コード例 #1
0
        public static void EnableAccessInheritance(FileSystemInfo item, bool removeExplicitAccessRules)
        {
            var sd = new FileSystemSecurity2(item, AccessControlSections.Access);

            EnableAccessInheritance(sd, removeExplicitAccessRules);
            sd.Write();
        }
コード例 #2
0
        public static void DisableAuditInheritance(FileSystemInfo item, bool removeInheritedAccessRules)
        {
            var sd = new FileSystemSecurity2(item, AccessControlSections.Audit);

            DisableAuditInheritance(sd, removeInheritedAccessRules);
            sd.Write();
        }
コード例 #3
0
 private static void DisableInheritance(FileSystemSecurity2 sd, bool removeInheritedAccessRules, InheritanceScope scope)
 {
     if (sd.IsFile)
     {
         if (scope == InheritanceScope.Access)
         {
             ((FileSecurity)sd.SecurityDescriptor).SetAccessRuleProtection(true, !removeInheritedAccessRules);
         }
         else
         {
             ((FileSecurity)sd.SecurityDescriptor).SetAuditRuleProtection(true, !removeInheritedAccessRules);
         }
     }
     else
     {
         if (scope == InheritanceScope.Access)
         {
             ((DirectorySecurity)sd.SecurityDescriptor).SetAccessRuleProtection(true, !removeInheritedAccessRules);
         }
         else
         {
             ((DirectorySecurity)sd.SecurityDescriptor).SetAuditRuleProtection(true, !removeInheritedAccessRules);
         }
     }
 }
        public static FileSystemAuditRule2 RemoveFileSystemAuditRule(FileSystemSecurity2 sd, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, bool removeSpecific = false)
        {
            var ace = (FileSystemAuditRule)sd.SecurityDescriptor.AuditRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);

            if (sd.IsFile)
            {
                if (removeSpecific)
                {
                    ((FileSecurity)sd.SecurityDescriptor).RemoveAuditRuleSpecific(ace);
                }
                else
                {
                    ((FileSecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
                }
            }
            else
            {
                if (removeSpecific)
                {
                    ((DirectorySecurity)sd.SecurityDescriptor).RemoveAuditRuleSpecific(ace);
                }
                else
                {
                    ((DirectorySecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
                }
            }

            return(ace);
        }
        public static IEnumerable <FileSystemAccessRule2> GetFileSystemAccessRules(FileSystemSecurity2 sd, bool includeExplicit, bool includeInherited, bool getInheritedFrom = false)
        {
            List <FileSystemAccessRule2> aceList = new List <FileSystemAccessRule2>();
            List <string> inheritedFrom          = null;

            if (getInheritedFrom)
            {
                inheritedFrom = Win32.GetInheritedFrom(sd.Item, sd.SecurityDescriptor);
            }

            var aceCounter = 0;
            var acl        = !sd.IsFile ?
                             ((DirectorySecurity)sd.SecurityDescriptor).GetAccessRules(includeExplicit, includeInherited, typeof(SecurityIdentifier)) :
                             ((FileSecurity)sd.SecurityDescriptor).GetAccessRules(includeExplicit, includeInherited, typeof(SecurityIdentifier));

            foreach (FileSystemAccessRule ace in acl)
            {
                var ace2 = new FileSystemAccessRule2(ace)
                {
                    FullName = sd.Item.FullName, InheritanceEnabled = !sd.SecurityDescriptor.AreAccessRulesProtected
                };
                if (getInheritedFrom)
                {
                    ace2.inheritedFrom = string.IsNullOrEmpty(inheritedFrom[aceCounter]) ? "" : inheritedFrom[aceCounter].Substring(0, inheritedFrom[aceCounter].Length - 1);
                    aceCounter++;
                }

                aceList.Add(ace2);
            }

            return(aceList);
        }
コード例 #6
0
        public static FileSystemAccessRule2 RemoveFileSystemAccessRule(FileSystemSecurity2 sd, IdentityReference2 account, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, bool removeSpecific = false)
        {
            if (type == AccessControlType.Allow)
            {
                rights = rights | FileSystemRights2.Synchronize;
            }

            var ace = (FileSystemAccessRule)sd.SecurityDescriptor.AccessRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);

            if (sd.IsFile)
            {
                if (removeSpecific)
                {
                    ((FileSecurity)sd.SecurityDescriptor).RemoveAccessRuleSpecific(ace);
                }
                else
                {
                    ((FileSecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
                }
            }
            else
            {
                if (removeSpecific)
                {
                    ((DirectorySecurity)sd.SecurityDescriptor).RemoveAccessRuleSpecific(ace);
                }
                else
                {
                    ((DirectorySecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
                }
            }

            return(ace);
        }
コード例 #7
0
        public static void SetOwner(FileSystemInfo item, IdentityReference2 account)
        {
            var sd = new FileSystemSecurity2(item, AccessControlSections.Owner);

