Authz创建的非托管资源

Authz创建的非托管资源

本文介绍了Authz创建的非托管资源的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 29岁程序员,3月因学历无情被辞! 我一直致力于应用程序,我需要计算特定共享文件或文件夹的用户的有效访问权限,并且我已成功使用Authz.dll实现了它。我现在面临的问题与authz.dll创建的非托管资源有关我已经尝试了一切来清除这些资源,但我没有这样做。我使用dll提供的方法清除资源但仍然无法清除它我正在使用这些方法来清除内存。 if(AccessReply!= IntPtr.Zero) flag = AuthzFreeHandle(AccessReply); if(hManager!= IntPtr.Zero) flag = AuthzFreeResourceManager(hManager); if(pClientContext!= IntPtr.Zero) flag = AuthzFreeContext(pClientContext); AuthzFreeCentralAccessPolicyCache(); 使用Imanami.GroupID.DataTransferObjects.DataContracts.Replication; 使用System; 使用System.Collections.Generic; 使用System.Runtime.InteropServices; 使用System.Security.Principal; 名称空间EffectiveRightsUsingAuthzAPI {公共类助手 { [DllImport(" advapi32.dll",SetLastError = true)] static extern uint GetEffectiveRightsFromAcl(IntPtr pDacl,ref TRUSTEE pTrustee,ref ACCESS_MASK pAccessRights); [StructLayout(LayoutKind.Sequential,CharSet = CharSet.Auto,Pack = 4)] struct TRUSTEE { IntPtr pMultipleTrustee; //必须为null public int MultipleTrusteeOperation; public TRUSTEE_FORM TrusteeForm; public TRUSTEE_TYPE TrusteeType; [MarshalAs(UnmanagedType.LPStr)] public string ptstrName; } [StructLayout(LayoutKind.Sequential,CharSet = CharSet.Auto,Pack = 4)] public struct LUID { public uint LowPart; public int HighPart; } [StructLayout(LayoutKind.Sequential)] public struct AUTHZ_ACCESS_REQUEST { public int DesiredAccess; public byte [] PrincipalSelfSid; public OBJECT_TYPE_LIST [] ObjectTypeList; public int ObjectTypeListLength; public IntPtr OptionalArguments; }; [StructLayout(LayoutKind.Sequential)] public struct OBJECT_TYPE_LIST { OBJECT_TYPE_LEVEL等级; int Sbz; IntPtr ObjectType; }; [StructLayout(LayoutKind.Sequential)] public struct AUTHZ_ACCESS_REPLY { public int ResultListLength; public IntPtr GrantedAccessMask; public IntPtr SaclEvaluationResults; public IntPtr Error; }; public enum OBJECT_TYPE_LEVEL:int { ACCESS_OBJECT_GUID = 0, ACCESS_PROPERTY_SET_GUID = 1, ACCESS_PROPERTY_GUID = 2, ACCESS_MAX_LEVEL = 4 }; enum TRUSTEE_FORM { TRUSTEE_IS_SID, TRUSTEE_IS_NAME, TRUSTEE_BAD_FORM, TRUSTEE_IS_OBJECTS_AND_SID, TRUSTEE_IS_OBJECTS_AND_NAME } enum AUTHZ_RM_FLAG:uint { AUTHZ_RM_FLAG_NO_AUDIT = 1, AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION = 2, AUTHZ_RM_FLAG_NO_CENTRAL_ACCESS_POLICIES = 4,} enum TRUSTEE_TYPE { TRUSTEE_IS_UNKNOWN, TRUSTEE_IS_USER, TRUSTEE_IS_GROUP, TRUSTEE_IS_DOMAIN, TRUSTEE_IS_ALIAS, TRUSTEE_IS_WELL_KNOWN_GROUP, TRUSTEE_IS_DELETED, TRUSTEE_IS_INVALID, TRUSTEE_IS_COMPUTER } [DllImport(" advapi32.dll",CharSet = CharSet.Auto)] st atic extern uint GetNamedSecurityInfo( string pObjectName, SE_ODJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, out IntPtr pSidOwner, out IntPtr pSidGroup, out IntPtr pDacl, out IntPtr pSacl, out IntPtr pSecurityDescriptor); [DllImport(" authz.dll",SetLastError = true,CallingConvention = CallingConvention.StdCall,EntryPoint =" AuthzInitializeContextFromSid",CharSet = CharSet.Unicode)] static extern public bool AuthzInitializeContextFromSid( int Flags, IntPtr