Редагувати

Поділитися через


EventWaitHandleSecurity Class

Definition

Represents the Windows access control security applied to a named system wait handle. This class cannot be inherited.

public ref class EventWaitHandleSecurity sealed : System::Security::AccessControl::NativeObjectSecurity
public sealed class EventWaitHandleSecurity : System.Security.AccessControl.NativeObjectSecurity
[System.Security.SecurityCritical]
public sealed class EventWaitHandleSecurity : System.Security.AccessControl.NativeObjectSecurity
type EventWaitHandleSecurity = class
    inherit NativeObjectSecurity
[<System.Security.SecurityCritical>]
type EventWaitHandleSecurity = class
    inherit NativeObjectSecurity
Public NotInheritable Class EventWaitHandleSecurity
Inherits NativeObjectSecurity
Inheritance
Attributes

Examples

The following code example demonstrates the separation between Allow rules and Deny rules, and shows the combination of rights in compatible rules. The example creates an EventWaitHandleSecurity object, adds rules that allow and deny various rights for the current user, and displays the resulting pair of rules. The example then allows new rights for the current user and displays the result, showing that the new rights are merged with the existing Allow rule.

Note

This example does not attach the security object to a EventWaitHandle object. Examples that attach security objects can be found in EventWaitHandle.GetAccessControl and EventWaitHandle.SetAccessControl.

using System;
using System.Threading;
using System.Security.AccessControl;
using System.Security.Principal;

public class Example
{
    public static void Main()
    {
        // Create a string representing the current user.
        string user = Environment.UserDomainName + "\\" + 
            Environment.UserName;

        // Create a security object that grants no access.
        EventWaitHandleSecurity mSec = new EventWaitHandleSecurity();

        // Add a rule that grants the current user the 
        // right to wait on or signal the event.
        EventWaitHandleAccessRule rule = new EventWaitHandleAccessRule(user, 
            EventWaitHandleRights.Synchronize | EventWaitHandleRights.Modify, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that denies the current user the 
        // right to change permissions on the event.
        rule = new EventWaitHandleAccessRule(user, 
            EventWaitHandleRights.ChangePermissions, 
            AccessControlType.Deny);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Add a rule that allows the current user the 
        // right to read permissions on the event. This rule
        // is merged with the existing Allow rule.
        rule = new EventWaitHandleAccessRule(user, 
            EventWaitHandleRights.ReadPermissions, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        ShowSecurity(mSec);
    }

    private static void ShowSecurity(EventWaitHandleSecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach(EventWaitHandleAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)))
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.EventWaitHandleRights);
            Console.WriteLine();
        }
    }
}

/*This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: Modify, Synchronize


Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: Modify, ReadPermissions, Synchronize
 */
Imports System.Threading
Imports System.Security.AccessControl
Imports System.Security.Principal

Public Class Example

    Public Shared Sub Main()

        ' Create a string representing the current user.
        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New EventWaitHandleSecurity()

        ' Add a rule that grants the current user the 
        ' right to wait on or signal the event.
        Dim rule As New EventWaitHandleAccessRule(user, _
            EventWaitHandleRights.Synchronize _
            Or EventWaitHandleRights.Modify, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that denies the current user the 
        ' right to change permissions on the event.
        rule = New EventWaitHandleAccessRule(user, _
            EventWaitHandleRights.ChangePermissions, _
            AccessControlType.Deny)
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Add a rule that allows the current user the 
        ' right to read permissions on the event. This rule
        ' is merged with the existing Allow rule.
        rule = New EventWaitHandleAccessRule(user, _
            EventWaitHandleRights.ReadPermissions, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As EventWaitHandleSecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As EventWaitHandleAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.EventWaitHandleRights)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: Modify, Synchronize
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: Modify, ReadPermissions, Synchronize

Remarks

An EventWaitHandleSecurity object specifies access rights for a named system wait handle, and also specifies the way access attempts are audited. Access rights to the wait handle are expressed as rules, with each access rule represented by an EventWaitHandleAccessRule object. Each auditing rule is represented by an EventWaitHandleAuditRule object.

This mirrors the underlying Windows security system, in which each securable object has at most one discretionary access control list (DACL) that controls access to the secured object, and at most one system access control list (SACL) that specifies which access attempts are audited. The DACL and SACL are ordered lists of access control entries (ACE) that specify access and auditing for users and groups. An EventWaitHandleAccessRule or EventWaitHandleAuditRule object might represent more than one ACE.

Note

An EventWaitHandle object can represent a local wait handle or a named system wait handle. Windows access control security is meaningful only for named system wait handles.

