/// <summary> /// Gets the application access rules implied by the access rights to the file. /// </summary> public static void SetAccessRules(String filePath, IList <ApplicationAccessRule> accessRules, bool replaceExisting) { // get the current permissions from the file or directory. FileSystemSecurity security = null; FileInfo fileInfo = new FileInfo(filePath); DirectoryInfo directoryInfo = null; if (!fileInfo.Exists) { directoryInfo = new DirectoryInfo(filePath); if (!directoryInfo.Exists) { throw new FileNotFoundException("File or directory does not exist.", filePath); } security = directoryInfo.GetAccessControl(AccessControlSections.Access); } else { security = fileInfo.GetAccessControl(AccessControlSections.Access); } if (replaceExisting) { // can't use inhieritance when setting permissions security.SetAccessRuleProtection(true, false); // remove all existing access rules. AuthorizationRuleCollection authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount)); for (int ii = 0; ii < authorizationRules.Count; ii++) { FileSystemAccessRule accessRule = authorizationRules[ii] as FileSystemAccessRule; // only care about file system rules. if (accessRule == null) { continue; } security.RemoveAccessRule(accessRule); } } // allow children to inherit rules for directories. InheritanceFlags flags = InheritanceFlags.None; if (directoryInfo != null) { flags = InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit; } // add the new rules. for (int ii = 0; ii < accessRules.Count; ii++) { ApplicationAccessRule applicationRule = accessRules[ii]; IdentityReference identityReference = applicationRule.IdentityReference; if (identityReference == null) { if (applicationRule.IdentityName.StartsWith("S-")) { SecurityIdentifier sid = new SecurityIdentifier(applicationRule.IdentityName); if (!sid.IsValidTargetType(typeof(NTAccount))) { continue; } identityReference = sid.Translate(typeof(NTAccount)); } else { identityReference = new NTAccount(applicationRule.IdentityName); } } FileSystemAccessRule fileRule = null; switch (applicationRule.Right) { case ApplicationAccessRight.Run: { fileRule = new FileSystemAccessRule( identityReference, (applicationRule.RuleType == AccessControlType.Allow) ? Read : Configure, flags, PropagationFlags.None, ApplicationAccessRule.Convert(applicationRule.RuleType)); break; } case ApplicationAccessRight.Update: { fileRule = new FileSystemAccessRule( identityReference, (applicationRule.RuleType == AccessControlType.Allow) ? Update : ConfigureOnly | UpdateOnly, flags, PropagationFlags.None, ApplicationAccessRule.Convert(applicationRule.RuleType)); security.SetAccessRule(fileRule); break; } case ApplicationAccessRight.Configure: { fileRule = new FileSystemAccessRule( identityReference, (applicationRule.RuleType == AccessControlType.Allow) ? Configure : ConfigureOnly, flags, PropagationFlags.None, ApplicationAccessRule.Convert(applicationRule.RuleType)); break; } } try { security.SetAccessRule(fileRule); } catch (Exception e) { Utils.Trace( "Could not set access rule for account '{0}' on file '{1}'. Error={2}", applicationRule.IdentityName, filePath, e.Message); } } if (directoryInfo != null) { directoryInfo.SetAccessControl((DirectorySecurity)security); return; } fileInfo.SetAccessControl((FileSecurity)security); }
public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, IDokanFileInfo info) { return(DokanResult.NotImplemented); }
public NtStatus GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { throw new NotImplementedException(); }
// return true if there is new relation(s) created private bool InsertFileDescriptorRelation(string filenode, FileSystemSecurity sd, bool skipInherited, string knownOwner) { bool newRelation = false; if (!sd.GetOwner(typeof(SecurityIdentifier)).Value.Equals(knownOwner, StringComparison.InvariantCultureIgnoreCase)) { Storage.InsertRelation(sd.GetOwner(typeof(SecurityIdentifier)).Value, MappingType.Sid, filenode, MappingType.Name, RelationType.FILE_OWNER); newRelation = true; } // relations can be duplicated - will slow down import Dictionary <string, List <RelationType> > relationToAdd = new Dictionary <string, List <RelationType> >(); foreach (FileSystemAccessRule accessrule in sd.GetAccessRules(true, true, typeof(SecurityIdentifier))) { // ignore audit / denied ace if (accessrule.AccessControlType != AccessControlType.Allow) { continue; } if (skipInherited && accessrule.IsInherited) { continue; } // GEN_RIGHT_ALL if ((accessrule.FileSystemRights & FileSystemRights.FullControl) == FileSystemRights.FullControl) { IncludeRelationInDictionary(relationToAdd, accessrule.IdentityReference.Value, RelationType.GEN_RIGHT_ALL); } // GEN_RIGHT_WRITE if ((accessrule.FileSystemRights & FileSystemRights.Write) == FileSystemRights.Write) { IncludeRelationInDictionary(relationToAdd, accessrule.IdentityReference.Value, RelationType.GEN_RIGHT_WRITE); } // STAND_RIGHT_WRITE_DAC if ((accessrule.FileSystemRights & FileSystemRights.ChangePermissions) == FileSystemRights.ChangePermissions) { IncludeRelationInDictionary(relationToAdd, accessrule.IdentityReference.Value, RelationType.STAND_RIGHT_WRITE_DAC); } // STAND_RIGHT_WRITE_OWNER if ((accessrule.FileSystemRights & FileSystemRights.TakeOwnership) == FileSystemRights.TakeOwnership) { IncludeRelationInDictionary(relationToAdd, accessrule.IdentityReference.Value, RelationType.STAND_RIGHT_WRITE_OWNER); } // FILE_WRITEDATA_ADDFILE if ((accessrule.FileSystemRights & FileSystemRights.WriteData) == FileSystemRights.WriteData) { IncludeRelationInDictionary(relationToAdd, accessrule.IdentityReference.Value, RelationType.FS_RIGHT_WRITEDATA_ADDFILE); } // FILE_APPENDDATA_ADDSUBDIR if ((accessrule.FileSystemRights & FileSystemRights.AppendData) == FileSystemRights.AppendData) { IncludeRelationInDictionary(relationToAdd, accessrule.IdentityReference.Value, RelationType.FS_RIGHT_APPENDDATA_ADDSUBDIR); } } foreach (string target in relationToAdd.Keys) { foreach (RelationType link in relationToAdd[target]) { Storage.InsertRelation(target, MappingType.Sid, filenode, MappingType.Name, link); newRelation = true; } } return(newRelation); }