UserSid, IntPtr AuthzResourceManager, IntPtr pExpirationTime, LUID Identitifier, IntPtr DynamicGroupArgs, out IntPtr pAuthzClientContext ); [DllImport(" authz.dll",SetLastError = true,CallingConvention = CallingConvention.StdCall,EntryPoint =" AuthzInitializeResourceManager",CharSet = CharSet.Unicode)] static extern public bool AuthzInitializeResourceManager( int flags, IntPtr pfnAccessCheck, IntPtr pfnComputeDynamicGroups, IntPtr pfnFreeDynamicGroups, string name, out IntPtr rm ); [DllImport(" authz.dll",SetLastError = true,CallingConvention = CallingConvention.StdCall,EntryPoint =" AuthzFreeResourceManager",CharSet = CharSet.Unicode)] static extern public bool AuthzFreeResourceManager(IntPtr hManager ); [DllImport(" authz.dll",SetLastError = true,CallingConvention = CallingConvention.StdCall,EntryPoint =" AuthzFreeHandle",CharSet = CharSet.Unicode)] static extern public bool AuthzFreeHandle(IntPtr hAccessCheckResults); [DllImport(" authz.dll",SetLastError = true,CallingConvention = CallingConvention.StdCall,EntryPoint =" AuthzFreeContext",CharSet = CharSet.Unicode)] static extern public bool AuthzFreeContext(IntPtr hAuthzClientContext); [DllImport(" authz.dll",SetLastError = true,CallingConvention = CallingConvention.StdCall,EntryPoint =" AuthzFreeCentralAccessPolicyCache",CharSet = CharSet.Unicode)] static extern public bool AuthzFreeCentralAccessPolicyCache(); [DllImport(" authz.dll",EntryPoint =" AuthzAccessCheck",CharSet = CharSet.Unicode,ExactSpelling = true,SetLastError = true)] private static extern bool AuthzAccessCheck( int flags, IntPtr hAuthzClientContext, ref AUTHZ_ACCESS_REQUEST pRequest, IntPtr AuditEvent, IntPtr pSecurityDescriptor, byte [] OptionalSecurityDescriptorArray, int OptionalSecurityDescriptorCount, ref AUTHZ_ACCESS_REPLY pReply, out IntPtr phAccessCheckResults); enum ACCESS_MASK:uint { FILE_TRAVERSE = 0x20, FILE_LIST_DIRECTORY = 0x1, FILE_READ_DATA = 0x1, FILE_READ_ATTRIBUTES = 0x80, FILE_READ_EA = 0x8, FILE_ADD_FILE = 0x2, FILE_WRITE_DATA = 0x2, FILE_ADD_SUBDIRECTORY = 0x4, FILE_APPEND_DATA = 0x4, FILE_WRITE_ATTRIBUTES = 0x100, FILE_WRITE_EA = 0x10, FILE_DELETE_CHILD = 0x40, DELETE = 0x10000, READ_CONTROL = 0x20000, WRITE_DAC = 0x40000, WRITE_OWNER = 0x80000, //////// FILE_EXECUTE = 0x20,} [标志] enum SECURITY_INFORMATION:uint { OWNER_SECURITY_INFORMATION = 0x00000001, GROUP_SECURITY_INFORMATION = 0x00000002, DACL_SECURITY_INFORMATION = 0x00000004, SACL_SECURITY_INFORMATION = 0x00000008, UNPROTECTED_SACL_SECURITY_INFORMATION = 0x10000000, UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000, PROTECTED_SACL_SECURITY_INFORMATION = 0x40000000, PROTECTED_DACL_SECURITY_INFORMATION = 0x80000000 } enum SE_OBJECT_TYPE { SE_UNKNOWN_OBJECT_TYPE = 0, SE_FILE_OBJECT, SE_SERVICE, SE_PRINTER, SE_REGISTRY_KEY, SE_LMSHARE , SE_KERNEL_OBJECT, SE_WINDOW_OBJECT, SE_DS_OBJECT, SE_DS_OBJECT_ALL, SE_PROVIDER_DEFINED_OBJECT, SE_WMIGUID_OBJECT, SE_REGISTRY_WOW64_32KEY } public static PermissionValues GetEffectivePermissio ns(字符串UserName,字符串Path,out字符串object_sid) { List< string> result = new List< string>(); IntPtr pSidOwner,pSidGroup,pDacl,pSacl,pSecurityDescriptor; ACCESS_MASK mask = new ACCESS_MASK(); uint ret = GetNamedSecurityInfo(路径, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION | SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION | SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION, out pSidOwner,out pSidGroup,out pDacl,out pSacl ,pSecurityDescriptor); IntPtr hManager = IntPtr.Zero; bool f = AuthzInitializeResourceManager(1,IntPtr.Zero,IntPtr.Zero,IntPtr.Zero,null,out hManager); NTAccount ac = new NTAccount(UserName); SecurityIdentifier sid; if(Imanami.PermissionProvider.FileSystem.Helper.isObjectSID(UserName)) sid = new SecurityIdentifier(UserName); else sid =(SecurityIdentifier)ac.Translate(typeof(SecurityIdentifier)); object_sid = sid.Value; byte [] bytes = new byte [sid.BinaryLength]; sid.GetBinaryForm(bytes,0); String _psUserSid ="" ;; foreach(字节si,以字节为单位) { _psUserSid + = si; } LUID unusedSid = new LUID(); IntPtr UserSid = Marshal.AllocHGlobal(bytes.Length); Marshal.Copy(bytes,0,UserSid,bytes.Length); IntPtr pClientContext = IntPtr.Zero; if(f) { f = AuthzInitializeContextFromSid(0,UserSid,hManager,IntPtr.Zero,unusedSid,IntPtr.Zero,out pClientContext); AUTHZ_ACCESS_REQUEST request = new AUTHZ_ACCESS_REQUEST(); request.DesiredAccess = 0x02000000; request.PrincipalSelfSid = null; request.ObjectTypeList = null; request.ObjectTypeListLength = 0; request.OptionalArguments = IntPtr.Zero; AUTHZ_ACCESS_REPLY reply = new AUTHZ_ACCESS_REPLY(); reply.GrantedAccessMask = IntPtr.Zero; reply.ResultListLength = 0; reply.SaclEvaluationResults = IntPtr.Zero; IntPtr AccessReply = IntPtr.Zero; reply.Error = Marshal.AllocHGlobal(1020); reply.GrantedAccessMask = Marshal.AllocHGlobal(sizeof(uint)); reply.ResultListLength = 1; int i = 0; Dictionary< String,String> rightsmap = new Dictionary< String,String>(); List< string> effectivePermissionList = new List< string>(); string [] rights = new string [14] {" Full Control"," Traverse Folder / execute file"," List folder / read data"," Read attributes"," Read extended attributes" ;,"创建文件/写入文件","创建文件夹/附加数据","写入属性","写入扩展属性","删除子文件夹和文件","删除","读取权限" ;,"更改权限","取得所有权" }; rightsmap.Add(" FILE_TRAVERSE"," Traverse Folder / execute file"); rightsmap.Add(" FILE_LIST_DIRECTORY"," List folder / read data"); rightsmap.Add(" FILE_READ_DATA"," List folder / read data"); rightsmap.Add(" FILE_READ_ATTRIBUTES"," Read attributes"); rightsmap.Add(" FILE_READ_EA"," Read extended attributes"); rightsmap.Add(" FILE_ADD_FILE"," Create files / write files"); rightsmap.Add(" FILE_WRITE_DATA"," Create files / write files"); rightsmap.Add(" FILE_ADD_SUBDIRECTORY"," Create folders / append data"); rightsmap.Add(" FILE_APPEND_DATA"," Create folders / append data"); rightsmap.Add(" FILE_WRITE_ATTRIBUTES"," Write attributes"); rightsmap.Add(" FILE_WRITE_EA"," Write extended attributes"); rightsmap.Add(" FILE_DELETE_CHILD"," Delete subfolders and files"); rightsmap.Add(" DELETE"," Delete"); rightsmap.Add(" READ_CONTROL"," Read