public FileSystemSecurity GetSecurity(AccessControlSections sections)
{
lock (Lock) {
DirectorySecurity security = new DirectorySecurity();
if ((sections & AccessControlSections.Owner) != 0)
{
security.SetOwner(_directory.Owner);
}
if ((sections & AccessControlSections.Group) != 0)
{
security.SetGroup(_directory.Group);
}
if ((sections & AccessControlSections.Access) != 0)
{
foreach (var r in _fileSystem.GetAccessRules(_directory))
{
security.AddAccessRule(
new FileSystemAccessRule(r.IdentityReference, r.FileSystemRights, r.InheritanceFlags, r.PropagationFlags, r.AccessControlType));
}
}
if ((sections & AccessControlSections.Audit) != 0)
{
foreach (var r in _fileSystem.GetAuditRules(_directory))
{
security.AddAuditRule(
new FileSystemAuditRule(r.IdentityReference, r.FileSystemRights, r.InheritanceFlags, r.PropagationFlags, r.AuditFlags));
}
}
return(security);
}
}
public static void TakeOwnership(string directory, string windowsUser)
{
Logger.Debug("User {0} taking ownership of directory {1}", windowsUser, directory);
Stopwatch sw = Stopwatch.StartNew();
if (!Directory.Exists(directory))
{
return;
}
DirectoryInfo dirInfo = new DirectoryInfo(directory);
DirectorySecurity dirSecurity = dirInfo.GetAccessControl();
dirSecurity.SetOwner(new NTAccount(windowsUser));
dirSecurity.SetAccessRule(
new FileSystemAccessRule(
windowsUser,
FileSystemRights.Write | FileSystemRights.Read | FileSystemRights.Delete | FileSystemRights.Modify | FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None | PropagationFlags.InheritOnly,
AccessControlType.Allow));
using (new ProcessPrivileges.PrivilegeEnabler(Process.GetCurrentProcess(), ProcessPrivileges.Privilege.Restore))
{
dirInfo.SetAccessControl(dirSecurity);
}
sw.Stop();
Logger.Debug("Took {0} ms to take ownership of {1}", sw.Elapsed.Milliseconds, directory);
}
private static DirectorySecurity GetDirectorySecurity()
{
var security = new DirectorySecurity();
security.SetAccessRuleProtection(true, false);
security.SetOwner(WindowsIdentity.GetCurrent().User);
for (var i = 0; i < DirectoryAccessRules.Length; i++)
{
security.AddAccessRule(DirectoryAccessRules[i]);
}
if (!WindowsIdentity.GetCurrent().User.IsWellKnown(WellKnownSidType.LocalSystemSid) &&
!WindowsIdentity.GetCurrent().User.IsWellKnown(WellKnownSidType.NetworkServiceSid))
{
security.AddAccessRule(new FileSystemAccessRule(
WindowsIdentity.GetCurrent().User,
FileSystemRights.FullControl,
InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow));
}
return(security);
}
static void Main(string[] args)
{
try
{
var currentUser = WindowsIdentity.GetCurrent().Name;
Console.WriteLine("Running as user '{0}'", currentUser);
var folder = ConfigurationManager.AppSettings["DropBoxSystemVolPath"];
if (Directory.Exists(folder))
{
IdentityReference owner = new NTAccount(currentUser);
DirectoryInfo directory = new DirectoryInfo(folder);
DirectorySecurity directorySecurity = directory.GetAccessControl();
directorySecurity.AddAccessRule(new FileSystemAccessRule(currentUser,
FileSystemRights.DeleteSubdirectoriesAndFiles,
AccessControlType.Allow));
directorySecurity.AddAccessRule(new FileSystemAccessRule(currentUser,
FileSystemRights.FullControl,
AccessControlType.Allow));
UnmanagedCode.GiveRestorePrivilege();
directorySecurity.SetOwner(owner);
directory.SetAccessControl(directorySecurity);
Console.WriteLine("Deleting path '{0}'", folder);
Directory.Delete(folder, true);
Console.WriteLine("Done.");
}
else
{
Console.WriteLine("Could not find path '{0}'", folder);
}
}
catch (Exception exc)
{
Console.WriteLine(exc);
}
}
public static void SetOwner(DirectoryInfo di, WindowsIdentity wi = null)
{
DirectorySecurity ds = new DirectorySecurity();
if (wi == null)
{
ds.SetOwner(new NTAccount(WindowsIdentity.GetCurrent().Name));
}
else
{
ds.SetOwner(new NTAccount(wi.Name));
}
ds.SetOwner(new NTAccount(WindowsIdentity.GetCurrent().Name));
di.SetAccessControl(ds);
}
/// <summary>
/// Makes the loged-in user the owner of the folder.
