members apply to the trustee.
+ ///
+ /// Indicates whether the ObjectTypeGuid and InheritedObjectTypeGuid members contain GUIDs. This parameter can be a
+ /// combination of the following values.
+ ///
+ ///
+ ///
+ /// Value
+ /// Meaning
+ ///
+ /// -
+ /// ACE_OBJECT_TYPE_PRESENT 0x1
+ /// The ObjectTypeGuid member contains a GUID.
+ ///
+ /// -
+ /// ACE_INHERITED_OBJECT_TYPE_PRESENT 0x2
+ /// The InheritedObjectTypeGuid member contains a GUID.
+ ///
+ ///
///
- [PInvokeData("accctrl.h", MSDNShortId = "bcb2ad72-7b00-4582-b05e-e00720a4db77")]
- [Flags]
- public enum ACTRL_ACCESS_FLAGS : uint
- {
- /// The rights are allowed.
- ACTRL_ACCESS_ALLOWED = 0x00000001,
-
- /// The rights are denied.
- ACTRL_ACCESS_DENIED = 0x00000002,
-
- /// The system generates audit messages for failed attempts to use the rights.
- ACTRL_AUDIT_SUCCESS = 0x00000004,
-
- /// The system generates audit messages for successful attempts to use the rights.
- ACTRL_AUDIT_FAILURE = 0x00000008,
- }
-
- /// Flags that specify information about the pProperty property.
- [PInvokeData("accctrl.h", MSDNShortId = "90b13dd1-0ca6-4674-b9fa-a61aed4637d7")]
- [Flags]
- public enum ACTRL_PROPERTY_FLAGS : uint
- {
- /// Protects the object or property from inheriting access-control entries.
- ACTRL_ACCESS_PROTECTED = 0x00000001
- }
-
- ///
- /// A set of bit flags that determine whether other containers or objects can inherit the ACE from the primary object to which the
- /// ACL is attached. The value of this member corresponds to the inheritance portion (low-order byte) of the AceFlags member of the
- /// ACE_HEADER structure.
- ///
- [Flags]
- public enum INHERIT_FLAGS : uint
- {
- ///
- /// The specific access permissions will only be applied to the container, and will not be inherited by objects created within
- /// the container.
- ///
- NO_INHERITANCE = 0,
-
- /// Noncontainer objects contained by the primary object inherit the entry.
- OBJECT_INHERIT_ACE = 1,
-
- ///
- /// Noncontainer objects contained by the primary object inherit the ACE. This flag corresponds to the OBJECT_INHERIT_ACE flag.
- ///
- SUB_OBJECTS_ONLY_INHERIT = OBJECT_INHERIT_ACE,
-
- /// Other containers that are contained by the primary object inherit the entry.
- CONTAINER_INHERIT_ACE = 2,
-
- ///
- /// Other containers that are contained by the primary object inherit the ACE. This flag corresponds to the CONTAINER_INHERIT_ACE flag.
- ///
- SUB_CONTAINERS_ONLY_INHERIT = CONTAINER_INHERIT_ACE,
-
- ///
- /// Both containers and noncontainer objects that are contained by the primary object inherit the ACE. This flag corresponds to
- /// the combination of the CONTAINER_INHERIT_ACE and OBJECT_INHERIT_ACE flags.
- ///
- SUB_CONTAINERS_AND_OBJECTS_INHERIT = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
-
- /// The ObjectInheritAce and ContainerInheritAce bits are not propagated to an inherited ACE.
- NO_PROPAGATE_INHERIT_ACE = 4,
-
- ///
- /// The ACE does not apply to the primary object to which the ACL is attached, but objects contained by the primary object
- /// inherit the entry.
- ///
- INHERIT_ONLY_ACE = 8,
-
- ///
- /// The ACE is inherited. Operations that change the security on a tree of objects may modify inherited ACEs without changing
- /// ACEs that were directly applied to the object.
- ///
- INHERITED_ACE = 0x10,
-
- /// The access right is displayed on the advanced security pages.
- SI_ACCESS_SPECIFIC = 0x00010000,
-
- /// The access right is displayed on the basic security page.
- SI_ACCESS_GENERAL = 0x00020000,
-
- ///
- /// Indicates an access right that applies only to containers. If this flag is set, the access right is displayed on the basic
- /// security page only if the SI_CONTAINER flag is also set.
- ///
- SI_ACCESS_CONTAINER = 0x00040000,
-
- /// Indicates a property-specific access right.
- SI_ACCESS_PROPERTY = 0x00080000,
- }
-
- ///
- /// The MULTIPLE_TRUSTEE_OPERATION enumeration contains values that indicate whether a TRUSTEE structure is an impersonation trustee.
- ///
- [PInvokeData("AccCtrl.h", MSDNShortId = "aa379284")]
- public enum MULTIPLE_TRUSTEE_OPERATION
- {
- /// The trustee is not an impersonation trustee.
- NO_MULTIPLE_TRUSTEE,
-
- ///
- /// The trustee is an impersonation trustee. The pMultipleTrustee member of the TRUSTEE structure points to a trustee for a
- /// server that can impersonate the client trustee.
- ///
- TRUSTEE_IS_IMPERSONATE
- }
+ public AceObjectPresence ObjectsPresent;
///
///
- /// The PROG_INVOKE_SETTING enumeration indicates the initial setting of the function used to track the progress of a call to
- /// the TreeSetNamedSecurityInfo or TreeResetNamedSecurityInfo function.