permission"); rightsmap.Add(" WRITE_DAC"," Change permission"); rightsmap.Add(" WRITE_OWNER"," Take ownership"); f = AuthzAccessCheck(0,pClientContext,ref request,IntPtr.Zero,pSecurityDescriptor,null,0,ref reply,out AccessReply); if(f) { int granted_access = Marshal.ReadInt32(reply.GrantedAccessMask); mask =(ACCESS_MASK)granted_access; foreach(Enum.GetValues中的ACCESS_MASK项目(typeof(ACCESS_MASK))) { if((mask& item)== item) { effectivePermissionList.Add(rightsmap [item.ToString()]); i ++; } } } //清除内存 { Marshal.FreeHGlobal(reply.GrantedAccessMask); if(reply.Error!= IntPtr.Zero) Marshal.FreeHGlobal(reply.Error); if(UserSid!= IntPtr.Zero) Marshal.FreeHGlobal(UserSid); if(pSidOwner!= IntPtr.Zero) Marshal.Release(pSidOwner); if(pSidGroup!= IntPtr.Zero) Marshal.Release(pSidGroup); if(pDacl!= IntPtr.Zero) Marshal.Release(pDacl); if(pSacl!= IntPtr.Zero) Marshal.Release(pSacl); if(pSecurityDescriptor!= IntPtr.Zero) Marshal.Release(pSecurityDescriptor); if(reply.SaclEvaluationResults!= IntPtr.Zero) Marshal.FinalReleaseComObject(reply.SaclEvaluationResults); if(request.OptionalArguments!= IntPtr.Zero) Marshal.FinalReleaseComObject(request.OptionalArguments); bool flag = false; if(AccessReply!= IntPtr.Zero) flag = AuthzFreeHandle(AccessReply); if(hManager!= IntPtr.Zero) flag = AuthzFreeResourceManager(hManager); if(pClientContext!= IntPtr.Zero) flag = AuthzFreeContext(pClientContext); AuthzFreeCentralAccessPolicyCache(); } if(i == 16) { effectivePermissionList.Insert(0,"Full Control"); 返回PermissionValues.FULL_CONTROL; } PermissionValues per = PermissionValues.NONE; foreach(有效传递列表中的字符串r) { switch(r) { case" Traverse Folder / execute file": per | = PermissionValues.FILE_TRAVERSE; 休息; case" List folder / read data" ;: per | = PermissionValues.FILE_LIST_DIRECTORY; 休息; case" Read attributes" ;: per | = PermissionValues.FILE_READ_ATTRIBUTES; 休息; case" Read extended attributes" ;: per | = PermissionValues.FILE_READ_EA; 休息; case" Create files / write files" ;: per | = PermissionValues.FILE_ADD_FILE; 休息; case" Create files / write files" ;: per | = PermissionValues.FILE_WRITE_DATA; 休息; case" Create folders / append data" ;: per | =(PermissionValues.FILE_ADD_SUBDIRECTORY | PermissionValues.FILE_APPEND_DATA); 休息; case" Write attributes" ;: per | = PermissionValues.FILE_WRITE_ATTRIBUTES; 休息; case" Write extended attributes" ;: per | = PermissionValues.FILE_WRITE_EA; 休息; case"删除子文件夹和文件": per | = PermissionValues.FILE_DELETE_CHILD; 休息; case" Delete": per | = PermissionValues.DELETE; 休息; case" Read permission" ;: per | = PermissionValues.READ_CONTROL; 休息; case" Change permission" ;: per | = PermissionValues.WRITE_DAC; 休息; case"取得所有权": per | = PermissionValues.WRITE_OWNER; 休息; } } 每回报; } 返回PermissionValues.NONE; } } } 解决方案 I've been working on application where I need to calculate Effective access of user of specific shared File or Folder and I've successfully achieved it by using the Authz.dll . The problem I'm facing now is related to unmanaged resources created by authz.dll I've tried everything to clear those resources but