using System;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.AccessControl;
using System.Text;
using Vanara.Extensions;
using Vanara.InteropServices;
using static Vanara.PInvoke.Kernel32;
namespace Vanara.PInvoke
{
public static partial class AdvApi32
{
///
public const uint SECURITY_DESCRIPTOR_REVISION = 1;
///
public const uint SECURITY_DESCRIPTOR_REVISION1 = 1;
///
public const int SID_MAX_SUB_AUTHORITIES = 15;
///
public const int SID_RECOMMENDED_SUB_AUTHORITIES = 1; // Will change to around 6
///
public const uint SID_REVISION = 1; // Current revision level
private const int sizeofSID = 12;
/// The maximum size of a SID.
public static readonly int SECURITY_MAX_SID_SIZE = SECURITY_SID_SIZE(SID_MAX_SUB_AUTHORITIES);
/// Returns the number of bytes required for SID given the number of sub-authorities.
/// The sub authority count.
/// The number of bytes required for ths SID.
public static int SECURITY_SID_SIZE(int SubAuthorityCount) => sizeofSID + ((SubAuthorityCount - 1) * sizeof(uint));
// 2 (S-)
// 4 (Rev(max: 255)-)
// 15 (
// If (Auth < 2^32): Auth(max:4294967295)-
// Else: 0xAuth(max:FFFFFFFFFFFF)-
// )
// (11 * SID_MAX_SUB_AUTHORITIES) (SubN(max:4294967295)-)
// 1 (NULL character)
// = 187 (assuming SID_MAX_SUB_AUTHORITIES = 15)
/// The maximum characters in a string representation of a SID.
public const int SECURITY_MAX_SID_STRING_CHARACTERS = (2 + 4 + 15 + (11 * SID_MAX_SUB_AUTHORITIES) + 1);
/// Indicates whether the ObjectTypeName and InheritedObjectTypeName members contain strings.
[PInvokeData("winnt.h")]
[Flags]
public enum AceObjectPresence : uint
{
/// The ObjectTypeName member contains a string.
ACE_OBJECT_TYPE_PRESENT = 0x1,
/// The InheritedObjectTypeName member contains a string.
ACE_INHERITED_OBJECT_TYPE_PRESENT = 0x2
}
/// Used by the function.
[PInvokeData("winnt.h")]
public enum ACL_INFORMATION_CLASS : uint
{
/// Indicates ACL revision information.
[CorrespondingType(typeof(ACL_REVISION_INFORMATION))]
AclRevisionInformation = 1,
/// Indicates ACL size information.
[CorrespondingType(typeof(ACL_SIZE_INFORMATION))]
AclSizeInformation
}
///
/// The attribute flags that are a 32-bitmask. Bits 16 through 31 may be set to any value. Bits 0 through 15 must be zero or a
/// combination of one or more of the following mask values.
///
[PInvokeData("winnt.h", MSDNShortId = "FDBB9B00-01C3-474A-81FF-97C5CBA3261B")]
[Flags]
public enum CLAIM_SECURITY_ATTRIBUTE_FLAG : uint
{
/// This attribute is ignored by the operating system. This claim security attribute is not inherited across processes.
CLAIM_SECURITY_ATTRIBUTE_NON_INHERITABLE = 0x0001,
///
/// The value of the claim security attribute is case sensitive. This flag is valid for values that contain string types.
///
CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE = 0x0002,
/// The claim security attribute is considered only for deny access control entries (ACEs).
CLAIM_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY = 0x0004,
/// The claim security attribute is disabled by default.
CLAIM_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT = 0x0008,
/// The claim security attribute is disabled and will not be applied by the AccessCheck function.
CLAIM_SECURITY_ATTRIBUTE_DISABLED = 0x0010,
/// The claim security attribute is mandatory.
CLAIM_SECURITY_ATTRIBUTE_MANDATORY = 0x0020,
}
/// A union tag value that indicates the type of information contained in the Values member.
[PInvokeData("winnt.h", MSDNShortId = "FDBB9B00-01C3-474A-81FF-97C5CBA3261B")]
public enum CLAIM_SECURITY_ATTRIBUTE_TYPE : ushort
{
/// The Values member refers to an array of LONG64 values.
CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64 = 0x0001,
/// The Values member refers to an array of ULONG64 values.
CLAIM_SECURITY_ATTRIBUTE_TYPE_UINT64 = 0x0002,
/// The Values member refers to an array of pointers to Unicode string values.
CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING = 0x0003,
/// The Values member refers to an array of CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE values.
CLAIM_SECURITY_ATTRIBUTE_TYPE_FQBN = 0x0004,
///
/// The Values member refers to an array of CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE values where the pValue member of each
/// CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE is a PSID.
///
CLAIM_SECURITY_ATTRIBUTE_TYPE_SID = 0x0005,
///
/// The Values member refers to an array of ULONG64 values where each element indicates a Boolean value. The value 1 indicates
/// TRUE and the value 0 indicates FALSE.
///
CLAIM_SECURITY_ATTRIBUTE_TYPE_BOOLEAN = 0x0006,
/// The Values member refers to an array of CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE values.
CLAIM_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING = 0x0010,
}
/// Flags that affect the behavior of .
[PInvokeData("winnt.h")]
[Flags]
public enum CTMF : uint
{
///
/// Allows app containers to pass the call as long as the other requirements of the token are met, such as the group specified is
/// present and enabled.
///
CTMF_INCLUDE_APPCONTAINER = 0x00000001,
/// Undocumented.
CTMF_INCLUDE_LPAC = 0x00000002
}
/// The status of the event log.
[PInvokeData("Winnt.h", MSDNShortId = "bb309024")]
[Flags]
public enum ELF_FLAGS
{
///
/// Indicates that records have been written to an event log, but the event log file has not been properly closed. For more
/// information about this flag, see the Remarks section.
///
ELF_LOGFILE_HEADER_DIRTY = 0x0001,
/// Indicates that records in the event log have wrapped.
ELF_LOGFILE_HEADER_WRAP = 0x0002,
/// Indicates that the most recent write attempt failed due to insufficient space.
ELF_LOGFILE_LOGFULL_WRITTEN = 0x0004,
///
/// Indicates that the archive attribute has been set for the file. Normal file APIs can also be used to determine the value of
/// this flag.
///
ELF_LOGFILE_ARCHIVE_SET = 0x0008,
}
/// Indicate how to read the log file.
[PInvokeData("winnt.h", MSDNShortId = "53706f83-6bc9-45d6-981c-bd0680d7bc08")]
[Flags]
public enum EVENTLOG_READ
{
/// The eventlog sequential read
EVENTLOG_SEQUENTIAL_READ = 0x0001,
///
/// Begin reading from the record specified in the dwRecordOffset parameter. This option may not work with large log files if the
/// function cannot determine the log file's size. For details, see Knowledge Base article, 177199.
///
EVENTLOG_SEEK_READ = 0x0002,
/// The log is read in chronological order (oldest to newest).
EVENTLOG_FORWARDS_READ = 0x0004,
/// The log is read in reverse chronological order (newest to oldest).
EVENTLOG_BACKWARDS_READ = 0x0008,
}
/// The type of event to be logged.
[PInvokeData("winnt.h", MSDNShortId = "e39273c3-9e42-41a1-9ec1-1cdff2ab7b55")]
public enum EVENTLOG_TYPE : ushort
{
/// Information event
EVENTLOG_SUCCESS = 0x0000,
/// Error event
EVENTLOG_ERROR_TYPE = 0x0001,
/// Warning event
EVENTLOG_WARNING_TYPE = 0x0002,
/// Information event
EVENTLOG_INFORMATION_TYPE = 0x0004,
/// Success Audit event
EVENTLOG_AUDIT_SUCCESS = 0x0008,
/// Failure Audit event
EVENTLOG_AUDIT_FAILURE = 0x0010,
}
/// Group attributes.
[Flags]
[PInvokeData("winnt.h")]
public enum GroupAttributes : uint
{
///
/// The SID cannot have the SE_GROUP_ENABLED attribute cleared by a call to the AdjustTokenGroups function. However, you can use
/// the CreateRestrictedToken function to convert a mandatory SID to a deny-only SID.
///
SE_GROUP_MANDATORY = 0x00000001,
/// The SID is enabled by default.
SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002,
///
/// The SID is enabled for access checks. When the system performs an access check, it checks for access-allowed and
/// access-denied access control entries (ACEs) that apply to the SID. A SID without this attribute is ignored during an access
/// check unless the SE_GROUP_USE_FOR_DENY_ONLY attribute is set.
///
SE_GROUP_ENABLED = 0x00000004,
///
/// The SID identifies a group account for which the user of the token is the owner of the group, or the SID can be assigned as
/// the owner of the token or objects.
///
SE_GROUP_OWNER = 0x00000008,
///
/// The SID is a deny-only SID in a restricted token. When the system performs an access check, it checks for access-denied ACEs
/// that apply to the SID; it ignores access-allowed ACEs for the SID. If this attribute is set, SE_GROUP_ENABLED is not set, and
/// the SID cannot be reenabled.
///
SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010,
/// The SID is a mandatory integrity SID.
SE_GROUP_INTEGRITY = 0x00000020,
/// The SID is enabled for mandatory integrity checks.
SE_GROUP_INTEGRITY_ENABLED = 0x00000040,
/// The SID is a logon SID that identifies the logon session associated with an access token.
SE_GROUP_LOGON_ID = 0xC0000000,
/// The SID identifies a domain-local group.
SE_GROUP_RESOURCE = 0x20000000
}
///
/// The capability SID constants define for applications well-known capabilities by using the AllocateAndInitializeSid function.
///
///
/// When constructing a capability SID, you need to include the package authority, SECURITY_APP_PACKAGE_AUTHORITY {0,0,0,0,0,15}, in
/// the call to the AllocateAndInitializeSid function. Additionally, you need the base RID and RID count for the built-in
/// capabilities, SECURITY_CAPABILITY_BASE_RID (0x00000003L) and SECURITY_BUILTIN_CAPABILITY_RID_COUNT (2L).
///
public enum KnownSIDCapability
{
/// An account has access to the Internet from a client computer.
SECURITY_CAPABILITY_INTERNET_CLIENT = 0x00000001,
/// An account has access to the Internet from the client and server computers.
SECURITY_CAPABILITY_INTERNET_CLIENT_SERVER = 0x00000002,
/// An account has access to the Internet from a private network.
SECURITY_CAPABILITY_PRIVATE_NETWORK_CLIENT_SERVER = 0x00000003,
/// An account has access to the pictures library.
SECURITY_CAPABILITY_PICTURES_LIBRARY = 0x00000004,
/// An account has access to the videos library.
SECURITY_CAPABILITY_VIDEOS_LIBRARY = 0x00000005,
/// An account has access to the music library.
SECURITY_CAPABILITY_MUSIC_LIBRARY = 0x00000006,
/// An account has access to the documentation library.
SECURITY_CAPABILITY_DOCUMENTS_LIBRARY = 0x00000007,
/// An account has access to the default Windows credentials.
SECURITY_CAPABILITY_ENTERPRISE_AUTHENTICATION = 0x00000008,
/// An account has access to the shared user certificates.
SECURITY_CAPABILITY_SHARED_USER_CERTIFICATES = 0x00000009,
/// An account has access to removable storage.
SECURITY_CAPABILITY_REMOVABLE_STORAGE = 0x0000000A,
}
///
/// A set of bit flags that indicate whether the ObjectType and InheritedObjectType members are present in an object ACE.
///
[Flags]
public enum ObjectAceFlags : uint
{
///
/// ObjectType is present and contains a GUID. If this value is not specified, the InheritedObjectType member follows immediately
/// after the Flags member.
///
ACE_OBJECT_TYPE_PRESENT = 0x1,
///
/// InheritedObjectType is present and contains a GUID. If this value is not specified, all types of child objects can inherit
/// the ACE.
///
ACE_INHERITED_OBJECT_TYPE_PRESENT = 0x2
}
/// Privilege attributes.
[Flags]
[PInvokeData("winnt.h")]
public enum PrivilegeAttributes : uint
{
/// The privilege is disabled.
SE_PRIVILEGE_DISABLED = 0x00000000,
/// The privilege is enabled by default.
SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001,
/// The privilege is enabled.
SE_PRIVILEGE_ENABLED = 0x00000002,
/// Used to remove a privilege. The other privileges in the list are reordered to remain contiguous.
SE_PRIVILEGE_REMOVED = 0x00000004,
///
/// The privilege was used to gain access to an object or service. This flag is used to identify the relevant privileges in a set
/// passed by a client application that may contain unnecessary privileges.
///
SE_PRIVILEGE_USED_FOR_ACCESS = 0x80000000
}
/// Flags used by PRIVILEGE_SET.
[PInvokeData("winnt.h")]
public enum PrivilegeSetControl
{
/// The presence of any privileges in the user's access token grants the access.
None = 0,
/// Indicates that all of the specified privileges must be held by the process requesting access.
PRIVILEGE_SET_ALL_NECESSARY = 1
}
/// Additional privilege options for .
[PInvokeData("winnt.h")]
public enum RestrictedPrivilegeOptions : uint
{
///
/// Disables all privileges in the new token except the SeChangeNotifyPrivilege privilege. If this value is specified, the
/// DeletePrivilegeCount and PrivilegesToDelete parameters are ignored.
///
DISABLE_MAX_PRIVILEGE = 0x1,
///
/// If this value is used, the system does not check AppLocker rules or apply Software Restriction Policies. For AppLocker, this
/// flag disables checks for all four rule collections: Executable, Windows Installer, Script, and DLL.
///
/// When creating a setup program that must run extracted DLLs during installation, use the flag SAFER_TOKEN_MAKE_INERT in the
/// SaferComputeTokenFromLevel function.
///
/// A token can be queried for existence of this flag by using GetTokenInformation.
///
/// Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: On systems with
/// KB2532445 installed, the caller must be running as LocalSystem or TrustedInstaller or the system ignores this flag. For more
/// information, see "You can circumvent AppLocker rules by using an Office macro on a computer that is running Windows 7 or
/// Windows Server 2008 R2" in the Help and Support Knowledge Base at http://support.microsoft.com/kb/2532445.
///
///
/// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: AppLocker is not supported. AppLocker was introduced
/// in Windows 7 and Windows Server 2008 R2.
///
///
SANDBOX_INERT = 0x2,
///
/// The new token is a LUA token.
/// Windows Server 2003 and Windows XP: This value is not supported.
///
LUA_TOKEN = 0x4,
///
/// The new token contains restricting SIDs that are considered only when evaluating write access.
///
/// Windows XP with SP2 and later: The value of this constant is 0x4. For an application to be compatible with Windows XP with
/// SP2 and later operating systems, the application should query the operating system by calling the GetVersionEx function to
/// determine which value should be used.
///
/// Windows Server 2003 and Windows XP with SP1 and earlier: This value is not supported.
///
WRITE_RESTRICTED = 0x8,
}
///
/// A set of bit flags that qualify the meaning of a security descriptor or its components. Each security descriptor has a Control
/// member that stores the SECURITY_DESCRIPTOR_CONTROL bits.
///
[Flags]
public enum SECURITY_DESCRIPTOR_CONTROL : ushort
{
///
/// Indicates a required security descriptor in which the discretionary access control list (DACL) is set up to support automatic
/// propagation of inheritable access control entries (ACEs) to existing child objects.
///
/// For access control lists (ACLs) that support auto inheritance, this bit is always set. Protected servers can call the
/// ConvertToAutoInheritPrivateObjectSecurity function to convert a security descriptor and set this flag.
///
///
SE_DACL_AUTO_INHERIT_REQ = 0x0100,
///
/// Indicates a security descriptor in which the discretionary access control list (DACL) is set up to support automatic
/// propagation of inheritable access control entries (ACEs) to existing child objects.
///
/// For access control lists (ACLs) that support auto inheritance, this bit is always set. Protected servers can call the
/// ConvertToAutoInheritPrivateObjectSecurity function to convert a security descriptor and set this flag.
///
///
SE_DACL_AUTO_INHERITED = 0x0400,
///
/// Indicates a security descriptor with a default DACL. For example, if the creator an object does not specify a DACL, the
/// object receives the default DACL from the access token of the creator. This flag can affect how the system treats the DACL
/// with respect to ACE inheritance. The system ignores this flag if the SE_DACL_PRESENT flag is not set.
///
/// This flag is used to determine how the final DACL on the object is to be computed and is not stored physically in the
/// security descriptor control of the securable object.
///
/// To set this flag, use the SetSecurityDescriptorDacl function.
///
SE_DACL_DEFAULTED = 0x0008,
///
/// Indicates a security descriptor that has a DACL. If this flag is not set, or if this flag is set and the DACL is NULL, the
/// security descriptor allows full access to everyone.
///
/// This flag is used to hold the security information specified by a caller until the security descriptor is associated with a
/// securable object. After the security descriptor is associated with a securable object, the SE_DACL_PRESENT flag is always set
/// in the security descriptor control.
///
/// To set this flag, use the SetSecurityDescriptorDacl function.
///
SE_DACL_PRESENT = 0x0004,
///
/// Prevents the DACL of the security descriptor from being modified by inheritable ACEs. To set this flag, use the
/// SetSecurityDescriptorControl function.
///
SE_DACL_PROTECTED = 0x1000,
///
/// Indicates that the security identifier (SID) of the security descriptor group was provided by a default mechanism. This flag
/// can be used by a resource manager to identify objects whose security descriptor group was set by a default mechanism. To set
/// this flag, use the SetSecurityDescriptorGroup function.
///
SE_GROUP_DEFAULTED = 0x0002,
///
/// Indicates that the SID of the owner of the security descriptor was provided by a default mechanism. This flag can be used by
/// a resource manager to identify objects whose owner was set by a default mechanism. To set this flag, use the
/// SetSecurityDescriptorOwner function.
///
SE_OWNER_DEFAULTED = 0x0001,
/// Indicates that the resource manager control is valid.
SE_RM_CONTROL_VALID = 0x4000,
///
/// Indicates a required security descriptor in which the system access control list (SACL) is set up to support automatic
/// propagation of inheritable ACEs to existing child objects.
///
/// The system sets this bit when it performs the automatic inheritance algorithm for the object and its existing child objects.
/// To convert a security descriptor and set this flag, protected servers can call the ConvertToAutoInheritPrivateObjectSecurity function.
///
///
SE_SACL_AUTO_INHERIT_REQ = 0x0200,
///
/// Indicates a security descriptor in which the system access control list (SACL) is set up to support automatic propagation of
/// inheritable ACEs to existing child objects.
///
/// The system sets this bit when it performs the automatic inheritance algorithm for the object and its existing child objects.
/// To convert a security descriptor and set this flag, protected servers can call the ConvertToAutoInheritPrivateObjectSecurity function.
///
///
SE_SACL_AUTO_INHERITED = 0x0800,
///
/// A default mechanism, rather than the original provider of the security descriptor, provided the SACL. This flag can affect
/// how the system treats the SACL, with respect to ACE inheritance. The system ignores this flag if the SE_SACL_PRESENT flag is
/// not set. To set this flag, use the SetSecurityDescriptorSacl function.
///
SE_SACL_DEFAULTED = 0x0008,
/// Indicates a security descriptor that has a SACL. To set this flag, use the SetSecurityDescriptorSacl function.
SE_SACL_PRESENT = 0x0010,
///
/// Prevents the SACL of the security descriptor from being modified by inheritable ACEs. To set this flag, use the
/// SetSecurityDescriptorControl function.
///
SE_SACL_PROTECTED = 0x2000,
///
/// Indicates a self-relative security descriptor. If this flag is not set, the security descriptor is in absolute format. For
/// more information, see Absolute and Self-Relative Security Descriptors.
///
SE_SELF_RELATIVE = 0x8000
}
///
/// The SECURITY_IMPERSONATION_LEVEL enumeration contains values that specify security impersonation levels. Security impersonation
/// levels govern the degree to which a server process can act on behalf of a client process.
///
[PInvokeData("winnt.h")]
public enum SECURITY_IMPERSONATION_LEVEL
{
///
/// The server process cannot obtain identification information about the client, and it cannot impersonate the client. It is
/// defined with no value given, and thus, by ANSI C rules, defaults to a value of zero.
///
SecurityAnonymous,
///
/// The server process can obtain information about the client, such as security identifiers and privileges, but it cannot
/// impersonate the client. This is useful for servers that export their own objects, for example, database products that export
/// tables and views. Using the retrieved client-security information, the server can make access-validation decisions without
/// being able to use other services that are using the client's security context.
///
SecurityIdentification,
///
/// The server process can impersonate the client's security context on its local system. The server cannot impersonate the
/// client on remote systems.
///
SecurityImpersonation,
/// The server process can impersonate the client's security context on remote systems.
SecurityDelegation
}
/// A set of bit flags that control how access control entries (ACEs) are inherited from ParentDescriptor.
[PInvokeData("winnt.h")]
[Flags]
public enum SEF : uint
{
///
/// The new discretionary access control list (DACL) contains ACEs inherited from the DACL of ParentDescriptor, as well as any
/// explicit ACEs specified in the DACL of CreatorDescriptor. If this flag is not set, the new DACL does not inherit ACEs.
///
SEF_DACL_AUTO_INHERIT = 0x01,
///
/// The new system access control list (SACL) contains ACEs inherited from the SACL of ParentDescriptor, as well as any explicit
/// ACEs specified in the SACL of CreatorDescriptor. If this flag is not set, the new SACL does not inherit ACEs.
///
SEF_SACL_AUTO_INHERIT = 0x02,
///
/// CreatorDescriptor is the default descriptor for the types of objects specified by ObjectTypes. As such, CreatorDescriptor is
/// ignored if ParentDescriptor has any object-specific ACEs for the types of objects specified by the ObjectTypes parameter. If
/// no such ACEs are inherited, CreatorDescriptor is handled as though this flag were not specified.
///
SEF_DEFAULT_DESCRIPTOR_FOR_OBJECT = 0x04,
///
/// The function does not perform privilege checking. If the SEF_AVOID_OWNER_CHECK flag is also set, the Token parameter can be
/// NULL. This flag is useful while implementing automatic inheritance to avoid checking privileges on each child updated.
///
SEF_AVOID_PRIVILEGE_CHECK = 0x08,
///
/// The function does not check the validity of the owner in the resultant NewDescriptor as described in the Remarks section. If
/// the SEF_AVOID_PRIVILEGE_CHECK flag is also set, the Token parameter can be NULL.
///
SEF_AVOID_OWNER_CHECK = 0x10,
///
/// The owner of NewDescriptor defaults to the owner from ParentDescriptor. If not set, the owner of NewDescriptor defaults to
/// the owner of the token specified by the Token parameter. The owner of the token is specified in the token itself. In either
/// case, if the CreatorDescriptor parameter is not NULL, the NewDescriptor owner is set to the owner from CreatorDescriptor.
///
SEF_DEFAULT_OWNER_FROM_PARENT = 0x20,
///
/// The group of NewDescriptor defaults to the group from ParentDescriptor. If not set, the group of NewDescriptor defaults to
/// the group of the token specified by the Token parameter. The group of the token is specified in the token itself. In either
/// case, if the CreatorDescriptor parameter is not NULL, the NewDescriptor group is set to the group from CreatorDescriptor.
///
SEF_DEFAULT_GROUP_FROM_PARENT = 0x40,
/// A principal with a mandatory level lower than that of the object cannot write to the object.
SEF_MACL_NO_WRITE_UP = 0x100,
/// A principal with a mandatory level lower than that of the object cannot read the object.
SEF_MACL_NO_READ_UP = 0x200,
/// A principal with a mandatory level lower than that of the object cannot execute the object.
