private static bool HasFullControl(string useracct, string dir)
{
string[] files = System.IO.Directory.GetFiles(dir);
foreach (string file in files)
{
System.Security.AccessControl.FileSecurity fs = System.IO.File.GetAccessControl(file);
System.Security.AccessControl.AuthorizationRuleCollection rules = fs.GetAccessRules(true, false, typeof(System.Security.Principal.NTAccount));
bool found = false;
foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules)
{
System.Security.Principal.IdentityReference id = rule.IdentityReference;
string rights = rule.FileSystemRights.ToString();
string acct = id.Value;
if (acct.ToLower() == useracct && rights.ToLower() == "fullcontrol")
{
found = true;
break;
}
}
if (!found)
{
return(false);
}
}
return(true);
}
/// <summary>
/// Gets the access control.
/// </summary>
/// <param name="ResponseMain">The response main.</param>
/// <param name="File_Or_Directory">The file or directory.</param>
/// <returns>reeturn acess control list of file or folder</returns>
private List <OnDirResponse.FileOrDir.Property.AccessControl> GetAccessControl(OnDirResponse ResponseMain, string File_Or_Directory)
{
List <OnDirResponse.FileOrDir.Property.AccessControl> JGetAccessControl = new List <OnDirResponse.FileOrDir.Property.AccessControl>();
try {
System.Security.AccessControl.FileSecurity file_sec = System.IO.File.GetAccessControl(File_Or_Directory);
System.Security.AccessControl.AuthorizationRuleCollection ruls = file_sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (System.Security.AccessControl.FileSystemAccessRule rul in ruls)
{
OnDirResponse.FileOrDir.Property.AccessControl JRul = new OnDirResponse.FileOrDir.Property.AccessControl();
JRul.IdentityReference = rul.IdentityReference.Value;
JRul.FileSystemRights = rul.FileSystemRights.ToString();
JRul.AccessControlType = rul.AccessControlType.ToString();
JRul.IsInherited = rul.IsInherited ? "Inherited" : "Explicit";
JRul.PropagationFlags = rul.PropagationFlags.ToString();
JRul.InheritanceFlags = rul.InheritanceFlags.ToString();
JRul.Owner = System.IO.File.GetAccessControl(File_Or_Directory).GetOwner(typeof(System.Security.Principal.NTAccount)).ToString();//
JGetAccessControl.Add(JRul);
}
}catch (Exception ex)
{
ResponseMain.Errors.AddErrorToErrorList(MethodBase.GetCurrentMethod().ToString(), ex.Message);
}
return(JGetAccessControl);
}
internal static bool CheckWriteAccessAndCreate(this System.IO.DirectoryInfo directory, out string errorMessage)
{
System.IO.DirectoryInfo directoryToCheck = directory.Parent;
if (!directoryToCheck.Exists)
{
errorMessage = "Parent folder doesn't exist.";
return(false);
}
errorMessage = "";
string whoIsTrying = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
// Gets all access security types for directory
System.Security.AccessControl.DirectorySecurity security;
try {
security = directoryToCheck.GetAccessControl(System.Security.AccessControl.AccessControlSections.All);
}
catch (System.Security.AccessControl.PrivilegeNotHeldException e) {
errorMessage = e.Message;
Tracer.Log($"\"SeSecurityPrivilege\" error: {whoIsTrying} doesn't have privileges to check folder's security ({directoryToCheck})", e);
return(false);
}
// Collects all access rules for that security types
System.Security.AccessControl.AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
// Iterate each access rule
for (var i = 0; i < rules.Count; i++)
{
var rule = rules[i];
// Do we match the identity ?
