public static DirectorySecurity GetAccessControl(String path, AccessControlSections includeSections)
{
var normalizedPath = Path.NormalizeLongPath(Path.GetFullPath(path));
IntPtr SidOwner, SidGroup, Dacl, Sacl, ByteArray;
SecurityInfos SecurityInfos =
Common.ToSecurityInfos(includeSections);
int errorCode = (int)NativeMethods.GetSecurityInfoByName(normalizedPath,
(uint)ResourceType.FileObject,
(uint)SecurityInfos,
out SidOwner,
out SidGroup,
out Dacl,
out Sacl,
out ByteArray);
ThrowIfError(errorCode, ByteArray);
uint Length = NativeMethods.GetSecurityDescriptorLength(ByteArray);
byte[] BinaryForm = new byte[Length];
Marshal.Copy(ByteArray, BinaryForm, 0, (int)Length);
NativeMethods.LocalFree(ByteArray);
var ds = new DirectorySecurity();
ds.SetSecurityDescriptorBinaryForm(BinaryForm);
return ds;
}
public static DirectorySecurity GetAccessControl(String path, AccessControlSections includeSections)
{
var normalizedPath = Path.NormalizeLongPath(Path.GetFullPath(path));
IntPtr sidOwner, sidGroup, dacl, sacl, byteArray;
var securityInfos = Common.ToSecurityInfos(includeSections);
var errorCode = (int)NativeMethods.GetSecurityInfoByName(normalizedPath,
(uint)ResourceType.FileObject,
(uint)securityInfos,
out sidOwner,
out sidGroup,
out dacl,
out sacl,
out byteArray);
ThrowIfError(errorCode, byteArray);
var length = NativeMethods.GetSecurityDescriptorLength(byteArray);
var binaryForm = new byte[length];
Marshal.Copy(byteArray, binaryForm, 0, (int)length);
NativeMethods.LocalFree(byteArray);
var ds = new DirectorySecurity();
ds.SetSecurityDescriptorBinaryForm(binaryForm);
return ds;
}
//http://www.west-wind.com/weblog/posts/4072.aspx
public void SetFileSystemRights(string target, string group, FileSystemRights permission, DeploymentResult r)
{
if (!IsDirectory(target) && !IsFile(target))
return;
var oldSecurity = Directory.GetAccessControl(target);
var newSecurity = new DirectorySecurity();
newSecurity.SetSecurityDescriptorBinaryForm(oldSecurity.GetSecurityDescriptorBinaryForm());
var accessRule = new FileSystemAccessRule(group,
permission,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
bool result;
newSecurity.ModifyAccessRule(AccessControlModification.Set, accessRule, out result);
if (!result)
r.AddError("Something wrong happened");
accessRule = new FileSystemAccessRule(group,
permission,
InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
result = false;
newSecurity.ModifyAccessRule(AccessControlModification.Add, accessRule, out result);
if (!result)
r.AddError("Something wrong happened");
Directory.SetAccessControl(target, newSecurity);
if (result)
r.AddGood("Permissions set for '{0}' on folder '{1}'", group, target);
if (!result) r.AddError("Something wrong happened");
}
private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections)
{
byte[] securityDescriptorBinaryForm = sd.GetSecurityDescriptorBinaryForm();
if (Directory.Exists(path))
{
DirectorySecurity directorySecurity = new DirectorySecurity();
directorySecurity.SetSecurityDescriptorBinaryForm(securityDescriptorBinaryForm, sections);
Directory.SetAccessControl(path, directorySecurity);
base.WriteSecurityDescriptorObject(directorySecurity, path);
}
else
{
FileSecurity fileSecurity = new FileSecurity();
fileSecurity.SetSecurityDescriptorBinaryForm(securityDescriptorBinaryForm, sections);
File.SetAccessControl(path, fileSecurity);
base.WriteSecurityDescriptorObject(fileSecurity, path);
}
}
/// <summary>
/// Gets the security information of specified handle from file system
/// </summary>
/// <param name="sidHandle">Handle to get file security information</param>
/// <returns><see cref="CommonObjectSecurity"/>Result</returns>
private CommonObjectSecurity ReceiveFileSystemSecurityInformation(out IntPtr sidHandle)
{
var zeroHandle = new IntPtr();
var pSecurityDescriptor = new IntPtr();
try
{
var namedSecInfoResult = Win32SafeNativeMethods.GetNamedSecurityInfo(PathInfo.FullNameUnc, Win32SecurityObjectType.SeFileObject,
Win32FileSystemEntrySecurityInformation.OwnerSecurityInformation | Win32FileSystemEntrySecurityInformation.DaclSecurityInformation,
out sidHandle, out zeroHandle, out zeroHandle, out zeroHandle, out pSecurityDescriptor);
var win32Error = Marshal.GetLastWin32Error();
// Cancel if call failed
if (namedSecInfoResult != 0)
{
NativeExceptionMapping(PathInfo.FullName, win32Error);
}
var securityDescriptorLength = Win32SafeNativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor);
var securityDescriptorDataArray = new byte[securityDescriptorLength];
Marshal.Copy(pSecurityDescriptor, securityDescriptorDataArray, 0, (int)securityDescriptorLength);
CommonObjectSecurity securityInfo;
if (ContainsFileAttribute(PathInfo.Attributes, FileAttributes.Directory))
{
securityInfo = new DirectorySecurity();
securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray);
}
else
{
securityInfo = new System.Security.AccessControl.FileSecurity();
securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray);
}
return securityInfo;
}
finally
{
Win32SafeNativeMethods.LocalFree(zeroHandle);
Win32SafeNativeMethods.LocalFree(pSecurityDescriptor);
}
}
} // SetSecurityDescriptor
private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections)
{
var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE();
byte[] securityDescriptorBinary = null;
try
{
// Get the binary form of the descriptor.
PlatformInvokes.EnableTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
securityDescriptorBinary = sd.GetSecurityDescriptorBinaryForm();
}
finally
{
PlatformInvokes.RestoreTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
}
try
{
PlatformInvokes.EnableTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState);
// Transfer it to the new file / directory.
// We keep these two code branches so that we can have more
// granular information when we ouput the object type via
// WriteSecurityDescriptorObject.
if (Directory.Exists(path))
{
DirectorySecurity newDescriptor = new DirectorySecurity();
newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections);
new DirectoryInfo(path).SetAccessControl(newDescriptor);
WriteSecurityDescriptorObject(newDescriptor, path);
}
else
{
FileSecurity newDescriptor = new FileSecurity();
newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections);
new FileInfo(path).SetAccessControl(newDescriptor);
WriteSecurityDescriptorObject(newDescriptor, path);
}
}
finally
{
PlatformInvokes.RestoreTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState);
}
}
