sean-m
/
Vanara
mirror of https://github.com/dahall/Vanara.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION to support new AuthzEnumerateSecurityEventSources overload. Removed AUTHZ_SOURCE_SCHEMA_REGISTRATION_IN in lieu of better use of AUTHZ_SOURCE_SCHEMA_REGISTRATION.

pull/60/head
David Hall 2019-07-03 14:47:25 -06:00
parent ffed6e252a
commit 96998e7c82
3 changed files with 176 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
PInvoke/Security/Authz/Authz.cs
View File

@ -1,4 +1,5 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
@ -936,6 +937,25 @@ namespace Vanara.PInvoke
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzEnumerateSecurityEventSources([Optional] uint dwFlags, IntPtr Buffer, out uint pdwCount, ref uint pdwLength);
/// <summary>
/// The <c>AuthzEnumerateSecurityEventSources</c> function retrieves the registered security event sources that are not installed by default.
/// </summary>
/// <returns>An array of AUTHZ_SOURCE_SCHEMA_REGISTRATION structures that returns the registered security event sources.</returns>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzenumeratesecurityeventsources AUTHZAPI BOOL
[PInvokeData("authz.h", MSDNShortId = "2a20ccc9-f2ac-41e4-9d86-745004775e67")]
public static IEnumerable<SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION> AuthzEnumerateSecurityEventSources()
{
var len = 0U;
if (!AuthzEnumerateSecurityEventSources(0, IntPtr.Zero, out _, ref len) && len == 0)
Win32Error.ThrowLastError();
using (var mem = new SafeHGlobalHandle((int)len))
{
if (!AuthzEnumerateSecurityEventSources(0, (IntPtr)mem, out var cnt, ref len))
Win32Error.ThrowLastError();
return mem.ToEnumerable<AUTHZ_SOURCE_SCHEMA_REGISTRATION>((int)cnt).Select(r => new SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION(r)).ToArray();
}
}
/// <summary>
/// <para>The <c>AuthzFreeAuditEvent</c> function frees the structure allocated by the AuthzInitializeObjectAccessAuditEvent function.</para>
/// </summary>
@ -1406,7 +1426,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("authz.h", MSDNShortId = "cf79a92f-31e0-47cf-8990-4dbd46056a90")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzInitializeObjectAccessAuditEvent(AuthzAuditEventFlags Flags, [Optional] IntPtr hAuditEventType, string szOperationType, string szObjectType,
public static extern bool AuthzInitializeObjectAccessAuditEvent(AuthzAuditEventFlags Flags, [Optional] IntPtr hAuditEventType, string szOperationType, string szObjectType,
string szObjectName, string szAdditionalInfo, out SafeAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent, uint dwAdditionalParameterCount = 0, IntPtr parameters = default);
/// <summary>
@ -1658,7 +1678,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)]
[PInvokeData("authz.h", MSDNShortId = "77cb5c6c-1634-4449-8d05-ce6357ad4e4b")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzInstallSecurityEventSource([Optional] uint dwFlags, in AUTHZ_SOURCE_SCHEMA_REGISTRATION_IN pRegistration);
public static extern bool AuthzInstallSecurityEventSource([Optional] uint dwFlags, in AUTHZ_SOURCE_SCHEMA_REGISTRATION pRegistration);
/// <summary>
/// <para>The <c>AuthzModifyClaims</c> function adds, deletes, or modifies user and device claims in the Authz client context.</para>
@ -2690,26 +2710,19 @@ namespace Vanara.PInvoke
/// The GUID of a migrated publisher. The value of this member is converted to a string and stored in the registry if the caller
/// is a migrated publisher.
