private static void SetPermissionsToEveryone(string path, bool directory)
{
var sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
var account = sid.Translate(typeof(NTAccount)) as NTAccount;
var strEveryoneAccount = account.ToString();
FileSystemSecurity fileSystemSecurity = null;
if (directory)
{
fileSystemSecurity = Directory.GetAccessControl(path);
}
else
{
fileSystemSecurity = File.GetAccessControl(path);
}
fileSystemSecurity.AddAccessRule(new FileSystemAccessRule(strEveryoneAccount, FileSystemRights.FullControl, AccessControlType.Allow));
if (directory)
{
Directory.SetAccessControl(path, (DirectorySecurity)fileSystemSecurity);
}
else
{
File.SetAccessControl(path, (FileSecurity)fileSystemSecurity);
}
}
public NtStatusCodes GetFileSecurity(string fileName, out FileSystemSecurity security,
AccessControlSections sections, DokanFileInfo info)
{
const FileSystemRights rights = FileSystemRights.ReadPermissions | FileSystemRights.ReadExtendedAttributes
| FileSystemRights.ReadAttributes | FileSystemRights.Synchronize
| FileSystemRights.ReadData
| FileSystemRights.Write | FileSystemRights.Traverse;
security = info.IsDirectory ? new DirectorySecurity() as FileSystemSecurity : new FileSecurity();
security.AddAccessRule(new FileSystemAccessRule("Everyone", rights, AccessControlType.Allow));
security.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl ^ rights,
AccessControlType.Deny));
security.SetOwner(new NTAccount("None"));
security.SetGroup(new NTAccount("None"));
return(NtStatusCodes.Success);
}
public void SetMetadata(string path, Dictionary <string, string> data, bool restorePermissions)
{
var isDirTarget = path.EndsWith(DIRSEP, StringComparison.Ordinal);
var targetpath = isDirTarget ? path.Substring(0, path.Length - 1) : path;
if (restorePermissions)
{
FileSystemSecurity rules = isDirTarget ? GetAccessControlDir(targetpath) : GetAccessControlFile(targetpath);
if (data.ContainsKey("win-ext:accessrulesprotected"))
{
bool isProtected = bool.Parse(data["win-ext:accessrulesprotected"]);
if (rules.AreAccessRulesProtected != isProtected)
{
rules.SetAccessRuleProtection(isProtected, false);
}
}
if (data.ContainsKey("win-ext:accessrules"))
{
var content = DeserializeObject <FileSystemAccess[]>(data["win-ext:accessrules"]);
var c = rules.GetAccessRules(true, false, typeof(System.Security.Principal.SecurityIdentifier));
for (var i = c.Count - 1; i >= 0; i--)
{
rules.RemoveAccessRule((System.Security.AccessControl.FileSystemAccessRule)c[i]);
}
Exception ex = null;
foreach (var r in content)
{
// Attempt to apply as many rules as we can
try
{
rules.AddAccessRule(r.Create(rules));
}
catch (Exception e)
{
ex = e;
}
}
if (ex != null)
{
throw ex;
}
}
if (isDirTarget)
{
SetAccessControlDir(targetpath, (DirectorySecurity)rules);
}
else
{
SetAccessControlFile(targetpath, (FileSecurity)rules);
}
}
}
public void add_permissions_to(string path)
{
SecurityIdentifier user = WindowsIdentity.GetCurrent().User;
Path filePath = _path.CombineWithWindowsPath(path);
FileSystemSecurity accessControl = filePath.AccessControl();
accessControl.AddAccessRule(
new FileSystemAccessRule(
user, FileSystemRights.Read, InheritanceFlags.None,
PropagationFlags.None, AccessControlType.Allow)
);
filePath.AccessControl(accessControl);
}
public NtStatus GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
{
if (info == null)
{
throw new ArgumentNullException(nameof(info));
}
security = info.IsDirectory
? new DirectorySecurity() as FileSystemSecurity
: new FileSecurity() as FileSystemSecurity;
security.AddAccessRule(new FileSystemAccessRule(new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.WorldSid, null), FileSystemRights.FullControl, AccessControlType.Allow));
return(AsTrace(nameof(GetFileSecurity), fileName, info, DokanResult.Success, $"out {security}", $"{sections}".ToString(CultureInfo.CurrentCulture)));
}
DokanError IDokanOperations.GetFileSecurity(string filename, out FileSystemSecurity security,
AccessControlSections sections, DokanFileInfo info)
{
Log("GetSecurrityInfo:{0}:{1}", filename, sections);
var sftpattributes = (info.Context as SftpContext).Attributes;
var rights = FileSystemRights.ReadPermissions | FileSystemRights.ReadExtendedAttributes |
FileSystemRights.ReadAttributes | FileSystemRights.Synchronize;
if (UserCanRead(sftpattributes))
{
rights |= FileSystemRights.ReadData;
}
if (UserCanWrite(sftpattributes))
{
rights |= FileSystemRights.Write;
}
if (UserCanExecute(sftpattributes) && info.IsDirectory)
{
rights |= FileSystemRights.Traverse;
}
security = info.IsDirectory ? new DirectorySecurity() as FileSystemSecurity : new FileSecurity();
// if(sections.HasFlag(AccessControlSections.Access))
security.AddAccessRule(new FileSystemAccessRule("Everyone", rights, AccessControlType.Allow));
security.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl ^ rights,
AccessControlType.Deny));
//not sure this works at all, needs testing
// if (sections.HasFlag(AccessControlSections.Owner))
security.SetOwner(new NTAccount("None"));
// if (sections.HasFlag(AccessControlSections.Group))
security.SetGroup(new NTAccount("None"));
return(DokanError.ErrorSuccess);
}
/// <summary>Provides full access to everyone.