/// </summary>
/// <param name="folderPath">folder path in file system</param>
private static void MakeOwner(string folderPath, DavContext context)
{
DirectorySecurity securityOwner = Directory.GetAccessControl(folderPath, AccessControlSections.Owner);
securityOwner.SetOwner(context.WindowsIdentity.User);
Directory.SetAccessControl(folderPath, securityOwner);
}
public static void CreateFolderSecurity(string path)
{
DirectorySecurity directorySecurity = new DirectorySecurity();
directorySecurity.SetAccessRuleProtection(true, false);
//administrators
IdentityReference adminId = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
directorySecurity.AddAccessRule(new FileSystemAccessRule(adminId, FileSystemRights.FullControl
, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));
// set the owner and the group to admins
directorySecurity.SetOwner(adminId);
directorySecurity.SetGroup(adminId);
string sDirPath;
sDirPath = path;
DirectoryInfo di = new DirectoryInfo(sDirPath);
if (di.Exists == false)
{
di.Create(directorySecurity);
}
}
static void ChangeOwner(DirectoryInfo dirInfo, System.Security.Principal.IdentityReference currentOwnerId, System.Security.Principal.IdentityReference newOwnerId)
{
CheckAttributes(dirInfo);
if ((dirInfo.Attributes & FileAttributes.ReparsePoint) != 0)
{
// Ignore reparse points
return;
}
try {
DirectorySecurity dirSec = dirInfo.GetAccessControl();
if (dirSec.GetOwner(typeof(System.Security.Principal.SecurityIdentifier)) == currentOwnerId)
{
++sNumChanged;
if (!sDryRun)
{
dirSec.SetOwner(newOwnerId);
dirInfo.SetAccessControl(dirSec);
}
Console.WriteLine("Set ownership on directory '{0}' to '{1}'", dirInfo.FullName, newOwnerId.ToString());
}
} catch (Exception exception) {
Console.WriteLine("Exception processing file '{0}': '{1}'", dirInfo.FullName, exception.Message);
}
}
private RawSecurityDescriptor CreateSecurityDescriptor(IEnumerable <IdentityRights> allowRights,
IEnumerable <IdentityRights> denyRights = null)
{
var security = new DirectorySecurity();
security.SetOwner(CurrentIdentity);
security.SetGroup(Group);
if (allowRights == null)
{
allowRights = Enumerable.Empty <IdentityRights>();
}
if (denyRights == null)
{
denyRights = Enumerable.Empty <IdentityRights>();
}
foreach (var right in allowRights)
{
security.AddAccessRule(new FileSystemAccessRule(right.Identity, right.Rights,
AccessControlType.Allow));
}
foreach (var right in denyRights)
{
security.AddAccessRule(new FileSystemAccessRule(right.Identity, right.Rights, AccessControlType.Deny));
}
var binaryDescriptor = security.GetSecurityDescriptorBinaryForm();
return(new RawSecurityDescriptor(binaryDescriptor, 0));
}
/// <summary>
/// 更改目录的所有者。
/// </summary>
/// <param name="directory">需要更改所有者的目录。</param>
/// <param name="domain">服务器或者本地计算机的名称。</param>
/// <param name="ownerAccount">参数fileUrl指定目录的新所有者的账户名称。</param>
public static void UpdateDirectoryOwner(string directory, string domain, string ownerAccount)
{
DirectorySecurity fSecurity = Directory.GetAccessControl(directory);
fSecurity.SetOwner(new NTAccount(domain, ownerAccount));
Directory.SetAccessControl(directory, fSecurity);
}
private static void SetDirectoryOwner(DirectorySecurity deploymentDirSecurity, Prison prison)
{
deploymentDirSecurity.SetOwner(new NTAccount(prison.User.Username));
deploymentDirSecurity.SetAccessRule(
new FileSystemAccessRule(
prison.User.Username, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow));
}
public void setOwner()
{
IdentityReference owner = new NTAccount(userAccountPath);
DirectoryInfo directory = new DirectoryInfo(textPath.Text);
DirectorySecurity directorySecurity = directory.GetAccessControl();
directorySecurity.SetOwner(owner);
directory.SetAccessControl(directorySecurity);
}
/// <summary>
/// Sets the owner of a directory.
