using
System;
using
System.Runtime.InteropServices;
using
System.Windows;
using
System.Windows.Interop;
/// <summary>
/// The ISecurityInformation interface enables the access control editor to communicate with the caller of the CreateSecurityPage and EditSecurity functions. The editor calls the interface methods to retrieve information that is used to initialize its pages and to determine the editing options available to the user. The editor also calls the interface methods to pass the user's input back to the application.
/// </summary>
public
abstract
class
SecurityEditor : ISecurityInformation
{
/// <summary>
/// The GetObjectInformation method requests information that the access control editor uses to initialize its pages and to determine the editing options available to the user.
/// </summary>
/// <param name="object_info" />A pointer to an SI_OBJECT_INFO structure. Your implementation must fill this structure to pass information back to the access control editor.</param>
public
abstract
void
GetObjectInformation(
ref
SI_OBJECT_INFO pObjectInfo);
/// <summary>
/// The GetAccessRights method requests information about the access rights that can be controlled for a securable object. The access control editor calls this method to retrieve display strings and other information used to initialize the property pages. For more information, see Access Rights and Access Masks.
/// </summary>
/// <param name="pguidObjectType" />A pointer to a GUID structure that identifies the type of object for which access rights are being requested. If this parameter is NULL or a pointer to GUID_NULL, return the access rights for the object being edited. Otherwise, the GUID identifies a child object type returned by the ISecurityInformation::GetInheritTypes method. The GUID corresponds to the InheritedObjectType member of an object-specific ACE.</param>
/// <param name="dwFlags" />A set of bit flags that indicate the property page being initialized. This value is zero if the basic security page is being initialized. Otherwise, it is a combination of the following values. </param>
/// <param name="ppAccess" />A pointer to an array of SI_ACCESS structures. The array must include one entry for each access right. You can specify access rights that apply to the object itself, as well as object-specific access rights that apply only to a property set or property on the object.</param>
/// <param name="pcAccesses" />A pointer to ULONG that indicates the number of entries in the ppAccess array.</param>
/// <param name="piDefaultAccess" />A pointer to ULONG that indicates the zero-based index of the array entry that contains the default access rights. The access control editor uses this entry as the initial access rights in a new ACE.</param>
public
abstract
void
GetAccessRight(IntPtr pguidObjectType, SI_ACCESS_RIGHT_FLAG dwFlags,
out
SI_ACCESS[] ppAccess,
ref
uint
pcAccesses,
ref
uint
piDefaultAccess);
/// <summary>
/// The GetSecurity method requests a security descriptor for the securable object whose security descriptor is being edited. The access control editor calls this method to retrieve the object's current or default security descriptor.
/// </summary>
/// <param name="RequestInformation" />A set of SECURITY_INFORMATION bit flags that indicate the parts of the security descriptor being requested. This parameter can be a combination of the following values.</param>
/// <param name="ppSecurityDescriptor" />A pointer to a variable that your implementation must set to a pointer to the object's security descriptor. The security descriptor must include the components requested by the RequestedInformation parameter. The system calls the LocalFree function to free the returned pointer.</param>
/// <param name="fDefault" />If this parameter is TRUE, ppSecurityDescriptor should return an application-defined default security descriptor for the object. The access control editor uses this default security descriptor to reinitialize the property page. The access control editor sets this parameter to TRUE only if the user clicks the Default button. The Default button is displayed only if you set the SI_RESET flag in the ISecurityInformation::GetObjectInformation method. If no default security descriptor is available, do not set the SI_RESET flag. If this flag is FALSE, ppSecurityDescriptor should return the object's current security descriptor.</param>
public
abstract
void
GetSecurity(SI_SECURITY_INFORMATION RequestInformation, IntPtr ppSecurityDescriptor,
bool
fDefault);
/// <summary>
/// The SetSecurity method provides a security descriptor containing the security information the user wants to apply to the securable object. The access control editor calls this method when the user clicks Okay or Apply.
/// </summary>
/// <param name="SecurityInformation" />A set of SECURITY_INFORMATION bit flags that indicate the parts of the security descriptor to set. This parameter can be a combination of the following values. </param>
/// <param name="pSecurityDescriptor" />A pointer to a security descriptor containing the new security information. Do not assume the security descriptor is in self-relative form; it can be either absolute or self-relative.</param>
public
virtual
void
SetSecurity(SI_SECURITY_INFORMATION SecurityInformation, IntPtr pSecurityDescriptor)
{
Store =
true
;
}
/// <summary>
/// The GetInheritTypes method requests information about how ACEs can be inherited by child objects. For more information, see ACE Inheritance.
