private static bool HasFullControl(string useracct, string dir) { string[] files = System.IO.Directory.GetFiles(dir); foreach (string file in files) { System.Security.AccessControl.FileSecurity fs = System.IO.File.GetAccessControl(file); System.Security.AccessControl.AuthorizationRuleCollection rules = fs.GetAccessRules(true, false, typeof(System.Security.Principal.NTAccount)); bool found = false; foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules) { System.Security.Principal.IdentityReference id = rule.IdentityReference; string rights = rule.FileSystemRights.ToString(); string acct = id.Value; if (acct.ToLower() == useracct && rights.ToLower() == "fullcontrol") { found = true; break; } } if (!found) { return(false); } } return(true); }
/// <summary> /// Gets the access control. /// </summary> /// <param name="ResponseMain">The response main.</param> /// <param name="File_Or_Directory">The file or directory.</param> /// <returns>reeturn acess control list of file or folder</returns> private List <OnDirResponse.FileOrDir.Property.AccessControl> GetAccessControl(OnDirResponse ResponseMain, string File_Or_Directory) { List <OnDirResponse.FileOrDir.Property.AccessControl> JGetAccessControl = new List <OnDirResponse.FileOrDir.Property.AccessControl>(); try { System.Security.AccessControl.FileSecurity file_sec = System.IO.File.GetAccessControl(File_Or_Directory); System.Security.AccessControl.AuthorizationRuleCollection ruls = file_sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); foreach (System.Security.AccessControl.FileSystemAccessRule rul in ruls) { OnDirResponse.FileOrDir.Property.AccessControl JRul = new OnDirResponse.FileOrDir.Property.AccessControl(); JRul.IdentityReference = rul.IdentityReference.Value; JRul.FileSystemRights = rul.FileSystemRights.ToString(); JRul.AccessControlType = rul.AccessControlType.ToString(); JRul.IsInherited = rul.IsInherited ? "Inherited" : "Explicit"; JRul.PropagationFlags = rul.PropagationFlags.ToString(); JRul.InheritanceFlags = rul.InheritanceFlags.ToString(); JRul.Owner = System.IO.File.GetAccessControl(File_Or_Directory).GetOwner(typeof(System.Security.Principal.NTAccount)).ToString();// JGetAccessControl.Add(JRul); } }catch (Exception ex) { ResponseMain.Errors.AddErrorToErrorList(MethodBase.GetCurrentMethod().ToString(), ex.Message); } return(JGetAccessControl); }
internal static bool CheckWriteAccessAndCreate(this System.IO.DirectoryInfo directory, out string errorMessage) { System.IO.DirectoryInfo directoryToCheck = directory.Parent; if (!directoryToCheck.Exists) { errorMessage = "Parent folder doesn't exist."; return(false); } errorMessage = ""; string whoIsTrying = System.Security.Principal.WindowsIdentity.GetCurrent().Name; // Gets all access security types for directory System.Security.AccessControl.DirectorySecurity security; try { security = directoryToCheck.GetAccessControl(System.Security.AccessControl.AccessControlSections.All); } catch (System.Security.AccessControl.PrivilegeNotHeldException e) { errorMessage = e.Message; Tracer.Log($"\"SeSecurityPrivilege\" error: {whoIsTrying} doesn't have privileges to check folder's security ({directoryToCheck})", e); return(false); } // Collects all access rules for that security types System.Security.AccessControl.AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); // Iterate each access rule for (var i = 0; i < rules.Count; i++) { var rule = rules[i]; // Do we match the identity ? if (rule.IdentityReference.Value.Equals(whoIsTrying, System.StringComparison.CurrentCultureIgnoreCase)) { var fsAccessRule = rule as System.Security.AccessControl.FileSystemAccessRule; // cast to check 4 access rights var hasAccessOrNotBordelDeMerde = (fsAccessRule.FileSystemRights & System.Security.AccessControl.FileSystemRights.WriteData) > 0 && fsAccessRule.AccessControlType != System.Security.AccessControl.AccessControlType.Deny; if (!hasAccessOrNotBordelDeMerde) { errorMessage = $"\"{whoIsTrying}\" does not have write access to {directoryToCheck}"; return(false); } try { directory.Create(); } catch (System.Exception e) { errorMessage = e.Message; Tracer.Log($@"Exception in Config.CheckCreate for this folder: ""{directory.ToString()}""", e); return(false); } } } return(true); }
/// <summary> /// 判断指定的文件或目录是否拥有与 identity 相关联的权限设置。 /// </summary> /// <param name="path">文件或目录路径。</param> /// <param name="identity">Windows 用户或组名称。</param> /// <returns>存在返回 true;否则返回 false。</returns> public static bool IsExistsPermission(string path, string identity) { identity = identity.ToLower(); bool hasDomain = (identity.IndexOf('\\') != -1); if (System.IO.Directory.Exists(path)) { System.Security.AccessControl.DirectorySecurity ds = System.IO.Directory.GetAccessControl(path); System.Security.AccessControl.AuthorizationRuleCollection arc = ds.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); foreach (System.Security.AccessControl.FileSystemAccessRule tmp in arc) { string ident = tmp.IdentityReference.Value.ToLower(); if (hasDomain) { if (ident == identity) { return(true); } } else { if (ident == identity || ident.EndsWith(@"\" + identity)) { return(true); } } } } else if (System.IO.File.Exists(path)) { System.Security.AccessControl.FileSecurity ds = System.IO.File.GetAccessControl(path); System.Security.AccessControl.AuthorizationRuleCollection arc = ds.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); foreach (System.Security.AccessControl.FileSystemAccessRule tmp in arc) { string ident = tmp.IdentityReference.Value.ToLower(); if (hasDomain) { if (ident == identity) { return(true); } } else { if (ident == identity || ident.EndsWith(@"\" + identity)) { return(true); } } } } return(false); }
