mscorlib(4.0.0.0) API with additions
ObjectSecurity.cs
6 using System.Threading;
7 
9 {
11  public abstract class ObjectSecurity
12  {
13  private readonly ReaderWriterLock _lock = new ReaderWriterLock();
14 
15  internal CommonSecurityDescriptor _securityDescriptor;
16 
17  private bool _ownerModified;
18 
19  private bool _groupModified;
20 
21  private bool _saclModified;
22 
23  private bool _daclModified;
24 
25  private static readonly ControlFlags SACL_CONTROL_FLAGS = ControlFlags.SystemAclPresent | ControlFlags.SystemAclAutoInherited | ControlFlags.SystemAclProtected;
26 
27  private static readonly ControlFlags DACL_CONTROL_FLAGS = ControlFlags.DiscretionaryAclPresent | ControlFlags.DiscretionaryAclAutoInherited | ControlFlags.DiscretionaryAclProtected;
28 
32  protected bool OwnerModified
33  {
34  get
35  {
36  if (!_lock.IsReaderLockHeld && !_lock.IsWriterLockHeld)
37  {
38  throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_MustLockForReadOrWrite"));
39  }
40  return _ownerModified;
41  }
42  set
43  {
44  if (!_lock.IsWriterLockHeld)
45  {
46  throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_MustLockForWrite"));
47  }
48  _ownerModified = value;
49  }
50  }
51 
55  protected bool GroupModified
56  {
57  get
58  {
59  if (!_lock.IsReaderLockHeld && !_lock.IsWriterLockHeld)
60  {
61  throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_MustLockForReadOrWrite"));
62  }
63  return _groupModified;
64  }
65  set
66  {
67  if (!_lock.IsWriterLockHeld)
68  {
69  throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_MustLockForWrite"));
70  }
71  _groupModified = value;
72  }
73  }
74 
78  protected bool AuditRulesModified
79  {
80  get
81  {
82  if (!_lock.IsReaderLockHeld && !_lock.IsWriterLockHeld)
83  {
84  throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_MustLockForReadOrWrite"));
85  }
86  return _saclModified;
87  }
88  set
89  {
90  if (!_lock.IsWriterLockHeld)
91  {
92  throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_MustLockForWrite"));
93  }
94  _saclModified = value;
95  }
96  }
97 
101  protected bool AccessRulesModified
102  {
103  get
104  {
105  if (!_lock.IsReaderLockHeld && !_lock.IsWriterLockHeld)
106  {
107  throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_MustLockForReadOrWrite"));
108  }
109  return _daclModified;
110  }
111  set
112  {
113  if (!_lock.IsWriterLockHeld)
114  {
115  throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_MustLockForWrite"));
116  }
117  _daclModified = value;
118  }
119  }
120 
124  protected bool IsContainer => _securityDescriptor.IsContainer;
125 
129  protected bool IsDS => _securityDescriptor.IsDS;
130 
134  public bool AreAccessRulesProtected
135  {
136  get
137  {
138  ReadLock();
139  try
140  {
141  return (_securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclProtected) != ControlFlags.None;
142  }
143  finally
144  {
145  ReadUnlock();
146  }
147  }
148  }
149 
153  public bool AreAuditRulesProtected
154  {
155  get
156  {
157  ReadLock();
158  try
159  {
160  return (_securityDescriptor.ControlFlags & ControlFlags.SystemAclProtected) != ControlFlags.None;
161  }
162  finally
163  {
164  ReadUnlock();
165  }
166  }
167  }
168 
172  public bool AreAccessRulesCanonical
173  {
174  get
175  {
176  ReadLock();
177  try
178  {
179  return _securityDescriptor.IsDiscretionaryAclCanonical;
180  }
181  finally
182  {
183  ReadUnlock();
184  }
185  }
186  }
187 
191  public bool AreAuditRulesCanonical
192  {
193  get
194  {
195  ReadLock();
196  try
197  {
198  return _securityDescriptor.IsSystemAclCanonical;
199  }
200  finally
201  {
202  ReadUnlock();
203  }
204  }
205  }
206 
209  public abstract Type AccessRightType
210  {
211  get;
212  }
213 
216  public abstract Type AccessRuleType
217  {
