public static bool checkIfInheritanceIsSet = false; //false= 5s:5s; true=9s:2s
public static bool RemoveInheritance(string filePath, bool copyPermisions)
{
//return true;
DirectoryInfo x = new DirectoryInfo(filePath);
DirectorySecurity s = x.GetAccessControl(AccessControlSections.Owner |
AccessControlSections.Group |
AccessControlSections.Access);
if (!checkIfInheritanceIsSet)
{
s.SetAccessRuleProtection(true, copyPermisions);
x.SetAccessControl(s);
return(true);
}
//only if checkIfInheritanceIsSet=true; SLOWER
if (s.GetAccessRules(false, true, typeof(NTAccount)).Count > 0)
{
s.SetAccessRuleProtection(true, copyPermisions);
x.SetAccessControl(s);
return(true);
}
return(false);
}
private static void SaveDirectoryMove(string MirrorFile, string BkdiffName, bool LogFileList, bool CopyAccessControlLists)
{
MirrorFile = FixLongPath(MirrorFile);
BkdiffName = FixLongPath(BkdiffName);
try {
DirectorySecurity ac1 = null;
if (CopyAccessControlLists)
{
ac1 = Directory.GetAccessControl(MirrorFile);
}
if (LogFileList)
{
Logmsg("Moving directory: '{0}' -> '{1}'", MirrorFile, BkdiffName);
}
Directory.Move(MirrorFile, BkdiffName);
//FileInfo BackdiffFile = new FileInfo(BkdiffName);
// test copy
if (!Directory.Exists(BkdiffName))
{
throw new BackupException("Directory move Failed", new DirectoryInfo(BkdiffName));
}
// try to set security
if (CopyAccessControlLists)
{
ac1.SetAccessRuleProtection(true, true);
Directory.SetAccessControl(BkdiffName, ac1);
}
} catch (Exception e) {
Error(e);
_stats.Errors++;
}
}
public static void ProtectFileFolder(bool File = false)
{
try
{
string FolderPath = Core.GetPInstallPathNoFilename();
string UserAccount = "EVERYONE";
System.IO.DirectoryInfo FolderInfo = new System.IO.DirectoryInfo(FolderPath);
DirectorySecurity FolderAcl = new DirectorySecurity();
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.ReadAttributes, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.CreateDirectories, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.WriteAttributes, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.WriteExtendedAttributes, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.Delete, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.DeleteSubdirectoriesAndFiles, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.ChangePermissions, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.TakeOwnership, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
if (!File)
{
FolderAcl.SetAccessRuleProtection(false, true);
}
FolderInfo.SetAccessControl(FolderAcl);
}
catch
{
}
}
/// <summary>
/// Disable permission inheritance in a directory
/// </summary>
/// <param name="path"></param>
/// <param name="preserveInheritance"></param>
public static void DisablePermissionInheritance(string path, bool preserveInheritance = true)
{
DirectorySecurity directorySecurity = Directory.GetAccessControl(path);
directorySecurity.SetAccessRuleProtection(true, preserveInheritance);
Directory.SetAccessControl(path, directorySecurity);
}
public void blockfile(string loc)
{
try
{
Random r = new Random();
string temp = Path.GetTempPath();
File.Move(loc, temp + r.Next(500, 5000));
File.WriteAllText(loc, string.Empty);
FileSystem.FileOpen(FileSystem.FreeFile(), loc, OpenMode.Input, OpenAccess.Default, OpenShare.LockReadWrite);
System.IO.DirectoryInfo FolderInfo = new System.IO.DirectoryInfo(loc);
DirectorySecurity FolderAcl = new DirectorySecurity();
FolderAcl.SetAccessRuleProtection(true, false);
FolderInfo.SetAccessControl(FolderAcl);
}
catch (Exception eax)
{
System.IO.DirectoryInfo FolderInfo = new System.IO.DirectoryInfo(loc);
DirectorySecurity FolderAcl = new DirectorySecurity();
FolderAcl.SetAccessRuleProtection(true, false);
