public static bool UserHasRights(FileSystemSecurity sec) { NTAccount usersAccount = GetUsersAccount(); return Enumerable.Any(Enumerable.OfType<FileSystemAccessRule>(sec.GetAccessRules(true, true, typeof(NTAccount))), r => { if (r.FileSystemRights == FileSystemRights.FullControl && r.AccessControlType == AccessControlType.Allow && r.InheritanceFlags == (InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit)) return r.IdentityReference == usersAccount; return false; }); }
public FileSystemAccessRule Create(System.Security.AccessControl.FileSystemSecurity owner) { return((FileSystemAccessRule)owner.AccessRuleFactory( new System.Security.Principal.SecurityIdentifier(SID), (int)Rights, Inherited, Inheritance, Propagation, ControlType)); }
private static bool TryGetFileSecurity(string path, AccessControlSections sectionsNeeded, out FileSystemSecurity security) { var exists = false; security = null; if (File.Exists(path)) { exists = true; security = File.GetAccessControl(path, sectionsNeeded); } return exists; }
private bool TryGetDirectorySecurity(string path, AccessControlSections sectionsNeeded, out FileSystemSecurity security) { var exists = false; security = null; if (Directory.Exists(path)) { exists = true; security = Directory.GetAccessControl(path, sectionsNeeded); } return exists; }
internal static void SetAccessControlExtracted(FileSystemSecurity security, string name) { //security.WriteLock(); AccessControlSections includeSections = AccessControlSections.Audit | AccessControlSections.Owner | AccessControlSections.Group; SecurityInfos securityInfo = (SecurityInfos)0; SecurityIdentifier owner = null; SecurityIdentifier group = null; SystemAcl sacl = null; DiscretionaryAcl dacl = null; if ((includeSections & AccessControlSections.Owner) != AccessControlSections.None) { owner = (SecurityIdentifier)security.GetOwner(typeof(SecurityIdentifier)); if (owner != null) { securityInfo = securityInfo | SecurityInfos.Owner; } } if ((includeSections & AccessControlSections.Group) != AccessControlSections.None) { @group = (SecurityIdentifier)security.GetGroup(typeof(SecurityIdentifier)); if (@group != null) { securityInfo = securityInfo | SecurityInfos.Group; } } var securityDescriptorBinaryForm = security.GetSecurityDescriptorBinaryForm(); RawSecurityDescriptor rawSecurityDescriptor = null; bool isDiscretionaryAclPresent = false; if (securityDescriptorBinaryForm != null) { rawSecurityDescriptor = new RawSecurityDescriptor(securityDescriptorBinaryForm, 0); isDiscretionaryAclPresent = (rawSecurityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent) != ControlFlags.None; } if ((includeSections & AccessControlSections.Audit) != AccessControlSections.None) { securityInfo = securityInfo | SecurityInfos.SystemAcl; sacl = null; if (rawSecurityDescriptor != null) { var isSystemAclPresent = (rawSecurityDescriptor.ControlFlags & ControlFlags.SystemAclPresent) != ControlFlags.None; if (isSystemAclPresent && rawSecurityDescriptor.SystemAcl != null && rawSecurityDescriptor.SystemAcl.Count > 0) { // are all system acls on a file not a container? const bool notAContainer = false; const bool notADirectoryObjectACL = false; sacl = new SystemAcl(notAContainer, notADirectoryObjectACL, rawSecurityDescriptor.SystemAcl); } securityInfo = (SecurityInfos)(((rawSecurityDescriptor.ControlFlags & ControlFlags.SystemAclProtected) == ControlFlags.None ? (uint)securityInfo | UnprotectedSystemAcl : (uint)securityInfo | ProtectedSystemAcl)); } } if ((includeSections & AccessControlSections.Access) != AccessControlSections.None && isDiscretionaryAclPresent) { securityInfo = securityInfo | SecurityInfos.DiscretionaryAcl; dacl = null; if (rawSecurityDescriptor != null) { //if (!this._securityDescriptor.DiscretionaryAcl.EveryOneFullAccessForNullDacl) { dacl = new DiscretionaryAcl(false, false, rawSecurityDescriptor.DiscretionaryAcl); } securityInfo = (SecurityInfos)(((rawSecurityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclProtected) == ControlFlags.None ? (uint)securityInfo | UnprotectedDiscretionaryAcl : (uint)securityInfo | ProtectedDiscretionaryAcl)); } } if (securityInfo == 0) return; int errorNum = SetSecurityInfo(ResourceType.FileObject, name, null, securityInfo, owner, @group, sacl, dacl); if (errorNum != 0) { Exception exception = GetExceptionFromWin32Error(errorNum, name); if (exception == null) { if (errorNum == NativeMethods.ERROR_ACCESS_DENIED) { exception = new UnauthorizedAccessException(); } else if (errorNum == NativeMethods.ERROR_INVALID_OWNER) { exception = new InvalidOperationException("Invalid owner"); } else if (errorNum == NativeMethods.ERROR_INVALID_PRIMARY_GROUP) { exception = new InvalidOperationException("Invalid group"); } else if (errorNum == NativeMethods.ERROR_INVALID_NAME) { exception = new ArgumentException("Invalid name", "name"); } else if (errorNum == NativeMethods.ERROR_INVALID_HANDLE) { exception = new NotSupportedException("Invalid Handle"); } else if (errorNum == NativeMethods.ERROR_FILE_NOT_FOUND) { exception = new FileNotFoundException(); } else if (errorNum != NativeMethods.ERROR_NO_SECURITY_ON_OBJECT) { exception = new InvalidOperationException("Unexpected error"); } else { exception = new NotSupportedException("No associated security"); } } throw exception; } //finally //{ //security.WriteLUnlck(); //} }
/// <summary> /// Sets the access control security on all files and directories in the set. /// </summary> /// <param name="security">The security to apply.</param> /// <returns>The set</returns> public static Path AccessControl(this Path path, FileSystemSecurity security) => AccessControl(path, p => security);
DokanError IDokanOperations.GetFileSecurity(string filename, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { //Log("GetSecurrityInfo:{0}:{1}", filename, sections); LogFSActionInit("GetFileSecurity", filename, (SftpContext)info.Context, "Sections:{0}",sections); var sftpattributes = (info.Context as SftpContext).Attributes; var rights = FileSystemRights.ReadPermissions | FileSystemRights.ReadExtendedAttributes | FileSystemRights.ReadAttributes | FileSystemRights.Synchronize; if (UserCanRead(sftpattributes)) { rights |= FileSystemRights.ReadData; } if (UserCanWrite(sftpattributes)) { rights |= FileSystemRights.Write; } if (UserCanExecute(sftpattributes) && info.IsDirectory) { rights |= FileSystemRights.Traverse; } security = info.IsDirectory ? new DirectorySecurity() as FileSystemSecurity : new FileSecurity(); // if(sections.HasFlag(AccessControlSections.Access)) security.AddAccessRule(new FileSystemAccessRule("Everyone", rights, AccessControlType.Allow)); security.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl ^ rights, AccessControlType.Deny)); //not sure this works at all, needs testing // if (sections.HasFlag(AccessControlSections.Owner)) security.SetOwner(new NTAccount("None")); // if (sections.HasFlag(AccessControlSections.Group)) security.SetGroup(new NTAccount("None")); LogFSActionSuccess("GetFileSecurity", filename, (SftpContext)info.Context, "Sections:{0} Rights:{1}", sections, rights); return DokanError.ErrorSuccess; }
DokanError IDokanOperations.SetFileSecurity(string filename, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { //Log("TrySetSecurity:{0}", filename); LogFSActionError("SetFileSecurity", filename, (SftpContext)info.Context, "NI"); return DokanError.ErrorAccessDenied; }
public NtStatus GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { security = info.IsDirectory ? new DirectorySecurity() as FileSystemSecurity : new FileSecurity() as FileSystemSecurity; return Trace(nameof(GetFileSecurity), fileName, info, DokanResult.Success, $"out {security}", $"{sections}"); }
private static void SetFileSystemSecurity(string path, FileSystemSecurity security) { if (Directory.Exists(path)) new DirectoryInfo(path).SetAccessControl((DirectorySecurity)security); else if (File.Exists(path)) new FileInfo(path).SetAccessControl((FileSecurity)security); }
public DokanError SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { try { if (info.IsDirectory) { Directory.SetAccessControl(GetPath(fileName), (DirectorySecurity) security); } else { File.SetAccessControl(GetPath(fileName), (FileSecurity) security); } return DokanError.ErrorSuccess; } catch (UnauthorizedAccessException) { return DokanError.ErrorAccessDenied; } }
protected IList<FileSystemAccessRule> FindAccessRules(FileSystemSecurity security) { System.Security.Principal.NTAccount typedAccount = GetNTAccount(); List<FileSystemAccessRule> result = new List<FileSystemAccessRule>(); foreach (FileSystemAccessRule fileSystemAccessRule in security.GetAccessRules(true, false, typeof(NTAccount))) { if (fileSystemAccessRule.IdentityReference.Value.Equals(typedAccount.Value, StringComparison.InvariantCultureIgnoreCase)) { result.Add(fileSystemAccessRule); } } return result; }
