在前面的内存映射文件与用户权限 :) 文章中,我提到了使用IIS的身份模拟来使用通过SharedMemoryEx生成的内存映射文件...
这种做法可以解决一时的问题,不能真正长久的解决问题.
在前一个文章MutexEx 中,Mutex的创建,使用也要对其权限进行设置..同样的,如果我们想在不同的帐号使用这个Mutex,我们可能也不得不使用另一种方式的身份模拟.
在Win32中,我们可以通过创建 NULL DACL来创建一个Everyone的ACL列表,通过这个列表,我们就可以创建一个对系统的Everyone都可以访问/使用的内存映射文件/Mutex了:)
在Win32中,我们要创建这样的一结构,代码通常是下面这样:
SECURITY_ATTRIBUTES sa;
SECURITY_DESCRIPTOR sd;
InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = &sd;
return &sa;
SECURITY_DESCRIPTOR sd;
InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = &sd;
return &sa;
在.NET中,我们同样要创建这样一个结构,我们先得通过P/Invoke定义相应的结构..
对于SECURITY_ATTRIBUTES:
[StructLayout(LayoutKind.Sequential)]
public struct SECURITY_ATTRIBUTES
{
public uint nLength;
public IntPtr lpSecurityDescriptor; // point to SECURITY_DESCRIPTOR
public int bInheritHandle;
}
public struct SECURITY_ATTRIBUTES
{
public uint nLength;
public IntPtr lpSecurityDescriptor; // point to SECURITY_DESCRIPTOR
public int bInheritHandle;
}
对于.SECURITY_DESCRIPTOR:
[StructLayout(LayoutKind.Sequential)]
public struct SECURITY_DESCRIPTOR
{
public byte Revision;
public byte Sbz1;
public int Control; // point to SECURITY_DESCRIPTOR_CONTROL typedef WORD SECURITY_DESCRIPTOR_CONTROL
public IntPtr Owner; // point to PSID typedef PVOID PSID
public IntPtr Group; // point to PSID typedef PVOID PSID
public IntPtr Sacl; // point to ACL
public IntPtr Dacl; // point to ACL
}
public struct SECURITY_DESCRIPTOR
{
public byte Revision;
public byte Sbz1;
public int Control; // point to SECURITY_DESCRIPTOR_CONTROL typedef WORD SECURITY_DESCRIPTOR_CONTROL
public IntPtr Owner; // point to PSID typedef PVOID PSID
public IntPtr Group; // point to PSID typedef PVOID PSID
public IntPtr Sacl; // point to ACL
public IntPtr Dacl; // point to ACL
}
由于SECURITY_DESCRIPTOR结构的定义使用到了其它的一些结构,这里,我们也一并定义出来:
[StructLayout(LayoutKind.Sequential)]
public struct ACL
{
public byte AclRevision;
public byte Sbz1;
public uint AclSize;
public uint AceCount;
public uint Sbz2;
}
public struct ACL
{
public byte AclRevision;
public byte Sbz1;
public uint AclSize;
public uint AceCount;
public uint Sbz2;
}
结构定义好了,准备工作做好了一半了:)
下面就是定义我们要的函数了:)
private const int SECURITY_DESCRIPTOR_REVISION = 1;
[DllImport("advapi32.dll", SetLastError=true)]
static extern bool InitializeSecurityDescriptor(IntPtr pSecurityDescriptor, uint dwRevision);
[DllImport("advapi32.dll", SetLastError=true)]
static extern bool SetSecurityDescriptorDacl( IntPtr pSecurityDescriptor,int bDaclPresent,IntPtr pDacl,int bDaclDefaulted);
[DllImport("advapi32.dll", SetLastError=true)]
static extern bool InitializeSecurityDescriptor(IntPtr pSecurityDescriptor, uint dwRevision);
[DllImport("advapi32.dll", SetLastError=true)]
static extern bool SetSecurityDescriptorDacl( IntPtr pSecurityDescriptor,int bDaclPresent,IntPtr pDacl,int bDaclDefaulted);
由于InitializeSecurityDescriptor函数的第二个参数必需是1,所以定义了一个const int SECURITY_DESCRIPTOR_REVISION来表明..
