private static void setAccesssToCurrentUserOnly(string filePath)
{
FileInfo file = new FileInfo(filePath);
AuthorizationRuleCollection accessRules = file.GetAccessControl().GetAccessRules(true, true,
typeof(System.Security.Principal.SecurityIdentifier));
System.Security.AccessControl.FileSecurity fileSecurity = file.GetAccessControl();
IList <FileSystemAccessRule> existsList = new List <FileSystemAccessRule>();
foreach (FileSystemAccessRule rule in accessRules)
{
//all rule.
existsList.Add(rule);
}
//Add full control to curent user.
WindowsIdentity wi = WindowsIdentity.GetCurrent();
IdentityReference ir = wi.User.Translate(typeof(NTAccount));
fileSecurity.AddAccessRule(new FileSystemAccessRule(ir, FileSystemRights.FullControl, AccessControlType.Allow));
//administrators
IdentityReference BuiltinAdministrators = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
fileSecurity.AddAccessRule(new FileSystemAccessRule(BuiltinAdministrators, FileSystemRights.FullControl, AccessControlType.Allow));
//Clear all rules.
foreach (FileSystemAccessRule rule in existsList)
{
if (!rule.IdentityReference.Equals(ir) && !rule.Equals(BuiltinAdministrators))
{
fileSecurity.RemoveAccessRuleAll(rule);
}
}
file.SetAccessControl(fileSecurity);
}
public static FileSecurity RemoveAllSystemAccessRule(FileSecurity fs)
{
try
{
fs.RemoveAccessRuleAll(new FileSystemAccessRule("SYSTEM", FileSystemRights.FullControl, AccessControlType.Allow));
fs.RemoveAccessRuleAll(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));
fs.RemoveAccessRuleAll(new FileSystemAccessRule("Administrators", FileSystemRights.FullControl, AccessControlType.Allow));
fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK", FileSystemRights.FullControl, AccessControlType.Allow));
fs.RemoveAccessRuleAll(new FileSystemAccessRule("NETWORK SERVICE", FileSystemRights.FullControl, AccessControlType.Allow));
fs.RemoveAccessRuleAll(new FileSystemAccessRule("LOCAL SERVICE", FileSystemRights.FullControl, AccessControlType.Allow));
fs.RemoveAccessRuleAll(new FileSystemAccessRule("CREATOR OWNER", FileSystemRights.FullControl, AccessControlType.Allow));
fs.RemoveAccessRuleAll(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow));
}
catch { }
try { fs.RemoveAccessRuleAll(new FileSystemAccessRule("Power Users", FileSystemRights.FullControl, AccessControlType.Allow)); }
catch { }
try { fs.RemoveAccessRuleAll(new FileSystemAccessRule("IIS_WPG", FileSystemRights.FullControl, AccessControlType.Allow)); }
catch { }
try { fs.RemoveAccessRuleAll(new FileSystemAccessRule("Guests", FileSystemRights.FullControl, AccessControlType.Allow)); }
catch { }
return fs;
}
private static string getAndInitDatabase()
{
string userDBPath = "";
#if !DEBUG
try
{
using (var mutex = new System.Threading.Mutex(false, "huawei.sccmplugin.db"))
{
if (mutex.WaitOne(TimeSpan.FromSeconds(60), false))
{
var localPath = System.Environment.GetEnvironmentVariable("userprofile");//C:\Users\Public\Huawei\SCCM Plugin
var allUserPath = System.Environment.GetEnvironmentVariable("PUBLIC");
userDBPath = Path.Combine(localPath, "Huawei", "SCCM Plugin", "DB", "db.sqlite");
string allDBPath = Path.Combine(allUserPath, "Huawei", "SCCM Plugin", "DB", "db.sqlite");
if (!File.Exists(userDBPath))
{
//Init folder.
FileInfo file = new FileInfo(userDBPath);
if (!file.Directory.Exists)
{
file.Directory.Create();
}
//Copy
if (File.Exists(allDBPath))
{
File.Copy(allDBPath, userDBPath);
}
AuthorizationRuleCollection accessRules = file.GetAccessControl().GetAccessRules(true, true,
typeof(System.Security.Principal.SecurityIdentifier));
System.Security.AccessControl.FileSecurity fileSecurity = file.GetAccessControl();
IList <FileSystemAccessRule> existsList = new List <FileSystemAccessRule>();
foreach (FileSystemAccessRule rule in accessRules)
{
//all rule.
existsList.Add(rule);
}
//Add full control to curent user.
WindowsIdentity wi = WindowsIdentity.GetCurrent();
IdentityReference ir = wi.User.Translate(typeof(NTAccount));
fileSecurity.AddAccessRule(new FileSystemAccessRule(ir, FileSystemRights.FullControl, AccessControlType.Allow));
//administrators
IdentityReference BuiltinAdministrators = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
fileSecurity.AddAccessRule(new FileSystemAccessRule(BuiltinAdministrators, FileSystemRights.FullControl, AccessControlType.Allow));
//Clear all rules.
foreach (FileSystemAccessRule rule in existsList)
{
if (!rule.IdentityReference.Equals(ir) && !rule.Equals(BuiltinAdministrators))
{
fileSecurity.RemoveAccessRuleAll(rule);
}
}
file.SetAccessControl(fileSecurity);
}
}
}
}
catch (Exception se)
{
LogUtil.HWLogger.API.Error(se);
throw;
}
#endif
return(userDBPath);
}