|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264 |
- /* Copyright (C) 2008-2016 Peter Palotas, Jeffrey Jangli, Alexandr Normuradov
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
- using System;
- using System.Diagnostics.CodeAnalysis;
- using System.Runtime.InteropServices;
- using System.Security;
- using System.Security.AccessControl;
- using Alphaleonis.Win32.Security;
- using Microsoft.Win32.SafeHandles;
-
- namespace Alphaleonis.Win32.Filesystem
- {
- partial class File
- {
- /// <summary>Applies access control list (ACL) entries described by a <see cref="FileSecurity"/> FileSecurity object to the specified file.</summary>
- /// <exception cref="ArgumentNullException"/>
- /// <exception cref="ArgumentException"/>
- /// <exception cref="NotSupportedException"/>
- /// <param name="path">A file to add or remove access control list (ACL) entries from.</param>
- /// <param name="fileSecurity">A <see cref="FileSecurity"/> object that describes an ACL entry to apply to the file described by the <paramref name="path"/> parameter.</param>
- [SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]
- [SecurityCritical]
- public static void SetAccessControl(string path, FileSecurity fileSecurity)
- {
- SetAccessControlCore(path, null, fileSecurity, AccessControlSections.All, PathFormat.RelativePath);
- }
-
- /// <summary>Applies access control list (ACL) entries described by a <see cref="DirectorySecurity"/> object to the specified directory.</summary>
- /// <exception cref="ArgumentNullException"/>
- /// <exception cref="ArgumentException"/>
- /// <exception cref="NotSupportedException"/>
- /// <param name="path">A directory to add or remove access control list (ACL) entries from.</param>
- /// <param name="fileSecurity">A <see cref="FileSecurity "/> object that describes an ACL entry to apply to the directory described by the path parameter.</param>
- /// <param name="includeSections">One or more of the <see cref="AccessControlSections"/> values that specifies the type of access control list (ACL) information to set.</param>
- [SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]
- [SecurityCritical]
- public static void SetAccessControl(string path, FileSecurity fileSecurity, AccessControlSections includeSections)
- {
- SetAccessControlCore(path, null, fileSecurity, includeSections, PathFormat.RelativePath);
- }
-
-
- /// <summary>[AlphaFS] Applies access control list (ACL) entries described by a <see cref="FileSecurity"/> FileSecurity object to the specified file.</summary>
- /// <exception cref="ArgumentNullException"/>
- /// <exception cref="ArgumentException"/>
- /// <exception cref="NotSupportedException"/>
- /// <param name="path">A file to add or remove access control list (ACL) entries from.</param>
- /// <param name="fileSecurity">A <see cref="FileSecurity"/> object that describes an ACL entry to apply to the file described by the <paramref name="path"/> parameter.</param>
- /// <param name="pathFormat">Indicates the format of the path parameter(s).</param>
- [SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]
- [SecurityCritical]
- public static void SetAccessControl(string path, FileSecurity fileSecurity, PathFormat pathFormat)
- {
- SetAccessControlCore(path, null, fileSecurity, AccessControlSections.All, pathFormat);
- }
-
- /// <summary>[AlphaFS] Applies access control list (ACL) entries described by a <see cref="DirectorySecurity"/> object to the specified directory.</summary>
- /// <exception cref="ArgumentNullException"/>
- /// <exception cref="ArgumentException"/>
- /// <exception cref="NotSupportedException"/>
- /// <param name="path">A directory to add or remove access control list (ACL) entries from.</param>
- /// <param name="fileSecurity">A <see cref="FileSecurity "/> object that describes an ACL entry to apply to the directory described by the path parameter.</param>
