mscorlib(4.0.0.0) API with additions
PipeSecurity.cs
1 using Microsoft.Win32.SafeHandles;
2 using System.Runtime.InteropServices;
3 using System.Security;
4 using System.Security.AccessControl;
5 using System.Security.Permissions;
6 using System.Security.Principal;
7 
8 namespace System.IO.Pipes
9 {
11  [HostProtection(SecurityAction.LinkDemand, MayLeakOnAbort = true)]
12  public class PipeSecurity : NativeObjectSecurity
13  {
16  public override Type AccessRightType => typeof(PipeAccessRights);
17 
20  public override Type AccessRuleType => typeof(PipeAccessRule);
21 
24  public override Type AuditRuleType => typeof(PipeAuditRule);
25 
27  public PipeSecurity()
28  : base(isContainer: false, ResourceType.KernelObject)
29  {
30  }
31 
32  [SecuritySafeCritical]
33  internal PipeSecurity(SafePipeHandle safeHandle, AccessControlSections includeSections)
34  : base(isContainer: false, ResourceType.KernelObject, safeHandle, includeSections)
35  {
36  }
37 
41  public void AddAccessRule(PipeAccessRule rule)
42  {
43  if (rule == null)
44  {
45  throw new ArgumentNullException("rule");
46  }
47  AddAccessRule((AccessRule)rule);
48  }
49 
53  public void SetAccessRule(PipeAccessRule rule)
54  {
55  if (rule == null)
56  {
57  throw new ArgumentNullException("rule");
58  }
59  SetAccessRule((AccessRule)rule);
60  }
61 
65  public void ResetAccessRule(PipeAccessRule rule)
66  {
67  if (rule == null)
68  {
69  throw new ArgumentNullException("rule");
70  }
71  ResetAccessRule((AccessRule)rule);
72  }
73 
79  public bool RemoveAccessRule(PipeAccessRule rule)
80  {
81  if (rule == null)
82  {
83  throw new ArgumentNullException("rule");
84  }
85  AuthorizationRuleCollection accessRules = GetAccessRules(includeExplicit: true, includeInherited: true, rule.IdentityReference.GetType());
86  for (int i = 0; i < accessRules.Count; i++)
87  {
88  PipeAccessRule pipeAccessRule = accessRules[i] as PipeAccessRule;
89  if (pipeAccessRule != null && pipeAccessRule.PipeAccessRights == rule.PipeAccessRights && pipeAccessRule.IdentityReference == rule.IdentityReference && pipeAccessRule.AccessControlType == rule.AccessControlType)
90  {
91  return RemoveAccessRule((AccessRule)rule);
92  }
93  }
94  if (rule.PipeAccessRights != PipeAccessRights.FullControl)
95  {
96  return RemoveAccessRule((AccessRule)new PipeAccessRule(rule.IdentityReference, PipeAccessRule.AccessMaskFromRights(rule.PipeAccessRights, AccessControlType.Deny), isInherited: false, rule.AccessControlType));
97  }
98  return RemoveAccessRule((AccessRule)rule);
99  }
100 
104  public void RemoveAccessRuleSpecific(PipeAccessRule rule)
105  {
106  if (rule == null)
107  {
108  throw new ArgumentNullException("rule");
109  }
110  AuthorizationRuleCollection accessRules = GetAccessRules(includeExplicit: true, includeInherited: true, rule.IdentityReference.GetType());
111  for (int i = 0; i < accessRules.Count; i++)
112  {
113  PipeAccessRule pipeAccessRule = accessRules[i] as PipeAccessRule;
114  if (pipeAccessRule != null && pipeAccessRule.PipeAccessRights == rule.PipeAccessRights && pipeAccessRule.IdentityReference == rule.IdentityReference && pipeAccessRule.AccessControlType == rule.AccessControlType)
115  {
116  RemoveAccessRuleSpecific((AccessRule)rule);
117  return;
118  }
119  }
120  if (rule.PipeAccessRights != PipeAccessRights.FullControl)
121  {
122  RemoveAccessRuleSpecific((AccessRule)new PipeAccessRule(rule.IdentityReference, PipeAccessRule.AccessMaskFromRights(rule.PipeAccessRights, AccessControlType.Deny), isInherited: false, rule.AccessControlType));
123  }
124  else
125  {
126  RemoveAccessRuleSpecific((AccessRule)rule);
127  }
128  }
129 
133  public void AddAuditRule(PipeAuditRule rule)