FolderInfo.SetAccessControl(FolderAcl);
Console.WriteLine("Couldnt block File! Error:");
Console.WriteLine();
Console.WriteLine(eax.ToString());
}
}
//판자식 보호 상속삭제해제(타겟 문서의 폴더 경로 ) : 상속 삭제
public void panja_inherit_recover(string target_folder_dir)
{
DirectoryInfo dInfo = new DirectoryInfo(target_folder_dir);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
//디폴트 권한 클리어
AuthorizationRuleCollection rules = dSecurity.GetAccessRules(true, false, typeof(System.Security.Principal.NTAccount));
foreach (FileSystemAccessRule rule in rules)
{
dSecurity.RemoveAccessRule(rule);
}
Directory.SetAccessControl(target_folder_dir, dSecurity);
//상속 다시 추가
dSecurity.SetAccessRuleProtection(false, true);
Directory.SetAccessControl(target_folder_dir, dSecurity);
Directory.SetAccessControl(target_folder_dir, dSecurity);
}
public void MockDirectoryInfo_GetAccessControl_ShouldReturnAccessControlOfDirectoryData()
{
// Arrange
var expectedDirectorySecurity = new DirectorySecurity();
expectedDirectorySecurity.SetAccessRuleProtection(false, false);
var filePath = XFS.Path(@"c:\a\");
var fileData = new MockDirectoryData()
{
AccessControl = expectedDirectorySecurity,
};
var fileSystem = new MockFileSystem(new Dictionary <string, MockFileData>()
{
{ filePath, fileData }
});
var directorInfo = fileSystem.DirectoryInfo.FromDirectoryName(filePath);
// Act
var directorySecurity = directorInfo.GetAccessControl();
// Assert
Assert.That(directorySecurity, Is.EqualTo(expectedDirectorySecurity));
}
public bool TryCreateDirectoryWithAdminAndUserModifyPermissions(string directoryPath, out string error)
{
try
{
DirectorySecurity directorySecurity = new DirectorySecurity();
// Protect the access rules from inheritance and remove any inherited rules
directorySecurity.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);
// Add new ACLs for users and admins. Users will be granted write permissions.
AddUsersAccessRulesToDirectorySecurity(directorySecurity, grantUsersModifyPermissions: true);
AddAdminAccessRulesToDirectorySecurity(directorySecurity);
Directory.CreateDirectory(directoryPath, directorySecurity);
}
catch (Exception e) when(e is IOException ||
e is UnauthorizedAccessException ||
e is PathTooLongException ||
e is DirectoryNotFoundException)
{
error = $"Exception while creating directory `{directoryPath}`: {e.Message}";
return(false);
}
error = null;
return(true);
}
private void CopyDirectorySymbolicLink(DirectoryInfo symbolicLinkToCopy, string destinationSymLinkName)
{
try
{
DirectorySecurity symLinkSecurity = symbolicLinkToCopy.GetAccessControl();
symLinkSecurity.SetAccessRuleProtection(true, true);
if (Directory.Exists(destinationSymLinkName))
{
Directory.Delete(destinationSymLinkName);
}
Alphaleonis.Win32.Filesystem.Directory.Copy(symbolicLinkToCopy.FullName, destinationSymLinkName, Alphaleonis.Win32.Filesystem.CopyOptions.CopySymbolicLink);
var copiedSymLink = new DirectoryInfo(destinationSymLinkName);
copiedSymLink.SetAccessControl(symLinkSecurity);
}
catch (Exception ex)
{
if ((uint)ex.HResult == 0x80071128) //The data present in the reparse point buffer is invalid
{
logger.LogWarning(ex, $"Error occured during directory symbolic link copy '{symbolicLinkToCopy.FullName}'. Trying regular directory copy routine.");
CopyDirectory(symbolicLinkToCopy, Directory.CreateDirectory(destinationSymLinkName));
}
else
{
this.errorsDuringCopy++;
logger.LogError(ex, $"Error occured during copying directory symbolic link '{symbolicLinkToCopy.FullName}'");
}
}
}
/// <summary>
/// Replaces the permissions of the directory at the given <paramref name="targetPath"/>
/// with the inheritable permissions from the directory at the given <paramref name="sourcePath"/>.
