public MyFile GetSpecifiedFile(string filepath)
{
if (!File.Exists(filepath))
{
throw new Microsoft.BusinessData.Runtime.ObjectNotFoundException(String.Format(
"No file exists at the path {0}",
filepath));
}
FileInfo fi = new FileInfo(filepath);
MyFile myfile = new MyFile();
myfile.Path = filepath;
myfile.Extension = fi.Extension.TrimStart(new char[] { '.' });
if (myfile.Extension.Equals("txt", StringComparison.OrdinalIgnoreCase))
{
myfile.ContentType = "text/plain";
}
else
{
myfile.ContentType = "unknown/unknown";
}
myfile.LastModified = fi.LastWriteTimeUtc;
myfile.Name = fi.Name;
FileSecurity sec = fi.GetAccessControl();
myfile.SecurityDescriptor = new Byte[sec.GetSecurityDescriptorBinaryForm().Length];
myfile.SecurityDescriptor = sec.GetSecurityDescriptorBinaryForm();
return(myfile);
}
public MyFile[] GetFiles(string folderpath)
{
List <MyFile> myfiles = new List <MyFile>();
foreach (string filepath in Directory.GetFiles(folderpath))
{
MyFile myfile = new MyFile();
myfile.Path = filepath;
FileInfo fi = new FileInfo(filepath);
myfile.Extension = fi.Extension.TrimStart(new char[] { '.' });
if (myfile.Extension.Equals("txt", StringComparison.OrdinalIgnoreCase))
{
myfile.ContentType = "text/plain";
}
else
{
myfile.ContentType = "unknown/unknown";
}
myfile.LastModified = fi.LastWriteTimeUtc;
myfile.Name = fi.Name;
FileSecurity sec = fi.GetAccessControl();
myfile.SecurityDescriptor = new Byte[sec.GetSecurityDescriptorBinaryForm().Length];
myfile.SecurityDescriptor = sec.GetSecurityDescriptorBinaryForm();
myfiles.Add(myfile);
}
return(myfiles.ToArray());
}
private unsafe static Interop.SECURITY_ATTRIBUTES GetSecAttrs(FileShare share, FileSecurity fileSecurity, out GCHandle?pinningHandle)
{
pinningHandle = null;
Interop.SECURITY_ATTRIBUTES secAttrs = null;
if ((share & FileShare.Inheritable) != 0 || fileSecurity != null)
{
secAttrs = new Interop.SECURITY_ATTRIBUTES();
secAttrs.nLength = Marshal.SizeOf(secAttrs);
if ((share & FileShare.Inheritable) != 0)
{
secAttrs.bInheritHandle = 1;
}
// For ACL's, get the security descriptor from the FileSecurity.
if (fileSecurity != null)
{
byte[] sd = fileSecurity.GetSecurityDescriptorBinaryForm();
pinningHandle = GCHandle.Alloc(sd, GCHandleType.Pinned);
fixed(byte *pSecDescriptor = sd)
secAttrs.pSecurityDescriptor = pSecDescriptor;
}
}
return(secAttrs);
}
internal void FinishPatching()
{
// Close file
Stream.Close();
if (FilePath.Contains(':'))
{
// Restore original owner and access rules.
// The OriginalACL cannot be reused directly.