218  get;
219  }
220 
223  public abstract Type AuditRuleType
224  {
225  get;
226  }
227 
229  protected ObjectSecurity()
230  {
231  }
232 
237  protected ObjectSecurity(bool isContainer, bool isDS)
238  : this()
239  {
240  DiscretionaryAcl discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, 5);
241  _securityDescriptor = new CommonSecurityDescriptor(isContainer, isDS, ControlFlags.None, null, null, null, discretionaryAcl);
242  }
243 
246  protected ObjectSecurity(CommonSecurityDescriptor securityDescriptor)
247  : this()
248  {
249  if (securityDescriptor == null)
250  {
251  throw new ArgumentNullException("securityDescriptor");
252  }
253  _securityDescriptor = securityDescriptor;
254  }
255 
256  private void UpdateWithNewSecurityDescriptor(RawSecurityDescriptor newOne, AccessControlSections includeSections)
257  {
258  if ((includeSections & AccessControlSections.Owner) != 0)
259  {
260  _ownerModified = true;
261  _securityDescriptor.Owner = newOne.Owner;
262  }
263  if ((includeSections & AccessControlSections.Group) != 0)
264  {
265  _groupModified = true;
266  _securityDescriptor.Group = newOne.Group;
267  }
268  if ((includeSections & AccessControlSections.Audit) != 0)
269  {
270  _saclModified = true;
271  if (newOne.SystemAcl != null)
272  {
273  _securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, newOne.SystemAcl, trusted: true);
274  }
275  else
276  {
277  _securityDescriptor.SystemAcl = null;
278  }
279  _securityDescriptor.UpdateControlFlags(SACL_CONTROL_FLAGS, newOne.ControlFlags & SACL_CONTROL_FLAGS);
280  }
281  if ((includeSections & AccessControlSections.Access) != 0)
282  {
283  _daclModified = true;
284  if (newOne.DiscretionaryAcl != null)
285  {
286  _securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, newOne.DiscretionaryAcl, trusted: true);
287  }
288  else
289  {
290  _securityDescriptor.DiscretionaryAcl = null;
291  }
292  ControlFlags controlFlags = _securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent;
293  _securityDescriptor.UpdateControlFlags(DACL_CONTROL_FLAGS, (newOne.ControlFlags | controlFlags) & DACL_CONTROL_FLAGS);
294  }
295  }
296 
298  protected void ReadLock()
299  {
300  _lock.AcquireReaderLock(-1);
301  }
302 
304  protected void ReadUnlock()
305  {
306  _lock.ReleaseReaderLock();
307  }
308 
310  protected void WriteLock()
311  {
312  _lock.AcquireWriterLock(-1);
313  }
314 
316  protected void WriteUnlock()
317  {
318  _lock.ReleaseWriterLock();
319  }
320 
324  protected virtual void Persist(string name, AccessControlSections includeSections)
325  {
326  throw new NotImplementedException();
327  }
328 
334  [SecuritySafeCritical]
335  [HandleProcessCorruptedStateExceptions]
336  protected virtual void Persist(bool enableOwnershipPrivilege, string name, AccessControlSections includeSections)
337  {
338  Privilege privilege = null;
340  try
341  {
342  if (enableOwnershipPrivilege)
343  {
344  privilege = new Privilege("SeTakeOwnershipPrivilege");
345  try
346  {
347  privilege.Enable();
348  }
350  {
351  }
352  }
353  Persist(name, includeSections);
354  }
355  catch
356  {
357  privilege?.Revert();
358  throw;
359  }
360  finally
361  {
362  privilege?.Revert();
363  }
364  }
365 
369  [SecuritySafeCritical]
370  protected virtual void Persist(SafeHandle handle, AccessControlSections includeSections)
371  {
372  throw new NotImplementedException();
373  }
374 
384  public IdentityReference GetOwner(Type targetType)
385  {
386  ReadLock();
387  try
388  {
389  if (_securityDescriptor.Owner == null)
390  {
391  return null;
392  }
393  return _securityDescriptor.Owner.Translate(targetType);
394  }
395  finally
396  {
397  ReadUnlock();
398  }
399  }
400 
403  public void SetOwner(IdentityReference identity)
404  {
405  if (identity == null)
