/// <summary> /// Create a new directory /// </summary> /// <param name="fileSystemRights">Type of file system rights to be set on the new directory</param> /// <param name="boolAllowEveryone">Flag to include Everyone permissions on the new directory</param> /// <returns></returns> public Globals.ResultType Create(System.Security.AccessControl.FileSystemRights fileSystemRights, bool boolAllowEveryone = false) { try { // Create Directory System.IO.DirectoryInfo directoryInfo = System.IO.Directory.CreateDirectory(this.FilePath); // Validation if (directoryInfo == null || directoryInfo.Exists == false) { return(Globals.ResultType.Failure); } // Set Directory Permissions Globals.ResultType createResultType = this.SetPermissions(fileSystemRights, System.Security.AccessControl.AccessControlType.Allow); // Validation if (createResultType == Globals.ResultType.Failure) { return(Globals.ResultType.Failure); } return(Globals.ResultType.Success); } catch (Exception ex) { // To Be Implemented: Throw Custom Exception... Console.WriteLine(ex.ToString()); return(Globals.ResultType.Failure); } }
private static int AccessMaskFromRights(System.Security.AccessControl.FileSystemRights fileSystemRights) { if ((fileSystemRights < 0) || (fileSystemRights > System.Security.AccessControl.FileSystemRights.FullControl)) { throw new ArgumentOutOfRangeException("fileSystemRights", Environment.GetResourceString("Argument_InvalidEnumValue", new object[] { fileSystemRights, "FileSystemRights" })); } return((int)fileSystemRights); }
public static bool CheckReadWriteAccces(string filePath, System.Security.AccessControl.FileSystemRights fileSystemRights) { FileInfo fileInfo = new FileInfo(filePath); string str = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToUpper(); foreach (System.Security.AccessControl.FileSystemAccessRule rule in fileInfo.GetAccessControl().GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount))) { if (str == rule.IdentityReference.Value.ToUpper()) { return((rule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow) && (fileSystemRights == (rule.FileSystemRights & fileSystemRights))); } } return(false); }
internal static int AccessMaskFromRights(System.Security.AccessControl.FileSystemRights fileSystemRights, AccessControlType controlType) { if ((fileSystemRights < 0) || (fileSystemRights > System.Security.AccessControl.FileSystemRights.FullControl)) { throw new ArgumentOutOfRangeException("fileSystemRights", Environment.GetResourceString("Argument_InvalidEnumValue", new object[] { fileSystemRights, "FileSystemRights" })); } if (controlType == AccessControlType.Allow) { fileSystemRights |= System.Security.AccessControl.FileSystemRights.Synchronize; } else if (((controlType == AccessControlType.Deny) && (fileSystemRights != System.Security.AccessControl.FileSystemRights.FullControl)) && (fileSystemRights != (System.Security.AccessControl.FileSystemRights.Synchronize | System.Security.AccessControl.FileSystemRights.TakeOwnership | System.Security.AccessControl.FileSystemRights.ChangePermissions | System.Security.AccessControl.FileSystemRights.Modify))) { fileSystemRights &= ~System.Security.AccessControl.FileSystemRights.Synchronize; } return((int)fileSystemRights); }
/// <summary> /// 从指定的文件或目录移除访问权限。 /// </summary> /// <param name="path">文件或目录路径。</param> /// <param name="identity">Windows 用户或组名称。</param> /// <param name="fileSystemRights"></param> /// <param name="accessControlType">指定允许还是拒绝该操作。</param> public static void RemovePermission(string path, string identity, System.Security.AccessControl.FileSystemRights fileSystemRights, System.Security.AccessControl.AccessControlType accessControlType) { System.Security.AccessControl.FileSystemAccessRule ar1 = new System.Security.AccessControl.FileSystemAccessRule(identity, fileSystemRights, accessControlType); if (System.IO.Directory.Exists(path)) { System.Security.AccessControl.DirectorySecurity ds = System.IO.Directory.GetAccessControl(path); ds.RemoveAccessRuleAll(ar1); System.IO.Directory.SetAccessControl(path, ds); } else if (System.IO.File.Exists(path)) { System.Security.AccessControl.FileSecurity ds = System.IO.File.GetAccessControl(path); ds.RemoveAccessRuleAll(ar1); System.IO.File.SetAccessControl(path, ds); } }