FileSecurity NewACL = File.GetAccessControl(FilePath);
NewACL.SetSecurityDescriptorBinaryForm(OriginalACL.GetSecurityDescriptorBinaryForm());
File.SetAccessControl(FilePath, NewACL);
// Revert to self
RestorePrivilege.Revert();
RestorePrivilege.Disable();
if ((Environment.OSVersion.Version.Major == 6) && (Environment.OSVersion.Version.Minor <= 1))
{
// On Vista or 7
TakeOwnershipPrivilege.Revert();
TakeOwnershipPrivilege.Disable();
}
}
}
public void SetAccessControl()
{
string tempFile = Path.GetTempFileName();
FileInfo fi = new FileInfo(tempFile);
FileSecurity expected = fi.GetAccessControl(AccessControlSections.All);
ExtendedFileInfo efi = new ExtendedFileInfo(tempFile);
Assert.IsNotNull(efi);
FileSecurity fileSecurity = new FileSecurity();
fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));
efi.SetAccessControl(fileSecurity);
Assert.AreNotEqual(expected.GetSecurityDescriptorBinaryForm(), efi.GetAccessControl().GetSecurityDescriptorBinaryForm());
FileSecurity actualFileSecurity = File.GetAccessControl(tempFile);
AuthorizationRuleCollection rules = actualFileSecurity.GetAccessRules(true, true, typeof(NTAccount));
foreach (AuthorizationRule rule in rules)
{
FileSystemAccessRule accessRule = (FileSystemAccessRule)rule;
if (accessRule.IdentityReference.Value == "Everyone")
{
Assert.IsTrue(accessRule.AccessControlType == AccessControlType.Allow);
Assert.IsTrue(accessRule.FileSystemRights == FileSystemRights.FullControl);
}
}
fi.SetAccessControl(expected);
}
public void TestCreate()
{
//Arrange
var fs = new MockFileSystem();
var file = @"C:\my\file.txt";
fs.Directory.CreateDirectory(@"C:\my");
//Act
var s = new FileSecurity();
var fsecurity = s.GetSecurityDescriptorBinaryForm();
_ = new FileActions(fs).Create(file, 1, (uint)FileAttributes.Normal, fsecurity, out var e);
//Assert
Assert.IsTrue(fs.File.Exists(file));
Assert.AreEqual(0, e.AllocationSize);
Assert.AreEqual((uint)fs.DirectoryInfo.FromDirectoryName(file).Attributes, e.Attributes);
Assert.AreEqual(fs.DirectoryInfo.FromDirectoryName(file).LastWriteTimeUtc.ToFileTimeUtc(), e.ChangeTime);
Assert.AreEqual(fs.DirectoryInfo.FromDirectoryName(file).CreationTimeUtc.ToFileTimeUtc(), e.CreationTime);
Assert.AreEqual(0, e.EaSize);
Assert.AreEqual(0, e.FileSize);
Assert.AreEqual(0, e.HardLinks);
Assert.AreEqual(0, e.IndexNumber);
Assert.AreEqual(fs.DirectoryInfo.FromDirectoryName(file).LastAccessTimeUtc.ToFileTimeUtc(), e.LastAccessTime);
Assert.AreEqual(fs.DirectoryInfo.FromDirectoryName(file).LastWriteTimeUtc.ToFileTimeUtc(), e.LastWriteTime);
Assert.AreEqual(0, e.ReparseTag);
Assert.IsTrue(e.IsFile());
}
private static unsafe SafeFileHandle CreateFileHandle(string fullPath, FileMode mode, FileSystemRights rights, FileShare share, FileOptions options, FileSecurity security)
{
Debug.Assert(fullPath != null);
// Must use a valid Win32 constant
if (mode == FileMode.Append)
{
mode = FileMode.OpenOrCreate;
}
// For mitigating local elevation of privilege attack through named pipes make sure we always call CreateFile with SECURITY_ANONYMOUS so that the
// named pipe server can't impersonate a high privileged client security context (note that this is the effective default on CreateFile2)
// SECURITY_SQOS_PRESENT flags that a SECURITY_ flag is present.
int flagsAndAttributes = (int)options | Interop.Kernel32.SecurityOptions.SECURITY_SQOS_PRESENT | Interop.Kernel32.SecurityOptions.SECURITY_ANONYMOUS;
SafeFileHandle handle;
fixed(byte *pSecurityDescriptor = security.GetSecurityDescriptorBinaryForm())
{
var secAttrs = new Interop.Kernel32.SECURITY_ATTRIBUTES
{
nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES),
bInheritHandle = ((share & FileShare.Inheritable) != 0) ? Interop.BOOL.TRUE : Interop.BOOL.FALSE,
lpSecurityDescriptor = (IntPtr)pSecurityDescriptor
};
using (DisableMediaInsertionPrompt.Create())
{
handle = Interop.Kernel32.CreateFile(fullPath, (int)rights, share, ref secAttrs, mode, flagsAndAttributes, IntPtr.Zero);
ValidateFileHandle(handle, fullPath);
}
}
return(handle);
}
public MyFile GetSpecifiedFile(string filepath)
{