406  {
407  throw new ArgumentNullException("identity");
408  }
409  WriteLock();
410  try
411  {
412  _securityDescriptor.Owner = (identity.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier);
413  _ownerModified = true;
414  }
415  finally
416  {
417  WriteUnlock();
418  }
419  }
420 
424  public IdentityReference GetGroup(Type targetType)
425  {
426  ReadLock();
427  try
428  {
429  if (_securityDescriptor.Group == null)
430  {
431  return null;
432  }
433  return _securityDescriptor.Group.Translate(targetType);
434  }
435  finally
436  {
437  ReadUnlock();
438  }
439  }
440 
443  public void SetGroup(IdentityReference identity)
444  {
445  if (identity == null)
446  {
447  throw new ArgumentNullException("identity");
448  }
449  WriteLock();
450  try
451  {
452  _securityDescriptor.Group = (identity.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier);
453  _groupModified = true;
454  }
455  finally
456  {
457  WriteUnlock();
458  }
459  }
460 
464  public virtual void PurgeAccessRules(IdentityReference identity)
465  {
466  if (identity == null)
467  {
468  throw new ArgumentNullException("identity");
469  }
470  WriteLock();
471  try
472  {
473  _securityDescriptor.PurgeAccessControl(identity.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier);
474  _daclModified = true;
475  }
476  finally
477  {
478  WriteUnlock();
479  }
480  }
481 
485  public virtual void PurgeAuditRules(IdentityReference identity)
486  {
487  if (identity == null)
488  {
489  throw new ArgumentNullException("identity");
490  }
491  WriteLock();
492  try
493  {
494  _securityDescriptor.PurgeAudit(identity.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier);
495  _saclModified = true;
496  }
497  finally
498  {
499  WriteUnlock();
500  }
501  }
502 
509  public void SetAccessRuleProtection(bool isProtected, bool preserveInheritance)
510  {
511  WriteLock();
512  try
513  {
514  _securityDescriptor.SetDiscretionaryAclProtection(isProtected, preserveInheritance);
515  _daclModified = true;
516  }
517  finally
518  {
519  WriteUnlock();
520  }
521  }
522 
529  public void SetAuditRuleProtection(bool isProtected, bool preserveInheritance)
530  {
531  WriteLock();
532  try
533  {
534  _securityDescriptor.SetSystemAclProtection(isProtected, preserveInheritance);
535  _saclModified = true;
536  }
537  finally
538  {
539  WriteUnlock();
540  }
541  }
542 
546  public static bool IsSddlConversionSupported()
547  {
548  return true;
549  }
550 
555  {
556  ReadLock();
557  try
558  {
559  return _securityDescriptor.GetSddlForm(includeSections);
560  }
561  finally
562  {
563  ReadUnlock();
564  }
565  }
566 
569  public void SetSecurityDescriptorSddlForm(string sddlForm)
570  {
572  }
573 
577  public void SetSecurityDescriptorSddlForm(string sddlForm, AccessControlSections includeSections)
578  {
579  if (sddlForm == null)
580  {
581  throw new ArgumentNullException("sddlForm");
582  }
583  if ((includeSections & AccessControlSections.All) == AccessControlSections.None)
584  {
585  throw new ArgumentException(Environment.GetResourceString("Arg_EnumAtLeastOneFlag"), "includeSections");
586  }
587  WriteLock();
588  try
589  {
590  UpdateWithNewSecurityDescriptor(new RawSecurityDescriptor(sddlForm), includeSections);
591  }
592  finally
593  {
594  WriteUnlock();
595  }
596  }
597 
601  {
602  ReadLock();
603  try
604  {
605  byte[] array = new byte[_securityDescriptor.BinaryLength];
606  _securityDescriptor.GetBinaryForm(array, 0);
607  return array;
608  }
609  finally
610  {
611  ReadUnlock();
612  }
613  }
614 
617  public void SetSecurityDescriptorBinaryForm(byte[] binaryForm)
618  {
620  }
621 
625  public void SetSecurityDescriptorBinaryForm(byte[] binaryForm, AccessControlSections includeSections)
626  {
627  if (binaryForm == null)