SEF_MACL_NO_EXECUTE_UP = 0x400,
/// Undocumented
SEF_AI_USE_EXTRA_PARAMS = 0x800,
///
/// Any restrictions specified by the ParentDescriptor parameter that would limit the caller's ability to specify a DACL in the
/// CreatorDescriptor are ignored.
///
SEF_AVOID_OWNER_RESTRICTION = 0x1000,
/// Undocumented
SEF_FORCE_USER_MODE = 0x2000
}
/// The SID_NAME_USE enumeration contains values that specify the type of a security identifier (SID).
public enum SID_NAME_USE
{
/// A user SID.
SidTypeUser = 1,
/// A group SID
SidTypeGroup,
/// A domain SID.
SidTypeDomain,
/// An alias SID.
SidTypeAlias,
/// A SID for a well-known group.
SidTypeWellKnownGroup,
/// A SID for a deleted account.
SidTypeDeletedAccount,
/// A SID that is not valid.
SidTypeInvalid,
/// A SID of unknown type/.
SidTypeUnknown,
/// A SID for a computer.
SidTypeComputer,
/// A mandatory integrity label SID.
SidTypeLabel,
///
SidTypeLogonSession
}
///
/// The access policy for principals with a mandatory integrity level lower than the object associated with the SACL that contains
/// this ACE.
///
[PInvokeData("winnt.h")]
[Flags]
public enum SYSTEM_MANDATORY_LABEL : uint
{
/// A principal with a lower mandatory level than the object cannot write to the object.
SYSTEM_MANDATORY_LABEL_NO_WRITE_UP = 0x1,
/// A principal with a lower mandatory level than the object cannot read the object.
SYSTEM_MANDATORY_LABEL_NO_READ_UP = 0x2,
/// A principal with a lower mandatory level than the object cannot execute the object.
SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP = 0x4,
}
///
/// The TOKEN_ELEVATION_TYPE enumeration indicates the elevation type of token being queried by the GetTokenInformation function.
///
[PInvokeData("winnt.h")]
public enum TOKEN_ELEVATION_TYPE
{
/// The token does not have a linked token.
TokenElevationTypeDefault = 1,
/// The token is an elevated token.
TokenElevationTypeFull,
/// The token is a limited token.
TokenElevationTypeLimited
}
///
/// The TOKEN_INFORMATION_CLASS enumeration contains values that specify the type of information being assigned to or retrieved from
/// an access token.
/// The GetTokenInformation function uses these values to indicate the type of token information to retrieve.
/// The SetTokenInformation function uses these values to set the token information.
///
[PInvokeData("winnt.h")]
public enum TOKEN_INFORMATION_CLASS
{
/// The buffer receives a TOKEN_USER structure that contains the user account of the token.
[CorrespondingType(typeof(TOKEN_USER), CorrespondingAction.Get)]
TokenUser = 1,
/// The buffer receives a TOKEN_GROUPS structure that contains the group accounts associated with the token.
[CorrespondingType(typeof(TOKEN_GROUPS), CorrespondingAction.Get)]
TokenGroups,
/// The buffer receives a TOKEN_PRIVILEGES structure that contains the privileges of the token.
[CorrespondingType(typeof(TOKEN_PRIVILEGES), CorrespondingAction.Get)]
TokenPrivileges,
///
/// The buffer receives a TOKEN_OWNER structure that contains the default owner security identifier (SID) for newly created objects.
///
[CorrespondingType(typeof(TOKEN_OWNER), CorrespondingAction.GetSet)]
TokenOwner,
///
/// The buffer receives a TOKEN_PRIMARY_GROUP structure that contains the default primary group SID for newly created objects.
///
[CorrespondingType(typeof(TOKEN_PRIMARY_GROUP), CorrespondingAction.GetSet)]
TokenPrimaryGroup,
/// The buffer receives a TOKEN_DEFAULT_DACL structure that contains the default DACL for newly created objects.
[CorrespondingType(typeof(TOKEN_DEFAULT_DACL), CorrespondingAction.GetSet)]
TokenDefaultDacl,
///
/// The buffer receives a TOKEN_SOURCE structure that contains the source of the token. TOKEN_QUERY_SOURCE access is needed to
/// retrieve this information.
///
[CorrespondingType(typeof(TOKEN_SOURCE), CorrespondingAction.Get)]
TokenSource,
/// The buffer receives a TOKEN_TYPE value that indicates whether the token is a primary or impersonation token.
[CorrespondingType(typeof(TOKEN_TYPE), CorrespondingAction.Get)]
TokenType,
///
/// The buffer receives a SECURITY_IMPERSONATION_LEVEL value that indicates the impersonation level of the token. If the access
/// token is not an impersonation token, the function fails.
///
[CorrespondingType(typeof(SECURITY_IMPERSONATION_LEVEL), CorrespondingAction.Get)]
TokenImpersonationLevel,
/// The buffer receives a TOKEN_STATISTICS structure that contains various token statistics.
[CorrespondingType(typeof(TOKEN_STATISTICS), CorrespondingAction.Get)]
TokenStatistics,
/// The buffer receives a TOKEN_GROUPS structure that contains the list of restricting SIDs in a restricted token.
[CorrespondingType(typeof(TOKEN_GROUPS), CorrespondingAction.Get)]
TokenRestrictedSids,
///
/// The buffer receives a DWORD value that indicates the Terminal Services session identifier that is associated with the token.
/// If the token is associated with the terminal server client session, the session identifier is nonzero.
///
/// Windows Server 2003 and Windows XP: If the token is associated with the terminal server console session, the session
/// identifier is zero.
///
/// In a non-Terminal Services environment, the session identifier is zero.
///
/// If TokenSessionId is set with SetTokenInformation, the application must have the Act As Part Of the Operating System
/// privilege, and the application must be enabled to set the session ID in a token.
///
///
[CorrespondingType(typeof(uint), CorrespondingAction.GetSet)]
TokenSessionId,
///
/// The buffer receives a TOKEN_GROUPS_AND_PRIVILEGES structure that contains the user SID, the group accounts, the restricted
/// SIDs, and the authentication ID associated with the token.
///
[CorrespondingType(typeof(TOKEN_GROUPS_AND_PRIVILEGES), CorrespondingAction.Get)]
TokenGroupsAndPrivileges,
/// Reserved.
[CorrespondingType(CorrespondingAction.Exception)]
TokenSessionReference,
/// The buffer receives a DWORD value that is nonzero if the token includes the SANDBOX_INERT flag.
[CorrespondingType(typeof(uint), CorrespondingAction.Get)]
TokenSandBoxInert,
/// Reserved.
[CorrespondingType(CorrespondingAction.Exception)]
TokenAuditPolicy,
///
/// The buffer receives a TOKEN_ORIGIN value.
///
/// If the token resulted from a logon that used explicit credentials, such as passing a name, domain, and password to the
/// LogonUser function, then the TOKEN_ORIGIN structure will contain the ID of the logon session that created it.
///
///
/// If the token resulted from network authentication, such as a call to AcceptSecurityContext or a call to LogonUser with
/// dwLogonType set to LOGON32_LOGON_NETWORK or LOGON32_LOGON_NETWORK_CLEARTEXT, then this value will be zero.
///
///
[CorrespondingType(typeof(TOKEN_ORIGIN), CorrespondingAction.GetSet)]
TokenOrigin,
/// The buffer receives a TOKEN_ELEVATION_TYPE value that specifies the elevation level of the token.
[CorrespondingType(typeof(TOKEN_ELEVATION_TYPE), CorrespondingAction.Get)]
TokenElevationType,
///
/// The buffer receives a TOKEN_LINKED_TOKEN structure that contains a handle to another token that is linked to this token.
///
[CorrespondingType(typeof(TOKEN_LINKED_TOKEN), CorrespondingAction.GetSet)]
TokenLinkedToken,
/// The buffer receives a TOKEN_ELEVATION structure that specifies whether the token is elevated.
[CorrespondingType(typeof(TOKEN_ELEVATION), CorrespondingAction.Get)]
TokenElevation,
/// The buffer receives a DWORD value that is nonzero if the token has ever been filtered.
[CorrespondingType(typeof(uint), CorrespondingAction.Get)]
TokenHasRestrictions,
///
/// The buffer receives a TOKEN_ACCESS_INFORMATION structure that specifies security information contained in the token.
///
[CorrespondingType(typeof(TOKEN_ACCESS_INFORMATION), CorrespondingAction.Get)]
TokenAccessInformation,
/// The buffer receives a DWORD value that is nonzero if virtualization is allowed for the token.
[CorrespondingType(typeof(uint), CorrespondingAction.GetSet)]
TokenVirtualizationAllowed,
/// The buffer receives a DWORD value that is nonzero if virtualization is enabled for the token.
[CorrespondingType(typeof(uint), CorrespondingAction.GetSet)]
TokenVirtualizationEnabled,
/// The buffer receives a TOKEN_MANDATORY_LABEL structure that specifies the token's integrity level.
[CorrespondingType(typeof(TOKEN_MANDATORY_LABEL), CorrespondingAction.GetSet)]
TokenIntegrityLevel,
/// The buffer receives a DWORD value that is nonzero if the token has the UIAccess flag set.
[CorrespondingType(typeof(uint), CorrespondingAction.GetSet)]
TokenUIAccess,
/// The buffer receives a TOKEN_MANDATORY_POLICY structure that specifies the token's mandatory integrity policy.
[CorrespondingType(typeof(TOKEN_MANDATORY_POLICY), CorrespondingAction.GetSet)]
TokenMandatoryPolicy,
/// The buffer receives a TOKEN_GROUPS structure that specifies the token's logon SID.
[CorrespondingType(typeof(TOKEN_GROUPS), CorrespondingAction.Get)]
TokenLogonSid,
///
/// The buffer receives a DWORD value that is nonzero if the token is an application container token. Any callers who check the
/// TokenIsAppContainer and have it return 0 should also verify that the caller token is not an identify level impersonation
/// token. If the current token is not an application container but is an identity level token, you should return AccessDenied.
///
[CorrespondingType(typeof(uint), CorrespondingAction.Get)]
TokenIsAppContainer,
/// The buffer receives a TOKEN_GROUPS structure that contains the capabilities associated with the token.
[CorrespondingType(typeof(TOKEN_GROUPS), CorrespondingAction.Get)]
TokenCapabilities,
///
/// The buffer receives a TOKEN_APPCONTAINER_INFORMATION structure that contains the AppContainerSid associated with the token.
/// If the token is not associated with an application container, the TokenAppContainer member of the
/// TOKEN_APPCONTAINER_INFORMATION structure points to NULL.
///
[CorrespondingType(typeof(TOKEN_APPCONTAINER_INFORMATION), CorrespondingAction.Get)]
TokenAppContainerSid,
///
/// The buffer receives a DWORD value that includes the application container number for the token. For tokens that are not
/// application container tokens, this value is zero.
///
[CorrespondingType(typeof(uint), CorrespondingAction.Get)]
TokenAppContainerNumber,
///
/// The buffer receives a CLAIM_SECURITY_ATTRIBUTES_INFORMATION structure that contains the user claims associated with the token.
///
[CorrespondingType(typeof(CLAIM_SECURITY_ATTRIBUTES_INFORMATION), CorrespondingAction.Get)]
TokenUserClaimAttributes,
///
/// The buffer receives a CLAIM_SECURITY_ATTRIBUTES_INFORMATION structure that contains the device claims associated with the token.
///
[CorrespondingType(typeof(CLAIM_SECURITY_ATTRIBUTES_INFORMATION), CorrespondingAction.Get)]
TokenDeviceClaimAttributes,
/// This value is reserved.
[CorrespondingType(CorrespondingAction.Exception)]
TokenRestrictedUserClaimAttributes,
/// This value is reserved.
[CorrespondingType(CorrespondingAction.Exception)]
TokenRestrictedDeviceClaimAttributes,
/// The buffer receives a TOKEN_GROUPS structure that contains the device groups that are associated with the token.
[CorrespondingType(typeof(TOKEN_GROUPS), CorrespondingAction.Get)]
TokenDeviceGroups,
///
/// The buffer receives a TOKEN_GROUPS structure that contains the restricted device groups that are associated with the token.
///
[CorrespondingType(typeof(TOKEN_GROUPS), CorrespondingAction.Get)]
TokenRestrictedDeviceGroups,
/// This value is reserved.
[CorrespondingType(CorrespondingAction.Exception)]
TokenSecurityAttributes,
/// This value is reserved.
[CorrespondingType(CorrespondingAction.Exception)]
TokenIsRestricted
}
/// The TOKEN_TYPE enumeration contains values that differentiate between a primary token and an impersonation token.
[Serializable]
[PInvokeData("winnt.h")]
public enum TOKEN_TYPE
{
/// Indicates a primary token.
TokenPrimary = 1,
/// Indicates an impersonation token.
TokenImpersonation = 2
}
/// Token access flags.
[Flags]
[PInvokeData("winnt.h")]
public enum TokenAccess : uint
{
///
/// Required to attach a primary token to a process. The SE_ASSIGNPRIMARYTOKEN_NAME privilege is also required to accomplish this task.
///
TOKEN_ASSIGN_PRIMARY = 0x0001,
/// Required to duplicate an access token.
TOKEN_DUPLICATE = 0x0002,
/// Required to attach an impersonation access token to a process.
TOKEN_IMPERSONATE = 0x0004,
/// Required to query an access token.
TOKEN_QUERY = 0x0008,
/// Required to query the source of an access token.
TOKEN_QUERY_SOURCE = 0x0010,
/// Required to enable or disable the privileges in an access token.
TOKEN_ADJUST_PRIVILEGES = 0x0020,
/// Required to adjust the attributes of the groups in an access token.
TOKEN_ADJUST_GROUPS = 0x0040,
/// Required to change the default owner, primary group, or DACL of an access token.
TOKEN_ADJUST_DEFAULT = 0x0080,
/// Required to adjust the session ID of an access token. The SE_TCB_NAME privilege is required.
TOKEN_ADJUST_SESSIONID = 0x0100,
/// The token all access p
TOKEN_ALL_ACCESS_P = 0x000F00FF,
/// Combines all possible access rights for a token.
TOKEN_ALL_ACCESS = 0x000F01FF,
/// Combines STANDARD_RIGHTS_READ and TOKEN_QUERY.
TOKEN_READ = 0x00020008,
/// Combines STANDARD_RIGHTS_WRITE, TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, and TOKEN_ADJUST_DEFAULT.
TOKEN_WRITE = 0x000200E0,
/// Combines STANDARD_RIGHTS_EXECUTE and TOKEN_IMPERSONATE.
TOKEN_EXECUTE = 0x00020000
}
/// The mandatory integrity access policy for the associated token.
[PInvokeData("winnt.h", MSDNShortId = "f5fc438b-c4f0-46f6-a188-52ce660d13da")]
public enum TokenMandatoryPolicy
{
/// No mandatory integrity policy is enforced for the token.
TOKEN_MANDATORY_POLICY_OFF = 0x0,
/// A process associated with the token cannot write to objects that have a greater mandatory integrity level.
TOKEN_MANDATORY_POLICY_NO_WRITE_UP = 0x1,
///
/// A process created with the token has an integrity level that is the lesser of the parent-process integrity level and the
/// executable-file integrity level.
///
TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN = 0x2,
/// A combination of TOKEN_MANDATORY_POLICY_NO_WRITE_UP and TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN.
TOKEN_MANDATORY_POLICY_VALID_MASK = 0x3,
}
///
///
/// The WELL_KNOWN_SID_TYPE enumeration is a list of commonly used security identifiers (SIDs). Programs can pass these values
/// to the CreateWellKnownSid function to create a SID from this list.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/winnt/ne-winnt-well_known_sid_type
[PInvokeData("winnt.h", MSDNShortId = "6f1fa59e-17c0-412b-937b-ddf746ed68bd")]
public enum WELL_KNOWN_SID_TYPE
{
/// Indicates a null SID.
WinNullSid,
/// Indicates a SID that matches everyone.
WinWorldSid,
/// Indicates a local SID.
WinLocalSid,
/// Indicates a SID that matches the owner or creator of an object.
WinCreatorOwnerSid,
/// Indicates a SID that matches the creator group of an object.
WinCreatorGroupSid,
/// Indicates a creator owner server SID.
WinCreatorOwnerServerSid,
/// Indicates a creator group server SID.
WinCreatorGroupServerSid,
/// Indicates a SID for the Windows NT authority account.
WinNtAuthoritySid,
/// Indicates a SID for a dial-up account.
WinDialupSid,
///
/// Indicates a SID for a network account. This SID is added to the process of a token when it logs on across a network. The
/// corresponding logon type is LOGON32_LOGON_NETWORK.
///
WinNetworkSid,
///
/// Indicates a SID for a batch process. This SID is added to the process of a token when it logs on as a batch job. The
/// corresponding logon type is LOGON32_LOGON_BATCH.
///
WinBatchSid,
///
/// Indicates a SID for an interactive account. This SID is added to the process of a token when it logs on interactively. The
/// corresponding logon type is LOGON32_LOGON_INTERACTIVE.
///
WinInteractiveSid,
///
/// Indicates a SID for a service. This SID is added to the process of a token when it logs on as a service. The corresponding
/// logon type is LOGON32_LOGON_SERVICE.
///
WinServiceSid,
/// Indicates a SID for the anonymous account.
WinAnonymousSid,
/// Indicates a proxy SID.
WinProxySid,
/// Indicates a SID for an enterprise controller.
WinEnterpriseControllersSid,
/// Indicates a SID for self.
WinSelfSid,
/// Indicates a SID that matches any authenticated user.
WinAuthenticatedUserSid,
/// Indicates a SID for restricted code.
WinRestrictedCodeSid,
/// Indicates a SID that matches a terminal server account.
WinTerminalServerSid,
/// Indicates a SID that matches remote logons.
WinRemoteLogonIdSid,
/// Indicates a SID that matches logon IDs.
WinLogonIdsSid,
/// Indicates a SID that matches the local system.
WinLocalSystemSid,
/// Indicates a SID that matches a local service.
WinLocalServiceSid,
/// Indicates a SID that matches a network service.
WinNetworkServiceSid,
/// Indicates a SID that matches the domain account.
WinBuiltinDomainSid,
/// Indicates a SID that matches the administrator group.
WinBuiltinAdministratorsSid,
/// Indicates a SID that matches built-in user accounts.
WinBuiltinUsersSid,
/// Indicates a SID that matches the guest account.
WinBuiltinGuestsSid,
/// Indicates a SID that matches the power users group.
WinBuiltinPowerUsersSid,
/// Indicates a SID that matches the account operators account.
WinBuiltinAccountOperatorsSid,
/// Indicates a SID that matches the system operators group.
WinBuiltinSystemOperatorsSid,
/// Indicates a SID that matches the print operators group.
WinBuiltinPrintOperatorsSid,
/// Indicates a SID that matches the backup operators group.
WinBuiltinBackupOperatorsSid,
/// Indicates a SID that matches the replicator account.
WinBuiltinReplicatorSid,
/// Indicates a SID that matches pre-Windows 2000 compatible accounts.
WinBuiltinPreWindows2000CompatibleAccessSid,
/// Indicates a SID that matches remote desktop users.
WinBuiltinRemoteDesktopUsersSid,
/// Indicates a SID that matches the network operators group.
WinBuiltinNetworkConfigurationOperatorsSid,
/// Indicates a SID that matches the account administrator's account.
WinAccountAdministratorSid,
/// Indicates a SID that matches the account guest group.
WinAccountGuestSid,
/// Indicates a SID that matches account Kerberos target group.
WinAccountKrbtgtSid,
/// Indicates a SID that matches the account domain administrator group.
WinAccountDomainAdminsSid,
/// Indicates a SID that matches the account domain users group.
WinAccountDomainUsersSid,
/// Indicates a SID that matches the account domain guests group.
WinAccountDomainGuestsSid,
/// Indicates a SID that matches the account computer group.
WinAccountComputersSid,
/// Indicates a SID that matches the account controller group.
WinAccountControllersSid,
/// Indicates a SID that matches the certificate administrators group.
WinAccountCertAdminsSid,
/// Indicates a SID that matches the schema administrators group.
WinAccountSchemaAdminsSid,
/// Indicates a SID that matches the enterprise administrators group.
WinAccountEnterpriseAdminsSid,
/// Indicates a SID that matches the policy administrators group.
WinAccountPolicyAdminsSid,
/// Indicates a SID that matches the RAS and IAS server account.
WinAccountRasAndIasServersSid,
/// Indicates a SID present when the Microsoft NTLM authentication package authenticated the client.
WinNTLMAuthenticationSid,
/// Indicates a SID present when the Microsoft Digest authentication package authenticated the client.
WinDigestAuthenticationSid,
/// Indicates a SID present when the Secure Channel (SSL/TLS) authentication package authenticated the client.
WinSChannelAuthenticationSid,
///
/// Indicates a SID present when the user authenticated from within the forest or across a trust that does not have the selective
/// authentication option enabled. If this SID is present, then WinOtherOrganizationSid cannot be present.
///
WinThisOrganizationSid,
///
/// Indicates a SID present when the user authenticated across a forest with the selective authentication option enabled. If this
/// SID is present, then WinThisOrganizationSid cannot be present.
///
WinOtherOrganizationSid,
///
/// Indicates a SID that allows a user to create incoming forest trusts. It is added to the token of users who are a member of
/// the Incoming Forest Trust Builders built-in group in the root domain of the forest.
///
WinBuiltinIncomingForestTrustBuildersSid,
/// Indicates a SID that matches the performance monitor user group.
WinBuiltinPerfMonitoringUsersSid,
/// Indicates a SID that matches the performance log user group.
WinBuiltinPerfLoggingUsersSid,
/// Indicates a SID that matches the Windows Authorization Access group.
WinBuiltinAuthorizationAccessSid,
/// Indicates a SID is present in a server that can issue terminal server licenses.
WinBuiltinTerminalServerLicenseServersSid,
/// Indicates a SID that matches the distributed COM user group.
WinBuiltinDCOMUsersSid,
/// Indicates a SID that matches the Internet built-in user group.
WinBuiltinIUsersSid,
/// Indicates a SID that matches the Internet user group.
WinIUserSid,
///
/// Indicates a SID that allows a user to use cryptographic operations. It is added to the token of users who are a member of the
/// CryptoOperators built-in group.
///
WinBuiltinCryptoOperatorsSid,
/// Indicates a SID that matches an untrusted label.
WinUntrustedLabelSid,
/// Indicates a SID that matches an low level of trust label.
WinLowLabelSid,
/// Indicates a SID that matches an medium level of trust label.
WinMediumLabelSid,
/// Indicates a SID that matches a high level of trust label.
WinHighLabelSid,
/// Indicates a SID that matches a system label.
WinSystemLabelSid,
/// Indicates a SID that matches a write restricted code group.
WinWriteRestrictedCodeSid,
/// Indicates a SID that matches a creator and owner rights group.
WinCreatorOwnerRightsSid,
/// Indicates a SID that matches a cacheable principals group.
WinCacheablePrincipalsGroupSid,
/// Indicates a SID that matches a non-cacheable principals group.
WinNonCacheablePrincipalsGroupSid,
/// Indicates a SID that matches an enterprise wide read-only controllers group.
WinEnterpriseReadonlyControllersSid,
/// Indicates a SID that matches an account read-only controllers group.
WinAccountReadonlyControllersSid,
/// Indicates a SID that matches an event log readers group.
WinBuiltinEventLogReadersGroup,
/// Indicates a SID that matches a read-only enterprise domain controller.
