public static void RemoveFileSystemAuditRule(FileSystemInfo item, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
FileSystemAuditRule ace = null;
if (item is FileInfo)
{
var file = (FileInfo)item;
var sd = file.GetAccessControl(AccessControlSections.Audit);
ace = (FileSystemAuditRule)sd.AuditRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
sd.RemoveAuditRule(ace);
file.SetAccessControl(sd);
}
else
{
DirectoryInfo directory = (DirectoryInfo)item;
var sd = directory.GetAccessControl(AccessControlSections.Audit);
ace = (FileSystemAuditRule)sd.AuditRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
sd.RemoveAuditRule(ace);
directory.SetAccessControl(sd);
}
}
public SimpleFileSystemAccessRule(string path, IdentityReference2 account, FileSystemRights2 access, AccessControlType accessControlType)
{
fullName = path;
accessRights = access;
identity = account;
type = accessControlType;
}
public int GetEffectiveAccess(ObjectSecurity sd, IdentityReference2 identity, string serverName, out bool remoteServerAvailable, out Exception authzException)
{
int effectiveAccess = 0;
remoteServerAvailable = false;
authzException = null;
try
{
GetEffectivePermissions_AuthzInitializeResourceManager(serverName, out remoteServerAvailable);
try
{
GetEffectivePermissions_AuthzInitializeContextFromSid(identity);
effectiveAccess = GetEffectivePermissions_AuthzAccessCheck(sd);
}
catch (Exception ex)
{
authzException = ex;
}
}
catch
{ }
finally
{
GetEffectivePermissions_FreeResouces();
}
return(effectiveAccess);
}
public static void SetOwner(FileSystemInfo item, IdentityReference2 account)
{
var sd = new FileSystemSecurity2(item, AccessControlSections.Owner);
SetOwner(sd, account);
sd.Write();
}
public override bool Equals(object obj)
{
//Instance cannot be null
if (ReferenceEquals(obj, null))
{
return(false);
}
//Instances are equal
if (ReferenceEquals(this, obj))
{
return(true);
}
SecurityIdentifier sid = obj as SecurityIdentifier;
if (sid != null)
{
return(this.sid == sid);
}
var ntAccount = obj as NTAccount;
if (ntAccount != null)
{
return(this.ntAccount == ntAccount);
}
IdentityReference2 ir2 = obj as IdentityReference2;
if (ir2 != null)
{
return(this.sid == ir2.sid);
}
string value = obj as string;
if (value != null)
{
if (this.sid.Value == value)
{
return(true);
}
if (this.ntAccount != null)
{
if (this.ntAccount.Value.ToLower() == value.ToLower())
{
return(true);
}
}
}
return(false);
}
public static void RemoveFileSystemAccessRule(string path, IdentityReference2 account, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, bool removeSpecific = false)
{
if (File.Exists(path))
{
var item = new FileInfo(path);
RemoveFileSystemAccessRule(item, account, rights, type, inheritanceFlags, propagationFlags, removeSpecific);
}
else
{
var item = new DirectoryInfo(path);
RemoveFileSystemAccessRule(item, account, rights, type, inheritanceFlags, propagationFlags, removeSpecific);
}
}
public static void RemoveFileSystemAuditRule(string path, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
if (File.Exists(path))
{
var item = new FileInfo(path);
RemoveFileSystemAuditRule(item, account, rights, type, inheritanceFlags, propagationFlags);
}
else
{
var item = new DirectoryInfo(path);
RemoveFileSystemAuditRule(item, account, rights, type, inheritanceFlags, propagationFlags);
}
}
public static FileSystemAuditRule2 AddFileSystemAuditRule(string path, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
FileSystemAuditRule ace = null;
if (File.Exists(path))
{
var item = new FileInfo(path);
ace = AddFileSystemAuditRule(item, account, rights, type, inheritanceFlags, propagationFlags);