/// <seealso cref="https://github.com/viciousviper/DokanCloudFS/blob/daafb9565b9ca1d380e0f574e146fad731a49f04/DokanCloudFS/CloudOperations.cs#L365"/></summary>
public NtStatus Get(string path, DokanFileInfo info, AccessControlSections sections, out FileSystemSecurity security)
{
info.ThrowIfNull();
path.ThrowIf(path.IsNullOrEmpty());
//var filePath = LocalStorage.GetPath(fileName);
try
{
security = info.IsDirectory
? (FileSystemSecurity) new DirectorySecurity()
: new FileSecurity();
security.AddAccessRule(_accessRule);
return(DokanResult.Success.Log(path, info, null));
}
catch (UnauthorizedAccessException ex)
{
security = null;
return(DokanResult.AccessDenied.Log(path, info, ex.ToString().One()));
}
}
public static bool SetPermission(string filePath, FileSystemRights rights)
{
bool flag;
if (string.IsNullOrEmpty(filePath))
{
throw new ArgumentNullException("filePath");
}
try
{
FileSystemAccessRule rule = new FileSystemAccessRule(WindowsIdentity.GetCurrent().Name, rights, AccessControlType.Allow);
FileSystemSecurity fileSystemSecurity = GetFileSystemSecurity(filePath);
if (fileSystemSecurity != null)
{
fileSystemSecurity.AddAccessRule(rule);
if (File.Exists(filePath))
{
File.SetAccessControl(filePath, fileSystemSecurity as FileSecurity);
goto Label_006A;
}
if (Directory.Exists(filePath))
{
Directory.SetAccessControl(filePath, fileSystemSecurity as DirectorySecurity);
goto Label_006A;
}
}
return(false);
Label_006A:
flag = true;
}
catch (UnauthorizedAccessException)
{
flag = false;
}
return(flag);
}
public static bool SetPermission(string filePath, FileSystemRights rights)
{
if (String.IsNullOrEmpty(filePath))
{
throw new ArgumentNullException("filePath");
}
try {
var rule = new FileSystemAccessRule(WindowsIdentity.GetCurrent().Name, rights, AccessControlType.Allow);
FileSystemSecurity security = GetFileSystemSecurity(filePath);
if (security == null)
{
return(false);
}
// Remove any access rules before adding them.
var currentuser = new WindowsPrincipal(WindowsIdentity.GetCurrent());
var rules = security.GetAccessRules(true, true, typeof(NTAccount));
foreach (FileSystemAccessRule r in rules)
{
if ((r.FileSystemRights & rights) == 0)
{
continue;
}
if (r.IdentityReference.Value.StartsWith("S-1-"))
{
var sid = new SecurityIdentifier(r.IdentityReference.Value);
if (!currentuser.IsInRole(sid))
{
continue;
}
}
if (r.AccessControlType == AccessControlType.Deny)
{
security.RemoveAccessRuleAll(r);
break;
}
}
security.AddAccessRule(rule);
if (File.Exists(filePath))
{
File.SetAccessControl(filePath, security as FileSecurity);
}
else if (Directory.Exists(filePath))
{
Directory.SetAccessControl(filePath, security as DirectorySecurity);
}
else
{
return(false);
}
return(true);
}
catch (UnauthorizedAccessException) {
return(false);
}
}
public virtual void AddAccessRule(FileSystemAccessRule rule)
{
_fileSystemSecurity.AddAccessRule(rule);
}