17 private bool _ownerModified;
19 private bool _groupModified;
21 private bool _saclModified;
23 private bool _daclModified;
32 protected bool OwnerModified
36 if (!_lock.IsReaderLockHeld && !_lock.IsWriterLockHeld)
40 return _ownerModified;
44 if (!_lock.IsWriterLockHeld)
48 _ownerModified = value;
55 protected bool GroupModified
59 if (!_lock.IsReaderLockHeld && !_lock.IsWriterLockHeld)
63 return _groupModified;
67 if (!_lock.IsWriterLockHeld)
71 _groupModified = value;
78 protected bool AuditRulesModified
82 if (!_lock.IsReaderLockHeld && !_lock.IsWriterLockHeld)
90 if (!_lock.IsWriterLockHeld)
94 _saclModified = value;
101 protected bool AccessRulesModified
105 if (!_lock.IsReaderLockHeld && !_lock.IsWriterLockHeld)
109 return _daclModified;
113 if (!_lock.IsWriterLockHeld)
117 _daclModified = value;
153 public bool AreAuditRulesProtected
172 public bool AreAccessRulesCanonical
191 public bool AreAuditRulesCanonical
209 public abstract Type AccessRightType
216 public abstract Type AccessRuleType
223 public abstract Type AuditRuleType
249 if (securityDescriptor ==
null)
253 _securityDescriptor = securityDescriptor;
260 _ownerModified =
true;
265 _groupModified =
true;
270 _saclModified =
true;
279 _securityDescriptor.UpdateControlFlags(SACL_CONTROL_FLAGS, newOne.
ControlFlags & SACL_CONTROL_FLAGS);
283 _daclModified =
true;
293 _securityDescriptor.UpdateControlFlags(DACL_CONTROL_FLAGS, (newOne.
ControlFlags | controlFlags) & DACL_CONTROL_FLAGS);
300 _lock.AcquireReaderLock(-1);
306 _lock.ReleaseReaderLock();
312 _lock.AcquireWriterLock(-1);
318 _lock.ReleaseWriterLock();
334 [SecuritySafeCritical]
335 [HandleProcessCorruptedStateExceptions]
338 Privilege privilege =
null;
342 if (enableOwnershipPrivilege)
344 privilege =
new Privilege(
"SeTakeOwnershipPrivilege");
353 Persist(name, includeSections);
369 [SecuritySafeCritical]
389 if (_securityDescriptor.
Owner ==
null)
405 if (identity ==
null)
413 _ownerModified =
true;
429 if (_securityDescriptor.
Group ==
null)
445 if (identity ==
null)
453 _groupModified =
true;
466 if (identity ==
null)
474 _daclModified =
true;
487 if (identity ==
null)
495 _saclModified =
true;
515 _daclModified =
true;
535 _saclModified =
true;
559 return _securityDescriptor.
GetSddlForm(includeSections);
579 if (sddlForm ==
null)
605 byte[] array =
new byte[_securityDescriptor.
BinaryLength];
627 if (binaryForm ==
null)
712 return ModifyAudit(modification, rule, out modified);
762 : base(isContainer, resourceType, null, null)
773 : base(isContainer, resourceType, name, includeSections, null, null)
786 : base(isContainer, resourceType, name, includeSections, exceptionFromErrorCode, exceptionContext)
796 [SecuritySafeCritical]
798 : base(isContainer, resourceType, safeHandle, includeSections, null, null)
810 [SecuritySafeCritical]
812 : base(isContainer, resourceType, safeHandle, includeSections, exceptionFromErrorCode, exceptionContext)
828 return new AccessRule<T>(identityReference, accessMask, isInherited, inheritanceFlags, propagationFlags, type);
842 return new AuditRule<T>(identityReference, accessMask, isInherited, inheritanceFlags, propagationFlags, flags);
848 if (base.AccessRulesModified)
852 if (base.AuditRulesModified)
856 if (base.OwnerModified)
860 if (base.GroupModified)
864 return accessControlSections;
869 [SecuritySafeCritical]
877 Persist(handle, accessControlSectionsFromChanges);
878 bool flag2 = base.AccessRulesModified =
false;
879 bool flag4 = base.AuditRulesModified = flag2;
880 bool ownerModified = base.GroupModified = flag4;
881 base.OwnerModified = ownerModified;
891 [SecuritySafeCritical]
899 Persist(name, accessControlSectionsFromChanges);
900 bool flag2 = base.AccessRulesModified =
false;
901 bool flag4 = base.AuditRulesModified = flag2;
902 bool ownerModified = base.GroupModified = flag4;
903 base.OwnerModified = ownerModified;
abstract bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
Applies the specified modification to the System Access Control List (SACL) associated with this T:Sy...
void SetSecurityDescriptorBinaryForm(byte[] binaryForm)
Sets the security descriptor for this T:System.Security.AccessControl.ObjectSecurity object from the ...