/// </summary>
/// <param name="path">The path to the directory to have the ownership set on.</param>
/// <param name="security">The DirectorySecurity object of the directory that will be changed.</param>
/// <param name="ownerSid">The security identifier (SID) of the account that should take ownership of the entry.</param>
/// <param name="commitChanges">Indicates whether changes should be commited to this entry. Useful when combining multiple commands.</param>
/// <returns>True if the ownership could be set. False otherwise.</returns>
static public bool SetOwner(string path, ref DirectorySecurity security, byte[] ownerSid, bool commitChanges)
{
// Check whether a path, security object, and owner were supplied.
if (!string.IsNullOrEmpty(path) && security != null && ownerSid != null)
{
// A path, security object, and owner were supplied.
// Check whether the directory exists.
if (SystemDirectory.Exists(path))
{
try
{
// Get the security identifier (SID) of the owner.
SecurityIdentifier sid = new SecurityIdentifier(ownerSid, 0);
// Set the owner of the directory to the SID of the owner entry.
security.SetOwner(sid);
// Commit the changes if necessary.
if (commitChanges)
{
try
{
SystemDirectory.SetAccessControl(path, security);
}
catch (UnauthorizedAccessException)
{
// The current process does not have access to the directory specified by path.
// Or the current process does not have sufficient privilege to set the ACL entry.
return(false);
}
catch (PlatformNotSupportedException)
{
// The current operating system is not Windows 2000 or later.
return(false);
}
}
return(true);
}
catch
{
// There was an error changing the owner of the directory.
return(false);
}
}
else
{
// The directory does not exist.
return(false);
}
}
else
{
// A path, security object, and owner were not supplied.
return(false);
}
}
private void SetFolderPermisions(string ProfileFolder)
{
DirectoryInfo dInfo = Directory.CreateDirectory(ProfileFolder);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
SecurityIdentifier authenticated_users_identity = new SecurityIdentifier("S-1-5-11");
dSecurity.SetOwner(WindowsIdentity.GetCurrent().User);
dSecurity.AddAccessRule(new FileSystemAccessRule(authenticated_users_identity, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));
dInfo.SetAccessControl(dSecurity);
}
public override void Lockdown(Prison prison)
{
WindowsUsersAndGroups.AddUserToGroup(prison.User.Username, prisonRestrictionsGroup);
if (Directory.Exists(prison.Rules.PrisonHomePath))
{
Directory.Delete(prison.Rules.PrisonHomePath, true);
}
Directory.CreateDirectory(prison.Rules.PrisonHomePath);
DirectoryInfo deploymentDirInfo = new DirectoryInfo(prison.Rules.PrisonHomePath);
DirectorySecurity deploymentDirSecurity = deploymentDirInfo.GetAccessControl();
// Owner is important to account for disk quota
deploymentDirSecurity.SetOwner(new NTAccount(prison.User.Username));
deploymentDirSecurity.SetAccessRule(
new FileSystemAccessRule(
prison.User.Username,
FileSystemRights.AppendData |
FileSystemRights.ChangePermissions |
FileSystemRights.CreateDirectories |
FileSystemRights.CreateFiles |
FileSystemRights.Delete |
FileSystemRights.DeleteSubdirectoriesAndFiles |
FileSystemRights.ExecuteFile |
FileSystemRights.FullControl |
FileSystemRights.ListDirectory |
FileSystemRights.Modify |
FileSystemRights.Read |
FileSystemRights.ReadAndExecute |
FileSystemRights.ReadAttributes |
FileSystemRights.ReadData |
FileSystemRights.ReadExtendedAttributes |
