Code:
/ FX-1434 / FX-1434 / 1.0 / untmp / whidbey / REDBITS / ndp / clr / src / BCL / System / Security / AccessControl / ObjectSecurity.cs / 1 / ObjectSecurity.cs
// ==++== // // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== /*============================================================ ** ** Classes: Object Security family of classes ** ** ===========================================================*/ using Microsoft.Win32; using System; using System.Collections; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Security.Principal; using System.Threading; namespace System.Security.AccessControl { public enum AccessControlModification { Add = 0, Set = 1, Reset = 2, Remove = 3, RemoveAll = 4, RemoveSpecific = 5, } public abstract class ObjectSecurity { #region Private Members private readonly ReaderWriterLock _lock = new ReaderWriterLock(); internal CommonSecurityDescriptor _securityDescriptor; private bool _ownerModified = false; private bool _groupModified = false; private bool _saclModified = false; private bool _daclModified = false; // only these SACL control flags will be automatically carry forward // when update with new security descriptor. static private readonly ControlFlags SACL_CONTROL_FLAGS = ControlFlags.SystemAclPresent | ControlFlags.SystemAclAutoInherited | ControlFlags.SystemAclProtected; // only these DACL control flags will be automatically carry forward // when update with new security descriptor static private readonly ControlFlags DACL_CONTROL_FLAGS = ControlFlags.DiscretionaryAclPresent | ControlFlags.DiscretionaryAclAutoInherited | ControlFlags.DiscretionaryAclProtected; #endregion #region Constructors private ObjectSecurity() { } protected ObjectSecurity( bool isContainer, bool isDS ) : this() { // we will create an empty DACL, denying anyone any access as the default. 5 is the capacity. DiscretionaryAcl dacl = new DiscretionaryAcl(isContainer, isDS, 5); _securityDescriptor = new CommonSecurityDescriptor( isContainer, isDS, ControlFlags.None, null, null, null, dacl ); } internal ObjectSecurity( CommonSecurityDescriptor securityDescriptor ) : this() { if ( securityDescriptor == null ) { throw new ArgumentNullException( "securityDescriptor" ); } _securityDescriptor = securityDescriptor; } #endregion #region Private methods private void UpdateWithNewSecurityDescriptor( RawSecurityDescriptor newOne, AccessControlSections includeSections ) { BCLDebug.Assert( newOne != null, "Must not supply a null parameter here" ); if (( includeSections & AccessControlSections.Owner ) != 0 ) { _ownerModified = true; _securityDescriptor.Owner = newOne.Owner; } if (( includeSections & AccessControlSections.Group ) != 0 ) { _groupModified = true; _securityDescriptor.Group = newOne.Group; } if (( includeSections & AccessControlSections.Audit ) != 0 ) { _saclModified = true; if ( newOne.SystemAcl != null ) { _securityDescriptor.SystemAcl = new SystemAcl( IsContainer, IsDS, newOne.SystemAcl, true ); } else { _securityDescriptor.SystemAcl = null; } // carry forward the SACL related control flags _securityDescriptor.UpdateControlFlags(SACL_CONTROL_FLAGS, (ControlFlags)(newOne.ControlFlags & SACL_CONTROL_FLAGS)); } if (( includeSections & AccessControlSections.Access ) != 0 ) { _daclModified = true; if ( newOne.DiscretionaryAcl != null ) { _securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl( IsContainer, IsDS, newOne.DiscretionaryAcl, true ); } else { _securityDescriptor.DiscretionaryAcl = null; } // by the following property set, the _securityDescriptor's control flags // may contains DACL present flag. That needs to be carried forward! Therefore, we OR // the current _securityDescriptor.s DACL present flag. ControlFlags daclFlag = (_securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent); _securityDescriptor.UpdateControlFlags(DACL_CONTROL_FLAGS, (ControlFlags)((newOne.ControlFlags | daclFlag) & DACL_CONTROL_FLAGS)); } } #endregion #region Protected Properties and Methods protected void ReadLock() { _lock.AcquireReaderLock( -1 ); } protected void ReadUnlock() { _lock.ReleaseReaderLock(); } protected void WriteLock() { _lock.AcquireWriterLock( -1 ); } protected void WriteUnlock() { _lock.ReleaseWriterLock(); } protected bool OwnerModified { get { if (!