Code:
/ 4.0 / 4.0 / untmp / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Core / System / IO / Pipes / PipeSecurity.cs / 1305376 / PipeSecurity.cs
// ==++==
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// ==--==
/*============================================================
**
** Class: PipeSecurity
**
**
** Purpose: Managed ACL wrapper for Pipes.
**
**
===========================================================*/
using System;
using System.Collections;
using System.Security.AccessControl;
using System.Security.Permissions;
using System.Security.Principal;
using Microsoft.Win32;
using Microsoft.Win32.SafeHandles;
using System.Runtime.InteropServices;
using System.IO;
using System.Runtime.Versioning;
namespace System.IO.Pipes {
[Flags]
public enum PipeAccessRights {
// No None field - An ACE with the value 0 cannot grant nor deny.
ReadData = 0x000001,
WriteData = 0x000002,
// Not that all client named pipes require ReadAttributes access even if the user does not specify it.
// (This is because CreateFile slaps on the requirement before calling NTCreateFile (at least in WinXP SP2)).
ReadAttributes = 0x000080,
WriteAttributes = 0x000100,
// These aren't really needed since there is no operation that requires this access, but they are left here
// so that people can specify ACLs that others can open by specifying a PipeDirection rather than a
// PipeAccessRights (PipeDirection.In/Out maps to GENERIC_READ/WRITE access).
ReadExtendedAttributes = 0x000008,
WriteExtendedAttributes = 0x000010,
CreateNewInstance = 0x000004, // AppendData
// Again, this is not needed but it should be here so that our FullControl matches windows.
Delete = 0x010000,
ReadPermissions = 0x020000,
ChangePermissions = 0x040000,
TakeOwnership = 0x080000,
Synchronize = 0x100000,
FullControl = ReadData | WriteData | ReadAttributes | ReadExtendedAttributes |
WriteAttributes | WriteExtendedAttributes | CreateNewInstance |
Delete | ReadPermissions | ChangePermissions | TakeOwnership |
Synchronize,
Read = ReadData | ReadAttributes | ReadExtendedAttributes | ReadPermissions,
Write = WriteData | WriteAttributes | WriteExtendedAttributes, // | CreateNewInstance, For security, I really don't this CreateNewInstance belongs here.
ReadWrite = Read | Write,
// These are somewhat similar to what you get if you use PipeDirection:
//In = ReadData | ReadAttributes | ReadExtendedAttributes | ReadPermissions,
//Out = WriteData | WriteAttributes | WriteExtendedAttributes | ChangePermissions | CreateNewInstance | ReadAttributes, // NOTE: Not sure if ReadAttributes should really be here
//InOut = In | Out,
AccessSystemSecurity = 0x01000000, // Allow changes to SACL.
}
[System.Security.Permissions.HostProtection(MayLeakOnAbort = true)]
public sealed class PipeAccessRule : AccessRule {
#region Constructors
//
// Constructor for creating access rules for pipe objects
//
public PipeAccessRule(
String identity,
PipeAccessRights rights,
AccessControlType type)
: this(
new NTAccount(identity),
AccessMaskFromRights(rights, type),
false,
type) {
}
public PipeAccessRule(
IdentityReference identity,
PipeAccessRights rights,
AccessControlType type)
: this(
identity,
AccessMaskFromRights(rights, type),
false,
type) {
}
//
// Internal constructor to be called by public constructors
// and the access rights factory methods
//
internal PipeAccessRule(
IdentityReference identity,
int accessMask,
bool isInherited,
AccessControlType type)
: base(
identity,
accessMask,
isInherited,
InheritanceFlags.None, // these do not apply to pipes
PropagationFlags.None, // these do not apply to pipes
type) {
}
#endregion
#region Public properties
public PipeAccessRights PipeAccessRights {
get {
return RightsFromAccessMask(base.AccessMask);
}
}
#endregion
#region Access mask to rights translation
// ACL's on pipes have a SYNCHRONIZE bit, and CreateFile ALWAYS asks for it.