/// </summary>
public IntPtr pProviderGuid;
public GuidPtr pProviderGuid;
/// <summary>The number of objects in the ObjectTypeNames array.</summary>
public uint dwObjectTypeNameCount;
/// <summary>An array of AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET structures that represents the object types for the events.</summary>
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET[] ObjectTypeNames;
public AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET ObjectTypeNames;
}
/// <summary>The <c>AUTHZ_SOURCE_SCHEMA_REGISTRATION</c> structure specifies information about source schema registration.</summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_source_schema_registration typedef struct
// _AUTHZ_SOURCE_SCHEMA_REGISTRATION { DWORD dwFlags; PWSTR szEventSourceName; PWSTR szEventMessageFile; PWSTR
// szEventSourceXmlSchemaFile; PWSTR szEventAccessStringsFile; PWSTR szExecutableImagePath; union { PVOID pReserved; GUID
// *pProviderGuid; } DUMMYUNIONNAME; DWORD dwObjectTypeNameCount; AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET
// ObjectTypeNames[ANYSIZE_ARRAY]; } AUTHZ_SOURCE_SCHEMA_REGISTRATION, *PAUTHZ_SOURCE_SCHEMA_REGISTRATION;
[PInvokeData("authz.h", MSDNShortId = "8b4d6e14-fb9c-428a-bd94-34eba668edc6")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct AUTHZ_SOURCE_SCHEMA_REGISTRATION_IN
public class SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION : IDisposable
{
private List<SafeHGlobalHandle> mem = new List<SafeHGlobalHandle>(7);
/// <summary>
/// <para>Flags that control the behavior of the operation. The following table shows a possible value.</para>
/// <list type="table">
@ -2733,42 +2746,91 @@ namespace Vanara.PInvoke
/// </item>
/// </list>
/// </summary>
public SOURCE_SCHEMA_REGISTRATION_FLAGS dwFlags;
public SOURCE_SCHEMA_REGISTRATION_FLAGS dwFlags { get; set; }
/// <summary>A pointer to a wide character string that represents the name of the event source.</summary>
[MarshalAs(UnmanagedType.LPWStr)]
public string szEventSourceName;
/// <summary>A string that represents the name of the event source.</summary>
public string szEventSourceName { get; set; }
/// <summary>A pointer to a wide character string that represents the name of the resource that contains the event messages.</summary>
[MarshalAs(UnmanagedType.LPWStr)]
public string szEventMessageFile;
/// <summary>A string that represents the name of the resource that contains the event messages.</summary>
public string szEventMessageFile { get; set; }
/// <summary>A pointer to a wide character string that represents the name of the XML schema file for the event source.</summary>
[MarshalAs(UnmanagedType.LPWStr)]
public string szEventSourceXmlSchemaFile;
/// <summary>A string that represents the name of the XML schema file for the event source.</summary>
public string szEventSourceXmlSchemaFile { get; set; }
/// <summary>
/// A pointer to a wide character string that represents the name of the resource that contains the event parameter strings.
/// </summary>
[MarshalAs(UnmanagedType.LPWStr)]
public string szEventAccessStringsFile;
public string szEventAccessStringsFile { get; set; }
/// <summary>This member is reserved and must be set to <c>NULL</c>.</summary>
[MarshalAs(UnmanagedType.LPWStr)]
public string szExecutableImagePath;
/// <summary>This member is reserved and must be set to <see langword="null"/>.</summary>
public string szExecutableImagePath { get; set; }
/// <summary>
/// The GUID of a migrated publisher. The value of this member is converted to a string and stored in the registry if the caller
/// is a migrated publisher.
/// </summary>
public IntPtr pProviderGuid;
public Guid? pProviderGuid { get; set; }
/// <summary>The number of objects in the ObjectTypeNames array.</summary>
public uint dwObjectTypeNameCount;
/// <summary>A pointer to a wide character string that represents the name of the object type.</summary>
public string szObjectTypeName { get; set; }
/// <summary>An array of AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET structures that represents the object types for the events.</summary>
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET[] ObjectTypeNames;
/// <summary>Offset of the object type name in an object types message DLL.</summary>
public uint dwOffset { get; set; }
/// <summary>Initializes a new instance of the <see cref="SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION"/> class.</summary>
public SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION() { }
/// <summary>
/// Initializes a new instance of the <see cref="SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION"/> class from its unmanaged equivalent.