WinNewEnterpriseReadonlyControllersSid,
/// Indicates a SID that matches the built-in DCOM certification services access group.
WinBuiltinCertSvcDComAccessGroup,
///
/// Indicates a SID that matches the medium plus integrity label. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows
/// Vista, Windows Server 2003 and Windows XP: This value is not available.
///
WinMediumPlusLabelSid,
///
/// Indicates a SID that matches a local logon group. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista,
/// Windows Server 2003 and Windows XP: This value is not available.
///
WinLocalLogonSid,
///
/// Indicates a SID that matches a console logon group. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista,
/// Windows Server 2003 and Windows XP: This value is not available.
///
WinConsoleLogonSid,
/// Undocumented
WinThisOrganizationCertificateSid,
///
/// Indicates a SID that matches the application package authority. Windows Server 2008 R2, Windows 7, Windows Server 2008,
/// Windows Vista, Windows Server 2003 and Windows XP: This value is not available.
///
WinApplicationPackageAuthoritySid,
/// Undocumented
WinBuiltinAnyPackageSid,
///
/// Indicates a SID of Internet client capability for app containers. Windows Server 2008 R2, Windows 7, Windows Server 2008,
/// Windows Vista, Windows Server 2003 and Windows XP: This value is not available.
///
WinCapabilityInternetClientSid,
/// Undocumented
WinCapabilityInternetClientServerSid,
///
/// Indicates a SID of private network client and server capability for app containers. Windows Server 2008 R2, Windows 7,
/// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not available.
///
WinCapabilityPrivateNetworkClientServerSid,
/// Undocumented
WinCapabilityPicturesLibrarySid,
///
/// Indicates a SID for videos library capability for app containers. Windows Server 2008 R2, Windows 7, Windows Server 2008,
/// Windows Vista, Windows Server 2003 and Windows XP: This value is not available.
///
WinCapabilityVideosLibrarySid,
/// Undocumented
WinCapabilityMusicLibrarySid,
///
/// Indicates a SID for documents library capability for app containers. Windows Server 2008 R2, Windows 7, Windows Server 2008,
/// Windows Vista, Windows Server 2003 and Windows XP: This value is not available.
///
WinCapabilityDocumentsLibrarySid,
/// Undocumented
WinCapabilitySharedUserCertificatesSid,
///
/// Indicates a SID for Windows credentials capability for app containers. Windows Server 2008 R2, Windows 7, Windows Server
/// 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not available.
///
WinCapabilityEnterpriseAuthenticationSid,
/// Undocumented
WinCapabilityRemovableStorageSid,
///
WinBuiltinRDSRemoteAccessServersSid,
///
WinBuiltinRDSEndpointServersSid,
///
WinBuiltinRDSManagementServersSid,
///
WinUserModeDriversSid,
///
WinBuiltinHyperVAdminsSid,
///
WinAccountCloneableControllersSid,
///
WinBuiltinAccessControlAssistanceOperatorsSid,
///
WinBuiltinRemoteManagementUsersSid,
///
WinAuthenticationAuthorityAssertedSid,
///
WinAuthenticationServiceAssertedSid,
///
WinLocalAccountSid,
///
WinLocalAccountAndAdministratorSid,
///
WinAccountProtectedUsersSid,
///
WinCapabilityAppointmentsSid,
///
WinCapabilityContactsSid,
///
WinAccountDefaultSystemManagedSid,
///
WinBuiltinDefaultSystemManagedGroupSid,
///
WinBuiltinStorageReplicaAdminsSid,
///
WinAccountKeyAdminsSid,
///
WinAccountEnterpriseKeyAdminsSid,
///
WinAuthenticationKeyTrustSid,
///
WinAuthenticationKeyPropertyMFASid,
///
WinAuthenticationKeyPropertyAttestationSid,
///
WinAuthenticationFreshKeyAuthSid,
///
WinBuiltinDeviceOwnersSid,
}
///
/// The ACCESS_ALLOWED_ACE structure defines an access control entry (ACE) for the discretionary access control list (DACL)
/// that controls access to an object. An access-allowed ACE allows access to an object for a specific trustee identified by a
/// security identifier (SID).
///
///
///
/// ACE structures must be aligned on DWORD boundaries. All Windows memory-management functions return DWORD-aligned
/// handles to memory.
///
///
/// The access rights specified by the Mask member are granted to any trustee that possesses an enabled SID that matches the
/// SID stored in the SidStart member.
///
///
/// An ACCESS_ALLOWED_ACE structure can be created in an access control list (ACL) by a call to the AddAccessAllowedAce or
/// AddAccessAllowedAceEx function. When these functions are used, the correct amount of memory needed to accommodate the trustee's
/// SID is allocated and the values of the Header.AceType and Header.AceSize members are set automatically. If the
/// AddAccessAllowedAceEx function is used, the Header.AceFlags member is also set. When an ACCESS_ALLOWED_ACE
/// structure is created outside an ACL, sufficient memory must be allocated to accommodate the complete SID of the trustee in the
/// SidStart member and the contiguous memory following it, and the values of the Header.AceType,
/// Header.AceFlags, and Header.AceSize members must be set explicitly by the application.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_allowed_ace typedef struct _ACCESS_ALLOWED_ACE {
// ACE_HEADER Header; ACCESS_MASK Mask; DWORD SidStart; } ACCESS_ALLOWED_ACE;
[PInvokeData("winnt.h", MSDNShortId = "002a3fa7-02a3-4832-948e-b048f5f5818f")]
[StructLayout(LayoutKind.Sequential)]
public struct ACCESS_ALLOWED_ACE
{
///
/// ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by
/// child objects. The AceType member of the ACE_HEADER structure should be set to ACCESS_ALLOWED_ACE_TYPE, and the AceSize
/// member should be set to the total number of bytes allocated for the ACCESS_ALLOWED_ACE structure.
///
public ACE_HEADER Header;
/// Specifies an ACCESS_MASK structure that specifies the access rights granted by this ACE.
public ACCESS_MASK Mask;
///
/// The first DWORD of a trustee's SID. The remaining bytes of the SID are stored in contiguous memory after the SidStart member.
/// This SID can be appended with application data.
///
public uint SidStart;
}
///
///
/// The ACCESS_ALLOWED_CALLBACK_ACE structure defines an access control entry (ACE) for the discretionary access control list
/// (DACL) that controls access to an object. An access-allowed ACE allows access to an object for a specific trustee identified by a
/// security identifier (SID).
///
///
/// When the AuthzAccessCheck function is called, each ACCESS_ALLOWED_CALLBACK_ACE structure contained in the DACL of a
/// SECURITY_DESCRIPTOR structure passed through a pointer to the AuthzAccessCheck function invokes a call to the
/// application-defined AuthzAccessCheckCallback function, in which a pointer to the ACCESS_ALLOWED_CALLBACK_ACE structure
/// found is passed in the pAce parameter.
///
///
///
///
/// ACE structures must be aligned on DWORD boundaries. All Windows memory-management functions return DWORD-aligned
/// handles to memory.
///
///
/// The access rights specified by the Mask member are granted to any trustee that possesses an enabled SID that matches the
/// SID stored in the SidStart member.
///
///
/// When an ACCESS_ALLOWED_CALLBACK_ACE structure is created, sufficient memory must be allocated to accommodate the complete
/// SID of the trustee in the SidStart member and the contiguous memory that follows it.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_allowed_callback_ace typedef struct
// _ACCESS_ALLOWED_CALLBACK_ACE { ACE_HEADER Header; ACCESS_MASK Mask; DWORD SidStart; } ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE;
[PInvokeData("winnt.h", MSDNShortId = "0dbca19b-4b54-4c55-920a-c00335692d68")]
[StructLayout(LayoutKind.Sequential)]
public struct ACCESS_ALLOWED_CALLBACK_ACE
{
///
/// ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by
/// child objects. The AceType member of the ACE_HEADER structure should be set to
/// ACCESS_ALLOWED_CALLBACK_ACE_TYPE, and the AceSize member should be set to the total number of bytes allocated for the
/// ACCESS_ALLOWED_CALLBACK_ACE structure.
///
public ACE_HEADER Header;
/// Specifies an ACCESS_MASK structure that specifies the access rights granted by this ACE.
public ACCESS_MASK Mask;
/// The first DWORD of a trustee's SID.
public uint SidStart;
}
///
///
/// The ACCESS_ALLOWED_CALLBACK_OBJECT_ACE structure defines an access control entry (ACE) that controls allowed access to an
/// object, property set, or property. The ACE contains a set of access rights, a GUID that identifies the type of object, and
/// a security identifier (SID) that identifies the trustee to whom the system will grant access. The ACE also contains a GUID
/// and a set of flags that control inheritance of the ACE by child objects.
///
///
/// When the AuthzAccessCheck function is called, each ACCESS_ALLOWED_CALLBACK_OBJECT_ACE structure contained in the DACL of a
/// SECURITY_DESCRIPTOR structure passed through a pointer to the AuthzAccessCheck function invokes a call to the
/// application-defined AuthzAccessCheckCallback function, in which a pointer to the ACCESS_ALLOWED_CALLBACK_OBJECT_ACE
/// structure found is passed in the pAce parameter.
///
///
///
///
/// If neither the ObjectType nor InheritedObjectTypeGUID is specified, the
/// ACCESS_ALLOWED_CALLBACK_OBJECT_ACE structure has the same semantics as those used by the ACCESS_ALLOWED_CALLBACK_ACE
/// structure. In that case, use the ACCESS_ALLOWED_CALLBACK_ACE structure because it is smaller and more efficient.
///
///
/// An ACL that contains an ACCESS_ALLOWED_CALLBACK_OBJECT_ACE must specify the ACL_REVISION_DS revision number in its ACL header.
///
///
/// The access rights specified by the Mask member are granted to any trustee that possesses an enabled SID that matches the
/// SID stored in the SidStart member.
///
///
/// When an ACCESS_ALLOWED_CALLBACK_OBJECT_ACE structure is created, sufficient memory must be allocated to accommodate the
/// GUID structures in the ObjectType and InheritedObjectType members, if one or both of them exists, as well as to
/// accommodate the complete SID of the trustee in the SidStart member and the contiguous memory that follows it.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_allowed_callback_object_ace typedef struct
// _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; DWORD Flags; GUID ObjectType; GUID InheritedObjectType;
// DWORD SidStart; } ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE;
[PInvokeData("winnt.h", MSDNShortId = "83b00ef3-f7b2-455e-8f3f-01b1da6024b7")]
[StructLayout(LayoutKind.Sequential)]
public struct ACCESS_ALLOWED_CALLBACK_OBJECT_ACE
{
///
/// ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by
/// child objects. The AceType member of the ACE_HEADER structure should be set to
/// ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE, and the AceSize member should be set to the total number of bytes allocated
/// for the ACCESS_ALLOWED_CALLBACK_OBJECT_ACE structure.
///
public ACE_HEADER Header;
/// An ACCESS_MASK that specifies the access rights the system will allow to the trustee.
public ACCESS_MASK Mask;
///
///
/// A set of bit flags that indicate whether the ObjectType and InheritedObjectType members are present. This
/// parameter can be one or more of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Neither ObjectType nor InheritedObjectType are present. The SidStart member follows immediately after the Flags member.
///
/// -
/// ACE_OBJECT_TYPE_PRESENT
///
/// ObjectType is present and contains a GUID. If this value is not specified, the InheritedObjectType member follows immediately
/// after the Flags member.
///
///
/// -
/// ACE_INHERITED_OBJECT_TYPE_PRESENT
///
/// InheritedObjectType is present and contains a GUID. If this value is not specified, all types of child objects can inherit
/// the ACE.
///
///
///
///
public ObjectAceFlags Flags;
///
///
/// This member exists only if the ACE_OBJECT_TYPE_PRESENT bit is set in the Flags member. Otherwise, the
/// InheritedObjectType member follows immediately after the Flags member.
///
///
/// If this member exists, it is a GUID structure that identifies a property set, property, extended right, or type of child
/// object. The purpose of this GUID depends on the access rights specified in the Mask member.
///
///
///
/// Value
/// Meaning
///
/// -
/// ADS_RIGHT_DS_CONTROL_ACCESS
/// The ObjectType GUID identifies an extended access right.
///
/// -
/// ADS_RIGHT_DS_CREATE_CHILD
///
/// The ObjectType GUID identifies a type of child object. The ACE controls the trustee's right to create this type of child object.
///
///
/// -
/// ADS_RIGHT_DS_READ_PROP
///
/// The ObjectType GUID identifies a property set or property of the object. The ACE controls the trustee's right to read the
/// property or property set.
///
///
/// -
/// ADS_RIGHT_DS_WRITE_PROP
///
/// The ObjectType GUID identifies a property set or property of the object. The ACE controls the trustee's right to write the
/// property or property set.
///
///
/// -
/// ADS_RIGHT_DS_SELF
/// The ObjectType GUID identifies a validated write.
///
///
///
public Guid ObjectType;
///
/// This member exists only if the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is set in the Flags member.
///
/// If this member exists, it is a GUID structure that identifies the type of child object that can inherit the ACE. Inheritance
/// is also controlled by the inheritance flags in the ACE_HEADER, as well as by any protection against inheritance placed on the
/// child objects.
///
///
/// The offset of this member can vary. If the Flags member does not contain the ACE_OBJECT_TYPE_PRESENT flag, the
/// InheritedObjectType member starts at the offset specified by the ObjectType member.
///
///
public Guid InheritedObjectType;
///
/// The first DWORD of a trustee's SID. The remaining bytes of the SID are stored in contiguous memory after the
/// SidStart member. This SID can be appended with application data.
///
public uint SidStart;
}
///
/// The ACCESS_ALLOWED_OBJECT_ACE structure defines an access control entry (ACE) that controls allowed access to an object, a
/// property set, or property. The ACE contains a set of access rights, a GUID that identifies the type of object, and a
/// security identifier (SID) that identifies the trustee to whom the system will grant access. The ACE also contains a GUID
/// and a set of flags that control inheritance of the ACE by child objects.
///
///
///
/// If neither the ObjectType nor InheritedObjectType GUID is specified, the ACCESS_ALLOWED_OBJECT_ACE structure
/// has the same semantics as those used by the ACCESS_ALLOWED_ACE structure. In that case, use the ACCESS_ALLOWED_ACE
/// structure because it is smaller and more efficient.
///
/// An ACL that contains an ACCESS_ALLOWED_OBJECT_ACE must specify the ACL_REVISION_DS revision number in its ACL header.
///
/// The access rights specified by the Mask member are granted to any trustee that possesses an enabled SID that matches the
/// SID stored in the SidStart member.
///
///
/// An ACCESS_ALLOWED_OBJECT_ACE structure can be created in an access control list (ACL) by a call to the
/// AddAccessAllowedObjectAce function. When this function is used, the correct amount of memory needed to accommodate the GUID
/// structures in the ObjectType and InheritedObjectType members, if one or both of them exists, as well as to
/// accommodate the trustee's SID is automatically allocated. In addition, the values of the Header.AceType and
/// Header.AceSize members are set automatically. When an ACCESS_ALLOWED_OBJECT_ACE structure is created outside an
/// ACL, sufficient memory must be allocated to accommodate the GUID structures in the ObjectType and
/// InheritedObjectType members, if one or both of them exists, as well as to accommodate the complete SID of the trustee in
/// the SidStart member and the contiguous memory following it. In addition, the values of the Header.AceType and
/// Header.AceSize members must be set explicitly by the application.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/winnt/ns-winnt-_access_allowed_object_ace typedef struct
// _ACCESS_ALLOWED_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; DWORD Flags; GUID ObjectType; GUID InheritedObjectType; DWORD
// SidStart; } ACCESS_ALLOWED_OBJECT_ACE, *PACCESS_ALLOWED_OBJECT_ACE;
[PInvokeData("winnt.h", MSDNShortId = "ee91ca50-e81b-4872-95eb-349c2d5be004")]
[StructLayout(LayoutKind.Sequential)]
public struct ACCESS_ALLOWED_OBJECT_ACE
{
///
/// ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by
/// child objects. The AceType member of the ACE_HEADER structure should be set to ACCESS_ALLOWED_OBJECT_ACE_TYPE,
/// and the AceSize member should be set to the total number of bytes allocated for the ACCESS_ALLOWED_OBJECT_ACE structure.
///
public ACE_HEADER Header;
/// An ACCESS_MASK that specifies the access rights the system will allow to the trustee.
public ACCESS_MASK Mask;
///
///
/// A set of bit flags that indicate whether the ObjectType and InheritedObjectType members are present. This
/// parameter can be one or more of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Neither ObjectType nor InheritedObjectType are present. The SidStart member follows immediately after the Flags member.
///
/// -
/// ACE_OBJECT_TYPE_PRESENT
///
/// ObjectType is present and contains a GUID. If this value is not specified, the InheritedObjectType member follows immediately
/// after the Flags member.
///
///
/// -
/// ACE_INHERITED_OBJECT_TYPE_PRESENT
///
/// InheritedObjectType is present and contains a GUID. If this value is not specified, all types of child objects can inherit
/// the ACE.
///
///
///
///
public ObjectAceFlags Flags;
///
///
/// This member exists only if the ACE_OBJECT_TYPE_PRESENT bit is set in the Flags member. Otherwise, the
/// InheritedObjectType member follows immediately after the Flags member.
///
///
/// If this member exists, it is a GUID structure that identifies a property set, property, extended right, or type of child
/// object. The purpose of this GUID depends on the access rights specified in the Mask member.
///
///
///
/// Value
/// Meaning
///
/// -
/// ADS_RIGHT_DS_CONTROL_ACCESS
/// The ObjectType GUID identifies an extended access right.
///
/// -
/// ADS_RIGHT_DS_CREATE_CHILD
///
/// The ObjectType GUID identifies a type of child object. The ACE controls the trustee's right to create this type of child object.
///
///
/// -
/// ADS_RIGHT_DS_READ_PROP
///
/// The ObjectType GUID identifies a property set or property of the object. The ACE controls the trustee's right to read the
/// property or property set.
///
///
/// -
/// ADS_RIGHT_DS_WRITE_PROP
///
/// The ObjectType GUID identifies a property set or property of the object. The ACE controls the trustee's right to write the
/// property or property set.
///
///
/// -
/// ADS_RIGHT_DS_SELF
/// The ObjectType GUID identifies a validated write.
///
///
///
public Guid ObjectType;
///
/// This member exists only if the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is set in the Flags member.
///
/// If this member exists, it is a GUID structure that identifies the type of child object that can inherit the ACE. Inheritance
/// is also controlled by the inheritance flags in the ACE_HEADER, as well as by any protection against inheritance placed on the
/// child objects.
///
///
/// The offset of this member can vary. If the Flags member does not contain the ACE_OBJECT_TYPE_PRESENT flag, the
/// InheritedObjectType member starts at the offset specified by the ObjectType member.
///
///
public Guid InheritedObjectType;
///
///
/// Specifies the first DWORD of a SID that identifies the trustee to whom the access rights are granted. The remaining
/// bytes of the SID are stored in contiguous memory after the SidStart member. This SID can be appended with application data.
///
///
/// The offset of this member can vary. If the Flags member is zero, the SidStart member starts at the offset
/// specified by the ObjectType member. If Flags contains only one flag (either ACE_OBJECT_TYPE_PRESENT or
/// ACE_INHERITED_OBJECT_TYPE_PRESENT), the SidStart member starts at the offset specified by the
/// InheritedObjectType member.
///
///
public uint SidStart;
}
///
/// The ACCESS_DENIED_ACE structure defines an access control entry (ACE) for the discretionary access control list (DACL)
/// that controls access to an object. An access-denied ACE denies access to an object for a specific trustee identified by a
/// security identifier (SID).
///
///
///
/// ACE structures must be aligned on DWORD boundaries. All Windows memory-management functions return DWORD-aligned
/// handles to memory.
///
///
/// The access rights specified by the Mask member are denied to any trustee that possesses an enabled SID that matches the
/// SID stored in the SidStart member.
///
///
/// An ACCESS_DENIED_ACE structure can be created in an access control list (ACL) by a call to the AddAccessDeniedAce or
/// AddAccessDeniedAceEx function. When these functions are used, the correct amount of memory needed to accommodate the trustee's
/// SID is allocated and the values of the Header.AceType and Header.AceSize members are set automatically. If the
/// AddAccessDeniedAceEx function is used, the Header.AceFlags member is also set. When an ACCESS_DENIED_ACE
/// structure is created outside an ACL, sufficient memory must be allocated to accommodate the complete SID of the trustee in the
/// SidStart member and the contiguous memory following it, and the values of the Header.AceType,
/// Header.AceFlags, and Header.AceSize members must be set explicitly by the application.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_denied_ace typedef struct _ACCESS_DENIED_ACE { ACE_HEADER
// Header; ACCESS_MASK Mask; DWORD SidStart; } ACCESS_DENIED_ACE;
[PInvokeData("winnt.h", MSDNShortId = "d76a92d0-ccd0-4e73-98b6-43bcd661134d")]
[StructLayout(LayoutKind.Sequential)]
public struct ACCESS_DENIED_ACE
{
///
/// An ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE
/// by child objects. The AceType member of the ACE_HEADER structure should be set to ACCESS_DENIED_ACE_TYPE, and
/// the AceSize member should be set to the total number of bytes allocated for the ACCESS_DENIED_ACE structure.
///
public ACE_HEADER Header;
/// An ACCESS_MASK structure that specifies the access rights explicitly denied by this ACE.
public ACCESS_MASK Mask;
///
/// The first DWORD of a trustee's SID. The remaining bytes of the SID are stored in contiguous memory after the
/// SidStart member. This SID can be appended with application data.
///
public uint SidStart;
}
///
///
/// The ACCESS_DENIED_CALLBACK_ACE structure defines an access control entry (ACE) for the discretionary access control list
/// (DACL) that controls access to an object. An access-denied ACE denies access to an object for a specific trustee identified by a
/// security identifier (SID).
///
///
/// When the AuthzAccessCheck function is called, each ACCESS_DENIED_CALLBACK_ACE structure contained in the DACL of a
/// SECURITY_DESCRIPTOR structure passed through a pointer to the AuthzAccessCheck function invokes a call to the
/// application–defined AuthzAccessCheckCallback function, in which a pointer to the ACCESS_DENIED_CALLBACK_ACE structure
/// found is passed in the pAce parameter.
///
///
///
///
/// ACE structures must be aligned on DWORD boundaries. All Windows memory-management functions return DWORD-aligned
/// handles to memory.
///
///
/// The access rights specified by the Mask member are granted to any trustee that possesses an enabled SID that matches the
/// SID stored in the SidStart member.
///
///
/// When an ACCESS_DENIED_CALLBACK_ACE structure is created, sufficient memory must be allocated to accommodate the complete
/// SID of the trustee in the SidStart member and the contiguous memory that follows it.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_denied_callback_ace typedef struct
// _ACCESS_DENIED_CALLBACK_ACE { ACE_HEADER Header; ACCESS_MASK Mask; DWORD SidStart; } ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE;
[PInvokeData("winnt.h", MSDNShortId = "6df77b27-7aa3-455f-bffe-eeb90ba1bc15")]
[StructLayout(LayoutKind.Sequential)]
public struct ACCESS_DENIED_CALLBACK_ACE
{
///
/// ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by
/// child objects. The AceType member of the ACE_HEADER structure should be set to ACCESS_DENIED_CALLBACK_ACE_TYPE,
/// and the AceSize member should be set to the total number of bytes allocated for the ACCESS_DENIED_CALLBACK_ACE structure.