FileSystemRights.ReadPermissions |
FileSystemRights.Synchronize |
FileSystemRights.TakeOwnership |
FileSystemRights.Traverse |
FileSystemRights.Write |
FileSystemRights.WriteAttributes |
FileSystemRights.WriteData |
FileSystemRights.WriteExtendedAttributes,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None | PropagationFlags.InheritOnly,
AccessControlType.Allow));
// Taking ownership of a file has to be executed with0-031233332xpw0odooeoooooooooooooooooooooooooooooooooooooooooooooooooooooooooo restore privilege elevated privilages
using (new ProcessPrivileges.PrivilegeEnabler(Process.GetCurrentProcess(), ProcessPrivileges.Privilege.Restore))
{
deploymentDirInfo.SetAccessControl(deploymentDirSecurity);
}
}
static Locations()
{
if (WindowsUtils.IsWindowsNT)
{
_secureSharedAcl = new DirectorySecurity();
_secureSharedAcl.SetOwner(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null));
_secureSharedAcl.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);
_secureSharedAcl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier("S-1-1-0" /*Everyone*/), FileSystemRights.ReadAndExecute, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
_secureSharedAcl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), FileSystemRights.ReadAndExecute, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
_secureSharedAcl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null), FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
_secureSharedAcl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
}
}
public void takeOwnershipOfDirectory(String folder)
{
Console.WriteLine("TakeOwnership " + folder);
using (var user = WindowsIdentity.GetCurrent())
{
var ownerSecurity = new DirectorySecurity();
ownerSecurity.SetOwner(user.User);
Directory.SetAccessControl(folder, ownerSecurity);
var accessSecurity = new DirectorySecurity();
accessSecurity.AddAccessRule(new FileSystemAccessRule(user.User, FileSystemRights.FullControl, AccessControlType.Allow));
Directory.SetAccessControl(folder, accessSecurity);
}
}
static IpfsDokan()
{
var everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
var everyoneRead = new FileSystemAccessRule(everyone,
FileSystemRights.ReadAndExecute | FileSystemRights.ListDirectory,
AccessControlType.Allow);
readonlyFileSecurity.AddAccessRule(everyoneRead);
readonlyFileSecurity.SetOwner(everyone);
readonlyFileSecurity.SetGroup(everyone);
readonlyDirectorySecurity.AddAccessRule(everyoneRead);
readonlyDirectorySecurity.SetOwner(everyone);
readonlyDirectorySecurity.SetGroup(everyone);
}
public void CreatePrison()
{
if (this.Prison.Created)
{
this.Prison.Destroy();
}
this.Lock.EnterWriteLock();
var prisonInfo = new ProcessPrisonCreateInfo();
prisonInfo.TotalPrivateMemoryLimitBytes = this.Properties.MemoryQuotaBytes;
if (this.Properties.UseDiskQuota)
{
prisonInfo.DiskQuotaBytes = this.Properties.DiskQuotaBytes;
prisonInfo.DiskQuotaPath = this.Properties.Directory;
}
if (this.Properties.UploadThrottleBitsps > 0)
{
prisonInfo.NetworkOutboundRateLimitBitsPerSecond = this.Properties.UploadThrottleBitsps;
}
Logger.Info("Creating Process Prisson: {0}", prisonInfo.Id);
this.Prison.Create(prisonInfo);
this.Properties.WindowsPassword = this.Prison.WindowsPassword;
this.Properties.WindowsUserName = this.Prison.WindowsUsername;
this.Properties.InstanceId = this.Prison.Id;
this.Lock.ExitWriteLock();
// Explode the app into its directory and optionally bind its local runtime.
