private void emitSecurity(PipelineContext ctx, IDatasourceSink sink, String fileName)
{
FileInfo info = new FileInfo(fileName);
var ac = info.GetAccessControl();
var rules = ac.GetAccessRules(true, true, typeof(NTAccount));
foreach (AuthorizationRule rule in rules)
{
FileSystemAccessRule fsRule = rule as FileSystemAccessRule;
if (fsRule.AccessControlType == AccessControlType.Deny)
{
continue;
}
//ctx.ImportLog.Log("rule2 {0}: {1}", securityCache.GetAccount(rule.IdentityReference), fsRule.FileSystemRights);
if ((fsRule.FileSystemRights & FileSystemRights.ReadData) == 0)
{
continue;
}
String access = null;
switch (fsRule.AccessControlType)
{
case AccessControlType.Allow: access = "/allow"; break;
case AccessControlType.Deny: access = "/deny"; break;
default: access = "/" + fsRule.ToString().ToLowerInvariant(); break;
}
var account = securityCache.GetAccount(rule.IdentityReference);
if (account.WellKnownSid != null)
{
WellKnownSidType sidType = (WellKnownSidType)account.WellKnownSid;
//ctx.ImportLog.Log("wellksid={0}", sidType);
switch (sidType)
{
case WellKnownSidType.AuthenticatedUserSid:
case WellKnownSidType.WorldSid:
break;
default: continue;
}
}
else
{
if (!account.IsGroup)
{
continue;
}
}
sink.HandleValue(ctx, "record/security/group" + access, account);
}
}
