/// <summary>
/// Ensures that home folder for ftp account exists.
/// </summary>
/// <param name="folder">Path to home folder.</param>
/// <param name="accountName">Account name.</param>
/// <param name="allowRead">A value which specifies whether read operation is allowed or not.</param>
/// <param name="allowWrite">A value which specifies whether write operation is allowed or not.</param>
private void EnsureUserHomeFolderExists(string folder, string accountName, bool allowRead, bool allowWrite)
{
Log.WriteError(String.Format("Trying to create folder {0}", folder), new Exception());
// create folder
if (!FileUtils.DirectoryExists(folder))
{
FileUtils.CreateDirectory(folder);
}
if (!allowRead && !allowWrite)
{
return;
}
NTFSPermission permissions = allowRead ? NTFSPermission.Read : NTFSPermission.Write;
if (allowRead && allowWrite)
{
permissions = NTFSPermission.Modify;
}
// Set ntfs permissions
SecurityUtils.GrantNtfsPermissions(folder, accountName, permissions, true, true,
ServerSettings, UsersOU, GroupsOU);
}
public static void GrantNtfsPermissions(string path, string accountName,
NTFSPermission permissions, bool inheritParentPermissions,
bool preserveOriginalPermissions, RemoteServerSettings serverSettings, string usersOU, string groupsOU)
{
string sid = GetAccountSid(accountName, serverSettings, usersOU, groupsOU);
// Check if loaded sid is not empty - because user can manually set up non existent account name.
if (!String.IsNullOrEmpty(sid))
{
GrantNtfsPermissionsBySid(path, sid, permissions, inheritParentPermissions,
preserveOriginalPermissions);
}
}
public void GrantWebSiteAccess(string path, string siteId, NTFSPermission permission)
{
try
{
Log.WriteStart("'{0}' GrantWebSiteAccess", ProviderSettings.ProviderName);
WebProvider.GrantWebSiteAccess(path, siteId, permission);
Log.WriteEnd("'{0}' GrantWebSiteAccess", ProviderSettings.ProviderName);
}
catch (Exception ex)
{
Log.WriteError(String.Format("'{0}' GrantWebSiteAccess", ProviderSettings.ProviderName), ex);
throw;
}
}
private void EnsureUserHomeFolderExists(string folder, string accountName, bool allowRead, bool allowWrite)
{
// create folder
if (!FileUtils.DirectoryExists(folder))
{
FileUtils.CreateDirectory(folder);
}
if (!allowRead && !allowWrite)
{
return;
}
NTFSPermission permissions = allowRead ? NTFSPermission.Read : NTFSPermission.Write;
if (allowRead && allowWrite)
{
permissions = NTFSPermission.Modify;
}
// set permissions
SecurityUtils.GrantNtfsPermissions(folder, accountName, permissions, true, true,
ServerSettings, UsersOU, GroupsOU);
}
/// <remarks/>
public void GrantWebSiteAccessAsync(string path, string siteId, NTFSPermission permission, object userState) {
if ((this.GrantWebSiteAccessOperationCompleted == null)) {
this.GrantWebSiteAccessOperationCompleted = new System.Threading.SendOrPostCallback(this.OnGrantWebSiteAccessOperationCompleted);
}
this.InvokeAsync("GrantWebSiteAccess", new object[] {
path,
siteId,
permission}, this.GrantWebSiteAccessOperationCompleted, userState);
}
/// <remarks/>
public void GrantWebSiteAccessAsync(string path, string siteId, NTFSPermission permission) {
this.GrantWebSiteAccessAsync(path, siteId, permission, null);
}
/// <remarks/>
public System.IAsyncResult BeginGrantWebSiteAccess(string path, string siteId, NTFSPermission permission, System.AsyncCallback callback, object asyncState) {
return this.BeginInvoke("GrantWebSiteAccess", new object[] {
path,
siteId,
permission}, callback, asyncState);
}
public void GrantWebSiteAccess(string path, string siteId, NTFSPermission permission) {
this.Invoke("GrantWebSiteAccess", new object[] {
path,
siteId,
permission});
}
public static void GrantNtfsPermissionsBySid(string path, string sid,
NTFSPermission permissions, bool inheritParentPermissions,
bool preserveOriginalPermissions)
{
// get file or directory security object
FileSystemSecurity security = GetFileSystemSecurity(path);
if (security == null)
return;
FileSystemRights rights = FileSystemRights.Read;
if (permissions == NTFSPermission.FullControl)
rights = FileSystemRights.FullControl;
else if (permissions == NTFSPermission.Modify)
rights = FileSystemRights.Modify;
else if (permissions == NTFSPermission.Write)
rights = FileSystemRights.Write;
else if (permissions == NTFSPermission.Read && security is DirectorySecurity)
rights = FileSystemRights.ReadAndExecute;
else if (permissions == NTFSPermission.Read && security is FileSecurity)
rights = FileSystemRights.Read;
SecurityIdentifier identity = new SecurityIdentifier(sid);
if (!preserveOriginalPermissions)
security = CreateFileSystemSecurity(path);
else
security.RemoveAccessRuleAll(new FileSystemAccessRule(identity,
FileSystemRights.Read, AccessControlType.Allow));
if (!inheritParentPermissions)
security.SetAccessRuleProtection(true, inheritParentPermissions);
else
security.SetAccessRuleProtection(false, true);
InheritanceFlags flags = security is FileSecurity ? InheritanceFlags.None
: InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
// change DACL
