public static Stream open(string name, FileMode fileMode, FileAccess fileAccess)
{
if (VirtualFileSystem.IsVirtualFS(name))
{
return(VirtualFileSystem.Open(name, fileMode, fileAccess));
}
else if (fileMode == FileMode.Append)
{
System.Security.AccessControl.FileSecurity security;
if (System.IO.File.Exists(name))
{
System.IO.FileInfo file = new FileInfo(name);
security = file.GetAccessControl();
}
else
{
System.IO.DirectoryInfo directory = new System.IO.DirectoryInfo(System.IO.Path.GetDirectoryName(System.IO.Path.GetFullPath(name)));
var parentSecurity = directory.GetAccessControl().GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
security = new System.Security.AccessControl.FileSecurity();
foreach (object ruleObject in parentSecurity)
{
var rule = ruleObject as FileSystemAccessRule;
security.AddAccessRule(new FileSystemAccessRule(rule.IdentityReference, rule.FileSystemRights, rule.AccessControlType));
}
security.SetAccessRuleProtection(false, false);
}
return(FileSystemAclExtensions.Create(new FileInfo(name), FileMode.Append, FileSystemRights.AppendData, FileShare.ReadWrite, 1, FileOptions.None, security));
}
else
{
return(new FileStream(name, fileMode, fileAccess, FileShare.ReadWrite, 1, false));
}
}
public static FileStream createFile0(string path, FileMode fileMode, FileSystemRights fileSystemRights, FileShare fileShare, int bufferSize, FileOptions fileOptions)
{
#if !FIRST_PASS
System.Security.AccessControl.FileSecurity security = null;
if (System.IO.File.Exists(path))
{
//If the file already exists, we simply retrieve the current security object and use that
System.IO.FileInfo file = new FileInfo(path);
security = file.GetAccessControl();
}
else
{
//If the file does not exist, it is a little bit more complicated.
Console.Error.WriteLine($"Getting for directory: {path}");
Console.Error.WriteLine($"Parent is: {System.IO.Path.GetDirectoryName(System.IO.Path.GetFullPath(path))}");
System.IO.DirectoryInfo directory = new System.IO.DirectoryInfo(System.IO.Path.GetDirectoryName(System.IO.Path.GetFullPath(path)));
Console.Error.WriteLine($"Getting security for: {System.IO.Path.GetDirectoryName(System.IO.Path.GetFullPath(path))}");
var parentSecurity = directory.GetAccessControl().GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
security = new System.Security.AccessControl.FileSecurity();
foreach (object ruleObject in parentSecurity)
{
var rule = ruleObject as FileSystemAccessRule;
security.AddAccessRule(new FileSystemAccessRule(rule.IdentityReference, rule.FileSystemRights, rule.AccessControlType));
}
security.SetAccessRuleProtection(false, false);
}
return(FileSystemAclExtensions.Create(new FileInfo(path), fileMode, fileSystemRights, fileShare, bufferSize, fileOptions, security));
#else
return(null);
#endif
}
public static FileStream openStreamForAtomicAppend(string name)
{
#if !FIRST_PASS
System.Security.AccessControl.FileSecurity security;
if (System.IO.File.Exists(name))
{
System.IO.FileInfo file = new FileInfo(name);
security = file.GetAccessControl();
}
else
{
System.IO.DirectoryInfo directory = new System.IO.DirectoryInfo(System.IO.Path.GetDirectoryName(System.IO.Path.GetFullPath(name)));
var parentSecurity = directory.GetAccessControl().GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
security = new System.Security.AccessControl.FileSecurity();
foreach (object ruleObject in parentSecurity)
{
var rule = ruleObject as FileSystemAccessRule;
security.AddAccessRule(new FileSystemAccessRule(rule.IdentityReference, rule.FileSystemRights, rule.AccessControlType));
}
security.SetAccessRuleProtection(false, false);
}
return(FileSystemAclExtensions.Create(new FileInfo(name), FileMode.Append, FileSystemRights.AppendData, FileShare.ReadWrite, 1, FileOptions.None, security));
#else
return(null);
#endif
}
public static FileStream GetSecureFileStream(string path, int bufferSize, FileOptions options)
{
if (path == null)
throw new ArgumentNullException("path");
if (bufferSize <= 0)
throw new ArgumentOutOfRangeException("bufferSize");
if ((options &
~(FileOptions.Asynchronous | FileOptions.DeleteOnClose | FileOptions.Encrypted | FileOptions.RandomAccess |
FileOptions.SequentialScan | FileOptions.WriteThrough)) != FileOptions.None)
throw new ArgumentOutOfRangeException("options");
new FileIOPermission(FileIOPermissionAccess.Write, path).Demand();
SecurityIdentifier user = WindowsIdentity.GetCurrent().User;
FileSecurity fileSecurity = new FileSecurity();
fileSecurity.AddAccessRule(new FileSystemAccessRule(user, FileSystemRights.FullControl, AccessControlType.Allow));
fileSecurity.SetAccessRuleProtection(true, false);
fileSecurity.SetOwner(user);
// Attempt to create a unique file three times before giving up.
// It is highly improbable that there will ever be a name clash,
// therefore we do not check to see if the file first exists.
for (int attempt = 0; attempt < 3; attempt++)
{
try
{
return new FileStream(Path.Combine(path, Path.GetRandomFileName()), FileMode.CreateNew,
FileSystemRights.FullControl, FileShare.None, bufferSize, options, fileSecurity);
}
catch (IOException)
{
if (attempt == 2)
throw;
}
}
// This code can never be reached.
// The compiler thinks otherwise.
throw new IOException();
}
static private FileSecurity GetSecuritySettings() {
FileSecurity security = new FileSecurity();
security.SetAccessRuleProtection(true, false);
security.AddAccessRule(
(FileSystemAccessRule) security.AccessRuleFactory(
new NTAccount(
WindowsIdentity.GetCurrent().Name),
// Full control
-1,
false,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow));
return security;
}
private void RestrictAdminAccess(string path)
{
FileSecurity fileSecurity = new FileSecurity();
fileSecurity.SetAccessRuleProtection(true, false);
SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
FileSystemRights fileSystemRight = FileSystemRights.FullControl;
AccessControlType accessControlType = AccessControlType.Allow;
FileSystemAccessRule fileSystemAccessRule = new FileSystemAccessRule(securityIdentifier, fileSystemRight, accessControlType);
fileSecurity.AddAccessRule(fileSystemAccessRule);
File.SetAccessControl(path, fileSecurity);
}
