private static void SetAcl(string path, SearchResult user, FileSystemRights right)
{
var userId = user.Properties["userPrincipalName"][0].ToString();
var fullUserName = user.Properties["name"][0].ToString();
var fullPath = path + fullUserName;
var dir = new DirectoryInfo(fullPath);
var ds = new DirectorySecurity();
ds.SetAccessRuleProtection(true, false);
var uacl = new FileSystemAccessRule(userId,
right,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
ds.AddAccessRule(uacl);
var domainAdmins = new SecurityIdentifier(WellKnownSidType.AccountDomainAdminsSid, AppSettings.GeneralSettings.DomainSid);
var pacl = new FileSystemAccessRule(domainAdmins,
FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
ds.AddAccessRule(pacl);
var system = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
var sacl = new FileSystemAccessRule(system,
FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
ds.AddAccessRule(sacl);
dir.SetAccessControl(ds);
}
private static void AddAclRuleOnDirectory(string directory, IdentityReference identity, FileSystemRights rights, AccessControlType type)
{
var acl = Directory.GetAccessControl(directory);
acl.PurgeAccessRules(identity);
acl.AddAccessRule(new FileSystemAccessRule(identity, rights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, type));
Directory.SetAccessControl(directory, acl);
}
private static void AddAclRuleOnFile(string file, IdentityReference identity, FileSystemRights rights, AccessControlType type)
{
var acl = File.GetAccessControl(file);
acl.PurgeAccessRules(identity);
acl.AddAccessRule(new FileSystemAccessRule(identity, rights, type));
File.SetAccessControl(file, acl);
}
public bool HasAccess(FileSystemRights rights)
{
WindowsIdentity user = (WindowsIdentity)principal.Identity;
// Get the collection of authorization rules that apply to the specified directory
AuthorizationRuleCollection acl = directory.GetAccessControl().GetAccessRules(true, true, typeof(SecurityIdentifier));
// These are set to true if either the allow access or deny access rights are set
bool allowAccess = false;
bool denyAccesss = false;
foreach (FileSystemAccessRule currentRule in acl)
{
// If the current rule applies to the current user
if (user.User.Equals(currentRule.IdentityReference) || principal.IsInRole((SecurityIdentifier)currentRule.IdentityReference))
{
if (currentRule.AccessControlType.Equals(AccessControlType.Deny))
{
if ((currentRule.FileSystemRights & rights) == rights)
{
denyAccesss = true;
}
}
else if (currentRule.AccessControlType.Equals(AccessControlType.Allow))
{
if ((currentRule.FileSystemRights & rights) == rights)
{
allowAccess = true;
}
}
}
}
return allowAccess & !denyAccesss;
}
public FileSystemAuditRule
(String identity, FileSystemRights fileSystemRights,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags, AuditFlags auditFlags)
: base(IdentityReference.IdentityFromName(identity),
(int)fileSystemRights, false, inheritanceFlags,
propagationFlags, auditFlags) {}
public static void AddFileSecurity(string fileName, string WindowsAccount, FileSystemRights rights, AccessControlType accessControlType)
{
FileSecurity fSecurity = File.GetAccessControl(fileName);
fSecurity.AddAccessRule(new FileSystemAccessRule(WindowsAccount, rights, accessControlType));
File.SetAccessControl(fileName, fSecurity);
}
private static void AddDirectorySecurity(string folderName, string account, FileSystemRights rights, InheritanceFlags inheritance, PropagationFlags propogation, AccessControlType controlType)
{
DirectoryInfo directoryInfo = new DirectoryInfo(folderName);
DirectorySecurity accessControl = directoryInfo.GetAccessControl();
accessControl.AddAccessRule(new FileSystemAccessRule(account, rights, inheritance, propogation, controlType));
directoryInfo.SetAccessControl(accessControl);
}
public FileSystemAccessRule
(String identity, FileSystemRights fileSystemRights,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags, AccessControlType type)
: base(IdentityReference.IdentityFromName(identity),
(int)fileSystemRights, false, inheritanceFlags,
propagationFlags, type) {}
/// <summary>
/// Add an access rule to a folder
/// </summary>
///
/// <param name="Path">Folder path</param>
/// <param name="User">UNC path to user profile ex. Environment.UserDomainName + "\\" + Environment.UserName</param>
/// <param name="Rights">Desired file system rights</param>
