Inheritance: NativeObjectSecurity
Beispiel #1
0
		public static bool UserHasRights(FileSystemSecurity sec)
		{
			NTAccount usersAccount = GetUsersAccount();
			return Enumerable.Any(Enumerable.OfType<FileSystemAccessRule>(sec.GetAccessRules(true, true, typeof(NTAccount))), r =>
			{
				if (r.FileSystemRights == FileSystemRights.FullControl && r.AccessControlType == AccessControlType.Allow && r.InheritanceFlags == (InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit))
					return r.IdentityReference == usersAccount;
				return false;
			});
		}
Beispiel #2
0
 public FileSystemAccessRule Create(System.Security.AccessControl.FileSystemSecurity owner)
 {
     return((FileSystemAccessRule)owner.AccessRuleFactory(
                new System.Security.Principal.SecurityIdentifier(SID),
                (int)Rights,
                Inherited,
                Inheritance,
                Propagation,
                ControlType));
 }
        private static bool TryGetFileSecurity(string path, AccessControlSections sectionsNeeded,
            out FileSystemSecurity security)
        {
            var exists = false;
            security = null;

            if (File.Exists(path))
            {
                exists = true;
                security = File.GetAccessControl(path, sectionsNeeded);
            }

            return exists;
        }
        private bool TryGetDirectorySecurity(string path, AccessControlSections sectionsNeeded,
            out FileSystemSecurity security)
        {
            var exists = false;
            security = null;

            if (Directory.Exists(path))
            {
                exists = true;
                security = Directory.GetAccessControl(path, sectionsNeeded);
            }

            return exists;
        }
Beispiel #5
0
        internal static void SetAccessControlExtracted(FileSystemSecurity security, string name)
        {
            //security.WriteLock();
            AccessControlSections includeSections = AccessControlSections.Audit | AccessControlSections.Owner | AccessControlSections.Group;

            SecurityInfos securityInfo = (SecurityInfos)0;
            SecurityIdentifier owner = null;
            SecurityIdentifier group = null;
            SystemAcl sacl = null;
            DiscretionaryAcl dacl = null;
            if ((includeSections & AccessControlSections.Owner) != AccessControlSections.None)
            {
                owner = (SecurityIdentifier)security.GetOwner(typeof(SecurityIdentifier));
                if (owner != null)
                {
                    securityInfo = securityInfo | SecurityInfos.Owner;
                }
            }

            if ((includeSections & AccessControlSections.Group) != AccessControlSections.None)
            {
                @group = (SecurityIdentifier)security.GetGroup(typeof(SecurityIdentifier));
                if (@group != null)
                {
                    securityInfo = securityInfo | SecurityInfos.Group;
                }
            }
            var securityDescriptorBinaryForm = security.GetSecurityDescriptorBinaryForm();
            RawSecurityDescriptor rawSecurityDescriptor = null;
            bool isDiscretionaryAclPresent = false;
            if (securityDescriptorBinaryForm != null)
            {
                rawSecurityDescriptor = new RawSecurityDescriptor(securityDescriptorBinaryForm, 0);
                isDiscretionaryAclPresent = (rawSecurityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent) != ControlFlags.None;
            }

            if ((includeSections & AccessControlSections.Audit) != AccessControlSections.None)
            {
                securityInfo = securityInfo | SecurityInfos.SystemAcl;
                sacl = null;
                if (rawSecurityDescriptor != null)
                {
                    var isSystemAclPresent = (rawSecurityDescriptor.ControlFlags & ControlFlags.SystemAclPresent) != ControlFlags.None;
                    if (isSystemAclPresent && rawSecurityDescriptor.SystemAcl != null && rawSecurityDescriptor.SystemAcl.Count > 0)
                    {
                        // are all system acls on a file not a container?
                        const bool notAContainer = false;
                        const bool notADirectoryObjectACL = false;

