mscorlib(4.0.0.0) API with additions
ObjectAce.cs
1 using System.Security.Principal;
2 
3 namespace System.Security.AccessControl
4 {
6  public sealed class ObjectAce : QualifiedAce
7  {
8  private ObjectAceFlags _objectFlags;
9 
10  private Guid _objectAceType;
11 
12  private Guid _inheritedObjectAceType;
13 
14  private const int ObjectFlagsLength = 4;
15 
16  private const int GuidLength = 16;
17 
18  internal static readonly int AccessMaskWithObjectType = 315;
19 
22  public ObjectAceFlags ObjectAceFlags
23  {
24  get
25  {
26  return _objectFlags;
27  }
28  set
29  {
30  _objectFlags = value;
31  }
32  }
33 
36  public Guid ObjectAceType
37  {
38  get
39  {
40  return _objectAceType;
41  }
42  set
43  {
44  _objectAceType = value;
45  }
46  }
47 
50  public Guid InheritedObjectAceType
51  {
52  get
53  {
54  return _inheritedObjectAceType;
55  }
56  set
57  {
58  _inheritedObjectAceType = value;
59  }
60  }
61 
64  public override int BinaryLength
65  {
66  get
67  {
68  int num = (((_objectFlags & ObjectAceFlags.ObjectAceTypePresent) != 0) ? 16 : 0) + (((_objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent) != 0) ? 16 : 0);
69  return 12 + num + base.SecurityIdentifier.BinaryLength + base.OpaqueLength;
70  }
71  }
72 
73  internal override int MaxOpaqueLengthInternal => MaxOpaqueLength(base.IsCallback);
74 
87  public ObjectAce(AceFlags aceFlags, AceQualifier qualifier, int accessMask, SecurityIdentifier sid, ObjectAceFlags flags, Guid type, Guid inheritedType, bool isCallback, byte[] opaque)
88  : base(TypeFromQualifier(isCallback, qualifier), aceFlags, accessMask, sid, opaque)
89  {
90  _objectFlags = flags;
91  _objectAceType = type;
92  _inheritedObjectAceType = inheritedType;
93  }
94 
95  private static AceType TypeFromQualifier(bool isCallback, AceQualifier qualifier)
96  {
97  switch (qualifier)
98  {
99  case AceQualifier.AccessAllowed:
100  if (!isCallback)
101  {
102  return AceType.AccessAllowedObject;
103  }
104  return AceType.AccessAllowedCallbackObject;
105  case AceQualifier.AccessDenied:
106  if (!isCallback)
107  {
108  return AceType.AccessDeniedObject;
109  }
110  return AceType.AccessDeniedCallbackObject;
111  case AceQualifier.SystemAudit:
112  if (!isCallback)
113  {
114  return AceType.SystemAuditObject;
115  }
116  return AceType.SystemAuditCallbackObject;
117  case AceQualifier.SystemAlarm:
118  if (!isCallback)
119  {
120  return AceType.SystemAlarmObject;
121  }
122  return AceType.SystemAlarmCallbackObject;
123  default:
124  throw new ArgumentOutOfRangeException("qualifier", Environment.GetResourceString("ArgumentOutOfRange_Enum"));
125  }
126  }
127 
128  internal bool ObjectTypesMatch(ObjectAceFlags objectFlags, Guid objectType)
129  {
130  if ((ObjectAceFlags & ObjectAceFlags.ObjectAceTypePresent) != (objectFlags & ObjectAceFlags.ObjectAceTypePresent))
131  {
132  return false;
133  }
134  if ((ObjectAceFlags & ObjectAceFlags.ObjectAceTypePresent) != 0 && !ObjectAceType.Equals(objectType))
135  {
136  return false;
137  }
138  return true;
139  }
140 
141  internal bool InheritedObjectTypesMatch(ObjectAceFlags objectFlags, Guid inheritedObjectType)
142  {