if (rule.IdentityReference.Value.Equals(whoIsTrying, System.StringComparison.CurrentCultureIgnoreCase))
{
var fsAccessRule = rule as System.Security.AccessControl.FileSystemAccessRule; // cast to check 4 access rights
var hasAccessOrNotBordelDeMerde = (fsAccessRule.FileSystemRights & System.Security.AccessControl.FileSystemRights.WriteData) > 0 &&
fsAccessRule.AccessControlType != System.Security.AccessControl.AccessControlType.Deny;
if (!hasAccessOrNotBordelDeMerde)
{
errorMessage = $"\"{whoIsTrying}\" does not have write access to {directoryToCheck}";
return(false);
}
try {
directory.Create();
}
catch (System.Exception e) {
errorMessage = e.Message;
Tracer.Log($@"Exception in Config.CheckCreate for this folder: ""{directory.ToString()}""", e);
return(false);
}
}
}
return(true);
}
/// <summary>
/// 判断指定的文件或目录是否拥有与 identity 相关联的权限设置。
/// </summary>
/// <param name="path">文件或目录路径。</param>
/// <param name="identity">Windows 用户或组名称。</param>
/// <returns>存在返回 true;否则返回 false。</returns>
public static bool IsExistsPermission(string path, string identity)
{
identity = identity.ToLower();
bool hasDomain = (identity.IndexOf('\\') != -1);
if (System.IO.Directory.Exists(path))
{
System.Security.AccessControl.DirectorySecurity ds = System.IO.Directory.GetAccessControl(path);
System.Security.AccessControl.AuthorizationRuleCollection arc = ds.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (System.Security.AccessControl.FileSystemAccessRule tmp in arc)
{
string ident = tmp.IdentityReference.Value.ToLower();
if (hasDomain)
{
if (ident == identity)
{
return(true);
}
}
else
{
if (ident == identity || ident.EndsWith(@"\" + identity))
{
return(true);
}
}
}
}
else if (System.IO.File.Exists(path))
{
System.Security.AccessControl.FileSecurity ds = System.IO.File.GetAccessControl(path);
System.Security.AccessControl.AuthorizationRuleCollection arc = ds.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (System.Security.AccessControl.FileSystemAccessRule tmp in arc)
{
string ident = tmp.IdentityReference.Value.ToLower();
if (hasDomain)
{
if (ident == identity)
{
return(true);
}
}
else
{
if (ident == identity || ident.EndsWith(@"\" + identity))
{
return(true);
}
}
}
}
return(false);
}
} // End Function DirectoryHasPermission
/// <summary>
/// Test a directory for create file access permissions
/// </summary>
/// <param name="DirectoryPath">Full path to directory </param>
/// <param name="AccessRight">File System right tested</param>
/// <returns>State [bool]</returns>
public static bool DirectoryHasPermission_Windows(System.IO.DirectoryInfo di, System.Security.AccessControl.FileSystemRights AccessRight)
{
if (!di.Exists)
{
return(false);
}
// Requires nuget: System.IO.FileSystem.AccessControl
try
{
System.Security.AccessControl.AuthorizationRuleCollection rules = System.IO.FileSystemAclExtensions.GetAccessControl(di).GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
System.Security.Principal.WindowsIdentity identity = System.Security.Principal.WindowsIdentity.GetCurrent();
// https://stackoverflow.com/questions/1410127/c-sharp-test-if-user-has-write-access-to-a-folder
// AccessControlType deny takes precedence over allow, so to be completely thorough rules that deny the access right should be checked as well,
foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules)
{
// if (identity.Groups.Contains(rule.IdentityReference))
if (identity.Groups.Contains(rule.IdentityReference) || identity.Owner.Equals(rule.IdentityReference))
{
if ((AccessRight & rule.FileSystemRights) > 0)
{
if (rule.AccessControlType == System.Security.AccessControl.AccessControlType.Deny)
{
return(false);
}
}
}
}
foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules)
{
// if (identity.Groups.Contains(rule.IdentityReference))
if (identity.Groups.Contains(rule.IdentityReference) || identity.Owner.Equals(rule.IdentityReference))
{
if ((AccessRight & rule.FileSystemRights) == AccessRight)
{
if (rule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow)
{