/// <param name="Access">Desired level of access</param>
public static void AddAccessRule(string Path, string User, FileSystemRights Rights, AccessControlType Access)
{
// Get a DirectorySecurity object that represents the current security settings
System.Security.AccessControl.DirectorySecurity sec = System.IO.Directory.GetAccessControl(Path);
// Add the FileSystemAccessRule to the security settings
FileSystemAccessRule accRule = new FileSystemAccessRule(User, Rights, Access);
sec.AddAccessRule(accRule);
}
private static bool HasFilePermissions(string path, IdentityReference identity, FileSystemRights permissions)
{
var dirInfo = new FileInfo(path);
var dirSecurity = dirInfo.GetAccessControl(AccessControlSections.All);
AuthorizationRuleCollection rules = dirSecurity.GetAccessRules(true, true, typeof(NTAccount));
return HasPermissions(rules, identity, permissions);
}
public static bool CheckAccessRight(DirectoryInfo directory, FileSystemRights right)
{
var user = WindowsIdentity.GetCurrent();
var p = new WindowsPrincipal(user);
AuthorizationRuleCollection acl =
directory.GetAccessControl().GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
return CheckAccessRight(user, p, acl, right);
}
static void ReplacePermissions(string filepath, WellKnownSidType sidType, FileSystemRights allow)
{
FileSecurity sec = File.GetAccessControl(filepath);
SecurityIdentifier sid = new SecurityIdentifier(sidType, null);
sec.PurgeAccessRules(sid); //remove existing
sec.AddAccessRule(new FileSystemAccessRule(sid, allow, AccessControlType.Allow));
File.SetAccessControl(filepath, sec);
}
public FileSystemAccessRule (IdentityReference identity,
FileSystemRights fileSystemRights,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type)
: this (identity, fileSystemRights, false, inheritanceFlags, propagationFlags, type)
{
}
public FileSystemAccessRule (string identity,
FileSystemRights fileSystemRights,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type)
: this (new NTAccount (identity), fileSystemRights, inheritanceFlags, propagationFlags, type)
{
}
public FileAccessDenier(FileInfo file, FileSystemRights rights)
{
this.file = file;
this.access = this.file.GetAccessControl();
this.denial = new FileSystemAccessRule(WindowsIdentity.GetCurrent().Name, rights, AccessControlType.Deny);
this.access.AddAccessRule(this.denial);
this.file.SetAccessControl(this.access);
}
public FileSystemAuditRule (IdentityReference identity,
FileSystemRights fileSystemRights,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AuditFlags flags)
: this (identity, fileSystemRights, false, inheritanceFlags, propagationFlags, flags)
{
}
public FileSystemAuditRule (string identity,
FileSystemRights fileSystemRights,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AuditFlags flags)
: this (new SecurityIdentifier (identity), fileSystemRights, inheritanceFlags, propagationFlags, flags)
{
}
public static void SetDrectorySecurity(string userName, string path, FileSystemRights fileSystemRights)
{
DirectorySecurity directorySecurity = Directory.GetAccessControl(path);
directorySecurity.AddAccessRule(new FileSystemAccessRule(userName, fileSystemRights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
Directory.SetAccessControl(path, directorySecurity);
}
public DirectoryAccessDenier(DirectoryInfo directory, FileSystemRights rights)
{
this.directory = directory;
this.access = this.directory.GetAccessControl();
this.denial = new FileSystemAccessRule(WindowsIdentity.GetCurrent().Name, rights, AccessControlType.Deny);
this.access.AddAccessRule(this.denial);
this.directory.SetAccessControl(this.access);
}
public void DeniedRight(FileSystemRights deniedRight)
{
AddFileDenyACE(TestFile.FullName, CurrentIdentity, deniedRight);
var rights = EffectiveAccess.ComputeAccess(TestFile.FullName, CurrentIdentity);
Assert.False(rights.HasFlag(deniedRight));
}
public static void AddFileSecurity(string filename, string account, FileSystemRights rights, AccessControlType controlType)
{
if (File.Exists(filename))
{
FileSecurity fSecurity = File.GetAccessControl(filename, AccessControlSections.All);
fSecurity.AddAccessRule(new FileSystemAccessRule(account, rights, controlType));
File.SetAccessControl(filename, fSecurity);
}
}
internal FileSystemAuditRule (IdentityReference identity,
FileSystemRights fileSystemRights,
bool isInherited,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AuditFlags flags)