143  if ((ObjectAceFlags & ObjectAceFlags.InheritedObjectAceTypePresent) != (objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent))
144  {
145  return false;
146  }
147  if ((ObjectAceFlags & ObjectAceFlags.InheritedObjectAceTypePresent) != 0 && !InheritedObjectAceType.Equals(inheritedObjectType))
148  {
149  return false;
150  }
151  return true;
152  }
153 
154  internal static bool ParseBinaryForm(byte[] binaryForm, int offset, out AceQualifier qualifier, out int accessMask, out SecurityIdentifier sid, out ObjectAceFlags objectFlags, out Guid objectAceType, out Guid inheritedObjectAceType, out bool isCallback, out byte[] opaque)
155  {
156  byte[] array = new byte[16];
157  GenericAce.VerifyHeader(binaryForm, offset);
158  if (binaryForm.Length - offset >= 12 + SecurityIdentifier.MinBinaryLength)
159  {
160  AceType aceType = (AceType)binaryForm[offset];
161  if (aceType == AceType.AccessAllowedObject || aceType == AceType.AccessDeniedObject || aceType == AceType.SystemAuditObject || aceType == AceType.SystemAlarmObject)
162  {
163  isCallback = false;
164  }
165  else
166  {
167  if (aceType != AceType.AccessAllowedCallbackObject && aceType != AceType.AccessDeniedCallbackObject && aceType != AceType.SystemAuditCallbackObject && aceType != AceType.SystemAlarmCallbackObject)
168  {
169  goto IL_020d;
170  }
171  isCallback = true;
172  }
173  if (aceType == AceType.AccessAllowedObject || aceType == AceType.AccessAllowedCallbackObject)
174  {
175  qualifier = AceQualifier.AccessAllowed;
176  }
177  else if (aceType == AceType.AccessDeniedObject || aceType == AceType.AccessDeniedCallbackObject)
178  {
179  qualifier = AceQualifier.AccessDenied;
180  }
181  else if (aceType == AceType.SystemAuditObject || aceType == AceType.SystemAuditCallbackObject)
182  {
183  qualifier = AceQualifier.SystemAudit;
184  }
185  else
186  {
187  if (aceType != AceType.SystemAlarmObject && aceType != AceType.SystemAlarmCallbackObject)
188  {
189  goto IL_020d;
190  }
191  qualifier = AceQualifier.SystemAlarm;
192  }
193  int num = offset + 4;
194  int num2 = 0;
195  accessMask = binaryForm[num + 0] + (binaryForm[num + 1] << 8) + (binaryForm[num + 2] << 16) + (binaryForm[num + 3] << 24);
196  num2 += 4;
197  objectFlags = (ObjectAceFlags)(binaryForm[num + num2 + 0] + (binaryForm[num + num2 + 1] << 8) + (binaryForm[num + num2 + 2] << 16) + (binaryForm[num + num2 + 3] << 24));
198  num2 += 4;
199  if ((objectFlags & ObjectAceFlags.ObjectAceTypePresent) != 0)
200  {
201  for (int i = 0; i < 16; i++)
202  {
203  array[i] = binaryForm[num + num2 + i];
204  }
205  num2 += 16;
206  }
207  else
208  {
209  for (int j = 0; j < 16; j++)
210  {
211  array[j] = 0;
212  }
213  }
214  objectAceType = new Guid(array);
215  if ((objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent) != 0)
216  {
217  for (int k = 0; k < 16; k++)
218  {
219  array[k] = binaryForm[num + num2 + k];
220  }
221  num2 += 16;
222  }
223  else
224  {
225  for (int l = 0; l < 16; l++)
226  {
227  array[l] = 0;
228  }
229  }
230  inheritedObjectAceType = new Guid(array);
231  sid = new SecurityIdentifier(binaryForm, num + num2);
232  opaque = null;
233  int num3 = (binaryForm[offset + 3] << 8) + binaryForm[offset + 2];
234  if (num3 % 4 == 0)