+ /// A GUID structure that identifies the type of object, property set, or property protected by the ACE. If this ACE is inherited,
+ /// the GUID identifies the type of object, property set, or property protected by the inherited ACE. This GUID must be a valid
+ /// schema identifier in the Active Directory schema.
+ ///
+ ///
+ /// If the ACE_OBJECT_TYPE_PRESENT bit is not set in the ObjectsPresent member, the ObjectTypeGuid member is ignored,
+ /// and the ACE protects the object to which the ACL is assigned.
///
///
- // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ne-accctrl-_progress_invoke_setting typedef enum
- // _PROGRESS_INVOKE_SETTING { ProgressInvokeNever, ProgressInvokeEveryObject, ProgressInvokeOnError, ProgressCancelOperation,
- // ProgressRetryOperation, ProgressInvokePrePostError } PROG_INVOKE_SETTING, *PPROG_INVOKE_SETTING;
- [PInvokeData("accctrl.h", MSDNShortId = "3eee30d6-7d9d-468f-b6ba-e172da523169")]
- public enum PROG_INVOKE_SETTING
- {
- /// Never invoke the progress function.
- ProgressInvokeNever = 1,
-
- /// Invoke the progress function for every object.
- ProgressInvokeEveryObject,
-
- /// Invoke the progress function only when an error is encountered.
- ProgressInvokeOnError,
-
- /// Discontinue the tree operation.
- ProgressCancelOperation,
-
- /// Retry the tree operation.
- ProgressRetryOperation,
-
- /// Invoke the progress function before and after applying security on the object and on the error.
- ProgressInvokePrePostError,
- }
-
- ///
- /// The SE_OBJECT_TYPE enumeration contains values that correspond to the types of Windows objects that support security. The
- /// functions, such as GetSecurityInfo and SetSecurityInfo, that set and retrieve the security information of an object, use these
- /// values to indicate the type of object.
- ///
- [PInvokeData("AccCtrl.h", MSDNShortId = "aa379593")]
- public enum SE_OBJECT_TYPE
- {
- /// Unknown object type.
- SE_UNKNOWN_OBJECT_TYPE = 0,
-
- /// Indicates a file or directory. The name string that identifies a file or directory object can be in one of the following formats:
- ///
- /// A relative path, such as FileName.dat or ..\FileName
- /// An absolute path, such as FileName.dat, C:\DirectoryName\FileName.dat, or G:\RemoteDirectoryName\FileName.dat.
- /// A UNC name, such as \\ComputerName\ShareName\FileName.dat.
- ///
- ///
- SE_FILE_OBJECT,
-
- ///
- /// Indicates a Windows service. A service object can be a local service, such as ServiceName, or a remote service, such as \\ComputerName\ServiceName.
- ///
- SE_SERVICE,
-
- ///
- /// Indicates a printer. A printer object can be a local printer, such as PrinterName, or a remote printer, such as \\ComputerName\PrinterName.
- ///
- SE_PRINTER,
-
- ///
- /// Indicates a registry key. A registry key object can be in the local registry, such as CLASSES_ROOT\SomePath or in a remote
- /// registry, such as \\ComputerName\CLASSES_ROOT\SomePath.
- ///
- /// The names of registry keys must use the following literal strings to identify the predefined registry keys: "CLASSES_ROOT",
- /// "CURRENT_USER", "MACHINE", and "USERS".
- ///
- ///
- SE_REGISTRY_KEY,
-
- /// Indicates a network share. A share object can be local, such as ShareName, or remote, such as \\ComputerName\ShareName.
- SE_LMSHARE,
-
- ///
- /// Indicates a local kernel object. The GetSecurityInfo and SetSecurityInfo functions support all types of kernel objects. The
- /// GetNamedSecurityInfo and SetNamedSecurityInfo functions work only with the following kernel objects: semaphore, event, mutex,
- /// waitable timer, and file mapping.
- ///
- SE_KERNEL_OBJECT,
-
- ///
- /// Indicates a window station or desktop object on the local computer. You cannot use GetNamedSecurityInfo and
- /// SetNamedSecurityInfo with these objects because the names of window stations or desktops are not unique.
- ///
- SE_WINDOW_OBJECT,
-
- ///
- /// Indicates a directory service object or a property set or property of a directory service object. The name string for a
- /// directory service object must be in X.500 form, for example:
- /// CN=SomeObject,OU=ou2,OU=ou1,DC=DomainName,DC=CompanyName,DC=com,O=internet
- ///
- SE_DS_OBJECT,
-
- /// Indicates a directory service object and all of its property sets and properties.
- SE_DS_OBJECT_ALL,
-
- /// Indicates a provider-defined object.
- SE_PROVIDER_DEFINED_OBJECT,
-
- /// Indicates a WMI object.
- SE_WMIGUID_OBJECT,
-
- /// Indicates an object for a registry entry under WOW64.
- SE_REGISTRY_WOW64_32KEY
- }
-
- ///
- /// The TRUSTEE_FORM enumeration contains values that indicate the type of data pointed to by the ptstrName member of the structure.
- ///
- [PInvokeData("AccCtrl.h", MSDNShortId = "aa379638")]
- public enum TRUSTEE_FORM
- {
- /// The ptstrName member is a pointer to a security identifier (SID) that identifies the trustee.
- TRUSTEE_IS_SID,
-
- /// The ptstrName member is a pointer to a null-terminated string that identifies the trustee.