I'm failed to do so. I used the methods provided by dll to clear resources but still unable to clear them I'm using these methods to clear the memory.if (AccessReply != IntPtr.Zero) flag = AuthzFreeHandle(AccessReply);if (hManager != IntPtr.Zero) flag = AuthzFreeResourceManager(hManager);if (pClientContext != IntPtr.Zero) flag = AuthzFreeContext(pClientContext);AuthzFreeCentralAccessPolicyCache();using Imanami.GroupID.DataTransferObjects.DataContracts.Replication;using System;using System.Collections.Generic;using System.Runtime.InteropServices;using System.Security.Principal;namespace EffectiveRightsUsingAuthzAPI{ public class Helper { [DllImport("advapi32.dll", SetLastError = true)] static extern uint GetEffectiveRightsFromAcl(IntPtr pDacl, ref TRUSTEE pTrustee, ref ACCESS_MASK pAccessRights); [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto, Pack = 4)] struct TRUSTEE { IntPtr pMultipleTrustee; // must be null public int MultipleTrusteeOperation; public TRUSTEE_FORM TrusteeForm; public TRUSTEE_TYPE TrusteeType; [MarshalAs(UnmanagedType.LPStr)] public string ptstrName; } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto, Pack = 4)] public struct LUID { public uint LowPart; public int HighPart; } [StructLayout(LayoutKind.Sequential)] public struct AUTHZ_ACCESS_REQUEST { public int DesiredAccess; public byte[] PrincipalSelfSid; public OBJECT_TYPE_LIST[] ObjectTypeList; public int ObjectTypeListLength; public IntPtr OptionalArguments; }; [StructLayout(LayoutKind.Sequential)] public struct OBJECT_TYPE_LIST { OBJECT_TYPE_LEVEL Level; int Sbz; IntPtr ObjectType; }; [StructLayout(LayoutKind.Sequential)] public struct AUTHZ_ACCESS_REPLY { public int ResultListLength; public IntPtr GrantedAccessMask; public IntPtr SaclEvaluationResults; public IntPtr Error; }; public enum OBJECT_TYPE_LEVEL : int { ACCESS_OBJECT_GUID = 0, ACCESS_PROPERTY_SET_GUID = 1, ACCESS_PROPERTY_GUID = 2, ACCESS_MAX_LEVEL = 4 }; enum TRUSTEE_FORM { TRUSTEE_IS_SID, TRUSTEE_IS_NAME, TRUSTEE_BAD_FORM, TRUSTEE_IS_OBJECTS_AND_SID, TRUSTEE_IS_OBJECTS_AND_NAME } enum AUTHZ_RM_FLAG : uint { AUTHZ_RM_FLAG_NO_AUDIT = 1, AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION = 2, AUTHZ_RM_FLAG_NO_CENTRAL_ACCESS_POLICIES = 4, } enum TRUSTEE_TYPE { TRUSTEE_IS_UNKNOWN, TRUSTEE_IS_USER, TRUSTEE_IS_GROUP, TRUSTEE_IS_DOMAIN, TRUSTEE_IS_ALIAS, TRUSTEE_IS_WELL_KNOWN_GROUP, TRUSTEE_IS_DELETED, TRUSTEE_IS_INVALID, TRUSTEE_IS_COMPUTER } [DllImport("advapi32.dll", CharSet = CharSet.Auto)] static extern uint GetNamedSecurityInfo( string pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, out IntPtr pSidOwner, out IntPtr pSidGroup, out IntPtr pDacl, out IntPtr pSacl, out IntPtr pSecurityDescriptor); [DllImport("authz.dll", SetLastError = true, CallingConvention = CallingConvention.StdCall, EntryPoint = "AuthzInitializeContextFromSid", CharSet = CharSet.Unicode)] static extern public bool AuthzInitializeContextFromSid( int Flags, IntPtr UserSid, IntPtr AuthzResourceManager, IntPtr pExpirationTime, LUID Identitifier, IntPtr