: base (identity, (int)fileSystemRights, isInherited, inheritanceFlags, propagationFlags, flags)
{
}
internal FileSystemAccessRule (IdentityReference identity,
FileSystemRights fileSystemRights,
bool isInherited,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type)
: base (identity, (int) fileSystemRights, isInherited, inheritanceFlags, propagationFlags, type)
{
}
public static bool SetFolderACL(String FolderPath, String UserName, FileSystemRights Rights, AccessControlType AllowOrDeny, InheritanceFlags Inherits, PropagationFlags PropagateToChildren, AccessControlModification AddResetOrRemove)
{
bool ret;
DirectoryInfo folder = new DirectoryInfo(FolderPath);
DirectorySecurity dSecurity = folder.GetAccessControl(AccessControlSections.All);
FileSystemAccessRule accRule = new FileSystemAccessRule(UserName, Rights, Inherits, PropagateToChildren, AllowOrDeny); dSecurity.ModifyAccessRule(AddResetOrRemove, accRule, out ret);
folder.SetAccessControl(dSecurity);
return ret;
}
public void AddFileDenyACE(string filePath, IdentityReference identity, FileSystemRights right)
{
const AccessControlSections accessSections = AccessControlSections.Owner | AccessControlSections.Group |
AccessControlSections.Access;
var security = File.GetAccessControl(filePath, accessSections);
var rule = new FileSystemAccessRule(identity, right, AccessControlType.Deny);
security.AddAccessRule(rule);
File.SetAccessControl(filePath, security);
}
/// <summary>
/// Add a file system right to a directory
/// </summary>
///
/// <param name="Path">Full path to directory</param>
/// <param name="Account">UNC path to user profile</param>
/// <param name="Rights">Desired file system rights</param>
/// <param name="ControlType">Access control type</param>
public static void AddSecurity(string Path, string Account, FileSystemRights Rights, AccessControlType ControlType)
{
// Create a new DirectoryInfo object
DirectoryInfo dInfo = new DirectoryInfo(Path);
// Get a DirectorySecurity object that represents the current security settings
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings
dSecurity.AddAccessRule(new FileSystemAccessRule(Account, Rights, ControlType));
// Set the new access settings
dInfo.SetAccessControl(dSecurity);
}
private static void AddFileSecurity(string path, string account, FileSystemRights rights)
{
FileInfo fileInfo = new FileInfo(path.Replace('\\', '/'));
FileSecurity fileSecurity = fileInfo.GetAccessControl();
fileSecurity.AddAccessRule(new FileSystemAccessRule(account,
rights,
AccessControlType.Allow
));
fileInfo.SetAccessControl(fileSecurity);
}
public static void AllowPermissions(string userOrGroupNameWithDomainPrefix, DirectoryInfo directoryInfo, FileSystemRights rights)
{
DirectorySecurity dirSec = directoryInfo.GetAccessControl();
FileSystemAccessRule newRule = new FileSystemAccessRule(userOrGroupNameWithDomainPrefix,
rights,
InheritanceFlags.ObjectInherit ^ InheritanceFlags.ContainerInherit,
PropagationFlags.None, AccessControlType.Allow);
dirSec.AddAccessRule(newRule);
directoryInfo.SetAccessControl(dirSec);
directoryInfo.Refresh();
}
public BackupFileStream(KernelTransaction transaction, string path, FileMode mode, FileSystemRights access, FileShare share, ExtendedFileAttributes attributes, FileSecurity security)
: this(File.CreateFileCore(transaction, path, attributes, security, mode, access, share, true, PathFormat.RelativePath), access)
{
}
public bool HasPermission(FileSystemRights perm) => GetEffectiveRights().HasFlag(perm);
public FileSystemAccessRule(IdentityReference identity,
FileSystemRights fileSystemRights,
AccessControlType type)
: this(identity, fileSystemRights, InheritanceFlags.None, PropagationFlags.None, type)
{
}
/// <span class="code-SummaryComment">
/// <summary>
/// </span>
/// Convenience method to test if the right exists within the given rights
/// <span class="code-SummaryComment"></summary></span>
/// <span class="code-SummaryComment">
/// <param name="right"></param>
/// </span>
/// <span class="code-SummaryComment">
/// <param name="rule"></param>
/// </span>
/// <span class="code-SummaryComment">
/// <returns></returns>
/// </span>
public bool contains(FileSystemRights right,
FileSystemAccessRule rule)
{
return(((int)right & (int)rule.FileSystemRights) == (int)right);
}
/// <summary>
/// Checks whether the client has specific file system rights to a directory.