///
public ACE_HEADER Header;
/// Specifies an ACCESS_MASK structure that specifies the access rights explicitly denied by this ACE.
public ACCESS_MASK Mask;
///
/// The first DWORD of a trustee's SID. The remaining bytes of the SID are stored in contiguous memory after the
/// SidStart member. This SID can be appended with application data.
///
public uint SidStart;
}
///
///
/// The ACCESS_DENIED_CALLBACK_OBJECT_ACE structure defines an access control entry (ACE) that controls denied access to an
/// object, a property set, or property. The ACE contains a set of access rights, a GUID that identifies the type of object,
/// and a security identifier (SID) that identifies the trustee to whom the system will deny access. The ACE also contains a
/// GUID and a set of flags that control inheritance of the ACE by child objects.
///
///
/// When the AuthzAccessCheck function is called, each ACCESS_DENIED_CALLBACK_OBJECT_ACE structure contained in the DACL of a
/// SECURITY_DESCRIPTOR structure passed through a pointer to the AuthzAccessCheck function invokes a call to the
/// application–defined AuthzAccessCheckCallback function, in which a pointer to the ACCESS_DENIED_CALLBACK_OBJECT_ACE
/// structure found is passed in the pAce parameter.
///
///
///
///
/// If neither the ObjectType nor InheritedObjectTypeGUID is specified, the
/// ACCESS_DENIED_CALLBACK_OBJECT_ACE structure has the same semantics as those used by the ACCESS_DENIED_CALLBACK_ACE
/// structure. In that case, use the ACCESS_DENIED_CALLBACK_ACE structure because it is smaller and more efficient.
///
///
/// An ACL that contains an ACCESS_DENIED_CALLBACK_OBJECT_ACE must specify the ACL_REVISION_DS revision number in its ACL header.
///
///
/// The access rights specified by the Mask member are denied to any trustee that possesses an enabled SID that matches the
/// SID stored in the SidStart member.
///
///
/// When an ACCESS_DENIED_CALLBACK_OBJECT_ACE structure is created, sufficient memory must be allocated to accommodate the
/// GUID structures in the ObjectType and InheritedObjectType members, if one or both of them exists, as well as to
/// accommodate the complete SID of the trustee in the SidStart member and the contiguous memory that follows it.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_denied_callback_object_ace typedef struct
// _ACCESS_DENIED_CALLBACK_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; DWORD Flags; GUID ObjectType; GUID InheritedObjectType;
// DWORD SidStart; } ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE;
[PInvokeData("winnt.h", MSDNShortId = "945d9c3b-922f-481d-bb1d-3dca50fb9edb")]
[StructLayout(LayoutKind.Sequential)]
public struct ACCESS_DENIED_CALLBACK_OBJECT_ACE
{
///
/// ACE_HEADER structure that specifies the size and type of ACE. It contains flags that control inheritance of the ACE by child
/// objects. The AceType member of the ACE_HEADER structure should be set to ACCESS_DENIED_CALLBACK_ACE_TYPE, and
/// the AceSize member should be set to the total number of bytes allocated for the
/// ACCESS_DENIED_CALLBACK_OBJECT_ACE structure.
///
public ACE_HEADER Header;
/// An ACCESS_MASK that specifies the access rights the system will deny to the trustee.
public ACCESS_MASK Mask;
///
///
/// A set of bit flags that indicate whether the ObjectType and InheritedObjectType members are present. This
/// parameter can be one or more of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Neither ObjectType nor InheritedObjectType are present. The SidStart member follows immediately after the Flags member.
///
/// -
/// ACE_OBJECT_TYPE_PRESENT
///
/// ObjectType is present and contains a GUID. If this value is not specified, the InheritedObjectType member follows immediately
/// after the Flags member.
///
///
/// -
/// ACE_INHERITED_OBJECT_TYPE_PRESENT
///
/// InheritedObjectType is present and contains a GUID. If this value is not specified, all types of child objects can inherit
/// the ACE.
///
///
///
///
public ObjectAceFlags Flags;
///
///
/// This member exists only if the ACE_OBJECT_TYPE_PRESENT bit is set in the Flags member. Otherwise, the
/// InheritedObjectType member follows immediately after the Flags member.
///
///
/// If this member exists, it is a GUID structure that identifies a property set, property, extended right, or type of child
/// object. The purpose of this GUID depends on the access rights specified in the Mask member.
///
///
///
/// Value
/// Meaning
///
/// -
/// ADS_RIGHT_DS_CONTROL_ACCESS
/// The ObjectType GUID identifies an extended access right.
///
/// -
/// ADS_RIGHT_DS_CREATE_CHILD
///
/// The ObjectType GUID identifies a type of child object. The ACE controls the trustee's right to create this type of child object.
///
///
/// -
/// ADS_RIGHT_DS_READ_PROP
///
/// The ObjectType GUID identifies a property set or property of the object. The ACE controls the trustee's right to read the
/// property or property set.
///
///
/// -
/// ADS_RIGHT_DS_WRITE_PROP
///
/// The ObjectType GUID identifies a property set or property of the object. The ACE controls the trustee's right to write the
/// property or property set.
///
///
/// -
/// ADS_RIGHT_DS_SELF
/// The ObjectType GUID identifies a validated write.
///
///
///
public Guid ObjectType;
///
/// This member exists only if the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is set in the Flags member.
///
/// If this member exists, it is a GUID structure that identifies the type of child object that can inherit the ACE. Inheritance
/// is also controlled by the inheritance flags in the ACE_HEADER, as well as by any protection against inheritance placed on the
/// child objects.
///
///
/// The offset of this member can vary. If the Flags member does not contain the ACE_OBJECT_TYPE_PRESENT flag, the
/// InheritedObjectType member starts at the offset specified by the ObjectType member.
///
///
public Guid InheritedObjectType;
///
/// The first DWORD of a trustee's SID. The remaining bytes of the SID are stored in contiguous memory after the
/// SidStart member. This SID can be appended with application data.
///
public uint SidStart;
}
///
/// The ACCESS_DENIED_OBJECT_ACE structure defines an access control entry (ACE) that controls denied access to an object, a
/// property set, or property. The ACE contains a set of access rights, a GUID that identifies the type of object, and a
/// security identifier (SID) that identifies the trustee to whom the system will deny access. The ACE also contains a GUID
/// and a set of flags that control inheritance of the ACE by child objects.
///
///
///
/// If neither the ObjectType nor InheritedObjectTypeGUID is specified, the ACCESS_DENIED_OBJECT_ACE
/// structure has the same semantics as those used by the ACCESS_DENIED_ACE structure. In that case, use the ACCESS_DENIED_ACE
/// structure because it is smaller and more efficient.
///
/// An ACL that contains an ACCESS_DENIED_OBJECT_ACE must specify the ACL_REVISION_DS revision number in its ACL header.
///
/// The access rights specified by the Mask member are denied to any trustee that possesses an enabled SID that matches the
/// SID stored in the SidStart member.
///
///
/// An ACCESS_DENIED_OBJECT_ACE structure can be created in an access control list (ACL) by a call to the
/// AddAccessDeniedObjectAce function. When this function is used, the correct amount of memory needed to accommodate the GUID
/// structures in the ObjectType and InheritedObjectType members, if one or both of them exists, as well as to
/// accommodate the trustee's SID is automatically allocated. In addition, the values of the Header.AceType and
/// Header.AceSize members are set automatically. When an ACCESS_DENIED_OBJECT_ACE structure is created outside an ACL,
/// sufficient memory must be allocated to accommodate the GUID structures in the ObjectType and InheritedObjectType
/// members, if one or both of them exists, as well as to accommodate the complete SID of the trustee in the SidStart member
/// and the contiguous memory following it. In addition, the values of the Header.AceType and Header.AceSize members
/// must be set explicitly by the application.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_denied_object_ace typedef struct
// _ACCESS_DENIED_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; DWORD Flags; GUID ObjectType; GUID InheritedObjectType; DWORD
// SidStart; } ACCESS_DENIED_OBJECT_ACE, *PACCESS_DENIED_OBJECT_ACE;
[PInvokeData("winnt.h", MSDNShortId = "80e00c2b-7c31-428d-96c1-c4e3d22619f3")]
[StructLayout(LayoutKind.Sequential)]
public struct ACCESS_DENIED_OBJECT_ACE
{
///
/// ACE_HEADER structure that specifies the size and type of ACE. It contains flags that control inheritance of the ACE by child
/// objects. The AceType member of the ACE_HEADER structure should be set to ACCESS_DENIED_OBJECT_ACE_TYPE, and the
/// AceSize member should be set to the total number of bytes allocated for the ACCESS_DENIED_OBJECT_ACE structure.
///
public ACE_HEADER Header;
/// An ACCESS_MASK that specifies the access rights the system will deny to the trustee.
public ACCESS_MASK Mask;
///
///
/// A set of bit flags that indicate whether the ObjectType and InheritedObjectType members are present. This
/// parameter can be one or more of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Neither ObjectType nor InheritedObjectType are present. The SidStart member follows immediately after the Flags member.
///
/// -
/// ACE_OBJECT_TYPE_PRESENT
///
/// ObjectType is present and contains a GUID. If this value is not specified, the InheritedObjectType member follows immediately
/// after the Flags member.
///
///
/// -
/// ACE_INHERITED_OBJECT_TYPE_PRESENT
///
/// InheritedObjectType is present and contains a GUID. If this value is not specified, all types of child objects can inherit
/// the ACE.
///
///
///
///
public ObjectAceFlags Flags;
///
///
/// This member exists only if the ACE_OBJECT_TYPE_PRESENT bit is set in the Flags member. Otherwise, the
/// InheritedObjectType member follows immediately after the Flags member.
///
///
/// If this member exists, it is a GUID structure that identifies a property set, property, extended right, or type of child
/// object. The purpose of this GUID depends on the access rights specified in the Mask member.
///
///
///
/// Value
/// Meaning
///
/// -
/// ADS_RIGHT_DS_CONTROL_ACCESS
/// The ObjectType GUID identifies an extended access right.
///
/// -
/// ADS_RIGHT_DS_CREATE_CHILD
///
/// The ObjectType GUID identifies a type of child object. The ACE controls the trustee's right to create this type of child object.
///
///
/// -
/// ADS_RIGHT_DS_READ_PROP
///
/// The ObjectType GUID identifies a property set or property of the object. The ACE controls the trustee's right to read the
/// property or property set.
///
///
/// -
/// ADS_RIGHT_DS_WRITE_PROP
///
/// The ObjectType GUID identifies a property set or property of the object. The ACE controls the trustee's right to write the
/// property or property set.
///
///
/// -
/// ADS_RIGHT_DS_SELF
/// The ObjectType GUID identifies a validated write.
///
///
///
public Guid ObjectType;
///
/// This member exists only if the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is set in the Flags member.
///
/// If this member exists, it is a GUID structure that identifies the type of child object that can inherit the ACE. Inheritance
/// is also controlled by the inheritance flags in the ACE_HEADER, as well as by any protection against inheritance placed on the
/// child objects.
///
///
/// The offset of this member can vary. If the Flags member does not contain the ACE_OBJECT_TYPE_PRESENT flag, the
/// InheritedObjectType member starts at the offset specified by the ObjectType member.
///
///
public Guid InheritedObjectType;
///
///
/// Specifies the first DWORD of a SID that identifies the trustee for whom the access rights are denied. The remaining
/// bytes of the SID are stored in contiguous memory after the SidStart member. This SID can be appended with application data.
///
///
/// The offset of this member can vary. If the Flags member is zero, the SidStart member starts at the offset
/// specified by the ObjectType member. If Flags contains only one flag (either ACE_OBJECT_TYPE_PRESENT or
/// ACE_INHERITED_OBJECT_TYPE_PRESENT), the SidStart member starts at the offset specified by the
/// InheritedObjectType member.
///
///
public uint SidStart;
}
/// The ACE_HEADER structure describes the type and size of an access-control entry (ACE).
///
/// The ACE_HEADER structure is the first member of the various types of ACE structures, such as ACCESS_ALLOWED_ACE.
///
/// System-alarm ACEs are not currently supported. The AceType member cannot specify the SYSTEM_ALARM_ACE_TYPE. Do not use the
/// SYSTEM_ALARM_ACE structure.
///
///
// https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/ntifs/ns-ntifs-_ace_header typedef struct _ACE_HEADER {
// UCHAR AceType; UCHAR AceFlags; USHORT AceSize; } ACE_HEADER;
[PInvokeData("ntifs.h", MSDNShortId = "f5f39310-8b15-4d6b-a985-3f25522a16b1")]
[StructLayout(LayoutKind.Sequential)]
public struct ACE_HEADER
{
///
/// ACE type. This member can be one of the following values:
///
///
/// Value
/// Meaning
///
/// -
/// ACCESS_ALLOWED_ACE_TYPE
/// Access-allowed ACE that uses the ACCESS_ALLOWED_ACE structure.
///
/// -
/// ACCESS_DENIED_ACE_TYPE
/// Access-denied ACE that uses the ACCESS_DENIED_ACE structure.
///
/// -
/// SYSTEM_AUDIT_ACE_TYPE
/// System-audit ACE that uses the SYSTEM_AUDIT_ACE structure.
///
///
///
public AceType AceType;
///
/// Set of ACE type-specific control flags. This member can be a combination of the following values:
///
///
/// Value
/// Meaning
///
/// -
/// CONTAINER_INHERIT_ACE
///
/// Child objects that are containers, such as directories, inherit the ACE as an effective ACE. The inherited ACE is inheritable
/// unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.
///
///
/// -
/// FAILED_ACCESS_ACE_FLAG
/// Used with system-audit ACEs in a SACL to generate audit messages for failed access attempts.
///
/// -
/// INHERIT_ONLY_ACE
///
/// Indicates an inherit-only ACE which does not control access to the object to which it is attached. If this flag is not set,
/// the ACE is an effective ACE which controls access to the object to which it is attached. Both effective and inherit-only ACEs
/// can be inherited depending on the state of the other inheritance flags.
///
///
/// -
/// INHERITED_ACE
///
/// Microsoft Windows 2000 or later: Indicates that the ACE was inherited. The system sets this bit when it propagates an
/// inherited ACE to a child object.
///
///
/// -
/// NO_PROPAGATE_INHERIT_ACE
///
/// If the ACE is inherited by a child object, the system clears the OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags in the
/// inherited ACE. This prevents the ACE from being inherited by subsequent generations of objects.
///
///
/// -
/// OBJECT_INHERIT_ACE
///
/// Noncontainer child objects inherit the ACE as an effective ACE. For child objects that are containers, the ACE is inherited
/// as an inherit-only ACE unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.
///
///
/// -
/// SUCCESSFUL_ACCESS_ACE_FLAG
/// Used with system-audit ACEs in a SACL to generate audit messages for successful access attempts.
///
///
///
public AceFlags AceFlags;
/// Size, in bytes, of the ACE.
public ushort AceSize;
/// Initializes a new instance of the struct.
/// ACE type.
/// Set of ACE type-specific control flags.
/// Size, in bytes, of the ACE.
public ACE_HEADER(AceType aceType, AceFlags aceFlags, int aceSize)
{
AceType = aceType;
AceFlags = aceFlags;
AceSize = (ushort)aceSize;
}
}
///
/// The ACL structure is the header of an access control list (ACL). A complete ACL consists of an ACL structure followed by an
/// ordered list of zero or more access control entries (ACEs).
///
///
/// An ACL includes a sequential list of zero or more ACEs. The individual ACEs in an ACL are numbered from 0 to n, where n+1 is the
/// number of ACEs in the ACL. When editing an ACL, an application refers to an ACE within the ACL by the ACE's index.
/// There are two types of ACL: discretionary and system.
///
/// A discretionary access control list (DACL) is controlled by the owner of an object or anyone granted WRITE_DAC access to the
/// object. It specifies the access particular users and groups can have to an object. For example, the owner of a file can use a
/// DACL to control which users and groups can and cannot have access to the file.
///
///
/// An object can also have system-level security information associated with it, in the form of a system access control list (SACL)
/// controlled by a system administrator. A SACL allows the system administrator to audit any attempts to gain access to an object.
///
/// For a list of currently defined ACE structures, see ACE.
/// A fourth ACE structure, SYSTEM_ALARM_ACE, is not currently supported.
///
/// The ACL structure is to be treated as though it were opaque and applications are not to attempt to work with its members
/// directly. To ensure that ACLs are semantically correct, applications can use the functions listed in the See Also section to
/// create and manipulate ACLs.
///
/// Each ACL and ACE structure begins on a DWORD boundary.
/// The maximum size for an ACL, including its ACEs, is 64 KB.
///
[StructLayout(LayoutKind.Sequential, Pack = 1)]
[PInvokeData("Winnt.h", MSDNShortId = "aa374931")]
public struct ACL
{
///
/// Specifies the revision level of the ACL. This value should be ACL_REVISION, unless the ACL contains an object-specific ACE,
/// in which case this value must be ACL_REVISION_DS. All ACEs in an ACL must be at the same revision level.
///
public byte AclRevision;
/// Specifies a zero byte of padding that aligns the AclRevision member on a 16-bit boundary.
public byte Sbz1;
/// Specifies the size, in bytes, of the ACL. This value includes both the ACL structure and all the ACEs.
public ushort AclSize;
/// Specifies the number of ACEs stored in the ACL.
public ushort AceCount;
/// Specifies two zero-bytes of padding that align the ACL structure on a 32-bit boundary.
public ushort Sbz2;
}
/// The ACL_REVISION_INFORMATION structure contains revision information about an ACL structure.
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("Winnt.h", MSDNShortId = "aa374942")]
public struct ACL_REVISION_INFORMATION
{
/// Specifies a revision number. The current revision number is ACL_REVISION.
public uint AclRevision;
}
/// The ACL_SIZE_INFORMATION structure contains information about the size of an ACL structure.
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("Winnt.h", MSDNShortId = "aa374945")]
public struct ACL_SIZE_INFORMATION
{
/// The number of access control entries (ACEs) in the access control list (ACL).
public uint AceCount;
///
/// The number of bytes in the ACL actually used to store the ACEs and ACL structure. This may be less than the total number of
/// bytes allocated to the ACL.
///
public uint AclBytesInUse;
/// The number of unused bytes in the ACL.
public uint AclBytesFree;
}
/// The CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE structure specifies the fully qualified binary name.
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-_claim_security_attribute_fqbn_value typedef struct
// _CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE { DWORD64 Version; PWSTR Name; } CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE, *PCLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE;
[PInvokeData("winnt.h", MSDNShortId = "1FD9A519-40EA-4780-90F5-C9DF4ADAE72C")]
[StructLayout(LayoutKind.Sequential)]
public struct CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE
{
/// The version of the fully qualified binary name value.
public ulong Version;
/// A fully qualified binary name.
[MarshalAs(UnmanagedType.LPWStr)]
public string Name;
}
///
/// The CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE structure specifies the OCTET_STRING value type of the claim
/// security attribute.
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-claim_security_attribute_octet_string_value typedef struct
// _CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { PVOID pValue; DWORD ValueLength; } CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, *PCLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE;
[PInvokeData("winnt.h", MSDNShortId = "6647CC4F-1A84-43B2-A80E-7B6BF3A2D7AD")]
[StructLayout(LayoutKind.Sequential)]
public struct CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE
{
///
/// A pointer buffer that contains the OCTET_STRING value. The value is a series of bytes of the length indicated in the
/// ValueLength member.
///
public IntPtr pValue;
/// The length, in bytes, of the OCTET_STRING value.
public uint ValueLength;
}
///
/// The CLAIM_SECURITY_ATTRIBUTE_V1 structure defines a security attribute that can be associated with a token or
/// authorization context.
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-_claim_security_attribute_v1 typedef struct
// _CLAIM_SECURITY_ATTRIBUTE_V1 { PWSTR Name; WORD ValueType; WORD Reserved; DWORD Flags; DWORD ValueCount; union { PLONG64 pInt64;
// PDWORD64 pUint64; PWSTR *ppString; PCLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE pFqbn; PCLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE
// pOctetString; } Values; } CLAIM_SECURITY_ATTRIBUTE_V1, *PCLAIM_SECURITY_ATTRIBUTE_V1;
[PInvokeData("winnt.h", MSDNShortId = "FDBB9B00-01C3-474A-81FF-97C5CBA3261B")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct CLAIM_SECURITY_ATTRIBUTE_V1
{
///
/// A pointer to a string of Unicode characters that contains the name of the security attribute. This string must be at least 4
/// bytes in length.
///
[MarshalAs(UnmanagedType.LPWStr)]
public string Name;
///
///
/// A union tag value that indicates the type of information contained in the Values member. The ValueType member
/// must be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64 0x0001
/// The Values member refers to an array of LONG64 values.
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_TYPE_UINT64 0x0002
/// The Values member refers to an array of ULONG64 values.
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING 0x0003
/// The Values member refers to an array of pointers to Unicode string values.
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_TYPE_FQBN 0x0004
/// The Values member refers to an array of CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE values.
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_TYPE_SID 0x0005
///
/// The Values member refers to an array of CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE values where the pValue member of each
/// CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE is a PSID.
///
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_TYPE_BOOLEAN 0x0006
///
/// The Values member refers to an array of ULONG64 values where each element indicates a Boolean value. The value 1 indicates
/// TRUE and the value 0 indicates FALSE.
///
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING 0x0010
/// The Values member refers to an array of CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE values.
///
///
///
public CLAIM_SECURITY_ATTRIBUTE_TYPE ValueType;
/// This member is reserved and must be set to zero when sent and must be ignored when received.
public ushort Reserved;
///
///
/// The attribute flags that are a 32-bitmask. Bits 16 through 31 may be set to any value. Bits 0 through 15 must be zero or a
/// combination of one or more of the following mask values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_NON_INHERITABLE 0x0001
/// This attribute is ignored by the operating system. This claim security attribute is not inherited across processes.
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE 0x0002
/// The value of the claim security attribute is case sensitive. This flag is valid for values that contain string types.
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY 0x0004
/// The claim security attribute is considered only for deny access control entries (ACEs).
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT 0x0008
/// The claim security attribute is disabled by default.
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_DISABLED 0x0010
/// The claim security attribute is disabled and will not be applied by the AccessCheck function.
///
/// -
/// CLAIM_SECURITY_ATTRIBUTE_MANDATORY 0x0020
/// The claim security attribute is mandatory.
///
///
///
public CLAIM_SECURITY_ATTRIBUTE_FLAG Flags;
/// The number of values specified in the Values member.
public uint ValueCount;
/// An array of security attribute values of the type specified in the ValueType member.
public VALUESUNION Values;
///
[StructLayout(LayoutKind.Explicit)]
public struct VALUESUNION
{
/// Pointer to an array of ValueCount members where each member is a LONG64 of type CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64.
[FieldOffset(0)]
public IntPtr pInt64;
/// Pointer to an array of ValueCount members where each member is a ULONG64 of type CLAIM_SECURITY_ATTRIBUTE_TYPE_UINT64.
[FieldOffset(0)]
public IntPtr pUint64;
/// Pointer to an array of ValueCount members where each member is a PWSTR of type CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING.
[FieldOffset(0)]
public IntPtr ppString;
///
/// Pointer to an array of ValueCount members where each member is a fully qualified binary name value of type CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE.
///
[FieldOffset(0)]
public IntPtr pFqbn;
/// Pointer to an array of ValueCount members where each member is an octet string of type CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE.
[FieldOffset(0)]
public IntPtr pOctetString;
}
}
/// The CLAIM_SECURITY_ATTRIBUTES_INFORMATION structure defines the security attributes for the claim.