- TRUSTEE_IS_NAME,
-
- /// Indicates a trustee form that is not valid.
- TRUSTEE_BAD_FORM,
-
- ///
- /// The ptstrName member is a pointer to an OBJECTS_AND_SID structure that contains the SID of the trustee and the GUIDs of the
- /// object types in an object-specific access control entry (ACE).
- ///
- TRUSTEE_IS_OBJECTS_AND_SID,
-
- ///
- /// The ptstrName member is a pointer to an OBJECTS_AND_NAME structure that contains the name of the trustee and the names of the
- /// object types in an object-specific ACE.
- ///
- TRUSTEE_IS_OBJECTS_AND_NAME
- }
-
- ///
- /// The TRUSTEE_TYPE enumeration contains values that indicate the type of trustee identified by a structure.
- ///
- [PInvokeData("AccCtrl.h", MSDNShortId = "aa379639")]
- public enum TRUSTEE_TYPE
- {
- /// The trustee type is unknown, but it may be valid.
- TRUSTEE_IS_UNKNOWN,
-
- /// Indicates a user.
- TRUSTEE_IS_USER,
-
- /// Indicates a group.
- TRUSTEE_IS_GROUP,
-
- /// Indicates a domain.
- TRUSTEE_IS_DOMAIN,
-
- /// Indicates an alias.
- TRUSTEE_IS_ALIAS,
-
- /// Indicates a well-known group.
- TRUSTEE_IS_WELL_KNOWN_GROUP,
-
- /// Indicates a deleted account.
- TRUSTEE_IS_DELETED,
-
- /// Indicates a trustee type that is not valid.
- TRUSTEE_IS_INVALID,
-
- /// Indicates a computer.
- TRUSTEE_IS_COMPUTER
- }
+ public Guid ObjectTypeGuid;
///
///
- /// Contains access-control information for a specified trustee. This structure stores information equivalent to the access-control
- /// information stored in an ACE.
+ /// A GUID structure that identifies the type of object that can inherit the ACE. This GUID must be a valid schema identifier in the
+ /// Active Directory schema.
+ ///
+ ///
+ /// If the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is not set in the ObjectsPresent member, the InheritedObjectTypeGuid
+ /// member is ignored, and all types of child objects can inherit the ACE. Otherwise, only the specified object type can inherit the
+ /// ACE. In either case, inheritance is also controlled by the inheritance flags in the ACE_HEADERstructure as well as by any
+ /// protection against inheritance placed on the child objects.
///
///
- // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_actrl_access_entrya typedef struct _ACTRL_ACCESS_ENTRYA {
- // TRUSTEE_A Trustee; ULONG fAccessFlags; ACCESS_RIGHTS Access; ACCESS_RIGHTS ProvSpecificAccess; INHERIT_FLAGS Inheritance; LPSTR
- // lpInheritProperty; } ACTRL_ACCESS_ENTRYA, *PACTRL_ACCESS_ENTRYA;
- [PInvokeData("accctrl.h", MSDNShortId = "bcb2ad72-7b00-4582-b05e-e00720a4db77")]
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
- public struct ACTRL_ACCESS_ENTRY
- {
- ///
- ///
- /// A TRUSTEE structure that identifies the user, group, or program (such as a service) to which the access-control entry applies.
- ///
- ///
- public TRUSTEE Trustee;
+ public Guid InheritedObjectTypeGuid;
- ///
- ///
- /// Indicates how the access rights specified by the Access and ProvSpecificAccess members apply to the trustee.
- /// This member can be one of the following values. If you are using this structure with the COM implementation of
- /// IAccessControl, this member must be ACTRL_ACCESS_ALLOWED or ACTRL_ACCESS_DENIED.
- ///
- ///
- ///
- /// Value
- /// Meaning
- ///
- /// -
- /// ACTRL_ACCESS_ALLOWED 0x00000001
- /// The rights are allowed.
- ///
- /// -
- /// ACTRL_ACCESS_DENIED 0x00000002
- /// The rights are denied.
- ///
- /// -
- /// ACTRL_AUDIT_SUCCESS 0x00000004
- /// The system generates audit messages for failed attempts to use the rights.
- ///
- /// -
- /// ACTRL_AUDIT_FAILURE 0x00000008
- /// The system generates audit messages for successful attempts to use the rights.
- ///
- ///
- ///
- public ACTRL_ACCESS_FLAGS fAccessFlags;
+ /// A pointer to the SID of the trustee to whom the ACE applies.
+ public PSID pSid;
+ }
- ///
- /// A bitmask that specifies the access rights that the entry allows, denies, or audits for the trustee.
- ///
- /// This member must use the provider-independent access flags, such as ACTRL_READ_CONTROL, rather than access flags such as
- /// READ_CONTROL. The provider for the object type converts these provider-independent flags to the corresponding
- /// provider-specific flags.
- ///
- /// If you are using this structure with the COM implementation of IAccessControl, this member must be COM_RIGHTS_EXECUTE.
- /// ACTRL_SYSTEM_ACCESS
- /// ACTRL_DELETE
- /// ACTRL_READ_CONTROL
- /// ACTRL_CHANGE_ACCESS
- /// ACTRL_CHANGE_OWNER
- /// ACTRL_SYNCHRONIZE
- /// ACTRL_STD_RIGHTS_ALL
- /// ACTRL_STD_RIGHT_REQUIRED
- /// COM_RIGHTS_EXECUTE
- /// COM_RIGHTS_EXECUTE_LOCAL
- /// COM_RIGHTS_EXECUTE_REMOTE
- /// COM_RIGHTS_ACTIVATE_LOCAL
- /// COM_RIGHTS_ACTIVATE_REMOTE
- ///
- public uint Access;
+ ///
+ /// The TRUSTEE structure identifies the user account, group account, or logon session to which an access control entry (ACE) applies.