134  {
135  AddAuditRule((AuditRule)rule);
136  }
137 
141  public void SetAuditRule(PipeAuditRule rule)
142  {
143  SetAuditRule((AuditRule)rule);
144  }
145 
151  public bool RemoveAuditRule(PipeAuditRule rule)
152  {
153  return RemoveAuditRule((AuditRule)rule);
154  }
155 
159  public void RemoveAuditRuleAll(PipeAuditRule rule)
160  {
161  RemoveAuditRuleAll((AuditRule)rule);
162  }
163 
167  public void RemoveAuditRuleSpecific(PipeAuditRule rule)
168  {
169  RemoveAuditRuleSpecific((AuditRule)rule);
170  }
171 
188  public override AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
189  {
190  if (inheritanceFlags != 0)
191  {
192  throw new ArgumentException(System.SR.GetString("Argument_NonContainerInvalidAnyFlag"), "inheritanceFlags");
193  }
194  if (propagationFlags != 0)
195  {
196  throw new ArgumentException(System.SR.GetString("Argument_NonContainerInvalidAnyFlag"), "propagationFlags");
197  }
198  return new PipeAccessRule(identityReference, accessMask, isInherited, type);
199  }
200 
213  public sealed override AuditRule AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
214  {
215  if (inheritanceFlags != 0)
216  {
217  throw new ArgumentException(System.SR.GetString("Argument_NonContainerInvalidAnyFlag"), "inheritanceFlags");
218  }
219  if (propagationFlags != 0)
220  {
221  throw new ArgumentException(System.SR.GetString("Argument_NonContainerInvalidAnyFlag"), "propagationFlags");
222  }
223  return new PipeAuditRule(identityReference, accessMask, isInherited, flags);
224  }
225 
226  private AccessControlSections GetAccessControlSectionsFromChanges()
227  {
228  AccessControlSections accessControlSections = AccessControlSections.None;
229  if (base.AccessRulesModified)
230  {
231  accessControlSections = AccessControlSections.Access;
232  }
233  if (base.AuditRulesModified)
234  {
235  accessControlSections |= AccessControlSections.Audit;
236  }
237  if (base.OwnerModified)
238  {
239  accessControlSections |= AccessControlSections.Owner;
240  }
241  if (base.GroupModified)
242  {
243  accessControlSections |= AccessControlSections.Group;
244  }
245  return accessControlSections;
246  }
247 
250  [SecurityCritical]
251  [SecurityPermission(SecurityAction.Assert, UnmanagedCode = true)]
252  protected internal void Persist(SafeHandle handle)
253  {
254  WriteLock();
255  try
256  {
257  AccessControlSections accessControlSectionsFromChanges = GetAccessControlSectionsFromChanges();
258  Persist(handle, accessControlSectionsFromChanges);
259  bool flag2 = base.AccessRulesModified = false;
260  bool flag4 = base.AuditRulesModified = flag2;
261  bool ownerModified = base.GroupModified = flag4;
262  base.OwnerModified = ownerModified;
263  }
264  finally
265  {
266  WriteUnlock();
267  }
268  }
269 
272  [SecurityCritical]
273  [SecurityPermission(SecurityAction.Assert, UnmanagedCode = true)]
274  protected internal void Persist(string name)
275  {
276  WriteLock();
277  try
278  {
279  AccessControlSections accessControlSectionsFromChanges = GetAccessControlSectionsFromChanges();
280  Persist(name, accessControlSectionsFromChanges);
281  bool flag2 = base.AccessRulesModified = false;
282  bool flag4 = base.AuditRulesModified = flag2;
283  bool ownerModified = base.GroupModified = flag4;
284  base.OwnerModified = ownerModified;
285  }
286  finally
287  {
288  WriteUnlock();
289  }
290  }
291  }
292 }
System.IO.Pipes.PipeAuditRule
Represents an abstraction of an access control entry (ACE) that defines an audit rule for a pipe.
Definition: PipeAuditRule.cs:9
System.ArgumentNullException
The exception that is thrown when a null reference (Nothing in Visual Basic) is passed to a method th...