The EventWaitHandleSecurity, EventWaitHandleAccessRule, and EventWaitHandleAuditRule classes hide the implementation details of ACLs and ACEs. They allow you to ignore the seventeen different ACE types and the complexity of correctly maintaining inheritance and propagation of access rights. These objects are also designed to prevent the following common access control errors:

  • Creating a security descriptor with a null DACL. A null reference to a DACL allows any user to add access rules to an object, potentially creating a denial-of-service attack. A new EventWaitHandleSecurity object always starts with an empty DACL, which denies all access for all users.

  • Violating the canonical ordering of ACEs. If the ACE list in the DACL is not kept in the canonical order, users might inadvertently be given access to the secured object. For example, denied access rights must always appear before allowed access rights. EventWaitHandleSecurity objects maintain the correct order internally.

  • Manipulating security descriptor flags, which should be under resource manager control only.

  • Creating invalid combinations of ACE flags.

  • Manipulating inherited ACEs. Inheritance and propagation are handled by the resource manager, in response to changes you make to access and audit rules.

  • Inserting meaningless ACEs into ACLs.

The only capabilities not supported by the .NET security objects are dangerous activities that should be avoided by the majority of application developers, such as the following:

  • Low-level tasks that are normally performed by the resource manager.

  • Adding or removing access control entries in ways that do not maintain the canonical ordering.

To modify Windows access control security for a named wait handle, use the EventWaitHandle.GetAccessControl method to get the EventWaitHandleSecurity object. Modify the security object by adding and removing rules, and then use the EventWaitHandle.SetAccessControl method to reattach it.

Important

Changes you make to an EventWaitHandleSecurity object do not affect the access levels of the named wait handle until you call the EventWaitHandle.SetAccessControl method to assign the altered security object to the named wait handle.

To copy access control security from one wait handle to another, use the EventWaitHandle.GetAccessControl method to get an EventWaitHandleSecurity object representing the access and audit rules for the first wait handle, and then use the EventWaitHandle.SetAccessControl method, or a constructor that accepts an EventWaitHandleSecurity object, to assign those rules to the second wait handle.

Users with an investment in the security descriptor definition language (SDDL) can use the SetSecurityDescriptorSddlForm method to set access rules for a named wait handle, and the GetSecurityDescriptorSddlForm method to obtain a string that represents the access rules in SDDL format. This is not recommended for new development.

Constructors

EventWaitHandleSecurity()

Initializes a new instance of the EventWaitHandleSecurity class with default values.

Properties

AccessRightType

Gets the enumeration type that the EventWaitHandleSecurity class uses to represent access rights.

AccessRulesModified

Gets or sets a Boolean value that specifies whether the access rules associated with this ObjectSecurity object have been modified.

(Inherited from ObjectSecurity)
AccessRuleType

Gets the type that the EventWaitHandleSecurity class uses to represent access rules.

AreAccessRulesCanonical

Gets a Boolean value that specifies whether the access rules associated with this ObjectSecurity object are in canonical order.

(Inherited from ObjectSecurity)
AreAccessRulesProtected

Gets a Boolean value that specifies whether the Discretionary Access Control List (DACL) associated with this ObjectSecurity object is protected.

(Inherited from ObjectSecurity)
AreAuditRulesCanonical

Gets a Boolean value that specifies whether the audit rules associated with this ObjectSecurity object are in canonical order.

(Inherited from ObjectSecurity)
AreAuditRulesProtected

Gets a Boolean value that specifies whether the System Access Control List (SACL) associated with this ObjectSecurity object is protected.

(Inherited from ObjectSecurity)
AuditRulesModified

Gets or sets a Boolean value that specifies whether the audit rules associated with this ObjectSecurity object have been modified.

(Inherited from ObjectSecurity)
AuditRuleType

Gets the type that the EventWaitHandleSecurity class uses to represent audit rules.

GroupModified

Gets or sets a Boolean value that specifies whether the group associated with the securable object has been modified.

(Inherited from ObjectSecurity)
IsContainer

Gets a Boolean value that specifies whether this ObjectSecurity object is a container object.

(Inherited from ObjectSecurity)
IsDS

Gets a Boolean value that specifies whether this ObjectSecurity object is a directory object.

(Inherited from ObjectSecurity)
OwnerModified

Gets or sets a Boolean value that specifies whether the owner of the securable object has been modified.

(Inherited from ObjectSecurity)
SecurityDescriptor

Gets the security descriptor for this instance.

(Inherited from ObjectSecurity)

Methods

AccessRuleFactory(IdentityReference, Int32, Boolean, InheritanceFlags, PropagationFlags, AccessControlType)

Creates a new access control rule for the specified user, with the specified access rights, access control, and flags.

AddAccessRule(AccessRule)

Adds the specified access rule to the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object.

(Inherited from CommonObjectSecurity)
AddAccessRule(EventWaitHandleAccessRule)

Searches for a matching access control rule with which the new rule can be merged. If none are found, adds the new rule.