628  {
629  throw new ArgumentNullException("binaryForm");
630  }
631  if ((includeSections & AccessControlSections.All) == AccessControlSections.None)
632  {
633  throw new ArgumentException(Environment.GetResourceString("Arg_EnumAtLeastOneFlag"), "includeSections");
634  }
635  WriteLock();
636  try
637  {
638  UpdateWithNewSecurityDescriptor(new RawSecurityDescriptor(binaryForm, 0), includeSections);
639  }
640  finally
641  {
642  WriteUnlock();
643  }
644  }
645 
653  protected abstract bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified);
654 
662  protected abstract bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified);
663 
671  public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
672  {
673  if (rule == null)
674  {
675  throw new ArgumentNullException("rule");
676  }
677  if (!AccessRuleType.IsAssignableFrom(rule.GetType()))
678  {
679  throw new ArgumentException(Environment.GetResourceString("AccessControl_InvalidAccessRuleType"), "rule");
680  }
681  WriteLock();
682  try
683  {
684  return ModifyAccess(modification, rule, out modified);
685  }
686  finally
687  {
688  WriteUnlock();
689  }
690  }
691 
699  public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified)
700  {
701  if (rule == null)
702  {
703  throw new ArgumentNullException("rule");
704  }
705  if (!AuditRuleType.IsAssignableFrom(rule.GetType()))
706  {
707  throw new ArgumentException(Environment.GetResourceString("AccessControl_InvalidAuditRuleType"), "rule");
708  }
709  WriteLock();
710  try
711  {
712  return ModifyAudit(modification, rule, out modified);
713  }
714  finally
715  {
716  WriteUnlock();
717  }
718  }
719 
728  public abstract AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type);
729 
739  public abstract AuditRule AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags);
740  }
743  public abstract class ObjectSecurity<T> : NativeObjectSecurity where T : struct
744  {
747  public override Type AccessRightType => typeof(T);
748 
751  public override Type AccessRuleType => typeof(AccessRule<T>);
752 
755  public override Type AuditRuleType => typeof(AuditRule<T>);
756 
761  protected ObjectSecurity(bool isContainer, ResourceType resourceType)
762  : base(isContainer, resourceType, null, null)
763  {
764  }
765 
772  protected ObjectSecurity(bool isContainer, ResourceType resourceType, string name, AccessControlSections includeSections)
773  : base(isContainer, resourceType, name, includeSections, null, null)
774  {
775  }
776 
785  protected ObjectSecurity(bool isContainer, ResourceType resourceType, string name, AccessControlSections includeSections, ExceptionFromErrorCode exceptionFromErrorCode, object exceptionContext)
786  : base(isContainer, resourceType, name, includeSections, exceptionFromErrorCode, exceptionContext)
787  {
788  }
789 
796  [SecuritySafeCritical]
797  protected ObjectSecurity(bool isContainer, ResourceType resourceType, SafeHandle safeHandle, AccessControlSections includeSections)
798  : base(isContainer, resourceType, safeHandle, includeSections, null, null)
799  {
800  }
801 
810  [SecuritySafeCritical]
811  protected ObjectSecurity(bool isContainer, ResourceType resourceType, SafeHandle safeHandle, AccessControlSections includeSections, ExceptionFromErrorCode exceptionFromErrorCode, object exceptionContext)
812  : base(isContainer, resourceType, safeHandle, includeSections, exceptionFromErrorCode, exceptionContext)
813  {
814  }
815 
826  public override AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
827  {
828  return new AccessRule<T>(identityReference, accessMask, isInherited, inheritanceFlags, propagationFlags, type);
829  }
830 
840  public override AuditRule AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
841  {