235  {
236  int num4 = num3 - 4 - 4 - 4 - (byte)sid.BinaryLength;
237  if ((objectFlags & ObjectAceFlags.ObjectAceTypePresent) != 0)
238  {
239  num4 -= 16;
240  }
241  if ((objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent) != 0)
242  {
243  num4 -= 16;
244  }
245  if (num4 > 0)
246  {
247  opaque = new byte[num4];
248  for (int m = 0; m < num4; m++)
249  {
250  opaque[m] = binaryForm[offset + num3 - num4 + m];
251  }
252  }
253  return true;
254  }
255  }
256  goto IL_020d;
257  IL_020d:
258  qualifier = AceQualifier.AccessAllowed;
259  accessMask = 0;
260  sid = null;
261  objectFlags = ObjectAceFlags.None;
262  objectAceType = Guid.NewGuid();
263  inheritedObjectAceType = Guid.NewGuid();
264  isCallback = false;
265  opaque = null;
266  return false;
267  }
268 
272  public static int MaxOpaqueLength(bool isCallback)
273  {
274  return 65491 - SecurityIdentifier.MaxBinaryLength;
275  }
276 
282  public override void GetBinaryForm(byte[] binaryForm, int offset)
283  {
284  MarshalHeader(binaryForm, offset);
285  int num = offset + 4;
286  int num2 = 0;
287  binaryForm[num + 0] = (byte)base.AccessMask;
288  binaryForm[num + 1] = (byte)(base.AccessMask >> 8);
289  binaryForm[num + 2] = (byte)(base.AccessMask >> 16);
290  binaryForm[num + 3] = (byte)(base.AccessMask >> 24);
291  num2 += 4;
292  binaryForm[num + num2 + 0] = (byte)ObjectAceFlags;
293  binaryForm[num + num2 + 1] = (byte)((uint)ObjectAceFlags >> 8);
294  binaryForm[num + num2 + 2] = (byte)((uint)ObjectAceFlags >> 16);
295  binaryForm[num + num2 + 3] = (byte)((uint)ObjectAceFlags >> 24);
296  num2 += 4;
297  if ((ObjectAceFlags & ObjectAceFlags.ObjectAceTypePresent) != 0)
298  {
299  ObjectAceType.ToByteArray().CopyTo(binaryForm, num + num2);
300  num2 += 16;
301  }
302  if ((ObjectAceFlags & ObjectAceFlags.InheritedObjectAceTypePresent) != 0)
303  {
304  InheritedObjectAceType.ToByteArray().CopyTo(binaryForm, num + num2);
305  num2 += 16;
306  }
307  base.SecurityIdentifier.GetBinaryForm(binaryForm, num + num2);
308  num2 += base.SecurityIdentifier.BinaryLength;
309  if (GetOpaque() != null)
310  {
311  if (base.OpaqueLength > MaxOpaqueLengthInternal)
312  {
313  throw new SystemException();
314  }
315  GetOpaque().CopyTo(binaryForm, num + num2);
316  }
317  }
318  }
319 }
System.Security.AccessControl.GenericAce.AceType
AceType AceType
Gets the type of this Access Control Entry (ACE).
Definition: GenericAce.cs:18
System.Security.AccessControl.QualifiedAce.AceQualifier
AceQualifier AceQualifier
Gets a value that specifies whether the ACE allows access, denies access, causes system audits,...
Definition: QualifiedAce.cs:17
System.Security.AccessControl.ObjectAce.GetBinaryForm
override void GetBinaryForm(byte[] binaryForm, int offset)
Marshals the contents of the T:System.Security.AccessControl.ObjectAce object into the specified byte...
Definition: ObjectAce.cs:282
System.Security.AccessControl.ObjectAce.InheritedObjectAceType
Guid InheritedObjectAceType
Gets or sets the GUID of the object type that can inherit the Access Control Entry (ACE) that this T:...
Definition: ObjectAce.cs:51
System.SystemException
Serves as the base class for system exceptions namespace.