} // End Function DirectoryHasPermission /// <summary> /// Test a directory for create file access permissions /// </summary> /// <param name="DirectoryPath">Full path to directory </param> /// <param name="AccessRight">File System right tested</param> /// <returns>State [bool]</returns> public static bool DirectoryHasPermission_Windows(System.IO.DirectoryInfo di, System.Security.AccessControl.FileSystemRights AccessRight) { if (!di.Exists) { return(false); } // Requires nuget: System.IO.FileSystem.AccessControl try { System.Security.AccessControl.AuthorizationRuleCollection rules = System.IO.FileSystemAclExtensions.GetAccessControl(di).GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); System.Security.Principal.WindowsIdentity identity = System.Security.Principal.WindowsIdentity.GetCurrent(); // https://stackoverflow.com/questions/1410127/c-sharp-test-if-user-has-write-access-to-a-folder // AccessControlType deny takes precedence over allow, so to be completely thorough rules that deny the access right should be checked as well, foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules) { // if (identity.Groups.Contains(rule.IdentityReference)) if (identity.Groups.Contains(rule.IdentityReference) || identity.Owner.Equals(rule.IdentityReference)) { if ((AccessRight & rule.FileSystemRights) > 0) { if (rule.AccessControlType == System.Security.AccessControl.AccessControlType.Deny) { return(false); } } } } foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules) { // if (identity.Groups.Contains(rule.IdentityReference)) if (identity.Groups.Contains(rule.IdentityReference) || identity.Owner.Equals(rule.IdentityReference)) { if ((AccessRight & rule.FileSystemRights) == AccessRight) { if (rule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow) { return(true); } } } } } catch (System.Exception) { } return(false); }
/// <summary> /// Check permissions /// </summary> /// <param name="path">Path</param> /// <param name="checkRead">Check read</param> /// <param name="checkWrite">Check write</param> /// <param name="checkModify">Check modify</param> /// <param name="checkDelete">Check delete</param> /// <returns>Resulr</returns> private static bool CheckPermissions(RequiredCheck requiredCheck, string path) { WindowsIdentity current = WindowsIdentity.GetCurrent(); try { System.Security.AccessControl.AuthorizationRuleCollection rules = Directory.GetAccessControl(path).GetAccessRules(true, true, typeof(SecurityIdentifier)); PermissionsChecker permissionsChecker = new PermissionsChecker(current, rules, requiredCheck); return(permissionsChecker.IsValid()); } catch { return(true); } }
//File System Extension public static char[] GetFilePermissions(this FileInfo file) { System.Security.AccessControl.AuthorizationRuleCollection rules = file.GetAccessControl().GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); char[] permissions = { '-', '-', '-', '-', '-', '-', '-', '-', '-', '-' }; int index = -1; foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules) { permissions[1] = 'r'; permissions[2] = 'w'; permissions[3] = 'x'; if (rule.IdentityReference.ToString().Contains("Administrators")) { index = 4; } else if (rule.IdentityReference.ToString().Contains("Users")) { index = 7; } if (index != -1) { if (rule.FileSystemRights.ToString().Contains("FullControl")) { permissions[index] = 'r'; permissions[index + 1] = 'w'; permissions[index + 2] = 'x'; } else if (rule.FileSystemRights.ToString().Contains("ReadAndExecute")) { permissions[index] = 'r'; permissions[index + 2] = 'x'; } else if (rule.FileSystemRights.ToString().Contains("Modify")) { permissions[index + 1] = 'w'; } } index = -1; } return(permissions); }
/// <summary> /// 获取权限集合。 /// </summary> /// <param name="path">文件或目录路径。</param> /// <returns>权限集合。</returns> public static string[] GetPermissions(string path) { System.Collections.Generic.List <string> l = new System.Collections.Generic.List <string>(); if (System.IO.Directory.Exists(path)) { System.Security.AccessControl.DirectorySecurity ds = System.IO.Directory.GetAccessControl(path); System.Security.AccessControl.AuthorizationRuleCollection arc = ds.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); foreach (System.Security.AccessControl.FileSystemAccessRule tmp in arc) { l.Add(tmp.IdentityReference.Value); } } else if (System.IO.File.Exists(path)) { System.Security.AccessControl.FileSecurity ds = System.IO.File.GetAccessControl(path); System.Security.AccessControl.AuthorizationRuleCollection arc = ds.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); foreach (System.Security.AccessControl.FileSystemAccessRule tmp in arc) { l.Add(tmp.IdentityReference.Value); } } return(l.ToArray()); }
private bool hasPermission(string path, System.Security.AccessControl.FileSystemRights accessRight) { try { System.Security.AccessControl.AuthorizationRuleCollection rules = System.IO.Directory.GetAccessControl(path).GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); System.Security.Principal.WindowsIdentity identity = System.Security.Principal.WindowsIdentity.GetCurrent(); foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules) { if (identity.Groups.Contains(rule.IdentityReference)) { if ((accessRight & rule.FileSystemRights) == accessRight) { if (rule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow) { return(true); } } } } } catch { } return(false); }
private bool HasLocalAces(System.Security.AccessControl.AuthorizationRuleCollection rules) { var localACE = rules.Cast <System.Security.AccessControl.AccessRule>().FirstOrDefault(a => !a.IsInherited); return(localACE != null); }
private static bool HasLocalAces(System.Security.AccessControl.AuthorizationRuleCollection rules) { return(null != rules.Cast <System.Security.AccessControl.AccessRule>().FirstOrDefault(a => !a.IsInherited)); }