842  return new AuditRule<T>(identityReference, accessMask, isInherited, inheritanceFlags, propagationFlags, flags);
843  }
844 
845  private AccessControlSections GetAccessControlSectionsFromChanges()
846  {
847  AccessControlSections accessControlSections = AccessControlSections.None;
848  if (base.AccessRulesModified)
849  {
850  accessControlSections = AccessControlSections.Access;
851  }
852  if (base.AuditRulesModified)
853  {
854  accessControlSections |= AccessControlSections.Audit;
855  }
856  if (base.OwnerModified)
857  {
858  accessControlSections |= AccessControlSections.Owner;
859  }
860  if (base.GroupModified)
861  {
862  accessControlSections |= AccessControlSections.Group;
863  }
864  return accessControlSections;
865  }
866 
869  [SecuritySafeCritical]
870  [SecurityPermission(SecurityAction.Assert, UnmanagedCode = true)]
871  protected internal void Persist(SafeHandle handle)
872  {
873  WriteLock();
874  try
875  {
876  AccessControlSections accessControlSectionsFromChanges = GetAccessControlSectionsFromChanges();
877  Persist(handle, accessControlSectionsFromChanges);
878  bool flag2 = base.AccessRulesModified = false;
879  bool flag4 = base.AuditRulesModified = flag2;
880  bool ownerModified = base.GroupModified = flag4;
881  base.OwnerModified = ownerModified;
882  }
883  finally
884  {
885  WriteUnlock();
886  }
887  }
888 
891  [SecuritySafeCritical]
892  [SecurityPermission(SecurityAction.Assert, UnmanagedCode = true)]
893  protected internal void Persist(string name)
894  {
895  WriteLock();
896  try
897  {
898  AccessControlSections accessControlSectionsFromChanges = GetAccessControlSectionsFromChanges();
899  Persist(name, accessControlSectionsFromChanges);
900  bool flag2 = base.AccessRulesModified = false;
901  bool flag4 = base.AuditRulesModified = flag2;
902  bool ownerModified = base.GroupModified = flag4;
903  base.OwnerModified = ownerModified;
904  }
905  finally
906  {
907  WriteUnlock();
908  }
909  }
910 
913  public virtual void AddAccessRule(AccessRule<T> rule)
914  {
915  AddAccessRule((AccessRule)rule);
916  }
917 
920  public virtual void SetAccessRule(AccessRule<T> rule)
921  {
922  SetAccessRule((AccessRule)rule);
923  }
924 
927  public virtual void ResetAccessRule(AccessRule<T> rule)
928  {
930  }
931 
935  public virtual bool RemoveAccessRule(AccessRule<T> rule)
936  {
937  return RemoveAccessRule((AccessRule)rule);
938  }
939 
942  public virtual void RemoveAccessRuleAll(AccessRule<T> rule)
943  {
945  }
946 
949  public virtual void RemoveAccessRuleSpecific(AccessRule<T> rule)
950  {
952  }
953 
956  public virtual void AddAuditRule(AuditRule<T> rule)
957  {
958  AddAuditRule((AuditRule)rule);
959  }
960 
963  public virtual void SetAuditRule(AuditRule<T> rule)
964  {
965  SetAuditRule((AuditRule)rule);
966  }
967 
971  public virtual bool RemoveAuditRule(AuditRule<T> rule)
972  {
973  return RemoveAuditRule((AuditRule)rule);
974  }
975 
978  public virtual void RemoveAuditRuleAll(AuditRule<T> rule)
979  {
981  }
982 
985  public virtual void RemoveAuditRuleSpecific(AuditRule<T> rule)
986  {
988  }
989  }
990 }
abstract bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
Applies the specified modification to the System Access Control List (SACL) associated with this T:Sy...
void SetSecurityDescriptorBinaryForm(byte[] binaryForm)
Sets the security descriptor for this T:System.Security.AccessControl.ObjectSecurity object from the ...
ObjectSecurity(bool isContainer, ResourceType resourceType, SafeHandle safeHandle, AccessControlSections includeSections, ExceptionFromErrorCode exceptionFromErrorCode, object exceptionContext)
Initializes a new instance of the ObjectSecurity`1 class.
The exception that is thrown when a null reference (Nothing in Visual Basic) is passed to a method th...
