/// <summary>Initializes the dialog with the specified known object.</summary>
/// <param name="knownObject">
/// The known object. See Remarks section for acceptable object types.
/// </param>
/// <remarks>
/// <para>Known objects can include:</para>
/// <list
/// type="bullet"><item><description>System.IO.Pipes.PipeStream</description></item><item><description><see
/// cref="System.Threading.EventWaitHandle"/></description></item><item><description><see
/// cref="System.IO.DirectoryInfo"/></description></item><item><description><see
/// cref="System.IO.FileInfo"/></description></item><item><description><see
/// cref="System.IO.FileStream"/></description></item><item><description><see
/// cref="System.Threading.Mutex"/></description></item><item><description>System.Win32.RegistryKey</description></item><item><description><see
/// cref="System.Threading.Semaphore"/></description></item><item><description>System.IO.MemoryMappedFiles.MemoryMappedFile</description></item><item><description><see
/// cref="System.Security.AccessControl.CommonObjectSecurity"/> or derived class.
/// <c>Note:</c> When using this option, be sure to set the <see cref="ObjectIsContainer"/>,
/// <see cref="ResourceType"/>, <see cref="ObjectName"/>, and <see cref="ServerName"/> properties.</description></item><item><description>
/// <para>Any object that supports the following methods and properties:</para><list type="bullet"><item><description>
/// <code>
/// GetAccessControl()
/// </code>or
/// <code>
/// GetAccessControl(AccessControlSections)
/// </code>method</description></item><item><description>
/// <code>
/// SetAccessControl(CommonObjectSecurity)
/// </code>method</description></item><item><description>
/// <code>
/// Name
/// </code>or
/// <code>
/// FullName
/// </code>property</description></item></list></description></item></list>
/// </remarks>
public void Initialize(object knownObject)
{
SecuredObject secObject = new SecuredObject(knownObject);
Initialize(secObject.DisplayName, secObject.ObjectName, secObject.IsContainer, ProviderFromResourceType(secObject.ResourceType),
secObject.ObjectSecurity.GetSecurityDescriptorBinaryForm(), secObject.TargetServer);
ResourceType = secObject.ResourceType;
}
/// <summary>
/// Displays the access rules for the file.
/// </summary>
public void Initialize(SecuredObject objectType, string objectPath)
{
m_objectType = objectType;
ItemsLV.Items.Clear();
AuthorizationRuleCollection authorizationRules = null;
// determine if a file or directory.
FileInfo fileInfo = new FileInfo(objectPath);
if (fileInfo.Exists)
{
FileSystemSecurity security = fileInfo.GetAccessControl(AccessControlSections.Access);
authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
}
else
{
DirectoryInfo directoryInfo = new DirectoryInfo(objectPath);
if (directoryInfo.Exists)
{
FileSystemSecurity security = directoryInfo.GetAccessControl(AccessControlSections.Access);
authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
}
}
// set a message indicating no access rules.
if (authorizationRules == null || authorizationRules.Count == 0)
{
Instructions = "It is not possible to set the access rules.";
AdjustColumns();
return;
}
// display the access rules.
for (int ii = 0; ii < authorizationRules.Count; ii++)
{
FileSystemAccessRule accessRule = authorizationRules[ii] as FileSystemAccessRule;
if (accessRule == null)
{
continue;
}
if (GetEffectiveRight(accessRule) == ApplicationAccessRight.None)
{
continue;
}
AddItem(accessRule);
}
AdjustColumns();
}
/// <summary>
/// Updates the access right set with the permissions for the specified object.
/// </summary>
private void UpdateAccessRightSet(
SecuredObject objectToSecure,
IdentityReference identity,
bool denied,
Dictionary <string, SecuredObjectAccessRights> setToUpdate)
{
SecuredObjectAccessRights accountRights = null;
if (!setToUpdate.TryGetValue(identity.Value, out accountRights))
{
accountRights = new SecuredObjectAccessRights();
accountRights.Identity = identity;
setToUpdate.Add(identity.Value, accountRights);
}
if (denied)
{
accountRights.DeniedObjects |= objectToSecure;
}
else
{
accountRights.AllowedObjects |= objectToSecure;
}
}
/// <summary>
/// Updates the access right set with the permissions for the specified object.