/// See ssds's answer at https://stackoverflow.com/questions/1410127/c-sharp-test-if-user-has-write-access-to-a-folder
/// </summary>
/// <param name="path">The path to the directory.</param>
/// <param name="accessRights">The file system rights.</param>
private static bool UserHasDirectoryAccessRights(string path, FileSystemRights accessRights)
{
#if WINDOWSGL
// Mono doesn't implement everything necessary for the below to work,
// so we'll just return to make the client able to run on non-Windows
// platforms
// On Windows you rarely have a reason for using the OpenGL build anyway
return(true);
#endif
#pragma warning disable 0162
var currentUser = WindowsIdentity.GetCurrent();
#pragma warning restore 0162
var principal = new WindowsPrincipal(currentUser);
// If the user is not running the client with administrator privileges in Program Files, they need to be prompted to do so.
if (!principal.IsInRole(WindowsBuiltInRole.Administrator))
{
string progfiles = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles);
string progfilesx86 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFilesX86);
if (Environment.CurrentDirectory.Contains(progfiles) || Environment.CurrentDirectory.Contains(progfilesx86))
{
return(false);
}
}
var isInRoleWithAccess = false;
try
{
var di = new DirectoryInfo(path);
var acl = di.GetAccessControl();
var rules = acl.GetAccessRules(true, true, typeof(NTAccount));
foreach (AuthorizationRule rule in rules)
{
var fsAccessRule = rule as FileSystemAccessRule;
if (fsAccessRule == null)
{
continue;
}
if ((fsAccessRule.FileSystemRights & accessRights) > 0)
{
var ntAccount = rule.IdentityReference as NTAccount;
if (ntAccount == null)
{
continue;
}
if (principal.IsInRole(ntAccount.Value))
{
if (fsAccessRule.AccessControlType == AccessControlType.Deny)
{
return(false);
}
isInRoleWithAccess = true;
}
}
}
}
catch (UnauthorizedAccessException)
{
return(false);
}
return(isInRoleWithAccess);
}
public static void CreateApplication(string appName, string appPath, string virtualAppPath, IisConfig config = null, int siteIndex = 0)
{
//create app
using (var mgr = new ServerManager())
{
var iisAppPool = mgr.ApplicationPools[appName];
var hasChange = false;
if (iisAppPool == null)
{
//directory permission
var dirInfo = new DirectoryInfo(appPath);
var security = dirInfo.GetAccessControl(AccessControlSections.Access);
const FileSystemRights right = FileSystemRights.FullControl ^ FileSystemRights.ReadAndExecute;
var acl = new FileSystemAccessRule("NETWORK SERVICE", right, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Deny);
security.AddAccessRule(acl);
dirInfo.SetAccessControl(security);
//apppool permission
iisAppPool = mgr.ApplicationPools.Add(appName);
iisAppPool.ManagedRuntimeVersion = "v4.0";
iisAppPool.ProcessModel.IdentityType = ProcessModelIdentityType.NetworkService;
hasChange = true;
}
config = config ?? IisConfig.Default;
var startMode = iisAppPool["startMode"] as string;
var target = config.AutoStart ? "AlwaysRunning" : "OnDemand";
if (startMode != target)
{
iisAppPool["startMode"] = target;
hasChange = true;
}
var target2 = TimeSpan.FromMinutes(config.IdleTimeout);
if (iisAppPool.ProcessModel.IdleTimeout != target2)
{