PropagationFlags
Specifies how Access Control Entries (ACEs) are propagated to child objects. These flags are signific...
Describes a set of security permissions applied to code. This class cannot be inherited.
Provides the ability to control access to objects without direct manipulation of Access Control Lists...
override ControlFlags ControlFlags
Gets values that specify behavior of the T:System.Security.AccessControl.RawSecurityDescriptor object...
void SetDiscretionaryAclProtection(bool isProtected, bool preserveInheritance)
Sets the inheritance protection for the Discretionary Access Control List (DACL) associated with this...
void GetBinaryForm(byte[] binaryForm, int offset)
Returns an array of byte values that represents the information contained in this T:System....
virtual void PurgeAuditRules(IdentityReference identity)
Removes all audit rules associated with the specified T:System.Security.Principal....
Represents an identity and is the base class for the T:System.Security.Principal.NTAccount and T:Syst...
Represents a security descriptor. A security descriptor includes an owner, a primary group,...
SystemAcl?? SystemAcl
Gets or sets the System Access Control List (SACL) for this T:System.Security.AccessControl....
IdentityReference GetGroup(Type targetType)
Gets the primary group associated with the specified owner.
void SetGroup(IdentityReference identity)
Sets the primary group for the security descriptor associated with this T:System.Security....
ObjectSecurity(bool isContainer, ResourceType resourceType, string name, AccessControlSections includeSections)
Initializes a new instance of the ObjectSecurity`1 class.
bool IsDiscretionaryAclCanonical
Gets a Boolean value that specifies whether the Discretionary Access Control List (DACL) associated w...
Represents a combination of a user's identity, an access mask, and an access control type (allow or d...
Definition: AccessRule.cs:7
Definition: __Canon.cs:3
void SetSecurityDescriptorBinaryForm(byte[] binaryForm, AccessControlSections includeSections)
Sets the specified sections of the security descriptor for this T:System.Security....
virtual bool RemoveAuditRule(AuditRule< T > rule)
Removes audit rules that contain the same security identifier and access mask as the specified audit ...
virtual void Persist(string name, AccessControlSections includeSections)
Saves the specified sections of the security descriptor associated with this T:System....
abstract Type AuditRuleType
Gets the T:System.Type object associated with the audit rules of this T:System.Security....
override ControlFlags ControlFlags
Gets values that specify behavior of the T:System.Security.AccessControl.CommonSecurityDescriptor obj...
void WriteUnlock()
Unlocks this T:System.Security.AccessControl.ObjectSecurity object for write access.
virtual void AddAuditRule(AuditRule< T > rule)
Adds the specified audit rule to the System Access Control List (SACL) associated with this ObjectSec...
virtual bool RemoveAccessRule(AccessRule< T > rule)
Removes access rules that contain the same security identifier and access mask as the specified acces...
override SecurityIdentifier Group
Gets or sets the primary group for this T:System.Security.AccessControl.RawSecurityDescriptor object.
override AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
Initializes a new instance of the ObjectAccessRule class that represents a new access control rule fo...
virtual void RemoveAccessRuleSpecific(AccessRule< T > rule)
Removes all access rules that exactly match the specified access rule from the Discretionary Access C...
ObjectSecurity(bool isContainer, ResourceType resourceType, string name, AccessControlSections includeSections, ExceptionFromErrorCode exceptionFromErrorCode, object exceptionContext)
Initializes a new instance of the ObjectSecurity`1 class.
void PurgeAudit(SecurityIdentifier sid)
Removes all audit rules for the specified security identifier from the System Access Control List (SA...
void SetAccessRuleProtection(bool isProtected, bool preserveInheritance)
Sets or removes protection of the access rules associated with this T:System.Security....
virtual void RemoveAccessRuleAll(AccessRule< T > rule)
Removes all access rules that have the same security identifier as the specified access rule from the...
Defines a lock that supports single writers and multiple readers.
void PurgeAccessControl(SecurityIdentifier sid)
Removes all access rules for the specified security identifier from the Discretionary Access Control ...