/// <summary> /// 向指定的文件或目录追加访问权限。 /// </summary> /// <param name="path">文件或目录路径。</param> /// <param name="identity">Windows 用户或组名称。</param> /// <param name="fileSystemRights">访问权限。</param> /// <param name="accessControlType">指定允许还是拒绝该操作。</param> public static void AppendPermission(string path, string identity, System.Security.AccessControl.FileSystemRights fileSystemRights, System.Security.AccessControl.AccessControlType accessControlType) { System.Security.AccessControl.FileSystemAccessRule ar1 = new System.Security.AccessControl.FileSystemAccessRule(identity, fileSystemRights, accessControlType); if (System.IO.Directory.Exists(path)) { System.Security.AccessControl.FileSystemAccessRule ar2 = new System.Security.AccessControl.FileSystemAccessRule(identity, fileSystemRights, System.Security.AccessControl.InheritanceFlags.ContainerInherit | System.Security.AccessControl.InheritanceFlags.ObjectInherit, System.Security.AccessControl.PropagationFlags.InheritOnly, accessControlType); System.Security.AccessControl.DirectorySecurity ds = System.IO.Directory.GetAccessControl(path); ds.AddAccessRule(ar1); ds.AddAccessRule(ar2); System.IO.Directory.SetAccessControl(path, ds); } else if (System.IO.File.Exists(path)) { System.Security.AccessControl.FileSecurity ds = System.IO.File.GetAccessControl(path); ds.AddAccessRule(ar1); System.IO.File.SetAccessControl(path, ds); } }
} // End Function DirectoryHasPermission_Unix /// <summary> /// Test a directory for create file access permissions /// </summary> /// <param name="DirectoryPath">Full path to directory </param> /// <param name="AccessRight">File System right tested</param> /// <returns>State [bool]</returns> public static bool DirectoryHasPermission(System.IO.DirectoryInfo di, System.Security.AccessControl.FileSystemRights AccessRight) { if (!di.Exists) { return(false); } bool ret = false; if (System.Environment.OSVersion.Platform == System.PlatformID.Unix) { ret = DirectoryHasPermission_Unix(di, AccessRight); } else { ret = DirectoryHasPermission_Windows(di, AccessRight); } return(ret); } // End Function DirectoryHasPermission
public static bool CheckPermission(string path, System.Security.AccessControl.FileSystemRights filePerm) { bool canPerform = false; System.Security.AccessControl.FileSecurity acl = File.GetAccessControl(path); string user = Environment.UserName; System.Security.Principal.NTAccount uid = new System.Security.Principal.NTAccount(user); foreach (System.Security.AccessControl.FileSystemAccessRule rule in acl.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount))) { if (rule.IdentityReference == uid) { if ((rule.FileSystemRights & filePerm) != 0) { canPerform = true; } } } return(canPerform); }
private bool hasPermission(string path, System.Security.AccessControl.FileSystemRights accessRight) { try { System.Security.AccessControl.AuthorizationRuleCollection rules = System.IO.Directory.GetAccessControl(path).GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); System.Security.Principal.WindowsIdentity identity = System.Security.Principal.WindowsIdentity.GetCurrent(); foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules) { if (identity.Groups.Contains(rule.IdentityReference)) { if ((accessRight & rule.FileSystemRights) == accessRight) { if (rule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow) { return(true); } } } } } catch { } return(false); }
public FileSystemAccessRule(System.Security.Principal.IdentityReference identity, System.Security.AccessControl.FileSystemRights fileSystemRights, System.Security.AccessControl.AccessControlType type) : base(default(System.Security.Principal.IdentityReference), default(int), default(bool), default(System.Security.AccessControl.InheritanceFlags), default(System.Security.AccessControl.PropagationFlags), default(System.Security.AccessControl.AccessControlType)) { }