ObjectSecurity(bool isContainer, ResourceType resourceType, SafeHandle safeHandle, AccessControlSections includeSections, ExceptionFromErrorCode exceptionFromErrorCode, object exceptionContext)
Initializes a new instance of the ObjectSecurity`1 class.
The exception that is thrown when a null reference (Nothing in Visual Basic) is passed to a method th...
PropagationFlags
Specifies how Access Control Entries (ACEs) are propagated to child objects. These flags are signific...
Describes a set of security permissions applied to code. This class cannot be inherited.
Provides the ability to control access to objects without direct manipulation of Access Control Lists...
override ControlFlags ControlFlags
Gets values that specify behavior of the T:System.Security.AccessControl.RawSecurityDescriptor object...
void SetDiscretionaryAclProtection(bool isProtected, bool preserveInheritance)
Sets the inheritance protection for the Discretionary Access Control List (DACL) associated with this...
void GetBinaryForm(byte[] binaryForm, int offset)
Returns an array of byte values that represents the information contained in this T:System....
virtual void PurgeAuditRules(IdentityReference identity)
Removes all audit rules associated with the specified T:System.Security.Principal....
Represents an identity and is the base class for the T:System.Security.Principal.NTAccount and T:Syst...
Represents a security descriptor. A security descriptor includes an owner, a primary group,...
SystemAcl?? SystemAcl
Gets or sets the System Access Control List (SACL) for this T:System.Security.AccessControl....
IdentityReference GetGroup(Type targetType)
Gets the primary group associated with the specified owner.
void SetGroup(IdentityReference identity)
Sets the primary group for the security descriptor associated with this T:System.Security....
ObjectSecurity(bool isContainer, ResourceType resourceType, string name, AccessControlSections includeSections)
Initializes a new instance of the ObjectSecurity`1 class.
bool IsDiscretionaryAclCanonical
Gets a Boolean value that specifies whether the Discretionary Access Control List (DACL) associated w...
Represents a combination of a user's identity, an access mask, and an access control type (allow or d...
void SetSecurityDescriptorBinaryForm(byte[] binaryForm, AccessControlSections includeSections)
Sets the specified sections of the security descriptor for this T:System.Security....
virtual bool RemoveAuditRule(AuditRule< T > rule)
Removes audit rules that contain the same security identifier and access mask as the specified audit ...
virtual void Persist(string name, AccessControlSections includeSections)
Saves the specified sections of the security descriptor associated with this T:System....
abstract Type AuditRuleType
Gets the T:System.Type object associated with the audit rules of this T:System.Security....
override ControlFlags ControlFlags
Gets values that specify behavior of the T:System.Security.AccessControl.CommonSecurityDescriptor obj...
void WriteUnlock()
Unlocks this T:System.Security.AccessControl.ObjectSecurity object for write access.
virtual void AddAuditRule(AuditRule< T > rule)
Adds the specified audit rule to the System Access Control List (SACL) associated with this ObjectSec...
virtual bool RemoveAccessRule(AccessRule< T > rule)
Removes access rules that contain the same security identifier and access mask as the specified acces...
override SecurityIdentifier Group
Gets or sets the primary group for this T:System.Security.AccessControl.RawSecurityDescriptor object.
override AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
Initializes a new instance of the ObjectAccessRule class that represents a new access control rule fo...
virtual void RemoveAccessRuleSpecific(AccessRule< T > rule)
Removes all access rules that exactly match the specified access rule from the Discretionary Access C...
