public void AddAccess(AccessControlType accessType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
base.CheckAccessType(accessType);
base.CheckFlags(inheritanceFlags, propagationFlags);
this.everyOneFullAccessForNullDacl = false;
base.AddQualifiedAce(sid, (accessType == AccessControlType.Allow) ? AceQualifier.AccessAllowed : AceQualifier.AccessDenied, accessMask, GenericAce.AceFlagsFromInheritanceFlags(inheritanceFlags, propagationFlags), ObjectAceFlags.None, Guid.Empty, Guid.Empty);
}
public static void AddFileSecurity(string fileName, string WindowsAccount, FileSystemRights rights, AccessControlType accessControlType)
{
FileSecurity fSecurity = File.GetAccessControl(fileName);
fSecurity.AddAccessRule(new FileSystemAccessRule(WindowsAccount, rights, accessControlType));
File.SetAccessControl(fileName, fSecurity);
}
public virtual AccessRule AccessRuleFactory (IdentityReference identityReference, int accessMask,
bool isInherited, InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags, AccessControlType type,
Guid objectType, Guid inheritedObjectType)
{
throw GetNotImplementedException ();
}
public FileSystemAccessRule
(String identity, FileSystemRights fileSystemRights,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags, AccessControlType type)
: base(IdentityReference.IdentityFromName(identity),
(int)fileSystemRights, false, inheritanceFlags,
propagationFlags, type) {}
public SemaphoreAccessRule (string identity,
SemaphoreRights semaphoreRights,
AccessControlType type)
: base (null, 0, false, InheritanceFlags.None, PropagationFlags.None, type)
{
this.semaphoreRights = semaphoreRights;
}
protected AccessRule (IdentityReference identity,
int accessMask,
bool isInherited,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type)
: base (identity, accessMask, isInherited,
inheritanceFlags, propagationFlags)
{
if (!(identity is SecurityIdentifier)) {
throw new ArgumentException ("identity");
}
if (type < AccessControlType.Allow ||
type > AccessControlType.Deny) {
throw new ArgumentException ("type");
}
if (accessMask == 0) {
/* FIXME: check inheritance and
* propagation flags too
*/
throw new ArgumentOutOfRangeException ();
}
this.type = type;
}
public WaitableTimerAccessRule(
IdentityReference identity,
WaitableTimerRights timerRights,
AccessControlType type)
: this(identity, (int)timerRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
private static void AddAclRuleOnDirectory(string directory, IdentityReference identity, FileSystemRights rights, AccessControlType type)
{
var acl = Directory.GetAccessControl(directory);
acl.PurgeAccessRules(identity);
acl.AddAccessRule(new FileSystemAccessRule(identity, rights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, type));
Directory.SetAccessControl(directory, acl);
}
public override sealed AccessRule AccessRuleFactory (IdentityReference identityReference, int accessMask,
bool isInherited, InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags, AccessControlType type)
{
return new FileSystemAccessRule (identityReference, (FileSystemRights) accessMask, isInherited,
inheritanceFlags, propagationFlags, type);
}
private static void AddAclRuleOnFile(string file, IdentityReference identity, FileSystemRights rights, AccessControlType type)
{
var acl = File.GetAccessControl(file);
acl.PurgeAccessRules(identity);
acl.AddAccessRule(new FileSystemAccessRule(identity, rights, type));
File.SetAccessControl(file, acl);
}
public EventWaitHandleAccessRule
(String identity,
EventWaitHandleRights eventRights,
AccessControlType type)
: base(IdentityReference.IdentityFromName(identity),
(int)eventRights, false, InheritanceFlags.None,
PropagationFlags.None, type) {}
public override AccessRule AccessRuleFactory (IdentityReference identityReference,
int accessMask, bool isInherited,
InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags,
AccessControlType type)
{
return new PipeAccessRule (identityReference, (PipeAccessRights)accessMask, type);
}
private static bool TestAddAccess(DiscretionaryAcl discretionaryAcl, RawAcl rawAcl, AccessControlType accessControlType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
bool result = true;
byte[] dAclBinaryForm = null;
byte[] rAclBinaryForm = null;
discretionaryAcl.AddAccess(accessControlType, sid, accessMask, inheritanceFlags, propagationFlags);
if (discretionaryAcl.Count == rawAcl.Count &&
discretionaryAcl.BinaryLength == rawAcl.BinaryLength)
{
dAclBinaryForm = new byte[discretionaryAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
