public static DirectorySecurity GetAccessControl(string path, AccessControlSections includeSections) { var normalizedPath = Path.NormalizeLongPath(Path.GetFullPath(path)); IntPtr sidOwner, sidGroup, dacl, sacl, byteArray; var securityInfos = Common.ToSecurityInfos(includeSections); var errorCode = (int)NativeMethods.GetSecurityInfoByName(normalizedPath, (uint)ResourceType.FileObject, (uint)securityInfos, out sidOwner, out sidGroup, out dacl, out sacl, out byteArray); Common.ThrowIfError(errorCode, byteArray); var length = NativeMethods.GetSecurityDescriptorLength(byteArray); var binaryForm = new byte[length]; Marshal.Copy(byteArray, binaryForm, 0, (int)length); NativeMethods.LocalFree(byteArray); var ds = new DirectorySecurity(); ds.SetSecurityDescriptorBinaryForm(binaryForm); return(ds); }
//http://www.west-wind.com/weblog/posts/4072.aspx public void SetFileSystemRights(string target, string group, FileSystemRights permission, DeploymentResult r) { if (!IsDirectory(target) && !IsFile(target)) { return; } var oldSecurity = Directory.GetAccessControl(target); var newSecurity = new DirectorySecurity(); newSecurity.SetSecurityDescriptorBinaryForm(oldSecurity.GetSecurityDescriptorBinaryForm()); var accessRule = new FileSystemAccessRule(group, permission, InheritanceFlags.None, PropagationFlags.NoPropagateInherit, AccessControlType.Allow); bool result; newSecurity.ModifyAccessRule(AccessControlModification.Set, accessRule, out result); if (!result) { r.AddError("Something wrong happened"); } accessRule = new FileSystemAccessRule(group, permission, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); result = false; newSecurity.ModifyAccessRule(AccessControlModification.Add, accessRule, out result); if (!result) { r.AddError("Something wrong happened"); } Directory.SetAccessControl(target, newSecurity); if (result) { r.AddGood("Permissions set for '{0}' on folder '{1}'", group, target); } if (!result) { r.AddError("Something wrong happened"); } }
private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections) { var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE(); byte[] securityDescriptorBinary = null; try { // Get the binary form of the descriptor. PlatformInvokes.EnableTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState); securityDescriptorBinary = sd.GetSecurityDescriptorBinaryForm(); } finally { PlatformInvokes.RestoreTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState); } try { PlatformInvokes.EnableTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState); // Transfer it to the new file / directory. // We keep these two code branches so that we can have more // granular information when we ouput the object type via // WriteSecurityDescriptorObject. if (Directory.Exists(path)) { DirectorySecurity newDescriptor = new DirectorySecurity(); newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections); new DirectoryInfo(path).SetAccessControl(newDescriptor); WriteSecurityDescriptorObject(newDescriptor, path); } else { FileSecurity newDescriptor = new FileSecurity(); newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections); new FileInfo(path).SetAccessControl(newDescriptor); WriteSecurityDescriptorObject(newDescriptor, path); } } finally { PlatformInvokes.RestoreTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState); } }
/// <summary> /// Gets the security information of specified handle from file system /// </summary> /// <param name="sidHandle">Handle to get file security information</param> /// <returns><see cref="CommonObjectSecurity"/>Result</returns> private CommonObjectSecurity ReceiveFileSystemSecurityInformation(out IntPtr sidHandle) { IntPtr zeroHandle = new IntPtr(); IntPtr pSecurityDescriptor = new IntPtr(); try { var namedSecInfoResult = Win32SafeNativeMethods.GetNamedSecurityInfo(PathInfo.FullNameUnc, Win32SecurityObjectType.SeFileObject, Win32FileSystemEntrySecurityInformation.OwnerSecurityInformation | Win32FileSystemEntrySecurityInformation.DaclSecurityInformation, out sidHandle, out zeroHandle, out zeroHandle, out zeroHandle, out pSecurityDescriptor); var win32Error = Marshal.GetLastWin32Error(); // Cancel if call failed if (namedSecInfoResult != 0) { Win32ErrorCodes.NativeExceptionMapping(PathInfo.FullName, win32Error); } var securityDescriptorLength = Win32SafeNativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor); var securityDescriptorDataArray = new byte[securityDescriptorLength]; Marshal.Copy(pSecurityDescriptor, securityDescriptorDataArray, 0, ( int )securityDescriptorLength); CommonObjectSecurity securityInfo; if (PathInfo.Attributes.Contains(FileAttributes.Directory)) { securityInfo = new DirectorySecurity(); securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray); } else { securityInfo = new FileSecurity(); securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray); } return(securityInfo); } finally { Win32SafeNativeMethods.LocalFree(zeroHandle); Win32SafeNativeMethods.LocalFree(pSecurityDescriptor); } }