- /// <param name="includeSections">One or more of the <see cref="AccessControlSections"/> values that specifies the type of access control list (ACL) information to set.</param>
- /// <param name="pathFormat">Indicates the format of the path parameter(s).</param>
- [SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]
- [SecurityCritical]
- public static void SetAccessControl(string path, FileSecurity fileSecurity, AccessControlSections includeSections, PathFormat pathFormat)
- {
- SetAccessControlCore(path, null, fileSecurity, includeSections, pathFormat);
- }
-
-
- /// <summary>Applies access control list (ACL) entries described by a <see cref="FileSecurity"/> FileSecurity object to the specified file.</summary>
- /// <exception cref="ArgumentNullException"/>
- /// <exception cref="ArgumentException"/>
- /// <exception cref="NotSupportedException"/>
- /// <param name="handle">A <see cref="SafeFileHandle"/> to a file to add or remove access control list (ACL) entries from.</param>
- /// <param name="fileSecurity">A <see cref="FileSecurity"/> object that describes an ACL entry to apply to the file described by the <paramref name="handle"/> parameter.</param>
- [SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]
- [SecurityCritical]
- public static void SetAccessControl(SafeFileHandle handle, FileSecurity fileSecurity)
- {
- SetAccessControlCore(null, handle, fileSecurity, AccessControlSections.All, PathFormat.LongFullPath);
- }
-
- /// <summary>Applies access control list (ACL) entries described by a <see cref="FileSecurity"/> FileSecurity object to the specified file.</summary>
- /// <exception cref="ArgumentNullException"/>
- /// <exception cref="ArgumentException"/>
- /// <exception cref="NotSupportedException"/>
- /// <param name="handle">A <see cref="SafeFileHandle"/> to a file to add or remove access control list (ACL) entries from.</param>
- /// <param name="fileSecurity">A <see cref="FileSecurity"/> object that describes an ACL entry to apply to the file described by the <paramref name="handle"/> parameter.</param>
- /// <param name="includeSections">One or more of the <see cref="AccessControlSections"/> values that specifies the type of access control list (ACL) information to set.</param>
- [SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]
- [SecurityCritical]
- public static void SetAccessControl(SafeFileHandle handle, FileSecurity fileSecurity, AccessControlSections includeSections)
- {
- SetAccessControlCore(null, handle, fileSecurity, includeSections, PathFormat.LongFullPath);
- }
-
-
-
-
- /// <summary>[AlphaFS] Applies access control list (ACL) entries described by a <see cref="FileSecurity"/>/<see cref="DirectorySecurity"/> object to the specified file or directory.</summary>
- /// <remarks>Use either <paramref name="path"/> or <paramref name="handle"/>, not both.</remarks>
- /// <exception cref="ArgumentNullException"/>
- /// <exception cref="ArgumentException"/>
- /// <exception cref="NotSupportedException"/>
- /// <param name="path">A file/directory to add or remove access control list (ACL) entries from. This parameter This parameter may be <see langword="null"/>.</param>
- /// <param name="handle">A <see cref="SafeFileHandle"/> to add or remove access control list (ACL) entries from. This parameter This parameter may be <see langword="null"/>.</param>
- /// <param name="objectSecurity">A <see cref="FileSecurity"/>/<see cref="DirectorySecurity"/> object that describes an ACL entry to apply to the file/directory described by the <paramref name="path"/>/<paramref name="handle"/> parameter.</param>
- /// <param name="includeSections">One or more of the <see cref="AccessControlSections"/> values that specifies the type of access control list (ACL) information to set.</param>
- /// <param name="pathFormat">Indicates the format of the path parameter(s).</param>
- [SuppressMessage("Microsoft.Maintainability", "CA1502:AvoidExcessiveComplexity")]
- [SecurityCritical]