iisAppPool.ProcessModel.IdleTimeout = target2;
hasChange = true;
}
if (iisAppPool.Enable32BitAppOnWin64 != config.Enable32Bit)
{
iisAppPool.Enable32BitAppOnWin64 = config.Enable32Bit;
hasChange = true;
}
if (hasChange)
{
mgr.CommitChanges();
}
hasChange = false;
var iisApp = mgr.Sites[siteIndex].Applications[virtualAppPath];
if (iisApp == null)
{
iisApp = mgr.Sites[siteIndex].Applications.Add(virtualAppPath, appPath);
iisApp.ApplicationPoolName = appName;
iisApp.EnabledProtocols = "https,http";
hasChange = true;
}
var preloadEnabled = Equals(iisApp["preloadEnabled"], true);
if (preloadEnabled != config.AutoStart)
{
iisApp["preloadEnabled"] = config.AutoStart;
hasChange = true;
}
if (hasChange)
{
mgr.CommitChanges();
}
}
}
public static string CollectFilePermissionInformation(string filePath)
{
var bldr = new StringBuilder();
try
{
if (Platform.IsWindows)
{
var currentUser = WindowsIdentity.GetCurrent();
bldr.AppendLine($"current user is {currentUser.Name}");
var principal = new WindowsPrincipal(currentUser);
bool isInRoleWithAccess = false;
bool accessDenied = false;
bool accessAllowed = false;
FileSystemRights accessRights = FileSystemRights.Write;
var acl = File.GetAccessControl(filePath);
var rules = acl.GetAccessRules(true, true, typeof(NTAccount));
var sid = acl.GetOwner(typeof(SecurityIdentifier));
var acct = sid.Translate(typeof(NTAccount)) as NTAccount;
if (acct != null)
{
bldr.AppendLine($"owner of \"{filePath}\" is {acct.Value}");
}
var fileAttributes = RobustFile.GetAttributes(filePath);
bldr.AppendLine($"{filePath} current ReadOnly attribute of {filePath} is {(fileAttributes & FileAttributes.ReadOnly) == FileAttributes.ReadOnly}");
foreach (AuthorizationRule rule in rules)
{
var fsAccessRule = rule as FileSystemAccessRule;
if (fsAccessRule == null)
{
continue;
}
if ((fsAccessRule.FileSystemRights & accessRights) > 0)
{
var ntAccount = rule.IdentityReference as NTAccount;
if (ntAccount == null)
{
continue;
}
if (principal.IsInRole(ntAccount.Value))
{
if (fsAccessRule.AccessControlType == AccessControlType.Deny)
{
bldr.AppendLine($"current user is denied write access to {filePath} by {ntAccount.Value}{(rule.IsInherited ? " (inherited)":"")}");
accessDenied = true;
}
if (fsAccessRule.AccessControlType == AccessControlType.Allow)
{
bldr.AppendLine($"current user is allowed write access to {filePath} by {ntAccount.Value}{(rule.IsInherited ? " (inherited)":"")}");
accessAllowed = true;
}
isInRoleWithAccess = true;
}
}
}
if (isInRoleWithAccess)
{
if (!accessAllowed)
{
bldr.AppendLine($"current user is not explicitly allowed write access to {filePath}");
}
if (!accessDenied)
{
bldr.AppendLine($"current user is not explicitly denied write access to {filePath}");
}
}
else
{
bldr.AppendLine($"current user is not explicitly given access to {filePath}");
}
}
else
{
var folder = Path.GetDirectoryName(filePath);
var fileInfo = new UnixFileInfo(filePath);
var dirInfo = new UnixDirectoryInfo(folder);
var userInfo = UnixUserInfo.GetRealUser();
bldr.AppendLine($"current user is {userInfo.UserName}");
bldr.AppendLine($"owner of \"{filePath}\" is {fileInfo.OwnerUser.UserName}");
bldr.AppendLine($"permissions of \"{filePath}\" = {fileInfo.FileAccessPermissions.ToString()}");