// So for allows, let's always include this bit, and for denies, let's never
// include this bit unless we're denying full control. This is the right
// thing for users, even if it does make the model look asymmetrical from a
// purist point of view.
internal static int AccessMaskFromRights(PipeAccessRights rights, AccessControlType controlType) {
if (rights < (PipeAccessRights)0 || rights > (PipeAccessRights.FullControl | PipeAccessRights.AccessSystemSecurity))
throw new ArgumentOutOfRangeException("rights", SR.GetString(SR.ArgumentOutOfRange_NeedValidPipeAccessRights));
if (controlType == AccessControlType.Allow) {
rights |= PipeAccessRights.Synchronize;
}
else if (controlType == AccessControlType.Deny) {
if (rights != PipeAccessRights.FullControl) {
rights &= ~PipeAccessRights.Synchronize;
}
}
return (int)rights;
}
internal static PipeAccessRights RightsFromAccessMask(int accessMask) {
return (PipeAccessRights)accessMask;
}
#endregion
}
[System.Security.Permissions.HostProtection(MayLeakOnAbort = true)]
public sealed class PipeAuditRule : AuditRule {
#region Constructors
public PipeAuditRule(
IdentityReference identity,
PipeAccessRights rights,
AuditFlags flags)
: this(
identity,
AccessMaskFromRights(rights),
false,
flags) {
}
public PipeAuditRule(
String identity,
PipeAccessRights rights,
AuditFlags flags)
: this(
new NTAccount(identity),
AccessMaskFromRights(rights),
false,
flags) {
}
internal PipeAuditRule(
IdentityReference identity,
int accessMask,
bool isInherited,
AuditFlags flags)
: base(
identity,
accessMask,
isInherited,
InheritanceFlags.None,
PropagationFlags.None,
flags) {
}
#endregion
#region Private methods
private static int AccessMaskFromRights(PipeAccessRights rights) {
if (rights < (PipeAccessRights)0 || rights > (PipeAccessRights.FullControl | PipeAccessRights.AccessSystemSecurity)) {
throw new ArgumentOutOfRangeException("rights", SR.GetString(SR.ArgumentOutOfRange_NeedValidPipeAccessRights));
}
return (int)rights;
}
#endregion
#region Public properties
public PipeAccessRights PipeAccessRights {
get {
return PipeAccessRule.RightsFromAccessMask(base.AccessMask);
}
}
#endregion
}
[System.Security.Permissions.HostProtection(MayLeakOnAbort = true)]
public class PipeSecurity : NativeObjectSecurity {
public PipeSecurity()
: base(false, ResourceType.KernelObject) { }
// Used by PipeStream.GetAccessControl
[System.Security.SecuritySafeCritical]
internal PipeSecurity(SafePipeHandle safeHandle, AccessControlSections includeSections)
: base(false, ResourceType.KernelObject, safeHandle, includeSections) { }
public void AddAccessRule(PipeAccessRule rule) {
if (rule == null)
throw new ArgumentNullException("rule");
base.AddAccessRule(rule);
}
public void SetAccessRule(PipeAccessRule rule) {
if (rule == null)
throw new ArgumentNullException("rule");
base.SetAccessRule(rule);
}
public void ResetAccessRule(PipeAccessRule rule) {
if (rule == null)
throw new ArgumentNullException("rule");
base.ResetAccessRule(rule);
}
public bool RemoveAccessRule(PipeAccessRule rule) {
if (rule == null) {
throw new ArgumentNullException("rule");
}
// If the rule to be removed matches what is there currently then
// remove it unaltered. That is, don't mask off the Synchronize bit.