FileSystemAccessRule rule = new FileSystemAccessRule(
identity, rights,
flags,
PropagationFlags.None,
AccessControlType.Allow);
// add/modify rule
security.AddAccessRule(rule);
// set security object
SetFileSystemSecurity(path, security);
}
public static void GrantNtfsPermissions(string path, string accountName,
NTFSPermission permissions, bool inheritParentPermissions,
bool preserveOriginalPermissions, RemoteServerSettings serverSettings)
{
GrantNtfsPermissions(path, accountName, permissions, inheritParentPermissions, preserveOriginalPermissions, serverSettings, null, null);
}
public new void GrantWebSiteAccess(string path, string siteId, NTFSPermission permission)
{
// TODO
}
public void GrantWebSiteAccess(string path, string siteId, NTFSPermission permission)
{
try
{
Log.WriteStart("'{0}' GrantWebSiteAccess", ProviderSettings.ProviderName);
WebProvider.GrantWebSiteAccess(path, siteId, permission);
Log.WriteEnd("'{0}' GrantWebSiteAccess", ProviderSettings.ProviderName);
}
catch (Exception ex)
{
Log.WriteError(String.Format("'{0}' GrantWebSiteAccess", ProviderSettings.ProviderName), ex);
throw;
}
}
private void GrantWebManagementAccessInternally(string siteName, string accountName, string accountPassword, NTFSPermission permissions)
{
// Preserve setting to restore it back
bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server
ServerSettings.ADEnabled = false;
//
string fqWebPath = String.Format("/{0}", siteName);
// Trace input parameters
Log.WriteInfo("Site Name: {0}; Account Name: {1}; Account Password: {2}; FqWebPath: {3};",
siteName, accountName, accountPassword, fqWebPath);
//
if (IdentityCredentialsMode == "IISMNGR")
{
ManagementAuthentication.CreateUser(accountName, accountPassword);
}
else
{
// Create Windows user
SecurityUtils.CreateUser(
new SystemUser
{
Name = accountName,
FullName = accountName,
Description = "WMSVC Service Account created by WebsitePanel",
PasswordCantChange = true,
PasswordNeverExpires = true,
AccountDisabled = false,
Password = accountPassword,
System = true
},
ServerSettings,
String.Empty,
String.Empty);
// Convert account name to the full-qualified one
accountName = GetFullQualifiedAccountName(accountName);
//
Log.WriteInfo("FQ Account Name: {0};", accountName);
}
//
ManagementAuthorization.Grant(accountName, fqWebPath, false);
//
WebSite site = webObjectsSvc.GetWebSiteFromIIS(siteName);
//
string contentPath = webObjectsSvc.GetPhysicalPath(site);
//
Log.WriteInfo("Site Content Path: {0};", contentPath);
//
if (IdentityCredentialsMode == "IISMNGR")
{
SecurityUtils.GrantNtfsPermissionsBySid(contentPath, SystemSID.LOCAL_SERVICE, permissions, true, true);
}
else
{
SecurityUtils.GrantNtfsPermissions(contentPath, accountName, permissions, true, true, ServerSettings, String.Empty, String.Empty);
}
// Restore setting back
ServerSettings.ADEnabled = adEnabled;
}
private void GrantWebManagementAccessInternally(string siteName, string accountName, string accountPassword, NTFSPermission permissions)
{
// Preserve setting to restore it back
bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server
//ServerSettings.ADEnabled = false;
//
string fqWebPath = String.Format("/{0}", siteName);
// Trace input parameters
Log.WriteInfo("Site Name: {0}; Account Name: {1}; Account Password: {2}; FqWebPath: {3};",
siteName, accountName, accountPassword, fqWebPath);
string contentPath = string.Empty;
using (ServerManager srvman = webObjectsSvc.GetServerManager())
{
WebSite site = webObjectsSvc.GetWebSiteFromIIS(srvman, siteName);
//
contentPath = webObjectsSvc.GetPhysicalPath(srvman, site);
//
Log.WriteInfo("Site Content Path: {0};", contentPath);
}
string FTPRoot = string.Empty;
string FTPDir = string.Empty;
if (contentPath.IndexOf("\\\\") != -1)
{
string[] Tmp = contentPath.Split('\\');
FTPRoot = "\\\\" + Tmp[2] + "\\" + Tmp[3];
FTPDir = contentPath.Replace(FTPRoot, "");
}
//
string accountNameSid = string.Empty;
//
if (IdentityCredentialsMode == "IISMNGR")
{
ManagementAuthentication.CreateUser(accountName, accountPassword);
}
else
{
// Create Windows user
SecurityUtils.CreateUser(
new SystemUser
{
Name = accountName,
FullName = accountName,
Description = "WMSVC Service Account created by WebsitePanel",
PasswordCantChange = true,
PasswordNeverExpires = true,
AccountDisabled = false,
Password = accountPassword,
System = true,
MsIIS_FTPDir = FTPDir,
MsIIS_FTPRoot = FTPRoot
},
ServerSettings,
UsersOU,
GroupsOU);
// Convert account name to the full-qualified one
accountName = GetFullQualifiedAccountName(accountName);
accountNameSid = GetFullQualifiedAccountNameSid(accountName);
//
Log.WriteInfo("FQ Account Name: {0};", accountName);
}
ManagementAuthorization.Grant(accountName, fqWebPath, false);
//
if (IdentityCredentialsMode == "IISMNGR")
{
SecurityUtils.GrantNtfsPermissionsBySid(contentPath, SystemSID.LOCAL_SERVICE, permissions, true, true);
}
else
{
SecurityUtils.GrantNtfsPermissions(contentPath, accountNameSid, NTFSPermission.Modify, true, true, ServerSettings, UsersOU, GroupsOU);
}
}
