public override string ToString()
{
StringBuilder sb = new StringBuilder();
if (Owner != null)
{
sb.AppendLineEnv($"{nameof(Owner)}: {Owner.ToString()}");
}
if (Group != null)
{
sb.AppendLineEnv($"{nameof(Group)}: {Group.ToString()}");
}
if (Dacl != null)
{
sb.AppendLineEnv($"{nameof(Dacl)}:");
sb.AppendIndentEnv(Dacl.ToString());
}
if (Sacl != null)
{
sb.AppendLineEnv($"{nameof(Sacl)}:");
sb.AppendIndentEnv(Sacl.ToString());
}
return(sb.ToString());
}
public JObject ToJObject()
{
JObject parsedSddl = new JObject();
if (Owner != null)
{
parsedSddl.Add("Owner", Owner.Alias);
}
if (Group != null)
{
parsedSddl.Add("Group", Group.Alias);
}
if (Dacl != null)
{
parsedSddl.Add("DACL", Dacl.ToJObject());
}
/*
* if (Sacl != null)
* {
* parsedSDDL.Add("SACL", Sacl.ToString());
* }*/
return(parsedSddl);
}
public static Boolean CreateDir(String strSitePath, String strUserName)
{
Boolean bOk;
try
{
Directory.CreateDirectory(strSitePath);
SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
Dacl dacl = secDesc.Dacl;
Sid sidUser = new Sid(strUserName);
// allow: folder, subfolder and files
// modify
dacl.AddAce(new AceAccessAllowed(sidUser, AccessType.GENERIC_WRITE | AccessType.GENERIC_READ | AccessType.DELETE | AccessType.GENERIC_EXECUTE, AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE));
// deny: this folder
// write attribs
// write extended attribs
// delete
// change permissions
// take ownership
DirectoryAccessType DAType = DirectoryAccessType.FILE_WRITE_ATTRIBUTES | DirectoryAccessType.FILE_WRITE_EA | DirectoryAccessType.DELETE | DirectoryAccessType.WRITE_OWNER | DirectoryAccessType.WRITE_DAC;
AccessType AType = (AccessType)DAType;
dacl.AddAce(new AceAccessDenied(sidUser, AType));
secDesc.SetDacl(dacl);
secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
bOk = true;
}
catch
{
bOk = false;
}
return(bOk);
} /* CreateDir */
private void AddUsers(string[] users, bool useSid)
{
Dacl dacl = new Dacl();
if (users.Length > 0)
{
foreach (string user in users)
{
string sOperation = null;
try
{
sOperation = "Creating a sid for: " + user;
Sid sid = new Sid(user, useSid);
sOperation = "Creating a new AceAccessAllowed";
AceAccessAllowed ace = new AceAccessAllowed(sid, (AccessType)(FileAccessType.FILE_READ_DATA | FileAccessType.FILE_READ_ATTRIBUTES));
sOperation = "Adding the ace to the DACL";
dacl.AddAce(ace);
}
catch
{
throw;
}
}
}
SetDacl(dacl);
}
private void AddAce(AceType type, AccessMask mask, AceFlags flags, Sid sid)
{
if (Dacl == null)
{
Dacl = new Acl();
}
Dacl.NullAcl = false;
Dacl.Add(new Ace(type, flags, mask, sid));
}
/// <summary>
/// Add an ACE to the DACL, creating the DACL if needed.