AddAuditRule(AuditRule)

Adds the specified audit rule to the System Access Control List (SACL) associated with this CommonObjectSecurity object.

(Inherited from CommonObjectSecurity)
AddAuditRule(EventWaitHandleAuditRule)

Searches for an audit rule with which the new rule can be merged. If none are found, adds the new rule.

AuditRuleFactory(IdentityReference, Int32, Boolean, InheritanceFlags, PropagationFlags, AuditFlags)

Creates a new audit rule, specifying the user the rule applies to, the access rights to audit, and the outcome that triggers the audit rule.

Equals(Object)

Determines whether the specified object is equal to the current object.

(Inherited from Object)
GetAccessRules(Boolean, Boolean, Type)

Gets a collection of the access rules associated with the specified security identifier.

(Inherited from CommonObjectSecurity)
GetAuditRules(Boolean, Boolean, Type)

Gets a collection of the audit rules associated with the specified security identifier.

(Inherited from CommonObjectSecurity)
GetGroup(Type)

Gets the primary group associated with the specified owner.

(Inherited from ObjectSecurity)
GetHashCode()

Serves as the default hash function.

(Inherited from Object)
GetOwner(Type)

Gets the owner associated with the specified primary group.

(Inherited from ObjectSecurity)
GetSecurityDescriptorBinaryForm()

Returns an array of byte values that represents the security descriptor information for this ObjectSecurity object.

(Inherited from ObjectSecurity)
GetSecurityDescriptorSddlForm(AccessControlSections)

Returns the Security Descriptor Definition Language (SDDL) representation of the specified sections of the security descriptor associated with this ObjectSecurity object.

(Inherited from ObjectSecurity)
GetType()

Gets the Type of the current instance.

(Inherited from Object)
MemberwiseClone()

Creates a shallow copy of the current Object.

(Inherited from Object)
ModifyAccess(AccessControlModification, AccessRule, Boolean)

Applies the specified modification to the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object.

(Inherited from CommonObjectSecurity)
ModifyAccessRule(AccessControlModification, AccessRule, Boolean)

Applies the specified modification to the Discretionary Access Control List (DACL) associated with this ObjectSecurity object.

(Inherited from ObjectSecurity)
ModifyAudit(AccessControlModification, AuditRule, Boolean)

Applies the specified modification to the System Access Control List (SACL) associated with this CommonObjectSecurity object.

(Inherited from CommonObjectSecurity)
ModifyAuditRule(AccessControlModification, AuditRule, Boolean)

Applies the specified modification to the System Access Control List (SACL) associated with this ObjectSecurity object.

(Inherited from ObjectSecurity)
Persist(Boolean, String, AccessControlSections)

Saves the specified sections of the security descriptor associated with this ObjectSecurity object to permanent storage. We recommend that the values of the includeSections parameters passed to the constructor and persist methods be identical.

(Inherited from ObjectSecurity)
Persist(SafeHandle, AccessControlSections)

Saves the specified sections of the security descriptor associated with this NativeObjectSecurity object to permanent storage. We recommend.persist that the values of the includeSections parameters passed to the constructor and persist methods be identical.

(Inherited from NativeObjectSecurity)
Persist(SafeHandle, AccessControlSections, Object)

Saves the specified sections of the security descriptor associated with this NativeObjectSecurity object to permanent storage. We recommend that the values of the includeSections parameters passed to the constructor and persist methods be identical.

(Inherited from NativeObjectSecurity)
Persist(String, AccessControlSections)

Saves the specified sections of the security descriptor associated with this NativeObjectSecurity object to permanent storage. We recommend that the values of the includeSections parameters passed to the constructor and persist methods be identical.

(Inherited from NativeObjectSecurity)
Persist(String, AccessControlSections, Object)

Saves the specified sections of the security descriptor associated with this NativeObjectSecurity object to permanent storage. We recommend that the values of the includeSections parameters passed to the constructor and persist methods be identical.

(Inherited from NativeObjectSecurity)
PurgeAccessRules(IdentityReference)

Removes all access rules associated with the specified IdentityReference.

(Inherited from ObjectSecurity)
PurgeAuditRules(IdentityReference)

Removes all audit rules associated with the specified IdentityReference.

(Inherited from ObjectSecurity)
ReadLock()

Locks this ObjectSecurity object for read access.

(Inherited from ObjectSecurity)
ReadUnlock()

Unlocks this ObjectSecurity object for read access.

(Inherited from ObjectSecurity)
RemoveAccessRule(AccessRule)

Removes access rules that contain the same security identifier and access mask as the specified access rule from the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object.

(Inherited from CommonObjectSecurity)
RemoveAccessRule(EventWaitHandleAccessRule)

Searches for an access control rule with the same user and AccessControlType (allow or deny) as the specified access rule, and with compatible inheritance and propagation flags; if such a rule is found, the rights contained in the specified access rule are removed from it.

