/// <summary>
///
/// </summary>
/// <param name="pFileName"></param>
/// <param name="pAccount">ej: @"ALCO\moviedo"</param>
/// <param name="pRights"><see cref="FileSystemRights"/></param>
/// <param name="pControlType"><see cref="AccessControlType"/></param>
public static void RemoveFileSecurity(string pFileName, string pAccount,
FileSystemRights pRights, AccessControlType pControlType)
{
//Actual configuracion de seguridad
System.Security.AccessControl.FileSecurity wFileSecurity = File.GetAccessControl(pFileName);
// Elimina FileSystemAccessRule de la config de seguridad (wFileSecurity)
wFileSecurity.RemoveAccessRule(new FileSystemAccessRule(pAccount, pRights, pControlType));
File.SetAccessControl(pFileName, wFileSecurity);
}
protected override void ExecuteOnFile(FileInfo file)
{
FileSecurity fileSec = new FileSecurity(file.FullName, AccessControlSections.Access);
IList<FileSystemAccessRule> targetRules = FindAccessRules(fileSec);
if (targetRules.Count == 0)
{
Log(Level.Info, Resources.RemoveAccessRuleEmpty, NTAccount, file.FullName);
}
else
{
foreach (FileSystemAccessRule fileSystemAccessRule in targetRules)
{
Log(Level.Info, Resources.RemoveAccessRuleRemoving, NTAccount, file.FullName);
fileSec.RemoveAccessRule(fileSystemAccessRule);
}
file.SetAccessControl(fileSec);
}
}
/// <summary>
/// Removes all explicit access rules from the supplied file.
/// </summary>
/// <param name="path">The path to the file to have access removed on.</param>
/// <param name="security">The FileSecurity object of the file once changed.</param>
/// <param name="commitChanges">Indicates whether changes should be commited to this file. Useful when combining multiple commands.</param>
/// <returns>True if access was removed. False otherwise.</returns>
public static bool RemoveAllExplicitAccessRules(string path, out FileSecurity security, bool commitChanges)
{
// Check that a path was supplied.
if (!string.IsNullOrEmpty(path))
{
// The path was supplied.
// Check whether the file exists.
if (SystemFile.Exists(path))
{
// The file exists.
// Remove existing explicit permissions.
security = GetSecurityObject(path);
if (security != null)
{
AuthorizationRuleCollection rules = security.GetAccessRules(true, false, typeof(System.Security.Principal.SecurityIdentifier));
foreach (AuthorizationRule rule in rules)
{
security.RemoveAccessRule((FileSystemAccessRule)rule);
}
// Commit the changes if necessary.
if (commitChanges)
{
try
{
SystemFile.SetAccessControl(path, security);
}
catch (IOException)
{
// An I/O error occurred while opening the file.
return false;
}
catch (UnauthorizedAccessException)
{
// The path parameter specified a file that is read-only.
// The operation is not supported on the current platform.
// Or the current process does not have the required permission.
return false;
}
}
return true;
}
else
{
// Unable to get the file's security object.
return false;
}
}
else
{
// The file does not exist.
security = null;
return false;
}
}
else
{
// A path was not supplied.
security = null;
return false;
}
}
public void ProjectCanNotBeOpened()
{
string projectFile = null;
IdentityReference identity = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
FileSystemAccessRule rule = new FileSystemAccessRule(identity, FileSystemRights.Read, AccessControlType.Deny);
FileSecurity security = null;
try
{
// Does not have .sln or .vcproj extension so loads as project
projectFile = Microsoft.Build.Shared.FileUtilities.GetTemporaryFile();
security = new FileSecurity(projectFile, System.Security.AccessControl.AccessControlSections.All);
security.AddAccessRule(rule);
File.SetAccessControl(projectFile, security);
ProjectRootElement p = ProjectRootElement.Open(projectFile);
}
catch (PrivilegeNotHeldException)
{
throw new InvalidProjectFileException("Running unelevated so skipping the scenario.");
}
finally
{
if (security != null)
{
security.RemoveAccessRule(rule);
}
File.Delete(projectFile);
Assert.AreEqual(false, File.Exists(projectFile));
}
}
public void SolutionCanNotBeOpened()
{
string solutionFile = null;
string tempFileSentinel = null;
IdentityReference identity = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
FileSystemAccessRule rule = new FileSystemAccessRule(identity, FileSystemRights.Read, AccessControlType.Deny);
FileSecurity security = null;
try
{
tempFileSentinel = Microsoft.Build.Shared.FileUtilities.GetTemporaryFile();
solutionFile = Path.ChangeExtension(tempFileSentinel, ".sln");
File.Copy(tempFileSentinel, solutionFile);
security = new FileSecurity(solutionFile, System.Security.AccessControl.AccessControlSections.All);
security.AddAccessRule(rule);
File.SetAccessControl(solutionFile, security);
ProjectRootElement p = ProjectRootElement.Open(solutionFile);
}
catch (PrivilegeNotHeldException)
{
throw new InvalidProjectFileException("Running unelevated so skipping this scenario.");
}
finally
{
if (security != null)
{
security.RemoveAccessRule(rule);
}
File.Delete(solutionFile);
File.Delete(tempFileSentinel);
Assert.AreEqual(false, File.Exists(solutionFile));
}
}
/// <summary>
/// Tpo revoke read access
/// </summary>
/// <param name="identity">Identity to revoke read access</param>
public void RevokeReadAccess(string identity)
{
if (!Exists())
{
throw new KeyDoesNotExistsException(ContainerName);
}
// Get the unique filename associated and
string path = UniqueKeyContainerFileName;
FileSecurity fileSecurity = new FileSecurity(path, AccessControlSections.Access);
fileSecurity.RemoveAccessRule(new FileSystemAccessRule(identity, FileSystemRights.ReadPermissions, AccessControlType.Allow));
File.SetAccessControl(path, fileSecurity);
}