Definition: ArgumentNullException.cs:11
System.Security.AccessControl.PropagationFlags
PropagationFlags
Specifies how Access Control Entries (ACEs) are propagated to child objects. These flags are signific...
Definition: PropagationFlags.cs:5
System.Security.Permissions.SecurityPermission
Describes a set of security permissions applied to code. This class cannot be inherited.
Definition: SecurityPermission.cs:9
System.Security.Principal.IdentityReference
Represents an identity and is the base class for the T:System.Security.Principal.NTAccount and T:Syst...
Definition: IdentityReference.cs:7
System.IO.Pipes.PipeSecurity.SetAccessRule
void SetAccessRule(PipeAccessRule rule)
Sets an access rule in the Discretionary Access Control List (DACL) that is associated with the curre...
Definition: PipeSecurity.cs:53
System.Security.AccessControl.AccessRule
Represents a combination of a user's identity, an access mask, and an access control type (allow or d...
Definition: AccessRule.cs:7
System.Security.AccessControl.AuthorizationRule.IdentityReference
IdentityReference IdentityReference
Gets the T:System.Security.Principal.IdentityReference to which this rule applies.
Definition: AuthorizationRule.cs:20
System
Definition: __Canon.cs:3
System.IO.Pipes.PipeAccessRule.PipeAccessRights
PipeAccessRights PipeAccessRights
Gets the T:System.IO.Pipes.PipeAccessRights flags that are associated with the current T:System....
Definition: PipeAccessRule.cs:13
System.IO.Pipes.PipeSecurity.RemoveAccessRule
bool RemoveAccessRule(PipeAccessRule rule)
Removes an access rule from the Discretionary Access Control List (DACL) that is associated with the ...
Definition: PipeSecurity.cs:79
System.Runtime.InteropServices.SafeHandle
Represents a wrapper class for operating system handles. This class must be inherited.
Definition: SafeHandle.cs:12
System.IO.Pipes.PipeSecurity.AddAccessRule
void AddAccessRule(PipeAccessRule rule)
Adds an access rule to the Discretionary Access Control List (DACL) that is associated with the curre...
Definition: PipeSecurity.cs:41
System.Security.AccessControl.NativeObjectSecurity
Provides the ability to control access to native objects without direct manipulation of Access Contro...
Definition: NativeObjectSecurity.cs:8
System.IO.Pipes.PipeSecurity.Persist
internal void Persist(SafeHandle handle)
Saves the specified sections of the security descriptor that is associated with the current T:System....
Definition: PipeSecurity.cs:252
System.Security.Permissions.SecurityAction
SecurityAction
Specifies the security actions that can be performed using declarative security.
Definition: SecurityAction.cs:8
System.Security.AccessControl.AuditRule
Represents a combination of a user’s identity and an access mask.
Definition: AuditRule.cs:7
System.IO.Pipes.PipeSecurity.AuditRuleType
override Type AuditRuleType
Gets the T:System.Type object associated with the audit rules of the current T:System....
Definition: PipeSecurity.cs:24
System.IO.Pipes.PipeSecurity.AuditRuleFactory
sealed override AuditRule AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
Initializes a new instance of the T:System.Security.AccessControl.AuditRule class with the specified ...
Definition: PipeSecurity.cs:213
System.IO.Pipes.PipeSecurity.RemoveAuditRuleAll
void RemoveAuditRuleAll(PipeAuditRule rule)
Removes all audit rules that have the same security identifier as the specified audit rule from the S...
Definition: PipeSecurity.cs:159
System.SR
Definition: SR.cs:7
System.Collections.ReadOnlyCollectionBase.Count
virtual int Count
Gets the number of elements contained in the T:System.Collections.ReadOnlyCollectionBase instance.
Definition: ReadOnlyCollectionBase.cs:28
System.Type
Represents type declarations: class types, interface types, array types, value types,...
Definition: Type.cs:18
System.IO.Pipes.PipeSecurity.RemoveAuditRule
bool RemoveAuditRule(PipeAuditRule rule)
Removes an audit rule from the System Access Control List (SACL) that is associated with the current ...
Definition: PipeSecurity.cs:151
System.IO.Pipes.PipeSecurity.RemoveAccessRuleSpecific
void RemoveAccessRuleSpecific(PipeAccessRule rule)
Removes the specified access rule from the Discretionary Access Control List (DACL) that is associate...
