Terraria v1.4.4.9
Terraria source code documentation
Loading...
Searching...
No Matches
DirectoryObjectSecurity.cs
Go to the documentation of this file.
1using System.Security.Principal;
2
3namespace System.Security.AccessControl;
4
5public abstract class DirectoryObjectSecurity : ObjectSecurity
6{
7 protected DirectoryObjectSecurity()
8 : base(isContainer: true, isDS: true)
9 {
10 }
11
12 protected DirectoryObjectSecurity(CommonSecurityDescriptor securityDescriptor)
13 : base(securityDescriptor)
14 {
15 if (securityDescriptor == null)
16 {
17 throw new ArgumentNullException("securityDescriptor");
18 }
19 }
20
21 private static bool IsValidTargetTypeStatic(Type targetType)
22 {
23 if (targetType == typeof(NTAccount))
24 {
25 return true;
26 }
27 if (targetType == typeof(SecurityIdentifier))
28 {
29 return true;
30 }
31 return false;
32 }
33
34 private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit, bool includeInherited, Type targetType)
35 {
36 ReadLock();
37 try
38 {
39 AuthorizationRuleCollection authorizationRuleCollection = new AuthorizationRuleCollection();
40 if (!IsValidTargetTypeStatic(targetType))
41 {
42 throw new ArgumentException(System.SR.Arg_MustBeIdentityReferenceType, "targetType");
43 }
44 CommonAcl commonAcl = null;
45 if (access)
46 {
47 if ((base.SecurityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent) != 0)
48 {
49 commonAcl = base.SecurityDescriptor.DiscretionaryAcl;
50 }
51 }
52 else if ((base.SecurityDescriptor.ControlFlags & ControlFlags.SystemAclPresent) != 0)
53 {
54 commonAcl = base.SecurityDescriptor.SystemAcl;
55 }
56 if (commonAcl == null)
57 {
58 return authorizationRuleCollection;
59 }
60 IdentityReferenceCollection identityReferenceCollection = null;
61 if (targetType != typeof(SecurityIdentifier))
62 {
63 IdentityReferenceCollection identityReferenceCollection2 = new IdentityReferenceCollection(commonAcl.Count);
64 for (int i = 0; i < commonAcl.Count; i++)
65 {
66 QualifiedAce qualifiedAce = commonAcl[i] as QualifiedAce;
67 if (qualifiedAce == null || qualifiedAce.IsCallback)
68 {
69 continue;
70 }
71 if (access)
72 {
73 if (qualifiedAce.AceQualifier != 0 && qualifiedAce.AceQualifier != AceQualifier.AccessDenied)
74 {
75 continue;
76 }
77 }
78 else if (qualifiedAce.AceQualifier != AceQualifier.SystemAudit)
79 {
80 continue;
81 }
82 identityReferenceCollection2.Add(qualifiedAce.SecurityIdentifier);
83 }
84 identityReferenceCollection = identityReferenceCollection2.Translate(targetType);
85 }
86 for (int j = 0; j < commonAcl.Count; j++)
87 {
88 QualifiedAce qualifiedAce2 = commonAcl[j] as CommonAce;
89 if (qualifiedAce2 == null)
90 {
91 qualifiedAce2 = commonAcl[j] as ObjectAce;
92 if (qualifiedAce2 == null)
93 {
94 continue;
95 }
96 }
97 if (qualifiedAce2.IsCallback)
98 {
99 continue;
100 }
101 if (access)
102 {
103 if (qualifiedAce2.AceQualifier != 0 && qualifiedAce2.AceQualifier != AceQualifier.AccessDenied)
104 {
105 continue;
106 }
107 }
108 else if (qualifiedAce2.AceQualifier != AceQualifier.SystemAudit)
109 {
110 continue;
111 }
112 if ((!includeExplicit || (qualifiedAce2.AceFlags & AceFlags.Inherited) != 0) && (!includeInherited || (qualifiedAce2.AceFlags & AceFlags.Inherited) == 0))
113 {
114 continue;
115 }
116 IdentityReference identityReference = ((targetType == typeof(SecurityIdentifier)) ? qualifiedAce2.SecurityIdentifier : identityReferenceCollection[j]);
117 if (access)
118 {
119 AccessControlType type = ((qualifiedAce2.AceQualifier != 0) ? AccessControlType.Deny : AccessControlType.Allow);
120 if (qualifiedAce2 is ObjectAce objectAce)
121 {
