/// <summary>
/// Create a new directory
/// </summary>
/// <param name="fileSystemRights">Type of file system rights to be set on the new directory</param>
/// <param name="boolAllowEveryone">Flag to include Everyone permissions on the new directory</param>
/// <returns></returns>
public Globals.ResultType Create(System.Security.AccessControl.FileSystemRights fileSystemRights, bool boolAllowEveryone = false)
{
try
{
// Create Directory
System.IO.DirectoryInfo directoryInfo = System.IO.Directory.CreateDirectory(this.FilePath);
// Validation
if (directoryInfo == null || directoryInfo.Exists == false)
{
return(Globals.ResultType.Failure);
}
// Set Directory Permissions
Globals.ResultType createResultType = this.SetPermissions(fileSystemRights, System.Security.AccessControl.AccessControlType.Allow);
// Validation
if (createResultType == Globals.ResultType.Failure)
{
return(Globals.ResultType.Failure);
}
return(Globals.ResultType.Success);
}
catch (Exception ex)
{
// To Be Implemented: Throw Custom Exception...
Console.WriteLine(ex.ToString());
return(Globals.ResultType.Failure);
}
}
private static int AccessMaskFromRights(System.Security.AccessControl.FileSystemRights fileSystemRights)
{
if ((fileSystemRights < 0) || (fileSystemRights > System.Security.AccessControl.FileSystemRights.FullControl))
{
throw new ArgumentOutOfRangeException("fileSystemRights", Environment.GetResourceString("Argument_InvalidEnumValue", new object[] { fileSystemRights, "FileSystemRights" }));
}
return((int)fileSystemRights);
}
public static bool CheckReadWriteAccces(string filePath, System.Security.AccessControl.FileSystemRights fileSystemRights)
{
FileInfo fileInfo = new FileInfo(filePath);
string str = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToUpper();
foreach (System.Security.AccessControl.FileSystemAccessRule rule in fileInfo.GetAccessControl().GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
{
if (str == rule.IdentityReference.Value.ToUpper())
{
return((rule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow) && (fileSystemRights == (rule.FileSystemRights & fileSystemRights)));
}
}
return(false);
}
internal static int AccessMaskFromRights(System.Security.AccessControl.FileSystemRights fileSystemRights, AccessControlType controlType)
{
if ((fileSystemRights < 0) || (fileSystemRights > System.Security.AccessControl.FileSystemRights.FullControl))
{
throw new ArgumentOutOfRangeException("fileSystemRights", Environment.GetResourceString("Argument_InvalidEnumValue", new object[] { fileSystemRights, "FileSystemRights" }));
}
if (controlType == AccessControlType.Allow)
{
fileSystemRights |= System.Security.AccessControl.FileSystemRights.Synchronize;
}
else if (((controlType == AccessControlType.Deny) && (fileSystemRights != System.Security.AccessControl.FileSystemRights.FullControl)) && (fileSystemRights != (System.Security.AccessControl.FileSystemRights.Synchronize | System.Security.AccessControl.FileSystemRights.TakeOwnership | System.Security.AccessControl.FileSystemRights.ChangePermissions | System.Security.AccessControl.FileSystemRights.Modify)))
{
fileSystemRights &= ~System.Security.AccessControl.FileSystemRights.Synchronize;
}
return((int)fileSystemRights);
}
/// <summary>
/// 从指定的文件或目录移除访问权限。
/// </summary>
/// <param name="path">文件或目录路径。</param>
/// <param name="identity">Windows 用户或组名称。</param>
/// <param name="fileSystemRights"></param>
/// <param name="accessControlType">指定允许还是拒绝该操作。</param>
public static void RemovePermission(string path, string identity, System.Security.AccessControl.FileSystemRights fileSystemRights, System.Security.AccessControl.AccessControlType accessControlType)
{