DynamicGroupArgs, out IntPtr pAuthzClientContext ); [DllImport("authz.dll", SetLastError = true, CallingConvention = CallingConvention.StdCall, EntryPoint = "AuthzInitializeResourceManager", CharSet = CharSet.Unicode)] static extern public bool AuthzInitializeResourceManager( int flags, IntPtr pfnAccessCheck, IntPtr pfnComputeDynamicGroups, IntPtr pfnFreeDynamicGroups, string name, out IntPtr rm ); [DllImport("authz.dll", SetLastError = true, CallingConvention = CallingConvention.StdCall, EntryPoint = "AuthzFreeResourceManager", CharSet = CharSet.Unicode)] static extern public bool AuthzFreeResourceManager(IntPtr hManager); [DllImport("authz.dll", SetLastError = true, CallingConvention = CallingConvention.StdCall, EntryPoint = "AuthzFreeHandle", CharSet = CharSet.Unicode)] static extern public bool AuthzFreeHandle(IntPtr hAccessCheckResults); [DllImport("authz.dll", SetLastError = true, CallingConvention = CallingConvention.StdCall, EntryPoint = "AuthzFreeContext", CharSet = CharSet.Unicode)] static extern public bool AuthzFreeContext(IntPtr hAuthzClientContext); [DllImport("authz.dll", SetLastError = true, CallingConvention = CallingConvention.StdCall, EntryPoint = "AuthzFreeCentralAccessPolicyCache", CharSet = CharSet.Unicode)] static extern public bool AuthzFreeCentralAccessPolicyCache(); [DllImport("authz.dll", EntryPoint = "AuthzAccessCheck", CharSet = CharSet.Unicode, ExactSpelling = true, SetLastError = true)] private static extern bool AuthzAccessCheck(int flags, IntPtr hAuthzClientContext, ref AUTHZ_ACCESS_REQUEST pRequest, IntPtr AuditEvent, IntPtr pSecurityDescriptor, byte[] OptionalSecurityDescriptorArray, int OptionalSecurityDescriptorCount, ref AUTHZ_ACCESS_REPLY pReply, out IntPtr phAccessCheckResults); enum ACCESS_MASK : uint { FILE_TRAVERSE = 0x20, FILE_LIST_DIRECTORY = 0x1, FILE_READ_DATA = 0x1, FILE_READ_ATTRIBUTES = 0x80, FILE_READ_EA = 0x8, FILE_ADD_FILE = 0x2, FILE_WRITE_DATA = 0x2, FILE_ADD_SUBDIRECTORY = 0x4, FILE_APPEND_DATA = 0x4, FILE_WRITE_ATTRIBUTES = 0x100, FILE_WRITE_EA = 0x10, FILE_DELETE_CHILD = 0x40, DELETE = 0x10000, READ_CONTROL = 0x20000, WRITE_DAC = 0x40000, WRITE_OWNER = 0x80000, ////////FILE_EXECUTE =0x20, } [Flags] enum SECURITY_INFORMATION : uint { OWNER_SECURITY_INFORMATION = 0x00000001, GROUP_SECURITY_INFORMATION = 0x00000002, DACL_SECURITY_INFORMATION = 0x00000004, SACL_SECURITY_INFORMATION = 0x00000008, UNPROTECTED_SACL_SECURITY_INFORMATION = 0x10000000, UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000, PROTECTED_SACL_SECURITY_INFORMATION = 0x40000000, PROTECTED_DACL_SECURITY_INFORMATION = 0x80000000 } enum SE_OBJECT_TYPE { SE_UNKNOWN_OBJECT_TYPE = 0, SE_FILE_OBJECT, SE_SERVICE, SE_PRINTER, SE_REGISTRY_KEY, SE_LMSHARE, SE_KERNEL_OBJECT, SE_WINDOW_OBJECT, SE_DS_OBJECT, SE_DS_OBJECT_ALL, SE_PROVIDER_DEFINED_OBJECT, SE_WMIGUID_OBJECT, SE_REGISTRY_WOW64_32KEY } public static PermissionValues GetEffectivePermissions(string UserName, string Path, out string object_sid) { List<string> result = new List<string>(); IntPtr