+ /// The structure can use a name or a security identifier (SID) to identify the trustee.
+ ///
+ /// Access control functions, such as SetEntriesInAcl and GetExplicitEntriesFromAcl, use this structure to identify the logon account
+ /// associated with the access control or audit control information in an EXPLICIT_ACCESS structure.
+ ///
+ ///
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
+ [PInvokeData("AccCtrl.h", MSDNShortId = "aa379636")]
+ public struct TRUSTEE
+ {
+ ///
+ /// A pointer to a TRUSTEE structure that identifies a server account that can impersonate the user identified by the ptstrName
+ /// member. This member is not currently supported and must be NULL.
+ ///
+ public IntPtr pMultipleTrustee;
- ///
- ///
- /// A bitmask that specifies access rights specific to the provider type. The functions that use the ACTRL_ACCESS_ENTRY
- /// structure pass these bits on to the provider without interpreting them. In most cases, this member should be 0.
- ///
- ///
- public uint ProvSpecificAccess;
+ /// A value of the MULTIPLE_TRUSTEE_OPERATION enumeration type. Currently, this member must be NO_MULTIPLE_TRUSTEE.
+ public MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
- ///
- ///
- /// A set of bit flags that determines whether other containers or objects can inherit the access-control entry from the primary
- /// object to which the access list is attached. If you are using this structure with the COM implementation of IAccessControl,
- /// this value must be NO_INHERITANCE, which indicates that the access-control entry is not inheritable. Otherwise, this value
- /// can be NO_INHERITANCE or it can be a combination of the following values.
- ///
- ///
- ///
- /// Value
- /// Meaning
- ///
- /// -
- /// CONTAINER_INHERIT_ACE 0x2
- /// Other containers that are contained by the primary object inherit the entry.
- ///
- /// -
- /// INHERIT_ONLY_ACE 0x8
- ///
- /// The ACE does not apply to the primary object to which the ACL is attached, but objects contained by the primary object
- /// inherit the entry.
- ///
- ///
- /// -
- /// NO_PROPAGATE_INHERIT_ACE 0x4
- /// The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags are not propagated to an inherited entry.
- ///
- /// -
- /// OBJECT_INHERIT_ACE 0x1
- /// Noncontainer objects contained by the primary object inherit the entry.
- ///
- /// -
- /// SUB_CONTAINERS_AND_OBJECTS_INHERIT 0x3
- ///
- /// Both containers and noncontainer objects that are contained by the primary object inherit the entry. This flag corresponds to
- /// the combination of the CONTAINER_INHERIT_ACE and OBJECT_INHERIT_ACE flags.
- ///
- ///
- /// -
- /// SUB_CONTAINERS_ONLY_INHERIT 0x2
- ///
- /// Other containers that are contained by the primary object inherit the entry. This flag corresponds to the
- /// CONTAINER_INHERIT_ACE flag.
- ///
- ///
- /// -
- /// SUB_OBJECTS_ONLY_INHERIT 0x1
- ///
- /// Noncontainer objects contained by the primary object inherit the entry. This flag corresponds to the OBJECT_INHERIT_ACE flag.
- ///
- ///
- ///
- ///
- public INHERIT_FLAGS Inheritance;
-
- ///
- ///
- /// A pointer to a null-terminated string that identifies the object types that can inherit the entry. If you are using this
- /// structure with the COM implementation of IAccessControl, this member must be NULL.
- ///
- ///
- public string lpInheritProperty;
- }
+ /// A value from the TRUSTEE_FORM enumeration type that indicates the type of data pointed to by the ptstrName member.
+ public TRUSTEE_FORM TrusteeForm;
///
- /// Contains a list of access entries.
+ /// A value from the TRUSTEE_TYPE enumeration type that indicates whether the trustee is a user account, a group account, or an
+ /// unknown account type.
///
- ///
- ///
- /// To create an empty access list, set cEntries to zero and pAccessList to NULL. An empty list does not grant
- /// access to any trustee, and thus, denies all access to an object.
- ///
- ///
- /// To create a null access list, set the pAccessEntryList member of the ACTRL_PROPERTY_ENTRY structure to NULL. A null
- /// access list grants everyone full access to the object.
- ///
- ///
- // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_actrl_access_entry_lista typedef struct
- // _ACTRL_ACCESS_ENTRY_LISTA { ULONG cEntries; ACTRL_ACCESS_ENTRYA *pAccessList; } ACTRL_ACCESS_ENTRY_LISTA, *PACTRL_ACCESS_ENTRY_LISTA;
- [PInvokeData("accctrl.h", MSDNShortId = "d0e71756-0247-4c6b-b8b5-a343121b7406")]
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
- public struct ACTRL_ACCESS_ENTRY_LIST
- {
- ///
- /// The number of entries in the pAccessList array.
- ///
- public uint cEntries;
-
- ///
- ///
- /// A pointer to an array of ACTRL_ACCESS_ENTRY structures. Each structure specifies access-control information for a specified trustee.
- ///
- ///
- public IntPtr pAccessList;
- }
+ public TRUSTEE_TYPE TrusteeType;
///
- /// Contains an array of access-control lists for an object and its properties.