AuthorizationRuleCollection rules = GetAccessRules(true, true,
rule.IdentityReference.GetType());
for (int i = 0; i < rules.Count; i++) {
PipeAccessRule fsrule = rules[i] as PipeAccessRule;
if ((fsrule != null) && (fsrule.PipeAccessRights == rule.PipeAccessRights)
&& (fsrule.IdentityReference == rule.IdentityReference)
&& (fsrule.AccessControlType == rule.AccessControlType)) {
return base.RemoveAccessRule(rule);
}
}
// It didn't exactly match any of the current rules so remove this way:
// mask off the synchronize bit (that is automatically added for Allow)
// before removing the ACL. The logic here should be same as Deny and hence
// fake a call to AccessMaskFromRights as though the ACL is for Deny
if (rule.PipeAccessRights != PipeAccessRights.FullControl) {
return base.RemoveAccessRule(new PipeAccessRule(
rule.IdentityReference,
PipeAccessRule.AccessMaskFromRights(rule.PipeAccessRights, AccessControlType.Deny),
false,
rule.AccessControlType));
}
else {
return base.RemoveAccessRule(rule);
}
}
public void RemoveAccessRuleSpecific(PipeAccessRule rule) {
if (rule == null) {
throw new ArgumentNullException("rule");
}
// If the rule to be removed matches what is there currently then
// remove it unaltered. That is, don't mask off the Synchronize bit
AuthorizationRuleCollection rules = GetAccessRules(true, true,
rule.IdentityReference.GetType());
for (int i = 0; i < rules.Count; i++) {
PipeAccessRule fsrule = rules[i] as PipeAccessRule;
if ((fsrule != null) && (fsrule.PipeAccessRights == rule.PipeAccessRights)
&& (fsrule.IdentityReference == rule.IdentityReference)
&& (fsrule.AccessControlType == rule.AccessControlType)) {
base.RemoveAccessRuleSpecific(rule);
return;
}
}
// It wasn't an exact match so try masking the sychronize bit (that is
// automatically added for Allow) before removing the ACL. The logic
// here should be same as Deny and hence fake a call to
// AccessMaskFromRights as though the ACL is for Deny
if (rule.PipeAccessRights != PipeAccessRights.FullControl) {
base.RemoveAccessRuleSpecific(new PipeAccessRule(rule.IdentityReference,
PipeAccessRule.AccessMaskFromRights(rule.PipeAccessRights, AccessControlType.Deny),
false,
rule.AccessControlType));
}
else {
base.RemoveAccessRuleSpecific(rule);
}
}
public void AddAuditRule(PipeAuditRule rule) {
base.AddAuditRule(rule);
}
public void SetAuditRule(PipeAuditRule rule) {
base.SetAuditRule(rule);
}
public bool RemoveAuditRule(PipeAuditRule rule) {
return base.RemoveAuditRule(rule);
}
public void RemoveAuditRuleAll(PipeAuditRule rule) {
base.RemoveAuditRuleAll(rule);
}
public void RemoveAuditRuleSpecific(PipeAuditRule rule) {
base.RemoveAuditRuleSpecific(rule);
}
public override AccessRule AccessRuleFactory(IdentityReference identityReference,
int accessMask, bool isInherited, InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags, AccessControlType type) {
// Throw if inheritance flags or propagation flags set. Have to include in signature
// since this is an override
if (inheritanceFlags != InheritanceFlags.None) {
throw new ArgumentException(SR.GetString(SR.Argument_NonContainerInvalidAnyFlag), "inheritanceFlags");
}
if (propagationFlags != PropagationFlags.None) {
throw new ArgumentException(SR.GetString(SR.Argument_NonContainerInvalidAnyFlag), "propagationFlags");
}
return new PipeAccessRule(
identityReference,
accessMask,
isInherited,
type);
}
public sealed override AuditRule AuditRuleFactory(
IdentityReference identityReference,
int accessMask,
bool isInherited,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AuditFlags flags) {
// Throw if inheritance flags or propagation flags set. Have to include in signature
// since this is an override
if (inheritanceFlags != InheritanceFlags.None) {
throw new ArgumentException(SR.GetString(SR.Argument_NonContainerInvalidAnyFlag), "inheritanceFlags");
}
if (propagationFlags != PropagationFlags.None) {
throw new ArgumentException(SR.GetString(SR.Argument_NonContainerInvalidAnyFlag), "propagationFlags");
}
return new PipeAuditRule(
identityReference,
accessMask,
isInherited,
flags);
}
#region Private Methods
private AccessControlSections GetAccessControlSectionsFromChanges() {
AccessControlSections persistRules = AccessControlSections.None;
if (AccessRulesModified)
persistRules = AccessControlSections.Access;
if (AuditRulesModified)
persistRules |= AccessControlSections.Audit;
if (OwnerModified)
persistRules |= AccessControlSections.Owner;
if (GroupModified)
persistRules |= AccessControlSections.Group;
return persistRules;
}
#endregion
#region Protected Methods
// Use this in your own Persist after you have demanded any appropriate CAS permissions.
// Note that you will want your version to be internal and use a specialized Safe Handle.
//
//
[System.Security.SecurityCritical]
[SecurityPermission(SecurityAction.Assert, UnmanagedCode = true)]
protected internal void Persist(SafeHandle handle) {
WriteLock();
try {
AccessControlSections persistRules = GetAccessControlSectionsFromChanges();
base.Persist(handle, persistRules);
OwnerModified = GroupModified = AuditRulesModified = AccessRulesModified = false;
}
finally {
WriteUnlock();
}
}
// Use this in your own Persist after you have demanded any appropriate CAS permissions.
