Exemple #1
0
        /// <summary>Initializes the dialog with the specified known object.</summary>
        /// <param name="knownObject">
        /// The known object. See Remarks section for acceptable object types.
        /// </param>
        /// <remarks>
        /// <para>Known objects can include:</para>
        /// <list
        /// type="bullet"><item><description>System.IO.Pipes.PipeStream</description></item><item><description><see
        /// cref="System.Threading.EventWaitHandle"/></description></item><item><description><see
        /// cref="System.IO.DirectoryInfo"/></description></item><item><description><see
        /// cref="System.IO.FileInfo"/></description></item><item><description><see
        /// cref="System.IO.FileStream"/></description></item><item><description><see
        /// cref="System.Threading.Mutex"/></description></item><item><description>System.Win32.RegistryKey</description></item><item><description><see
        /// cref="System.Threading.Semaphore"/></description></item><item><description>System.IO.MemoryMappedFiles.MemoryMappedFile</description></item><item><description><see
        /// cref="System.Security.AccessControl.CommonObjectSecurity"/> or derived class.
        /// <c>Note:</c> When using this option, be sure to set the <see cref="ObjectIsContainer"/>,
        /// <see cref="ResourceType"/>, <see cref="ObjectName"/>, and <see cref="ServerName"/> properties.</description></item><item><description>
        /// <para>Any object that supports the following methods and properties:</para><list type="bullet"><item><description>
        /// <code>
        /// GetAccessControl()
        /// </code>or
        /// <code>
        /// GetAccessControl(AccessControlSections)
        /// </code>method</description></item><item><description>
        /// <code>
        /// SetAccessControl(CommonObjectSecurity)
        /// </code>method</description></item><item><description>
        /// <code>
        /// Name
        /// </code>or
        /// <code>
        /// FullName
        /// </code>property</description></item></list></description></item></list>
        /// </remarks>
        public void Initialize(object knownObject)
        {
            SecuredObject secObject = new SecuredObject(knownObject);

            Initialize(secObject.DisplayName, secObject.ObjectName, secObject.IsContainer, ProviderFromResourceType(secObject.ResourceType),
                       secObject.ObjectSecurity.GetSecurityDescriptorBinaryForm(), secObject.TargetServer);
            ResourceType = secObject.ResourceType;
        }
        /// <summary>
        /// Displays the access rules for the file.
        /// </summary>
        public void Initialize(SecuredObject objectType, string objectPath)
        {
            m_objectType = objectType;

            ItemsLV.Items.Clear();

            AuthorizationRuleCollection authorizationRules = null;

            // determine if a file or directory.
            FileInfo fileInfo = new FileInfo(objectPath);

            if (fileInfo.Exists)
            {
                FileSystemSecurity security = fileInfo.GetAccessControl(AccessControlSections.Access);
                authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
            }
            else
            {
                DirectoryInfo directoryInfo = new DirectoryInfo(objectPath);

                if (directoryInfo.Exists)
                {
                    FileSystemSecurity security = directoryInfo.GetAccessControl(AccessControlSections.Access);
                    authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
                }
            }

            // set a message indicating no access rules.
            if (authorizationRules == null || authorizationRules.Count == 0)
            {
                Instructions = "It is not possible to set the access rules.";
                AdjustColumns();
                return;
            }

            // display the access rules.
            for (int ii = 0; ii < authorizationRules.Count; ii++)
            {
                FileSystemAccessRule accessRule = authorizationRules[ii] as FileSystemAccessRule;

                if (accessRule == null)
                {
                    continue;
                }

                if (GetEffectiveRight(accessRule) == ApplicationAccessRight.None)
                {
                    continue;
                }

                AddItem(accessRule);
            }

            AdjustColumns();
        }
Exemple #3
0
        /// <summary>
        /// Updates the access right set with the permissions for the specified object.
        /// </summary>
        private void UpdateAccessRightSet(
            SecuredObject objectToSecure,
            IdentityReference identity,
            bool denied,
            Dictionary <string, SecuredObjectAccessRights> setToUpdate)
        {
            SecuredObjectAccessRights accountRights = null;

            if (!setToUpdate.TryGetValue(identity.Value, out accountRights))
            {
                accountRights          = new SecuredObjectAccessRights();
                accountRights.Identity = identity;
                setToUpdate.Add(identity.Value, accountRights);
            }