/// </summary>
private void UpdateAccessRightSet(
SecuredObject objectToSecure,
IdentityReference identity,
bool denied,
Dictionary<string, SecuredObjectAccessRights> setToUpdate)
{
SecuredObjectAccessRights accountRights = null;
if (!setToUpdate.TryGetValue(identity.Value, out accountRights))
{
accountRights = new SecuredObjectAccessRights();
accountRights.Identity = identity;
setToUpdate.Add(identity.Value, accountRights);
}
if (denied)
{
accountRights.DeniedObjects |= objectToSecure;
}
else
{
accountRights.AllowedObjects |= objectToSecure;
}
}
/// <summary>
/// Gets the access rights granted to each account.
/// </summary>
private void GetAccountAccessRights(
string path,
SecuredObject objectToSecure,
Dictionary<string, SecuredObjectAccessRights> read,
Dictionary<string, SecuredObjectAccessRights> write,
Dictionary<string, SecuredObjectAccessRights> configure)
{
AuthorizationRuleCollection authorizationRules = null;
// determine if a file or directory.
FileInfo fileInfo = new FileInfo(path);
if (fileInfo.Exists)
{
FileSystemSecurity security = fileInfo.GetAccessControl(AccessControlSections.Access);
authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
}
else
{
DirectoryInfo directoryInfo = new DirectoryInfo(path);
if (directoryInfo.Exists)
{
FileSystemSecurity security = directoryInfo.GetAccessControl(AccessControlSections.Access);
authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
}
}
// check if no rules to add.
if (authorizationRules == null || authorizationRules.Count == 0)
{
return;
}
// process the access rules.
for (int ii = 0; ii < authorizationRules.Count; ii++)
{
// check for file system rule.
FileSystemAccessRule accessRule = authorizationRules[ii] as FileSystemAccessRule;
if (accessRule == null)
{
continue;
}
// check the type of rule.
bool denied = (accessRule.AccessControlType == System.Security.AccessControl.AccessControlType.Deny);
// check for right to take ownership.
if (!denied)
{
if ((FileSystemRights.TakeOwnership & accessRule.FileSystemRights) != 0)
{
UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, configure);
}
}
// check if the rule affects configuration rights.
if ((FileSystemRights.ChangePermissions & accessRule.FileSystemRights) != 0)
{
UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, configure);
}
// check if the rule affects write rights.
if ((FileSystemRights.WriteData & accessRule.FileSystemRights) != 0)
{
UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, write);
}
// check if the rule affects read rights.
if ((FileSystemRights.ReadData & accessRule.FileSystemRights) != 0)
{
UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, read);
}
// check if the rule affects read rights.
if (objectToSecure == SecuredObject.ExecutableFile)
{
if ((FileSystemRights.ExecuteFile & accessRule.FileSystemRights) != 0)
{
UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, read);
}
}
else
{
if ((FileSystemRights.ReadData & accessRule.FileSystemRights) != 0)
{
UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, read);
}
}
}
}
/// <summary>
/// Gets the access rights granted to each account.
/// </summary>
private void GetAccountAccessRights(
string path,
SecuredObject objectToSecure,
Dictionary <string, SecuredObjectAccessRights> read,
Dictionary <string, SecuredObjectAccessRights> write,
Dictionary <string, SecuredObjectAccessRights> configure)
{
AuthorizationRuleCollection authorizationRules = null;
// determine if a file or directory.
FileInfo fileInfo = new FileInfo(path);
if (fileInfo.Exists)
{
FileSystemSecurity security = fileInfo.GetAccessControl(AccessControlSections.Access);
authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
}
else
{
DirectoryInfo directoryInfo = new DirectoryInfo(path);
if (directoryInfo.Exists)
{
FileSystemSecurity security = directoryInfo.GetAccessControl(AccessControlSections.Access);
authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
}
}
// check if no rules to add.
if (authorizationRules == null || authorizationRules.Count == 0)
{
return;
}
// process the access rules.
for (int ii = 0; ii < authorizationRules.Count; ii++)
{
// check for file system rule.