public DokanError SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { return ope_.SetFileSecurity(fileName, security, sections, info); }
public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { throw new NotImplementedException(); }
private void GetAccessRules(FileSystemSecurity fsSecurity, PropertyInfo file) { try { var getOwner = fsSecurity.GetOwner(typeof (SecurityIdentifier)); if (getOwner != null) { string ownerIdentifier = fsSecurity.GetOwner(typeof(SecurityIdentifier)).Value; //var owner = fsSecurity.GetOwner(typeof(SecurityIdentifier)); //var nameOwner = owner.Translate(typeof(NTAccount)).Value; file.Owner = ownerIdentifier; } } catch(Exception ex){ /* System.Security.Principal.IdentityNotMappedException was unhandled Message="Some or all identity references could not be translated." */ SaveExc.Save(ex); } WindowsIdentity wi = WindowsIdentity.GetCurrent(); AuthorizationRuleCollection rules = fsSecurity.GetAccessRules(true, true, typeof(SecurityIdentifier)); foreach (FileSystemAccessRule rl in rules) { GetAccessRules(wi, rl, FileSystemRights.FullControl, file); GetAccessRules(wi, rl, FileSystemRights.Modify, file); GetAccessRules(wi, rl, FileSystemRights.Read, file); GetAccessRules(wi, rl, FileSystemRights.ReadAndExecute, file); GetAccessRules(wi, rl, FileSystemRights.Write, file); } }
DokanError IDokanOperations.SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { Log("VFS TrySetSecurity:{0}", fileName); SftpDrive drive = this.GetDriveByMountPoint(fileName, out fileName); if (drive != null) return GetSubSystemOperations(drive).SetFileSecurity(fileName, security, sections, info); return DokanError.ErrorAccessDenied; }
public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { return Trace(nameof(SetFileAttributes), fileName, info, DokanResult.NotImplemented, sections.ToString()); }
public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { return DokanResult.Error; }
public DokanError GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { try { security = info.IsDirectory ? (FileSystemSecurity) Directory.GetAccessControl(GetPath(fileName)) : File.GetAccessControl(GetPath(fileName)); return DokanError.ErrorSuccess; } catch (UnauthorizedAccessException) { security = null; return DokanError.ErrorAccessDenied; } }
DokanError IDokanOperations.SetFileSecurity(string filename, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { Log("TrySetSecurity:{0}", filename); return DokanError.ErrorAccessDenied; }
public DokanError SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { return DokanError.ErrorError; }
public NtStatus GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { try { security = info.IsDirectory ? (FileSystemSecurity)Directory.GetAccessControl(GetPath(fileName)) : File.GetAccessControl(GetPath(fileName)); return Trace("GetFileSecurity", fileName, info, DokanResult.Success, sections.ToString()); } catch (UnauthorizedAccessException) { security = null; return Trace("GetFileSecurity", fileName, info, DokanResult.AccessDenied, sections.ToString()); } }
internal static bool UserHasRights(FileSystemSecurity sec) { NTAccount usersAccount = GetUsersAccount(); return sec.GetAccessRules(true, true, typeof(NTAccount)).OfType<FileSystemAccessRule>().Any<FileSystemAccessRule>(r => ((((r.FileSystemRights == FileSystemRights.FullControl) && (r.AccessControlType == AccessControlType.Allow)) && (r.InheritanceFlags == (InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit))) && (r.IdentityReference == usersAccount))); }
public DokanError GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { security = null; return DokanError.ErrorAccessDenied; }
public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { try { if (info.IsDirectory) { Directory.SetAccessControl(GetPath(fileName), (DirectorySecurity)security); } else { File.SetAccessControl(GetPath(fileName), (FileSecurity)security); } return Trace("SetFileSecurity", fileName, info, DokanResult.Success, sections.ToString()); } catch (UnauthorizedAccessException) { return Trace("SetFileSecurity", fileName, info, DokanResult.AccessDenied, sections.ToString()); } }
NtStatus IDokanOperations.SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { return Operations.SetFileSecurity(fileName, security, sections, info); }