ObjectSecurity(bool isContainer, ResourceType resourceType, string name, AccessControlSections includeSections, ExceptionFromErrorCode exceptionFromErrorCode, object exceptionContext)
Initializes a new instance of the ObjectSecurity`1 class.
void PurgeAudit(SecurityIdentifier sid)
Removes all audit rules for the specified security identifier from the System Access Control List (SA...
void SetAccessRuleProtection(bool isProtected, bool preserveInheritance)
Sets or removes protection of the access rules associated with this T:System.Security....
virtual void RemoveAccessRuleAll(AccessRule< T > rule)
Removes all access rules that have the same security identifier as the specified access rule from the...
Defines a lock that supports single writers and multiple readers.
void PurgeAccessControl(SecurityIdentifier sid)
Removes all access rules for the specified security identifier from the Discretionary Access Control ...
ObjectSecurity(CommonSecurityDescriptor securityDescriptor)
Initializes a new instance of the T:System.Security.AccessControl.ObjectSecurity class.
Represents a wrapper class for operating system handles. This class must be inherited.
DiscretionaryAcl?? DiscretionaryAcl
Gets or sets the discretionary access control list (DACL) for this T:System.Security....
void SetSecurityDescriptorSddlForm(string sddlForm)
Sets the security descriptor for this T:System.Security.AccessControl.ObjectSecurity object from the ...
override SecurityIdentifier Owner
Gets or sets the owner of the object associated with this T:System.Security.AccessControl....
Provides the ability to control access to native objects without direct manipulation of Access Contro...
SecurityAction
Specifies the security actions that can be performed using declarative security.
Provides information about, and means to manipulate, the current environment and platform....
internal void Persist(SafeHandle handle)
Saves the security descriptor associated with this ObjectSecurity1 object to permanent storage,...
Represents a security descriptor. A security descriptor includes an owner, a primary group,...
Represents a combination of a user’s identity and an access mask.
void SetSecurityDescriptorSddlForm(string sddlForm, AccessControlSections includeSections)
Sets the specified sections of the security descriptor for this T:System.Security....
virtual void Persist(bool enableOwnershipPrivilege, string name, AccessControlSections includeSections)
Saves the specified sections of the security descriptor associated with this T:System....
RawAcl SystemAcl
Gets or sets the System Access Control List (SACL) for this T:System.Security.AccessControl....
virtual void RemoveAuditRuleSpecific(AuditRule< T > rule)
Removes all audit rules that exactly match the specified audit rule from the System Access Control Li...
ControlFlags
These flags affect the security descriptor behavior.
abstract Type AccessRightType
Gets the T:System.Type of the securable object associated with this T:System.Security....
string GetSddlForm(AccessControlSections includeSections)
Returns the Security Descriptor Definition Language (SDDL) representation of the specified sections o...
virtual void ResetAccessRule(AccessRule< T > rule)
Removes all access rules in the Discretionary Access Control List (DACL) associated with this ObjectS...
void SetSystemAclProtection(bool isProtected, bool preserveInheritance)
Sets the inheritance protection for the System Access Control List (SACL) associated with this T:Syst...
static void PrepareConstrainedRegions()
Designates a body of code as a constrained execution region (CER).
bool IsDS
Gets a Boolean value that specifies whether this T:System.Security.AccessControl.ObjectSecurity objec...
abstract Type AccessRuleType
Gets the T:System.Type of the object associated with the access rules of this T:System....
Represents type declarations: class types, interface types, array types, value types,...
string GetSecurityDescriptorSddlForm(AccessControlSections includeSections)
Returns the Security Descriptor Definition Language (SDDL) representation of the specified sections o...
virtual void SetAuditRule(AuditRule< T > rule)
Removes all audit rules that contain the same security identifier and qualifier as the specified audi...
ResourceType
Specifies the defined native object types.
ObjectSecurity(bool isContainer, ResourceType resourceType)
Initializes a new instance of the ObjectSecurity`1 class.
abstract IdentityReference Translate(Type targetType)
Translates the account name represented by the T:System.Security.Principal.IdentityReference object i...
override SecurityIdentifier Owner
Gets or sets the owner of the object associated with this T:System.Security.AccessControl....
void ReadUnlock()
Unlocks this T:System.Security.AccessControl.ObjectSecurity object for read access.
byte [] GetSecurityDescriptorBinaryForm()
Returns an array of byte values that represents the security descriptor information for this T:System...
AccessControlType
Specifies whether an T:System.Security.AccessControl.AccessRule object is used to allow or deny acces...