}
else
{
var item = new DirectoryInfo(path);
ace = AddFileSystemAuditRule(item, account, rights, type, inheritanceFlags, propagationFlags);
}
return(ace);
}
public static void RemoveFileSystemAccessRule(FileSystemInfo item, IdentityReference2 account, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, bool removeSpecific = false)
{
if (type == AccessControlType.Allow)
{
rights = rights | FileSystemRights2.Synchronize;
}
FileSystemAccessRule ace = null;
if (item as FileInfo != null)
{
var file = (FileInfo)item;
var sd = file.GetAccessControl(AccessControlSections.Access);
ace = (FileSystemAccessRule)sd.AccessRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
if (removeSpecific)
{
sd.RemoveAccessRuleSpecific(ace);
}
else
{
sd.RemoveAccessRule(ace);
}
file.SetAccessControl(sd);
}
else
{
DirectoryInfo directory = (DirectoryInfo)item;
var sd = directory.GetAccessControl(AccessControlSections.Access);
ace = (FileSystemAccessRule)sd.AccessRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
if (removeSpecific)
{
sd.RemoveAccessRuleSpecific(ace);
}
else
{
sd.RemoveAccessRule(ace);
}
directory.SetAccessControl(sd);
}
}
public static EffectiveAccessInfo GetEffectiveAccess(FileSystemInfo item, IdentityReference2 id, string serverName)
{
bool remoteServerAvailable = false;
Exception authzAccessCheckException = null;
var win32 = new Win32();
var fss = new FileSystemSecurity2(item);
var effectiveAccessMask = win32.GetEffectiveAccess(fss.SecurityDescriptor, id, serverName, out remoteServerAvailable, out authzAccessCheckException);
var ace = new FileSystemAccessRule((SecurityIdentifier)id, (FileSystemRights)effectiveAccessMask, AccessControlType.Allow);
return(new EffectiveAccessInfo(
new FileSystemAccessRule2(ace, item),
remoteServerAvailable,
authzAccessCheckException));
}
public FileSystemEffectivePermissionEntry(IdentityReference2 identity, uint AccessMask, string FullName)
{
this.account = identity;
this.accessMask = AccessMask;
this.objectPath = FullName;
this.accessAsString = new List <string>();
if (accessMask == 0)
{
accessAsString.Add("None");
}
else
{
string tempString = ((FileSystemRights)this.accessMask).ToString();
foreach (var s in tempString.Split(','))
{
this.accessAsString.Add(s);
}
}
}
public static FileSystemAccessRule2 AddFileSystemAccessRule(string path, IdentityReference2 account, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
if (type == AccessControlType.Allow)
{
rights = rights | FileSystemRights2.Synchronize;
}
FileSystemAccessRule ace = null;
if (File.Exists(path))
{
var item = new FileInfo(path);
ace = AddFileSystemAccessRule(item, account, rights, type, inheritanceFlags, propagationFlags);
}
else
{
var item = new DirectoryInfo(path);
ace = AddFileSystemAccessRule(item, account, rights, type, inheritanceFlags, propagationFlags);
}
return(ace);
}
private void GetEffectivePermissions_AuthzInitializeContextFromSid(IdentityReference2 id)
{
var rawSid = id.GetBinaryForm();
//
// Create an AuthZ context based on the user account
//
if (!AuthzInitializeContextFromSid(
AuthzInitFlags.Default,
rawSid,
authzRM,
IntPtr.Zero,
Win32.LUID.NullLuid,
IntPtr.Zero,
out userClientCtxt))
{
Win32Exception win32Expn = new Win32Exception(Marshal.GetLastWin32Error());
if (win32Expn.NativeErrorCode != Win32Error.RPC_S_SERVER_UNAVAILABLE)
{
throw win32Expn;
}
}
}
public static FileSystemAuditRule2 AddFileSystemAuditRule(FileSystemInfo item, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
var sd = new FileSystemSecurity2(item);
var ace = AddFileSystemAuditRule(sd, account, rights, type, inheritanceFlags, propagationFlags);