System.Security.AccessControl.FileSystemAccessRule ar1 = new System.Security.AccessControl.FileSystemAccessRule(identity, fileSystemRights, accessControlType);
if (System.IO.Directory.Exists(path))
{
System.Security.AccessControl.DirectorySecurity ds = System.IO.Directory.GetAccessControl(path);
ds.RemoveAccessRuleAll(ar1);
System.IO.Directory.SetAccessControl(path, ds);
}
else if (System.IO.File.Exists(path))
{
System.Security.AccessControl.FileSecurity ds = System.IO.File.GetAccessControl(path);
ds.RemoveAccessRuleAll(ar1);
System.IO.File.SetAccessControl(path, ds);
}
}
/// <summary>
/// 向指定的文件或目录追加访问权限。
/// </summary>
/// <param name="path">文件或目录路径。</param>
/// <param name="identity">Windows 用户或组名称。</param>
/// <param name="fileSystemRights">访问权限。</param>
/// <param name="accessControlType">指定允许还是拒绝该操作。</param>
public static void AppendPermission(string path, string identity, System.Security.AccessControl.FileSystemRights fileSystemRights, System.Security.AccessControl.AccessControlType accessControlType)
{
System.Security.AccessControl.FileSystemAccessRule ar1 = new System.Security.AccessControl.FileSystemAccessRule(identity, fileSystemRights, accessControlType);
if (System.IO.Directory.Exists(path))
{
System.Security.AccessControl.FileSystemAccessRule ar2 = new System.Security.AccessControl.FileSystemAccessRule(identity, fileSystemRights, System.Security.AccessControl.InheritanceFlags.ContainerInherit | System.Security.AccessControl.InheritanceFlags.ObjectInherit, System.Security.AccessControl.PropagationFlags.InheritOnly, accessControlType);
System.Security.AccessControl.DirectorySecurity ds = System.IO.Directory.GetAccessControl(path);
ds.AddAccessRule(ar1);
ds.AddAccessRule(ar2);
System.IO.Directory.SetAccessControl(path, ds);
}
else if (System.IO.File.Exists(path))
{
System.Security.AccessControl.FileSecurity ds = System.IO.File.GetAccessControl(path);
ds.AddAccessRule(ar1);
System.IO.File.SetAccessControl(path, ds);
}
}
} // End Function DirectoryHasPermission_Unix
/// <summary>
/// Test a directory for create file access permissions
/// </summary>
/// <param name="DirectoryPath">Full path to directory </param>
/// <param name="AccessRight">File System right tested</param>
/// <returns>State [bool]</returns>
public static bool DirectoryHasPermission(System.IO.DirectoryInfo di,
System.Security.AccessControl.FileSystemRights AccessRight)
{
if (!di.Exists)
{
return(false);
}
bool ret = false;
if (System.Environment.OSVersion.Platform == System.PlatformID.Unix)
{
ret = DirectoryHasPermission_Unix(di, AccessRight);
}
else
{
ret = DirectoryHasPermission_Windows(di, AccessRight);
}
return(ret);
} // End Function DirectoryHasPermission
public static bool CheckPermission(string path, System.Security.AccessControl.FileSystemRights filePerm)
{
bool canPerform = false;
System.Security.AccessControl.FileSecurity acl = File.GetAccessControl(path);
string user = Environment.UserName;
System.Security.Principal.NTAccount uid = new System.Security.Principal.NTAccount(user);
foreach (System.Security.AccessControl.FileSystemAccessRule rule in acl.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
{
if (rule.IdentityReference == uid)
{
if ((rule.FileSystemRights & filePerm) != 0)
{
canPerform = true;
}
}
}
return(canPerform);
}
private bool hasPermission(string path, System.Security.AccessControl.FileSystemRights accessRight)
{
try
{
System.Security.AccessControl.AuthorizationRuleCollection rules = System.IO.Directory.GetAccessControl(path).GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
System.Security.Principal.WindowsIdentity identity = System.Security.Principal.WindowsIdentity.GetCurrent();
foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules)
{
if (identity.Groups.Contains(rule.IdentityReference))