FileSystemAccessRule accessRule = authorizationRules[ii] as FileSystemAccessRule;
if (accessRule == null)
{
continue;
}
// check the type of rule.
bool denied = (accessRule.AccessControlType == System.Security.AccessControl.AccessControlType.Deny);
// check for right to take ownership.
if (!denied)
{
if ((FileSystemRights.TakeOwnership & accessRule.FileSystemRights) != 0)
{
UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, configure);
}
}
// check if the rule affects configuration rights.
if ((FileSystemRights.ChangePermissions & accessRule.FileSystemRights) != 0)
{
UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, configure);
}
// check if the rule affects write rights.
if ((FileSystemRights.WriteData & accessRule.FileSystemRights) != 0)
{
UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, write);
}
// check if the rule affects read rights.
if ((FileSystemRights.ReadData & accessRule.FileSystemRights) != 0)
{
UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, read);
}
// check if the rule affects read rights.
if (objectToSecure == SecuredObject.ExecutableFile)
{
if ((FileSystemRights.ExecuteFile & accessRule.FileSystemRights) != 0)
{
UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, read);
}
}
else
{
if ((FileSystemRights.ReadData & accessRule.FileSystemRights) != 0)
{
UpdateAccessRightSet(objectToSecure, accessRule.IdentityReference, denied, read);
}
}
}
}
/// <summary>Initializes the dialog with the specified known object.</summary>
/// <param name="fullObjectName">Full name of the object.</param>
/// <param name="serverName">Name of the server. This value can be <c>null</c>.</param>
/// <param name="resourceType">Type of the object resource.</param>
/// <exception cref="System.ArgumentException">
/// Unable to create an object from supplied arguments.
/// </exception>
public void Initialize(string fullObjectName, string serverName, System.Security.AccessControl.ResourceType resourceType)
{
Initialize(SecuredObject.GetKnownObject(resourceType, fullObjectName, serverName));
}
/// <summary>
/// Displays the access rules for the file.
/// </summary>
public void Initialize(SecuredObject objectType, string objectPath)
{
m_objectType = objectType;
ItemsLV.Items.Clear();
AuthorizationRuleCollection authorizationRules = null;
// determine if a file or directory.
FileInfo fileInfo = new FileInfo(objectPath);
if (fileInfo.Exists)
{
FileSystemSecurity security = fileInfo.GetAccessControl(AccessControlSections.Access);
authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
}
else
{
DirectoryInfo directoryInfo = new DirectoryInfo(objectPath);
if (directoryInfo.Exists)
{
FileSystemSecurity security = directoryInfo.GetAccessControl(AccessControlSections.Access);
authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
}
}
// set a message indicating no access rules.
if (authorizationRules == null || authorizationRules.Count == 0)
{
Instructions = "It is not possible to set the access rules.";
AdjustColumns();
return;
}
// display the access rules.
for (int ii = 0; ii < authorizationRules.Count; ii++)
{
FileSystemAccessRule accessRule = authorizationRules[ii] as FileSystemAccessRule;
if (accessRule == null)
{
continue;
}
if (GetEffectiveRight(accessRule) == ApplicationAccessRight.None)
{
continue;
}
AddItem(accessRule);
}
AdjustColumns();
}
/// <summary>Initializes the dialog with the specified known object.</summary>
/// <param name="fullObjectName">Full name of the object.</param>
/// <param name="server">Name of the server. This value can be <c>null</c>.</param>
/// <param name="resourceType">Type of the object resource.</param>
/// <exception cref="System.ArgumentException">Unable to create an object from supplied arguments.</exception>
public void Initialize(string fullObjectName, string server, ResourceType resourceType)
{
Initialize(SecuredObject.GetKnownObject(resourceType, fullObjectName, server));
}
private void Initialize(SecuredObject secObject)
{
Initialize(secObject.DisplayName, secObject.ObjectName, secObject.IsContainer, ProviderFromResourceType(secObject.ResourceType),
secObject.ObjectSecurity.GetSecurityDescriptorBinaryForm(), secObject.TargetServer);
ResourceType = secObject.ResourceType;
}