                        sacl = new SystemAcl(notAContainer, notADirectoryObjectACL,
                            rawSecurityDescriptor.SystemAcl);
                    }
                    securityInfo = (SecurityInfos)(((rawSecurityDescriptor.ControlFlags & ControlFlags.SystemAclProtected) == ControlFlags.None ?
                        (uint)securityInfo | UnprotectedSystemAcl : (uint)securityInfo | ProtectedSystemAcl));
                }
            }
            if ((includeSections & AccessControlSections.Access) != AccessControlSections.None && isDiscretionaryAclPresent)
            {
                securityInfo = securityInfo | SecurityInfos.DiscretionaryAcl;
                dacl = null;
                if (rawSecurityDescriptor != null)
                {
                    //if (!this._securityDescriptor.DiscretionaryAcl.EveryOneFullAccessForNullDacl)
                    {
                        dacl = new DiscretionaryAcl(false, false, rawSecurityDescriptor.DiscretionaryAcl);
                    }
                    securityInfo = (SecurityInfos)(((rawSecurityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclProtected) == ControlFlags.None ?
                        (uint)securityInfo | UnprotectedDiscretionaryAcl : (uint)securityInfo | ProtectedDiscretionaryAcl));
                }
            }
            if (securityInfo == 0) return;

            int errorNum = SetSecurityInfo(ResourceType.FileObject, name, null, securityInfo, owner, @group, sacl, dacl);
            if (errorNum != 0)
            {
                Exception exception = GetExceptionFromWin32Error(errorNum, name);
                if (exception == null)
                {
                    if (errorNum == NativeMethods.ERROR_ACCESS_DENIED)
                    {
                        exception = new UnauthorizedAccessException();
                    }
                    else if (errorNum == NativeMethods.ERROR_INVALID_OWNER)
                    {
                        exception = new InvalidOperationException("Invalid owner");
                    }
                    else if (errorNum == NativeMethods.ERROR_INVALID_PRIMARY_GROUP)
                    {
                        exception = new InvalidOperationException("Invalid group");
                    }
                    else if (errorNum == NativeMethods.ERROR_INVALID_NAME)
                    {
                        exception = new ArgumentException("Invalid name", "name");
                    }
                    else if (errorNum == NativeMethods.ERROR_INVALID_HANDLE)
                    {
                        exception = new NotSupportedException("Invalid Handle");
                    }
                    else if (errorNum == NativeMethods.ERROR_FILE_NOT_FOUND)
                    {
                        exception = new FileNotFoundException();
                    }
                    else if (errorNum != NativeMethods.ERROR_NO_SECURITY_ON_OBJECT)
                    {
                        exception = new InvalidOperationException("Unexpected error");
                    }
                    else
                    {
                        exception = new NotSupportedException("No associated security");
                    }
                }
                throw exception;
            }
            //finally
            //{
                //security.WriteLUnlck();
            //}
        }
Beispiel #6
0
 /// <summary>
 /// Sets the access control security on all files and directories in the set.
 /// </summary>
 /// <param name="security">The security to apply.</param>
 /// <returns>The set</returns>
 public static Path AccessControl(this Path path, FileSystemSecurity security) => AccessControl(path, p => security);
Beispiel #7
0
        DokanError IDokanOperations.GetFileSecurity(string filename, out FileSystemSecurity security,
            AccessControlSections sections, DokanFileInfo info)
        {
            //Log("GetSecurrityInfo:{0}:{1}", filename, sections);
            LogFSActionInit("GetFileSecurity", filename, (SftpContext)info.Context, "Sections:{0}",sections);

            var sftpattributes = (info.Context as SftpContext).Attributes;
            var rights = FileSystemRights.ReadPermissions | FileSystemRights.ReadExtendedAttributes |
                         FileSystemRights.ReadAttributes | FileSystemRights.Synchronize;

            if (UserCanRead(sftpattributes))
            {
                rights |= FileSystemRights.ReadData;
            }
            if (UserCanWrite(sftpattributes))
            {
                rights |= FileSystemRights.Write;
            }
            if (UserCanExecute(sftpattributes) && info.IsDirectory)
            {
                rights |= FileSystemRights.Traverse;
            }
            security = info.IsDirectory ? new DirectorySecurity() as FileSystemSecurity : new FileSecurity();
            // if(sections.HasFlag(AccessControlSections.Access))
            security.AddAccessRule(new FileSystemAccessRule("Everyone", rights, AccessControlType.Allow));
            security.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl ^ rights,
                                                            AccessControlType.Deny));
            //not sure this works at all, needs testing
            // if (sections.HasFlag(AccessControlSections.Owner))
            security.SetOwner(new NTAccount("None"));
            // if (sections.HasFlag(AccessControlSections.Group))
            security.SetGroup(new NTAccount("None"));