/// </summary>
/// <param name="ace">The ACE to add to the DACL.</param>
public void AddAce(Ace ace)
{
if (Dacl == null)
{
Dacl = new Acl();
}
Dacl.NullAcl = false;
Dacl.Add(ace);
}
private SecurityDescriptor CreateNewSecurityDescriptor()
{
return(new SecurityDescriptor
{
Dacl = Dacl?.Clone() ?? CreateAcl(EmptyDacl, NullDacl),
Sacl = Sacl?.Clone() ?? CreateAcl(EmptySacl, NullSacl),
Owner = Owner != null ? new SecurityDescriptorSid(Owner, false) : null,
Group = Group != null ? new SecurityDescriptorSid(Group, false) : null
});
}
private SafeHGlobalBuffer CreateAbsoluteSecurityDescriptor()
{
SafeStructureInOutBuffer <SecurityDescriptorStructure> sd_buffer = null;
try
{
byte[] dacl = Dacl?.ToByteArray();
byte[] sacl = Sacl?.ToByteArray();
byte[] owner = Owner?.Sid.ToArray();
byte[] group = Group?.Sid.ToArray();
int total_size = GetLength(dacl) + GetLength(sacl) + GetLength(owner) + GetLength(group);
sd_buffer = new SafeStructureInOutBuffer <SecurityDescriptorStructure>(total_size, true);
NtRtl.RtlCreateSecurityDescriptor(sd_buffer, Revision).ToNtException();
SecurityDescriptorControl control = Control & SecurityDescriptorControl.ValidControlSetMask;
NtRtl.RtlSetControlSecurityDescriptor(sd_buffer, control, control).ToNtException();
int current_ofs = 0;
if (Dacl != null)
{
IntPtr ptr = UpdateBuffer(sd_buffer, Dacl.NullAcl ? null : dacl, ref current_ofs);
NtRtl.RtlSetDaclSecurityDescriptor(sd_buffer, true, ptr, Dacl.Defaulted).ToNtException();
}
if (Sacl != null)
{
IntPtr ptr = UpdateBuffer(sd_buffer, Sacl.NullAcl ? null : sacl, ref current_ofs);
NtRtl.RtlSetSaclSecurityDescriptor(sd_buffer, true, ptr, Sacl.Defaulted).ToNtException();
}
if (Owner != null)
{
IntPtr ptr = UpdateBuffer(sd_buffer, owner, ref current_ofs);
NtRtl.RtlSetOwnerSecurityDescriptor(sd_buffer, ptr, Owner.Defaulted);
}
if (Group != null)
{
IntPtr ptr = UpdateBuffer(sd_buffer, group, ref current_ofs);
NtRtl.RtlSetGroupSecurityDescriptor(sd_buffer, ptr, Group.Defaulted);
}
return(Interlocked.Exchange(ref sd_buffer, null));
}
finally
{
sd_buffer?.Close();
}
}
/// <summary>
/// Convert security descriptor to a byte array
/// </summary>
/// <returns>The binary security descriptor</returns>
public byte[] ToByteArray()
{
SafeStructureInOutBuffer <SecurityDescriptorStructure> sd_buffer = null;
SafeHGlobalBuffer dacl_buffer = null;
SafeHGlobalBuffer sacl_buffer = null;
SafeSidBufferHandle owner_buffer = null;
SafeSidBufferHandle group_buffer = null;
try
{
sd_buffer = new SafeStructureInOutBuffer <SecurityDescriptorStructure>();
NtRtl.RtlCreateSecurityDescriptor(sd_buffer, Revision).ToNtException();
SecurityDescriptorControl control = Control & SecurityDescriptorControl.ValidControlSetMask;
NtRtl.RtlSetControlSecurityDescriptor(sd_buffer, control, control).ToNtException();
if (Dacl != null)
{
if (!Dacl.NullAcl)
{
dacl_buffer = new SafeHGlobalBuffer(Dacl.ToByteArray());
}
else
{
dacl_buffer = new SafeHGlobalBuffer(IntPtr.Zero, 0, false);
}
NtRtl.RtlSetDaclSecurityDescriptor(sd_buffer, true, dacl_buffer.DangerousGetHandle(), Dacl.Defaulted).ToNtException();
}
if (Sacl != null)
{
if (!Sacl.NullAcl)
{
sacl_buffer = new SafeHGlobalBuffer(Sacl.ToByteArray());
}
else
{
sacl_buffer = new SafeHGlobalBuffer(IntPtr.Zero, 0, false);
}
NtRtl.RtlSetSaclSecurityDescriptor(sd_buffer, true, sacl_buffer.DangerousGetHandle(), Sacl.Defaulted).ToNtException();
}
if (Owner != null)
{
owner_buffer = Owner.Sid.ToSafeBuffer();
NtRtl.RtlSetOwnerSecurityDescriptor(sd_buffer, owner_buffer.DangerousGetHandle(), Owner.Defaulted);
}
if (Group != null)
{
group_buffer = Group.Sid.ToSafeBuffer();
NtRtl.RtlSetGroupSecurityDescriptor(sd_buffer, group_buffer.DangerousGetHandle(), Group.Defaulted);
}
int total_length = 0;
NtStatus status = NtRtl.RtlAbsoluteToSelfRelativeSD(sd_buffer, new SafeHGlobalBuffer(IntPtr.Zero, 0, false), ref total_length);
if (status != NtStatus.STATUS_BUFFER_TOO_SMALL)
{
status.ToNtException();
}