            if (denied)
            {
                accountRights.DeniedObjects |= objectToSecure;
            }
            else
            {
                accountRights.AllowedObjects |= objectToSecure;
            }
        }
        /// <summary>
        /// Updates the access right set with the permissions for the specified object.
        /// </summary>
        private void UpdateAccessRightSet(
            SecuredObject objectToSecure,
            IdentityReference identity,
            bool denied,
            Dictionary<string, SecuredObjectAccessRights> setToUpdate)
        {
            SecuredObjectAccessRights accountRights = null;

            if (!setToUpdate.TryGetValue(identity.Value, out accountRights))
            {
                accountRights = new SecuredObjectAccessRights();
                accountRights.Identity = identity;
                setToUpdate.Add(identity.Value, accountRights);
            }

            if (denied)
            {
                accountRights.DeniedObjects |= objectToSecure;
            }
            else
            {
                accountRights.AllowedObjects |= objectToSecure;
            }
        }
        /// <summary>
        /// Gets the access rights granted to each account.
        /// </summary>
        private void GetAccountAccessRights(
            string path,
            SecuredObject objectToSecure,
            Dictionary<string, SecuredObjectAccessRights> read,
            Dictionary<string, SecuredObjectAccessRights> write,
            Dictionary<string, SecuredObjectAccessRights> configure)
        {
            AuthorizationRuleCollection authorizationRules = null;

            // determine if a file or directory.
            FileInfo fileInfo = new FileInfo(path);

            if (fileInfo.Exists)
            {
                FileSystemSecurity security = fileInfo.GetAccessControl(AccessControlSections.Access);
                authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
            }
            else
            {
                DirectoryInfo directoryInfo = new DirectoryInfo(path);

                if (directoryInfo.Exists)
                {
                    FileSystemSecurity security = directoryInfo.GetAccessControl(AccessControlSections.Access);
                    authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
                }
            }

            // check if no rules to add.
            if (authorizationRules == null || authorizationRules.Count == 0)
            {
                return;
            }

            // process the access rules.
            for (int ii = 0; ii < authorizationRules.Count; ii++)
            {
                // check for file system rule.
                FileSystemAccessRule accessRule = authorizationRules[ii] as FileSystemAccessRule;

                if (accessRule == null)
                {
                    continue;
                }

                // check the type of rule.
                bool denied = (accessRule.AccessControlType == System.Security.AccessControl.AccessControlType.Deny);

                // check for right to take ownership.
                if (!denied)
                {
                    if ((FileSystemRights.TakeOwnership & accessRule.FileSystemRights) != 0)
                    {
                        UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, configure);
                    }
                }

                // check if the rule affects configuration rights.
                if ((FileSystemRights.ChangePermissions & accessRule.FileSystemRights) != 0)
                {
                    UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, configure);
                }

                // check if the rule affects write rights.
                if ((FileSystemRights.WriteData & accessRule.FileSystemRights) != 0)
                {
                    UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, write);
                }

                // check if the rule affects read rights.
                if ((FileSystemRights.ReadData & accessRule.FileSystemRights) != 0)
                {
                    UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, read);
                }

                // check if the rule affects read rights.
                if (objectToSecure == SecuredObject.ExecutableFile)
                {
                    if ((FileSystemRights.ExecuteFile & accessRule.FileSystemRights) != 0)
                    {
                        UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, read);
                    }
                }
                else
                {
                    if ((FileSystemRights.ReadData & accessRule.FileSystemRights) != 0)
                    {
                        UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, read);
                    }
                }
            }
        }
Exemple #6
0
        /// <summary>
        /// Gets the access rights granted to each account.
        /// </summary>
        private void GetAccountAccessRights(
            string path,
            SecuredObject objectToSecure,
            Dictionary <string, SecuredObjectAccessRights> read,
            Dictionary <string, SecuredObjectAccessRights> write,
            Dictionary <string, SecuredObjectAccessRights> configure)
        {
            AuthorizationRuleCollection authorizationRules = null;

            // determine if a file or directory.
            FileInfo fileInfo = new FileInfo(path);

            if (fileInfo.Exists)
            {
                FileSystemSecurity security = fileInfo.GetAccessControl(AccessControlSections.Access);
                authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
            }
            else
            {
                DirectoryInfo directoryInfo = new DirectoryInfo(path);

                if (directoryInfo.Exists)
                {
                    FileSystemSecurity security = directoryInfo.GetAccessControl(AccessControlSections.Access);
                    authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
                }
            }

            // check if no rules to add.
            if (authorizationRules == null || authorizationRules.Count == 0)
            {
                return;
            }