( _lock.IsReaderLockHeld || _lock.IsWriterLockHeld )) { throw new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_MustLockForReadOrWrite" )); } return _ownerModified; } set { if ( !_lock.IsWriterLockHeld ) { throw new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_MustLockForWrite" )); } _ownerModified = value; } } protected bool GroupModified { get { if (!( _lock.IsReaderLockHeld || _lock.IsWriterLockHeld )) { throw new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_MustLockForReadOrWrite" )); } return _groupModified; } set { if ( !_lock.IsWriterLockHeld ) { throw new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_MustLockForWrite" )); } _groupModified = value; } } protected bool AuditRulesModified { get { if (!( _lock.IsReaderLockHeld || _lock.IsWriterLockHeld )) { throw new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_MustLockForReadOrWrite" )); } return _saclModified; } set { if ( !_lock.IsWriterLockHeld ) { throw new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_MustLockForWrite" )); } _saclModified = value; } } protected bool AccessRulesModified { get { if (!( _lock.IsReaderLockHeld || _lock.IsWriterLockHeld )) { throw new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_MustLockForReadOrWrite" )); } return _daclModified; } set { if ( !_lock.IsWriterLockHeld ) { throw new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_MustLockForWrite" )); } _daclModified = value; } } protected bool IsContainer { get { return _securityDescriptor.IsContainer; } } protected bool IsDS { get { return _securityDescriptor.IsDS; } } // // Persists the changes made to the object // // This overloaded method takes a name of an existing object // protected virtual void Persist( string name, AccessControlSections includeSections ) { throw new NotImplementedException(); } // // if Persist (by name) is implemented, then this function will also try to enable take ownership // privilege while persisting if the enableOwnershipPrivilege is true. // Integrators can override it if this is not desired. // protected virtual void Persist(bool enableOwnershipPrivilege, string name, AccessControlSections includeSections ) { Privilege ownerPrivilege = null; // Ensure that the finally block will execute RuntimeHelpers.PrepareConstrainedRegions(); try { if (enableOwnershipPrivilege) { ownerPrivilege = new Privilege(Privilege.TakeOwnership); try { ownerPrivilege.Enable(); } catch (PrivilegeNotHeldException) { // we will ignore this exception and press on just in case this is a remote resource } } Persist(name, includeSections); } catch { // protection against exception filter-based luring attacks if ( ownerPrivilege != null ) { ownerPrivilege.Revert(); } throw; } finally { if (ownerPrivilege != null) { ownerPrivilege.Revert(); } } } // // Persists the changes made to the object // // This overloaded method takes a handle to an existing object // protected virtual void Persist( SafeHandle handle, AccessControlSections includeSections ) { throw new NotImplementedException(); } #endregion #region Public Methods // // Sets and retrieves the owner of this object // public IdentityReference GetOwner( System.Type targetType ) { ReadLock(); try { if ( _securityDescriptor.Owner == null ) { return null; } return _securityDescriptor.Owner.Translate( targetType ); } finally { ReadUnlock(); } } public void SetOwner( IdentityReference identity ) { if ( identity == null ) { throw new ArgumentNullException( "identity" ); } WriteLock(); try { _securityDescriptor.Owner = identity.Translate( typeof( SecurityIdentifier )) as SecurityIdentifier; _ownerModified = true; } finally { WriteUnlock(); } } // // Sets and retrieves the group of this object // public