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("Winnt.h", MSDNShortId = "hh448481")]
public struct CLAIM_SECURITY_ATTRIBUTES_INFORMATION
{
/// A default instance which sets the field.
public static readonly CLAIM_SECURITY_ATTRIBUTES_INFORMATION Default = new CLAIM_SECURITY_ATTRIBUTES_INFORMATION { Version = 1 };
/// The version of the security attribute. This must be 1.
public ushort Version;
///
/// This member is currently reserved and must be zero when setting an attribute and is ignored when getting an attribute.
///
public ushort Reserved;
/// The number of values.
public uint AttributeCount;
/// The actual attribute.
public ATTRUNION Attribute;
/// The actual attribute.
[StructLayout(LayoutKind.Explicit)]
[PInvokeData("Winnt.h", MSDNShortId = "hh448481")]
public struct ATTRUNION
{
/// Pointer to an array that contains the AttributeCount member of the CLAIM_SECURITY_ATTRIBUTE_V1 structure.
[FieldOffset(0)]
public IntPtr pAttributeV1;
}
}
///
/// Contains information that is included immediately after the newest event log record.
///
/// The ELF_EOF_RECORD structure is used in an event log to enable the event-logging service to reconstruct the
/// ELF_LOGFILE_HEADER. The event-logging service must add the ELF_EOF_RECORD to the event log. For more information
/// about ELF_EOF_RECORD, see Event Log File Format.
///
///
// typedef struct _EVENTLOGEOF { ULONG RecordSizeBeginning; ULONG One; ULONG Two; ULONG Three; ULONG Four; ULONG BeginRecord; ULONG
// EndRecord; ULONG CurrentRecordNumber; ULONG OldestRecordNumber; ULONG RecordSizeEnd;} EVENTLOGEOF, *PEVENTLOGEOF; https://msdn.microsoft.com/en-us/library/windows/desktop/bb309022(v=vs.85).aspx
[PInvokeData("Winnt.h", MSDNShortId = "bb309022")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct EVENTLOGEOF
{
/// The beginning size of the ELF_EOF_RECORD. The beginning size is always 0x28.
public uint RecordSizeBeginning;
///
/// An identifier that helps to differentiate this record from other records in the event log. The value is always set to 0x11111111.
///
public uint One;
///
/// An identifier that helps to differentiate this record from other records in the event log. The value is always set to 0x22222222.
///
public uint Two;
///
/// An identifier that helps to differentiate this record from other records in the event log. The value is always set to 0x33333333.
///
public uint Three;
///
/// An identifier that helps to differentiate this record from other records in the event log. The value is always set to 0x44444444.
///
public uint Four;
/// The offset to the oldest record. If the event log is empty, this is set to the start of this structure.
public uint BeginRecord;
/// The offset to the start of this structure.
public uint EndRecord;
/// The record number of the next event that will be written to the event log.
public uint CurrentRecordNumber;
/// The record number of the oldest record in the event log. The record number will be 0 if the event log is empty.
public uint OldestRecordNumber;
/// The ending size of the ELF_EOF_RECORD. The ending size is always 0x28.
public uint RecordSizeEnd;
}
///
/// Contains information that is included at the beginning of an event log.
///
/// The ELF_LOGFILE_HEADER structure is used at the beginning of an event log to define information about the event log. The
/// event-logging service must add the ELF_LOGFILE_HEADER to the event log. For more information about how the
/// ELF_LOGFILE_HEADER is used, see Event Log File Format.
///
///
// typedef struct _EVENTLOGHEADER { ULONG HeaderSize; ULONG Signature; ULONG MajorVersion; ULONG MinorVersion; ULONG StartOffset;
// ULONG EndOffset; ULONG CurrentRecordNumber; ULONG OldestRecordNumber; ULONG MaxSize; ULONG Flags; ULONG Retention; ULONG
// EndHeaderSize;} EVENTLOGHEADER, *PEVENTLOGHEADER; https://msdn.microsoft.com/en-us/library/windows/desktop/bb309024(v=vs.85).aspx
[PInvokeData("Winnt.h", MSDNShortId = "bb309024")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct EVENTLOGHEADER
{
/// The size of the header structure. The size is always 0x30.
public uint HeaderSize;
/// The signature is always 0x654c664c, which is ASCII for eLfL.
public uint Signature;
/// The major version number of the event log. The major version number is always set to 1.
public uint MajorVersion;
/// The minor version number of the event log. The minor version number is always set to 1.
public uint MinorVersion;
/// The offset to the oldest record in the event log.
public uint StartOffset;
/// The offset to the ELF_EOF_RECORD in the event log.
public uint EndOffset;
/// The number of the next record that will be added to the event log.
public uint CurrentRecordNumber;
/// The number of the oldest record in the event log. For an empty file, the oldest record number is set to 0.
public uint OldestRecordNumber;
///
/// The maximum size, in bytes, of the event log. The maximum size is defined when the event log is created. The event-logging
/// service does not typically update this value, it relies on the registry configuration. The reader of the event log can use
/// normal file APIs to determine the size of the file. For more information about registry configuration values, see Eventlog Key.
///
public uint MaxSize;
///
/// The status of the event log. This member can be one of the following values:
///
///
///
/// Value
/// Meaning
///
/// -
/// ELF_LOGFILE_HEADER_DIRTY0x0001
///
/// Indicates that records have been written to an event log, but the event log file has not been properly closed. For more
/// information about this flag, see the Remarks section.
///
///
/// -
/// ELF_LOGFILE_HEADER_WRAP0x0002
/// Indicates that records in the event log have wrapped.
///
/// -
/// ELF_LOGFILE_LOGFULL_WRITTEN0x0004
/// Indicates that the most recent write attempt failed due to insufficient space.
///
/// -
/// ELF_LOGFILE_ARCHIVE_SET0x0008
///
/// Indicates that the archive attribute has been set for the file. Normal file APIs can also be used to determine the value of
/// this flag.
///
///
///
///
///
public ELF_FLAGS Flags;
///
/// The retention value of the file when it is created. The event-logging service does not typically update this value, it relies
/// on the registry configuration. For more information about registry configuration values, see Eventlog Key.
///
public uint Retention;
/// The ending size of the header structure. The size is always 0x30.
public uint EndHeaderSize;
}
/// Contains information about an event record returned by the ReadEventLog function.
///
///
/// The defined members are followed by the replacement strings for the message identified by the event identifier, the binary
/// information, some pad bytes to make sure the full entry is on a DWORD boundary, and finally the length of the log entry
/// again. Because the strings and the binary information can be of any length, no structure members are defined to reference them.
/// The declaration of this structure in Winnt.h describes these members as follows:
///
///
/// The source name is a variable-length string that specifies the name of the event source. The computer name is the name of the
/// computer that generated the event. It may be followed with some padding bytes so that the user SID is aligned on a DWORD
/// boundary. The user SID identifies the active user at the time this event was logged. If UserSidLength is zero, this field
/// may be empty.
///
///
/// The event identifier together with source name and a language identifier identify a string that describes the event in more
/// detail. The strings are used as replacement strings and are merged into the message string to make a complete message. The
/// message strings are contained in a message file specified in the source entry in the registry. To obtain the appropriate message
/// string from the message file, load the message file with the LoadLibrary function and use the FormatMessage function.
///
///
/// The binary information is information that is specific to the event. It could be the contents of the processor registers when a
/// device driver got an error, a dump of an invalid packet that was received from the network, a dump of all the structures in a
/// program (when the data area was detected to be corrupt), and so on. This information should be useful to the writer of the device
/// driver or the application in tracking down bugs or unauthorized breaks into the application.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/winnt/ns-winnt-_eventlogrecord typedef struct _EVENTLOGRECORD { DWORD Length;
// DWORD Reserved; DWORD RecordNumber; DWORD TimeGenerated; DWORD TimeWritten; DWORD EventID; WORD EventType; WORD NumStrings; WORD
// EventCategory; WORD ReservedFlags; DWORD ClosingRecordNumber; DWORD StringOffset; DWORD UserSidLength; DWORD UserSidOffset; DWORD
// DataLength; DWORD DataOffset; } EVENTLOGRECORD, *PEVENTLOGRECORD;
[PInvokeData("winnt.h", MSDNShortId = "669b182a-bc81-4386-9815-6ffa09e2e743")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct EVENTLOGRECORD
{
///
/// The size of this event record, in bytes. Note that this value is stored at both ends of the entry to ease moving forward or
/// backward through the log. The length includes any pad bytes inserted at the end of the record for DWORD alignment.
///
public uint Length;
/// A DWORD value that is always set to ELF_LOG_SIGNATURE (the value is 0x654c664c), which is ASCII for eLfL.
public uint Reserved;
///
/// The number of the record. This value can be used with the EVENTLOG_SEEK_READ flag in the ReadEventLog function to begin
/// reading at a specified record. For more information, see Event Log Records.
///
public uint RecordNumber;
///
/// The time at which this entry was submitted. This time is measured in the number of seconds elapsed since 00:00:00 January 1,
/// 1970, Universal Coordinated Time.
///
public uint TimeGenerated;
///
/// The time at which this entry was received by the service to be written to the log. This time is measured in the number of
/// seconds elapsed since 00:00:00 January 1, 1970, Universal Coordinated Time.
///
public uint TimeWritten;
///
/// The event identifier. The value is specific to the event source for the event, and is used with source name to locate a
/// description string in the message file for the event source. For more information, see Event Identifiers.
///
public uint EventID;
///
/// The type of event. This member can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// EVENTLOG_ERROR_TYPE 0x0001
/// Error event
///
/// -
/// EVENTLOG_AUDIT_FAILURE 0x0010
/// Failure Audit event
///
/// -
/// EVENTLOG_AUDIT_SUCCESS 0x0008
/// Success Audit event
///
/// -
/// EVENTLOG_INFORMATION_TYPE 0x0004
/// Information event
///
/// -
/// EVENTLOG_WARNING_TYPE 0x0002
/// Warning event
///
///
/// For more information, see Event Types.
///
public EVENTLOG_TYPE EventType;
///
/// The number of strings present in the log (at the position indicated by StringOffset). These strings are merged into
/// the message before it is displayed to the user.
///
public ushort NumStrings;
///
/// The category for this event. The meaning of this value depends on the event source. For more information, see Event Categories.
///
public ushort EventCategory;
/// Reserved.
public ushort ReservedFlags;
/// Reserved.
public uint ClosingRecordNumber;
/// The offset of the description strings within this event log record.
public uint StringOffset;
/// The size of the UserSid member, in bytes. This value can be zero if no security identifier was provided.
public uint UserSidLength;
///
/// The offset of the security identifier (SID) within this event log record. To obtain the user name for this SID, use the
/// LookupAccountSid function.
///
public uint UserSidOffset;
/// The size of the event-specific data (at the position indicated by DataOffset), in bytes.
public uint DataLength;
///
/// The offset of the event-specific information within this event log record, in bytes. This information could be something
/// specific (a disk driver might log the number of retries, for example), followed by binary information specific to the event
/// being logged and to the source that generated the entry.
///
public uint DataOffset;
}
///
/// Defines the mapping of generic access rights to specific and standard access rights for an object. When a client application
/// requests generic access to an object, that request is mapped to the access rights defined in this structure.
///
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("Winnt.h", MSDNShortId = "aa446633")]
public struct GENERIC_MAPPING
{
/// Specifies an access mask defining read access to an object.
public uint GenericRead;
/// Specifies an access mask defining write access to an object.
public uint GenericWrite;
/// Specifies an access mask defining execute access to an object.
public uint GenericExecute;
/// Specifies an access mask defining all possible types of access to an object.
public uint GenericAll;
/// Initializes a new instance of the structure.
/// The read mapping.
/// The write mapping.
/// The execute mapping.
/// The 'all' mapping.
public GENERIC_MAPPING(uint read, uint write, uint execute, uint all)
{
GenericRead = read;
GenericWrite = write;
GenericExecute = execute;
GenericAll = all;
}
/// The generic file mappings (FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_GENERIC_READ, FILE_ALL_ACCESS).
public static readonly GENERIC_MAPPING GenericFileMapping = new GENERIC_MAPPING((uint)FileAccess.FILE_GENERIC_READ, (uint)FileAccess.FILE_GENERIC_WRITE, (uint)FileAccess.FILE_GENERIC_READ, (uint)FileAccess.FILE_ALL_ACCESS);
}
///
/// An LUID is a 64-bit value guaranteed to be unique only on the system on which it was generated. The uniqueness of a locally
/// unique identifier (LUID) is guaranteed only until the system is restarted.
/// Applications must use functions and structures to manipulate LUID values.
///
[StructLayout(LayoutKind.Sequential, Pack = 1)]
public struct LUID
{
/// Low order bits.
public uint LowPart;
/// High order bits.
public int HighPart;
/// Gets the privilege name for this LUID.
///
/// Name of the system on which to perform the lookup. Specifying null will query the local system.
///
/// The name retrieved for the LUID.
public string GetName(string systemName = null)
{
var sb = new StringBuilder(1024);
var sz = (uint)sb.Capacity;
if (!LookupPrivilegeName(systemName, in this, sb, ref sz))
Win32Error.ThrowLastError();
return sb.ToString();
}
/// Creates a new LUID instance from a privilege name.
/// The privilege name.
///
/// Name of the system on which to perform the lookup. Specifying null will query the local system.
///
/// The LUID instance corresponding to the .
public static LUID FromName(string name, string systemName = null) =>
!LookupPrivilegeValue(systemName, name, out var val) ? throw Win32Error.GetLastError().GetException() : val;
///
/// Creates a new LUID that is unique to the local system only, and uniqueness is guaranteed only until the system is next restarted.
///
/// A new LUID.
public static LUID NewLUID()
{
if (!AllocateLocallyUniqueId(out var ret))
Win32Error.ThrowLastError();
return ret;
}
/// Returns a that represents this instance.
/// A that represents this instance.
public override string ToString()
{
try { return GetName(); } catch { return $"0x{Macros.MAKELONG64(LowPart, (uint)HighPart):X}"; }
}
}
/// The LUID_AND_ATTRIBUTES structure represents a locally unique identifier (LUID) and its attributes.
///
/// An LUID_AND_ATTRIBUTES structure can represent an LUID whose attributes change frequently, such as when the LUID is used to
/// represent privileges in the PRIVILEGE_SET structure. Privileges are represented by LUIDs and have attributes indicating whether
/// they are currently enabled or disabled.
///
[StructLayout(LayoutKind.Sequential, Pack = 1)]
public struct LUID_AND_ATTRIBUTES
{
/// Specifies a LUID value.
public LUID Luid;
///
/// Specifies attributes of the LUID. This value contains up to 32 one-bit flags. Its meaning is dependent on the definition and
/// use of the LUID.
///
public PrivilegeAttributes Attributes;
/// Initializes a new instance of the struct.
/// The LUID value.
/// The attribute value.
public LUID_AND_ATTRIBUTES(LUID luid, PrivilegeAttributes attr)
{
Luid = luid;
Attributes = attr;
}
/// Returns a that represents this instance.
/// A that represents this instance.
public override string ToString() => $"{Luid}:{Attributes}";
}
/// The QUOTA_LIMITS structure describes the amount of system resources available to a user.
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("Winnt.h", MSDNShortId = "aa379363")]
public struct QUOTA_LIMITS
{
///
/// Specifies the amount of paged pool memory assigned to the user. The paged pool is an area of system memory (physical memory
/// used by the operating
/// system) for objects that can be written to disk when they are not being used.
///
/// The value set in this member is not enforced by the LSA. You should set this member to 0, which causes the default value to
/// be used.
///
///
public uint PagedPoolLimit;
///
/// Specifies the amount of nonpaged pool memory assigned to the user. The nonpaged pool is an area of system memory for objects
/// that cannot be written to disk but must remain in physical memory as long as they are allocated.
///
/// The value set in this member is not enforced by the LSA. You should set this member to 0, which causes the default value to
/// be used.
///
///
public uint NonPagedPoolLimit;
///
/// Specifies the minimum set size assigned to the user. The "working set" of a process is the set of memory pages currently
/// visible to the process in physical RAM memory. These pages are present in memory when the application is running and
/// available for an application to use without triggering a page fault.
///
/// The value set in this member is not enforced by the LSA. You should set this member to NULL, which causes the default value
/// to be used.
///
///
public uint MinimumWorkingSetSize;
///
/// Specifies the maximum set size assigned to the user.
///
/// The value set in this member is not enforced by the LSA. You should set this member to 0, which causes the default value to
/// be used.
///
///
public uint MaximumWorkingSetSize;
///
/// Specifies the maximum size, in bytes, of the paging file, which is a reserved space on disk that backs up committed physical
/// memory on the computer.
///
/// The value set in this member is not enforced by the LSA. You should set this member to 0, which causes the default value to
/// be used.
///
///
public uint PagefileLimit;
///
/// Indicates the maximum amount of time the process can run.
///
/// The value set in this member is not enforced by the LSA. You should set this member to NULL, which causes the default value
/// to be used.
///
///
public long TimeLimit;
}
///
/// The SECURITY_DESCRIPTOR structure contains the security information associated with an object. Applications use this structure to
/// set and query an object's security status.
///
/// Because the internal format of a security descriptor can vary, we recommend that applications not modify the SECURITY_DESCRIPTOR
/// structure directly.
///
///
[StructLayout(LayoutKind.Sequential, Pack = 1)]
[PInvokeData("Winnt.h", MSDNShortId = "aa379561")]
public struct SECURITY_DESCRIPTOR
{
/// Undocumented.
public byte Revision;
/// Undocumented.
public byte Sbz1;
/// Undocumented.
public SECURITY_DESCRIPTOR_CONTROL Control;
/// Undocumented.
public PSID Owner;
/// Undocumented.
public PSID Group;
/// Undocumented.
public PACL Sacl;
/// Undocumented.
public PACL Dacl;
}
///
/// The security identifier (SID) structure is a variable-length structure used to uniquely identify users or groups.
///
/// Applications should not modify a SID directly. To create and manipulate a security identifier, use the functions listed in the
/// See Also section.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-sid typedef struct _SID { BYTE Revision; BYTE
// SubAuthorityCount; SID_IDENTIFIER_AUTHORITY IdentifierAuthority; #if ... DWORD *SubAuthority[]; #else DWORD
// SubAuthority[ANYSIZE_ARRAY]; #endif } SID, *PISID;
[PInvokeData("winnt.h", MSDNShortId = "NS:winnt._SID")]
[VanaraMarshaler(typeof(AnySizeStringMarshaler), nameof(SubAuthorityCount))]
[StructLayout(LayoutKind.Sequential)]
public struct SID
{
///
public byte Revision;
///
public byte SubAuthorityCount;
///
public SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
///
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public uint[] SubAuthority;
}
///
/// The SID_AND_ATTRIBUTES structure represents a security identifier (SID) and its attributes. SIDs are used to uniquely identify
/// users or groups.
///
[StructLayout(LayoutKind.Sequential)]
public struct SID_AND_ATTRIBUTES
{
/// A pointer to a SID structure.
public PSID Sid;
///
/// Specifies attributes of the SID. This value contains up to 32 one-bit flags. Its meaning depends on the definition and use of
/// the SID.
///
public uint Attributes;
/// Initializes a new instance of the struct.
/// The SID.
/// The attributes of the SID.
public SID_AND_ATTRIBUTES(PSID sid, uint attributes)
{
Sid = sid;
Attributes = attributes;
}
/// Returns a that represents this instance.
/// A that represents this instance.
public override string ToString() => $"{(Sid.IsValidSid() ? Sid.ToString("N") : "")}:{Attributes}";
}
/// The SID_IDENTIFIER_AUTHORITY structure represents the top-level authority of a security identifier (SID).
[StructLayout(LayoutKind.Sequential, Pack = 1)]
[PInvokeData("Winnt.h", MSDNShortId = "aa379598")]
public struct SID_IDENTIFIER_AUTHORITY
{
/// An array of 6 bytes specifying a SID's top-level authority.
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 6)] public byte[] Value;
}
///
/// Not supported.
/// The SYSTEM_ALARM_ACE structure is reserved for future use.
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-system_alarm_ace typedef struct _SYSTEM_ALARM_ACE { ACE_HEADER
// Header; ACCESS_MASK Mask; DWORD SidStart; } SYSTEM_ALARM_ACE;
[PInvokeData("winnt.h", MSDNShortId = "491cc5c7-abb6-4d03-b3b0-ba5eedb5e2ba")]
[StructLayout(LayoutKind.Sequential)]
public struct SYSTEM_ALARM_ACE
{
///
public ACE_HEADER Header;
///
public ACCESS_MASK Mask;
///
public uint SidStart;
}
///
/// Not supported.
/// The SYSTEM_ALARM_CALLBACK_ACE structure is reserved for future use.
///
///
/// ACE structures must be aligned on DWORD boundaries. All Windows memory-management functions return DWORD-aligned
/// handles to memory.
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-system_alarm_callback_ace typedef struct
// _SYSTEM_ALARM_CALLBACK_ACE { ACE_HEADER Header; ACCESS_MASK Mask; DWORD SidStart; } SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE;
[PInvokeData("winnt.h", MSDNShortId = "8bfb579f-4bee-454e-827b-63a800bccf85")]
[StructLayout(LayoutKind.Sequential)]
public struct SYSTEM_ALARM_CALLBACK_ACE
{
///
/// ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by
/// child objects. The AceType member of the ACE_HEADER structure should be set to SYSTEM_ALARM_CALLBACK_ACE_TYPE.
///
public ACE_HEADER Header;
///
/// Specifies an ACCESS_MASK structure that gives the access rights that cause audit messages to be generated. The
/// SUCCESSFUL_ACCESS_ACE_FLAG and FAILED_ACCESS_ACE_FLAG flags in the AceFlags member of the ACE_HEADER structure
/// indicate whether messages are generated for successful access attempts, unsuccessful access attempts, or both.
///
public ACCESS_MASK Mask;
///
/// The first DWORD of a trustee's ACE. This ACE can be appended with application data. When the AuthzAccessCheckCallback
/// function is called, this ACE is passed as the pAce parameter of that function.
///
public uint SidStart;
}
///
/// Not supported.
/// The SYSTEM_ALARM_CALLBACK_OBJECT_ACE structure is reserved for future use.
///
///
///
/// If neither the ObjectType nor InheritedObjectType GUID is specified, the SYSTEM_ALARM_CALLBACK_OBJECT_ACE
/// structure has the same semantics as the SYSTEM_ALARM_CALLBACK_ACE structure. In that case, use the
/// SYSTEM_ALARM_CALLBACK_ACE structure because it is smaller and more efficient.
///
///
/// An ACL that contains an SYSTEM_ALARM_CALLBACK_OBJECT_ACE must specify the ACL_REVISION_DS revision number in its
/// ACE_HEADER structure.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-system_alarm_callback_object_ace typedef struct
// _SYSTEM_ALARM_CALLBACK_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; DWORD Flags; GUID ObjectType; GUID InheritedObjectType;
// DWORD SidStart; } SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE;
[PInvokeData("winnt.h", MSDNShortId = "3fdd0b75-666a-4064-95ed-9e708f34bed6")]
[StructLayout(LayoutKind.Sequential)]
public struct SYSTEM_ALARM_CALLBACK_OBJECT_ACE
{
///
/// ACE_HEADER structure that specifies the size and type of ACE. It contains flags that control inheritance of the ACE by child
/// objects. The structure also contains flags that indicate whether the ACE audits successful access attempts, failed access
/// attempts, or both. The AceType member of the ACE_HEADER structure should be set to SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE.