if (File.Exists(filepath))
{
FileInfo fi = new FileInfo(filepath);
MyFile myfile = new MyFile();
myfile.Path = filepath;
myfile.Extension = fi.Extension.TrimStart(new char[] { '.' });
myfile.LastModified = fi.LastWriteTimeUtc;
myfile.Name = fi.Name;
FileSecurity sec = fi.GetAccessControl();
myfile.SecurityDesciptor = new Byte[sec.GetSecurityDescriptorBinaryForm().Length];
myfile.SecurityDesciptor = sec.GetSecurityDescriptorBinaryForm();
return(myfile);
}
return(null);
}
public MyFile GetSpecifiedFile(string filepath)
{
if (File.Exists(filepath))
{
FileInfo fi = new FileInfo(filepath);
MyFile myfile = new MyFile();
myfile.Path = filepath;
myfile.Extension = fi.Extension.TrimStart(new char[] { '.' });
myfile.LastModified = fi.LastWriteTimeUtc;
myfile.Name = fi.Name;
FileSecurity sec = fi.GetAccessControl();
myfile.SecurityDesciptor = new Byte[sec.GetSecurityDescriptorBinaryForm().Length];
myfile.SecurityDesciptor = sec.GetSecurityDescriptorBinaryForm();
try
{
XDocument xmlDoc = XDocument.Load(filepath);
var products = from product in xmlDoc.Descendants("Product")
select new
{
SKU = product.Element("SKU").Value,
Title = product.Element("Title").Value,
Category = product.Element("Category").Value,
Price = product.Element("Price").Value,
Description = product.Element("Description").Value,
};
// we don't really look for multiple products..we assume 1 per xml doc
foreach (var product in products)
{
myfile.SKU = product.SKU;
myfile.Title = product.Title;
myfile.Category = product.Category;
myfile.Description = product.Description;
myfile.Price = Convert.ToInt32(product.Price);
}
}
catch (Exception e) { //just move along
myfile.Title = "error"; //this is for debugging only
}
return(myfile);
}
return(null);
}
public MyFile[] GetAllFiles(string folderpath)
{
List <MyFile> myfiles = new List <MyFile>();
foreach (string filepath in Directory.GetFiles(folderpath))
{
MyFile myfile = new MyFile();
myfile.Path = filepath;
FileInfo fi = new FileInfo(filepath);
myfile.Extension = fi.Extension.TrimStart(new char[] { '.' });
myfile.LastModified = fi.LastWriteTimeUtc;
myfile.Name = fi.Name;
FileSecurity sec = fi.GetAccessControl();
myfile.SecurityDesciptor = new Byte[sec.GetSecurityDescriptorBinaryForm().Length];
myfile.SecurityDesciptor = sec.GetSecurityDescriptorBinaryForm();
myfiles.Add(myfile);
}
return(myfiles.ToArray());
}
public static FileSystemRights GetEffectivePermissions(
WindowsIdentity clientIdentity,
FileSecurity securityDescriptor)
{
bool isAccessAllowed = false;
byte[] binaryForm = securityDescriptor.GetSecurityDescriptorBinaryForm();
SafeCloseHandle newToken = null;
SafeCloseHandle token = new SafeCloseHandle(clientIdentity.Token, false);
try
{
if (IsPrimaryToken(token) &&
!DuplicateTokenEx(
token,
TokenAccessLevels.Query,
IntPtr.Zero,
SecurityImpersonationLevel.Identification,
TokenType.TokenImpersonation,
out newToken))
{
int err = Marshal.GetLastWin32Error();
CloseInvalidOutSafeHandle(newToken);
throw new Win32Exception(err, "DuplicateTokenExFailed");
}
GENERIC_MAPPING genericMapping = new GENERIC_MAPPING();
PRIVILEGE_SET structPrivilegeSet = new PRIVILEGE_SET();
uint privilegeSetLength = (uint)Marshal.SizeOf(structPrivilegeSet);
uint grantedAccess = 0;
if (!AccessCheck(
binaryForm,
newToken ?? token,
0x2000000,
genericMapping,
out structPrivilegeSet,
ref privilegeSetLength,
out grantedAccess,
out isAccessAllowed))
{
throw new Win32Exception(Marshal.GetLastWin32Error(), "AccessCheckFailed");
}
return((FileSystemRights)grantedAccess);
}
finally
{
if (newToken != null)
{
newToken.Dispose();
}
}
}
public void GetAccessControl1()
{
string tempFile = Path.GetTempFileName();
FileInfo fi = new FileInfo(tempFile);
ExtendedFileInfo efi = new ExtendedFileInfo(tempFile);
Assert.IsNotNull(efi);
FileSecurity actual = efi.GetAccessControl(AccessControlSections.All);
FileSecurity expected = fi.GetAccessControl(AccessControlSections.All);
CollectionAssert.AreEqual(expected.GetSecurityDescriptorBinaryForm(), actual.GetSecurityDescriptorBinaryForm());
}
/// <summary>
/// Create a named pipe instance.