IdentityReference GetGroup( System.Type targetType ) { ReadLock(); try { if ( _securityDescriptor.Group == null ) { return null; } return _securityDescriptor.Group.Translate( targetType ); } finally { ReadUnlock(); } } public void SetGroup( IdentityReference identity ) { if ( identity == null ) { throw new ArgumentNullException( "identity" ); } WriteLock(); try { _securityDescriptor.Group = identity.Translate( typeof( SecurityIdentifier )) as SecurityIdentifier; _groupModified = true; } finally { WriteUnlock(); } } public virtual void PurgeAccessRules( IdentityReference identity ) { if ( identity == null ) { throw new ArgumentNullException( "identity" ); } WriteLock(); try { _securityDescriptor.PurgeAccessControl( identity.Translate( typeof( SecurityIdentifier )) as SecurityIdentifier ); _daclModified = true; } finally { WriteUnlock(); } } public virtual void PurgeAuditRules(IdentityReference identity) { if ( identity == null ) { throw new ArgumentNullException( "identity" ); } WriteLock(); try { _securityDescriptor.PurgeAudit( identity.Translate( typeof( SecurityIdentifier )) as SecurityIdentifier ); _saclModified = true; } finally { WriteUnlock(); } } public bool AreAccessRulesProtected { get { ReadLock(); try { return (( _securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclProtected ) != 0 ); } finally { ReadUnlock(); } } } public void SetAccessRuleProtection( bool isProtected, bool preserveInheritance ) { WriteLock(); try { _securityDescriptor.SetDiscretionaryAclProtection( isProtected, preserveInheritance ); _daclModified = true; } finally { WriteUnlock(); } } public bool AreAuditRulesProtected { get { ReadLock(); try { return (( _securityDescriptor.ControlFlags & ControlFlags.SystemAclProtected ) != 0 ); } finally { ReadUnlock(); } } } public void SetAuditRuleProtection( bool isProtected, bool preserveInheritance ) { WriteLock(); try { _securityDescriptor.SetSystemAclProtection( isProtected, preserveInheritance ); _saclModified = true; } finally { WriteUnlock(); } } public bool AreAccessRulesCanonical { get { ReadLock(); try { return _securityDescriptor.IsDiscretionaryAclCanonical; } finally { ReadUnlock(); } } } public bool AreAuditRulesCanonical { get { ReadLock(); try { return _securityDescriptor.IsSystemAclCanonical; } finally { ReadUnlock(); } } } public static bool IsSddlConversionSupported() { return Win32.IsSddlConversionSupported(); } public string GetSecurityDescriptorSddlForm( AccessControlSections includeSections ) { ReadLock(); try { return _securityDescriptor.GetSddlForm( includeSections ); } finally { ReadUnlock(); } } public void SetSecurityDescriptorSddlForm( string sddlForm ) { SetSecurityDescriptorSddlForm( sddlForm, AccessControlSections.All ); } public void SetSecurityDescriptorSddlForm( string sddlForm, AccessControlSections includeSections ) { if ( sddlForm == null ) { throw new ArgumentNullException( "sddlForm" ); } if (( includeSections & AccessControlSections.All ) == 0 ) { throw new ArgumentException( Environment.GetResourceString( "Arg_EnumAtLeastOneFlag" ), "includeSections" ); } WriteLock(); try { UpdateWithNewSecurityDescriptor( new RawSecurityDescriptor( sddlForm ), includeSections ); } finally { WriteUnlock(); } } public byte[] GetSecurityDescriptorBinaryForm() { ReadLock(); try { byte[] result = new byte[_securityDescriptor.BinaryLength]; _securityDescriptor.GetBinaryForm( result, 0 ); return result; } finally { ReadUnlock(); } } public void SetSecurityDescriptorBinaryForm( byte[] binaryForm ) { SetSecurityDescriptorBinaryForm( binaryForm, AccessControlSections.All ); } public void SetSecurityDescriptorBinaryForm( byte[] binaryForm, AccessControlSections includeSections ) { if ( binaryForm == null ) { throw new ArgumentNullException( "binaryForm" ); } if (( includeSections & AccessControlSections.All ) == 0 ) { throw new ArgumentException( Environment.GetResourceString( "Arg_EnumAtLeastOneFlag" ), "includeSections" ); } WriteLock(); try { UpdateWithNewSecurityDescriptor( new