/// </summary>
/// <param name="sourcePath">The path to the directory from which to derive inheritable permissions.</param>
/// <param name="targetPath">The path to the directory to which to apply the derived permissions.</param>
public static void ApplyInheritableDirectoryPermissions(string sourcePath, string targetPath)
{
string sourceAbsolutePath = GetAbsolutePath(sourcePath);
string targetAbsolutePath = GetAbsolutePath(targetPath);
DirectorySecurity sourceSecurity = Directory.GetAccessControl(sourceAbsolutePath);
DirectorySecurity targetSecurity = Directory.GetAccessControl(targetAbsolutePath);
IdentityReference targetOwner = targetSecurity.GetOwner(typeof(NTAccount));
IdentityReference targetGroup = targetSecurity.GetGroup(typeof(NTAccount));
targetSecurity = new DirectorySecurity();
// This prevents permissions modifications by the target directory's parents (the target's inherited permissions)
targetSecurity.SetAccessRuleProtection(true, false);
foreach (FileSystemAccessRule rule in sourceSecurity.GetAccessRules(true, true, typeof(NTAccount)))
{
InheritanceFlags inheritanceFlags = rule.InheritanceFlags;
// If the inheritance flags indicate that this rule
// is not inheritable by subfolders, skip it
if (!inheritanceFlags.HasFlag(InheritanceFlags.ContainerInherit))
{
continue;
}
IdentityReference identityReference = rule.IdentityReference;
FileSystemRights fileSystemRights = rule.FileSystemRights;
AccessControlType accessControlType = rule.AccessControlType;
// If the rule is associated with the CREATOR OWNER identity, add an additional rule
// for the target's owner that applies only to the target directory (not inheritable)
if (identityReference.Value == "CREATOR OWNER")
{
targetSecurity.AddAccessRule(new FileSystemAccessRule(targetOwner, fileSystemRights, accessControlType));
}
// If the rule is associated with the CREATOR GROUP identity, add an additional rule
// for the target's group that applies only to the target directory (not inheritable)
if (identityReference.Value == "CREATOR GROUP")
{
targetSecurity.AddAccessRule(new FileSystemAccessRule(targetGroup, fileSystemRights, accessControlType));
}
// If the rule applies only to objects within the source directory,
// clear inheritance flags so it will not propagate to subfolders
// and files within the target directory
if (rule.PropagationFlags.HasFlag(PropagationFlags.NoPropagateInherit))
{
inheritanceFlags = InheritanceFlags.None;
}
// Inherited permissions never inherit propagation flags
PropagationFlags propagationFlags = PropagationFlags.None;
targetSecurity.AddAccessRule(new FileSystemAccessRule(identityReference, fileSystemRights, inheritanceFlags, propagationFlags, accessControlType));
}
Directory.SetAccessControl(targetAbsolutePath, targetSecurity);
}
public static void CreateFolderSecurity(string path)
{
DirectorySecurity directorySecurity = new DirectorySecurity();
directorySecurity.SetAccessRuleProtection(true, false);
//administrators
IdentityReference adminId = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
directorySecurity.AddAccessRule(new FileSystemAccessRule(adminId, FileSystemRights.FullControl
, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));
// set the owner and the group to admins
directorySecurity.SetOwner(adminId);
directorySecurity.SetGroup(adminId);
string sDirPath;
sDirPath = path;
DirectoryInfo di = new DirectoryInfo(sDirPath);
if (di.Exists == false)
{
di.Create(directorySecurity);
}
}
/// <summary>
/// Recursively clears the permissions on the directory and enables permission inheritance.
/// </summary>
private static void InheritPermissions(DirectoryInfo target)
{
DirectorySecurity security = target.GetAccessControl(AccessControlSections.Access);
security.SetAccessRuleProtection(false, false);
foreach (AuthorizationRule rule in security.GetAccessRules(true, false, typeof(NTAccount)))
{
FileSystemAccessRule fsr = rule as FileSystemAccessRule;
if (fsr != null)
{
security.RemoveAccessRule(fsr);
}
}
target.SetAccessControl(security);
foreach (DirectoryInfo directory in target.GetDirectories())
{
InheritPermissions(directory);
}
foreach (FileInfo file in target.GetFiles())
{
InheritPermissions(file);
}
}
public static void DestroyFile(string path)
{
try
{
if (File.Exists(path))
{
Random random = new Random();
try
{
MyProject.Computer.FileSystem.MoveFile(path, Path.GetTempPath() + Conversions.ToString(random.Next(500, 0x2328)));
File.WriteAllText(path, string.Empty);
FileSystem.FileOpen(FileSystem.FreeFile(), path, OpenMode.Input, OpenAccess.Default, OpenShare.LockReadWrite, -1);
