/* Copyright (C) 2008-2016 Peter Palotas, Jeffrey Jangli, Alexandr Normuradov
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
using System;
using System.Diagnostics.CodeAnalysis;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.AccessControl;
using Alphaleonis.Win32.Security;
using Microsoft.Win32.SafeHandles;
namespace Alphaleonis.Win32.Filesystem
{
partial class File
{
/// Applies access control list (ACL) entries described by a FileSecurity object to the specified file.
///
///
///
/// A file to add or remove access control list (ACL) entries from.
/// A object that describes an ACL entry to apply to the file described by the parameter.
[SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]
[SecurityCritical]
public static void SetAccessControl(string path, FileSecurity fileSecurity)
{
SetAccessControlCore(path, null, fileSecurity, AccessControlSections.All, PathFormat.RelativePath);
}
/// Applies access control list (ACL) entries described by a object to the specified directory.
///
///
///
/// A directory to add or remove access control list (ACL) entries from.
/// A object that describes an ACL entry to apply to the directory described by the path parameter.
/// One or more of the values that specifies the type of access control list (ACL) information to set.
[SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]
[SecurityCritical]
public static void SetAccessControl(string path, FileSecurity fileSecurity, AccessControlSections includeSections)
{
SetAccessControlCore(path, null, fileSecurity, includeSections, PathFormat.RelativePath);
}
/// [AlphaFS] Applies access control list (ACL) entries described by a FileSecurity object to the specified file.
///
///
///
/// A file to add or remove access control list (ACL) entries from.
/// A object that describes an ACL entry to apply to the file described by the parameter.
/// Indicates the format of the path parameter(s).
[SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]
[SecurityCritical]
public static void SetAccessControl(string path, FileSecurity fileSecurity, PathFormat pathFormat)
{
SetAccessControlCore(path, null, fileSecurity, AccessControlSections.All, pathFormat);
}
/// [AlphaFS] Applies access control list (ACL) entries described by a object to the specified directory.
///
///
///
/// A directory to add or remove access control list (ACL) entries from.
/// A object that describes an ACL entry to apply to the directory described by the path parameter.
/// One or more of the values that specifies the type of access control list (ACL) information to set.
/// Indicates the format of the path parameter(s).
[SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]
[SecurityCritical]
public static void SetAccessControl(string path, FileSecurity fileSecurity, AccessControlSections includeSections, PathFormat pathFormat)
{
SetAccessControlCore(path, null, fileSecurity, includeSections, pathFormat);
}
/// Applies access control list (ACL) entries described by a FileSecurity object to the specified file.
///
///
///
/// A to a file to add or remove access control list (ACL) entries from.
/// A object that describes an ACL entry to apply to the file described by the parameter.
[SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]
[SecurityCritical]
public static void SetAccessControl(SafeFileHandle handle, FileSecurity fileSecurity)
{
SetAccessControlCore(null, handle, fileSecurity, AccessControlSections.All, PathFormat.LongFullPath);
}
/// Applies access control list (ACL) entries described by a FileSecurity object to the specified file.
///
///
///
/// A to a file to add or remove access control list (ACL) entries from.
/// A object that describes an ACL entry to apply to the file described by the parameter.
/// One or more of the values that specifies the type of access control list (ACL) information to set.
[SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]
[SecurityCritical]
public static void SetAccessControl(SafeFileHandle handle, FileSecurity fileSecurity, AccessControlSections includeSections)
{
SetAccessControlCore(null, handle, fileSecurity, includeSections, PathFormat.LongFullPath);
}
/// [AlphaFS] Applies access control list (ACL) entries described by a / object to the specified file or directory.
/// Use either or , not both.
///
///
///
/// A file/directory to add or remove access control list (ACL) entries from. This parameter This parameter may be .
/// A to add or remove access control list (ACL) entries from. This parameter This parameter may be .
/// A / object that describes an ACL entry to apply to the file/directory described by the / parameter.
/// One or more of the values that specifies the type of access control list (ACL) information to set.
/// Indicates the format of the path parameter(s).