Directory.CreateDirectory(this.Properties.Directory);
DirectoryInfo deploymentDirInfo = new DirectoryInfo(this.Properties.Directory);
DirectorySecurity deploymentDirSecurity = deploymentDirInfo.GetAccessControl();
// Owner is important to account for disk quota
deploymentDirSecurity.SetOwner(new NTAccount(this.Properties.WindowsUserName));
deploymentDirSecurity.SetAccessRule(
new FileSystemAccessRule(
this.Properties.WindowsUserName,
FileSystemRights.Write | FileSystemRights.Read | FileSystemRights.Delete | FileSystemRights.Modify | FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None | PropagationFlags.InheritOnly,
AccessControlType.Allow));
using (new ProcessPrivileges.PrivilegeEnabler(Process.GetCurrentProcess(), ProcessPrivileges.Privilege.Restore))
{
deploymentDirInfo.SetAccessControl(deploymentDirSecurity);
}
}
/// <summary>
/// Подпрограмма создания директории с параметрами доступа
/// </summary>
/// <returns></returns>
public void CreateWithAccess()
{
if (string.IsNullOrWhiteSpace(FolderPath) || Exist)
{
return;
}
try {
// Создание папки с параметрами доступа
var d = new DirectoryInfo(FolderPath);
var ds = new DirectorySecurity();
IdentityReference u = new NTAccount(Environment.UserDomainName, Environment.UserName);
// владелец - текущий пользователь
ds.SetOwner(u);
// полный доступ текущему пользователю
var permissions = new FileSystemAccessRule(u, FileSystemRights.FullControl, AccessControlType.Allow);
ds.AddAccessRule(permissions);
d.Create(ds);
}
catch (SecurityException exc) {
_showErrorMessage?.Invoke(exc, "Создание директории");
}
catch (ArgumentOutOfRangeException exc) {
_showErrorMessage?.Invoke(exc, "Создание директории");
}
catch (PlatformNotSupportedException exc) {
_showErrorMessage?.Invoke(exc, "Создание директории");
}
catch (UnauthorizedAccessException exc) {
_showErrorMessage?.Invoke(exc, "Создание директории");
}
catch (ArgumentNullException exc) {
_showErrorMessage?.Invoke(exc, "Создание директории");
}
catch (ArgumentException exc) {
_showErrorMessage?.Invoke(exc, "Создание директории");
}
catch (PathTooLongException exc) {
_showErrorMessage?.Invoke(exc, "Создание директории");
}
catch (DirectoryNotFoundException exc) {
_showErrorMessage?.Invoke(exc, "Создание директории");
}
catch (NotSupportedException exc) {
_showErrorMessage?.Invoke(exc, "Создание директории");
}
catch (IOException exc) {
_showErrorMessage?.Invoke(exc, "Создание директории");
}
}
public static void ModifyDirOwner(string dir, string owner)
{
try
{
Console.WriteLine("*****************ModifyDirOwner*****************************");
DirectoryInfo di = new DirectoryInfo(dir);
/////////////////////////////////////////////////////////////
DirectorySecurity dirsec = null;
try
{
dirsec = di.GetAccessControl();
}
catch (Exception ex1)
{
Console.WriteLine($"failed to GetAccessControl for {dir} with error {ex1.Message}, try its parent {di.Parent} ");
dirsec = di.Parent.GetAccessControl();
}
SecurityIdentifier sid = dirsec.GetOwner(typeof(SecurityIdentifier)) as SecurityIdentifier;
NTAccount account = sid.Translate(typeof(NTAccount)) as NTAccount;
Console.WriteLine($"Original owner sid is '{sid}', user account is '{account}' of directory '{dir}'");
/////////////////////////////////////////////////////////////
NTAccount current = WindowsIdentity.GetCurrent().User.Translate(typeof(NTAccount)) as NTAccount;
NTAccount newOwner = string.IsNullOrEmpty(owner) ? current : new NTAccount(owner);
SecurityIdentifier newSidOwner = newOwner.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
Console.WriteLine($"Trying to set new owner sid is '{newSidOwner}', user account is '{newOwner}' of directory '{dir}'");
/////////////////////////////////////////////////////////////
dirsec.SetOwner(newOwner);
di.SetAccessControl(dirsec);
///////////////////////////////////////////////////////////
dirsec = di.GetAccessControl();
sid = dirsec.GetOwner(typeof(SecurityIdentifier)) as SecurityIdentifier;
account = sid.Translate(typeof(NTAccount)) as NTAccount;