Definition: PipeSecurity.cs:104
System.Security.AccessControl.ResourceType
ResourceType
Specifies the defined native object types.
Definition: ResourceType.cs:4
System.IO.Pipes.PipeSecurity.Persist
internal void Persist(string name)
Saves the specified sections of the security descriptor that is associated with the current T:System....
Definition: PipeSecurity.cs:274
System.IO.Pipes.PipeSecurity.AddAuditRule
void AddAuditRule(PipeAuditRule rule)
Adds an audit rule to the System Access Control List (SACL)that is associated with the current T:Syst...
Definition: PipeSecurity.cs:133
System.IO.Pipes.PipeSecurity.ResetAccessRule
void ResetAccessRule(PipeAccessRule rule)
Removes all access rules in the Discretionary Access Control List (DACL) that is associated with the ...
Definition: PipeSecurity.cs:65
System.Security.AccessControl.AccessControlType
AccessControlType
Specifies whether an T:System.Security.AccessControl.AccessRule object is used to allow or deny acces...
Definition: AccessControlType.cs:4
System.IO.Pipes.PipeSecurity.AccessRuleType
override Type AccessRuleType
Gets the T:System.Type of the object that is associated with the access rules of the current T:System...
Definition: PipeSecurity.cs:20
System.Security.AccessControl.AuthorizationRuleCollection
Represents a collection of T:System.Security.AccessControl.AuthorizationRule objects.
Definition: AuthorizationRuleCollection.cs:6
System.IO.Pipes.PipeSecurity.AccessRightType
override Type AccessRightType
Gets the T:System.Type of the securable object that is associated with the current T:System....
Definition: PipeSecurity.cs:16
System.ArgumentException
The exception that is thrown when one of the arguments provided to a method is not valid.
Definition: ArgumentException.cs:11
System.IO.Pipes.PipeSecurity.SetAuditRule
void SetAuditRule(PipeAuditRule rule)
Sets an audit rule in the System Access Control List (SACL) that is associated with the current T:Sys...
Definition: PipeSecurity.cs:141
System.IO.Pipes.PipeAccessRights
PipeAccessRights
Defines the access rights to use when you create access and audit rules.
Definition: PipeAccessRights.cs:5
System.IO.Pipes.PipeSecurity
Represents the access control and audit security for a pipe.
Definition: PipeSecurity.cs:12
System.IO.Pipes.PipeSecurity.PipeSecurity
PipeSecurity()
Initializes a new instance of the T:System.IO.Pipes.PipeSecurity class.
Definition: PipeSecurity.cs:27
System.IO.Pipes.PipeSecurity.RemoveAuditRuleSpecific
void RemoveAuditRuleSpecific(PipeAuditRule rule)
Removes the specified audit rule from the System Access Control List (SACL) that is associated with t...
Definition: PipeSecurity.cs:167
System.Security.AccessControl.CommonObjectSecurity.GetAccessRules
AuthorizationRuleCollection GetAccessRules(bool includeExplicit, bool includeInherited, Type targetType)
Gets a collection of the access rules associated with the specified security identifier.
Definition: CommonObjectSecurity.cs:513
System.Security.AccessControl.AccessRule.AccessControlType
AccessControlType AccessControlType
Gets the T:System.Security.AccessControl.AccessControlType value associated with this T:System....
Definition: AccessRule.cs:65
System.IO.Pipes.PipeAccessRule
Represents an abstraction of an access control entry (ACE) that defines an access rule for a pipe.
Definition: PipeAccessRule.cs:9
System.Security.AccessControl.InheritanceFlags
InheritanceFlags
Inheritance flags specify the semantics of inheritance for access control entries (ACEs).
Definition: InheritanceFlags.cs:5
System.Security.AccessControl.AccessControlSections
AccessControlSections
Specifies which sections of a security descriptor to save or load.
Definition: AccessControlSections.cs:5
System.IO.Pipes.PipeSecurity.AccessRuleFactory
override AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
Initializes a new instance of the T:System.Security.AccessControl.AccessRule class with the specified...
Definition: PipeSecurity.cs:188
System.Security.AccessControl.AuditFlags
AuditFlags
Specifies the conditions for auditing attempts to access a securable object.
Definition: AuditFlags.cs:5