/// </summary>
/// <param name="outValue">The native <see cref="AUTHZ_SOURCE_SCHEMA_REGISTRATION"/> instance.</param>
public SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION(AUTHZ_SOURCE_SCHEMA_REGISTRATION outValue)
{
dwFlags = outValue.dwFlags;
szEventSourceName = outValue.szEventSourceName;
szEventMessageFile = outValue.szEventMessageFile;
szEventSourceXmlSchemaFile = outValue.szEventSourceXmlSchemaFile;
szEventAccessStringsFile = outValue.szEventAccessStringsFile;
szExecutableImagePath = outValue.szExecutableImagePath;
pProviderGuid = outValue.pProviderGuid;
szObjectTypeName = outValue.ObjectTypeNames.szObjectTypeName;
dwOffset = outValue.ObjectTypeNames.dwOffset;
}
/// <summary>Performs an implicit conversion from <see cref="SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION"/> to <see cref="AUTHZ_SOURCE_SCHEMA_REGISTRATION"/>.</summary>
/// <param name="mgd">The managed equivalent.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator AUTHZ_SOURCE_SCHEMA_REGISTRATION(SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION mgd)
{
// Write all pointer instances to memory stream so they will be kept in memory
var ret = new AUTHZ_SOURCE_SCHEMA_REGISTRATION { dwFlags = mgd.dwFlags };
ret.szEventSourceName = SetPtr(mgd.szEventSourceName);
ret.szEventMessageFile = SetPtr(mgd.szEventMessageFile);
ret.szEventSourceXmlSchemaFile = SetPtr(mgd.szEventSourceXmlSchemaFile);
ret.szEventAccessStringsFile = SetPtr(mgd.szEventAccessStringsFile);
ret.szExecutableImagePath = SetPtr(mgd.szExecutableImagePath);
if (mgd.pProviderGuid.HasValue)
{
var ptr = SafeHGlobalHandle.CreateFromStructure(mgd.pProviderGuid.Value);
mgd.mem.Add(ptr);
ret.pProviderGuid = ptr.DangerousGetHandle();
}
ret.dwObjectTypeNameCount = mgd.szObjectTypeName is null ? 0 : 1U;
ret.ObjectTypeNames.szObjectTypeName = SetPtr(mgd.szObjectTypeName);
ret.ObjectTypeNames.dwOffset = mgd.dwOffset;
return ret;
IntPtr SetPtr(string value)
{
if (value is null) return IntPtr.Zero;
var ptr = new SafeHGlobalHandle(value);
mgd.mem.Add(ptr);
return ptr.DangerousGetHandle();
}
}
public void Dispose() { foreach (var m in mem) m.Dispose(); mem.Clear(); }
}
/// <summary>

37
UnitTests/Core/InteropServices/NativeMemoryStreamTests.cs
View File

@ -135,6 +135,43 @@ namespace Vanara.InteropServices.Tests
}
}
[Test]
public void MixedReadWriteTest()
{
using (var m = new SafeHGlobalHandle(512))
{
var str = "Test1";
var guid = Guid.NewGuid();
var lVal = 1208L;
byte b = 18;
using (var ms = new NativeMemoryStream(m) { CharSet = CharSet.Unicode })
{
Assert.That(() => ms.WriteReference(str), Throws.Nothing);
Assert.That(() => ms.Write(str), Throws.Nothing);
Assert.That(() => ms.WriteReference(guid), Throws.Nothing);
Assert.That(() => ms.Write(guid), Throws.Nothing);
Assert.That(() => ms.WriteReference(lVal), Throws.Nothing);
Assert.That(() => ms.Write(lVal), Throws.Nothing);
Assert.That(() => ms.WriteReference(b), Throws.Nothing);
Assert.That(() => ms.Write(b), Throws.Nothing);
Assert.That(() => ms.WriteReference(str), Throws.Nothing);
ms.Flush();
ms.Position = 0;
Assert.That(ms.ReadReference<string>(CharSet.Unicode), Is.EqualTo(str));
Assert.That(ms.Read<string>(CharSet.Unicode), Is.EqualTo(str));
Assert.That(ms.ReadReference<Guid>(), Is.EqualTo(guid));
Assert.That(ms.Read<Guid>(), Is.EqualTo(guid));
Assert.That(ms.ReadReference<long>(), Is.EqualTo(lVal));
Assert.That(ms.Read<long>(), Is.EqualTo(lVal));
Assert.That(ms.ReadReference<byte>(), Is.EqualTo(b));
Assert.That(ms.Read<byte>(), Is.EqualTo(b));