            LogFSActionSuccess("GetFileSecurity", filename, (SftpContext)info.Context, "Sections:{0} Rights:{1}", sections, rights);
            return DokanError.ErrorSuccess;
        }
Beispiel #8
0
        DokanError IDokanOperations.SetFileSecurity(string filename, FileSystemSecurity security,
            AccessControlSections sections, DokanFileInfo info)
        {
            //Log("TrySetSecurity:{0}", filename);
            LogFSActionError("SetFileSecurity", filename, (SftpContext)info.Context, "NI");

            return DokanError.ErrorAccessDenied;
        }
        public NtStatus GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
        {
            security = info.IsDirectory
                ? new DirectorySecurity() as FileSystemSecurity
                : new FileSecurity() as FileSystemSecurity;

            return Trace(nameof(GetFileSecurity), fileName, info, DokanResult.Success, $"out {security}", $"{sections}");
        }
Beispiel #10
0
 private static void SetFileSystemSecurity(string path, FileSystemSecurity security)
 {
     if (Directory.Exists(path))
         new DirectoryInfo(path).SetAccessControl((DirectorySecurity)security);
     else if (File.Exists(path))
         new FileInfo(path).SetAccessControl((FileSecurity)security);
 }
Beispiel #11
0
 public DokanError SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections,
                                   DokanFileInfo info)
 {
     try
     {
         if (info.IsDirectory)
         {
             Directory.SetAccessControl(GetPath(fileName), (DirectorySecurity) security);
         }
         else
         {
             File.SetAccessControl(GetPath(fileName), (FileSecurity) security);
         }
         return DokanError.ErrorSuccess;
     }
     catch (UnauthorizedAccessException)
     {
         return DokanError.ErrorAccessDenied;
     }
 }
 protected IList<FileSystemAccessRule> FindAccessRules(FileSystemSecurity security)
 {
     System.Security.Principal.NTAccount typedAccount = GetNTAccount();
     List<FileSystemAccessRule> result = new List<FileSystemAccessRule>();
     foreach (FileSystemAccessRule fileSystemAccessRule in security.GetAccessRules(true, false, typeof(NTAccount)))
     {
         if (fileSystemAccessRule.IdentityReference.Value.Equals(typedAccount.Value,
                                                                 StringComparison.InvariantCultureIgnoreCase))
         {
             result.Add(fileSystemAccessRule);
         }
     }
     return result;
 }
Beispiel #13
0
 public DokanError SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
 {
     return ope_.SetFileSecurity(fileName, security, sections, info);
 }
Beispiel #14
0
 public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections,
     DokanFileInfo info)
 {
     throw new NotImplementedException();
 }
 private void GetAccessRules(FileSystemSecurity fsSecurity, PropertyInfo file)
 {
     try
     {
         var getOwner = fsSecurity.GetOwner(typeof (SecurityIdentifier));
         if (getOwner != null)
         {
             string ownerIdentifier = fsSecurity.GetOwner(typeof(SecurityIdentifier)).Value;
             //var owner = fsSecurity.GetOwner(typeof(SecurityIdentifier));
             //var nameOwner = owner.Translate(typeof(NTAccount)).Value;
             file.Owner = ownerIdentifier;
         }
     }
     catch(Exception ex){
          /* 
            System.Security.Principal.IdentityNotMappedException was unhandled
            Message="Some or all identity references could not be translated."
          */
         SaveExc.Save(ex);
     }
     WindowsIdentity wi = WindowsIdentity.GetCurrent();
     AuthorizationRuleCollection rules = fsSecurity.GetAccessRules(true, true, typeof(SecurityIdentifier));
     foreach (FileSystemAccessRule rl in rules)
     {
         GetAccessRules(wi, rl, FileSystemRights.FullControl, file);
         GetAccessRules(wi, rl, FileSystemRights.Modify, file);
         GetAccessRules(wi, rl, FileSystemRights.Read, file);
         GetAccessRules(wi, rl, FileSystemRights.ReadAndExecute, file);
         GetAccessRules(wi, rl, FileSystemRights.Write, file);
     }
 }
Beispiel #16
0
        DokanError IDokanOperations.SetFileSecurity(string fileName, FileSystemSecurity security,
            AccessControlSections sections, DokanFileInfo info)
        {
            Log("VFS TrySetSecurity:{0}", fileName);
            SftpDrive drive = this.GetDriveByMountPoint(fileName, out fileName);
            if (drive != null)
                return GetSubSystemOperations(drive).SetFileSecurity(fileName, security, sections, info);