            SetOwner(sd, account);

            sd.Write();
        }
        public static void RemoveFileSystemAccessRuleAll(FileSystemInfo item, List <IdentityReference2> accounts = null)
        {
            var sd = new FileSystemSecurity2(item);

            RemoveFileSystemAccessRuleAll(sd, accounts);

            sd.Write();
        }
        public static FileSystemAuditRule2 AddFileSystemAuditRule(FileSystemInfo item, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
        {
            var sd = new FileSystemSecurity2(item);

            var ace = AddFileSystemAuditRule(sd, account, rights, type, inheritanceFlags, propagationFlags);

            sd.Write();

            return(ace);
        }
コード例 #10
0
        public static IEnumerable <FileSystemAccessRule2> AddFileSystemAccessRule(FileSystemSecurity2 sd, List <IdentityReference2> accounts, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
        {
            var aces = new List <FileSystemAccessRule2>();

            foreach (var account in accounts)
            {
                aces.Add(AddFileSystemAccessRule(sd, account, rights, type, inheritanceFlags, propagationFlags));
            }

            return(aces);
        }
        public static IEnumerable <FileSystemAuditRule2> RemoveFileSystemAuditRule(FileSystemSecurity2 sd, List <IdentityReference2> accounts, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, bool removeSpecific = false)
        {
            var aces = new List <FileSystemAuditRule2>();

            foreach (var account in accounts)
            {
                aces.Add(RemoveFileSystemAuditRule(sd, account, rights, type, inheritanceFlags, propagationFlags));
            }

            return(aces);
        }
        public static void RemoveFileSystemAccessRuleAll(FileSystemSecurity2 sd, List <IdentityReference2> accounts = null)
        {
            var acl = sd.SecurityDescriptor.GetAccessRules(true, false, typeof(SecurityIdentifier));

            if (accounts != null)
            {
                acl.OfType <FileSystemAccessRule>().Where(ace => (accounts.Where(account => account == (IdentityReference2)ace.IdentityReference).Count() > 1));
            }

            foreach (FileSystemAccessRule ace in acl)
            {
                sd.SecurityDescriptor.RemoveAccessRuleSpecific(ace);
            }
        }
コード例 #13
0
        public static FileSystemAccessRule2 AddFileSystemAccessRule(FileSystemInfo item, IdentityReference2 account, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
        {
            if (type == AccessControlType.Allow)
            {
                rights = rights | FileSystemRights2.Synchronize;
            }

            var sd = new FileSystemSecurity2(item);

            var ace = AddFileSystemAccessRule(sd, account, rights, type, inheritanceFlags, propagationFlags);

            sd.Write();

            return(ace);
        }
        public static FileSystemAuditRule2 AddFileSystemAuditRule(FileSystemSecurity2 sd, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
        {
            FileSystemAuditRule2 ace = null;

            if (sd.IsFile)
            {
                ace = (FileSystemAuditRule)sd.SecurityDescriptor.AuditRuleFactory(account, (int)rights, false, InheritanceFlags.None, PropagationFlags.None, type);
                ((FileSecurity)sd.SecurityDescriptor).AddAuditRule(ace);
            }
            else
            {
                ace = (FileSystemAuditRule)sd.SecurityDescriptor.AuditRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
                ((DirectorySecurity)sd.SecurityDescriptor).AddAuditRule(ace);
            }

            return(ace);
        }
コード例 #15
0
        public static EffectiveAccessInfo GetEffectiveAccess(FileSystemInfo item, IdentityReference2 id, string serverName)
        {
            bool      remoteServerAvailable     = false;
            Exception authzAccessCheckException = null;

            var win32 = new Win32();

            var fss = new FileSystemSecurity2(item);

            var effectiveAccessMask = win32.GetEffectiveAccess(fss.SecurityDescriptor, id, serverName, out remoteServerAvailable, out authzAccessCheckException);

            var ace = new FileSystemAccessRule((SecurityIdentifier)id, (FileSystemRights)effectiveAccessMask, AccessControlType.Allow);

            return(new EffectiveAccessInfo(
                       new FileSystemAccessRule2(ace, item),
                       remoteServerAvailable,
                       authzAccessCheckException));
        }
コード例 #16
0
        public static FileSystemAccessRule2 AddFileSystemAccessRule(FileSystemSecurity2 sd, IdentityReference2 account, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
        {
            if (type == AccessControlType.Allow)
            {
                rights = rights | FileSystemRights2.Synchronize;
            }