ObjectSecurity(CommonSecurityDescriptor securityDescriptor)
Initializes a new instance of the T:System.Security.AccessControl.ObjectSecurity class.
Represents a wrapper class for operating system handles. This class must be inherited.
Definition: SafeHandle.cs:12
DiscretionaryAcl?? DiscretionaryAcl
Gets or sets the discretionary access control list (DACL) for this T:System.Security....
void SetSecurityDescriptorSddlForm(string sddlForm)
Sets the security descriptor for this T:System.Security.AccessControl.ObjectSecurity object from the ...
override SecurityIdentifier Owner
Gets or sets the owner of the object associated with this T:System.Security.AccessControl....
Provides the ability to control access to native objects without direct manipulation of Access Contro...
SecurityAction
Specifies the security actions that can be performed using declarative security.
Provides information about, and means to manipulate, the current environment and platform....
Definition: Environment.cs:21
internal void Persist(SafeHandle handle)
Saves the security descriptor associated with this ObjectSecurity1 object to permanent storage,...
Represents a security descriptor. A security descriptor includes an owner, a primary group,...
Represents a combination of a user’s identity and an access mask.
Definition: AuditRule.cs:7
void SetSecurityDescriptorSddlForm(string sddlForm, AccessControlSections includeSections)
Sets the specified sections of the security descriptor for this T:System.Security....
virtual void Persist(bool enableOwnershipPrivilege, string name, AccessControlSections includeSections)
Saves the specified sections of the security descriptor associated with this T:System....
RawAcl SystemAcl
Gets or sets the System Access Control List (SACL) for this T:System.Security.AccessControl....
virtual void RemoveAuditRuleSpecific(AuditRule< T > rule)
Removes all audit rules that exactly match the specified audit rule from the System Access Control Li...
ControlFlags
These flags affect the security descriptor behavior.
Definition: ControlFlags.cs:5
abstract Type AccessRightType
Gets the T:System.Type of the securable object associated with this T:System.Security....
string GetSddlForm(AccessControlSections includeSections)
Returns the Security Descriptor Definition Language (SDDL) representation of the specified sections o...
virtual void ResetAccessRule(AccessRule< T > rule)
Removes all access rules in the Discretionary Access Control List (DACL) associated with this ObjectS...
void SetSystemAclProtection(bool isProtected, bool preserveInheritance)
Sets the inheritance protection for the System Access Control List (SACL) associated with this T:Syst...
static void PrepareConstrainedRegions()
Designates a body of code as a constrained execution region (CER).
bool IsDS
Gets a Boolean value that specifies whether this T:System.Security.AccessControl.ObjectSecurity objec...
abstract Type AccessRuleType
Gets the T:System.Type of the object associated with the access rules of this T:System....
Represents type declarations: class types, interface types, array types, value types,...
Definition: Type.cs:18
string GetSecurityDescriptorSddlForm(AccessControlSections includeSections)
Returns the Security Descriptor Definition Language (SDDL) representation of the specified sections o...
virtual void SetAuditRule(AuditRule< T > rule)
Removes all audit rules that contain the same security identifier and qualifier as the specified audi...
ResourceType
Specifies the defined native object types.
Definition: ResourceType.cs:4
ObjectSecurity(bool isContainer, ResourceType resourceType)
Initializes a new instance of the ObjectSecurity`1 class.
abstract IdentityReference Translate(Type targetType)
Translates the account name represented by the T:System.Security.Principal.IdentityReference object i...
override SecurityIdentifier Owner
Gets or sets the owner of the object associated with this T:System.Security.AccessControl....
void ReadUnlock()
Unlocks this T:System.Security.AccessControl.ObjectSecurity object for read access.
byte [] GetSecurityDescriptorBinaryForm()
Returns an array of byte values that represents the security descriptor information for this T:System...
AccessControlType
Specifies whether an T:System.Security.AccessControl.AccessRule object is used to allow or deny acces...
Specifies the discretionary access control list (DACL).
ObjectSecurity(bool isContainer, ResourceType resourceType, SafeHandle safeHandle, AccessControlSections includeSections)
Initializes a new instance of the ObjectSecurity`1 class.
abstract bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
Applies the specified modification to the Discretionary Access Control List (DACL) associated with th...