122 authorizationRuleCollection.AddRule(AccessRuleFactory(identityReference, objectAce.AccessMask, objectAce.IsInherited, objectAce.InheritanceFlags, objectAce.PropagationFlags, type, objectAce.ObjectAceType, objectAce.InheritedObjectAceType));
123 continue;
124 }
125 CommonAce commonAce = qualifiedAce2 as CommonAce;
126 if (!(commonAce == null))
127 {
128 authorizationRuleCollection.AddRule(AccessRuleFactory(identityReference, commonAce.AccessMask, commonAce.IsInherited, commonAce.InheritanceFlags, commonAce.PropagationFlags, type));
129 }
130 }
131 else if (qualifiedAce2 is ObjectAce objectAce2)
132 {
133 authorizationRuleCollection.AddRule(AuditRuleFactory(identityReference, objectAce2.AccessMask, objectAce2.IsInherited, objectAce2.InheritanceFlags, objectAce2.PropagationFlags, objectAce2.AuditFlags, objectAce2.ObjectAceType, objectAce2.InheritedObjectAceType));
134 }
135 else
136 {
137 CommonAce commonAce2 = qualifiedAce2 as CommonAce;
138 if (!(commonAce2 == null))
139 {
140 authorizationRuleCollection.AddRule(AuditRuleFactory(identityReference, commonAce2.AccessMask, commonAce2.IsInherited, commonAce2.InheritanceFlags, commonAce2.PropagationFlags, commonAce2.AuditFlags));
141 }
142 }
143 }
144 return authorizationRuleCollection;
145 }
146 finally
147 {
148 ReadUnlock();
149 }
150 }
151
152 private bool ModifyAccess(AccessControlModification modification, ObjectAccessRule rule, out bool modified)
153 {
154 bool flag = true;
155 if (base.SecurityDescriptor.DiscretionaryAcl == null)
156 {
157 if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific)
158 {
159 modified = false;
160 return flag;
161 }
162 base.SecurityDescriptor.AddDiscretionaryAcl(GenericAcl.AclRevisionDS, 1);
163 }
164 else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) && rule.ObjectFlags != 0 && base.SecurityDescriptor.DiscretionaryAcl.Revision < GenericAcl.AclRevisionDS)
165 {
166 byte[] array = new byte[base.SecurityDescriptor.DiscretionaryAcl.BinaryLength];
167 base.SecurityDescriptor.DiscretionaryAcl.GetBinaryForm(array, 0);
168 array[0] = GenericAcl.AclRevisionDS;
169 base.SecurityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(base.IsContainer, base.IsDS, new RawAcl(array, 0));
170 }
171 SecurityIdentifier sid = (SecurityIdentifier)rule.IdentityReference.Translate(typeof(SecurityIdentifier));
172 if (rule.AccessControlType == AccessControlType.Allow)
173 {
174 switch (modification)
175 {
176 case AccessControlModification.Add:
177 base.SecurityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule);
178 break;
179 case AccessControlModification.Set:
180 base.SecurityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule);
181 break;
182 case AccessControlModification.Reset:
183 base.SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
184 base.SecurityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule);
185 break;
186 case AccessControlModification.Remove:
187 flag = base.SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule);
188 break;
189 case AccessControlModification.RemoveAll:
190 flag = base.SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
191 if (!flag)
192 {
193 throw new InvalidOperationException(System.SR.InvalidOperation_RemoveFail);
194 }
195 break;
196 case AccessControlModification.RemoveSpecific:
197 base.SecurityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule);
198 break;
199 default:
200 throw new ArgumentOutOfRangeException("modification", System.SR.ArgumentOutOfRange_Enum);
201 }
202 }
203 else
204 {
205 if (rule.AccessControlType != AccessControlType.Deny)
206 {
207 throw new ArgumentException(System.SR.Format(System.SR.TypeUnrecognized_AccessControl, rule.AccessControlType));
208 }
209 switch (modification)
210 {
211 case AccessControlModification.Add:
212 base.SecurityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule);
213 break;
214 case AccessControlModification.Set:
215 base.SecurityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule);
216 break;
217 case AccessControlModification.Reset:
218 base.SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
219 base.SecurityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule);
220 break;
221 case AccessControlModification.Remove:
222 flag = base.SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule);
223 break;
224 case AccessControlModification.RemoveAll:
225 flag = base.SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
226 if (!flag)
227 {
228 throw new InvalidOperationException(System.SR.InvalidOperation_RemoveFail);
229 }
230 break;
231 case AccessControlModification.RemoveSpecific:
232 base.SecurityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule);
233 break;
234 default:
235 throw new ArgumentOutOfRangeException("modification", System.SR.ArgumentOutOfRange_Enum);
236 }
237 }
238 modified = flag;
239 base.AccessRulesModified |= modified;
240 return flag;
241 }
242
243 private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified)
244 {
245 bool flag = true;
246 if (base.SecurityDescriptor.SystemAcl == null)
247 {
248 if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific)
249 {
250 modified = false;
251 return flag;
252 }
253 base.SecurityDescriptor.AddSystemAcl(GenericAcl.AclRevisionDS, 1);
254 }
255 else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) && rule.ObjectFlags != 0 && base.SecurityDescriptor.SystemAcl.Revision < GenericAcl.AclRevisionDS)
256 {
257 byte[] array = new byte[base.SecurityDescriptor.SystemAcl.BinaryLength];
258 base.SecurityDescriptor.SystemAcl.GetBinaryForm(array, 0);
259 array[0] = GenericAcl.AclRevisionDS;
260 base.SecurityDescriptor.SystemAcl = new SystemAcl(base.IsContainer, base.IsDS, new RawAcl(array, 0));
261 }
262 SecurityIdentifier sid = (SecurityIdentifier)rule.IdentityReference.Translate(typeof(SecurityIdentifier));
263 switch (modification)
264 {
265 case AccessControlModification.Add:
266 base.SecurityDescriptor.SystemAcl.AddAudit(sid, rule);
267 break;
268 case AccessControlModification.Set:
269 base.SecurityDescriptor.SystemAcl.SetAudit(sid, rule);
270 break;
271 case AccessControlModification.Reset:
272 base.SecurityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Success | AuditFlags.Failure, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
273 base.SecurityDescriptor.SystemAcl.SetAudit(sid, rule);
274 break;
275 case AccessControlModification.Remove:
276 flag = base.SecurityDescriptor.SystemAcl.RemoveAudit(sid, rule);
277 break;
278 case AccessControlModification.RemoveAll:
279 flag = base.SecurityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Success | AuditFlags.Failure, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
280 if (!flag)
281 {
282 throw new InvalidOperationException(System.SR.InvalidOperation_RemoveFail);
283 }
284 break;
285 case AccessControlModification.RemoveSpecific:
286 base.SecurityDescriptor.SystemAcl.RemoveAuditSpecific(sid, rule);
287 break;
288 default:
289 throw new ArgumentOutOfRangeException("modification", System.SR.ArgumentOutOfRange_Enum);
290 }
291 modified = flag;
292 base.AuditRulesModified |= modified;
293 return flag;
294 }
295
296 public virtual AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type, Guid objectType, Guid inheritedObjectType)
297 {
298 throw System.NotImplemented.ByDesign;
299 }
300
301 public virtual AuditRule AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags, Guid objectType, Guid inheritedObjectType)
302 {
303 throw System.NotImplemented.ByDesign;
304 }
305