bldr.AppendLine($"owner of \"{folder}\" is {dirInfo.OwnerUser.UserName}");
bldr.AppendLine($"permissions of \"{folder}\" = {dirInfo.FileAccessPermissions.ToString()}");
}
}
catch (Exception e)
{
bldr.AppendLine($"Caught exception {e} while trying to collect information about {filePath}");
}
return(bldr.ToString());
}
public static Boolean ReplaceFileSecurity(string File, IdentityReference[] Account, FileSystemRights Rights, AccessControlType ControlType, InheritanceFlags Inherit, PropagationFlags Propagation)
{
FileInfo fInfo = new FileInfo(File);
FileSecurity fSecurity = fInfo.GetAccessControl();
try
{
fSecurity.SetAccessRuleProtection(true, false);
foreach (IdentityReference account in Account)
{
fSecurity.ResetAccessRule(new FileSystemAccessRule(account, Rights, Inherit, Propagation, ControlType));
}
fInfo.SetAccessControl(fSecurity);
}
catch (Exception ex)
{
LibraryLogging.Error("unable to ReplaceFileSecurity for {0} error {1}", File, ex.Message);
return(false);
}
return(true);
}
public FileSystemAuditRule(System.Security.Principal.IdentityReference identity, FileSystemRights fileSystemRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : base(default(System.Security.Principal.IdentityReference), default(int), default(bool), default(InheritanceFlags), default(PropagationFlags), default(AuditFlags))
{
}
/// <summary> Removes any existing access for the user SID supplied and adds the specified rights </summary>
public static void ReplacePermissions(string filepath, WellKnownSidType sidType, FileSystemRights allow)
{
FileSecurity sec = File.GetAccessControl(filepath);
SecurityIdentifier sid = new SecurityIdentifier(sidType, null);
sec.PurgeAccessRules(sid); //remove existing
if (allow != default(FileSystemRights))
{
sec.AddAccessRule(new FileSystemAccessRule(sid, allow, AccessControlType.Allow));
}
File.SetAccessControl(filepath, sec);
}
internal XorFileStream(string path, FileMode mode, FileSystemRights rights, FileShare share, int bufferSize, FileOptions options, FileSecurity fileSecurity, byte xorByte) : base(path, mode, rights, share, bufferSize, options, fileSecurity)
{
this.XorByte = xorByte;
}
/// <summary>
/// Determines whether [has file or directory access] [the specified right].
/// </summary>
/// <param name="right">The right.</param>
/// <param name="acl">The acl.</param>
/// <returns><c>true</c> if [has file or directory access] [the specified right]; otherwise, <c>false</c>.</returns>
private static bool HasFileOrDirectoryAccess(
FileSystemRights right,
AuthorizationRuleCollection acl)
{
var allow = false;
var inheritedAllow = false;
var inheritedDeny = false;
Initialize();
for (var i = 0; i < acl.Count; i++)
{
var currentRule = (FileSystemAccessRule)acl[i];
// If the current rule applies to the current user.
if (currentRule == null ||
_CurrentUser.User == null ||
!_CurrentUser.User.Equals(currentRule.IdentityReference) &&
!_CurrentPrincipal.IsInRole((SecurityIdentifier)currentRule.IdentityReference))
{
continue;
}
if (currentRule.AccessControlType.Equals(AccessControlType.Deny))
{
if ((currentRule.FileSystemRights & right) != right)
{
continue;
}
if (currentRule.IsInherited)
{
inheritedDeny = true;
}
else
{
// Non inherited "deny" takes overall precedence.