pSidOwner, pSidGroup, pDacl, pSacl, pSecurityDescriptor; ACCESS_MASK mask = new ACCESS_MASK(); uint ret = GetNamedSecurityInfo(Path, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION | SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION | SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION, out pSidOwner, out pSidGroup, out pDacl, out pSacl, out pSecurityDescriptor); IntPtr hManager = IntPtr.Zero; bool f = AuthzInitializeResourceManager(1, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, null, out hManager); NTAccount ac = new NTAccount(UserName); SecurityIdentifier sid; if (Imanami.PermissionProvider.FileSystem.Helper.isObjectSID(UserName)) sid = new SecurityIdentifier(UserName); else sid = (SecurityIdentifier)ac.Translate(typeof(SecurityIdentifier)); object_sid = sid.Value; byte[] bytes = new byte[sid.BinaryLength]; sid.GetBinaryForm(bytes, 0); String _psUserSid = ""; foreach (byte si in bytes) { _psUserSid += si; } LUID unusedSid = new LUID(); IntPtr UserSid = Marshal.AllocHGlobal(bytes.Length); Marshal.Copy(bytes, 0, UserSid, bytes.Length); IntPtr pClientContext = IntPtr.Zero; if (f) { f = AuthzInitializeContextFromSid(0, UserSid, hManager, IntPtr.Zero, unusedSid, IntPtr.Zero, out pClientContext); AUTHZ_ACCESS_REQUEST request = new AUTHZ_ACCESS_REQUEST(); request.DesiredAccess = 0x02000000; request.PrincipalSelfSid = null; request.ObjectTypeList = null; request.ObjectTypeListLength = 0; request.OptionalArguments = IntPtr.Zero; AUTHZ_ACCESS_REPLY reply = new AUTHZ_ACCESS_REPLY(); reply.GrantedAccessMask = IntPtr.Zero; reply.ResultListLength = 0; reply.SaclEvaluationResults = IntPtr.Zero; IntPtr AccessReply = IntPtr.Zero; reply.Error = Marshal.AllocHGlobal(1020); reply.GrantedAccessMask = Marshal.AllocHGlobal(sizeof(uint)); reply.ResultListLength = 1; int i = 0; Dictionary<String, String> rightsmap = new Dictionary<String, String>(); List<string> effectivePermissionList = new List<string>(); string[] rights = new string[14] { "Full Control", "Traverse Folder / execute file", "List folder / read data", "Read attributes", "Read extended attributes", "Create files / write files", "Create folders / append data", "Write attributes", "Write extended attributes", "Delete subfolders and files", "Delete", "Read permission", "Change permission", "Take ownership" }; rightsmap.Add("FILE_TRAVERSE", "Traverse Folder / execute file"); rightsmap.Add("FILE_LIST_DIRECTORY", "List folder / read data"); rightsmap.Add("FILE_READ_DATA", "List folder / read data"); rightsmap.Add("FILE_READ_ATTRIBUTES", "Read attributes"); rightsmap.Add("FILE_READ_EA", "Read extended attributes"); rightsmap.Add("FILE_ADD_FILE", "Create files / write files"); rightsmap.Add("FILE_WRITE_DATA", "Create files / write files"); rightsmap.Add("FILE_ADD_SUBDIRECTORY", "Create folders / append data"); rightsmap.Add("FILE_APPEND_DATA", "Create folders / append data"); rightsmap.Add("FILE_WRITE_ATTRIBUTES", "Write attributes"); rightsmap.Add("FILE_WRITE_EA", "Write extended attributes"); rightsmap.Add("FILE_DELETE_CHILD", "Delete subfolders