discretionaryAcl.GetBinaryForm(dAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(dAclBinaryForm, rAclBinaryForm))
result = false;
//redundant index check
for (int i = 0; i < discretionaryAcl.Count; i++)
{
if (!Utils.IsAceEqual(discretionaryAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
result = false;
return result;
}
public CryptoKeyAccessRule (IdentityReference identity,
CryptoKeyRights cryptoKeyRights,
AccessControlType type)
: base (identity, (int)cryptoKeyRights, false,
InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)
{
}
public RegistryAccessRule
(String identity, RegistryRights registryRights,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags, AccessControlType type)
: base(IdentityReference.IdentityFromName(identity),
(int)registryRights, false, inheritanceFlags,
propagationFlags, type) {}
public MutexAccessRule (IdentityReference identity,
MutexRights eventRights,
AccessControlType type)
: base (identity, (int)eventRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
private static void AddDirectorySecurity(string folderName, string account, FileSystemRights rights, InheritanceFlags inheritance, PropagationFlags propogation, AccessControlType controlType)
{
DirectoryInfo directoryInfo = new DirectoryInfo(folderName);
DirectorySecurity accessControl = directoryInfo.GetAccessControl();
accessControl.AddAccessRule(new FileSystemAccessRule(account, rights, inheritance, propogation, controlType));
directoryInfo.SetAccessControl(accessControl);
}
public WaitableTimerAccessRule(
string identity,
WaitableTimerRights timerRights,
AccessControlType type)
: this(new NTAccount(identity), (int)timerRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
public EventWaitHandleAccessRule (IdentityReference identity,
EventWaitHandleRights eventRights,
AccessControlType type)
: base (identity, (int)eventRights, false,
InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)
{
}
public FileSystemAccessRule (IdentityReference identity,
FileSystemRights fileSystemRights,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type)
: this (identity, fileSystemRights, false, inheritanceFlags, propagationFlags, type)
{
}
public void AddAccess (AccessControlType accessType,
SecurityIdentifier sid, int accessMask,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags)
{
throw new NotImplementedException ();
// CommonAce?
}
public CryptoKeyAccessRule (string identity, CryptoKeyRights cryptoKeyRights, AccessControlType type)
: this (new NTAccount(identity),
AccessMaskFromRights(cryptoKeyRights, type),
false,
InheritanceFlags.None,
PropagationFlags.None,
type) {
}
public bool RemoveAccess (AccessControlType accessType,
SecurityIdentifier sid,
int accessMask,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags)
{
throw new NotImplementedException ();
}
public RegistryAccessRule (string identity,
RegistryRights registryRights,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type)
: this (new NTAccount (identity), registryRights, inheritanceFlags, propagationFlags, type)
{
}
public EventWaitHandleAccessRule (IdentityReference identity,
EventWaitHandleRights eventRights,
AccessControlType type)
// FIXME: accessMask=0 likely causes an error
: base (identity, 0, false, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)
{
this.rights = eventRights;
}
public CryptoKeyAccessRule (IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type)
: this (identity,
AccessMaskFromRights(cryptoKeyRights, type),
false,
InheritanceFlags.None,
PropagationFlags.None,
type) {
}
public RegistryAccessRule (IdentityReference identity,
RegistryRights registryRights,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type)
: this (identity, registryRights, false, inheritanceFlags, propagationFlags, type)
{
}
public FileSystemAccessRule (string identity,
FileSystemRights fileSystemRights,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type)
: this (new NTAccount (identity), fileSystemRights, inheritanceFlags, propagationFlags, type)
{
}
public MutexAccessRule (IdentityReference identity,
MutexRights eventRights,
AccessControlType type)
// FIXME: accessMask=0 likely causes an error
: base (identity, 0, false, InheritanceFlags.None, PropagationFlags.None, type)
{
this.rights = eventRights;
}
public void AddAccess (AccessControlType accessType,
SecurityIdentifier sid, int accessMask,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags)
{
AddAce (GetAceQualifier (accessType), sid, accessMask,
inheritanceFlags, propagationFlags, AuditFlags.None);
}
// Adds an ACL entry on the specified directory for the specified account.