下面的就是使用代码了.
public IntPtr AnonymousSA(bool bInheritHandle)
{
SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
SECURITY_DESCRIPTOR sd = new SECURITY_DESCRIPTOR();
lpSecurityDescriptor = Marshal.AllocCoTaskMem( Marshal.SizeOf( sd));
Marshal.StructureToPtr( sd,lpSecurityDescriptor,false);
if( ! InitializeSecurityDescriptor( lpSecurityDescriptor ,SECURITY_DESCRIPTOR_REVISION))
{
throw new ApplicationException("InitializeSecurityDescriptor invoked fail");
}
if( ! SetSecurityDescriptorDacl( lpSecurityDescriptor ,1,IntPtr.Zero,0))
{
throw new ApplicationException("SetSecurityDescriptorDacl invoked fail");
}
sa.bInheritHandle = bInheritHandle?1:0;
sa.nLength = (uint)Marshal.SizeOf( sa );
sa.lpSecurityDescriptor = lpSecurityDescriptor;
pSa = Marshal.AllocCoTaskMem( Marshal.SizeOf( sa));
Marshal.StructureToPtr( sa,pSa,false);
return pSa;
}
{
SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
SECURITY_DESCRIPTOR sd = new SECURITY_DESCRIPTOR();
lpSecurityDescriptor = Marshal.AllocCoTaskMem( Marshal.SizeOf( sd));
Marshal.StructureToPtr( sd,lpSecurityDescriptor,false);
if( ! InitializeSecurityDescriptor( lpSecurityDescriptor ,SECURITY_DESCRIPTOR_REVISION))
{
throw new ApplicationException("InitializeSecurityDescriptor invoked fail");
}
if( ! SetSecurityDescriptorDacl( lpSecurityDescriptor ,1,IntPtr.Zero,0))
{
throw new ApplicationException("SetSecurityDescriptorDacl invoked fail");
}
sa.bInheritHandle = bInheritHandle?1:0;
sa.nLength = (uint)Marshal.SizeOf( sa );
sa.lpSecurityDescriptor = lpSecurityDescriptor;
pSa = Marshal.AllocCoTaskMem( Marshal.SizeOf( sa));
Marshal.StructureToPtr( sa,pSa,false);
return pSa;
}
考虑到这个函数的通用性,我将其定义成一个单独的类. SecurityStruct.用于创建这个NULL DACL结构.
同时,由于使用到了Marshal中的内存分配,是非托管内存,所以我把这个类从IDisposable继承,用于释放此内存..
public class SecurityStruct : IDisposable
{
Private variable & Propery
public void Close()
{
if( lpSecurityDescriptor != IntPtr.Zero)
{
Marshal.FreeCoTaskMem( lpSecurityDescriptor);
lpSecurityDescriptor = IntPtr.Zero;
}
if( pSa != IntPtr.Zero)
{
Marshal.FreeCoTaskMem( pSa);
pSa = IntPtr.Zero;
}
}
public void Dispose()
{
Close();
}
}
{
Private variable & Propery
public void Close()
{
if( lpSecurityDescriptor != IntPtr.Zero)
{
Marshal.FreeCoTaskMem( lpSecurityDescriptor);
lpSecurityDescriptor = IntPtr.Zero;
}
if( pSa != IntPtr.Zero)
{
Marshal.FreeCoTaskMem( pSa);
pSa = IntPtr.Zero;
}
}
public void Dispose()
{
Close();
}
}
我们得到了创建了一这个Everyone的结构后,直接把其地址传给CreateFileMapping和CreateMutex的参数中就可以了.
这样,我们在ASP.NET,或是其它的用户,就可以很方便的使用这个MappingFile/Mutex了:)
完整代码下载: SecurityStruct.zip