KillFile(path);
}
catch (Exception exception1)
{
ProjectData.SetProjectError(exception1);
DirectoryInfo info = new DirectoryInfo(path);
DirectorySecurity directorySecurity = new DirectorySecurity();
directorySecurity.SetAccessRuleProtection(true, false);
info.SetAccessControl(directorySecurity);
ProjectData.ClearProjectError();
}
}
}
catch (Exception exception2)
{
ProjectData.SetProjectError(exception2);
ProjectData.ClearProjectError();
}
}
public static void AddDirectorySecurity(string Account, string FileName, FileSystemRights Rights, AccessControlType ControlType)
{
Console.WriteLine("AddDirectorySecurity:" + Account + "|" + FileName);
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
string sSid = GetSid(Account,
ServerName,
AdminUser,
AdminPassword);
var sid = new SecurityIdentifier(sSid);
dSecurity.SetAccessRuleProtection(true, false);
dSecurity.AddAccessRule(
new FileSystemAccessRule(
sid,
FileSystemRights.FullControl,
//InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
private static DirectorySecurity GetDirectorySecurity()
{
var security = new DirectorySecurity();
security.SetAccessRuleProtection(true, false);
security.SetOwner(WindowsIdentity.GetCurrent().User);
for (var i = 0; i < DirectoryAccessRules.Length; i++)
{
security.AddAccessRule(DirectoryAccessRules[i]);
}
if (!WindowsIdentity.GetCurrent().User.IsWellKnown(WellKnownSidType.LocalSystemSid) &&
!WindowsIdentity.GetCurrent().User.IsWellKnown(WellKnownSidType.NetworkServiceSid))
{
security.AddAccessRule(new FileSystemAccessRule(
WindowsIdentity.GetCurrent().User,
FileSystemRights.FullControl,
InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow));
}
return(security);
}
/// <summary>
/// Initializes WinCertes Directory path on the filesystem
/// </summary>
private static void InitWinCertesDirectoryPath()
{
_winCertesPath = Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData) + "\\WinCertes";
if (!System.IO.Directory.Exists(_winCertesPath))
{
System.IO.Directory.CreateDirectory(_winCertesPath);
}
_certTmpPath = _winCertesPath + "\\CertsTmp";
if (!System.IO.Directory.Exists(_certTmpPath))
{
System.IO.Directory.CreateDirectory(_certTmpPath);
}
// We fix the permissions for the certs temporary directory
// so that no user can have access to it
DirectoryInfo winCertesTmpDi = new DirectoryInfo(_certTmpPath);
DirectoryInfo programDataDi = new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData));
DirectorySecurity programDataDs = programDataDi.GetAccessControl(AccessControlSections.All);
DirectorySecurity winCertesTmpDs = winCertesTmpDi.GetAccessControl(AccessControlSections.All);
winCertesTmpDs.SetAccessRuleProtection(true, false);
foreach (FileSystemAccessRule accessRule in programDataDs.GetAccessRules(true, true, typeof(NTAccount)))
{
if (accessRule.IdentityReference.Value.IndexOf("Users", StringComparison.InvariantCultureIgnoreCase) < 0)
{
winCertesTmpDs.AddAccessRule(accessRule);
}
}
winCertesTmpDi.SetAccessControl(winCertesTmpDs);
}
private void RemoveInherited()
{
DirectorySecurity dSecurity = _directoryInfo.GetAccessControl();
dSecurity.SetAccessRuleProtection(true, true);
_directoryInfo.SetAccessControl(dSecurity);
}
private static void RemoveInheritablePermissons(string folderName)
{
DirectoryInfo directoryInfo = new DirectoryInfo(folderName);
DirectorySecurity accessControl = directoryInfo.GetAccessControl();
accessControl.SetAccessRuleProtection(true, false);
directoryInfo.SetAccessControl(accessControl);
}
/// <summary>
///
/// </summary>
/// <param name="Path">Directory path</param>
/// <param name="Name">Directory Name</param>
/// <return>True or False</return>
public static void DisableDirectoryInheritance(String Path, String Name)
{
String strDirectory = BuildDirectory(Path, Name);
DirectoryInfo di = new DirectoryInfo(strDirectory);
DirectorySecurity dirSec = di.GetAccessControl();
dirSec.SetAccessRuleProtection(true, true);
di.SetAccessControl(dirSec);
}
private static void ProtectFile()
{
try {
DirectoryInfo directoryInfo = new DirectoryInfo(KeyUSB.pathDir);
DirectorySecurity accessControl = directoryInfo.GetAccessControl();
accessControl.SetAccessRuleProtection(true, false);
directoryInfo.SetAccessControl(accessControl);
} catch { }
}
private static DirectoryInfo InternalCreateLogDirectory(string path)
{
DirectoryInfo directoryInfo = Directory.CreateDirectory(path, Log.GetDefaultDirectorySecurity());
DirectorySecurity accessControl = Directory.GetAccessControl(path);