/// </summary>
/// <param name="ppInheritTypes" />A pointer to a variable you should set to a pointer to an array of SI_INHERIT_TYPE structures. The array should include one entry for each combination of inheritance flags and child object type that you support.</param>
/// <param name="pcInheritTypes" />A pointer to a variable that you should set to indicate the number of entries in the ppInheritTypes array.</param>
public
virtual
void
GetInheritTypes(
ref
SI_INHERIT_TYPE ppInheritTypes, IntPtr pcInheritTypes)
{
}
/// <summary>
/// The PropertySheetPageCallback method notifies an EditSecurity or CreateSecurityPage caller that an access control editor property page is being created or destroyed.
/// </summary>
/// <param name="hwnd" />If uMsg is PSPCB_SI_INITDIALOG, hwnd is a handle to the property page dialog box. Otherwise, hwnd is NULL.</param>
/// <param name="uMsg" />Identifies the message being received. This parameter is one of the following values.
/// <param name="uPage" />A value from the SI_PAGE_TYPE enumeration type that indicates the type of access control editor property page being created or destroyed.</param>
public
virtual
void
PropertySheetPageCallback(IntPtr hwnd,
int
uMsg, SI_PAGE_TYPE uPage)
{
}
/// <summary>
/// The MapGeneric method requests that the generic access rights in an access mask be mapped to their corresponding standard and specific access rights. For more information about generic, standard, and specific access rights, see Access Rights and Access Masks.
/// </summary>
/// <param name="pguidObjectType" />A pointer to a GUID structure that identifies the type of object to which the access mask applies. If this member is NULL or a pointer to GUID_NULL, the access mask applies to the object itself.</param>
/// <param name="pAceFlags" />A pointer to the AceFlags member of the ACE_HEADER structure from the ACE whose access mask is being mapped.</param>
/// <param name="pMask" />A pointer to an access mask that contains the generic access rights to map. Your implementation must map the generic access rights to the corresponding standard and specific access rights for the specified object type.</param>
public
virtual
void
MapGeneric(IntPtr pguidObjectType, IntPtr pAceFlags, IntPtr pMask)
{
}
/// <summary>
/// Shows the Security Editor as a modal dialog box with the specified owner.
/// </summary>
/// <param name="owner">Any object that implements Window that represents the top-level window that will own the modal dialog box. </param>
/// <returns>TRUE if the user has changed the Security Descriptor, otherwise FALSE.</returns>
public
bool
ShowDialog(Window owner)
{
EditSecurity((owner ==
null
? IntPtr.Zero :
new
WindowInteropHelper(owner).Handle),
this
);
return
_Store;
}
#region Protected Area
protected
const
uint
SDDL_REVISION_1 = 1;
protected
const
uint
S_OK = 0;
protected
const
uint
E_ACCESSDENIED = 0x80070005;
[DllImport(
"advapi32.dll"
)]
protected
static
extern
void
MapGenericMask(IntPtr Mask,
ref
GENERIC_MAPPING map);
[DllImport(
"advapi32.dll"
, SetLastError =
true
, CharSet = CharSet.Unicode)]
protected
static
extern
bool
ConvertStringSecurityDescriptorToSecurityDescriptor([In] IntPtr pStringSd, [In]
uint
dwRevision, [In][Out] IntPtr pSecurityDescriptor, [Out]
out
uint
SecurityDescriptorSize);
[DllImport(
"advapi32.dll"
, SetLastError =
true
, CharSet = CharSet.Unicode)]
protected
static
extern
bool
ConvertSecurityDescriptorToStringSecurityDescriptor(IntPtr SecurityDescriptor,
uint
StringSDRevision, SI_SECURITY_INFORMATION SecurityInformation,
out
IntPtr StringSecurityDescriptor,
out
uint
StringSecurityDescriptorSize);
#endregion
#region Private Area
[DllImport(
"aclui.dll"
)]
private
static
extern
bool
EditSecurity(IntPtr hwnd, ISecurityInformation psi);
private
bool
_Store =
false
;
#endregion
}
Kommentare
Ich arbeite zwar mit VisualBasic, aber dein Code ist schon sehr hilfreich :)