            return DokanError.ErrorAccessDenied;
        }
 public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
 {
     return Trace(nameof(SetFileAttributes), fileName, info, DokanResult.NotImplemented, sections.ToString());
 }
Beispiel #18
0
 public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections,
     DokanFileInfo info)
 {
     return DokanResult.Error;
 }
Beispiel #19
0
 public DokanError GetFileSecurity(string fileName, out FileSystemSecurity security,
                                   AccessControlSections sections, DokanFileInfo info)
 {
     try
     {
         security = info.IsDirectory
                        ? (FileSystemSecurity) Directory.GetAccessControl(GetPath(fileName))
                        : File.GetAccessControl(GetPath(fileName));
         return DokanError.ErrorSuccess;
     }
     catch (UnauthorizedAccessException)
     {
         security = null;
         return DokanError.ErrorAccessDenied;
     }
 }
Beispiel #20
0
        DokanError IDokanOperations.SetFileSecurity(string filename, FileSystemSecurity security,
                                                    AccessControlSections sections, DokanFileInfo info)
        {
            Log("TrySetSecurity:{0}", filename);

            return DokanError.ErrorAccessDenied;
        }
Beispiel #21
0
 public DokanError SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections,
     DokanFileInfo info)
 {
     return DokanError.ErrorError;
 }
Beispiel #22
0
 public NtStatus GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
 {
     try
     {
         security = info.IsDirectory
                        ? (FileSystemSecurity)Directory.GetAccessControl(GetPath(fileName))
                        : File.GetAccessControl(GetPath(fileName));
         return Trace("GetFileSecurity", fileName, info, DokanResult.Success, sections.ToString());
     }
     catch (UnauthorizedAccessException)
     {
         security = null;
         return Trace("GetFileSecurity", fileName, info, DokanResult.AccessDenied, sections.ToString());
     }
 }
Beispiel #23
0
 internal static bool UserHasRights(FileSystemSecurity sec)
 {
     NTAccount usersAccount = GetUsersAccount();
     return sec.GetAccessRules(true, true, typeof(NTAccount)).OfType<FileSystemAccessRule>().Any<FileSystemAccessRule>(r => ((((r.FileSystemRights == FileSystemRights.FullControl) && (r.AccessControlType == AccessControlType.Allow)) && (r.InheritanceFlags == (InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit))) && (r.IdentityReference == usersAccount)));
 }
Beispiel #24
0
 public DokanError GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
 {
     security = null;
     return DokanError.ErrorAccessDenied;
 }
Beispiel #25
0
 public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
 {
     try
     {
         if (info.IsDirectory)
         {
             Directory.SetAccessControl(GetPath(fileName), (DirectorySecurity)security);
         }
         else
         {
             File.SetAccessControl(GetPath(fileName), (FileSecurity)security);
         }
         return Trace("SetFileSecurity", fileName, info, DokanResult.Success, sections.ToString());
     }
     catch (UnauthorizedAccessException)
     {
         return Trace("SetFileSecurity", fileName, info, DokanResult.AccessDenied, sections.ToString());
     }
 }
 NtStatus IDokanOperations.SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
 {
     return Operations.SetFileSecurity(fileName, security, sections, info);
 }