return(false);
}
}
else if (currentRule.AccessControlType.Equals(AccessControlType.Allow))
{
if ((currentRule.FileSystemRights & right) != right)
{
continue;
}
if (currentRule.IsInherited)
{
inheritedAllow = true;
}
else
{
allow = true;
}
}
}
if (allow)
{
// Non inherited "allow" takes precedence over inherited rules.
return(true);
}
return(inheritedAllow && !inheritedDeny);
}
public BackupFileStream(string path, FileMode mode, FileSystemRights access, FileShare share, ExtendedFileAttributes attributes)
: this(File.CreateFileCore(null, path, attributes, null, mode, access, share, true, PathFormat.RelativePath), access)
{
}
public BackupFileStream(string path, FileMode mode, FileSystemRights access, FileShare share, FileOptions options)
: this(path, mode, access, share, options, null)
{
}
public BackupFileStream(string path, FileMode mode, FileSystemRights access, FileShare share)
: this(path, mode, access, share, FileOptions.None)
{
}
public FileSystemAuditRule(string identity, FileSystemRights fileSystemRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : base(default(System.Security.Principal.IdentityReference), default(int), default(bool), default(InheritanceFlags), default(PropagationFlags), default(AuditFlags))
{
Contract.Ensures(0 <= identity.Length);
Contract.Ensures(identity.Length <= 512);
}
public ACE(string principal, string principalSid, string accessType, FileSystemRights fsr)
{
_ACE(principal, principalSid, accessType, fsr);
}
/// <summary>
/// Initializes a new instance of the <see cref="T:SystemWrapper.IO.FileStreamWrap"/> class with the specified path, creation mode, access rights and sharing permission, the buffer size, additional file options, access control and audit security.
/// </summary>
/// <param name="path">A relative or absolute path for the file that the current FileStream object will encapsulate.</param>
/// <param name="mode">A FileMode constant that determines how to open or create the file.</param>
/// <param name="rights">A FileSystemRights constant that determines the access rights to use when creating access and audit rules for the file.</param>
/// <param name="share">A FileShare constant that determines how the file will be shared by processes. </param>
/// <param name="bufferSize">A positive Int32 value greater than 0 indicating the buffer size. For bufferSize values between one and eight, the actual buffer size is set to eight bytes.</param>
/// <param name="options">A FileOptions value that specifies additional file options.</param>
/// <param name="fileSecurity">A FileSecurity constant that determines the access control and audit security for the file.</param>
public FileStreamWrap(string path, FileMode mode, FileSystemRights rights, FileShare share, int bufferSize, FileOptions options, FileSecurity fileSecurity)
{
Initialize(path, mode, rights, share, bufferSize, options, fileSecurity);
}
private static void AddDenyACL(string path, FileSystemRights deny)
{
ModifyDenyACL(path, deny, add: true);
}
/// <summary>
/// Initializes a new instance of the <see cref="T:SystemWrapper.IO.FileStreamWrap"/> class with the specified path, creation mode, access rights and sharing permission, the buffer size, additional file options, access control and audit security.