public static void AddDirectorySecurity(string filename, string account, FileSystemRights rights, InheritanceFlags inheritance, PropagationFlags propagation, AccessControlType controlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(filename);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(new FileSystemAccessRule(account, rights, inheritance, propagation, controlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
private DirectoryInfo CreateTestDirectory(string path, FileSystemRights rights = FileSystemRights.FullControl, AccessControlType access = AccessControlType.Allow)
{
DirectoryInfo directory = this.testDirectory.CreateSubdirectory(path);
DirectorySecurity security = directory.GetAccessControl();
security.AddAccessRule(new FileSystemAccessRule(WindowsIdentity.GetCurrent().Name, rights, access));
directory.SetAccessControl(security);
return(directory);
}
internal static int AccessMaskFromRights(System.IO.Pipes.PipeAccessRights rights, AccessControlType controlType)
{
if ((rights < 0) || (rights > (System.IO.Pipes.PipeAccessRights.AccessSystemSecurity | System.IO.Pipes.PipeAccessRights.FullControl)))
{
throw new ArgumentOutOfRangeException("rights", System.SR.GetString("ArgumentOutOfRange_NeedValidPipeAccessRights"));
}
if (controlType == AccessControlType.Allow)
{
rights |= System.IO.Pipes.PipeAccessRights.Synchronize;
}
else if ((controlType == AccessControlType.Deny) && (rights != System.IO.Pipes.PipeAccessRights.FullControl))
{
rights &= ~System.IO.Pipes.PipeAccessRights.Synchronize;
}
return((int)rights);
}
// Methods
public virtual AccessRule AccessRuleFactory(System.Security.Principal.IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
{
}
public MutexAccessRule(IdentityReference identity,
MutexRights mutexRights,
AccessControlType type)
{
this.mutexRights = mutexRights;
}
public void RemoveAccessSpecific(AccessControlType accessType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
base.CheckAccessType(accessType);
this.everyOneFullAccessForNullDacl = false;
base.RemoveQualifiedAcesSpecific(sid, (accessType == AccessControlType.Allow) ? AceQualifier.AccessAllowed : AceQualifier.AccessDenied, accessMask, GenericAce.AceFlagsFromInheritanceFlags(inheritanceFlags, propagationFlags), ObjectAceFlags.None, Guid.Empty, Guid.Empty);
}
protected PipeSecurity GetPipeSecurity(WellKnownSidType sid, PipeAccessRights rights, AccessControlType accessControl)
{
var security = new PipeSecurity();
SecurityIdentifier identity = new SecurityIdentifier(sid, null);
var accessRule = new PipeAccessRule(identity, rights, accessControl);
security.AddAccessRule(accessRule);
return(security);
}
public override AccessRule AccessRuleFactory(IdentityReference identityReference,
int accessMask, bool isInherited, InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags, AccessControlType type)
{
// Throw if inheritance flags or propagation flags set. Have to include in signature
// since this is an override
if (inheritanceFlags != InheritanceFlags.None)
{
throw new ArgumentException(SR.GetString(SR.Argument_NonContainerInvalidAnyFlag), "inheritanceFlags");
}
if (propagationFlags != PropagationFlags.None)
{
throw new ArgumentException(SR.GetString(SR.Argument_NonContainerInvalidAnyFlag), "propagationFlags");
}
return(new PipeAccessRule(
identityReference,
accessMask,
isInherited,
type));
}
/// <summary>
/// SetAccessRights method sets the particular access right for a particular user on a particualr AD Container/Object
/// </summary>