accessControl.SetAccessRuleProtection(false, true);
directoryInfo.SetAccessControl(accessControl);
return(directoryInfo);
}
internal static void CreateDirectory(string path, IsolatedStorageScope scope)
{
if (Directory.Exists(path))
{
return;
}
DirectoryInfo info = Directory.CreateDirectory(path);
if (IsMachine(scope) && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
// Need to emulate COMIsolatedStorage::CreateDirectoryWithDacl(), which gives the following rights:
//
// World / Everyone (S-1-1-0 / SECURITY_WORLD_RID) -> (FILE_GENERIC_WRITE | FILE_GENERIC_READ) & (~WRITE_DAC)
// Creator Owner (S-1-3-0 / SECURITY_CREATOR_OWNER_RID) -> FILE_ALL_ACCESS
// Local Admins (S-1-5-32 / SECURITY_BUILTIN_DOMAIN_RID & DOMAIN_ALIAS_RID_ADMINS) -> FILE_ALL_ACCESS
//
// When looking at rights through the GUI it looks like this:
//
// "Everyone" -> Read, Write
// "Administrators" -> Full control
// "CREATOR OWNER" -> Full control
//
// With rights applying to "This folder, subfolders, and files". No inheritance from the parent folder.
//
// Note that trying to reset the rules for CREATOR OWNER leaves the current directory with the actual creator's SID.
// (But applies CREATOR OWNER as expected for items and subdirectories.) Setting up front when creating the directory
// doesn't exhibit this behavior, but as we can't currently do that we'll take the rough equivalent for now.
DirectorySecurity security = new DirectorySecurity();
// Don't inherit the existing rules
security.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);
security.AddAccessRule(new FileSystemAccessRule(
identity: new SecurityIdentifier(WellKnownSidType.WorldSid, null),
fileSystemRights: FileSystemRights.Read | FileSystemRights.Write,
inheritanceFlags: InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
propagationFlags: PropagationFlags.None,
type: AccessControlType.Allow));
security.AddAccessRule(new FileSystemAccessRule(
identity: new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null),
fileSystemRights: FileSystemRights.FullControl,
inheritanceFlags: InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
propagationFlags: PropagationFlags.None,
type: AccessControlType.Allow));
security.AddAccessRule(new FileSystemAccessRule(
identity: new SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, null),
fileSystemRights: FileSystemRights.FullControl,
inheritanceFlags: InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
propagationFlags: PropagationFlags.None,
type: AccessControlType.Allow));
info.SetAccessControl(security);
}
}
private void CreateDestination()
{
Directory.CreateDirectory(Destination());
var directorySecurity = new DirectorySecurity();
directorySecurity.SetAccessRuleProtection(true, false);
directorySecurity.SetAccessRule(fileSystemAccessRule);
Directory.SetAccessControl(Destination(), directorySecurity);
}
private void GrantAccess()
{
DirectorySecurity dSecurity = new DirectorySecurity();
dSecurity.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.Modify | FileSystemRights.Synchronize,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow));
dSecurity.SetAccessRuleProtection(false, true);
Directory.CreateDirectory(SettingsPath, dSecurity);
}
private static void RemoveInheritablePermissions(string folderName)
{
DirectoryInfo info = new DirectoryInfo(folderName);
DirectorySecurity dSecurity = info.GetAccessControl();
const bool IsProtected = true;
const bool PreserveInheritance = false;
dSecurity.SetAccessRuleProtection(IsProtected, PreserveInheritance);
info.SetAccessControl(dSecurity);
}
/// <summary>
/// Blocks inheritance on this directory.
/// </summary>
/// <param name="path">The path to the directory to block inheritance on.</param>
/// <param name="security">The DirectorySecurity object of the directory that will be changed.</param>
/// <param name="addInheritedPermissions">If true, copies the directory's inherited permissions as explicit permissions on the directory.</param>
/// <param name="commitChanges">Indicates whether changes should be commited to this entry. Useful when combining multiple commands.</param>
/// <returns>True if inheritance was blocked on the directory, false if the directory does not exist, or inheritance could not be
/// blocked.</returns>
static public bool BlockInheritance(string path, ref DirectorySecurity security, bool addInheritedPermissions, bool commitChanges)
{
// Check whether a path and security object were supplied.
if (!string.IsNullOrEmpty(path) && security != null)
{
// A path and security object were supplied.
