public static void ProtectFileFolder(bool File = false)
{
try
{
string FolderPath = Core.GetPInstallPathNoFilename();
string UserAccount = "EVERYONE";
System.IO.DirectoryInfo FolderInfo = new System.IO.DirectoryInfo(FolderPath);
DirectorySecurity FolderAcl = new DirectorySecurity();
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.ReadAttributes, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.CreateDirectories, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.WriteAttributes, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.WriteExtendedAttributes, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.Delete, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.DeleteSubdirectoriesAndFiles, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.ChangePermissions, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
FolderAcl.AddAccessRule(new FileSystemAccessRule(UserAccount, FileSystemRights.TakeOwnership, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
if (!File)
{
FolderAcl.SetAccessRuleProtection(false, true);
}
FolderInfo.SetAccessControl(FolderAcl);
}
catch
{
}
}
public static void FolderDenyPermission(bool create, string tempPath)
{
var user = (Environment.UserDomainName + @"\" + Environment.UserName).TrimStart('\\');
var dirInfo = new System.IO.DirectoryInfo(tempPath);
System.Security.AccessControl.DirectorySecurity dirSecurity;
// ╔═════════════╦═════════════╦═══════════════════════════════╦════════════════════════╦══════════════════╦═══════════════════════╦═════════════╦═════════════╗
// ║ ║ folder only ║ folder, sub-folders and files ║ folder and sub-folders ║ folder and files ║ sub-folders and files ║ sub-folders ║ files ║
// ╠═════════════╬═════════════╬═══════════════════════════════╬════════════════════════╬══════════════════╬═══════════════════════╬═════════════╬═════════════╣
// ║ Propagation ║ none ║ none ║ none ║ none ║ InheritOnly ║ InheritOnly ║ InheritOnly ║
// ║ Inheritance ║ none ║ Container|Object ║ Container ║ Object ║ Container|Object ║ Container ║ Object ║
// ╚═════════════╩═════════════╩═══════════════════════════════╩════════════════════════╩══════════════════╩═══════════════════════╩═════════════╩═════════════╝
var rule = new System.Security.AccessControl.FileSystemAccessRule(user,
System.Security.AccessControl.FileSystemRights.FullControl,
System.Security.AccessControl.InheritanceFlags.ContainerInherit |
System.Security.AccessControl.InheritanceFlags.ObjectInherit,
System.Security.AccessControl.PropagationFlags.None, System.Security.AccessControl.AccessControlType.Deny);
if (create)
{
dirInfo.Create();
// Set DENY for current user.
dirSecurity = dirInfo.GetAccessControl();
dirSecurity.AddAccessRule(rule);
dirInfo.SetAccessControl(dirSecurity);
}
else
{
// Remove DENY for current user.
dirSecurity = dirInfo.GetAccessControl();
dirSecurity.RemoveAccessRule(rule);
dirInfo.SetAccessControl(dirSecurity);
}
}
public void ResetFileFolderACL(string location)
{
try
{
string FolderPath = location;
System.IO.DirectoryInfo FolderInfo = new System.IO.DirectoryInfo(FolderPath);
DirectorySecurity FolderAcl = new DirectorySecurity();
FolderAcl.SetAccessRuleProtection(false, true);
FolderInfo.SetAccessControl(FolderAcl);
}
catch
{
}
}
private void SetSecuritySystem(string directory)
{
if (System.IO.Directory.Exists(directory))
System.IO.Directory.Delete(directory, true);
System.IO.Directory.CreateDirectory(directory);
System.IO.Directory.CreateDirectory(System.IO.Path.Combine(directory, "inherited"));
var testDirInfo = new System.IO.DirectoryInfo(directory);
var ds = testDirInfo.GetAccessControl(System.Security.AccessControl.AccessControlSections.Access);
ds.SetAccessRuleProtection(true, false);
