public static void EnableAccessInheritance(FileSystemInfo item, bool removeExplicitAccessRules)
{
var sd = new FileSystemSecurity2(item, AccessControlSections.Access);
EnableAccessInheritance(sd, removeExplicitAccessRules);
sd.Write();
}
public static void DisableAuditInheritance(FileSystemInfo item, bool removeInheritedAccessRules)
{
var sd = new FileSystemSecurity2(item, AccessControlSections.Audit);
DisableAuditInheritance(sd, removeInheritedAccessRules);
sd.Write();
}
private static void DisableInheritance(FileSystemSecurity2 sd, bool removeInheritedAccessRules, InheritanceScope scope)
{
if (sd.IsFile)
{
if (scope == InheritanceScope.Access)
{
((FileSecurity)sd.SecurityDescriptor).SetAccessRuleProtection(true, !removeInheritedAccessRules);
}
else
{
((FileSecurity)sd.SecurityDescriptor).SetAuditRuleProtection(true, !removeInheritedAccessRules);
}
}
else
{
if (scope == InheritanceScope.Access)
{
((DirectorySecurity)sd.SecurityDescriptor).SetAccessRuleProtection(true, !removeInheritedAccessRules);
}
else
{
((DirectorySecurity)sd.SecurityDescriptor).SetAuditRuleProtection(true, !removeInheritedAccessRules);
}
}
}
public static FileSystemAuditRule2 RemoveFileSystemAuditRule(FileSystemSecurity2 sd, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, bool removeSpecific = false)
{
var ace = (FileSystemAuditRule)sd.SecurityDescriptor.AuditRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
if (sd.IsFile)
{
if (removeSpecific)
{
((FileSecurity)sd.SecurityDescriptor).RemoveAuditRuleSpecific(ace);
}
else
{
((FileSecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
}
}
else
{
if (removeSpecific)
{
((DirectorySecurity)sd.SecurityDescriptor).RemoveAuditRuleSpecific(ace);
}
else
{
((DirectorySecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
}
}
return(ace);
}
public static IEnumerable <FileSystemAccessRule2> GetFileSystemAccessRules(FileSystemSecurity2 sd, bool includeExplicit, bool includeInherited, bool getInheritedFrom = false)
{
List <FileSystemAccessRule2> aceList = new List <FileSystemAccessRule2>();
List <string> inheritedFrom = null;
if (getInheritedFrom)
{
inheritedFrom = Win32.GetInheritedFrom(sd.Item, sd.SecurityDescriptor);
}
var aceCounter = 0;
var acl = !sd.IsFile ?
((DirectorySecurity)sd.SecurityDescriptor).GetAccessRules(includeExplicit, includeInherited, typeof(SecurityIdentifier)) :
((FileSecurity)sd.SecurityDescriptor).GetAccessRules(includeExplicit, includeInherited, typeof(SecurityIdentifier));
foreach (FileSystemAccessRule ace in acl)
{
var ace2 = new FileSystemAccessRule2(ace)
{
FullName = sd.Item.FullName, InheritanceEnabled = !sd.SecurityDescriptor.AreAccessRulesProtected
};
if (getInheritedFrom)
{
ace2.inheritedFrom = string.IsNullOrEmpty(inheritedFrom[aceCounter]) ? "" : inheritedFrom[aceCounter].Substring(0, inheritedFrom[aceCounter].Length - 1);
aceCounter++;
}
aceList.Add(ace2);
}
return(aceList);
}
public static FileSystemAccessRule2 RemoveFileSystemAccessRule(FileSystemSecurity2 sd, IdentityReference2 account, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, bool removeSpecific = false)
{
if (type == AccessControlType.Allow)
{
rights = rights | FileSystemRights2.Synchronize;
}
var ace = (FileSystemAccessRule)sd.SecurityDescriptor.AccessRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
if (sd.IsFile)
{
if (removeSpecific)
{
((FileSecurity)sd.SecurityDescriptor).RemoveAccessRuleSpecific(ace);
}
else
{
((FileSecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
}
}
else
{
if (removeSpecific)
{
((DirectorySecurity)sd.SecurityDescriptor).RemoveAccessRuleSpecific(ace);
}
else
{
((DirectorySecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
}
}
return(ace);
}