// Note that you will want your version to be internal.
//
//
[System.Security.SecurityCritical]
[SecurityPermission(SecurityAction.Assert, UnmanagedCode = true)]
protected internal void Persist(String name) {
WriteLock();
try {
AccessControlSections persistRules = GetAccessControlSectionsFromChanges();
base.Persist(name, persistRules);
OwnerModified = GroupModified = AuditRulesModified = AccessRulesModified = false;
}
finally {
WriteUnlock();
}
}
#endregion
#region some overrides
public override Type AccessRightType {
get {
return typeof(PipeAccessRights);
}
}
public override Type AccessRuleType {
get {
return typeof(PipeAccessRule);
}
}
public override Type AuditRuleType {
get {
return typeof(PipeAuditRule);
}
}
#endregion
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- Deflater.cs
- ContentElement.cs
- DPTypeDescriptorContext.cs
- XmlSchemaSet.cs
- Classification.cs
- HtmlImage.cs
- Expression.DebuggerProxy.cs
- FloaterParagraph.cs
- ObjectDataSourceSelectingEventArgs.cs
- WebSysDescriptionAttribute.cs
- MultiDataTrigger.cs
- InputReportEventArgs.cs
- XMLDiffLoader.cs
- ScaleTransform3D.cs
- XmlSchemaAnnotated.cs
- FacetEnabledSchemaElement.cs
- DesignerRegionCollection.cs
- MailDefinition.cs
- New.cs
- SqlTypeConverter.cs
- Style.cs
- PageCopyCount.cs
- DecimalKeyFrameCollection.cs
- PerformanceCountersElement.cs
- HostingPreferredMapPath.cs
- ContainerVisual.cs
- QilXmlReader.cs
- InputEventArgs.cs
- ToolStripItemDataObject.cs
- HebrewNumber.cs
- DesignerSerializerAttribute.cs
- IRCollection.cs
- ChameleonKey.cs
- RadioButtonList.cs
- ControlBuilderAttribute.cs
- HwndSourceKeyboardInputSite.cs
- RequestQueue.cs
- StaticTextPointer.cs
- IndependentlyAnimatedPropertyMetadata.cs
- PointCollection.cs
- MatrixTransform3D.cs
- NonSerializedAttribute.cs
- ListCollectionView.cs
- ProcessModelInfo.cs
- HttpListener.cs
- SqlUtil.cs
- ActivationArguments.cs
- TheQuery.cs
- ChangeBlockUndoRecord.cs
- ValueSerializer.cs
- TreeNodeStyleCollection.cs
- SystemGatewayIPAddressInformation.cs
- XamlToRtfWriter.cs
- FormCollection.cs
- RowUpdatedEventArgs.cs
- LogArchiveSnapshot.cs
- ProcessHost.cs
- ImageListUtils.cs
- FilterableAttribute.cs
- PageCache.cs
- Msec.cs
- XmlSchemaElement.cs
- Hash.cs
- BindingManagerDataErrorEventArgs.cs
- CodeDelegateInvokeExpression.cs
- ReaderContextStackData.cs
- DataObject.cs
- WeakEventTable.cs
- SettingsPropertyWrongTypeException.cs
- CodeGenerationManager.cs
- GregorianCalendarHelper.cs
- Helpers.cs
- HttpCookie.cs
- LocatorBase.cs
- GridViewCancelEditEventArgs.cs
- TreeNodeSelectionProcessor.cs
- DataGridViewToolTip.cs
- ActiveXSite.cs
- TabletDevice.cs
- SHA384Cng.cs
- IDispatchConstantAttribute.cs
- ProviderConnectionPoint.cs
- StringFunctions.cs
- StrokeNodeEnumerator.cs
- CompilerGlobalScopeAttribute.cs
- AuthenticationModuleElement.cs
- SqlDataRecord.cs
- NamespaceEmitter.cs
- _BufferOffsetSize.cs
- DPCustomTypeDescriptor.cs
- SqlParameter.cs
- Drawing.cs
- XmlAtomicValue.cs
- PropertyOverridesDialog.cs
- XMLUtil.cs
- XmlAnyElementAttributes.cs
- CapabilitiesUse.cs
- SqlInternalConnectionTds.cs
- Pool.cs
- Number.cs