public static DirectorySecurity GetAccessControl(String path, AccessControlSections includeSections) { var normalizedPath = Path.NormalizeLongPath(Path.GetFullPath(path)); IntPtr SidOwner, SidGroup, Dacl, Sacl, ByteArray; SecurityInfos SecurityInfos = Common.ToSecurityInfos(includeSections); int errorCode = (int)NativeMethods.GetSecurityInfoByName(normalizedPath, (uint)ResourceType.FileObject, (uint)SecurityInfos, out SidOwner, out SidGroup, out Dacl, out Sacl, out ByteArray); ThrowIfError(errorCode, ByteArray); uint Length = NativeMethods.GetSecurityDescriptorLength(ByteArray); byte[] BinaryForm = new byte[Length]; Marshal.Copy(ByteArray, BinaryForm, 0, (int)Length); NativeMethods.LocalFree(ByteArray); var ds = new DirectorySecurity(); ds.SetSecurityDescriptorBinaryForm(BinaryForm); return ds; }
public static DirectorySecurity GetAccessControl(String path, AccessControlSections includeSections) { var normalizedPath = Path.NormalizeLongPath(Path.GetFullPath(path)); IntPtr sidOwner, sidGroup, dacl, sacl, byteArray; var securityInfos = Common.ToSecurityInfos(includeSections); var errorCode = (int)NativeMethods.GetSecurityInfoByName(normalizedPath, (uint)ResourceType.FileObject, (uint)securityInfos, out sidOwner, out sidGroup, out dacl, out sacl, out byteArray); ThrowIfError(errorCode, byteArray); var length = NativeMethods.GetSecurityDescriptorLength(byteArray); var binaryForm = new byte[length]; Marshal.Copy(byteArray, binaryForm, 0, (int)length); NativeMethods.LocalFree(byteArray); var ds = new DirectorySecurity(); ds.SetSecurityDescriptorBinaryForm(binaryForm); return ds; }
//http://www.west-wind.com/weblog/posts/4072.aspx public void SetFileSystemRights(string target, string group, FileSystemRights permission, DeploymentResult r) { if (!IsDirectory(target) && !IsFile(target)) return; var oldSecurity = Directory.GetAccessControl(target); var newSecurity = new DirectorySecurity(); newSecurity.SetSecurityDescriptorBinaryForm(oldSecurity.GetSecurityDescriptorBinaryForm()); var accessRule = new FileSystemAccessRule(group, permission, InheritanceFlags.None, PropagationFlags.NoPropagateInherit, AccessControlType.Allow); bool result; newSecurity.ModifyAccessRule(AccessControlModification.Set, accessRule, out result); if (!result) r.AddError("Something wrong happened"); accessRule = new FileSystemAccessRule(group, permission, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); result = false; newSecurity.ModifyAccessRule(AccessControlModification.Add, accessRule, out result); if (!result) r.AddError("Something wrong happened"); Directory.SetAccessControl(target, newSecurity); if (result) r.AddGood("Permissions set for '{0}' on folder '{1}'", group, target); if (!result) r.AddError("Something wrong happened"); }
private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections) { byte[] securityDescriptorBinaryForm = sd.GetSecurityDescriptorBinaryForm(); if (Directory.Exists(path)) { DirectorySecurity directorySecurity = new DirectorySecurity(); directorySecurity.SetSecurityDescriptorBinaryForm(securityDescriptorBinaryForm, sections); Directory.SetAccessControl(path, directorySecurity); base.WriteSecurityDescriptorObject(directorySecurity, path); } else { FileSecurity fileSecurity = new FileSecurity(); fileSecurity.SetSecurityDescriptorBinaryForm(securityDescriptorBinaryForm, sections); File.SetAccessControl(path, fileSecurity); base.WriteSecurityDescriptorObject(fileSecurity, path); } }
/// <summary> /// Gets the security information of specified handle from file system /// </summary> /// <param name="sidHandle">Handle to get file security information</param> /// <returns><see cref="CommonObjectSecurity"/>Result</returns> private CommonObjectSecurity ReceiveFileSystemSecurityInformation(out IntPtr sidHandle) { var zeroHandle = new IntPtr(); var pSecurityDescriptor = new IntPtr(); try { var namedSecInfoResult = Win32SafeNativeMethods.GetNamedSecurityInfo(PathInfo.FullNameUnc, Win32SecurityObjectType.SeFileObject, Win32FileSystemEntrySecurityInformation.OwnerSecurityInformation | Win32FileSystemEntrySecurityInformation.DaclSecurityInformation, out sidHandle, out zeroHandle, out zeroHandle, out zeroHandle, out pSecurityDescriptor); var win32Error = Marshal.GetLastWin32Error(); // Cancel if call failed if (namedSecInfoResult != 0) { NativeExceptionMapping(PathInfo.FullName, win32Error); } var securityDescriptorLength = Win32SafeNativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor); var securityDescriptorDataArray = new byte[securityDescriptorLength]; Marshal.Copy(pSecurityDescriptor, securityDescriptorDataArray, 0, (int)securityDescriptorLength); CommonObjectSecurity securityInfo; if (ContainsFileAttribute(PathInfo.Attributes, FileAttributes.Directory)) { securityInfo = new DirectorySecurity(); securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray); } else { securityInfo = new System.Security.AccessControl.FileSecurity(); securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray); } return securityInfo; } finally { Win32SafeNativeMethods.LocalFree(zeroHandle); Win32SafeNativeMethods.LocalFree(pSecurityDescriptor); } }
} // SetSecurityDescriptor private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections) { var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE(); byte[] securityDescriptorBinary = null; try { // Get the binary form of the descriptor. PlatformInvokes.EnableTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState); securityDescriptorBinary = sd.GetSecurityDescriptorBinaryForm(); } finally { PlatformInvokes.RestoreTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState); } try { PlatformInvokes.EnableTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState); // Transfer it to the new file / directory. // We keep these two code branches so that we can have more // granular information when we ouput the object type via // WriteSecurityDescriptorObject. if (Directory.Exists(path)) { DirectorySecurity newDescriptor = new DirectorySecurity(); newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections); new DirectoryInfo(path).SetAccessControl(newDescriptor); WriteSecurityDescriptorObject(newDescriptor, path); } else { FileSecurity newDescriptor = new FileSecurity(); newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections); new FileInfo(path).SetAccessControl(newDescriptor); WriteSecurityDescriptorObject(newDescriptor, path); } } finally { PlatformInvokes.RestoreTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState); } }