/// </summary>
/// <param name="pipeName">Local name (the part after \\.\pipe\)</param>
public static NamedPipeStream Create(string pipeName, ServerMode mode, FileSecurity fileSec)
{
SECURITY_ATTRIBUTES pipeSecurity = new SECURITY_ATTRIBUTES();
pipeSecurity.nLength = Marshal.SizeOf(pipeSecurity);
byte[] src = fileSec.GetSecurityDescriptorBinaryForm();
IntPtr dest = Marshal.AllocHGlobal(src.Length);
Marshal.Copy(src, 0, dest, src.Length);
pipeSecurity.lpSecurityDescriptor = dest;
IntPtr pipeSecPtr = Marshal.AllocHGlobal(pipeSecurity.nLength);
Marshal.StructureToPtr(pipeSecurity, pipeSecPtr, true);
IntPtr handle = IntPtr.Zero;
string name = @"\\.\pipe\" + pipeName;
handle = CreateNamedPipe(
name,
(uint)mode, PIPE_TYPE_MESSAGE | PIPE_WAIT,
PIPE_UNLIMITED_INSTANCES,
0, // outBuffer,
1024, // inBuffer,
NMPWAIT_WAIT_FOREVER,
pipeSecPtr);
if (handle == INVALID_HANDLE_VALUE)
{
throw new Win32Exception("Error creating named pipe " + name + " . Internal error: " + Marshal.GetLastWin32Error().ToString());
}
// Set members persistently...
NamedPipeStream self = new NamedPipeStream();
self._handle = handle;
switch (mode)
{
case ServerMode.InboundOnly:
self._mode = FileAccess.Read;
break;
case ServerMode.OutboundOnly:
self._mode = FileAccess.Write;
break;
case ServerMode.Bidirectional:
self._mode = FileAccess.ReadWrite;
break;
}
return(self);
}
CreatePhysicalLogStreamBeginWrapper(
Guid PhysicalLogStreamId,
Guid PhysicalLogStreamTypeId,
string OptionalLogStreamAlias,
string OptionalPath,
FileSecurity OptionalSecurityInfo,
Int64 MaximumSize,
UInt32 MaximumBlockSize,
LogManager.LogCreationFlags CreationFlags,
NativeCommon.IFabricAsyncOperationCallback Callback)
{
NativeLog.IKBuffer secInfo = null;
if (OptionalSecurityInfo != null)
{
var secDesc = OptionalSecurityInfo.GetSecurityDescriptorBinaryForm();
NativeLog.CreateKBuffer((UInt32)secDesc.GetLength(0), out secInfo);
}
NativeCommon.IFabricAsyncOperationContext context;
using (var pin = new PinCollection())
{
this._NativeContainer.BeginCreateLogStream(
PhysicalLogStreamId,
PhysicalLogStreamTypeId,
pin.AddBlittable(OptionalLogStreamAlias),
// CONSIDER: what about NULL Alias ?
pin.AddBlittable(OptionalPath),
secInfo,
// CONSIDER: does native code need to AddRef() ?