using (SafeHGlobalBuffer relative_sd = new SafeHGlobalBuffer(total_length))
{
NtRtl.RtlAbsoluteToSelfRelativeSD(sd_buffer, relative_sd, ref total_length).ToNtException();
return(relative_sd.ToArray());
}
}
finally
{
sd_buffer?.Close();
dacl_buffer?.Close();
sacl_buffer?.Close();
owner_buffer?.Close();
group_buffer?.Close();
}
}
private NtResult <SafeHGlobalBuffer> CreateAbsoluteSecurityDescriptor(bool throw_on_error)
{
byte[] dacl = Dacl?.ToByteArray();
byte[] sacl = Sacl?.ToByteArray();
byte[] owner = Owner?.Sid.ToArray();
byte[] group = Group?.Sid.ToArray();
int total_size = GetLength(dacl) + GetLength(sacl) + GetLength(owner) + GetLength(group);
using (var sd_buffer = new SafeStructureInOutBuffer <SecurityDescriptorStructure>(total_size, true))
{
NtStatus status = NtRtl.RtlCreateSecurityDescriptor(sd_buffer, Revision);
if (!status.IsSuccess())
{
return(status.CreateResultFromError <SafeHGlobalBuffer>(throw_on_error));
}
SecurityDescriptorControl control = Control & SecurityDescriptorControl.ValidControlSetMask;
status = NtRtl.RtlSetControlSecurityDescriptor(sd_buffer, control, control);
if (!status.IsSuccess())
{
return(status.CreateResultFromError <SafeHGlobalBuffer>(throw_on_error));
}
int current_ofs = 0;
if (Dacl != null)
{
IntPtr ptr = UpdateBuffer(sd_buffer, Dacl.NullAcl ? null : dacl, ref current_ofs);
status = NtRtl.RtlSetDaclSecurityDescriptor(sd_buffer, true, ptr, Dacl.Defaulted);
if (!status.IsSuccess())
{
return(status.CreateResultFromError <SafeHGlobalBuffer>(throw_on_error));
}
}
if (Sacl != null)
{
IntPtr ptr = UpdateBuffer(sd_buffer, Sacl.NullAcl ? null : sacl, ref current_ofs);
status = NtRtl.RtlSetSaclSecurityDescriptor(sd_buffer, true, ptr, Sacl.Defaulted);
if (!status.IsSuccess())
{
return(status.CreateResultFromError <SafeHGlobalBuffer>(throw_on_error));
}
}
if (Owner != null)
{
IntPtr ptr = UpdateBuffer(sd_buffer, owner, ref current_ofs);
status = NtRtl.RtlSetOwnerSecurityDescriptor(sd_buffer, ptr, Owner.Defaulted);
if (!status.IsSuccess())
{
return(status.CreateResultFromError <SafeHGlobalBuffer>(throw_on_error));
}
}
if (Group != null)
{
IntPtr ptr = UpdateBuffer(sd_buffer, group, ref current_ofs);
status = NtRtl.RtlSetGroupSecurityDescriptor(sd_buffer, ptr, Group.Defaulted);
if (!status.IsSuccess())
{
return(status.CreateResultFromError <SafeHGlobalBuffer>(throw_on_error));
}
}
return(status.CreateResult <SafeHGlobalBuffer>(throw_on_error, () => sd_buffer.Detach()));
}
}
/// <summary>
/// 对用户 strUserName 赋予对文件夹strSitePath 所有的访问权限
/// </summary>
/// <param name="strSitePath"></param>
/// <param name="strUserName"></param>
/// <returns></returns>
public static Boolean SetDirPermission(String strSitePath, String strUserName)
{
bool IsDir = false;
if (System.IO.File.Exists(strSitePath))
{
IsDir = false;
}
else if (!IsDir && !System.IO.Directory.Exists(strSitePath))
{
return(false);
}
else
{
IsDir = true;
}
Boolean bOk;
try
{
// Directory.CreateDirectory(strSitePath);
SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath,
SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
Dacl dacl = secDesc.Dacl;//The discretionary access control list (DACL) of an object
Sid sidUser = new Sid(strUserName);
dacl.RemoveAces(sidUser);
AccessType AType = AccessType.GENERIC_ALL;
AceFlags flag = AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE | AceFlags.SUCCESSFUL_ACCESS_ACE_FLAG;
AceAccessAllowed ace = new AceAccessAllowed(sidUser, AType, flag);
dacl.AddAce(ace);
secDesc.SetDacl(dacl);
secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
bOk = true;
}
catch (Exception ee)
{
throw ee;
}
//对所有的子文件和子文件夹附权
if (IsDir)
{
string[] files = System.IO.Directory.GetFiles(strSitePath);
if (files != null && files.Length > 0)
{
foreach (string file in files)
{
SetDirPermission(file, strUserName);
}
}
string[] dirs = System.IO.Directory.GetDirectories(strSitePath);
if (dirs != null && dirs.Length > 0)
{
foreach (string dir in dirs)
{
SetDirPermission(dir, strUserName);
}
}
}
return(bOk);
} /* CreateDir */