Assert.That(ms.ReadReference<string>(CharSet.Unicode), Is.EqualTo(str));
}
}
}
[Test]
public void PropTest()
{

50
UnitTests/PInvoke/Security/Authz/AuthzTests.cs
View File

@ -1,6 +1,8 @@
using NUnit.Framework;
using System;
using System.Linq;
using System.Runtime.InteropServices;
using Vanara.Extensions;
using Vanara.InteropServices;
using static Vanara.PInvoke.AdvApi32;
using static Vanara.PInvoke.Authz;
@ -80,13 +82,21 @@ namespace Vanara.PInvoke.Tests
[Test]
public void AuthzEnumerateSecurityEventSourcesTest()
{
var mem = new SafeNativeArray<AUTHZ_SOURCE_SCHEMA_REGISTRATION>(200);
var sz = (uint)mem.Size;
var b = AuthzEnumerateSecurityEventSources(0, (IntPtr)mem, out var len, ref sz);
Assert.That(b, Is.True);
Assert.That(sz, Is.LessThanOrEqualTo(mem.Size));
Assert.That(len, Is.GreaterThan(0));
Assert.That(() => TestContext.WriteLine(mem[0].szEventSourceName), Throws.Nothing);
using (var mem = new SafeNativeArray<AUTHZ_SOURCE_SCHEMA_REGISTRATION>(200))
{
var sz = (uint)mem.Size;
var b = AuthzEnumerateSecurityEventSources(0, (IntPtr)mem, out var len, ref sz);
Assert.That(b, Is.True);
Assert.That(sz, Is.LessThanOrEqualTo(mem.Size));
Assert.That(len, Is.GreaterThan(0));
Assert.That(() => TestContext.WriteLine(string.Join("\n", mem.Take((int)len).Select(r => r.szEventSourceName.ToString()))), Throws.Nothing);
}
}
[Test]
public void AuthzEnumerateSecurityEventSourcesTest2()
{
Assert.That(AuthzEnumerateSecurityEventSources(), Is.Not.Empty);
}
[Test]
@ -296,6 +306,30 @@ namespace Vanara.PInvoke.Tests
uint callback(IntPtr lpThreadParameter) { Assert.That(lpThreadParameter.ToInt32(), Is.EqualTo(2)); return 0; }
}
[Test]
public void SafeAUTHZ_SOURCE_SCHEMA_REGISTRATIONTest()
{
const string eventSource = "TestEventSource";
var guid = Guid.NewGuid();
using (var srcReg = new SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION { szEventSourceName = eventSource, szEventAccessStringsFile = @"%SystemRoot%\System32\MsObjs.dll", szObjectTypeName = "Obj1" , pProviderGuid = guid })
{
var nSrc = (AUTHZ_SOURCE_SCHEMA_REGISTRATION)srcReg;
Assert.That(nSrc.szEventSourceName.ToString(), Is.EqualTo(eventSource));
Assert.That(nSrc.pProviderGuid, Is.Not.EqualTo(IntPtr.Zero));
Assert.That(nSrc.dwObjectTypeNameCount, Is.EqualTo(1U));
Assert.That(nSrc.ObjectTypeNames.szObjectTypeName.ToString(), Is.EqualTo("Obj1"));
Assert.That(null, Is.EqualTo((string)nSrc.szEventMessageFile));
using (var srcReg2 = new SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION(nSrc))
{
Assert.That(srcReg2.szEventSourceName, Is.EqualTo(eventSource));
Assert.That(srcReg2.pProviderGuid.HasValue, Is.True);
Assert.That(srcReg2.pProviderGuid.Value, Is.EqualTo(guid));
Assert.That(srcReg2.szObjectTypeName, Is.EqualTo("Obj1"));
Assert.That(srcReg2.szEventMessageFile, Is.Null);
}
}
}
[Test]
public void AuthzRegisterSecurityEventSourceTest()
{
@ -303,7 +337,7 @@ namespace Vanara.PInvoke.Tests
using (new PrivBlock("SeAuditPrivilege"))
{
var srcReg = new AUTHZ_SOURCE_SCHEMA_REGISTRATION_IN { szEventSourceName = eventSource, szEventAccessStringsFile = @"%SystemRoot%\System32\MsObjs.dll" };
var srcReg = new SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION { szEventSourceName = eventSource, szEventAccessStringsFile = @"%SystemRoot%\System32\MsObjs.dll", szObjectTypeName = "Obj1", pProviderGuid = Guid.NewGuid() };
Assert.That(AuthzInstallSecurityEventSource(0, srcReg), Is.True);
var b = AuthzRegisterSecurityEventSource(0, eventSource, out var hEvtProv);
if (!b) TestContext.WriteLine($"AuthzRegisterSecurityEventSource:{Win32Error.GetLastError()}");