///
public ACE_HEADER Header;
/// An ACCESS_MASK that specifies the access rights the system will audit for access attempts by the trustee.
public ACCESS_MASK Mask;
///
///
/// A set of bit flags that indicate whether the ObjectType and InheritedObjectType members contain GUIDs. This
/// parameter can be a combination of the following values. Set all undefined bits to zero.
///
///
///
/// Value
/// Meaning
///
/// -
/// ACE_OBJECT_TYPE_PRESENT
/// The ObjectType member contains a GUID.
///
/// -
/// ACE_INHERITED_OBJECT_TYPE_PRESENT
/// The InheritedObjectType member contains a GUID.
///
///
///
public ObjectAceFlags Flags;
///
/// A GUID structure that identifies a property set, property, extended right, or type of child object.
///
/// This member is valid only if the ACE_OBJECT_TYPE_PRESENT bit is set in the Flags member. Otherwise, ObjectType
/// is ignored.
///
/// The purpose of this GUID depends on the access rights specified in the Mask member.
///
///
/// Value
/// Meaning
///
/// -
/// ADS_RIGHT_DS_READ_PROP and/or ADS_RIGHT_DS_WRITE_PROP
///
/// The ObjectType GUID identifies a property set or property of the object. The ACE controls auditing of the trustee's attempts
/// to read or write the property or property set.
///
///
/// -
/// ADS_RIGHT_DS_CONTROL_ACCESS
/// The ObjectType GUID identifies an extended access right.
///
/// -
/// ADS_RIGHT_DS_CREATE_CHILD
///
/// The ObjectType GUID identifies a type of child object. The ACE controls auditing of the trustee's attempts to create this
/// type of child object.
///
///
/// -
/// ADS_RIGHT_DS_SELF
/// The ObjectType GUID identifies a validated write.
///
///
///
public Guid ObjectType;
///
/// A GUID structure that identifies the type of child object that can inherit the ACE.
///
/// This member is valid only if the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is set in the Flags member. If that bit is not
/// set, InheritedObjectType is ignored and all types of child objects can inherit the ACE. In either case, inheritance is
/// also controlled by the inheritance flags in the ACE_HEADER, as well as by any protection against inheritance placed on the
/// child objects.
///
///
public Guid InheritedObjectType;
///
/// The first DWORD of a trustee's ACE. This ACE can be appended with application data. When the AuthzAccessCheckCallback
/// function is called, this ACE is passed as the pAce parameter of that function.
///
public uint SidStart;
}
/// The SYSTEM_ALARM_OBJECT_ACE structure is reserved for future use.
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-system_alarm_object_ace typedef struct _SYSTEM_ALARM_OBJECT_ACE
// { ACE_HEADER Header; ACCESS_MASK Mask; DWORD Flags; GUID ObjectType; GUID InheritedObjectType; DWORD SidStart; }
// SYSTEM_ALARM_OBJECT_ACE, *PSYSTEM_ALARM_OBJECT_ACE;
[PInvokeData("winnt.h", MSDNShortId = "a55f6039-d1d2-4a7d-a6c9-e8f51b291582")]
[StructLayout(LayoutKind.Sequential)]
public struct SYSTEM_ALARM_OBJECT_ACE
{
///
public ACE_HEADER Header;
///
public ACCESS_MASK Mask;
///
public ObjectAceFlags Flags;
///
public Guid ObjectType;
///
public Guid InheritedObjectType;
///
public uint SidStart;
}
///
/// The SYSTEM_AUDIT_ACE structure defines an access control entry (ACE) for the system access control list (SACL) that
/// specifies what types of access cause system-level notifications. A system-audit ACE causes an audit message to be logged when a
/// specified trustee attempts to gain access to an object. The trustee is identified by a security identifier (SID).
///
///
///
/// Audit messages are stored in an event log that can be manipulated by using the Windows API event-logging functions or by using
/// the Event Viewer (Eventvwr.exe).
///
///
/// ACE structures should be aligned on DWORD boundaries. All Windows memory-management functions return DWORD-aligned
/// handles to memory.
///
///
/// When a SYSTEM_AUDIT_ACE structure is created, sufficient memory must be allocated to accommodate the complete SID of the
/// trustee in the SidStart member and the contiguous memory that follows it.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-system_audit_ace typedef struct _SYSTEM_AUDIT_ACE { ACE_HEADER
// Header; ACCESS_MASK Mask; DWORD SidStart; } SYSTEM_AUDIT_ACE;
[PInvokeData("winnt.h", MSDNShortId = "c26b5856-5447-4606-8110-f24a4d235c64")]
[StructLayout(LayoutKind.Sequential)]
public struct SYSTEM_AUDIT_ACE
{
///
/// ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by
/// child objects. The AceType member of the ACE_HEADER structure should be set to SYSTEM_AUDIT_ACE_TYPE, and the
/// AceSize member should be set to the total number of bytes allocated for the SYSTEM_AUDIT_ACE structure.
///
public ACE_HEADER Header;
///
/// Specifies an ACCESS_MASK structure that gives the access rights that cause audit messages to be generated. The
/// SUCCESSFUL_ACCESS_ACE_FLAG and FAILED_ACCESS_ACE_FLAG flags in the AceFlags member of the ACE_HEADER structure
/// indicate whether messages are generated for successful access attempts, unsuccessful access attempts, or both.
///
public ACCESS_MASK Mask;
///
///
/// The first DWORD of a trustee's SID. The remaining bytes of the SID are stored in contiguous memory after the
/// SidStart member. This SID can be appended with application data.
///
///
/// An access attempt of a kind specified by the Mask member by any trustee whose SID matches the SidStart member
/// causes the system to generate an audit message. If an application does not specify a SID for this member, audit messages are
/// generated for the specified access rights for all trustees.
///
///
public uint SidStart;
}
///
///
/// The SYSTEM_AUDIT_CALLBACK_ACE structure defines an access control entry (ACE) for the system access control list (SACL)
/// that specifies what types of access cause system-level notifications. A system-audit ACE causes an audit message to be logged
/// when a specified trustee attempts to gain access to an object. The trustee is identified by a security identifier (SID).
///
///
/// When the AuthzAccessCheck function is called, each SYSTEM_AUDIT_CALLBACK_ACE structure contained in the DACL of a
/// SECURITY_DESCRIPTOR structure passed through a pointer to the AuthzAccessCheck function invokes a call to the
/// application-defined AuthzAccessCheckCallback function, in which a pointer to the SYSTEM_AUDIT_CALLBACK_ACE structure found
/// is passed in the pAce parameter.
///
///
///
///
/// ACE structures must be aligned on DWORD boundaries. All Windows memory-management functions return DWORD-aligned
/// handles to memory.
///
///
/// When a SYSTEM_AUDIT_CALLBACK_ACE structure is created, sufficient memory must be allocated to accommodate the complete SID
/// of the trustee in the SidStart member and the contiguous memory that follows it.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-system_audit_callback_ace typedef struct
// _SYSTEM_AUDIT_CALLBACK_ACE { ACE_HEADER Header; ACCESS_MASK Mask; DWORD SidStart; } SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE;
[PInvokeData("winnt.h", MSDNShortId = "4d1799b0-3e55-48d7-94ff-c0094945adea")]
[StructLayout(LayoutKind.Sequential)]
public struct SYSTEM_AUDIT_CALLBACK_ACE
{
///
/// ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by
/// child objects. The AceType member of the ACE_HEADER structure should be set to SYSTEM_AUDIT_CALLBACK_ACE_TYPE,
/// and the AceSize member should be set to the total number of bytes allocated for the SYSTEM_AUDIT_CALLBACK_ACE structure.
///
public ACE_HEADER Header;
///
/// Specifies an ACCESS_MASK structure that gives the access rights that cause audit messages to be generated. The
/// SUCCESSFUL_ACCESS_ACE_FLAG and FAILED_ACCESS_ACE_FLAG flags in the AceFlags member of the ACE_HEADER structure
/// indicate whether messages are generated for successful access attempts, unsuccessful access attempts, or both.
///
public ACCESS_MASK Mask;
///
/// The first DWORD of a trustee's SID. The remaining bytes of the SID are stored in contiguous memory after the
/// SidStart member. This SID can be appended with application data.
///
public uint SidStart;
}
///
///
/// The SYSTEM_AUDIT_CALLBACK_OBJECT_ACE structure defines an access control entry (ACE) for a system access control list
/// (SACL). The ACE can audit access to an object or subobjects such as property sets or properties. The ACE contains a set of access
/// rights, a GUID that identifies the type of object or subobject, and a security identifier (SID) that identifies the trustee for
/// whom the system will audit access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects.
///
///
/// When the AuthzAccessCheck function is called, each SYSTEM_AUDIT_CALLBACK_OBJECT_ACE structure contained in the DACL of a
/// SECURITY_DESCRIPTOR structure passed through a pointer to the AuthzAccessCheck function invokes a call to the
/// application-defined AuthzAccessCheckCallback function, in which a pointer to the SYSTEM_AUDIT_CALLBACK_OBJECT_ACE
/// structure found is passed in the pAce parameter.
///
///
///
///
/// If neither the ObjectType nor InheritedObjectType GUID is specified, the SYSTEM_AUDIT_CALLBACK_OBJECT_ACE
/// structure has the same semantics as the SYSTEM_AUDIT_CALLBACK_ACE structure. In that case, use the
/// SYSTEM_AUDIT_CALLBACK_ACE structure because it is smaller and more efficient.
///
///
/// An ACL that contains a SYSTEM_AUDIT_CALLBACK_OBJECT_ACE structure must specify the ACL_REVISION_DS revision number in its
/// ACE_HEADER structure.
///
///
/// When a SYSTEM_AUDIT_CALLBACK_OBJECT_ACE structure is created, sufficient memory must be allocated to accommodate the GUID
/// structures in ObjectType and InheritedObjectType members, if one or both of them exists, as well as to accommodate
/// the complete SID of the trustee in the SidStart member and the contiguous memory that follows it.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-system_audit_callback_object_ace typedef struct
// _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; DWORD Flags; GUID ObjectType; GUID InheritedObjectType;
// DWORD SidStart; } SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE;
[PInvokeData("winnt.h", MSDNShortId = "f547c928-4850-4072-be05-76a6c83b79bb")]
[StructLayout(LayoutKind.Sequential)]
public struct SYSTEM_AUDIT_CALLBACK_OBJECT_ACE
{
///
/// ACE_HEADER structure that specifies the size and type of ACE. It contains flags that control inheritance of the ACE by child
/// objects. The structure also contains flags that indicate whether the ACE audits successful access attempts, failed access
/// attempts, or both. The AceType member of the ACE_HEADER structure should be set to
/// SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE, and the AceSize member should be set to the total number of bytes allocated for
/// the SYSTEM_AUDIT_CALLBACK_OBJECT_ACE structure.
///
public ACE_HEADER Header;
/// An ACCESS_MASK that specifies the access rights the system will audit for access attempts by the trustee.
public ACCESS_MASK Mask;
///
///
/// A set of bit flags that indicate whether the ObjectType and InheritedObjectType members contain GUIDs. This
/// member can be a combination of the following values. Set all undefined bits to zero.
///
///
///
/// Value
/// Meaning
///
/// -
/// ACE_OBJECT_TYPE_PRESENT
/// The ObjectType member contains a GUID.
///
/// -
/// ACE_INHERITED_OBJECT_TYPE_PRESENT
/// The InheritedObjectType member contains a GUID.
///
///
///
public ObjectAceFlags Flags;
///
/// A GUID structure that identifies a property set, property, extended right, or type of child object.
///
/// This member is valid only if the ACE_OBJECT_TYPE_PRESENT bit is set in the Flags member. Otherwise, ObjectType
/// is ignored.
///
/// The purpose of this GUID depends on the access rights specified in the Mask member.
/// This member can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// ADS_RIGHT_DS_READ_PROP and/or ADS_RIGHT_DS_WRITE_PROP
///
/// The ObjectType GUID identifies a property set or property of the object. The ACE controls auditing of the trustee's attempts
/// to read or write the property or property set.
///
///
/// -
/// ADS_RIGHT_DS_CONTROL_ACCESS
/// The ObjectType GUID identifies an extended access right.
///
/// -
/// ADS_RIGHT_DS_CREATE_CHILD
///
/// The ObjectType GUID identifies a type of child object. The ACE controls auditing of the trustee's attempts to create this
/// type of child object.
///
///
/// -
/// ADS_RIGHT_DS_SELF
/// The ObjectType GUID identifies a validated write.
///
///
///
public Guid ObjectType;
///
/// A GUID structure that identifies the type of child object that can inherit the ACE.
///
/// This member is valid only if the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is set in the Flags member. If that bit is not
/// set, InheritedObjectType is ignored and all types of child objects can inherit the ACE. In either case, inheritance is
/// also controlled by the inheritance flags in the ACE_HEADER, as well as by any protection against inheritance placed on the
/// child objects.
///
///
public Guid InheritedObjectType;
///
/// The first DWORD of a trustee's SID. The remaining bytes of the SID are stored in contiguous memory after the
/// SidStart member. This SID can be appended with application data.
///
public uint SidStart;
}
///
/// The SYSTEM_AUDIT_OBJECT_ACE structure defines an access control entry (ACE) for a system access control list (SACL). The
/// ACE can audit access to an object or subobjects such as property sets or properties. The ACE contains a set of access rights, a
/// GUID that identifies the type of object or subobject, and a security identifier (SID) that identifies the trustee for whom the
/// system will audit access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects.
///
///
///
/// If neither the ObjectType nor InheritedObjectType GUID is specified, the SYSTEM_AUDIT_OBJECT_ACE structure
/// has the same semantics as the SYSTEM_AUDIT_ACE structure. In that case, use the SYSTEM_AUDIT_ACE structure because it is
/// smaller and more efficient.
///
///
/// An ACL that contains an SYSTEM_AUDIT_OBJECT_ACE must specify the ACL_REVISION_DS revision number in its ACE_HEADER structure.
///
///
/// When a SYSTEM_AUDIT_OBJECT_ACE structure is created, sufficient memory must be allocated to accommodate the GUID
/// structures in ObjectType and InheritedObjectType members, if one or both of them exists, as well as to accommodate
/// the complete SID of the trustee in the SidStart member and the contiguous memory that follows it.
///
///
/// An SYSTEM_AUDIT_OBJECT_ACE structure can be created in an access control list (ACL) by a call to the
/// AddAuditAccessObjectAce function. When this function is used, the correct amount of memory needed to accommodate the GUID
/// structures in the ObjectType and InheritedObjectType members, if one or both of them exists, as well as to
/// accommodate the trustee's SID is automatically allocated. In addition, the values of the Header.AceType and
/// Header.AceSize members are set automatically. When an SYSTEM_AUDIT_OBJECT_ACE structure is created outside an ACL,
/// sufficient memory must be allocated to accommodate the GUID structures in the ObjectType and InheritedObjectType
/// members, if one or both of them exists, as well as to accommodate the complete SID of the trustee in the SidStart member
/// and the contiguous memory following it. In addition, the values of the Header.AceType and Header.AceSize members
/// must be set explicitly by the application.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-system_audit_object_ace typedef struct _SYSTEM_AUDIT_OBJECT_ACE
// { ACE_HEADER Header; ACCESS_MASK Mask; DWORD Flags; GUID ObjectType; GUID InheritedObjectType; DWORD SidStart; }
// SYSTEM_AUDIT_OBJECT_ACE, *PSYSTEM_AUDIT_OBJECT_ACE;
[PInvokeData("winnt.h", MSDNShortId = "de37bef6-e6c8-4455-856a-adebebda4cc7")]
[StructLayout(LayoutKind.Sequential)]
public struct SYSTEM_AUDIT_OBJECT_ACE
{
///
/// An ACE_HEADER structure that specifies the size and type of ACE. It contains flags that control inheritance of the ACE by
/// child objects. The structure also contains flags that indicate whether the ACE audits successful access attempts, failed
/// access attempts, or both. The AceType member of the ACE_HEADER structure should be set to
/// SYSTEM_AUDIT_OBJECT_ACE_TYPE, and the AceSize member should be set to the total number of bytes allocated for the
/// SYSTEM_AUDIT_OBJECT_ACE structure.
///
public ACE_HEADER Header;
/// An ACCESS_MASK that specifies the access rights the system will audit for access attempts by the trustee.
public ACCESS_MASK Mask;
///
///
/// A set of bit flags that indicate whether the ObjectType and InheritedObjectType members contain GUIDs. This
/// member can be a combination of the following values. Set all undefined bits to zero.
///
///
///
/// Value
/// Meaning
///
/// -
/// ACE_OBJECT_TYPE_PRESENT
/// The ObjectType member contains a GUID.
///
/// -
/// ACE_INHERITED_OBJECT_TYPE_PRESENT
/// The InheritedObjectType member contains a GUID.
///
///
///
public ObjectAceFlags Flags;
///
/// A GUID structure that identifies a property set, property, extended right, or type of child object.
///
/// This member is valid only if the ACE_OBJECT_TYPE_PRESENT bit is set in the Flags member. Otherwise, ObjectType
/// is ignored.
///
/// The purpose of this GUID depends on the access rights specified in the Mask member.
/// This member can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// ADS_RIGHT_DS_READ_PROP and/or ADS_RIGHT_DS_WRITE_PROP
///
/// The ObjectType GUID identifies a property set or property of the object. The ACE controls auditing of the trustee's attempts
/// to read or write the property or property set.
///
///
/// -
/// ADS_RIGHT_DS_CONTROL_ACCESS
/// The ObjectType GUID identifies an extended access right.
///
/// -
/// ADS_RIGHT_DS_CREATE_CHILD
///
/// The ObjectType GUID identifies a type of child object. The ACE controls auditing of the trustee's attempts to create this
/// type of child object.
///
///
/// -
/// ADS_RIGHT_DS_SELF
/// The ObjectType GUID identifies a validated write.
///
///
///
public Guid ObjectType;
///
/// A GUID structure that identifies the type of child object that can inherit the ACE.
///
/// This member is valid only if the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is set in the Flags member. If that bit is not
/// set, InheritedObjectType is ignored and all types of child objects can inherit the ACE. In either case, inheritance is
/// also controlled by the inheritance flags in the ACE_HEADER, as well as by any protection against inheritance placed on the
/// child objects.
///
///
/// The offset of this member can vary. If the Flags member does not contain the ACE_OBJECT_TYPE_PRESENT flag, the
/// InheritedObjectType member starts at the offset specified by the ObjectType member.
///
///
public Guid InheritedObjectType;
///
///
/// Specifies the first DWORD of a SID that identifies the trustee for whom the access attempts are audited. The remaining
/// bytes of the SID are stored in contiguous memory after the SidStart member. This SID can be appended with application data.
///
///
/// The offset of this member can vary. If the Flags member is zero, the SidStart member starts at the offset
/// specified by the ObjectType member. If Flags contains only one flag (either ACE_OBJECT_TYPE_PRESENT or
/// ACE_INHERITED_OBJECT_TYPE_PRESENT), the SidStart member starts at the offset specified by the
/// InheritedObjectType member.
///
///
public uint SidStart;
}
///
/// The TOKEN_ACCESS_INFORMATION structure specifies all the information in a token that is necessary to perform an access check.
///
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("WinNT.h", MSDNShortId = "bb394726")]
public struct TOKEN_ACCESS_INFORMATION
{
/// A pointer to a SID_AND_ATTRIBUTES_HASH structure that specifies a hash of the token's security identifier (SID).
public IntPtr SidHash;
/// A pointer to a SID_AND_ATTRIBUTES_HASH structure that specifies a hash of the token's restricted SID.
public IntPtr RestrictedSidHash;
/// A pointer to a TOKEN_PRIVILEGES structure that specifies information about the token's privileges.
public IntPtr Privileges;
/// A LUID structure that specifies the token's identity.
public LUID AuthenticationId;
/// A value of the TOKEN_TYPE enumeration that specifies the token's type.
public TOKEN_TYPE TokenType;
/// A value of the SECURITY_IMPERSONATION_LEVEL enumeration that specifies the token's impersonation level.
public SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/// A TOKEN_MANDATORY_POLICY structure that specifies the token's mandatory integrity policy.
public TOKEN_MANDATORY_POLICY MandatoryPolicy;
/// Reserved. Must be set to zero.
public uint Flags;
///
/// The app container number for the token or zero if this is not an app container token.
/// Windows Server 2008 R2, Windows 7, Windows Server 2008 and Windows Vista: This member is not available.
///
public uint AppContainerNumber;
///
/// The app container SID or NULL if this is not an app container token.
/// Windows Server 2008 R2, Windows 7, Windows Server 2008 and Windows Vista: This member is not available.
///
public PSID PackageSid;
///
/// Pointer to a SID_AND_ATTRIBUTES_HASH structure that specifies a hash of the token's capability SIDs.
/// Windows Server 2008 R2, Windows 7, Windows Server 2008 and Windows Vista: This member is not available.
///
public IntPtr CapabilitiesHash;
/// The protected process trust level of the token.
public PSID TrustLevelSid;
///
/// Reserved. Must be set to NULL.
/// Prior to Windows 10: This member is not available.
///
public IntPtr SecurityAttributes;
}
///
/// The TOKEN_APPCONTAINER_INFORMATION structure specifies all the information in a token that is necessary for an app container.
///
[StructLayout(LayoutKind.Sequential)]
public struct TOKEN_APPCONTAINER_INFORMATION
{
/// The security identifier (SID) of the app container.
public PSID TokenAppContainer;
}
/// The TOKEN_DEFAULT_DACL structure specifies a discretionary access control list (DACL).
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("WinNT.h", MSDNShortId = "aa379623")]
public struct TOKEN_DEFAULT_DACL
{
///
/// A pointer to an ACL structure assigned by default to any objects created by the user. The user is represented by the access token.
///
public PACL DefaultDacl;
}
/// The TOKEN_ELEVATION structure indicates whether a token has elevated privileges.
[StructLayout(LayoutKind.Sequential)]
public struct TOKEN_ELEVATION
{
/// A nonzero value if the token has elevated privileges; otherwise, a zero value.
[MarshalAs(UnmanagedType.Bool)]
public bool TokenIsElevated;
}
/// The TOKEN_GROUPS structure contains information about the group security identifiers (SIDs) in an access token.
[VanaraMarshaler(typeof(SafeAnysizeStructMarshaler), nameof(GroupCount))]
[StructLayout(LayoutKind.Sequential)]
public struct TOKEN_GROUPS
{
/// Specifies the number of groups in the access token.
public uint GroupCount;
/// Specifies an array of SID_AND_ATTRIBUTES structures that contain a set of SIDs and corresponding attributes.
[MarshalAs(UnmanagedType.ByValArray)]
public SID_AND_ATTRIBUTES[] Groups;
/// Initializes a new instance of the struct.
/// The number of groups.
public TOKEN_GROUPS(uint count = 0)
{
GroupCount = count;
Groups = new SID_AND_ATTRIBUTES[count];
}
/// Initializes a new instance of the struct with and array of SIDs and attributes.
/// An array of SID_AND_ATTRIBUTES structures that contain a set of SIDs and corresponding attributes.
public TOKEN_GROUPS(SID_AND_ATTRIBUTES[] groups)
{
Groups = groups;
GroupCount = (uint)(groups?.Length ?? 0);
}
/// Initializes a new instance of the struct with a single SID and attribute.
/// The SID.
/// The attributes of the SID.
public TOKEN_GROUPS(PSID sid, uint attributes = 0) : this(1U)
{
Groups[0] = new SID_AND_ATTRIBUTES(sid, attributes);
}
}
///
/// The TOKEN_GROUPS_AND_PRIVILEGES structure contains information about the group security identifiers (SIDs) and privileges in an
/// access token.