306 protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
307 {
308 return ModifyAccess(modification, (ObjectAccessRule)rule, out modified);
309 }
310
311 protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
312 {
313 return ModifyAudit(modification, (ObjectAuditRule)rule, out modified);
314 }
315
316 protected void AddAccessRule(ObjectAccessRule rule)
317 {
318 if (rule == null)
319 {
320 throw new ArgumentNullException("rule");
321 }
322 WriteLock();
323 try
324 {
325 ModifyAccess(AccessControlModification.Add, rule, out var _);
326 }
327 finally
328 {
329 WriteUnlock();
330 }
331 }
332
333 protected void SetAccessRule(ObjectAccessRule rule)
334 {
335 if (rule == null)
336 {
337 throw new ArgumentNullException("rule");
338 }
339 WriteLock();
340 try
341 {
342 ModifyAccess(AccessControlModification.Set, rule, out var _);
343 }
344 finally
345 {
346 WriteUnlock();
347 }
348 }
349
350 protected void ResetAccessRule(ObjectAccessRule rule)
351 {
352 if (rule == null)
353 {
354 throw new ArgumentNullException("rule");
355 }
356 WriteLock();
357 try
358 {
359 ModifyAccess(AccessControlModification.Reset, rule, out var _);
360 }
361 finally
362 {
363 WriteUnlock();
364 }
365 }
366
367 protected bool RemoveAccessRule(ObjectAccessRule rule)
368 {
369 if (rule == null)
370 {
371 throw new ArgumentNullException("rule");
372 }
373 WriteLock();
374 try
375 {
376 if (base.SecurityDescriptor == null)
377 {
378 return true;
379 }
380 bool modified;
381 return ModifyAccess(AccessControlModification.Remove, rule, out modified);
382 }
383 finally
384 {
385 WriteUnlock();
386 }
387 }
388
389 protected void RemoveAccessRuleAll(ObjectAccessRule rule)
390 {
391 if (rule == null)
392 {
393 throw new ArgumentNullException("rule");
394 }
395 WriteLock();
396 try
397 {
398 if (base.SecurityDescriptor != null)
399 {
400 ModifyAccess(AccessControlModification.RemoveAll, rule, out var _);
401 }
402 }
403 finally
404 {
405 WriteUnlock();
406 }
407 }
408
409 protected void RemoveAccessRuleSpecific(ObjectAccessRule rule)
410 {
411 if (rule == null)
412 {
413 throw new ArgumentNullException("rule");
414 }
415 if (base.SecurityDescriptor == null)
416 {
417 return;
418 }
419 WriteLock();
420 try
421 {
422 ModifyAccess(AccessControlModification.RemoveSpecific, rule, out var _);
423 }
424 finally
425 {
426 WriteUnlock();
427 }
428 }
429
430 protected void AddAuditRule(ObjectAuditRule rule)
431 {
432 if (rule == null)
433 {
434 throw new ArgumentNullException("rule");
435 }
436 WriteLock();
437 try
438 {
439 ModifyAudit(AccessControlModification.Add, rule, out var _);
440 }
441 finally
442 {
443 WriteUnlock();
444 }
445 }
446
447 protected void SetAuditRule(ObjectAuditRule rule)
448 {
449 if (rule == null)
450 {
451 throw new ArgumentNullException("rule");
452 }
453 WriteLock();
454 try
455 {
456 ModifyAudit(AccessControlModification.Set, rule, out var _);
457 }
458 finally
459 {
460 WriteUnlock();
461 }
462 }
463
464 protected bool RemoveAuditRule(ObjectAuditRule rule)
465 {
466 if (rule == null)
467 {
468 throw new ArgumentNullException("rule");
469 }
470 WriteLock();
471 try
472 {
473 bool modified;
474 return ModifyAudit(AccessControlModification.Remove, rule, out modified);
475 }
476 finally
477 {
478 WriteUnlock();
479 }
480 }
481
482 protected void RemoveAuditRuleAll(ObjectAuditRule rule)
483 {
484 if (rule == null)
485 {
486 throw new ArgumentNullException("rule");
487 }
488 WriteLock();
489 try
490 {
491 ModifyAudit(AccessControlModification.RemoveAll, rule, out var _);
492 }
493 finally
494 {
495 WriteUnlock();
496 }
497 }
498
499 protected void RemoveAuditRuleSpecific(ObjectAuditRule rule)
500 {
501 if (rule == null)
502 {
503 throw new ArgumentNullException("rule");