+ /// A pointer to a buffer that identifies the trustee and, optionally, contains information about object-specific ACEs. The type of
+ /// data depends on the value of the TrusteeForm member. This member can be one of the following values.
+ ///
+ ///
+ /// Value
+ /// Meaning
+ ///
+ /// -
+ /// TRUSTEE_IS_NAME
+ /// A pointer to a null-terminated string that contains the name of the trustee.
+ ///
+ /// -
+ /// TRUSTEE_IS_OBJECTS_AND_NAME
+ ///
+ /// A pointer to an OBJECTS_AND_NAME structure that contains the name of the trustee and the names of the object types in an
+ /// object-specific ACE.
+ ///
+ ///
+ /// -
+ /// TRUSTEE_IS_OBJECTS_AND_SID
+ ///
+ /// A pointer to an OBJECTS_AND_SID structure that contains the SID of the trustee and the GUIDs of the object types in an
+ /// object-specific ACE.
+ ///
+ ///
+ /// -
+ /// TRUSTEE_IS_SID
+ /// Pointer to the SID of the trustee.
+ ///
+ ///
///
- ///
- /// Note the following type definition.
- ///
- // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_actrl_alista typedef struct _ACTRL_ALISTA { ULONG
- // cEntries; PACTRL_PROPERTY_ENTRYA pPropertyAccessList; } ACTRL_ACCESSA, *PACTRL_ACCESSA, ACTRL_AUDITA, *PACTRL_AUDITA;
- [PInvokeData("accctrl.h", MSDNShortId = "d7fb10c1-ebb8-44cf-b61c-a70a787b324f")]
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
- public struct ACTRL_ALIST
- {
- ///
- /// The number of entries in the pPropertyAccessList array.
- ///
- public uint cEntries;
+ public IntPtr ptstrName;
- ///
- ///
- /// An array of ACTRL_PROPERTY_ENTRY structures. Each structure contains a list of access-control entries for an object or a
- /// specified property on the object.
- ///
- ///
- public IntPtr pPropertyAccessList;
- }
+ /// Initializes a new instance of the struct.
+ /// The sid.
+ /// The sid type.
+ public TRUSTEE(PSID pSid, TRUSTEE_TYPE type = TRUSTEE_TYPE.TRUSTEE_IS_USER) : this() { ptstrName = (IntPtr)pSid; TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_SID; TrusteeType = type; }
- ///
- /// Contains a list of access-control entries for an object or a specified property on an object.
- ///
- ///
- ///
- /// To create an ACTRL_PROPERTY_ENTRY structure that grants everyone full access to an object, set the pAccessEntryList
- /// member to NULL.
- ///
- ///
- /// To create an ACTRL_PROPERTY_ENTRY structure that denies all access to an object, set the pAccessEntryList member to
- /// point to an ACTRL_ACCESS_ENTRY_LIST structure whose cEntries member is 0 and pAccessList member is NULL.
- ///
- ///
- // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_actrl_property_entrya typedef struct
- // _ACTRL_PROPERTY_ENTRYA { LPSTR lpProperty; PACTRL_ACCESS_ENTRY_LISTA pAccessEntryList; ULONG fListFlags; } ACTRL_PROPERTY_ENTRYA, *PACTRL_PROPERTY_ENTRYA;
- [PInvokeData("accctrl.h", MSDNShortId = "90b13dd1-0ca6-4674-b9fa-a61aed4637d7")]
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
- public struct ACTRL_PROPERTY_ENTRY
- {
- ///
- ///
- /// The GUID of a property on an object. Use the UuidToString function to generate a string representation of a property GUID.
- ///
- ///
- public string lpProperty;
+ /// Gets the name of the trustee.
+ ///
+ /// A trustee name can have any of the following formats:
+ ///
+ /// -
+ /// A fully qualified name, such as "g:\remotedir\abc".
+ ///
+ /// -
+ /// A domain account, such as "domain1\xyz".
+ ///
+ /// -
+ /// One of the predefined group names, such as "EVERYONE" or "GUEST".
+ ///
+ /// -
+ /// One of the following special names: "CREATOR GROUP", "CREATOR OWNER", "CURRENT_USER".
+ ///
+ ///
+ ///
+ public string Name => TrusteeForm == TRUSTEE_FORM.TRUSTEE_IS_NAME ? Marshal.PtrToStringAuto(ptstrName) : null;
- ///
- /// A pointer to an ACTRL_ACCESS_ENTRY_LIST structure that contains a list of access-control entries.
- ///
- public IntPtr pAccessEntryList;
+ /// Gets the sid for the trustee
+ /// The Sid.
+ public PSID Sid => TrusteeForm == TRUSTEE_FORM.TRUSTEE_IS_SID ? ptstrName : PSID.NULL;
- ///
- /// Flags that specify information about the pProperty property. This member can be 0 or the following value.
- ///
- ///
- /// Value
- /// Meaning
- ///
- /// -
- /// ACTRL_ACCESS_PROTECTED 0x00000001
- /// Protects the object or property from inheriting access-control entries.
- ///
- ///
- ///
- public ACTRL_PROPERTY_FLAGS fListFlags;
- }
+ /// Gets the from the field.
+ /// The structure.