The exception that is thrown when one of the arguments provided to a method is not valid.
void ReadLock()
Locks this T:System.Security.AccessControl.ObjectSecurity object for read access.
RawAcl DiscretionaryAcl
Gets or sets the Discretionary Access Control List (DACL) for this T:System.Security....
bool IsDS
Gets a Boolean value that specifies whether the object associated with this T:System....
void WriteLock()
Locks this T:System.Security.AccessControl.ObjectSecurity object for write access.
virtual void AddAccessRule(AccessRule< T > rule)
Adds the specified access rule to the Discretionary Access Control List (DACL) associated with this O...
virtual void SetAccessRule(AccessRule< T > rule)
Removes all access rules that contain the same security identifier and qualifier as the specified acc...
bool IsContainer
Gets a Boolean value that specifies whether this T:System.Security.AccessControl.ObjectSecurity objec...
override AuditRule AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
Initializes a new instance of the T:System.Security.AccessControl.AuditRule class representing the sp...
AccessControlModification
Specifies the type of access control modification to perform. This enumeration is used by methods of ...
bool IsSystemAclCanonical
Gets a Boolean value that specifies whether the System Access Control List (SACL) associated with thi...
Represents a security identifier (SID) and provides marshaling and comparison operations for SIDs.
ObjectSecurity(bool isContainer, bool isDS)
Initializes a new instance of the T:System.Security.AccessControl.ObjectSecurity class.
virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified)
Applies the specified modification to the System Access Control List (SACL) associated with this T:Sy...
ObjectSecurity()
Initializes a new instance of the T:System.Security.AccessControl.ObjectSecurity class.
Specifies the system access control list (SACL).
IdentityReference GetOwner(Type targetType)
Gets the owner associated with the specified primary group.
The exception that is thrown when a method call is invalid for the object's current state.
override SecurityIdentifier Group
Gets or sets the primary group for this T:System.Security.AccessControl.CommonSecurityDescriptor obje...
Represents a Discretionary Access Control List (DACL).
virtual void Persist(SafeHandle handle, AccessControlSections includeSections)
Saves the specified sections of the security descriptor associated with this T:System....
virtual void RemoveAuditRuleAll(AuditRule< T > rule)
Removes all audit rules that have the same security identifier as the specified audit rule from the S...
static bool IsSddlConversionSupported()
Returns a Boolean value that specifies whether the security descriptor associated with this T:System....
The exception that is thrown when a method in the N:System.Security.AccessControl namespace attempts ...
int BinaryLength
Gets the length, in bytes, of the binary representation of the current T:System.Security....
InheritanceFlags
Inheritance flags specify the semantics of inheritance for access control entries (ACEs).
virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
Applies the specified modification to the Discretionary Access Control List (DACL) associated with th...
void SetAuditRuleProtection(bool isProtected, bool preserveInheritance)
Sets or removes protection of the audit rules associated with this T:System.Security....
AccessControlSections
Specifies which sections of a security descriptor to save or load.
virtual void PurgeAccessRules(IdentityReference identity)
Removes all access rules associated with the specified T:System.Security.Principal....
The exception that is thrown when a requested method or operation is not implemented.
void SetOwner(IdentityReference identity)
Sets the owner for the security descriptor associated with this T:System.Security....
bool AreAccessRulesProtected
Gets a Boolean value that specifies whether the Discretionary Access Control List (DACL) associated w...
virtual bool IsAssignableFrom(Type c)
Determines whether an instance of a specified type can be assigned to an instance of the current type...
Definition: Type.cs:2707
internal void Persist(string name)
Saves the security descriptor associated with this ObjectSecurity1 object to permanent storage,...
Provides a set of static methods and properties that provide support for compilers....
override IdentityReference Translate(Type targetType)
Translates the account name represented by the T:System.Security.Principal.SecurityIdentifier object ...
AuditFlags
Specifies the conditions for auditing attempts to access a securable object.
Definition: AuditFlags.cs:5
bool IsContainer
Gets a Boolean value that specifies whether the object associated with this T:System....