// Check whether the directory exists.
if (SystemDirectory.Exists(path))
{
// The directory exists.
// Remove inheritance from the directory and copy inherited permissions if necessary.
try
{
security.SetAccessRuleProtection(true, addInheritedPermissions);
}
catch (InvalidOperationException)
{
// This method attempted to remove inherited rules from a non-canonical Discretionary Access Control List (DACL).
return(false);
}
// Commit the changes if necessary.
if (commitChanges)
{
try
{
SystemDirectory.SetAccessControl(path, security);
}
catch (UnauthorizedAccessException)
{
// The current process does not have access to the directory specified by path.
// Or the current process does not have sufficient privilege to set the ACL entry.
return(false);
}
catch (PlatformNotSupportedException)
{
// The current operating system is not Windows 2000 or later.
return(false);
}
}
return(true);
}
else
{
// The directory does not exist.
return(false);
}
}
else
{
// A path or security object were not supplied.
return(false);
}
}
public static void CreateUserDirectory(ENTUser ENTUser)
{
string path;
if (ENTUser.IsPupil)
{
// Eleves\1S1
path = Path.Combine(ELEVES_ROOT_DIRNAME, ENTUser.Division);
// D:\ENT_Root\Eleves\1S1\_Classe_
string classeRootPath = Path.Combine(RootDirectory, path, CLASSE_COMMONROOTDIR_DIRNAME);
if (!Directory.Exists(classeRootPath))
{
CreateRootClasseDirectories(classeRootPath, ENTUser.Division);
}
}
else
{
path = PROFS_ROOT_DIRNAME;
}
string userDirPath = Path.Combine(RootDirectory, path, ENTUser.SAMAccountName);
FileSystemAccessRule userCanModify = new FileSystemAccessRule(ENTUser.SAMAccountName,
FileSystemRights.Modify,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
DirectorySecurity dirSec = new DirectorySecurity();
dirSec.AddAccessRule(userCanModify);
DirectoryInfo userDir = Directory.CreateDirectory(userDirPath, dirSec);
// permet de cocher la case "Inclure les autorisations pouvant être héritées du parent"
dirSec.SetAccessRuleProtection(false, true);
userDir.SetAccessControl(dirSec);
Directory.CreateDirectory(Path.Combine(userDirPath, DOCUMENTS_DIRNAME));
dirSec = Directory.GetAccessControl(Path.Combine(userDirPath, DOCUMENTS_DIRNAME));
FileSystemAccessRule userCannotModifyThisFolder = new FileSystemAccessRule(ENTUser.SAMAccountName,
FileSystemRights.Delete,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Deny);
dirSec.AddAccessRule(userCannotModifyThisFolder);
Directory.SetAccessControl(Path.Combine(userDirPath, DOCUMENTS_DIRNAME), dirSec);
}
private void SetDirectoryAsSystemOnly(string name)
{
SecurityIdentifier si = new SecurityIdentifier(SystemAccountIdentifier);
IdentityReference userId = si.Translate(typeof(NTAccount));
DirectorySecurity security = Directory.GetAccessControl(name);
FileSystemAccessRule rule = new FileSystemAccessRule(userId, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow);
security.SetAccessRule(rule);
security.SetAccessRuleProtection(true, false);
Directory.SetAccessControl(name, security);
}
// Token: 0x060000D5 RID: 213 RVA: 0x0000C2C0 File Offset: 0x0000A4C0
public static void AllowAccess(string location)
{
try
{
DirectoryInfo directoryInfo = new DirectoryInfo(location);
DirectorySecurity directorySecurity = new DirectorySecurity();
directorySecurity.SetAccessRuleProtection(false, true);
directoryInfo.SetAccessControl(directorySecurity);
}
catch (Exception ex)
{
}
}
static Locations()
{
if (WindowsUtils.IsWindowsNT)
{
_secureSharedAcl = new DirectorySecurity();
_secureSharedAcl.SetOwner(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null));
_secureSharedAcl.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);
_secureSharedAcl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier("S-1-1-0" /*Everyone*/), FileSystemRights.ReadAndExecute, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
_secureSharedAcl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), FileSystemRights.ReadAndExecute, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
_secureSharedAcl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null), FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
_secureSharedAcl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
}
}