+ public OBJECTS_AND_NAME ObjectsAndName => TrusteeForm == TRUSTEE_FORM.TRUSTEE_IS_OBJECTS_AND_NAME ? ptstrName.ToStructure() : default;
- ///
- ///
- /// The EXPLICIT_ACCESS structure defines access control information for a specified trustee. Access control functions, such
- /// as SetEntriesInAcl and GetExplicitEntriesFromAcl, use this structure to describe the information in an access control entry(ACE)
- /// of an access control list (ACL).
- ///
- ///
- // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_explicit_access_a typedef struct _EXPLICIT_ACCESS_A {
- // DWORD grfAccessPermissions; ACCESS_MODE grfAccessMode; DWORD grfInheritance; TRUSTEE_A Trustee; } EXPLICIT_ACCESS_A,
- // *PEXPLICIT_ACCESS_A, EXPLICIT_ACCESSA, *PEXPLICIT_ACCESSA;
- [PInvokeData("accctrl.h", MSDNShortId = "6fe09542-10dd-439c-adf8-a4e06943ddb2")]
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
- public struct EXPLICIT_ACCESS
- {
- ///
- ///
- /// A set of bit flags that use the ACCESS_MASK format to specify the access rights that an ACE allows, denies, or audits for the
- /// trustee. The functions that use the EXPLICIT_ACCESS structure do not convert, interpret, or validate the bits in this mask.
- ///
- ///
- public ACCESS_MASK grfAccessPermissions;
-
- ///
- ///
- /// A value from the ACCESS_MODE enumeration. For a discretionary access control list (DACL), this flag indicates whether the ACL
- /// allows or denies the specified access rights. For a system access control list (SACL), this flag indicates whether the ACL
- /// generates audit messages for successful attempts to use the specified access rights, or failed attempts, or both. When
- /// modifying an existing ACL, you can specify the REVOKE_ACCESS flag to remove any existing ACEs for the specified trustee.
- ///
- ///
- public ACCESS_MODE grfAccessMode;
-
- ///
- ///
- /// A set of bit flags that determines whether other containers or objects can inherit the ACE from the primary object to which
- /// the ACL is attached. The value of this member corresponds to the inheritance portion (low-order byte) of the AceFlags
- /// member of the ACE_HEADER structure. This parameter can be NO_INHERITANCE to indicate that the ACE is not inheritable; or it
- /// can be a combination of the following values.
- ///
- ///
- ///
- /// Value
- /// Meaning
- ///
- /// -
- /// CONTAINER_INHERIT_ACE
- /// Other containers that are contained by the primary object inherit the ACE.
- ///
- /// -
- /// INHERIT_NO_PROPAGATE
- /// Inherit but do not propagate.
- ///
- /// -
- /// INHERIT_ONLY
- /// Inherit only.
- ///
- /// -
- /// INHERIT_ONLY_ACE
- ///
- /// The ACE does not apply to the primary object to which the ACL is attached, but objects contained by the primary object
- /// inherit the ACE.
- ///
- ///
- /// -
- /// NO_INHERITANCE
- /// Do not inherit.
- ///
- /// -
- /// NO_PROPAGATE_INHERIT_ACE
- /// The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags are not propagated to an inherited ACE.
- ///
- /// -
- /// OBJECT_INHERIT_ACE
- /// Noncontainer objects contained by the primary object inherit the ACE.
- ///
- /// -
- /// SUB_CONTAINERS_AND_OBJECTS_INHERIT
- ///
- /// Both containers and noncontainer objects that are contained by the primary object inherit the ACE. This flag corresponds to
- /// the combination of the CONTAINER_INHERIT_ACE and OBJECT_INHERIT_ACE flags.
- ///
- ///
- /// -
- /// SUB_CONTAINERS_ONLY_INHERIT
- ///
- /// Other containers that are contained by the primary object inherit the ACE. This flag corresponds to the CONTAINER_INHERIT_ACE flag.
- ///
- ///
- /// -
- /// SUB_OBJECTS_ONLY_INHERIT
- ///
- /// Noncontainer objects contained by the primary object inherit the ACE. This flag corresponds to the OBJECT_INHERIT_ACE flag.
- ///
- ///
- ///
- ///
- public INHERIT_FLAGS grfInheritance;
-
- ///
- /// A TRUSTEE structure that identifies the user, group, or program (such as a Windows service) to which the ACE applies.
- ///
- public TRUSTEE Trustee;
- }
-
- /// Provides information about an object's inherited access control entry (ACE).
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
- [PInvokeData("AccCtrl.h", MSDNShortId = "aa378845")]
- public struct INHERITED_FROM
- {
- ///
- /// Number of levels, or generations, between the object and the ancestor. Set this to zero for an explicit ACE. If the ancestor
- /// cannot be determined for the inherited ACE, set this member to –1.
- ///
- public int GenerationGap;
-
- /// Name of the ancestor from which the ACE was inherited. For an explicit ACE, set this to null.
- [MarshalAs(UnmanagedType.LPTStr)]
- public string AncestorName;
-
- /// Initializes a new instance of the structure.
- /// The generation gap.
- /// Name of the ancestor.
- public INHERITED_FROM(int generationGap, string ancestorName)
- {
- GenerationGap = generationGap;
- AncestorName = ancestorName;
- }
-
- /// Returns a that represents this instance.
- /// A that represents this instance.
- public override string ToString() => $"{AncestorName} : 0x{GenerationGap:X}";
-
- /// ACE is explicit.
- public static readonly INHERITED_FROM Explicit = new INHERITED_FROM(0, null);
-
- /// ACE inheritance cannot be determined.