/// </summary>
/// <param name="path">A relative or absolute path for the file that the current FileStream object will encapsulate.</param>
/// <param name="mode">A FileMode constant that determines how to open or create the file.</param>
/// <param name="rights">A FileSystemRights constant that determines the access rights to use when creating access and audit rules for the file.</param>
/// <param name="share">A FileShare constant that determines how the file will be shared by processes. </param>
/// <param name="bufferSize">A positive Int32 value greater than 0 indicating the buffer size. For bufferSize values between one and eight, the actual buffer size is set to eight bytes.</param>
/// <param name="options">A FileOptions value that specifies additional file options.</param>
/// <param name="fileSecurity">A FileSecurity constant that determines the access control and audit security for the file.</param>
public void Initialize(string path, FileMode mode, FileSystemRights rights, FileShare share, int bufferSize, FileOptions options, FileSecurity fileSecurity)
{
FileStreamInstance = new FileStream(path, mode, rights, share, bufferSize, options, fileSecurity);
}
private static bool CheckAccessRuleLocal(FileSystemAccessRule fileSystemAccessRule, FileSystemRights fileSystemRights)
{
return((fileSystemRights & fileSystemAccessRule.FileSystemRights) == fileSystemRights);
}
public FileStream(string path, FileMode mode,
FileSystemRights rights, FileShare share,
int bufferSize, FileOptions options)
: this(path, mode, (mode == FileMode.Append ? FileAccess.Write : FileAccess.ReadWrite), share, bufferSize, false, options)
{
}
public FileSystemAccessRule(string identity,
FileSystemRights fileSystemRights,
AccessControlType type)
: this(new SecurityIdentifier(identity), fileSystemRights, InheritanceFlags.None, PropagationFlags.None, type)
{
}
public BackupFileStream(KernelTransaction transaction, string path, FileMode mode, FileSystemRights access)
: this(transaction, path, mode, access, FileShare.None)
{
}
public static void AddFileSecurity(this FileInfo info, IdentityReference account, FileSystemRights rights, AccessControlType controlType)
{
FileSecurity fSecurity = info.GetAccessControl();
fSecurity.AddAccessRule(new FileSystemAccessRule(account, rights, controlType));
info.SetAccessControl(fSecurity);
}
public BackupFileStream(string path, FileMode mode, FileSystemRights access, FileShare share, FileOptions options, FileSecurity security)
: this(File.CreateInternal(path, mode, access, share, options, security), access)
{
}
public static Boolean ReplaceDirectorySecurity(string dir, IdentityReference[] Account, FileSystemRights Rights, AccessControlType ControlType, InheritanceFlags Inherit, PropagationFlags Propagation)
{
DirectoryInfo dInfo = new DirectoryInfo(dir);
DirectorySecurity dSecurity = new DirectorySecurity();
try
{
dSecurity.SetAccessRuleProtection(true, false);
foreach (IdentityReference account in Account)
{
dSecurity.ResetAccessRule(new FileSystemAccessRule(account, Rights, Inherit, Propagation, ControlType));
}
dInfo.SetAccessControl(dSecurity);
}
catch (Exception ex)
{
LibraryLogging.Error("unable to ReplaceDirectorySecurity for {0} error {1}", dir, ex.Message);
return(false);
}
return(true);
}
public BackupFileStream(KernelTransaction transaction, string path, FileMode mode, FileSystemRights access)
: this(File.CreateFileCore(transaction, path, ExtendedFileAttributes.Normal, null, mode, access, FileShare.None, true, PathFormat.RelativePath), access)
{
}
private extern static SafeFileHandle CreateFile(string lpFileName, FileSystemRights dwDesiredAccess, FileShare dwShareMode, IntPtr securityAttrs, FileMode dwCreationDisposition, FileOptions dwFlagsAndAttributes, IntPtr hTemplateFile);
public static void CanCreate(DirectoryInfo di)
{//是否具备权限在当前提供的目录下新建文件或者文件夹
FileSystemRights right = FileSystemRights.Write;
DirectorySecurity ds = di.GetAccessControl();
}
public static void Add(string Path, string UserName, FileSystemRights Role)
{
DirectoryInfo dirinfo = new DirectoryInfo(Path);
DirectorySecurity sec = dirinfo.GetAccessControl();
sec.AddAccessRule(new FileSystemAccessRule(UserName, Role, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
dirinfo.SetAccessControl(sec);
}
/// <summary>
/// Test a file for create file access permissions
/// </summary>
///
/// <param name="FilePath">Full path to file</param>
/// <param name="AccessRight">File System right tested</param>
///
/// <returns>State</returns>
public static bool FileHasPermission(string FilePath, FileSystemRights AccessRight)
{
if (string.IsNullOrEmpty(FilePath)) return false;
try
{
AuthorizationRuleCollection rules = File.GetAccessControl(FilePath).GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
WindowsIdentity identity = WindowsIdentity.GetCurrent();
foreach (FileSystemAccessRule rule in rules)
{
if (identity.Groups.Contains(rule.IdentityReference))
{
if ((AccessRight & rule.FileSystemRights) == AccessRight)
{
if (rule.AccessControlType == AccessControlType.Allow)
return true;
}
}
}
return false;
}
catch
{
throw;
}
}
