private void AddUsers(string[] users, bool useSid)
{
Dacl dacl = new Dacl();
if (users.Length > 0)
{
foreach (string user in users)
{
string sOperation = null;
try
{
sOperation = "Creating a sid for: " + user;
Sid sid = new Sid(user, useSid);
sOperation = "Creating a new AceAccessAllowed";
AceAccessAllowed ace = new AceAccessAllowed(sid, (AccessType)(FileAccessType.FILE_READ_DATA | FileAccessType.FILE_READ_ATTRIBUTES));
sOperation = "Adding the ace to the DACL";
dacl.AddAce(ace);
}
catch
{
throw;
}
}
}
SetDacl(dacl);
}
internal static Ace Create(MemoryMarshaler m)
{
IntPtr initialPtr = m.Ptr; // Save current ptr
Debug.Assert(Marshal.SizeOf(typeof(ACE_HEADER)) == 4);
ACE_HEADER head = (ACE_HEADER)m.ParseStruct(typeof(ACE_HEADER), false);
Ace ace;
switch(head.AceType)
{
case AceType.ACCESS_ALLOWED_ACE_TYPE:
ace = new AceAccessAllowed(m);
break;
case AceType.ACCESS_DENIED_ACE_TYPE:
ace = new AceAccessDenied(m);
break;
// Object ACE not yet supported
/*
case AceType.ACCESS_ALLOWED_OBJECT_ACE_TYPE:
ace = new AceAccessAllowedObject(m);
break;
case AceType.ACCESS_DENIED_OBJECT_ACE_TYPE:
ace = new AceAccessDeniedObject(m);
break;
*/
default:
throw new NotSupportedException("Unsupported ACE type: " + head.AceType);
}
// Restore initial ptr and move forward the size of the ACE
m.Ptr = initialPtr;
m.Advance(head.AceSize);
return ace;
}
/// <summary>
/// 对用户 strUserName 赋予对文件夹strSitePath 所有的访问权限
/// </summary>
/// <param name="strSitePath"></param>
/// <param name="strUserName"></param>
/// <returns></returns>
public static Boolean SetDirPermission(String strSitePath, String strUserName)
{
bool IsDir = false;
if (System.IO.File.Exists(strSitePath))
{
IsDir = false;
}
else if (!IsDir && !System.IO.Directory.Exists(strSitePath))
{
return(false);
}
else
{
IsDir = true;
}
Boolean bOk;
try
{
// Directory.CreateDirectory(strSitePath);
SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath,
SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
Dacl dacl = secDesc.Dacl;//The discretionary access control list (DACL) of an object
Sid sidUser = new Sid(strUserName);
dacl.RemoveAces(sidUser);
AccessType AType = AccessType.GENERIC_ALL;
AceFlags flag = AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE | AceFlags.SUCCESSFUL_ACCESS_ACE_FLAG;
AceAccessAllowed ace = new AceAccessAllowed(sidUser, AType, flag);
dacl.AddAce(ace);
secDesc.SetDacl(dacl);
secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
bOk = true;
}
catch (Exception ee)
{
throw ee;
}
//对所有的子文件和子文件夹附权
if (IsDir)
{
string[] files = System.IO.Directory.GetFiles(strSitePath);
if (files != null && files.Length > 0)
{
foreach (string file in files)
{
SetDirPermission(file, strUserName);
}
}
string[] dirs = System.IO.Directory.GetDirectories(strSitePath);
if (dirs != null && dirs.Length > 0)
{
foreach (string dir in dirs)
{
SetDirPermission(dir, strUserName);
}
}
}
return(bOk);
} /* CreateDir */
private static void AddAceForAccount(Dacl dacl, string account)
{
bool accountExists = true;
Sid sid = null;
try
{
sid = new Sid(account);
}
catch (COMException)
{
accountExists = false;
}
if (accountExists)
{
AceAccessAllowed netAce = new AceAccessAllowed(sid, AccessType.GENERIC_ALL, AceFlags.CONTAINER_INHERIT_ACE | AceFlags.OBJECT_INHERIT_ACE);
dacl.AddAce(netAce);
}
}