public static void SetOwner(FileSystemInfo item, IdentityReference2 account)
{
var sd = new FileSystemSecurity2(item, AccessControlSections.Owner);
SetOwner(sd, account);
sd.Write();
}
public static void RemoveFileSystemAccessRuleAll(FileSystemInfo item, List <IdentityReference2> accounts = null)
{
var sd = new FileSystemSecurity2(item);
RemoveFileSystemAccessRuleAll(sd, accounts);
sd.Write();
}
public static FileSystemAuditRule2 AddFileSystemAuditRule(FileSystemInfo item, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
var sd = new FileSystemSecurity2(item);
var ace = AddFileSystemAuditRule(sd, account, rights, type, inheritanceFlags, propagationFlags);
sd.Write();
return(ace);
}
public static IEnumerable <FileSystemAccessRule2> AddFileSystemAccessRule(FileSystemSecurity2 sd, List <IdentityReference2> accounts, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
var aces = new List <FileSystemAccessRule2>();
foreach (var account in accounts)
{
aces.Add(AddFileSystemAccessRule(sd, account, rights, type, inheritanceFlags, propagationFlags));
}
return(aces);
}
public static IEnumerable <FileSystemAuditRule2> RemoveFileSystemAuditRule(FileSystemSecurity2 sd, List <IdentityReference2> accounts, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, bool removeSpecific = false)
{
var aces = new List <FileSystemAuditRule2>();
foreach (var account in accounts)
{
aces.Add(RemoveFileSystemAuditRule(sd, account, rights, type, inheritanceFlags, propagationFlags));
}
return(aces);
}
public static void RemoveFileSystemAccessRuleAll(FileSystemSecurity2 sd, List <IdentityReference2> accounts = null)
{
var acl = sd.SecurityDescriptor.GetAccessRules(true, false, typeof(SecurityIdentifier));
if (accounts != null)
{
acl.OfType <FileSystemAccessRule>().Where(ace => (accounts.Where(account => account == (IdentityReference2)ace.IdentityReference).Count() > 1));
}
foreach (FileSystemAccessRule ace in acl)
{
sd.SecurityDescriptor.RemoveAccessRuleSpecific(ace);
}
}
public static FileSystemAccessRule2 AddFileSystemAccessRule(FileSystemInfo item, IdentityReference2 account, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
if (type == AccessControlType.Allow)
{
rights = rights | FileSystemRights2.Synchronize;
}
var sd = new FileSystemSecurity2(item);
var ace = AddFileSystemAccessRule(sd, account, rights, type, inheritanceFlags, propagationFlags);
sd.Write();
return(ace);
}
public static FileSystemAuditRule2 AddFileSystemAuditRule(FileSystemSecurity2 sd, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
FileSystemAuditRule2 ace = null;
if (sd.IsFile)
{
ace = (FileSystemAuditRule)sd.SecurityDescriptor.AuditRuleFactory(account, (int)rights, false, InheritanceFlags.None, PropagationFlags.None, type);
((FileSecurity)sd.SecurityDescriptor).AddAuditRule(ace);
}
else
{
ace = (FileSystemAuditRule)sd.SecurityDescriptor.AuditRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
((DirectorySecurity)sd.SecurityDescriptor).AddAuditRule(ace);
}
return(ace);
}
public static EffectiveAccessInfo GetEffectiveAccess(FileSystemInfo item, IdentityReference2 id, string serverName)
{
bool remoteServerAvailable = false;
Exception authzAccessCheckException = null;
var win32 = new Win32();
var fss = new FileSystemSecurity2(item);
var effectiveAccessMask = win32.GetEffectiveAccess(fss.SecurityDescriptor, id, serverName, out remoteServerAvailable, out authzAccessCheckException);
var ace = new FileSystemAccessRule((SecurityIdentifier)id, (FileSystemRights)effectiveAccessMask, AccessControlType.Allow);
return(new EffectiveAccessInfo(
new FileSystemAccessRule2(ace, item),
remoteServerAvailable,
authzAccessCheckException));
}