return(true);
}
}
}
}
}
catch (System.Exception)
{ }
return(false);
}
/// <summary>
/// Check permissions
/// </summary>
/// <param name="path">Path</param>
/// <param name="checkRead">Check read</param>
/// <param name="checkWrite">Check write</param>
/// <param name="checkModify">Check modify</param>
/// <param name="checkDelete">Check delete</param>
/// <returns>Resulr</returns>
private static bool CheckPermissions(RequiredCheck requiredCheck, string path)
{
WindowsIdentity current = WindowsIdentity.GetCurrent();
try
{
System.Security.AccessControl.AuthorizationRuleCollection rules = Directory.GetAccessControl(path).GetAccessRules(true, true, typeof(SecurityIdentifier));
PermissionsChecker permissionsChecker = new PermissionsChecker(current, rules, requiredCheck);
return(permissionsChecker.IsValid());
}
catch
{
return(true);
}
}
//File System Extension
public static char[] GetFilePermissions(this FileInfo file)
{
System.Security.AccessControl.AuthorizationRuleCollection rules = file.GetAccessControl().GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
char[] permissions = { '-', '-', '-', '-', '-', '-', '-', '-', '-', '-' };
int index = -1;
foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules)
{
permissions[1] = 'r';
permissions[2] = 'w';
permissions[3] = 'x';
if (rule.IdentityReference.ToString().Contains("Administrators"))
{
index = 4;
}
else if (rule.IdentityReference.ToString().Contains("Users"))
{
index = 7;
}
if (index != -1)
{
if (rule.FileSystemRights.ToString().Contains("FullControl"))
{
permissions[index] = 'r';
permissions[index + 1] = 'w';
permissions[index + 2] = 'x';
}
else if (rule.FileSystemRights.ToString().Contains("ReadAndExecute"))
{
permissions[index] = 'r';
permissions[index + 2] = 'x';
}
else if (rule.FileSystemRights.ToString().Contains("Modify"))
{
permissions[index + 1] = 'w';
}
}
index = -1;
}
return(permissions);
}
/// <summary>
/// 获取权限集合。
/// </summary>
/// <param name="path">文件或目录路径。</param>
/// <returns>权限集合。</returns>
public static string[] GetPermissions(string path)
{
System.Collections.Generic.List <string> l = new System.Collections.Generic.List <string>();
if (System.IO.Directory.Exists(path))
{
System.Security.AccessControl.DirectorySecurity ds = System.IO.Directory.GetAccessControl(path);
System.Security.AccessControl.AuthorizationRuleCollection arc = ds.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (System.Security.AccessControl.FileSystemAccessRule tmp in arc)
{
l.Add(tmp.IdentityReference.Value);
}
}
else if (System.IO.File.Exists(path))
{
System.Security.AccessControl.FileSecurity ds = System.IO.File.GetAccessControl(path);
System.Security.AccessControl.AuthorizationRuleCollection arc = ds.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (System.Security.AccessControl.FileSystemAccessRule tmp in arc)
{
l.Add(tmp.IdentityReference.Value);
}
}
return(l.ToArray());
}
private bool hasPermission(string path, System.Security.AccessControl.FileSystemRights accessRight)
{
try
{
System.Security.AccessControl.AuthorizationRuleCollection rules = System.IO.Directory.GetAccessControl(path).GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
System.Security.Principal.WindowsIdentity identity = System.Security.Principal.WindowsIdentity.GetCurrent();
foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules)
{
if (identity.Groups.Contains(rule.IdentityReference))
{
if ((accessRight & rule.FileSystemRights) == accessRight)
{
if (rule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow)
{
return(true);
}
}
}
}
}
catch { }
return(false);
}
private bool HasLocalAces(System.Security.AccessControl.AuthorizationRuleCollection rules)
{
var localACE = rules.Cast <System.Security.AccessControl.AccessRule>().FirstOrDefault(a => !a.IsInherited);
return(localACE != null);
}
private static bool HasLocalAces(System.Security.AccessControl.AuthorizationRuleCollection rules)
{
return(null != rules.Cast <System.Security.AccessControl.AccessRule>().FirstOrDefault(a => !a.IsInherited));
}