- internal static void SetAccessControlCore(string path, SafeFileHandle handle, ObjectSecurity objectSecurity, AccessControlSections includeSections, PathFormat pathFormat)
- {
- if (pathFormat == PathFormat.RelativePath)
- Path.CheckSupportedPathFormat(path, true, true);
-
- if (objectSecurity == null)
- throw new ArgumentNullException("objectSecurity");
-
-
- byte[] managedDescriptor = objectSecurity.GetSecurityDescriptorBinaryForm();
-
- using (var safeBuffer = new SafeGlobalMemoryBufferHandle(managedDescriptor.Length))
- {
- string pathLp = Path.GetExtendedLengthPathCore(null, path, pathFormat, GetFullPathOptions.RemoveTrailingDirectorySeparator | GetFullPathOptions.CheckInvalidPathChars);
-
- safeBuffer.CopyFrom(managedDescriptor, 0, managedDescriptor.Length);
-
- SecurityDescriptorControl control;
- uint revision;
-
- if (!Security.NativeMethods.GetSecurityDescriptorControl(safeBuffer, out control, out revision))
- NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);
-
-
- PrivilegeEnabler privilegeEnabler = null;
-
- try
- {
- var securityInfo = SecurityInformation.None;
- IntPtr pDacl = IntPtr.Zero;
-
- if ((includeSections & AccessControlSections.Access) != 0)
- {
- bool daclDefaulted, daclPresent;
-
- if (!Security.NativeMethods.GetSecurityDescriptorDacl(safeBuffer, out daclPresent, out pDacl, out daclDefaulted))
- NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);
-
- if (daclPresent)
- {
- securityInfo |= SecurityInformation.Dacl;
- securityInfo |= (control & SecurityDescriptorControl.DaclProtected) != 0
- ? SecurityInformation.ProtectedDacl
- : SecurityInformation.UnprotectedDacl;
- }
- }
-
-
- IntPtr pSacl = IntPtr.Zero;
-
- if ((includeSections & AccessControlSections.Audit) != 0)
- {
- bool saclDefaulted, saclPresent;
-
- if (!Security.NativeMethods.GetSecurityDescriptorSacl(safeBuffer, out saclPresent, out pSacl, out saclDefaulted))
- NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);
-
- if (saclPresent)
- {
- securityInfo |= SecurityInformation.Sacl;
- securityInfo |= (control & SecurityDescriptorControl.SaclProtected) != 0
- ? SecurityInformation.ProtectedSacl
- : SecurityInformation.UnprotectedSacl;
-
- privilegeEnabler = new PrivilegeEnabler(Privilege.Security);
- }
- }
-
-
- IntPtr pOwner = IntPtr.Zero;
-
- if ((includeSections & AccessControlSections.Owner) != 0)
- {
- bool ownerDefaulted;
-
- if (!Security.NativeMethods.GetSecurityDescriptorOwner(safeBuffer, out pOwner, out ownerDefaulted))
- NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);
-
- if (pOwner != IntPtr.Zero)
- securityInfo |= SecurityInformation.Owner;
- }
-
-
- IntPtr pGroup = IntPtr.Zero;
-
- if ((includeSections & AccessControlSections.Group) != 0)
- {
- bool groupDefaulted;
-
- if (!Security.NativeMethods.GetSecurityDescriptorGroup(safeBuffer, out pGroup, out groupDefaulted))
- NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);
-
- if (pGroup != IntPtr.Zero)
- securityInfo |= SecurityInformation.Group;
- }
-
-
- uint lastError;
-
- if (!Utils.IsNullOrWhiteSpace(pathLp))
- {
- // SetNamedSecurityInfo()
- // In the ANSI version of this function, the name is limited to MAX_PATH characters.
- // To extend this limit to 32,767 wide characters, call the Unicode version of the function and prepend "\\?\" to the path.
- // 2013-01-13: MSDN does not confirm LongPath usage but a Unicode version of this function exists.
-
- lastError = Security.NativeMethods.SetNamedSecurityInfo(pathLp, ObjectType.FileObject, securityInfo, pOwner, pGroup, pDacl, pSacl);
-
- if (lastError != Win32Errors.ERROR_SUCCESS)
- NativeError.ThrowException(lastError, pathLp);
- }
- else
- {
- if (NativeMethods.IsValidHandle(handle))
- {
- lastError = Security.NativeMethods.SetSecurityInfo(handle, ObjectType.FileObject, securityInfo, pOwner, pGroup, pDacl, pSacl);
-
- if (lastError != Win32Errors.ERROR_SUCCESS)
- NativeError.ThrowException((int) lastError);
- }
- }
- }
- finally
- {
- if (privilegeEnabler != null)
- privilegeEnabler.Dispose();
- }
- }
- }
- }
- }
|