504 }
505 WriteLock();
506 try
507 {
508 ModifyAudit(AccessControlModification.RemoveSpecific, rule, out var _);
509 }
510 finally
511 {
512 WriteUnlock();
513 }
514 }
515
516 public AuthorizationRuleCollection GetAccessRules(bool includeExplicit, bool includeInherited, Type targetType)
517 {
518 return GetRules(access: true, includeExplicit, includeInherited, targetType);
519 }
520
521 public AuthorizationRuleCollection GetAuditRules(bool includeExplicit, bool includeInherited, Type targetType)
522 {
523 return GetRules(access: false, includeExplicit, includeInherited, targetType);
524 }
525}
System.NotImplemented.ByDesign
static Exception ByDesign
Definition NotImplemented.cs:5
System.SR.Arg_MustBeIdentityReferenceType
static string Arg_MustBeIdentityReferenceType
Definition SR.cs:16
System.SR.ArgumentOutOfRange_Enum
static string ArgumentOutOfRange_Enum
Definition SR.cs:18
System.SR.Format
static string Format(string resourceFormat, object p1)
Definition SR.cs:118
System.SR.TypeUnrecognized_AccessControl
static string TypeUnrecognized_AccessControl
Definition SR.cs:26
System.SR.InvalidOperation_RemoveFail
static string InvalidOperation_RemoveFail
Definition SR.cs:28
System.SR
Definition SR.cs:7
System.Security.AccessControl.DirectoryObjectSecurity.GetAuditRules
AuthorizationRuleCollection GetAuditRules(bool includeExplicit, bool includeInherited, Type targetType)
Definition DirectoryObjectSecurity.cs:521
System.Security.AccessControl.DirectoryObjectSecurity.AuditRuleFactory
virtual AuditRule AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags, Guid objectType, Guid inheritedObjectType)
Definition DirectoryObjectSecurity.cs:301
System.Security.AccessControl.DirectoryObjectSecurity.AccessRuleFactory
virtual AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type, Guid objectType, Guid inheritedObjectType)
Definition DirectoryObjectSecurity.cs:296
System.Security.AccessControl.DirectoryObjectSecurity.ModifyAudit
bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified)
Definition DirectoryObjectSecurity.cs:243
System.Security.AccessControl.DirectoryObjectSecurity.ModifyAccess
bool ModifyAccess(AccessControlModification modification, ObjectAccessRule rule, out bool modified)
Definition DirectoryObjectSecurity.cs:152
System.Security.AccessControl.DirectoryObjectSecurity.ModifyAccess
override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
Definition DirectoryObjectSecurity.cs:306
System.Security.AccessControl.DirectoryObjectSecurity.GetRules
AuthorizationRuleCollection GetRules(bool access, bool includeExplicit, bool includeInherited, Type targetType)
Definition DirectoryObjectSecurity.cs:34
System.Security.AccessControl.DirectoryObjectSecurity.ModifyAudit
override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
Definition DirectoryObjectSecurity.cs:311
System.Security.AccessControl.DirectoryObjectSecurity.GetAccessRules
AuthorizationRuleCollection GetAccessRules(bool includeExplicit, bool includeInherited, Type targetType)
Definition DirectoryObjectSecurity.cs:516
System.Security.AccessControl.DirectoryObjectSecurity.DirectoryObjectSecurity
DirectoryObjectSecurity(CommonSecurityDescriptor securityDescriptor)
Definition DirectoryObjectSecurity.cs:12
System.Security.AccessControl.KnownAce.SecurityIdentifier
SecurityIdentifier SecurityIdentifier
Definition KnownAce.cs:25
System.Security.Principal.IdentityReferenceCollection.Translate
IdentityReferenceCollection Translate(Type targetType)
Definition IdentityReferenceCollection.cs:93
System.Security.Principal.IdentityReference.Translate
IdentityReference Translate(Type targetType)
System.Guid.Empty
static readonly Guid Empty
Definition Guid.cs:86