ds.AddAccessRule(new System.Security.AccessControl.FileSystemAccessRule(new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.WorldSid, null), System.Security.AccessControl.FileSystemRights.FullControl, System.Security.AccessControl.InheritanceFlags.ContainerInherit | System.Security.AccessControl.InheritanceFlags.ObjectInherit, System.Security.AccessControl.PropagationFlags.None, System.Security.AccessControl.AccessControlType.Allow));
testDirInfo.SetAccessControl(ds);
}
static StackObject *SetAccessControl_23(ILIntepreter __intp, StackObject *__esp, IList <object> __mStack, CLRMethod __method, bool isNewObj)
{
ILRuntime.Runtime.Enviorment.AppDomain __domain = __intp.AppDomain;
StackObject *ptr_of_this_method;
StackObject *__ret = ILIntepreter.Minus(__esp, 2);
ptr_of_this_method = ILIntepreter.Minus(__esp, 1);
System.Security.AccessControl.DirectorySecurity @directorySecurity = (System.Security.AccessControl.DirectorySecurity) typeof(System.Security.AccessControl.DirectorySecurity).CheckCLRTypes(StackObject.ToObject(ptr_of_this_method, __domain, __mStack));
__intp.Free(ptr_of_this_method);
ptr_of_this_method = ILIntepreter.Minus(__esp, 2);
System.IO.DirectoryInfo instance_of_this_method = (System.IO.DirectoryInfo) typeof(System.IO.DirectoryInfo).CheckCLRTypes(StackObject.ToObject(ptr_of_this_method, __domain, __mStack));
__intp.Free(ptr_of_this_method);
instance_of_this_method.SetAccessControl(@directorySecurity);
return(__ret);
}
private void Form1_Load(object sender, EventArgs e)
{
SetStatusOfStructureForms(true);
currentTT = new Timetable();
undoStack = new Stack<undoRedoEvent>();
redoStack = new Stack<undoRedoEvent>();
//get command line arguments.
string[] args = Environment.GetCommandLineArgs();
if (args.Length > 1)
{
currentTT.Load(args[1]);
return;
}
string appPath = AppDomain.CurrentDomain.BaseDirectory;
//before we can write to the directory, we MUST set permissions, so that we are able to write to the Program Files area of the hard drive.
//Failing to do this will result in the program crashing if not being 'Run as Adminstrator'.
System.IO.DirectoryInfo dInfo = new System.IO.DirectoryInfo(appPath);
DirectorySecurity security = dInfo.GetAccessControl();
security.SetAccessRule(new FileSystemAccessRule(Environment.UserName, FileSystemRights.FullControl, AccessControlType.Allow));
dInfo.SetAccessControl(security);
if (!System.IO.File.Exists(appPath + "normal.TTT"))
{
System.IO.File.WriteAllBytes(appPath + "normal.TTT", TimeLord.Properties.Resources.Template); //write the contents of the TimeLord Standard template to the drive, if not found.
MessageBox.Show("No default template has been created. The pre-designed template will therefore be used.","No Template");
}
currentTT.Load(appPath + "normal.TTT"); //load the standard template in. NB: Creating a new timetable will clear this template.
}
public void SetAccessControl(System.Security.AccessControl.DirectorySecurity directorySecurity)
{
inner.SetAccessControl(directorySecurity);
}
private void btnSubmit_Click(object sender, EventArgs e)
{
string dC = Convert.ToString(tbDC.Text);
//get the DC in order to be able to connect
string oU = Convert.ToString(tbOU.Text);
//Add "OU=" to the string so DirectoryServices can search for the OU needed
string lDAP = "LDAP://" + dC + ":389/" + oU;
//LDAP string needed for the OU where the security groups will be created
string filePath = Convert.ToString(tbFilePath.Text);
//convert the filepath provided to a user
string groupBase = filePath.Replace(@"\\", "");
//get the group base name to be used to create security groups in AD
string groupBaseStr = null;
if (groupBase.Length < 55)
{
groupBaseStr = groupBase;
}
else if (groupBase.Length > 55)
{
int groupBaseLength = groupBase.Length;
int lengthDif = groupBaseLength - 56;
string tempGroupBase = groupBase.Remove(0, lengthDif);
string newGroupBase = tempGroupBase.Insert(0, "%");
groupBaseStr = newGroupBase;
}
//check the number of characters in the group base name. If it is too many characters, remove the excess characters and add in a % to indicate to the Tech that this has been done.