            FileSystemAccessRule ace = null;

            if (sd.IsFile)
            {
                ace = (FileSystemAccessRule)sd.SecurityDescriptor.AccessRuleFactory(account, (int)rights, false, InheritanceFlags.None, PropagationFlags.None, type);
                ((FileSecurity)sd.SecurityDescriptor).AddAccessRule(ace);
            }
            else
            {
                ace = (FileSystemAccessRule)sd.SecurityDescriptor.AccessRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
                ((DirectorySecurity)sd.SecurityDescriptor).AddAccessRule(ace);
            }

            return(ace);
        }
        public static IEnumerable <FileSystemAccessRule2> GetFileSystemAccessRules(FileSystemInfo item, bool includeExplicit, bool includeInherited, bool getInheritedFrom = false)
        {
            var sd = new FileSystemSecurity2(item, AccessControlSections.Access);

            return(GetFileSystemAccessRules(sd, includeExplicit, includeInherited, getInheritedFrom));
        }
コード例 #18
0
        private static void EnableInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules, InheritanceScope scope)
        {
            if (sd.IsFile)
            {
                if (scope == InheritanceScope.Access)
                {
                    sd.SecurityDescriptor.SetAccessRuleProtection(false, false);

                    //if RemoveExplicitAccessRules is set
                    if (removeExplicitAccessRules)
                    {
                        //remove all explicitly set ACEs from the item
                        foreach (FileSystemAccessRule ace in ((FileSecurity)sd.SecurityDescriptor).GetAccessRules(true, false, typeof(SecurityIdentifier)))
                        {
                            ((FileSecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
                        }
                    }
                }
                else
                {
                    sd.SecurityDescriptor.SetAuditRuleProtection(false, false);

                    //if RemoveExplicitAccessRules is set
                    if (removeExplicitAccessRules)
                    {
                        //remove all explicitly set ACEs from the item
                        foreach (FileSystemAuditRule ace in ((FileSecurity)sd.SecurityDescriptor).GetAuditRules(true, false, typeof(SecurityIdentifier)))
                        {
                            ((FileSecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
                        }
                    }
                }
            }
            else
            {
                if (scope == InheritanceScope.Access)
                {
                    ((DirectorySecurity)sd.SecurityDescriptor).SetAccessRuleProtection(false, false);

                    //if RemoveExplicitAccessRules is set
                    if (removeExplicitAccessRules)
                    {
                        //remove all explicitly set ACEs from the item
                        foreach (FileSystemAccessRule ace in ((DirectorySecurity)sd.SecurityDescriptor).GetAccessRules(true, false, typeof(SecurityIdentifier)))
                        {
                            ((DirectorySecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
                        }
                    }
                }
                else
                {
                    ((DirectorySecurity)sd.SecurityDescriptor).SetAuditRuleProtection(false, false);

                    //if RemoveExplicitAccessRules is set
                    if (removeExplicitAccessRules)
                    {
                        //remove all explicitly set ACEs from the item
                        foreach (FileSystemAuditRule ace in ((DirectorySecurity)sd.SecurityDescriptor).GetAuditRules(true, false, typeof(SecurityIdentifier)))
                        {
                            ((DirectorySecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
                        }
                    }
                }
            }
        }
コード例 #19
0
 public static void EnableAccessInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)
 {
     EnableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Access);
 }
コード例 #20
0
 public static void DisableAuditInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)
 {
     DisableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Audit);
 }
コード例 #21
0
 public static FileSystemInheritanceInfo GetFileSystemInheritanceInfo(FileSystemSecurity2 sd)
 {
     return(new FileSystemInheritanceInfo(sd.Item, !sd.SecurityDescriptor.AreAccessRulesProtected, !sd.SecurityDescriptor.AreAuditRulesProtected));
 }
コード例 #22
0
 public static void SetOwner(FileSystemSecurity2 sd, IdentityReference2 account)
 {
     sd.SecurityDescriptor.SetOwner(account);
 }
コード例 #23
0
 public static FileSystemOwner GetOwner(FileSystemSecurity2 sd)
 {
     return(new FileSystemOwner(sd.Item, sd.SecurityDescriptor.GetOwner(typeof(SecurityIdentifier))));
 }