RawSecurityDescriptor( binaryForm, 0 ), includeSections ); } finally { WriteUnlock(); } } public abstract Type AccessRightType { get; } public abstract Type AccessRuleType { get; } public abstract Type AuditRuleType { get; } protected abstract bool ModifyAccess( AccessControlModification modification, AccessRule rule, out bool modified); protected abstract bool ModifyAudit( AccessControlModification modification, AuditRule rule, out bool modified ); public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified) { if ( rule == null ) { throw new ArgumentNullException( "rule" ); } if ( !this.AccessRuleType.IsAssignableFrom(rule.GetType()) ) { throw new ArgumentException( Environment.GetResourceString("AccessControl_InvalidAccessRuleType"), "rule"); } WriteLock(); try { return ModifyAccess(modification, rule, out modified); } finally { WriteUnlock(); } } public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified) { if ( rule == null ) { throw new ArgumentNullException( "rule" ); } if ( !this.AuditRuleType.IsAssignableFrom(rule.GetType()) ) { throw new ArgumentException( Environment.GetResourceString("AccessControl_InvalidAuditRuleType"), "rule"); } WriteLock(); try { return ModifyAudit(modification, rule, out modified); } finally { WriteUnlock(); } } public abstract AccessRule AccessRuleFactory( IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type ); public abstract AuditRule AuditRuleFactory( IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags ); #endregion } }
Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- WebPartHelpVerb.cs
- DictionarySectionHandler.cs
- NativeMethods.cs
- TextRangeProviderWrapper.cs
- DaylightTime.cs
- AttributeCollection.cs
- QueryAccessibilityHelpEvent.cs
- CodeMemberMethod.cs
- DocumentCollection.cs
- CellRelation.cs
- DeviceContexts.cs
- Socket.cs
- BulletChrome.cs
- BookmarkManager.cs
- CompilationLock.cs
- SerializerProvider.cs
- DBConnectionString.cs
- DataGridViewRowsAddedEventArgs.cs
- ConnectionManagementElement.cs
- PropagationProtocolsTracing.cs
- FormsAuthenticationUserCollection.cs
- CompositeActivityValidator.cs
- ToolTipAutomationPeer.cs
- ExecutionContext.cs
- MobileRedirect.cs
- ClientBuildManager.cs
- ObjectDataSourceEventArgs.cs
- DockingAttribute.cs
- UserControlParser.cs
- UiaCoreApi.cs
- ServicePoint.cs
- NavigationPropertyEmitter.cs
- GeometryGroup.cs
- DefaultIfEmptyQueryOperator.cs
- BitmapSource.cs
- Pair.cs
- Query.cs
- PersonalizationProvider.cs
- ArgumentException.cs
- DataGridViewDataErrorEventArgs.cs
- ComponentCommands.cs
- WindowsRegion.cs
- AuthenticationManager.cs
- TrackingValidationObjectDictionary.cs
- StringResourceManager.cs
- EntitySet.cs
- XmlWriterTraceListener.cs
- CollectionEditVerbManager.cs
- unitconverter.cs
- CollectionType.cs
- XsltInput.cs
- DbDeleteCommandTree.cs
- ReflectionTypeLoadException.cs
- CodeExporter.cs
- SmiContext.cs
- OdbcConnectionPoolProviderInfo.cs
- SetState.cs
- ComContractElement.cs
- Marshal.cs
- DataGridViewTextBoxCell.cs
- ConstantSlot.cs
- PreDigestedSignedInfo.cs
- ProcessHostMapPath.cs
- TdsParserStateObject.cs
- UnsafeNativeMethods.cs
- FontEmbeddingManager.cs
- Schema.cs
- SoapHeaderException.cs
- RSAOAEPKeyExchangeDeformatter.cs
- PlainXmlDeserializer.cs
- ObjectConverter.cs
- dbenumerator.cs
- EntityDataSourceWrapperPropertyDescriptor.cs
- EventMappingSettingsCollection.cs
- PassportAuthenticationModule.cs
- TraceUtility.cs
- DynamicObject.cs
- SafeRegistryHandle.cs
- SystemIPAddressInformation.cs
- TraceUtility.cs
- ListItem.cs
- RootBrowserWindow.cs
- remotingproxy.cs
- DecimalConstantAttribute.cs
- CodeAssignStatement.cs
- DynamicControl.cs
- AttributeConverter.cs
- ThrowHelper.cs
- TextContainer.cs
- SQLInt16Storage.cs
- WebPartEditVerb.cs
- WebPartHeaderCloseVerb.cs
- SatelliteContractVersionAttribute.cs
- MemberRelationshipService.cs
- BamlBinaryWriter.cs
- Compress.cs
- XmlSerializationReader.cs
- ComponentRenameEvent.cs
- Size.cs
- PermissionRequestEvidence.cs