private void AddUsers(string[] users, bool useSid) { Dacl dacl = new Dacl(); if (users.Length > 0) { foreach (string user in users) { string sOperation = null; try { sOperation = "Creating a sid for: " + user; Sid sid = new Sid(user, useSid); sOperation = "Creating a new AceAccessAllowed"; AceAccessAllowed ace = new AceAccessAllowed(sid, (AccessType)(FileAccessType.FILE_READ_DATA | FileAccessType.FILE_READ_ATTRIBUTES)); sOperation = "Adding the ace to the DACL"; dacl.AddAce(ace); } catch { throw; } } } SetDacl(dacl); }
internal static Ace Create(MemoryMarshaler m) { IntPtr initialPtr = m.Ptr; // Save current ptr Debug.Assert(Marshal.SizeOf(typeof(ACE_HEADER)) == 4); ACE_HEADER head = (ACE_HEADER)m.ParseStruct(typeof(ACE_HEADER), false); Ace ace; switch(head.AceType) { case AceType.ACCESS_ALLOWED_ACE_TYPE: ace = new AceAccessAllowed(m); break; case AceType.ACCESS_DENIED_ACE_TYPE: ace = new AceAccessDenied(m); break; // Object ACE not yet supported /* case AceType.ACCESS_ALLOWED_OBJECT_ACE_TYPE: ace = new AceAccessAllowedObject(m); break; case AceType.ACCESS_DENIED_OBJECT_ACE_TYPE: ace = new AceAccessDeniedObject(m); break; */ default: throw new NotSupportedException("Unsupported ACE type: " + head.AceType); } // Restore initial ptr and move forward the size of the ACE m.Ptr = initialPtr; m.Advance(head.AceSize); return ace; }
/// <summary> /// 对用户 strUserName 赋予对文件夹strSitePath 所有的访问权限 /// </summary> /// <param name="strSitePath"></param> /// <param name="strUserName"></param> /// <returns></returns> public static Boolean SetDirPermission(String strSitePath, String strUserName) { bool IsDir = false; if (System.IO.File.Exists(strSitePath)) { IsDir = false; } else if (!IsDir && !System.IO.Directory.Exists(strSitePath)) { return(false); } else { IsDir = true; } Boolean bOk; try { // Directory.CreateDirectory(strSitePath); SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION); Dacl dacl = secDesc.Dacl;//The discretionary access control list (DACL) of an object Sid sidUser = new Sid(strUserName); dacl.RemoveAces(sidUser); AccessType AType = AccessType.GENERIC_ALL; AceFlags flag = AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE | AceFlags.SUCCESSFUL_ACCESS_ACE_FLAG; AceAccessAllowed ace = new AceAccessAllowed(sidUser, AType, flag); dacl.AddAce(ace); secDesc.SetDacl(dacl); secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION); bOk = true; } catch (Exception ee) { throw ee; } //对所有的子文件和子文件夹附权 if (IsDir) { string[] files = System.IO.Directory.GetFiles(strSitePath); if (files != null && files.Length > 0) { foreach (string file in files) { SetDirPermission(file, strUserName); } } string[] dirs = System.IO.Directory.GetDirectories(strSitePath); if (dirs != null && dirs.Length > 0) { foreach (string dir in dirs) { SetDirPermission(dir, strUserName); } } } return(bOk); } /* CreateDir */
private static void AddAceForAccount(Dacl dacl, string account) { bool accountExists = true; Sid sid = null; try { sid = new Sid(account); } catch (COMException) { accountExists = false; } if (accountExists) { AceAccessAllowed netAce = new AceAccessAllowed(sid, AccessType.GENERIC_ALL, AceFlags.CONTAINER_INHERIT_ACE | AceFlags.OBJECT_INHERIT_ACE); dacl.AddAce(netAce); } }