///
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("WinNT.h", MSDNShortId = "aa379625")]
public struct TOKEN_GROUPS_AND_PRIVILEGES
{
/// Number of SIDs in the access token.
public uint SidCount;
/// Length, in bytes, required to hold all of the user SIDs and the account SID for the group.
public uint SidLength;
/// A pointer to an array of SID_AND_ATTRIBUTES structures that contain a set of SIDs and corresponding attributes.
public IntPtr Sids;
/// Number of restricted SIDs.
public uint RestrictedSidCount;
/// Length, in bytes, required to hold all of the restricted SIDs.
public uint RestrictedSidLength;
///
/// A pointer to an array of SID_AND_ATTRIBUTES structures that contain a set of restricted SIDs and corresponding attributes.
///
/// The Attributes members of the SID_AND_ATTRIBUTES structures can have the same values as those listed for the preceding Sids member.
///
///
public IntPtr RestrictedSids;
/// Number of privileges.
public uint PrivilegeCount;
/// Length, in bytes, needed to hold the privilege array.
public uint PrivilegeLength;
/// Array of privileges.
public IntPtr Privileges;
/// Locally unique identifier (LUID) of the authenticator of the token.
public LUID AuthenticationId;
}
///
/// The TOKEN_LINKED_TOKEN structure contains a handle to a token. This token is linked to the token being queried by the
/// GetTokenInformation function or set by the SetTokenInformation function.
///
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("WinNT.h", MSDNShortId = "bb530719")]
public struct TOKEN_LINKED_TOKEN
{
/// A handle to the linked token. When you have finished using the handle, close it by calling the CloseHandle function.
public HTOKEN LinkedToken;
}
/// The TOKEN_MANDATORY_LABEL structure specifies the mandatory integrity level for a token.
[StructLayout(LayoutKind.Sequential)]
public struct TOKEN_MANDATORY_LABEL
{
/// A SID_AND_ATTRIBUTES structure that specifies the mandatory integrity level of the token.
public SID_AND_ATTRIBUTES Label;
}
/// The TOKEN_MANDATORY_POLICY structure specifies the mandatory integrity policy for a token.
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-token_mandatory_policy
// typedef struct _TOKEN_MANDATORY_POLICY { DWORD Policy; } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
[PInvokeData("winnt.h", MSDNShortId = "f5fc438b-c4f0-46f6-a188-52ce660d13da")]
[StructLayout(LayoutKind.Sequential)]
public struct TOKEN_MANDATORY_POLICY
{
///
/// The mandatory integrity access policy for the associated token. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// TOKEN_MANDATORY_POLICY_OFF 0x0
/// No mandatory integrity policy is enforced for the token.
///
/// -
/// TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
/// A process associated with the token cannot write to objects that have a greater mandatory integrity level.
///
/// -
/// TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
/// A process created with the token has an integrity level that is the lesser of the parent-process integrity level and the executable-file integrity level.
///
/// -
/// TOKEN_MANDATORY_POLICY_VALID_MASK 0x3
/// A combination of TOKEN_MANDATORY_POLICY_NO_WRITE_UP and TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN.
///
///
///
public TokenMandatoryPolicy Policy;
}
///
/// The TOKEN_ORIGIN structure contains information about the origin of the logon session. This structure is used by the
/// GetTokenInformation function.
///
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("WinNT.h", MSDNShortId = "aa379627")]
public struct TOKEN_ORIGIN
{
///
/// Locally unique identifier (LUID) for the logon session. If the token passed to GetTokenInformation resulted from a logon
/// using explicit credentials, such as passing name, domain, and password to the LogonUser function, then this member will
/// contain the ID of the logon session that created it. If the token resulted from network authentication, such as a call to
/// AcceptSecurityContext, or a call to LogonUser with dwLogonType set to LOGON32_LOGON_NETWORK or
/// LOGON32_LOGON_NETWORK_CLEARTEXT, then this member will be zero.
///
public LUID OriginatingLogonSession;
}
///
/// The TOKEN_OWNER structure contains the default owner security identifier (SID) that will be applied to newly created objects.
///
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("WinNT.h", MSDNShortId = "aa379628")]
public struct TOKEN_OWNER
{
///
/// A pointer to a SID structure representing a user who will become the owner of any objects created by a process using this
/// access token. The SID must be one of the user or group SIDs already in the token.
///
public PSID Owner;
}
/// The TOKEN_PRIMARY_GROUP structure specifies a group security identifier (SID) for an access token.
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("WinNT.h", MSDNShortId = "aa379629")]
public struct TOKEN_PRIMARY_GROUP
{
///
/// A pointer to a SID structure representing a group that will become the primary group of any objects created by a process
/// using this access token. The SID must be one of the group SIDs already in the token.
///
public PSID PrimaryGroup;
}
/// The TOKEN_PRIVILEGES structure contains information about a set of privileges for an access token.
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-token_privileges typedef struct _TOKEN_PRIVILEGES { DWORD
// PrivilegeCount; LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
[PInvokeData("winnt.h", MSDNShortId = "c9016511-740f-44f3-92ed-17cc518c6612")]
[StructLayout(LayoutKind.Sequential)]
[VanaraMarshaler(typeof(SafeAnysizeStructMarshaler), nameof(PrivilegeCount))]
public struct TOKEN_PRIVILEGES
{
/// This must be set to the number of entries in the Privileges array.
public uint PrivilegeCount;
///
///
/// Specifies an array of LUID_AND_ATTRIBUTES structures. Each structure contains the LUID and attributes of a privilege. To get
/// the name of the privilege associated with a LUID, call the LookupPrivilegeName function, passing the address of the
/// LUID as the value of the lpLuid parameter.
///
///
/// Important The constant ANYSIZE_ARRAY is defined as 1 in the public header Winnt.h. To create this array with
/// more than one element, you must allocate sufficient memory for the structure to take into account additional elements.
///
/// The attributes of a privilege can be a combination of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// SE_PRIVILEGE_ENABLED
/// The privilege is enabled.
///
/// -
/// SE_PRIVILEGE_ENABLED_BY_DEFAULT
/// The privilege is enabled by default.
///
/// -
/// SE_PRIVILEGE_REMOVED
/// Used to remove a privilege. For details, see AdjustTokenPrivileges.
///
/// -
/// SE_PRIVILEGE_USED_FOR_ACCESS
///
/// The privilege was used to gain access to an object or service. This flag is used to identify the relevant privileges in a set
/// passed by a client application that may contain unnecessary privileges.
///
///
///
///
[MarshalAs(UnmanagedType.ByValArray)]
public LUID_AND_ATTRIBUTES[] Privileges;
/// Initializes a new instance of the structure with a single LUID_AND_ATTRIBUTES value.
/// The LUID value.
/// The attribute value.
public TOKEN_PRIVILEGES(LUID luid, PrivilegeAttributes attribute)
{
PrivilegeCount = 1;
Privileges = new[] { new LUID_AND_ATTRIBUTES(luid, attribute) };
}
/// Initializes a new instance of the structure from a list of privileges.
/// The values.
public TOKEN_PRIVILEGES(LUID_AND_ATTRIBUTES[] values)
{
PrivilegeCount = (uint)(values?.Length ?? 0);
Privileges = (LUID_AND_ATTRIBUTES[])values?.Clone() ?? new LUID_AND_ATTRIBUTES[0];
}
}
/// The TOKEN_SOURCE structure identifies the source of an access token.
[StructLayout(LayoutKind.Sequential)]
[PInvokeData("WinNT.h", MSDNShortId = "aa379631")]
public struct TOKEN_SOURCE
{
private const int TOKEN_SOURCE_LENGTH = 8;
///
/// Specifies an 8-byte character string used to identify the source of an access token. This is used to distinguish between such
/// sources as Session Manager, LAN Manager, and RPC Server. A string, rather than a constant, is used to identify the source so
/// users and developers can make extensions to the system, such as by adding other networks, that act as the source of access tokens.
///
[MarshalAs(UnmanagedType.ByValArray, SizeConst = TOKEN_SOURCE_LENGTH)]
public char[] SourceName;
///
/// Specifies a locally unique identifier (LUID) provided by the source component named by the SourceName member. This value aids
/// the source component in relating context blocks, such as session-control structures, to the token. This value is typically,
/// but not necessarily, an LUID.
///
public LUID SourceIdentifier;
}
///
/// The TOKEN_STATISTICS structure contains information about an access token. An application can retrieve this information by
/// calling the GetTokenInformation function.
///
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
[PInvokeData("WinNT.h", MSDNShortId = "aa379632")]
public struct TOKEN_STATISTICS
{
/// Specifies a locally unique identifier (LUID) that identifies this instance of the token object.
public LUID TokenId;
///
/// Specifies an LUID assigned to the session this token represents. There can be many tokens representing a single logon session.
///
public LUID AuthenticationId;
/// Specifies the time at which this token expires. Expiration times for access tokens are not currently supported.
public long ExpirationTime;
/// Specifies a TOKEN_TYPE enumeration type indicating whether the token is a primary or impersonation token.
public TOKEN_TYPE TokenType;
///
/// Specifies a SECURITY_IMPERSONATION_LEVEL enumeration type indicating the impersonation level of the token. This member is
/// valid only if the TokenType is TokenImpersonation.
///
public SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/// Specifies the amount, in bytes, of memory allocated for storing default protection and a primary group identifier.
public uint DynamicCharged;
///
/// Specifies the portion of memory allocated for storing default protection and a primary group identifier not already in use.
/// This value is returned as a count of free bytes.
///
public uint DynamicAvailable;
/// Specifies the number of supplemental group security identifiers (SIDs) included in the token.
public uint GroupCount;
/// Specifies the number of privileges included in the token.
public uint PrivilegeCount;
///
/// Specifies an LUID that changes each time the token is modified. An application can use this value as a test of whether a
/// security context has changed since it was last used.
///
public LUID ModifiedId;
}
/// The TOKEN_USER structure identifies the user associated with an access token.
[StructLayout(LayoutKind.Sequential)]
public struct TOKEN_USER
{
///
/// Specifies a SID_AND_ATTRIBUTES structure representing the user associated with the access token. There are currently no
/// attributes defined for user security identifiers (SIDs).
///
public SID_AND_ATTRIBUTES User;
}
/// Known SID authorities.
public static class KnownSIDAuthority
{
/// The application package authority
public static readonly PSID_IDENTIFIER_AUTHORITY SECURITY_APP_PACKAGE_AUTHORITY = new byte[] { 0, 0, 0, 0, 0, 15 };
/// The authentication authority
public static readonly PSID_IDENTIFIER_AUTHORITY SECURITY_AUTHENTICATION_AUTHORITY = new byte[] { 0, 0, 0, 0, 0, 18 };
/// The identifier authority for the creator owner.
public static readonly PSID_IDENTIFIER_AUTHORITY SECURITY_CREATOR_SID_AUTHORITY = new byte[] { 0, 0, 0, 0, 0, 3 };
/// The identifier authority for locally connected users.
public static readonly PSID_IDENTIFIER_AUTHORITY SECURITY_LOCAL_SID_AUTHORITY = new byte[] { 0, 0, 0, 0, 0, 2 };
/// The mandatory label authority
public static readonly PSID_IDENTIFIER_AUTHORITY SECURITY_MANDATORY_LABEL_AUTHORITY = new byte[] { 0, 0, 0, 0, 0, 16 };
/// The non-unique identifier authority.
public static readonly PSID_IDENTIFIER_AUTHORITY SECURITY_NON_UNIQUE_AUTHORITY = new byte[] { 0, 0, 0, 0, 0, 4 };
/// The Windows security authority
public static readonly PSID_IDENTIFIER_AUTHORITY SECURITY_NT_AUTHORITY = new byte[] { 0, 0, 0, 0, 0, 5 };
/// The identifier authority with no members.
public static readonly PSID_IDENTIFIER_AUTHORITY SECURITY_NULL_SID_AUTHORITY = new byte[] { 0, 0, 0, 0, 0, 0 };
/// The process trust authority
public static readonly PSID_IDENTIFIER_AUTHORITY SECURITY_PROCESS_TRUST_AUTHORITY = new byte[] { 0, 0, 0, 0, 0, 19 };
/// The security resource manager authority
public static readonly PSID_IDENTIFIER_AUTHORITY SECURITY_RESOURCE_MANAGER_AUTHORITY = new byte[] { 0, 0, 0, 0, 0, 9 };
/// The scoped policy identifier authority
public static readonly PSID_IDENTIFIER_AUTHORITY SECURITY_SCOPED_POLICY_ID_AUTHORITY = new byte[] { 0, 0, 0, 0, 0, 17 };
/// The identifier authority all users.
public static readonly PSID_IDENTIFIER_AUTHORITY SECURITY_WORLD_SID_AUTHORITY = new byte[] { 0, 0, 0, 0, 0, 1 };
}
/// Known RIDs
public static class KnownSIDRelativeID
{
///
public const int SECURITY_APP_PACKAGE_BASE_RID = 0x00000002;
///
public const int SECURITY_CAPABILITY_APP_RID = 0x00000040;
///
public const int SECURITY_CAPABILITY_BASE_RID = 0x00000003;
/// The security creator group rid
public const int SECURITY_CREATOR_GROUP_RID = 0x00000001;
/// The security creator group server rid
public const int SECURITY_CREATOR_GROUP_SERVER_RID = 0x00000003;
/// The security creator owner rid
public const int SECURITY_CREATOR_OWNER_RID = 0x00000000;
/// The security creator owner rights rid
public const int SECURITY_CREATOR_OWNER_RIGHTS_RID = 0x00000004;
/// The security creator owner server rid
public const int SECURITY_CREATOR_OWNER_SERVER_RID = 0x00000002;
/// The security local logon rid
public const int SECURITY_LOCAL_LOGON_RID = 0x00000001;
/// The security local rid
public const int SECURITY_LOCAL_RID = 0x00000000;
/// High integrity.
public const int SECURITY_MANDATORY_HIGH_RID = 0x00003000;
/// Low integrity.
public const int SECURITY_MANDATORY_LOW_RID = 0x00001000;
/// Medium-high integrity.
public const int SECURITY_MANDATORY_MEDIUM_PLUS_RID = SECURITY_MANDATORY_MEDIUM_RID + 0x100;
/// Medium integrity.
public const int SECURITY_MANDATORY_MEDIUM_RID = 0x00002000;
/// Protected process.
public const int SECURITY_MANDATORY_PROTECTED_PROCESS_RID = 0x00005000;
/// System integrity.
public const int SECURITY_MANDATORY_SYSTEM_RID = 0x00004000;
/// Untrusted.
public const int SECURITY_MANDATORY_UNTRUSTED_RID = 0x00000000;
/// The security null rid
public const int SECURITY_NULL_RID = 0x00000000;
/// The security world rid
public const int SECURITY_WORLD_RID = 0x00000000;
}
///
/// The PRIVILEGE_SET structure specifies a set of privileges. It is also used to indicate which, if any, privileges are held by a
/// user or group requesting access to an object.
///
[StructLayout(LayoutKind.Sequential)]
public class PRIVILEGE_SET
{
/// Specifies the number of privileges in the privilege set.
public uint PrivilegeCount;
///
/// Specifies a control flag related to the privileges. The PRIVILEGE_SET_ALL_NECESSARY control flag is currently defined. It
/// indicates that all of the specified privileges must be held by the process requesting access. If this flag is not set, the
/// presence of any privileges in the user's access token grants the access.
///
public PrivilegeSetControl Control;
/// Specifies an array of LUID_AND_ATTRIBUTES structures describing the set's privileges.
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privilege;
/// Initializes a new instance of the class with a single LUID_AND_ATTRIBUTES value.
/// The control flag. See .
/// The LUID value.
/// The attribute value.
public PRIVILEGE_SET(PrivilegeSetControl control, LUID luid, PrivilegeAttributes attribute)
{
PrivilegeCount = 1;
Control = control;
Privilege = new[] { new LUID_AND_ATTRIBUTES(luid, attribute) };
}
/// Initializes a new instance of the class.
/// The control flag. See .
/// A list of privileges to assign to the structure.
public PRIVILEGE_SET(PrivilegeSetControl control, LUID_AND_ATTRIBUTES[] privileges)
{
PrivilegeCount = (uint)(privileges?.Length ?? 0);
Control = control;
Privilege = (LUID_AND_ATTRIBUTES[])privileges?.Clone() ?? new LUID_AND_ATTRIBUTES[0];
}
/// Initializes a new instance of the class.
internal PRIVILEGE_SET() : this(PrivilegeSetControl.PRIVILEGE_SET_ALL_NECESSARY, null)
{
}
/// Initializes a new instance of the class from a pointer to allocated memory.
internal PRIVILEGE_SET(IntPtr ptr)
{
if (ptr == IntPtr.Zero) return;
var sz = Marshal.SizeOf(typeof(uint));
PrivilegeCount = (uint)Marshal.ReadInt32(ptr);
Control = (PrivilegeSetControl)Marshal.ReadInt32(ptr, sz);
Privilege = PrivilegeCount > 0 ? ptr.ToArray((int)PrivilegeCount, sz * 2) : new LUID_AND_ATTRIBUTES[0];
}
/// Gets the size in bytes of this instance.
/// The size in bytes.
public uint SizeInBytes => (uint)Marshal.SizeOf(typeof(uint)) * 2 + (uint)(Marshal.SizeOf(typeof(LUID_AND_ATTRIBUTES)) * (PrivilegeCount == 0 ? 1 : PrivilegeCount));
/// Returns a that represents this instance.
/// A that represents this instance.
public override string ToString() => $"Count:{PrivilegeCount}";
/// Initializes a new PRIVILEGE_SET the with capacity to hold the specified number of privileges.
/// The privilege count to allocate.
/// A PRIVILEGE_SET instance with sufficient capacity for marshaling.
public static PRIVILEGE_SET InitializeWithCapacity(int privilegeCount = 1) => new PRIVILEGE_SET() { PrivilegeCount = (uint)privilegeCount };
internal class Marshaler : ICustomMarshaler
{
public static ICustomMarshaler GetInstance(string _) => new Marshaler();
public void CleanUpManagedData(object ManagedObj)
{
}
public void CleanUpNativeData(IntPtr pNativeData) => Marshal.FreeCoTaskMem(pNativeData);
public int GetNativeDataSize() => -1;
public IntPtr MarshalManagedToNative(object ManagedObj)
{
if (!(ManagedObj is PRIVILEGE_SET ps)) return IntPtr.Zero;
var ptr = Marshal.AllocCoTaskMem((int)ps.SizeInBytes);
if (ps.Privilege?.Length != ps.PrivilegeCount)
ptr.FillMemory(0, (int)ps.SizeInBytes);
Marshal.WriteInt32(ptr, (int)ps.PrivilegeCount);
Marshal.WriteInt32(ptr, Marshal.SizeOf(typeof(int)), (int)ps.Control);
ptr.Write(ps.Privilege, Marshal.SizeOf(typeof(int)) * 2);
return ptr;
}
public object MarshalNativeToManaged(IntPtr pNativeData) => new PRIVILEGE_SET(pNativeData);
}
}
///
/// The SID_IDENTIFIER_AUTHORITY structure represents the top-level authority of a security identifier (SID).
///
///
/// The identifier authority value identifies the agency that issued the SID. The following identifier authorities are predefined.
///
///
/// Identifier authority
/// Value
///
/// -
/// SECURITY_NULL_SID_AUTHORITY
/// 0
///
/// -
/// SECURITY_WORLD_SID_AUTHORITY
/// 1
///
/// -
/// SECURITY_LOCAL_SID_AUTHORITY
/// 2
///
/// -
/// SECURITY_CREATOR_SID_AUTHORITY
/// 3
///
/// -
/// SECURITY_NON_UNIQUE_AUTHORITY
/// 4
///
/// -
/// SECURITY_NT_AUTHORITY
/// 5
///
/// -
/// SECURITY_RESOURCE_MANAGER_AUTHORITY
/// 9
///
///
/// A SID must contain a top-level authority and at least one relative identifier (RID) value.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/winnt/ns-winnt-_sid_identifier_authority typedef struct
// _SID_IDENTIFIER_AUTHORITY { BYTE Value[6]; } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
[PInvokeData("winnt.h", MSDNShortId = "450a6d2d-d2e4-4098-90af-a8024ddcfcb5")]
[StructLayout(LayoutKind.Sequential, Pack = 1)]
public class PSID_IDENTIFIER_AUTHORITY
{
/// An array of 6 bytes specifying a SID's top-level authority.
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 6)]
public byte[] Value = new byte[6];
/// Initializes a new instance of the struct.
/// The value.
/// value
public PSID_IDENTIFIER_AUTHORITY(byte[] value)
{
if (value == null || value.Length != 6)
throw new ArgumentOutOfRangeException(nameof(value));
Array.Copy(value, Value, 6);
}
/// Initializes a new instance of the struct.
/// The value.
public PSID_IDENTIFIER_AUTHORITY(long value)
{
LongValue = value;
}
internal PSID_IDENTIFIER_AUTHORITY(IntPtr existingPtr)
{
if (existingPtr == IntPtr.Zero)
Value = existingPtr.ToArray(6);
}
private PSID_IDENTIFIER_AUTHORITY()
{
}
/// Gets or sets the long value.
/// The long value.
public long LongValue
{
get
{
long nAuthority = 0;
for (var i = 0; i <= 5; i++)
nAuthority |= (long)Value[i] << (8 * i);
return nAuthority;
}
set
{
var bsia = BitConverter.GetBytes(value);
for (var i = 0; i <= 5; i++)
Value[i] = bsia[5 - i];
}
}
/// Performs an implicit conversion from byte[] to .
/// The bytes.
/// The result of the conversion.
public static implicit operator PSID_IDENTIFIER_AUTHORITY(byte[] bytes) => new PSID_IDENTIFIER_AUTHORITY(bytes);
/// Performs an implicit conversion from to .
/// The sia.
/// The result of the conversion.
public static implicit operator PSID_IDENTIFIER_AUTHORITY(SID_IDENTIFIER_AUTHORITY sia) => new PSID_IDENTIFIER_AUTHORITY(sia.Value);
/// Implements the operator !=.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator !=(PSID_IDENTIFIER_AUTHORITY h1, PSID_IDENTIFIER_AUTHORITY h2) => !(h1 == h2);
/// Implements the operator ==.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator ==(PSID_IDENTIFIER_AUTHORITY h1, PSID_IDENTIFIER_AUTHORITY h2) => h1.Equals(h2);
///
public override bool Equals(object obj) => obj is PSID_IDENTIFIER_AUTHORITY h ? h.LongValue == h.LongValue : false;
///
public override int GetHashCode() => LongValue.GetHashCode();
}
/// A SafeHandle for access control lists. If owned, will call LocalFree on the pointer when disposed.
[DebuggerDisplay("{DebugString}")]
public class SafePACL : SafeMemoryHandle, ISecurityObject
{
/// The null value for a SafePACL.
public static readonly SafePACL Null = new SafePACL();
/// Initializes a new instance of the class.
public SafePACL() : base(IntPtr.Zero, 0, true) { }
///
/// Initializes a new instance of the class from an existing pointer, copying its content if owning.
///
/// The access control list pointer.
public SafePACL(PACL pAcl) : this(IsValidAcl(pAcl) ? (int)pAcl.BytesAllocated() : throw new ArgumentException("Invalid ACL.", nameof(pAcl)))
{
((IntPtr)pAcl).CopyTo(handle, Size);
}
/// Initializes a new instance of the class to an empty memory buffer.
/// The size of the uninitialized access control list.