string groupBaseName = groupBaseStr.Replace('\\', '.');
//the base group name that will be used in AD for security groups
string groupWrite = groupBaseName + (@" - W");
//the write permission security group
string groupWriteCN = "CN=" + Convert.ToString(groupWrite);
//Add "CN=" so Directory Services can create the group in the specified OU
string groupRead = groupBaseName + (@" - R");
//the read permission security group
string groupReadCN = "CN=" + Convert.ToString(groupRead);
//Add "CN=" so Directory Services can create the group in the specified OU
DirectoryEntry aclOu = new DirectoryEntry("LDAP://" + dC + ":389/" + oU);
DirectoryEntry groupW = aclOu.Children.Add(groupWriteCN, "group");
groupW.Properties["samAccountName"].Value = groupWrite;
groupW.CommitChanges();
//Create Write Security Group in AD
DirectoryEntry groupR = aclOu.Children.Add(groupReadCN, "group");
groupR.Properties["samAccountName"].Value = groupRead;
groupR.CommitChanges();
//Create Read Security Group in AD
System.Threading.Thread.Sleep(60000);
//wait to let the creation of the groups propogate to other DCs.
System.IO.DirectoryInfo folderInfo = new System.IO.DirectoryInfo(filePath);
DirectorySecurity folderSecurity = folderInfo.GetAccessControl();
FileSystemAccessRule ruleR =
new FileSystemAccessRule(groupRead,
FileSystemRights.Read |
FileSystemRights.ReadAndExecute |
FileSystemRights.ListDirectory,
InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
folderSecurity.AddAccessRule(ruleR);
folderInfo.SetAccessControl(folderSecurity);
//Assign Read permissions on the folder for the Read Security Group
FileSystemAccessRule ruleW =
new FileSystemAccessRule(groupWrite,
FileSystemRights.Modify |
FileSystemRights.Read |
FileSystemRights.ReadAndExecute |
FileSystemRights.ListDirectory |
FileSystemRights.Write,
InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
folderSecurity.AddAccessRule(ruleW);
folderInfo.SetAccessControl(folderSecurity);
//Assign Write permissions on the folder for the Write Security Group
if (cBoxTraverse.Checked)
{
ListDirectories pathsList = new ListDirectories(); //call DirectoryHelper class to create the list of the parent file pathes
List <string> parentPaths = pathsList.GetDirectories(filePath);
parentPaths.RemoveAt(0); //removes the filePath (the full path provided) from the list as it should not receive list permissions
foreach (string p in parentPaths)
{
System.IO.DirectoryInfo folderInfoLR = new System.IO.DirectoryInfo(p);
DirectorySecurity folderSecurityLR = folderInfoLR.GetAccessControl();
FileSystemAccessRule ruleLR =
new FileSystemAccessRule(groupRead,
FileSystemRights.Traverse |
FileSystemRights.ListDirectory |
FileSystemRights.ReadAttributes |
FileSystemRights.ReadExtendedAttributes |
FileSystemRights.ReadPermissions,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow);
folderSecurityLR.AddAccessRule(ruleLR);
folderInfoLR.SetAccessControl(folderSecurityLR);
System.IO.DirectoryInfo folderInfoLW = new System.IO.DirectoryInfo(p);
DirectorySecurity folderSecurityLW = folderInfoLW.GetAccessControl();
FileSystemAccessRule ruleLW =
new FileSystemAccessRule(groupWrite,
FileSystemRights.Traverse |
FileSystemRights.ListDirectory |
FileSystemRights.ReadAttributes |
FileSystemRights.ReadExtendedAttributes |
FileSystemRights.ReadPermissions,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow);
folderSecurityLW.AddAccessRule(ruleLW);
folderInfoLW.SetAccessControl(folderSecurityLW);
//assigning list/traverse permissions to parent folders, so that groups can get into the folder.
}
}
}