- public static readonly INHERITED_FROM Indeterminate = new INHERITED_FROM(-1, null);
- }
-
- ///
- ///
- /// The OBJECTS_AND_NAME structure contains a string that identifies a trustee by name and additional strings that identify
- /// the object types of an object-specific access control entry (ACE).
- ///
- ///
- ///
- ///
- /// The ptstrName member of a TRUSTEE structure can be a pointer to an OBJECTS_AND_NAME structure. This enables
- /// functions such as SetEntriesInAcl and GetExplicitEntriesFromAcl to store object-specific ACE information in the Trustee
- /// member of an EXPLICIT_ACCESS structure.
- ///
- ///
- // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_objects_and_name_a typedef struct _OBJECTS_AND_NAME_A {
- // DWORD ObjectsPresent; SE_OBJECT_TYPE ObjectType; LPSTR ObjectTypeName; LPSTR InheritedObjectTypeName; LPSTR ptstrName; }
- // OBJECTS_AND_NAME_A, *POBJECTS_AND_NAME_A;
- [PInvokeData("accctrl.h", MSDNShortId = "ad91a302-f693-44e9-9655-ec4488ff78c4")]
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto, Pack = 4)]
- public struct OBJECTS_AND_NAME
- {
- ///
- ///
- /// Indicates whether the ObjectTypeName and InheritedObjectTypeName members contain strings. This parameter can be
- /// a combination of the following values.
- ///
- ///
- ///
- /// Value
- /// Meaning
- ///
- /// -
- /// ACE_OBJECT_TYPE_PRESENT 0x1
- /// The ObjectTypeName member contains a string.
- ///
- /// -
- /// ACE_INHERITED_OBJECT_TYPE_PRESENT 0x2
- /// The InheritedObjectTypeName member contains a string.
- ///
- ///
- ///
- public AceObjectPresence ObjectsPresent;
-
- ///
- /// Specifies a value from the SE_OBJECT_TYPE enumeration that indicates the type of object.
- ///
- public SE_OBJECT_TYPE ObjectType;
-
- ///
- /// A pointer to a null-terminated string that identifies the type of object to which the ACE applies.
- /// This string must be a valid LDAP display name in the Active Directory schema.
- ///
- public StrPtrAuto ObjectTypeName;
-
- ///
- /// A pointer to a null-terminated string that identifies the type of object that can inherit the ACE.
- /// This string must be a valid LDAP display name in the Active Directory schema.
- ///
- /// If the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is not set in the ObjectsPresent member, the
- /// InheritedObjectTypeName member is ignored, and all types of child objects can inherit the ACE. Otherwise, only the
- /// specified object type can inherit the ACE. In either case, inheritance is also controlled by the inheritance flags in the
- /// ACE_HEADERstructure as well as by any protection against inheritance placed on the child objects.
- ///
- ///
- public StrPtrAuto InheritedObjectTypeName;
-
- ///
- /// A pointer to a null-terminated string that contains the name of the trustee.
- ///
- public StrPtrAuto ptstrName;
- }
-
- ///
- ///
- /// The OBJECTS_AND_SID structure contains a security identifier (SID) that identifies a trustee and GUIDs that identify the
- /// object types of an object-specific access control entry (ACE).
- ///
- ///
- ///
- ///
- /// The ptstrName member of a TRUSTEE structure can be a pointer to an OBJECTS_AND_SID structure. This enables
- /// functions such as SetEntriesInAcl and GetExplicitEntriesFromAcl to store object-specific ACE information in the Trustee
- /// member of an EXPLICIT_ACCESS structure.
- ///
- ///
- /// When you use this structure in a call to SetEntriesInAcl, ObjectTypeGuid and InheritedObjectTypeGuid must be valid
- /// schema identifiers in the Active Directory schema. The system does not verify the GUIDs; they are used as is.
- ///
- ///
- // https://docs.microsoft.com/en-us/windows/desktop/api/accctrl/ns-accctrl-_objects_and_sid typedef struct _OBJECTS_AND_SID { DWORD
- // ObjectsPresent; GUID ObjectTypeGuid; GUID InheritedObjectTypeGuid; SID *pSid; } OBJECTS_AND_SID, *POBJECTS_AND_SID;
- [PInvokeData("accctrl.h", MSDNShortId = "77ba8a3c-01e5-4a3e-835f-c7b9ef60035a")]
- [StructLayout(LayoutKind.Sequential, Pack = 4)]
- public struct OBJECTS_AND_SID
- {
- ///
- ///
- /// Indicates whether the ObjectTypeGuid and InheritedObjectTypeGuid members contain GUIDs. This parameter can be a
- /// combination of the following values.
- ///
- ///
- ///
- /// Value
- /// Meaning
- ///
- /// -
- /// ACE_OBJECT_TYPE_PRESENT 0x1
- /// The ObjectTypeGuid member contains a GUID.
- ///
- /// -
- /// ACE_INHERITED_OBJECT_TYPE_PRESENT 0x2
- /// The InheritedObjectTypeGuid member contains a GUID.
- ///
- ///
- ///
- public AceObjectPresence ObjectsPresent;
-
- ///
- ///
- /// A GUID structure that identifies the type of object, property set, or property protected by the ACE. If this ACE is
- /// inherited, the GUID identifies the type of object, property set, or property protected by the inherited ACE. This GUID must
- /// be a valid schema identifier in the Active Directory schema.