public static FileSystemAccessRule2 AddFileSystemAccessRule(FileSystemSecurity2 sd, IdentityReference2 account, FileSystemRights2 rights, AccessControlType type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
if (type == AccessControlType.Allow)
{
rights = rights | FileSystemRights2.Synchronize;
}
FileSystemAccessRule ace = null;
if (sd.IsFile)
{
ace = (FileSystemAccessRule)sd.SecurityDescriptor.AccessRuleFactory(account, (int)rights, false, InheritanceFlags.None, PropagationFlags.None, type);
((FileSecurity)sd.SecurityDescriptor).AddAccessRule(ace);
}
else
{
ace = (FileSystemAccessRule)sd.SecurityDescriptor.AccessRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
((DirectorySecurity)sd.SecurityDescriptor).AddAccessRule(ace);
}
return(ace);
}
public static IEnumerable <FileSystemAccessRule2> GetFileSystemAccessRules(FileSystemInfo item, bool includeExplicit, bool includeInherited, bool getInheritedFrom = false)
{
var sd = new FileSystemSecurity2(item, AccessControlSections.Access);
return(GetFileSystemAccessRules(sd, includeExplicit, includeInherited, getInheritedFrom));
}
private static void EnableInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules, InheritanceScope scope)
{
if (sd.IsFile)
{
if (scope == InheritanceScope.Access)
{
sd.SecurityDescriptor.SetAccessRuleProtection(false, false);
//if RemoveExplicitAccessRules is set
if (removeExplicitAccessRules)
{
//remove all explicitly set ACEs from the item
foreach (FileSystemAccessRule ace in ((FileSecurity)sd.SecurityDescriptor).GetAccessRules(true, false, typeof(SecurityIdentifier)))
{
((FileSecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
}
}
}
else
{
sd.SecurityDescriptor.SetAuditRuleProtection(false, false);
//if RemoveExplicitAccessRules is set
if (removeExplicitAccessRules)
{
//remove all explicitly set ACEs from the item
foreach (FileSystemAuditRule ace in ((FileSecurity)sd.SecurityDescriptor).GetAuditRules(true, false, typeof(SecurityIdentifier)))
{
((FileSecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
}
}
}
}
else
{
if (scope == InheritanceScope.Access)
{
((DirectorySecurity)sd.SecurityDescriptor).SetAccessRuleProtection(false, false);
//if RemoveExplicitAccessRules is set
if (removeExplicitAccessRules)
{
//remove all explicitly set ACEs from the item
foreach (FileSystemAccessRule ace in ((DirectorySecurity)sd.SecurityDescriptor).GetAccessRules(true, false, typeof(SecurityIdentifier)))
{
((DirectorySecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
}
}
}
else
{
((DirectorySecurity)sd.SecurityDescriptor).SetAuditRuleProtection(false, false);
//if RemoveExplicitAccessRules is set
if (removeExplicitAccessRules)
{
//remove all explicitly set ACEs from the item
foreach (FileSystemAuditRule ace in ((DirectorySecurity)sd.SecurityDescriptor).GetAuditRules(true, false, typeof(SecurityIdentifier)))
{
((DirectorySecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
}
}
}
}
}
public static void EnableAccessInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)
{
EnableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Access);
}
public static void DisableAuditInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)
{
DisableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Audit);
}
public static FileSystemInheritanceInfo GetFileSystemInheritanceInfo(FileSystemSecurity2 sd)
{
return(new FileSystemInheritanceInfo(sd.Item, !sd.SecurityDescriptor.AreAccessRulesProtected, !sd.SecurityDescriptor.AreAuditRulesProtected));
}
public static void SetOwner(FileSystemSecurity2 sd, IdentityReference2 account)
{
sd.SecurityDescriptor.SetOwner(account);
}
public static FileSystemOwner GetOwner(FileSystemSecurity2 sd)
{
return(new FileSystemOwner(sd.Item, sd.SecurityDescriptor.GetOwner(typeof(SecurityIdentifier))));
}