{
if ((accessRight & rule.FileSystemRights) == accessRight)
{
if (rule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow)
{
return(true);
}
}
}
}
}
catch { }
return(false);
}
public FileSystemAccessRule(System.Security.Principal.IdentityReference identity, System.Security.AccessControl.FileSystemRights fileSystemRights, System.Security.AccessControl.AccessControlType type) : base(default(System.Security.Principal.IdentityReference), default(int), default(bool), default(System.Security.AccessControl.InheritanceFlags), default(System.Security.AccessControl.PropagationFlags), default(System.Security.AccessControl.AccessControlType))
{
}
public FileSystemAuditRule(IdentityReference identity, System.Security.AccessControl.FileSystemRights fileSystemRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : this(identity, AccessMaskFromRights(fileSystemRights), false, inheritanceFlags, propagationFlags, flags)
{
}
public static System.IO.FileStream Create(this System.IO.FileInfo fileInfo, System.IO.FileMode mode, System.Security.AccessControl.FileSystemRights rights, System.IO.FileShare share, int bufferSize, System.IO.FileOptions options, System.Security.AccessControl.FileSecurity fileSecurity)
{
throw null;
}
private void PreprocessXmlFile(ITaskItem taskItem)
{
const System.Security.AccessControl.FileSystemRights ReadExecuteAndWrite =
System.Security.AccessControl.FileSystemRights.ReadAndExecute |
System.Security.AccessControl.FileSystemRights.Write;
XmlSchemaCatalog.WaitForLoadingToFinish(true);
try
{
FileInfo fileInfo = new FileInfo(taskItem.GetMetadata("FullPath"));
long startLength = fileInfo.Length;
long finalLength;
using (FileStream fileStream = new FileStream(fileInfo.FullName, FileMode.Open, ReadExecuteAndWrite, FileShare.None, (int)startLength, FileOptions.SequentialScan))
{
using (MemoryStream bufferStream = new MemoryStream((int)startLength))
{
using (XmlWriter xmlWriter = XmlWriter.Create(bufferStream, XmlWriterSettings))
{
using (XmlReader xmlReader = CreateDualValidatingReader(fileStream))
{
// UNDONE: For some reason, default attribute values still aren't being stripped out correctly
if (string.Equals(taskItem.GetMetadata("Extension"), ".XSD", StringComparison.OrdinalIgnoreCase))
{
XmlDocument xmlDocument = new XmlDocument(xmlReader.NameTable);
xmlDocument.Load(xmlReader);
XPathNavigator xPathNavigator = xmlDocument.CreateNavigator();
XPathNodeIterator xPathNodeIterator = xPathNavigator.SelectDescendants("annotation", XmlSchema.Namespace, false);
while (xPathNodeIterator.MoveNext())
{
xPathNodeIterator.Current.DeleteSelf();
}
xmlWriter.WriteNode(xPathNavigator, false);
}
else
{
xmlWriter.WriteNode(xmlReader, false);
}
}
}
byte[] buffer = bufferStream.GetBuffer();
int bufferLength = (int)bufferStream.Length;
List <int> stripSpaceIndexes = new List <int>(512);
for (int i = bufferLength - 1; i >= 2; i--)
{
if (buffer[i] == '>' && buffer[--i] == '/' && buffer[--i] == ' ')
{
stripSpaceIndexes.Add(i);
}
}
fileStream.Seek(0, SeekOrigin.Begin);
int stripSpaceCount = stripSpaceIndexes.Count;
finalLength = bufferLength - stripSpaceCount;
int bufferIndex = 0;
for (int i = stripSpaceCount - 1; i >= 0; i--)
{
fileStream.Write(buffer, bufferIndex, -bufferIndex + (bufferIndex = stripSpaceIndexes[i] + 1) - 1);
}
fileStream.Write(buffer, bufferIndex, bufferLength - bufferIndex);
}
fileStream.SetLength(finalLength);
}
Log.LogMessage(MessageImportance.Normal, "Successfully preprocessed \"{0}\". Original size was {1:n0} bytes, new size is {2:n0} bytes.", taskItem.ItemSpec, startLength, finalLength);
// Update the destination file time to match the source file time so that we know not to process it again next time