RemoveAccessRuleAll(AccessRule)

Removes all access rules that have the same security identifier as the specified access rule from the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object.

(Inherited from CommonObjectSecurity)
RemoveAccessRuleAll(EventWaitHandleAccessRule)

Searches for all access control rules with the same user and AccessControlType (allow or deny) as the specified rule and, if found, removes them.

RemoveAccessRuleSpecific(AccessRule)

Removes all access rules that exactly match the specified access rule from the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object.

(Inherited from CommonObjectSecurity)
RemoveAccessRuleSpecific(EventWaitHandleAccessRule)

Searches for an access control rule that exactly matches the specified rule and, if found, removes it.

RemoveAuditRule(AuditRule)

Removes audit rules that contain the same security identifier and access mask as the specified audit rule from the System Access Control List (SACL) associated with this CommonObjectSecurity object.

(Inherited from CommonObjectSecurity)
RemoveAuditRule(EventWaitHandleAuditRule)

Searches for an audit rule with the same user as the specified rule, and with compatible inheritance and propagation flags; if a compatible rule is found, the rights contained in the specified rule are removed from it.

RemoveAuditRuleAll(AuditRule)

Removes all audit rules that have the same security identifier as the specified audit rule from the System Access Control List (SACL) associated with this CommonObjectSecurity object.

(Inherited from CommonObjectSecurity)
RemoveAuditRuleAll(EventWaitHandleAuditRule)

Searches for all audit rules with the same user as the specified rule and, if found, removes them.

RemoveAuditRuleSpecific(AuditRule)

Removes all audit rules that exactly match the specified audit rule from the System Access Control List (SACL) associated with this CommonObjectSecurity object.

(Inherited from CommonObjectSecurity)
RemoveAuditRuleSpecific(EventWaitHandleAuditRule)

Searches for an audit rule that exactly matches the specified rule and, if found, removes it.

ResetAccessRule(AccessRule)

Removes all access rules in the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object and then adds the specified access rule.

(Inherited from CommonObjectSecurity)
ResetAccessRule(EventWaitHandleAccessRule)

Removes all access control rules with the same user as the specified rule, regardless of AccessControlType, and then adds the specified rule.

SetAccessRule(AccessRule)

Removes all access rules that contain the same security identifier and qualifier as the specified access rule in the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object and then adds the specified access rule.

(Inherited from CommonObjectSecurity)
SetAccessRule(EventWaitHandleAccessRule)

Removes all access control rules with the same user and AccessControlType (allow or deny) as the specified rule, and then adds the specified rule.

SetAccessRuleProtection(Boolean, Boolean)

Sets or removes protection of the access rules associated with this ObjectSecurity object. Protected access rules cannot be modified by parent objects through inheritance.

(Inherited from ObjectSecurity)
SetAuditRule(AuditRule)

Removes all audit rules that contain the same security identifier and qualifier as the specified audit rule in the System Access Control List (SACL) associated with this CommonObjectSecurity object and then adds the specified audit rule.

(Inherited from CommonObjectSecurity)
SetAuditRule(EventWaitHandleAuditRule)

Removes all audit rules with the same user as the specified rule, regardless of the AuditFlags value, and then adds the specified rule.

SetAuditRuleProtection(Boolean, Boolean)

Sets or removes protection of the audit rules associated with this ObjectSecurity object. Protected audit rules cannot be modified by parent objects through inheritance.

(Inherited from ObjectSecurity)
SetGroup(IdentityReference)

Sets the primary group for the security descriptor associated with this ObjectSecurity object.

(Inherited from ObjectSecurity)
SetOwner(IdentityReference)

Sets the owner for the security descriptor associated with this ObjectSecurity object.

(Inherited from ObjectSecurity)
SetSecurityDescriptorBinaryForm(Byte[])

Sets the security descriptor for this ObjectSecurity object from the specified array of byte values.

(Inherited from ObjectSecurity)
SetSecurityDescriptorBinaryForm(Byte[], AccessControlSections)

Sets the specified sections of the security descriptor for this ObjectSecurity object from the specified array of byte values.

(Inherited from ObjectSecurity)
SetSecurityDescriptorSddlForm(String)

Sets the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string.

(Inherited from ObjectSecurity)
SetSecurityDescriptorSddlForm(String, AccessControlSections)

Sets the specified sections of the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string.

(Inherited from ObjectSecurity)
ToString()

Returns a string that represents the current object.

(Inherited from Object)
WriteLock()

Locks this ObjectSecurity object for write access.

(Inherited from ObjectSecurity)
WriteUnlock()

Unlocks this ObjectSecurity object for write access.

(Inherited from ObjectSecurity)

Applies to

See also