MaximumSize,
MaximumBlockSize,
CreationFlags,
Callback,
out context);
}
return(context);
}
private uint GetSecurity(IntPtr pThis, uint RequestedInformation, ref IntPtr ppSecurityDescriptor, bool fDefault)
{
try
{
FileSecurity fs = new FileSecurity();
fs.SetSecurityDescriptorSddlForm(_sddl);
byte[] sd = fs.GetSecurityDescriptorBinaryForm();
ppSecurityDescriptor = Marshal.AllocHGlobal(sd.Length);
Marshal.Copy(sd, 0, ppSecurityDescriptor, sd.Length);
fDefault = false;
return(S_OK);
}
catch
{
return(E_FAIL);
}
}
private void CommitWriteTransaction()
{
if (g_bExtraSafe)
{
if (!IOConnection.FileExists(m_iocTemp))
{
throw new FileNotFoundException(m_iocTemp.Path +
MessageService.NewLine + KLRes.FileSaveFailed);
}
}
bool bMadeUnhidden = UrlUtil.UnhideFile(m_iocBase.Path);
#if !KeePassUAP
// 'All' includes 'Audit' (SACL), which requires SeSecurityPrivilege,
// which we usually don't have and therefore get an exception;
// trying to set 'Owner' or 'Group' can result in an
// UnauthorizedAccessException; thus we restore 'Access' (DACL) only
const AccessControlSections acs = AccessControlSections.Access;
bool bEfsEncrypted = false;
byte[] pbSec = null;
#endif
DateTime?otCreation = null;
bool bBaseExists = IOConnection.FileExists(m_iocBase);
if (bBaseExists && m_iocBase.IsLocalFile())
{
// FileAttributes faBase = FileAttributes.Normal;
try
{
#if !KeePassUAP
FileAttributes faBase = File.GetAttributes(m_iocBase.Path);
bEfsEncrypted = ((long)(faBase & FileAttributes.Encrypted) != 0);
try { if (bEfsEncrypted)
{
File.Decrypt(m_iocBase.Path);
}
} // For TxF
catch (Exception) { Debug.Assert(false); }
#endif
otCreation = File.GetCreationTimeUtc(m_iocBase.Path);
#if !KeePassUAP
// May throw with Mono
FileSecurity sec = File.GetAccessControl(m_iocBase.Path, acs);
if (sec != null)
{
pbSec = sec.GetSecurityDescriptorBinaryForm();
}
#endif
}
catch (Exception) { Debug.Assert(NativeLib.IsUnix()); }
// if((long)(faBase & FileAttributes.ReadOnly) != 0)
// throw new UnauthorizedAccessException();
}
if (!TxfMove())
{
if (bBaseExists)
{
IOConnection.DeleteFile(m_iocBase);
}
IOConnection.RenameFile(m_iocTemp, m_iocBase);
}
else
{
Debug.Assert(pbSec != null);
} // TxF success => NTFS => has ACL
try
{
// If File.GetCreationTimeUtc fails, it may return a
// date with year 1601, and Unix times start in 1970,
// so testing for 1971 should ensure validity;
// https://msdn.microsoft.com/en-us/library/system.io.file.getcreationtimeutc.aspx
if (otCreation.HasValue && (otCreation.Value.Year >= 1971))
{
File.SetCreationTimeUtc(m_iocBase.Path, otCreation.Value);
}
#if !KeePassUAP
if (bEfsEncrypted)
{
try { File.Encrypt(m_iocBase.Path); }
catch (Exception) { Debug.Assert(false); }
}
// File.SetAccessControl(m_iocBase.Path, secPrev);
// Directly calling File.SetAccessControl with the previous
// FileSecurity object does not work; the binary form
// indirection is required;
// https://sourceforge.net/p/keepass/bugs/1738/
// https://msdn.microsoft.com/en-us/library/system.io.file.setaccesscontrol.aspx
if ((pbSec != null) && (pbSec.Length != 0))
{
FileSecurity sec = new FileSecurity();
sec.SetSecurityDescriptorBinaryForm(pbSec, acs);
File.SetAccessControl(m_iocBase.Path, sec);
}
#endif
}
catch (Exception) { Debug.Assert(false); }
if (bMadeUnhidden)
{
UrlUtil.HideFile(m_iocBase.Path, true);
}
}
[System.Security.SecuritySafeCritical] // auto-generated
private unsafe static Win32Native.SECURITY_ATTRIBUTES GetSecAttrs(FileShare share, FileSecurity fileSecurity, out Object pinningHandle)
{
pinningHandle = null;
Win32Native.SECURITY_ATTRIBUTES secAttrs = null;
if ((share & FileShare.Inheritable) != 0 || fileSecurity != null) {
secAttrs = new Win32Native.SECURITY_ATTRIBUTES();
secAttrs.nLength = (int)Marshal.SizeOf(secAttrs);
if ((share & FileShare.Inheritable) != 0) {
secAttrs.bInheritHandle = 1;
}
// For ACL's, get the security descriptor from the FileSecurity.
if (fileSecurity != null) {
byte[] sd = fileSecurity.GetSecurityDescriptorBinaryForm();
pinningHandle = GCHandle.Alloc(sd, GCHandleType.Pinned);
fixed(byte* pSecDescriptor = sd)
secAttrs.pSecurityDescriptor = pSecDescriptor;
}
}
return secAttrs;
}