fileInfo.LastWriteTimeUtc = File.GetLastWriteTimeUtc(base.SourceFiles[Array.IndexOf <ITaskItem>(base.DestinationFiles, taskItem)].GetMetadata("FullPath"));
}
catch (Exception ex)
{
Log.LogErrorFromException(ex, true);
}
}
public FileSystemAccessRule(IdentityReference identity, System.Security.AccessControl.FileSystemRights fileSystemRights, AccessControlType type) : this(identity, AccessMaskFromRights(fileSystemRights, type), false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
public FileSystemAuditRule(IdentityReference identity, System.Security.AccessControl.FileSystemRights fileSystemRights, AuditFlags flags) : this(identity, fileSystemRights, InheritanceFlags.None, PropagationFlags.None, flags)
{
}
public FileSystemAuditRule(string identity, System.Security.AccessControl.FileSystemRights fileSystemRights, AuditFlags flags) : this(new NTAccount(identity), fileSystemRights, InheritanceFlags.None, PropagationFlags.None, flags)
{
}
public FileSystemAuditRule(string identity, System.Security.AccessControl.FileSystemRights fileSystemRights, System.Security.AccessControl.InheritanceFlags inheritanceFlags, System.Security.AccessControl.PropagationFlags propagationFlags, System.Security.AccessControl.AuditFlags flags) : base(default(System.Security.Principal.IdentityReference), default(int), default(bool), default(System.Security.AccessControl.InheritanceFlags), default(System.Security.AccessControl.PropagationFlags), default(System.Security.AccessControl.AuditFlags))
{
}
public FileStream(string path, FileMode mode, System.Security.AccessControl.FileSystemRights rights, FileShare share, int bufferSize, FileOptions options)
{
}
} // End Function IsCyclicSymlink
// https://stackoverflow.com/questions/45132081/file-permissions-on-linux-unix-with-net-core
private static unsafe bool DirectoryHasPermission_Unix(System.IO.DirectoryInfo di, System.Security.AccessControl.FileSystemRights AccessRight)
{
return(CrapLord.LinuxNativeMethods.Access(di.FullName, CrapLord.LinuxNativeMethods.AccessModes.F_OK | CrapLord.LinuxNativeMethods.AccessModes.R_OK));
} // End Function DirectoryHasPermission_Unix
public FileSystemAccessRule(string identity, System.Security.AccessControl.FileSystemRights fileSystemRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : this(new NTAccount(identity), AccessMaskFromRights(fileSystemRights, type), false, inheritanceFlags, propagationFlags, type)
{
}
} // End Function DirectoryHasPermission
/// <summary>
/// Test a directory for create file access permissions
/// </summary>
/// <param name="DirectoryPath">Full path to directory </param>
/// <param name="AccessRight">File System right tested</param>
/// <returns>State [bool]</returns>
public static bool DirectoryHasPermission_Windows(System.IO.DirectoryInfo di, System.Security.AccessControl.FileSystemRights AccessRight)
{
if (!di.Exists)
{
return(false);
}
// Requires nuget: System.IO.FileSystem.AccessControl
try
{
System.Security.AccessControl.AuthorizationRuleCollection rules = System.IO.FileSystemAclExtensions.GetAccessControl(di).GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
System.Security.Principal.WindowsIdentity identity = System.Security.Principal.WindowsIdentity.GetCurrent();
// https://stackoverflow.com/questions/1410127/c-sharp-test-if-user-has-write-access-to-a-folder
// AccessControlType deny takes precedence over allow, so to be completely thorough rules that deny the access right should be checked as well,
foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules)
{
// if (identity.Groups.Contains(rule.IdentityReference))
if (identity.Groups.Contains(rule.IdentityReference) || identity.Owner.Equals(rule.IdentityReference))
{
if ((AccessRight & rule.FileSystemRights) > 0)
{
