private WindowsUser findWindowsUser()
{
WindowsUserManager wuManager = new WindowsUserManager(ServerConfig.WindowsServerName);
WindowsUser namedUser = wuManager.Find(iscBindUser);
return(namedUser);
}
private void removeWebsiteSecurity(CleanWebsite website)
{
SecurityIdentifier sid = null;
if (website.IisSite.IdentitySid != null)
{
// In most cases, the SID will exist.
sid = new SecurityIdentifier(website.IisSite.IdentitySid);
}
else if (!string.IsNullOrEmpty(website.IisSite.IdentityUserName))
{
// In some cases because of an earlier bug, only the username may exist.
WindowsUser windowsUser = wuManager.Find(website.IisSite.IdentityUserName);
if (windowsUser != null)
{
sid = windowsUser.Sid;
}
}
if (sid != null)
{
// If no record of the user exists, then we can't remove security.
removeSecurityRecursive(getWebsiteDirectory(website), sid);
}
}
private WindowsUser findWindowsUser(string username)
{
WindowsUserManager manager = new WindowsUserManager(ServerConfig.WindowsServerName);
WindowsUser windowsUser = manager.Find(username);
return(windowsUser);
}
private ServerStatusElement getIscBindSecurityStatus()
{
ServerStatusElement e = new ServerStatusElement();
e.Name = "ISC BIND security (" + ServerConfig.IscBindDirectory.FullName + ")";
DirectorySecurity security = ServerConfig.IscBindDirectory.GetAccessControl();
AuthorizationRuleCollection rules = security.GetAccessRules(
true, false, typeof(SecurityIdentifier));
WindowsUserManager wuManager = new WindowsUserManager(ServerConfig.WindowsServerName);
WindowsUser namedUser = wuManager.Find(iscBindUser);
if (namedUser == null)
{
e.Value = "Windows user '" + iscBindUser + "' is missing";
e.Condition = ServerStatusCondition.Error;
}
else
{
var q = from r in rules.OfType <FileSystemAccessRule>()
where r.IdentityReference == namedUser.Sid
where r.AccessControlType == AccessControlType.Allow
select r;
if (q.Count() != 0)
{
if ((q.Single().FileSystemRights & FileSystemRights.Modify) == FileSystemRights.Modify)
{
e.Value = "User '" + iscBindUser + "' can modify";
e.Condition = ServerStatusCondition.Normal;
}
else
{
e.Value = "User '" + iscBindUser + "' cannot modify";
e.Condition = ServerStatusCondition.Error;
}
}
else
{
e.Value = "User '" + iscBindUser + "' does not have any access";
e.Condition = ServerStatusCondition.Error;
}
if (e.Condition == ServerStatusCondition.Error)
{
// At this point, if the user exists but the security is wrong, it can be reset.
e.ActionText = "Repair";
e.ActionCommand = "RepairBindSecurity";
}
}
return(e);
}