sd.Write();
return(ace);
}
public static FileSystemAccessRule2 AddFileSystemAccessRule(FileSystemSecurity2 sd, IdentityReference2 account, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
if (type == AccessControlType.Allow)
{
rights = rights | FileSystemRights2.Synchronize;
}
FileSystemAccessRule ace = null;
if (sd.IsFile)
{
ace = (FileSystemAccessRule)sd.SecurityDescriptor.AccessRuleFactory(account, (int)rights, false, InheritanceFlags.None, PropagationFlags.None, type);
((FileSecurity)sd.SecurityDescriptor).AddAccessRule(ace);
}
else
{
ace = (FileSystemAccessRule)sd.SecurityDescriptor.AccessRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
((DirectorySecurity)sd.SecurityDescriptor).AddAccessRule(ace);
}
return(ace);
}
public static void SetOwner(FileSystemSecurity2 sd, IdentityReference2 account)
{
sd.SecurityDescriptor.SetOwner(account);
}
private FileSystemOwner(FileSystemInfo item, IdentityReference2 owner)
{
this.item = item;
this.owner = owner;
}
public SimpleFileSystemAccessRule(string Path, IdentityReference2 account, FileSystemRights2 access)
{
this.fullName = Path;
this.accessRights = access;
this.identity = account;
}
public static FileSystemAuditRule2 AddFileSystemAuditRule(FileSystemSecurity2 sd, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
FileSystemAuditRule2 ace = null;
if (sd.IsFile)
{
ace = (FileSystemAuditRule)sd.SecurityDescriptor.AuditRuleFactory(account, (int)rights, false, InheritanceFlags.None, PropagationFlags.None, type);
((FileSecurity)sd.SecurityDescriptor).AddAuditRule(ace);
}
else
{
ace = (FileSystemAuditRule)sd.SecurityDescriptor.AuditRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
((DirectorySecurity)sd.SecurityDescriptor).AddAuditRule(ace);
}
return(ace);
}
public static FileSystemAccessRule2 RemoveFileSystemAccessRule(FileSystemSecurity2 sd, IdentityReference2 account, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, bool removeSpecific = false)
{
if (type == AccessControlType.Allow)
{
rights = rights | FileSystemRights2.Synchronize;
}
var ace = (FileSystemAccessRule)sd.SecurityDescriptor.AccessRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
if (sd.IsFile)
{
if (removeSpecific)
{
((FileSecurity)sd.SecurityDescriptor).RemoveAccessRuleSpecific(ace);
}
else
{
((FileSecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
}
}
else
{
if (removeSpecific)
{
((DirectorySecurity)sd.SecurityDescriptor).RemoveAccessRuleSpecific(ace);
}
else
{
((DirectorySecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
}
}
return(ace);
}
public static FileSystemAuditRule2 RemoveFileSystemAuditRule(FileSystemSecurity2 sd, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, bool removeSpecific = false)
{
var ace = (FileSystemAuditRule)sd.SecurityDescriptor.AuditRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
if (sd.IsFile)
{
if (removeSpecific)
{
((FileSecurity)sd.SecurityDescriptor).RemoveAuditRuleSpecific(ace);
}
else
{
((FileSecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
}
}
else
{
if (removeSpecific)
{
((DirectorySecurity)sd.SecurityDescriptor).RemoveAuditRuleSpecific(ace);
}
else
{
((DirectorySecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
}
}
return(ace);
}
public static FileSystemAccessRule2 AddFileSystemAccessRule(FileSystemInfo item, IdentityReference2 account, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
if (type == AccessControlType.Allow)
{
rights = rights | FileSystemRights2.Synchronize;
}
var sd = new FileSystemSecurity2(item);
var ace = AddFileSystemAccessRule(sd, account, rights, type, inheritanceFlags, propagationFlags);
sd.Write();
return(ace);
}