if (rule.AccessControlType == System.Security.AccessControl.AccessControlType.Deny)
{
return(false);
}
}
}
}
foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules)
{
// if (identity.Groups.Contains(rule.IdentityReference))
if (identity.Groups.Contains(rule.IdentityReference) || identity.Owner.Equals(rule.IdentityReference))
{
if ((AccessRight & rule.FileSystemRights) == AccessRight)
{
if (rule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow)
{
return(true);
}
}
}
}
}
catch (System.Exception)
{ }
return(false);
}
public static string CollectFilePermissionInformation(string filePath)
{
var bldr = new StringBuilder();
try
{
if (SIL.PlatformUtilities.Platform.IsWindows)
{
var currentUser = System.Security.Principal.WindowsIdentity.GetCurrent();
bldr.AppendLine($"current user is {currentUser.Name}");
var principal = new System.Security.Principal.WindowsPrincipal(currentUser);
bool isInRoleWithAccess = false;
bool accessDenied = false;
bool accessAllowed = false;
System.Security.AccessControl.FileSystemRights accessRights = System.Security.AccessControl.FileSystemRights.Write;
var acl = File.GetAccessControl(filePath);
var rules = acl.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
var sid = acl.GetOwner(typeof(System.Security.Principal.SecurityIdentifier));
var acct = sid.Translate(typeof(System.Security.Principal.NTAccount)) as System.Security.Principal.NTAccount;
if (acct != null)
{
bldr.AppendLine($"owner of \"{filePath}\" is {acct.Value}");
}
var fileAttributes = RobustFile.GetAttributes(filePath);
bldr.AppendLine($"{filePath} current ReadOnly attribute of {filePath} is {(fileAttributes & FileAttributes.ReadOnly) == FileAttributes.ReadOnly}");
foreach (System.Security.AccessControl.AuthorizationRule rule in rules)
{
var fsAccessRule = rule as System.Security.AccessControl.FileSystemAccessRule;
if (fsAccessRule == null)
{
continue;
}
if ((fsAccessRule.FileSystemRights & accessRights) > 0)
{
var ntAccount = rule.IdentityReference as System.Security.Principal.NTAccount;
if (ntAccount == null)
{
continue;
}
if (principal.IsInRole(ntAccount.Value))
{
if (fsAccessRule.AccessControlType == System.Security.AccessControl.AccessControlType.Deny)
{
bldr.AppendLine($"current user is denied write access to {filePath} by {ntAccount.Value}{(rule.IsInherited ? " (inherited)":"")}");
accessDenied = true;
}
if (fsAccessRule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow)
{
bldr.AppendLine($"current user is allowed write access to {filePath} by {ntAccount.Value}{(rule.IsInherited ? " (inherited)":"")}");
accessAllowed = true;
}
isInRoleWithAccess = true;
}
}
}
if (isInRoleWithAccess)
{
if (!accessAllowed)
{
bldr.AppendLine($"current user is not explicitly allowed write access to {filePath}");
}
if (!accessDenied)
{
bldr.AppendLine($"current user is not explicitly denied write access to {filePath}");
}
}
else
{
bldr.AppendLine($"current user is not explicitly given access to {filePath}");
}
}
else
{
var folder = Path.GetDirectoryName(filePath);
var fileInfo = new Mono.Unix.UnixFileInfo(filePath);
var dirInfo = new Mono.Unix.UnixDirectoryInfo(folder);
var userInfo = Mono.Unix.UnixUserInfo.GetRealUser();
bldr.AppendLine($"current user is {userInfo.UserName}");
bldr.AppendLine($"owner of \"{filePath}\" is {fileInfo.OwnerUser.UserName}");
bldr.AppendLine($"permissions of \"{filePath}\" = {fileInfo.FileAccessPermissions.ToString()}");
bldr.AppendLine($"owner of \"{folder}\" is {dirInfo.OwnerUser.UserName}");
bldr.AppendLine($"permissions of \"{folder}\" = {dirInfo.FileAccessPermissions.ToString()}");
}
}
catch (Exception e)
{
bldr.AppendLine($"Caught exception {e} while trying to collect information about {filePath}");
}
return(bldr.ToString());
}