/// <param name="DN">The distinguished name of the Container/Object.</param>
/// <param name="user">The name of the user to whom the permissions to be set</param>
/// <param name="domain">The name of the domain to which user is belongs to</param>
/// <param name="accessRight">The name of the access right to be set</param>
/// <param name="controlType">Allow/Deny particular ActiveDirecotyRights</param>
/// <returns></returns>
public bool SetACLs(string DN, string user, string domain, ActiveDirectoryRights accessRight, AccessControlType controlType)
{
using (DirectoryEntry entry = new DirectoryEntry("LDAP://" + DN, ConfigStore.AdminName, ConfigStore.AdminPassword, AuthenticationTypes.Secure))
{
ActiveDirectorySecurity sd = entry.ObjectSecurity;
NTAccount accountName = new NTAccount(domain, user);
IdentityReference acctSID = accountName.Translate(typeof(SecurityIdentifier));
ActiveDirectoryAccessRule myRule = new ActiveDirectoryAccessRule(new SecurityIdentifier(acctSID.Value), accessRight, controlType);
sd.AddAccessRule(myRule);
entry.ObjectSecurity.AddAccessRule(myRule);
entry.CommitChanges();
return(true);
}
}
public static void RemoveFileSecurity(string fileName, string account, FileSystemRights rights, AccessControlType controlType)
{
fSecurity = File.GetAccessControl(fileName);
fSecurity.RemoveAccessRuleAll(new FileSystemAccessRule(account, rights, controlType));
File.SetAccessControl(fileName, fSecurity);
}
/// <summary>
/// Removes an ACL entry on the specified file for the specified account.
/// </summary>
/// <param name="file"></param>
/// <param name="account">Reference to the user account.</param>
/// <param name="rights">The type of operation associated with the access rule.</param>
/// <param name="controlType">Allow or Deny access.</param>
private void RemoveFileSecurity(FileInfo file, IdentityReference account, FileSystemRights rights, AccessControlType controlType)
{
FileSecurity fSecurity = file.GetAccessControl();
fSecurity.RemoveAccessRule(new FileSystemAccessRule(account, rights, controlType));
file.SetAccessControl(fSecurity);
}
public PipeAccessRule(IdentityReference identity, PipeAccessRights rights, AccessControlType type)
: this(identity, AccessMaskFromRights(rights, type), false, type)
{
}
//
// Internal constructor to be called by public constructors
// and the access rights factory methods
//
internal PipeAccessRule(IdentityReference identity, int accessMask, bool isInherited, AccessControlType type)
: base(identity, accessMask, isInherited, InheritanceFlags.None, PropagationFlags.None, type)
{
}
/// <summary>Initializes a new instance of the AccessRule’1 class by using the specified values.</summary>
/// <param name="identity">The identity to which the access rule applies.</param>
/// <param name="rights">The rights of the access rule.</param>
/// <param name="inheritanceFlags">The inheritance properties of the access rule.</param>
/// <param name="propagationFlags">Whether inherited access rules are automatically propagated. The propagation flags are ignored if <paramref name="inheritanceFlags" /> is set to <see cref="F:System.Security.AccessControl.InheritanceFlags.None" />.</param>
/// <param name="type">The valid access control type.</param>
// Token: 0x06001FC0 RID: 8128 RVA: 0x0006ECF5 File Offset: 0x0006CEF5
public AccessRule(string identity, T rights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : this(new NTAccount(identity), (int)((object)rights), false, inheritanceFlags, propagationFlags, type)
