public void ReplaceFile(string file)
{
Debug.Assert(File.Exists(file));
ActionObserver.NotifyAction("Search/Replace SID", "File", file, string.Empty);
try {
FileSecurity security = File.GetAccessControl(file, AccessControlSections.All);
string sddl = security.GetSecurityDescriptorSddlForm(AccessControlSections.All);
foreach (Tuple <SecurityIdentifier, SecurityIdentifier> item in ReplaceList)
{
string searchItem = item.Item1.ToString();
string replaceItem = item.Item2.ToString();
string newSddl = sddl.Replace(searchItem, replaceItem);
if (newSddl != sddl)
{
ActionObserver.NotifyInformation(
"File '{0}' replaced '{1}' with '{2}'",
file, searchItem, replaceItem
);
}
sddl = newSddl;
}
security.SetSecurityDescriptorSddlForm(sddl, AccessControlSections.All);
File.SetAccessControl(file, security);
} catch (Exception error) {
ActionObserver.NotifyError("Unable to search SIDs on file '{0}' due to error '{1}'", file, error.Message);
}
}
// From http://stackoverflow.com/questions/3118439/how-to-copy-ntfs-permissions
//private static void CopySecurityInformation(String source, String dest)
//{
// FileSecurity fileSecurity = File.GetAccessControl(source, AccessControlSections.All);
// fileSecurity.SetAccessRuleProtection(true, true); // from http://www.codekeep.net/snippets/1dc00f8c-b338-4760-aecb-024fe5009ed6.aspx
// File.SetAccessControl(dest, fileSecurity);
// FileAttributes fileAttributes = File.GetAttributes(source);
// File.SetAttributes(dest, fileAttributes);
//}
// From http://msdn.microsoft.com/en-us/library/system.io.file.setaccesscontrol.aspx
private static void CopySecurityInformation(String source, String dest)
{
FileSecurity sourceFileSecurity = File.GetAccessControl(source, AccessControlSections.All);
FileSecurity destFileSecurity = new FileSecurity();
string sourceDescriptor = sourceFileSecurity.GetSecurityDescriptorSddlForm(AccessControlSections.All);
destFileSecurity.SetSecurityDescriptorSddlForm(sourceDescriptor);
File.SetAccessControl(dest, sourceFileSecurity);
FileAttributes fileAttributes = File.GetAttributes(source);
File.SetAttributes(dest, fileAttributes);
}
private uint SetSecurity(IntPtr pThis, uint SecurityInformation, IntPtr pSecurityDescriptor)
{
IntPtr psd = IntPtr.Zero;
uint len = 0;
try
{
if (!MakeSelfRelativeSD(pSecurityDescriptor, psd, ref len))
{
int err = Marshal.GetLastWin32Error();
if (err != ERROR_INSUFFICIENT_BUFFER)
{
throw new System.ComponentModel.Win32Exception(err, "MakeSelfRelativeSD failed. Error = " + err);
}
}
psd = Marshal.AllocHGlobal((int)len);
if (!MakeSelfRelativeSD(pSecurityDescriptor, psd, ref len))
{
int err = Marshal.GetLastWin32Error();
throw new System.ComponentModel.Win32Exception(err, "MakeSelfRelativeSD failed. Error = " + err);
}
byte[] sd = new byte[len];
Marshal.Copy(psd, sd, 0, (int)len);
FileSecurity fs = new FileSecurity();
fs.SetSecurityDescriptorBinaryForm(sd);
_sddl = fs.GetSecurityDescriptorSddlForm(AccessControlSections.All);
return(S_OK);
}
catch
{
return(E_FAIL);
}
finally
{
if (psd != IntPtr.Zero)
{
Marshal.FreeHGlobal(psd);
}
}
}
private void internal_fill(string file_name)
{
textBoxAcl.Clear();
textBoxSddl.Clear();
AuthorizationRuleCollection dacls = null;
AuthorizationRuleCollection sacls = null;
FileSecurity f_sec = null;
try
{
f_sec = File.GetAccessControl(file_name);
try
{
dacls = f_sec.GetAccessRules(true, true, typeof(NTAccount));
}
catch (Exception ex)
{
textBoxAcl.AppendText(ex.Message);
textBoxAcl.AppendText("\r\n");
}
try
{
sacls = f_sec.GetAuditRules(true, true, typeof(NTAccount));
}
catch (Exception ex)
{
textBoxAcl.AppendText(ex.Message);
textBoxAcl.AppendText("\r\n");
}
StringBuilder sb = new StringBuilder();
sb.Append("Owner\r\n");
sb.Append("=====\r\n");
try
{
sb.Append(f_sec.GetOwner(typeof(NTAccount)).Value);
}
catch (Exception ex)
{
sb.Append(ex.Message);
}
sb.Append("\r\n\r\n");
sb.Append("Primary group\r\n");
sb.Append("=============\r\n");
try
{
sb.Append(f_sec.GetGroup(typeof(NTAccount)).Value);
}
catch (Exception ex)
{
sb.Append(ex.Message);
}
sb.Append("\r\n\r\n");
sb.Append("Access rules\r\n");
sb.Append("============\r\n");
sb.Append(string.Format("Inherit disable: {0}\r\n\r\n", f_sec.AreAccessRulesProtected));
if (dacls != null)
{
foreach (FileSystemAccessRule rule in dacls)
{
sb.Append(string.Format("Identity: {0}\r\n", rule.IdentityReference.Value));
sb.Append(string.Format("Access type: {0}\r\n", rule.AccessControlType.ToString()));
sb.Append(string.Format("Rights: {0}\r\n", rule.FileSystemRights.ToString()));
sb.Append(string.Format("Inheritance: {0}\r\n", rule.InheritanceFlags.ToString()));
sb.Append(string.Format("Inherited: {0}\r\n", rule.IsInherited));
sb.Append(string.Format("Propagation: {0}\r\n", rule.PropagationFlags.ToString()));
sb.Append("\r\n");
}
}
sb.Append("Audit rules\r\n");
sb.Append("===========\r\n");
sb.Append(string.Format("Inherit disable: {0}\r\n\r\n", f_sec.AreAuditRulesProtected));
if (sacls != null)
{
foreach (FileSystemAuditRule rule in sacls)
{
sb.Append(string.Format("Identity: {0}\r\n", rule.IdentityReference.Value));
sb.Append(string.Format("Audit type: {0}\r\n", rule.AuditFlags.ToString()));
sb.Append(string.Format("Rights: {0}\r\n", rule.FileSystemRights.ToString()));
sb.Append(string.Format("Inheritance: {0}\r\n", rule.InheritanceFlags.ToString()));
sb.Append(string.Format("Inherited: {0}\r\n", rule.IsInherited));
sb.Append(string.Format("Propagation: {0}\r\n", rule.PropagationFlags.ToString()));
sb.Append("\r\n");
}
}
textBoxAcl.Font = new Font(FontFamily.GenericMonospace, textBoxAcl.Font.Size);
textBoxSddl.Font = textBoxAcl.Font;
textBoxAcl.Text = sb.ToString();
textBoxSddl.Text = f_sec.GetSecurityDescriptorSddlForm(AccessControlSections.All);
}
catch (Exception ex)
{
textBoxAcl.Font = new Font(FontFamily.GenericMonospace, textBoxAcl.Font.Size);
textBoxSddl.Font = textBoxAcl.Font;
textBoxAcl.Text = string.Format("Cannot get security descriptor. {0}", ex.Message);
}
}