Specifies the discretionary access control list (DACL).
ObjectSecurity(bool isContainer, ResourceType resourceType, SafeHandle safeHandle, AccessControlSections includeSections)
Initializes a new instance of the ObjectSecurity`1 class.
abstract bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
Applies the specified modification to the Discretionary Access Control List (DACL) associated with th...
The exception that is thrown when one of the arguments provided to a method is not valid.
void ReadLock()
Locks this T:System.Security.AccessControl.ObjectSecurity object for read access.
RawAcl DiscretionaryAcl
Gets or sets the Discretionary Access Control List (DACL) for this T:System.Security....
bool IsDS
Gets a Boolean value that specifies whether the object associated with this T:System....
void WriteLock()
Locks this T:System.Security.AccessControl.ObjectSecurity object for write access.
virtual void AddAccessRule(AccessRule< T > rule)
Adds the specified access rule to the Discretionary Access Control List (DACL) associated with this O...
virtual void SetAccessRule(AccessRule< T > rule)
Removes all access rules that contain the same security identifier and qualifier as the specified acc...
bool IsContainer
Gets a Boolean value that specifies whether this T:System.Security.AccessControl.ObjectSecurity objec...
override AuditRule AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
Initializes a new instance of the T:System.Security.AccessControl.AuditRule class representing the sp...
AccessControlModification
Specifies the type of access control modification to perform. This enumeration is used by methods of ...
bool IsSystemAclCanonical
Gets a Boolean value that specifies whether the System Access Control List (SACL) associated with thi...
Represents a security identifier (SID) and provides marshaling and comparison operations for SIDs.
ObjectSecurity(bool isContainer, bool isDS)
Initializes a new instance of the T:System.Security.AccessControl.ObjectSecurity class.
virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified)
Applies the specified modification to the System Access Control List (SACL) associated with this T:Sy...
ObjectSecurity()
Initializes a new instance of the T:System.Security.AccessControl.ObjectSecurity class.
Specifies the system access control list (SACL).
IdentityReference GetOwner(Type targetType)
Gets the owner associated with the specified primary group.
The exception that is thrown when a method call is invalid for the object's current state.
override SecurityIdentifier Group
Gets or sets the primary group for this T:System.Security.AccessControl.CommonSecurityDescriptor obje...
Represents a Discretionary Access Control List (DACL).
virtual void Persist(SafeHandle handle, AccessControlSections includeSections)
Saves the specified sections of the security descriptor associated with this T:System....
virtual void RemoveAuditRuleAll(AuditRule< T > rule)
Removes all audit rules that have the same security identifier as the specified audit rule from the S...
static bool IsSddlConversionSupported()
Returns a Boolean value that specifies whether the security descriptor associated with this T:System....
The exception that is thrown when a method in the N:System.Security.AccessControl namespace attempts ...
int BinaryLength
Gets the length, in bytes, of the binary representation of the current T:System.Security....
InheritanceFlags
Inheritance flags specify the semantics of inheritance for access control entries (ACEs).
virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
Applies the specified modification to the Discretionary Access Control List (DACL) associated with th...
void SetAuditRuleProtection(bool isProtected, bool preserveInheritance)
Sets or removes protection of the audit rules associated with this T:System.Security....
AccessControlSections
Specifies which sections of a security descriptor to save or load.
virtual void PurgeAccessRules(IdentityReference identity)
Removes all access rules associated with the specified T:System.Security.Principal....
The exception that is thrown when a requested method or operation is not implemented.
void SetOwner(IdentityReference identity)
Sets the owner for the security descriptor associated with this T:System.Security....
bool AreAccessRulesProtected
Gets a Boolean value that specifies whether the Discretionary Access Control List (DACL) associated w...
virtual bool IsAssignableFrom(Type c)
Determines whether an instance of a specified type can be assigned to an instance of the current type...
internal void Persist(string name)
Saves the security descriptor associated with this ObjectSecurity1 object to permanent storage,...
Provides a set of static methods and properties that provide support for compilers....
override IdentityReference Translate(Type targetType)
Translates the account name represented by the T:System.Security.Principal.SecurityIdentifier object ...
AuditFlags
Specifies the conditions for auditing attempts to access a securable object.
bool IsContainer
Gets a Boolean value that specifies whether the object associated with this T:System....