{
}
public PropertySetAccessRule(IdentityReference identity, AccessControlType type, PropertyAccess access, Guid propertySetType) : base(identity, PropertyAccessTranslator.AccessMaskFromPropertyAccess(access), type, propertySetType, false, InheritanceFlags.None, PropagationFlags.None, Guid.Empty)
{
}
// Token: 0x06001FC1 RID: 8129 RVA: 0x0006ED14 File Offset: 0x0006CF14
internal AccessRule(IdentityReference identity, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : base(identity, accessMask, isInherited, inheritanceFlags, propagationFlags, type)
{
}
public PipeAccessRule(IdentityReference identity, PipeAccessRights accessRights, AccessControlType type)
: base(identity, (int)accessRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
/// <summary>Initializes a new instance of the AccessRule’1 class by using the specified values.</summary>
/// <param name="identity">The identity to which the access rule applies.</param>
/// <param name="rights">The rights of the access rule.</param>
/// <param name="inheritanceFlags">The inheritance properties of the access rule.</param>
/// <param name="propagationFlags">Whether inherited access rules are automatically propagated. The propagation flags are ignored if <paramref name="inheritanceFlags" /> is set to <see cref="F:System.Security.AccessControl.InheritanceFlags.None" />.</param>
/// <param name="type">The valid access control type.</param>
// Token: 0x06001FBF RID: 8127 RVA: 0x0006ECDB File Offset: 0x0006CEDB
public AccessRule(IdentityReference identity, T rights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : this(identity, (int)((object)rights), false, inheritanceFlags, propagationFlags, type)
{
}
//
// Constructor for creating access rules for pipe objects
//
public PipeAccessRule(string identity, PipeAccessRights rights, AccessControlType type)
: this(new NTAccount(identity), AccessMaskFromRights(rights, type), false, type)
{
}
public void AddAccessRule(IdentityReference identityReference, PipeAccessRights accessMask, AccessControlType type)
{
AddAccessRule(new PipeAccessRule(identityReference, accessMask, type));
}
public PropertySetAccessRule(IdentityReference identity, AccessControlType type, PropertyAccess access, Guid propertySetType, ActiveDirectorySecurityInheritance inheritanceType, Guid inheritedObjectType) : base(identity, PropertyAccessTranslator.AccessMaskFromPropertyAccess(access), type, propertySetType, false, ActiveDirectoryInheritanceTranslator.GetInheritanceFlags(inheritanceType), ActiveDirectoryInheritanceTranslator.GetPropagationFlags(inheritanceType), inheritedObjectType)
{
}
public override AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
{
return(new RegistryAccessRule(identityReference, accessMask, isInherited, inheritanceFlags, propagationFlags, type));
}
// Removes an ACL entry on the specified file for the specified account.
public static void RemoveFileSecurity(string filePath, string winUserString = null, WindowsIdentity winUser = null,
FileSystemRights rights = FileSystemRights.FullControl, AccessControlType controlType = AccessControlType.Allow)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(filePath);
if (winUserString != null)
{
// Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(new FileSystemAccessRule(winUserString,
rights, controlType));
}
else if (winUser != null)
{
// Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(new FileSystemAccessRule(winUser.User.Value,
rights, controlType));
}
// Set the new access settings.