            // process the access rules.
            for (int ii = 0; ii < authorizationRules.Count; ii++)
            {
                // check for file system rule.
                FileSystemAccessRule accessRule = authorizationRules[ii] as FileSystemAccessRule;

                if (accessRule == null)
                {
                    continue;
                }

                // check the type of rule.
                bool denied = (accessRule.AccessControlType == System.Security.AccessControl.AccessControlType.Deny);

                // check for right to take ownership.
                if (!denied)
                {
                    if ((FileSystemRights.TakeOwnership & accessRule.FileSystemRights) != 0)
                    {
                        UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, configure);
                    }
                }

                // check if the rule affects configuration rights.
                if ((FileSystemRights.ChangePermissions & accessRule.FileSystemRights) != 0)
                {
                    UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, configure);
                }

                // check if the rule affects write rights.
                if ((FileSystemRights.WriteData & accessRule.FileSystemRights) != 0)
                {
                    UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, write);
                }

                // check if the rule affects read rights.
                if ((FileSystemRights.ReadData & accessRule.FileSystemRights) != 0)
                {
                    UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, read);
                }

                // check if the rule affects read rights.
                if (objectToSecure == SecuredObject.ExecutableFile)
                {
                    if ((FileSystemRights.ExecuteFile & accessRule.FileSystemRights) != 0)
                    {
                        UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, read);
                    }
                }
                else
                {
                    if ((FileSystemRights.ReadData & accessRule.FileSystemRights) != 0)
                    {
                        UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, read);
                    }
                }
            }
        }
Exemple #7
0
 /// <summary>Initializes the dialog with the specified known object.</summary>
 /// <param name="fullObjectName">Full name of the object.</param>
 /// <param name="serverName">Name of the server. This value can be <c>null</c>.</param>
 /// <param name="resourceType">Type of the object resource.</param>
 /// <exception cref="System.ArgumentException">
 /// Unable to create an object from supplied arguments.
 /// </exception>
 public void Initialize(string fullObjectName, string serverName, System.Security.AccessControl.ResourceType resourceType)
 {
     Initialize(SecuredObject.GetKnownObject(resourceType, fullObjectName, serverName));
 }
        /// <summary>
        /// Displays the access rules for the file.
        /// </summary>
        public void Initialize(SecuredObject objectType, string objectPath)
        {
            m_objectType = objectType;

            ItemsLV.Items.Clear();

            AuthorizationRuleCollection authorizationRules = null;

            // determine if a file or directory.
            FileInfo fileInfo = new FileInfo(objectPath);

            if (fileInfo.Exists)
            {
                FileSystemSecurity security = fileInfo.GetAccessControl(AccessControlSections.Access);
                authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
            }
            else
            {
                DirectoryInfo directoryInfo = new DirectoryInfo(objectPath);

                if (directoryInfo.Exists)
                {
                    FileSystemSecurity security = directoryInfo.GetAccessControl(AccessControlSections.Access);
                    authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
                }
            }
            
            // set a message indicating no access rules.
            if (authorizationRules == null || authorizationRules.Count == 0)
            {
                Instructions = "It is not possible to set the access rules.";
                AdjustColumns();
                return;
            }

            // display the access rules.
            for (int ii = 0; ii < authorizationRules.Count; ii++)
            {
                FileSystemAccessRule accessRule = authorizationRules[ii] as FileSystemAccessRule;

                if (accessRule == null)
                {
                    continue;
                }

                if (GetEffectiveRight(accessRule) == ApplicationAccessRight.None)
                {
                    continue;
                }

                AddItem(accessRule);
            }

            AdjustColumns();
        }
 /// <summary>Initializes the dialog with the specified known object.</summary>
 /// <param name="fullObjectName">Full name of the object.</param>
 /// <param name="server">Name of the server. This value can be <c>null</c>.</param>
 /// <param name="resourceType">Type of the object resource.</param>
 /// <exception cref="System.ArgumentException">Unable to create an object from supplied arguments.</exception>
 public void Initialize(string fullObjectName, string server, ResourceType resourceType)
 {
     Initialize(SecuredObject.GetKnownObject(resourceType, fullObjectName, server));
 }
 private void Initialize(SecuredObject secObject)
 {
     Initialize(secObject.DisplayName, secObject.ObjectName, secObject.IsContainer, ProviderFromResourceType(secObject.ResourceType),
                secObject.ObjectSecurity.GetSecurityDescriptorBinaryForm(), secObject.TargetServer);
     ResourceType = secObject.ResourceType;
 }