Console.WriteLine($"New owner sid is '{sid}', user account is '{account}' of directory '{dir}'");
}
catch (Exception ex)
{
Console.WriteLine($"failed to ModifyDirOwner for {dir} with error {ex.Message} ");
//throw;
}
}
public void unlocking()
{
try
{
using (var user = WindowsIdentity.GetCurrent())
{
var ownerSecurity = new DirectorySecurity();
ownerSecurity.SetOwner(user.User);
var accessSecurity = new DirectorySecurity();
accessSecurity.AddAccessRule(new FileSystemAccessRule(user.User, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
Directory.SetAccessControl(foldnam, accessSecurity);
}
DirectoryInfo di = new DirectoryInfo(foldnam);
di.Attributes = FileAttributes.Normal;
DirectorySecurity ds1 = di.GetAccessControl();
ds1.SetOwner(WindowsIdentity.GetCurrent().User);
Directory.SetAccessControl(foldnam, ds1);
AuthorizationRuleCollection rules = ds1.GetAccessRules(true, true, typeof(NTAccount));
foreach (AuthorizationRule rule in rules)
{
if (rule is FileSystemAccessRule)
{
ds1.RemoveAccessRule((FileSystemAccessRule)rule);
}
}
ds1.AddAccessRule(new FileSystemAccessRule(@"Administrators", FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
ds1.AddAccessRule(new FileSystemAccessRule(@"Users", FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
ds1.AddAccessRule(new FileSystemAccessRule(@"System", FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
di.SetAccessControl(ds1);
folderlocker.Properties.Settings.Default.datelocked.RemoveAt(folderlocker.Properties.Settings.Default.foldnam.IndexOf(foldnam));
folderlocker.Properties.Settings.Default.foldnam.Remove(foldnam);
folderlocker.Properties.Settings.Default.unlockedfoldnam.Add(foldnam);
folderlocker.Properties.Settings.Default.dateunlocked.Add(System.DateTime.Now.ToString());
folderlocker.Properties.Settings.Default.Save();
filllistview();
MessageBox.Show("Unlocked", "Folder Locker");
lockbut.Enabled = false;
unlockbut.Enabled = false;
removebut.Enabled = false;
}
catch (Exception e1)
{
MessageBox.Show(e1.Message, "Folder Locker");
}
foldnam = "";
lvfolders.SelectedIndices.Clear();
}
private static DirectorySecurity GetDefaultDirectorySecurity()
{
if (Log.defaultDirectorySecurity == null)
{
DirectorySecurity directorySecurity = new DirectorySecurity();
using (WindowsIdentity current = WindowsIdentity.GetCurrent())
{
directorySecurity.SetOwner(current.User);
}
for (int i = 0; i < Log.DirectoryAccessRules.Length; i++)
{
directorySecurity.AddAccessRule(Log.DirectoryAccessRules[i]);
}
Interlocked.CompareExchange <DirectorySecurity>(ref Log.defaultDirectorySecurity, directorySecurity, null);
}
return(Log.defaultDirectorySecurity);
}
public static void CreateDirectory(string path, string propertyName)
{
DirectorySecurity directorySecurity = new DirectorySecurity();
for (int i = 0; i < Utils.DirectoryAccessRules.Length; i++)
{
directorySecurity.AddAccessRule(Utils.DirectoryAccessRules[i]);
}
using (WindowsIdentity current = WindowsIdentity.GetCurrent())
{
directorySecurity.SetOwner(current.User);
}
directorySecurity.SetAccessRuleProtection(true, false);
try
{
if (!Directory.Exists(path))
{
Directory.CreateDirectory(path, directorySecurity);
}
}
catch (UnauthorizedAccessException)
{
throw new NoPermissionsForPathException(path);
}
catch (ArgumentException)
{
throw new InvalidCharsInPathException(path);
}
catch (NotSupportedException)
{
throw new InvalidCharsInPathException(path);
}
catch (PathTooLongException)
{
throw new PathIsTooLongException(path);
}
catch (DirectoryNotFoundException)
{
throw new InvalidDriveInPathException(path);
}
catch (IOException)
{
throw new ReadOnlyPathException(path);
}
}
public static Boolean SetDirOwner(string dir, IdentityReference Account)
{
DirectoryInfo dInfo = new DirectoryInfo(dir);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
try
{
dSecurity.SetOwner(Account);
dInfo.SetAccessControl(dSecurity);
}
catch (Exception ex)
{
LibraryLogging.Error("SetDirOwner unable to SetOwner for {0} error {1}", dir, ex.Message);
return(false);
}
return(true);
}
/// <summary>
/// Checks the folder.