and files"); rightsmap.Add("DELETE", "Delete"); rightsmap.Add("READ_CONTROL", "Read permission"); rightsmap.Add("WRITE_DAC", "Change permission"); rightsmap.Add("WRITE_OWNER", "Take ownership"); f = AuthzAccessCheck(0, pClientContext, ref request, IntPtr.Zero, pSecurityDescriptor, null, 0, ref reply, out AccessReply); if (f) { int granted_access = Marshal.ReadInt32(reply.GrantedAccessMask); mask = (ACCESS_MASK)granted_access; foreach (ACCESS_MASK item in Enum.GetValues(typeof(ACCESS_MASK))) { if ((mask & item) == item) { effectivePermissionList.Add(rightsmap[item.ToString()]); i++; } } } //Clear Memory { Marshal.FreeHGlobal(reply.GrantedAccessMask); if (reply.Error != IntPtr.Zero) Marshal.FreeHGlobal(reply.Error); if (UserSid != IntPtr.Zero) Marshal.FreeHGlobal(UserSid); if (pSidOwner != IntPtr.Zero) Marshal.Release(pSidOwner); if (pSidGroup != IntPtr.Zero) Marshal.Release(pSidGroup); if (pDacl != IntPtr.Zero) Marshal.Release(pDacl); if (pSacl != IntPtr.Zero) Marshal.Release(pSacl); if (pSecurityDescriptor != IntPtr.Zero) Marshal.Release(pSecurityDescriptor); if (reply.SaclEvaluationResults != IntPtr.Zero) Marshal.FinalReleaseComObject(reply.SaclEvaluationResults); if (request.OptionalArguments != IntPtr.Zero) Marshal.FinalReleaseComObject(request.OptionalArguments); bool flag = false; if (AccessReply != IntPtr.Zero) flag = AuthzFreeHandle(AccessReply); if (hManager != IntPtr.Zero) flag = AuthzFreeResourceManager(hManager); if (pClientContext != IntPtr.Zero) flag = AuthzFreeContext(pClientContext); AuthzFreeCentralAccessPolicyCache(); } if (i == 16) { effectivePermissionList.Insert(0, "Full Control"); return PermissionValues.FULL_CONTROL; } PermissionValues per = PermissionValues.NONE; foreach (string r in effectivePermissionList) { switch (r) { case "Traverse Folder / execute file": per |= PermissionValues.FILE_TRAVERSE; break; case "List folder / read data": per |= PermissionValues.FILE_LIST_DIRECTORY; break; case "Read attributes": per |= PermissionValues.FILE_READ_ATTRIBUTES; break; case "Read extended attributes": per |= PermissionValues.FILE_READ_EA; break; case "Create files / write files": per |= PermissionValues.FILE_ADD_FILE; break; case "Create files / write files": per |= PermissionValues.FILE_WRITE_DATA; break; case "Create folders / append data": per |= (PermissionValues.FILE_ADD_SUBDIRECTORY | PermissionValues.FILE_APPEND_DATA); break; case "Write attributes": per |= PermissionValues.FILE_WRITE_ATTRIBUTES; break; case "Write extended attributes": per |= PermissionValues.FILE_WRITE_EA; break; case "Delete subfolders and files": per |= PermissionValues.FILE_DELETE_CHILD; break; case "Delete": per |= PermissionValues.DELETE; break; case "Read permission": per |= PermissionValues.READ_CONTROL; break; case "Change permission": per |= PermissionValues.WRITE_DAC; break; case "Take ownership": per |= PermissionValues.WRITE_OWNER; break; } } return per; } return PermissionValues.NONE; } }} 解决方案 这篇关于Authz创建的非托管资源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云!
06-17 05:03