[SuppressMessage("Microsoft.Maintainability", "CA1502:AvoidExcessiveComplexity")]
[SecurityCritical]
internal static void SetAccessControlCore(string path, SafeFileHandle handle, ObjectSecurity objectSecurity, AccessControlSections includeSections, PathFormat pathFormat)
{
if (pathFormat == PathFormat.RelativePath)
Path.CheckSupportedPathFormat(path, true, true);
if (objectSecurity == null)
throw new ArgumentNullException("objectSecurity");
byte[] managedDescriptor = objectSecurity.GetSecurityDescriptorBinaryForm();
using (var safeBuffer = new SafeGlobalMemoryBufferHandle(managedDescriptor.Length))
{
string pathLp = Path.GetExtendedLengthPathCore(null, path, pathFormat, GetFullPathOptions.RemoveTrailingDirectorySeparator | GetFullPathOptions.CheckInvalidPathChars);
safeBuffer.CopyFrom(managedDescriptor, 0, managedDescriptor.Length);
SecurityDescriptorControl control;
uint revision;
if (!Security.NativeMethods.GetSecurityDescriptorControl(safeBuffer, out control, out revision))
NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);
PrivilegeEnabler privilegeEnabler = null;
try
{
var securityInfo = SecurityInformation.None;
IntPtr pDacl = IntPtr.Zero;
if ((includeSections & AccessControlSections.Access) != 0)
{
bool daclDefaulted, daclPresent;
if (!Security.NativeMethods.GetSecurityDescriptorDacl(safeBuffer, out daclPresent, out pDacl, out daclDefaulted))
NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);
if (daclPresent)
{
securityInfo |= SecurityInformation.Dacl;
securityInfo |= (control & SecurityDescriptorControl.DaclProtected) != 0
? SecurityInformation.ProtectedDacl
: SecurityInformation.UnprotectedDacl;
}
}
IntPtr pSacl = IntPtr.Zero;
if ((includeSections & AccessControlSections.Audit) != 0)
{
bool saclDefaulted, saclPresent;
if (!Security.NativeMethods.GetSecurityDescriptorSacl(safeBuffer, out saclPresent, out pSacl, out saclDefaulted))
NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);
if (saclPresent)
{
securityInfo |= SecurityInformation.Sacl;
securityInfo |= (control & SecurityDescriptorControl.SaclProtected) != 0
? SecurityInformation.ProtectedSacl
: SecurityInformation.UnprotectedSacl;
privilegeEnabler = new PrivilegeEnabler(Privilege.Security);
}
}
IntPtr pOwner = IntPtr.Zero;
if ((includeSections & AccessControlSections.Owner) != 0)
{
bool ownerDefaulted;
if (!Security.NativeMethods.GetSecurityDescriptorOwner(safeBuffer, out pOwner, out ownerDefaulted))
NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);
if (pOwner != IntPtr.Zero)
securityInfo |= SecurityInformation.Owner;
}
IntPtr pGroup = IntPtr.Zero;
if ((includeSections & AccessControlSections.Group) != 0)
{
bool groupDefaulted;
if (!Security.NativeMethods.GetSecurityDescriptorGroup(safeBuffer, out pGroup, out groupDefaulted))
NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);
if (pGroup != IntPtr.Zero)
securityInfo |= SecurityInformation.Group;
}
uint lastError;
if (!Utils.IsNullOrWhiteSpace(pathLp))
{
// SetNamedSecurityInfo()
// In the ANSI version of this function, the name is limited to MAX_PATH characters.
// To extend this limit to 32,767 wide characters, call the Unicode version of the function and prepend "\\?\" to the path.
// 2013-01-13: MSDN does not confirm LongPath usage but a Unicode version of this function exists.
lastError = Security.NativeMethods.SetNamedSecurityInfo(pathLp, ObjectType.FileObject, securityInfo, pOwner, pGroup, pDacl, pSacl);
if (lastError != Win32Errors.ERROR_SUCCESS)
NativeError.ThrowException(lastError, pathLp);
}
else
{
if (NativeMethods.IsValidHandle(handle))
{
lastError = Security.NativeMethods.SetSecurityInfo(handle, ObjectType.FileObject, securityInfo, pOwner, pGroup, pDacl, pSacl);
if (lastError != Win32Errors.ERROR_SUCCESS)
NativeError.ThrowException((int) lastError);
}
}
}
finally
{
if (privilegeEnabler != null)
privilegeEnabler.Dispose();
}
}
}
}
}