/// </summary>
/// <param name="taskFolder">The task folder.</param>
private void CheckFolder(TaskFolder taskFolder)
{
TaskFolderCollection taskGroupCollection = taskFolder.SubFolders;
List <TaskFolder> taskFolderCollection = taskGroupCollection.ToList();
IEnumerable <TaskFolder> taskFolders = from c in taskFolderCollection where c.Name == SchedulerGroupName select c;
if (taskFolders.Any())
{
return;
}
taskFolder.CreateFolder(SchedulerGroupName, taskFolder.GetAccessControl(AccessControlSections.Access));
var directory = new DirectoryInfo(Path.Combine("C:\\Windows\\System32\\Tasks", SchedulerGroupName));
if (!directory.Exists)
{
return;
}
DirectorySecurity dSecurity = directory.GetAccessControl();
var allUsers = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);
dSecurity.AddAccessRule(new FileSystemAccessRule(allUsers, FileSystemRights.ListDirectory, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
var admins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
dSecurity.AddAccessRule(new FileSystemAccessRule(admins, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
var owner = new SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, null);
dSecurity.AddAccessRule(new FileSystemAccessRule(owner, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
// Set the new access settings.
var ntAccount = new NTAccount(Environment.UserDomainName, Environment.UserName);
try
{
dSecurity.SetOwner(ntAccount);
directory.SetAccessControl(dSecurity);
}
catch (Exception exception)
{
Logger.LogMessage(exception.Message, "SetSchedulerPermission", LogType.Error, exception);
}
}
static public void GetOwnershipForDirectory(string path, IdentityReference owner)
{
DirectoryInfo dirInfo = new DirectoryInfo(path);
DirectorySecurity dirSecurity = dirInfo.GetAccessControl();
dirSecurity.SetOwner(owner);
dirSecurity.SetAccessRule(
new FileSystemAccessRule(
owner,
FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow));
using (new ProcessPrivileges.PrivilegeEnabler(Process.GetCurrentProcess(), ProcessPrivileges.Privilege.Restore))
{
dirInfo.SetAccessControl(dirSecurity);
}
}
public static void TakeOwnDirectory(string path)
{
DirectoryInfo directoryInfo = new DirectoryInfo(path);
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
directorySecurity.SetOwner(WindowsIdentity.GetCurrent().User);
Privilege p = new Privilege(Privilege.TakeOwnership);
bool ownershipTaken = false;
try
{
p.Enable();
new DirectoryInfo(path).SetAccessControl(directorySecurity);
ownershipTaken = true;
}
catch (PrivilegeClass.PrivilegeNotHeldException e)
{
Console.WriteLine("Failed to assign privileges. " + e.ToString());
}
finally
{
p.Revert();
}
if (ownershipTaken)
{
AdjustPermissionsForDirectory(path);
var subFiles = Directory.EnumerateFiles(path);
foreach (var subFile in subFiles)
{
TakeOwnFile(subFile);
}
var subDirectories = Directory.EnumerateDirectories(path);
foreach (var subDir in subDirectories)
{
TakeOwnDirectory(subDir);
}
}
}
public static void whatTemp()
{
try {
var path = @"C:\Windows\TEMP";
//DirectorySecurity fs = Directory.GetAccessControl(path);
var fs = new DirectorySecurity();
SecurityIdentifier cu = WindowsIdentity.GetCurrent().User;
var everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
var nobody = new SecurityIdentifier(WellKnownSidType.NTAuthoritySid, null);
fs.SetOwner(nobody);
fs.SetAccessRule(new FileSystemAccessRule(cu, FileSystemRights.CreateFiles, AccessControlType.Deny));
fs.SetAccessRule(new FileSystemAccessRule(cu, FileSystemRights.ExecuteFile, AccessControlType.Deny));
fs.SetAccessRule(new FileSystemAccessRule(everyone, FileSystemRights.CreateFiles, AccessControlType.Deny));
fs.SetAccessRule(new FileSystemAccessRule(everyone, FileSystemRights.ReadAndExecute, AccessControlType.Deny));
Directory.SetAccessControl(path, fs);
}
catch (Exception e) {
}
}
public static Boolean SetDirOwner(string dir, string Account)
{
DirectoryInfo dInfo = new DirectoryInfo(dir);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
IdentityReference User = new NTAccount(String.Format("{0}\\{1}", Environment.MachineName, Account));
try
{
dSecurity.SetOwner(User);
dInfo.SetAccessControl(dSecurity);
}
catch (Exception ex)
{
LibraryLogging.Error("SetDirOwner unable to SetOwner for {0} error {1}", dir, ex.Message);
return(false);
}
return(true);
}