File.SetAccessControl(filePath, fSecurity);
}
public ServiceAccessRule(IdentityReference identity, ServiceAccessRights rights, AccessControlType type) :
base(identity, (int)rights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
ServiceAccessRights = rights;
}
public abstract AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type);
public MutexAccessRule(string identity,
MutexRights mutexRights,
AccessControlType type)
{
this.mutexRights = mutexRights;
}
protected ObjectAccessRule(IdentityReference identity, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, Guid objectType, Guid inheritedObjectType, AccessControlType type)
: base(identity, accessMask, isInherited, inheritanceFlags, propagationFlags, type)
{
if ((!objectType.Equals(Guid.Empty)) && ((accessMask & ObjectAce.AccessMaskWithObjectType) != 0))
{
_objectType = objectType;
_objectFlags |= ObjectAceFlags.ObjectAceTypePresent;
}
else
{
_objectType = Guid.Empty;
}
if ((!inheritedObjectType.Equals(Guid.Empty)) && ((inheritanceFlags & InheritanceFlags.ContainerInherit) != 0))
{
_inheritedObjectType = inheritedObjectType;
_objectFlags |= ObjectAceFlags.InheritedObjectAceTypePresent;
}
else
{
_inheritedObjectType = Guid.Empty;
}
}
/// <summary>Creates a new access control rule for the specified user, with the specified access rights, access control, and flags.</summary><returns>A <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> object representing the specified rights for the specified user.</returns><param name="identityReference">An <see cref="T:System.Security.Principal.IdentityReference" /> that identifies the user or group the rule applies to.</param><param name="accessMask">A bitwise combination of <see cref="T:System.Security.AccessControl.RegistryRights" /> values specifying the access rights to allow or deny, cast to an integer.</param><param name="isInherited">A Boolean value specifying whether the rule is inherited.</param><param name="inheritanceFlags">A bitwise combination of <see cref="T:System.Security.AccessControl.InheritanceFlags" /> values specifying how the rule is inherited by subkeys.</param><param name="propagationFlags">A bitwise combination of <see cref="T:System.Security.AccessControl.PropagationFlags" /> values that modify the way the rule is inherited by subkeys. Meaningless if the value of <paramref name="inheritanceFlags" /> is <see cref="F:System.Security.AccessControl.InheritanceFlags.None" />.</param><param name="type">One of the <see cref="T:System.Security.AccessControl.AccessControlType" /> values specifying whether the rights are allowed or denied.</param><exception cref="T:System.ArgumentOutOfRangeException"><paramref name="accessMask" />, <paramref name="inheritanceFlags" />, <paramref name="propagationFlags" />, or <paramref name="type" /> specifies an invalid value.</exception><exception cref="T:System.ArgumentNullException"><paramref name="identityReference" /> is null. -or-<paramref name="accessMask" /> is zero.</exception><exception cref="T:System.ArgumentException"><paramref name="identityReference" /> is neither of type <see cref="T:System.Security.Principal.SecurityIdentifier" />, nor of a type such as <see cref="T:System.Security.Principal.NTAccount" /> that can be converted to type <see cref="T:System.Security.Principal.SecurityIdentifier" />.</exception>
public override AccessRule AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
{
throw new NotImplementedException();
}
private static bool TestRemoveAccess(DiscretionaryAcl discretionaryAcl, RawAcl rawAcl, AccessControlType accessControlType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, bool removePossible)
{
bool result = true;
bool isRemoved = false;
byte[] dAclBinaryForm = null;
byte[] rAclBinaryForm = null;
isRemoved = discretionaryAcl.RemoveAccess(accessControlType, sid, accessMask, inheritanceFlags, propagationFlags);
if ((isRemoved == removePossible) &&
(discretionaryAcl.Count == rawAcl.Count) &&
discretionaryAcl.BinaryLength == rawAcl.BinaryLength)
{
dAclBinaryForm = new byte[discretionaryAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
discretionaryAcl.GetBinaryForm(dAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(dAclBinaryForm, rAclBinaryForm))
{
result = false;
}
//redundant index check
for (int i = 0; i < discretionaryAcl.Count; i++)
{
if (!Utils.IsAceEqual(discretionaryAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
{
result = false;
}
return(result);
}
/// <summary>
/// Removes an ACL entry on the specified directory for the specified account.
/// </summary>
/// <param name="path"></param>
/// <param name="account"></param>
/// <param name="rights"></param>
/// <param name="controlType"></param>
public void RemoveDirectorySecurity(string path, string account, FileSystemRights rights, AccessControlType controlType)
{
// Create a new DirectoryInfo object.
var dirInfo = new DirectoryInfo(path);
// Get a DirectorySecurity object that represents the
// current security settings.
var dirSecurity = dirInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dirSecurity.RemoveAccessRule(new FileSystemAccessRule(account, rights, controlType));
// Set the new access settings.
dirInfo.SetAccessControl(dirSecurity);
}