- ///
- ///
- /// If the ACE_OBJECT_TYPE_PRESENT bit is not set in the ObjectsPresent member, the ObjectTypeGuid member is
- /// ignored, and the ACE protects the object to which the ACL is assigned.
- ///
- ///
- public Guid ObjectTypeGuid;
-
- ///
- ///
- /// A GUID structure that identifies the type of object that can inherit the ACE. This GUID must be a valid schema identifier in
- /// the Active Directory schema.
- ///
- ///
- /// If the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is not set in the ObjectsPresent member, the
- /// InheritedObjectTypeGuid member is ignored, and all types of child objects can inherit the ACE. Otherwise, only the
- /// specified object type can inherit the ACE. In either case, inheritance is also controlled by the inheritance flags in the
- /// ACE_HEADERstructure as well as by any protection against inheritance placed on the child objects.
- ///
- ///
- public Guid InheritedObjectTypeGuid;
-
- ///
- /// A pointer to the SID of the trustee to whom the ACE applies.
- ///
- public IntPtr pSid;
- }
-
- ///
- /// The TRUSTEE structure identifies the user account, group account, or logon session to which an access control entry (ACE)
- /// applies. The structure can use a name or a security identifier (SID) to identify the trustee.
- ///
- /// Access control functions, such as SetEntriesInAcl and GetExplicitEntriesFromAcl, use this structure to identify the logon account
- /// associated with the access control or audit control information in an EXPLICIT_ACCESS structure.
- ///
- ///
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
- [PInvokeData("AccCtrl.h", MSDNShortId = "aa379636")]
- public struct TRUSTEE
- {
- ///
- /// A pointer to a TRUSTEE structure that identifies a server account that can impersonate the user identified by the ptstrName
- /// member. This member is not currently supported and must be NULL.
- ///
- public IntPtr pMultipleTrustee;
-
- /// A value of the MULTIPLE_TRUSTEE_OPERATION enumeration type. Currently, this member must be NO_MULTIPLE_TRUSTEE.
- public MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
-
- /// A value from the TRUSTEE_FORM enumeration type that indicates the type of data pointed to by the ptstrName member.
- public TRUSTEE_FORM TrusteeForm;
-
- ///
- /// A value from the TRUSTEE_TYPE enumeration type that indicates whether the trustee is a user account, a group account, or an
- /// unknown account type.
- ///
- public TRUSTEE_TYPE TrusteeType;
-
- ///
- /// A pointer to a buffer that identifies the trustee and, optionally, contains information about object-specific ACEs. The type
- /// of data depends on the value of the TrusteeForm member. This member can be one of the following values.
- ///
- ///
- /// Value
- /// Meaning
- ///
- /// -
- /// TRUSTEE_IS_NAME
- /// A pointer to a null-terminated string that contains the name of the trustee.
- ///
- /// -
- /// TRUSTEE_IS_OBJECTS_AND_NAME
- ///
- /// A pointer to an OBJECTS_AND_NAME structure that contains the name of the trustee and the names of the object types in an
- /// object-specific ACE.
- ///
- ///
- /// -
- /// TRUSTEE_IS_OBJECTS_AND_SID
- ///
- /// A pointer to an OBJECTS_AND_SID structure that contains the SID of the trustee and the GUIDs of the object types in an
- /// object-specific ACE.
- ///
- ///
- /// -
- /// TRUSTEE_IS_SID
- /// Pointer to the SID of the trustee.
- ///
- ///
- ///
- public IntPtr ptstrName;
-
- /// Initializes a new instance of the struct.
- /// The sid.
- /// The sid type.
- public TRUSTEE(PSID pSid, TRUSTEE_TYPE type = TRUSTEE_TYPE.TRUSTEE_IS_USER) : this() { ptstrName = (IntPtr)pSid; TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_SID; TrusteeType = type; }
-
- /// Gets the name of the trustee.
- ///
- /// A trustee name can have any of the following formats:
- ///
- /// -
- /// A fully qualified name, such as "g:\remotedir\abc".
- ///
- /// -
- /// A domain account, such as "domain1\xyz".
- ///
- /// -
- /// One of the predefined group names, such as "EVERYONE" or "GUEST".
- ///
- /// -
- /// One of the following special names: "CREATOR GROUP", "CREATOR OWNER", "CURRENT_USER".
- ///
- ///
- ///
- public string Name => TrusteeForm == TRUSTEE_FORM.TRUSTEE_IS_NAME ? Marshal.PtrToStringAuto(ptstrName) : null;
-
- /// Gets the sid for the trustee
- /// The Sid.
- public PSID Sid => TrusteeForm == TRUSTEE_FORM.TRUSTEE_IS_SID ? ptstrName : PSID.NULL;
-
- /// Gets the from the field.
- /// The structure.
- public OBJECTS_AND_NAME ObjectsAndName => TrusteeForm == TRUSTEE_FORM.TRUSTEE_IS_OBJECTS_AND_NAME ? ptstrName.ToStructure() : default;
-
- /// Gets the from the field.
- /// The structure.
- public OBJECTS_AND_SID ObjectsAndSid => TrusteeForm == TRUSTEE_FORM.TRUSTEE_IS_OBJECTS_AND_SID ? ptstrName.ToStructure() : default;
- }
+ /// Gets the from the field.
+ /// The structure.
+ public OBJECTS_AND_SID ObjectsAndSid => TrusteeForm == TRUSTEE_FORM.TRUSTEE_IS_OBJECTS_AND_SID ? ptstrName.ToStructure() : default;
}
}
\ No newline at end of file