public void TestAccessDenied() { string child2 = Path.Combine(TestFolder, @"child1\child2"); DirectorySecurity acl = Directory.GetAccessControl(child2); byte[] original = acl.GetSecurityDescriptorBinaryForm(); acl.AddAccessRule( new FileSystemAccessRule( new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.ListDirectory, AccessControlType.Deny) ); Directory.SetAccessControl(child2, acl); try { //By default it ignores AccessDenied FindFile ff = new FindFile(child2, "*", false, false); ff.FileFound += (o, e) => Assert.Fail("Should not find a file"); ff.Find(); //Now raise the AccessDenied ff.RaiseOnAccessDenied = true; try { ff.Find(); Assert.Fail("Should throw Access Denied."); } catch (System.ComponentModel.Win32Exception we) { Assert.AreEqual(5, we.NativeErrorCode); } } finally { acl.SetSecurityDescriptorBinaryForm(original, AccessControlSections.All); Directory.SetAccessControl(child2, acl); } }
public override Int32 Create( String FileName, UInt32 CreateOptions, UInt32 GrantedAccess, UInt32 FileAttributes, Byte[] SecurityDescriptor, UInt64 AllocationSize, out Object FileNode, out Object FileDesc0, out FileInfo FileInfo, out String NormalizedName) { FileDesc FileDesc = null; try { FileName = ConcatPath(FileName); if (0 == (CreateOptions & FILE_DIRECTORY_FILE)) { FileSecurity Security = null; if (null != SecurityDescriptor) { Security = new FileSecurity(); Security.SetSecurityDescriptorBinaryForm(SecurityDescriptor); } FileDesc = new FileDesc( new FileStream( FileName, FileMode.CreateNew, (FileSystemRights)GrantedAccess | FileSystemRights.WriteAttributes, FileShare.Read | FileShare.Write | FileShare.Delete, 4096, 0, Security)); FileDesc.SetFileAttributes(FileAttributes | (UInt32)System.IO.FileAttributes.Archive); } else { if (Directory.Exists(FileName)) { ThrowIoExceptionWithNtStatus(STATUS_OBJECT_NAME_COLLISION); } DirectorySecurity Security = null; if (null != SecurityDescriptor) { Security = new DirectorySecurity(); Security.SetSecurityDescriptorBinaryForm(SecurityDescriptor); } FileDesc = new FileDesc( Directory.CreateDirectory(FileName, Security)); FileDesc.SetFileAttributes(FileAttributes); } FileNode = default(Object); FileDesc0 = FileDesc; NormalizedName = default(String); return(FileDesc.GetFileInfo(out FileInfo)); } catch { if (null != FileDesc && null != FileDesc.Stream) { FileDesc.Stream.Dispose(); } throw; } }
public override Int32 Create( String fileName, UInt32 createOptions, UInt32 grantedAccess, UInt32 fileAttributes, Byte[] securityDescriptor, UInt64 allocationSize, out Object fileNode, out Object fileDesc0, out FileInfo fileInfo, out String normalizedName) { fileNode = default(Object); normalizedName = default(String); FileDescriptor fileDesc = null; try { var path = GetWritePath(fileName); // directory or file? if (0 == (createOptions & FILE_DIRECTORY_FILE)) { // file FileSecurity Security = null; if (null != securityDescriptor) { Security = new FileSecurity(); Security.SetSecurityDescriptorBinaryForm(securityDescriptor); } fileDesc = new FileDescriptor(fileName, new FileStream( path, FileMode.CreateNew, (FileSystemRights)grantedAccess | FileSystemRights.WriteAttributes, FileShare.Read | FileShare.Write | FileShare.Delete, 4096, 0, Security), true); fileDesc.SetFileAttributes(fileAttributes | (UInt32)System.IO.FileAttributes.Archive); } else { // directory if (Directory.Exists(path)) { Utils.ThrowIoExceptionWithNtStatus(STATUS_OBJECT_NAME_COLLISION); } DirectorySecurity Security = null; if (null != securityDescriptor) { Security = new DirectorySecurity(); Security.SetSecurityDescriptorBinaryForm(securityDescriptor); } fileDesc = new FileDescriptor(fileName, Directory.CreateDirectory(path, Security), true); fileDesc.SetFileAttributes(fileAttributes); } // assign the file descriptor fileDesc0 = fileDesc; return(fileDesc.GetFileInfo(out fileInfo)); } catch { if (null != fileDesc) { fileDesc.Dispose(); } throw; } }