/// ACL revision.
public SafePACL(int size, uint revision = ACL_REVISION) : base(size)
{
if (size % 4 != 0) throw new ArgumentOutOfRangeException(nameof(size), "ACL structures must be DWORD aligned. This value must be a multiple of 4.");
InitializeAcl(handle, (uint)size, revision);
}
/// Initializes a new instance of the class.
/// An array of bytes that contain an existing access control list.
public SafePACL(byte[] bytes) : this(bytes?.Length ?? 0)
{
if (bytes is null) return;
Marshal.Copy(bytes, 0, handle, bytes.Length);
}
/// Determines whether the components of this access control list are valid.
public bool IsValidAcl => IsValidAcl(handle);
/// Gets the revision number for the ACL.
/// The revision.
public uint Revision => IsValidAcl && GetAclInformation(handle, out ACL_REVISION_INFORMATION ri) ? ri.AclRevision : 0U;
///
public override SizeT Size
{
get => base.Size;
set
{
// Make sure divisible by 4.
value = ((value + 3) >> 2) << 2;
// Setup newly allocated ACL
var newHandle = mm.AllocMem(value);
if (!InitializeAcl(newHandle, value, Revision))
Win32Error.ThrowLastError();
if (!GetAce(handle, 0, out var pace))
Win32Error.ThrowLastError();
if (!AddAce(newHandle, Revision, 0, (IntPtr)pace, ((PACL)handle).Length() - (uint)Marshal.SizeOf(typeof(ACL))))
Win32Error.ThrowLastError();
// Update SafeHandle with new ACL and destroy old
var oldHandle = handle;
SetHandle(newHandle);
sz = value;
mm.FreeMem(oldHandle);
}
}
/// Gets the number of ACEs held by this ACL.
/// The ace count.
public int AceCount => (int)((PACL)handle).AceCount();
///
/// Gets the length, in bytes, of a structurally valid access control list. The length includes the length of all associated structures.
///
public uint Length => ((PACL)handle).Length();
internal string DebugString => IsInvalid ? "NULL" : $"Aces:{AceCount}, Size:{Length}";
/// Performs an explicit conversion from to .
/// The safe access control list.
/// The result of the conversion.
public static implicit operator PACL(SafePACL sd) => sd.DangerousGetHandle();
}
/// Contains information about an event record returned by the ReadEventLog function.
///
///
/// The defined members are followed by the replacement strings for the message identified by the event identifier, the binary
/// information, some pad bytes to make sure the full entry is on a DWORD boundary, and finally the length of the log entry
/// again. Because the strings and the binary information can be of any length, no structure members are defined to reference them.
/// The declaration of this structure in Winnt.h describes these members as follows:
///
///
/// The source name is a variable-length string that specifies the name of the event source. The computer name is the name of the
/// computer that generated the event. It may be followed with some padding bytes so that the user SID is aligned on a DWORD
/// boundary. The user SID identifies the active user at the time this event was logged. If UserSidLength is zero, this field
/// may be empty.
///
///
/// The event identifier together with source name and a language identifier identify a string that describes the event in more
/// detail. The strings are used as replacement strings and are merged into the message string to make a complete message. The
/// message strings are contained in a message file specified in the source entry in the registry. To obtain the appropriate message
/// string from the message file, load the message file with the LoadLibrary function and use the FormatMessage function.
///
///
/// The binary information is information that is specific to the event. It could be the contents of the processor registers when a
/// device driver got an error, a dump of an invalid packet that was received from the network, a dump of all the structures in a
/// program (when the data area was detected to be corrupt), and so on. This information should be useful to the writer of the device
/// driver or the application in tracking down bugs or unauthorized breaks into the application.
///
///
[PInvokeData("winnt.h", MSDNShortId = "669b182a-bc81-4386-9815-6ffa09e2e743")]
public class SafePEVENTLOGRECORD : SafeMemoryHandle
{
/// Initializes a new instance of the class.
/// The bytes to allocate.
public SafePEVENTLOGRECORD(int bytesToAllocate = 512) : base(bytesToAllocate) { }
private SafePEVENTLOGRECORD()
{
}
/// Reserved.
public uint ClosingRecordNumber => handle.ToStructure(Size, 32);
/// Gets the name of the computer that generated the event.
public string ComputerName
{
get
{
var offset = 56 + (Source.Length + 1) * 2;
return StringHelper.GetString(handle.Offset(offset), CharSet.Unicode, Size - offset);
}
}
///
/// Gets the event-specific information within this event log record, in bytes. This information could be something specific (a
/// disk driver might log the number of retries, for example), followed by binary information specific to the event being logged
/// and to the source that generated the entry.
///
public byte[] Data => handle.ToArray(DataLength, DataOffset, Size);
///
/// The category for this event. The meaning of this value depends on the event source. For more information, see Event Categories.
///
public ushort EventCategory => handle.ToStructure(Size, 28);
///
/// The event identifier. The value is specific to the event source for the event, and is used with source name to locate a
/// description string in the message file for the event source. For more information, see Event Identifiers.
///
public uint EventID => handle.ToStructure(Size, 20);
///
/// The type of event. This member can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// EVENTLOG_ERROR_TYPE 0x0001
/// Error event
///
/// -
/// EVENTLOG_AUDIT_FAILURE 0x0010
/// Failure Audit event
///
/// -
/// EVENTLOG_AUDIT_SUCCESS 0x0008
/// Success Audit event
///
/// -
/// EVENTLOG_INFORMATION_TYPE 0x0004
/// Information event
///
/// -
/// EVENTLOG_WARNING_TYPE 0x0002
/// Warning event
///
///
/// For more information, see Event Types.
///
public EVENTLOG_TYPE EventType => handle.ToStructure(Size, 24);
///
/// The number of strings present in the log (at the position indicated by StringOffset). These strings are merged into
/// the message before it is displayed to the user.
///
public ushort NumStrings => handle.ToStructure(Size, 26);
///
/// The number of the record. This value can be used with the EVENTLOG_SEEK_READ flag in the ReadEventLog function to begin
/// reading at a specified record. For more information, see Event Log Records.
///
public uint RecordNumber => handle.ToStructure(Size, 8);
/// Gets a string that specifies the name of the event source.
public string Source => StringHelper.GetString(handle.Offset(56), CharSet.Unicode, Size - 56);
/// Gets the description strings within this event log record.
public string[] Strings =>
NumStrings == 0 ? new string[0] : handle.ToStringEnum(CharSet.Unicode, StringOffset, Size).ToArray();
/// Gets the value at which this entry was submitted.
public DateTime TimeGenerated => new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc) + TimeSpan.FromSeconds(handle.ToStructure(Size, 12));
/// Gets the value at which this entry was written.
public DateTime TimeWritten => new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc) + TimeSpan.FromSeconds(handle.ToStructure(Size, 16));
/// Gets the security identifier (SID) within this event log record.
public SafePSID UserSid => UserSidLength == 0 ? SafePSID.Null : new SafePSID(handle.ToArray(UserSidLength, UserSidOffset, Size));
/// The size of the event-specific data (at the position indicated by DataOffset), in bytes.
private int DataLength => handle.ToStructure(Size, 48);
///
/// The offset of the event-specific information within this event log record, in bytes. This information could be something
/// specific (a disk driver might log the number of retries, for example), followed by binary information specific to the event
/// being logged and to the source that generated the entry.
///
private int DataOffset => handle.ToStructure(Size, 52);
/// The offset of the description strings within this event log record.
private int StringOffset => handle.ToStructure(Size, 36);
/// The size of the UserSid member, in bytes. This value can be zero if no security identifier was provided.
private int UserSidLength => handle.ToStructure(Size, 40);
///
/// The offset of the security identifier (SID) within this event log record. To obtain the user name for this SID, use the
/// LookupAccountSid function.
///
private int UserSidOffset => handle.ToStructure(Size, 44);
}
/// A SafeHandle for security descriptors. If owned, will call LocalFree on the pointer when disposed.
public class SafePSECURITY_DESCRIPTOR : SafeMemoryHandle, IEquatable, IEquatable, IEquatable, ISecurityObject
{
/// The null value for a SafeSecurityDescriptor.
public static readonly SafePSECURITY_DESCRIPTOR Null = new SafePSECURITY_DESCRIPTOR();
private const SECURITY_INFORMATION defSecInfo = SECURITY_INFORMATION.DACL_SECURITY_INFORMATION | SECURITY_INFORMATION.SACL_SECURITY_INFORMATION | SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION | SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION;
/// Initializes a new instance of the class.
public SafePSECURITY_DESCRIPTOR() : base(IntPtr.Zero, 0, true) { }
/// Initializes a new instance of the class from an existing pointer.
/// The security descriptor pointer.
/// if set to true indicates that this pointer should be freed when disposed.
public SafePSECURITY_DESCRIPTOR(PSECURITY_DESCRIPTOR pSecurityDescriptor, bool own = true) : base(IntPtr.Zero, 0, own)
{
if (pSecurityDescriptor.IsSelfRelative())
{
sz = (int)pSecurityDescriptor.Length();
SetHandle((IntPtr)pSecurityDescriptor);
}
else if (own)
{
var newSz = 0U;
if (!MakeSelfRelativeSD(pSecurityDescriptor, Null, ref newSz) && newSz == 0)
Win32Error.ThrowLastError();
Size = newSz;
InitializeSecurityDescriptor(this, SECURITY_DESCRIPTOR_REVISION);
if (!MakeSelfRelativeSD(pSecurityDescriptor, this, ref newSz))
Win32Error.ThrowLastError();
}
else
throw new InvalidOperationException("The supplied security descriptor is in absolute format and can only be copied if this class has ownership of the memory.");
}
/// Initializes a new instance of the class to an empty memory buffer.
/// The size of the uninitialized security descriptor.
public SafePSECURITY_DESCRIPTOR(int size) : base(size) => InitializeSecurityDescriptor(this, SECURITY_DESCRIPTOR_REVISION);
/// Initializes a new instance of the class.
/// An array of bytes that contain an existing security descriptor.
public SafePSECURITY_DESCRIPTOR(byte[] bytes) : this(bytes?.Length ?? 0)
{
if (bytes is null) return;
Marshal.Copy(bytes, 0, handle, bytes.Length);
}
/// Initializes a new instance of the class with an SDDL string.
/// An SDDL value representing the security descriptor.
public SafePSECURITY_DESCRIPTOR(string sddl)
{
if (!ConvertStringSecurityDescriptorToSecurityDescriptor(sddl, SDDL_REVISION.SDDL_REVISION_1, out var sd, out var sdsz))
Win32Error.ThrowLastError();
handle = sd.DangerousGetHandle();
sz = (int)sdsz;
sd.SetHandleAsInvalid();
}
/// Determines whether the components of this security descriptor are valid.
public bool IsValidSecurityDescriptor => IsValidSecurityDescriptor(handle);
/// Gets or sets the size in bytes of the security descriptor.
/// The size in bytes of the security descriptor.
public override SizeT Size
{
get
{
if (sz == 0 && Length > 0)
sz = Length;
return base.Size;
}
set => base.Size = value;
}
/// Determines whether the format of this security descriptor is self-relative.
public bool IsSelfRelative => ((PSECURITY_DESCRIPTOR)handle).IsSelfRelative();
///
/// Gets the length, in bytes, of a structurally valid security descriptor. The length includes the length of all associated structures.
///
public uint Length => ((PSECURITY_DESCRIPTOR)handle).Length();
/// Performs an explicit conversion from to .
/// The safe security descriptor.
/// The result of the conversion.
public static implicit operator PSECURITY_DESCRIPTOR(SafePSECURITY_DESCRIPTOR sd) => sd.DangerousGetHandle();
/// Implements the operator !=.
/// The first value.
/// The second value.
/// The result of the operator.
public static bool operator !=(SafePSECURITY_DESCRIPTOR psd1, SafePSECURITY_DESCRIPTOR psd2) => !(psd1 == psd2);
/// Implements the operator ==.
/// The first value.
/// The second value.
/// The result of the operator.
public static bool operator ==(SafePSECURITY_DESCRIPTOR psd1, SafePSECURITY_DESCRIPTOR psd2)
{
if (ReferenceEquals(psd1, psd2)) return true;
if (Equals(null, psd1) || Equals(null, psd2)) return false;
return psd1.Equals(psd2);
}
/// Indicates whether the current object is equal to another object of the same type.
/// An object to compare with this object.
/// true if the current object is equal to the parameter; otherwise, false.
public bool Equals(SafePSECURITY_DESCRIPTOR other) => Equals(other.DangerousGetHandle());
/// Indicates whether the current object is equal to another object of the same type.
/// An object to compare with this object.
/// true if the current object is equal to the parameter; otherwise, false.
public bool Equals(PSECURITY_DESCRIPTOR other) => Equals(other.DangerousGetHandle());
/// Indicates whether the current object is equal to another object of the same type.
/// An object to compare with this object.
/// true if the current object is equal to the parameter; otherwise, false.
public bool Equals(IntPtr other)
{
if (GetSecurityDescriptorLength(handle) != GetSecurityDescriptorLength(other)) return false;
var s1 = ConvertSecurityDescriptorToStringSecurityDescriptor(handle, defSecInfo);
var s2 = ConvertSecurityDescriptorToStringSecurityDescriptor(other, defSecInfo);
return string.CompareOrdinal(s1, s2) == 0;
}
/// Determines whether the specified is equal to the current .
/// The object to compare with the current object.
///
/// true if the specified is equal to the current ; otherwise, false.
///
public override bool Equals(object obj)
{
if (obj is SafePSECURITY_DESCRIPTOR psid2)
return Equals(psid2);
if (obj is PSECURITY_DESCRIPTOR psidh)
return Equals(psidh);
if (obj is IntPtr ptr)
return Equals(ptr);
return false;
}
/// Gets the binary form of this SafePSECURITY_DESCRIPTOR.
/// An array of bytes containing the entire security descriptor.
public byte[] GetBinaryForm() => GetBytes(0, (int)Length);
/// Returns a hash code for this instance.
/// A hash code for this instance, suitable for use in hashing algorithms and data structures like a hash table.
public override int GetHashCode() => ToString().GetHashCode();
///
/// The MakeAbsoluteSD function creates a security descriptor in absolute format by using a security descriptor in
/// self-relative format as a template.
///
///
/// A tuple containing the following:
///
/// -
/// pAbsoluteSecurityDescriptor
///
/// The main body of an absolute-format security descriptor. This information is formatted as a SECURITY_DESCRIPTOR structure.
///
///
/// -
/// pDacl
///
/// The discretionary access control list (DACL) of the absolute-format security descriptor. The main body of the absolute-format
/// security descriptor references this pointer.
///
///
/// -
/// pSacl
///
/// The system access control list (SACL) of the absolute-format security descriptor. The main body of the absolute-format
/// security descriptor references this pointer.
///
///
/// -
/// pOwner
///
/// The security identifier (SID) of the owner of the absolute-format security descriptor. The main body of the absolute-format
/// security descriptor references this pointer.
///
///
/// -
/// pPrimaryGroup
///
/// The absolute-format security descriptor's primary group. The main body of the absolute-format security descriptor references
/// this pointer.
///
///
///
///
///
///
/// A security descriptor in absolute format contains pointers to the information it contains, rather than the information
/// itself. A security descriptor in self-relative format contains the information in a contiguous block of memory. In a
/// self-relative security descriptor, a SECURITY_DESCRIPTOR structure always starts the information, but the security
/// descriptor's other components can follow the structure in any order. Instead of using memory addresses, the components of the
/// self-relative security descriptor are identified by offsets from the beginning of the security descriptor. This format is
/// useful when a security descriptor must be stored on a floppy disk or transmitted by means of a communications protocol.
///
///
/// A server that copies secured objects to various media can use the MakeAbsoluteSD function to create an absolute
/// security descriptor from a self-relative security descriptor and the MakeSelfRelativeSD function to create a self-relative
/// security descriptor from an absolute security descriptor.
///
///
public (SafePSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, SafePACL pDacl, SafePACL pSacl, SafePSID pOwner, SafePSID pPrimaryGroup) MakeAbsolute()
{
uint cSD = 0, cOwn = 0, cGrp = 0, cDacl = 0, cSacl = 0;
if (!MakeAbsoluteSD(this, Null, ref cSD, SafePACL.Null, ref cDacl, SafePACL.Null, ref cSacl, SafePSID.Null, ref cOwn, SafePSID.Null, ref cGrp))
{
var err = Win32Error.GetLastError();
if (err != Win32Error.ERROR_INSUFFICIENT_BUFFER)
throw err.GetException();
}
var pSD = new SafePSECURITY_DESCRIPTOR((int)cSD);
var pDacl = new SafePACL((int)cDacl);
var pSacl = new SafePACL((int)cSacl);
var pOwn = new SafePSID((int)cOwn);
var pGrp = new SafePSID((int)cGrp);
if (!MakeAbsoluteSD(this, pSD, ref cSD, pDacl, ref cDacl, pSacl, ref cSacl, pOwn, ref cOwn, pGrp, ref cGrp))
Win32Error.ThrowLastError();
return (pSD, pDacl, pSacl, pOwn, pGrp);
}
/// Returns a that represents this instance.
/// A that represents this instance.
public override string ToString() => ConvertSecurityDescriptorToStringSecurityDescriptor(handle, defSecInfo);
}
}
/// Extension methods for PACE, PACL and PSECURITY_DESCRIPTOR.
public static class WinNTExtensions
{
/// Gets the number of ACEs held by an ACL.
/// The pointer to the ACL structure to query.
/// The ace count.
public static uint AceCount(this PACL pACL) => AdvApi32.IsValidAcl(pACL) && AdvApi32.GetAclInformation(pACL, out AdvApi32.ACL_SIZE_INFORMATION si) ? si.AceCount : 0;
/// Gets the total number of bytes allocated to the ACL.
/// The pointer to the ACL structure to query.
/// The total of the free and used bytes in the ACL.
public static uint BytesAllocated(this PACL pACL) => AdvApi32.IsValidAcl(pACL) && AdvApi32.GetAclInformation(pACL, out AdvApi32.ACL_SIZE_INFORMATION si) ? si.AclBytesFree + si.AclBytesInUse : 0;
/// Gets the Flags for an ACE, if defined.
/// A pointer to an ACE.
/// The Flags value, if this is an object ACE, otherwise .
/// pAce
public static ObjectAceFlags? GetFlags(this PACE pAce)
{
if (pAce.IsNull) throw new ArgumentNullException(nameof(pAce));
return !pAce.IsObjectAce() ? null : (ObjectAceFlags?)pAce.DangerousGetHandle().ToStructure().Flags;
}
/// Gets the header for an ACE.
/// A pointer to an ACE.
/// The value.
/// pAce
public static AdvApi32.ACE_HEADER GetHeader(this PACE pAce) => !pAce.IsNull ? pAce.DangerousGetHandle().ToStructure() : throw new ArgumentNullException(nameof(pAce));
/// Gets the InheritedObjectType for an ACE, if defined.
/// A pointer to an ACE.
/// The InheritedObjectType value, if this is an object ACE, otherwise .
/// pAce
public static Guid? GetInheritedObjectType(this PACE pAce)
{
if (pAce.IsNull) throw new ArgumentNullException(nameof(pAce));
return !pAce.IsObjectAce() ? null : (Guid?)pAce.DangerousGetHandle().ToStructure().InheritedObjectType;
}
/// Gets the mask for an ACE.
/// A pointer to an ACE.
/// The ACCESS_MASK value.
/// pAce
public static uint GetMask(this PACE pAce) => !pAce.IsNull ? pAce.DangerousGetHandle().ToStructure().Mask : throw new ArgumentNullException(nameof(pAce));
/// Gets the ObjectType for an ACE, if defined.
/// A pointer to an ACE.
/// The ObjectType value, if this is an object ACE, otherwise .
/// pAce
public static Guid? GetObjectType(this PACE pAce)
{
if (pAce.IsNull) throw new ArgumentNullException(nameof(pAce));
return !pAce.IsObjectAce() ? null : (Guid?)pAce.DangerousGetHandle().ToStructure().ObjectType;
}
/// Gets the SID for an ACE.
/// A pointer to an ACE.
/// The SID value.
/// pAce
public static AdvApi32.SafePSID GetSid(this PACE pAce)
{
if (pAce.IsNull) throw new ArgumentNullException(nameof(pAce));
var offset = Marshal.SizeOf(typeof(AdvApi32.ACE_HEADER)) + sizeof(uint);
if (pAce.IsObjectAce()) offset += sizeof(uint) + Marshal.SizeOf(typeof(Guid)) * 2;
unsafe
{
return AdvApi32.SafePSID.CreateFromPtr((IntPtr)((byte*)pAce.DangerousGetHandle() + offset));
}
}
/// Determines if a ACE is an object ACE.
/// A pointer to an ACE.
/// if is this is an object ACE; otherwise, .
/// pAce
/// pAce - Unknown ACE type.
public static bool IsObjectAce(this PACE pAce)
{
if (pAce.IsNull) throw new ArgumentNullException(nameof(pAce));
var aceType = (byte)GetHeader(pAce).AceType;
if (aceType > 0x15) throw new ArgumentOutOfRangeException(nameof(pAce), "Unknown ACE type.");
return (aceType >= 0x5 && aceType <= 0x8) || aceType == 0xB || aceType == 0xC || aceType == 0xF || aceType == 0x10;
}
/// Determines whether the security descriptor is self-relative.
/// The pointer to the SECURITY_DESCRIPTOR structure to query.
/// true if it is self-relative; otherwise, false.
public static bool IsSelfRelative(this PSECURITY_DESCRIPTOR pSD) => AdvApi32.GetSecurityDescriptorControl(pSD, out var ctrl, out _) ? ctrl.IsFlagSet(AdvApi32.SECURITY_DESCRIPTOR_CONTROL.SE_SELF_RELATIVE) : throw Win32Error.GetLastError().GetException();
/// Validates an access control list (ACL).
/// The pointer to the ACL structure to query.
/// true if the ACL is valid; otherwise, false.
public static bool IsValidAcl(this PACL pAcl) => AdvApi32.IsValidAcl(pAcl);
/// Determines whether the components of a security descriptor are valid.
/// The pointer to the SECURITY_DESCRIPTOR structure to query.
///
/// true if the components of the security descriptor are valid. If any of the components of the security descriptor are not
/// valid, the return value is false.
///
public static bool IsValidSecurityDescriptor(this PSECURITY_DESCRIPTOR pSD) => AdvApi32.IsValidSecurityDescriptor(pSD);
/// Gets the size, in bytes, of an ACE.
/// The pointer to the ACE structure to query.
/// The size, in bytes, of the ACE.
public static uint Length(this PACE pAce)
{
unsafe
{
var p = (AdvApi32.ACE_HEADER*)(void*)pAce.DangerousGetHandle();
return p == null ? 0U : p->AceSize;
}
}
/// Gets the size, in bytes, of an ACL. If the ACL is not valid, 0 is returned.
/// The pointer to the ACL structure to query.
/// The size, in bytes, of an ACL. If the ACL is not valid, 0 is returned.
public static uint Length(this PACL pACL) => AdvApi32.IsValidAcl(pACL) && AdvApi32.GetAclInformation(pACL, out AdvApi32.ACL_SIZE_INFORMATION si) ? si.AclBytesInUse : 0;
/// Gets the size, in bytes, of a security descriptor. If it is not valid, 0 is returned.
/// The pointer to the SECURITY_DESCRIPTOR structure to query.
/// The size, in bytes, of a security descriptor. If it is not valid, 0 is returned.
public static uint Length(this PSECURITY_DESCRIPTOR pSD) => AdvApi32.IsValidSecurityDescriptor(pSD) ? AdvApi32.GetSecurityDescriptorLength(pSD) : 0U;
}
}