Definition: SystemException.cs:9
System.Security.AccessControl.ObjectAce.ObjectAceFlags
ObjectAceFlags ObjectAceFlags
Gets or sets flags that specify whether the P:System.Security.AccessControl.ObjectAce....
Definition: ObjectAce.cs:23
System.Security.AccessControl.ObjectAce.ObjectAce
ObjectAce(AceFlags aceFlags, AceQualifier qualifier, int accessMask, SecurityIdentifier sid, ObjectAceFlags flags, Guid type, Guid inheritedType, bool isCallback, byte[] opaque)
Initiates a new instance of the T:System.Security.AccessControl.ObjectAce class.
Definition: ObjectAce.cs:87
System
Definition: __Canon.cs:3
System.Security.AccessControl.AceType
AceType
Defines the available access control entry (ACE) types.
Definition: AceType.cs:4
System.Security.AccessControl.KnownAce.SecurityIdentifier
SecurityIdentifier SecurityIdentifier
Gets or sets the T:System.Security.Principal.SecurityIdentifier object associated with this T:System....
Definition: KnownAce.cs:31
System.Guid.ToByteArray
byte [] ToByteArray()
Returns a 16-element byte array that contains the value of this instance.
Definition: Guid.cs:940
System.Security.AccessControl.QualifiedAce.GetOpaque
byte [] GetOpaque()
Returns the opaque callback data associated with this T:System.Security.AccessControl....
Definition: QualifiedAce.cs:109
System.Guid
Represents a globally unique identifier (GUID).To browse the .NET Framework source code for this type...
Definition: Guid.cs:14
System.Security.AccessControl.ObjectAce.BinaryLength
override int?? BinaryLength
Gets the length, in bytes, of the binary representation of the current T:System.Security....
Definition: ObjectAce.cs:65
System.Security.Principal.SecurityIdentifier.MaxBinaryLength
static readonly int MaxBinaryLength
Returns the maximum size, in bytes, of the binary representation of the security identifier.
Definition: SecurityIdentifier.cs:22
System.Security.AccessControl.ObjectAce.MaxOpaqueLength
static int MaxOpaqueLength(bool isCallback)
Returns the maximum allowed length, in bytes, of an opaque data BLOB for callback Access Control Entr...
Definition: ObjectAce.cs:272
System.Security.AccessControl.ObjectAce.ObjectAceType
Guid ObjectAceType
Gets or sets the GUID of the object type associated with this T:System.Security.AccessControl....
Definition: ObjectAce.cs:37
System.Guid.Equals
override bool Equals(object o)
Returns a value that indicates whether this instance is equal to a specified object.
Definition: Guid.cs:986
System.Security.AccessControl.QualifiedAce
Represents an Access Control Entry (ACE) that contains a qualifier. The qualifier,...
Definition: QualifiedAce.cs:7
System.Security.AccessControl.ObjectAce
Controls access to Directory Services objects. This class represents an Access Control Entry (ACE) as...
Definition: ObjectAce.cs:6
System.Security.AccessControl.AceFlags
AceFlags
Specifies the inheritance and auditing behavior of an access control entry (ACE).
Definition: AceFlags.cs:5
System.Security.AccessControl.AceQualifier
AceQualifier
Specifies the function of an access control entry (ACE).
Definition: AceQualifier.cs:4
System.Security.Principal.SecurityIdentifier
Represents a security identifier (SID) and provides marshaling and comparison operations for SIDs.
Definition: SecurityIdentifier.cs:12
System.Security.AccessControl.ObjectAceFlags
ObjectAceFlags
Specifies the presence of object types for Access Control Entries (ACEs).
Definition: ObjectAceFlags.cs:5
System.Security.Principal.SecurityIdentifier.MinBinaryLength
static readonly int MinBinaryLength
Returns the minimum size, in bytes, of the binary representation of the security identifier.
Definition: SecurityIdentifier.cs:19