public FileSystemAuditRule(IdentityReference identity, System.Security.AccessControl.FileSystemRights fileSystemRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags) : this(identity, AccessMaskFromRights(fileSystemRights), false, inheritanceFlags, propagationFlags, flags) { }
public static System.IO.FileStream Create(this System.IO.FileInfo fileInfo, System.IO.FileMode mode, System.Security.AccessControl.FileSystemRights rights, System.IO.FileShare share, int bufferSize, System.IO.FileOptions options, System.Security.AccessControl.FileSecurity fileSecurity) { throw null; }
private void PreprocessXmlFile(ITaskItem taskItem) { const System.Security.AccessControl.FileSystemRights ReadExecuteAndWrite = System.Security.AccessControl.FileSystemRights.ReadAndExecute | System.Security.AccessControl.FileSystemRights.Write; XmlSchemaCatalog.WaitForLoadingToFinish(true); try { FileInfo fileInfo = new FileInfo(taskItem.GetMetadata("FullPath")); long startLength = fileInfo.Length; long finalLength; using (FileStream fileStream = new FileStream(fileInfo.FullName, FileMode.Open, ReadExecuteAndWrite, FileShare.None, (int)startLength, FileOptions.SequentialScan)) { using (MemoryStream bufferStream = new MemoryStream((int)startLength)) { using (XmlWriter xmlWriter = XmlWriter.Create(bufferStream, XmlWriterSettings)) { using (XmlReader xmlReader = CreateDualValidatingReader(fileStream)) { // UNDONE: For some reason, default attribute values still aren't being stripped out correctly if (string.Equals(taskItem.GetMetadata("Extension"), ".XSD", StringComparison.OrdinalIgnoreCase)) { XmlDocument xmlDocument = new XmlDocument(xmlReader.NameTable); xmlDocument.Load(xmlReader); XPathNavigator xPathNavigator = xmlDocument.CreateNavigator(); XPathNodeIterator xPathNodeIterator = xPathNavigator.SelectDescendants("annotation", XmlSchema.Namespace, false); while (xPathNodeIterator.MoveNext()) { xPathNodeIterator.Current.DeleteSelf(); } xmlWriter.WriteNode(xPathNavigator, false); } else { xmlWriter.WriteNode(xmlReader, false); } } } byte[] buffer = bufferStream.GetBuffer(); int bufferLength = (int)bufferStream.Length; List <int> stripSpaceIndexes = new List <int>(512); for (int i = bufferLength - 1; i >= 2; i--) { if (buffer[i] == '>' && buffer[--i] == '/' && buffer[--i] == ' ') { stripSpaceIndexes.Add(i); } } fileStream.Seek(0, SeekOrigin.Begin); int stripSpaceCount = stripSpaceIndexes.Count; finalLength = bufferLength - stripSpaceCount; int bufferIndex = 0; for (int i = stripSpaceCount - 1; i >= 0; i--) { fileStream.Write(buffer, bufferIndex, -bufferIndex + (bufferIndex = stripSpaceIndexes[i] + 1) - 1); } fileStream.Write(buffer, bufferIndex, bufferLength - bufferIndex); } fileStream.SetLength(finalLength); } Log.LogMessage(MessageImportance.Normal, "Successfully preprocessed \"{0}\". Original size was {1:n0} bytes, new size is {2:n0} bytes.", taskItem.ItemSpec, startLength, finalLength); // Update the destination file time to match the source file time so that we know not to process it again next time fileInfo.LastWriteTimeUtc = File.GetLastWriteTimeUtc(base.SourceFiles[Array.IndexOf <ITaskItem>(base.DestinationFiles, taskItem)].GetMetadata("FullPath")); } catch (Exception ex) { Log.LogErrorFromException(ex, true); } }
public FileSystemAccessRule(IdentityReference identity, System.Security.AccessControl.FileSystemRights fileSystemRights, AccessControlType type) : this(identity, AccessMaskFromRights(fileSystemRights, type), false, InheritanceFlags.None, PropagationFlags.None, type) { }
public FileSystemAuditRule(IdentityReference identity, System.Security.AccessControl.FileSystemRights fileSystemRights, AuditFlags flags) : this(identity, fileSystemRights, InheritanceFlags.None, PropagationFlags.None, flags) { }
public FileSystemAuditRule(string identity, System.Security.AccessControl.FileSystemRights fileSystemRights, AuditFlags flags) : this(new NTAccount(identity), fileSystemRights, InheritanceFlags.None, PropagationFlags.None, flags) { }
public FileSystemAuditRule(string identity, System.Security.AccessControl.FileSystemRights fileSystemRights, System.Security.AccessControl.InheritanceFlags inheritanceFlags, System.Security.AccessControl.PropagationFlags propagationFlags, System.Security.AccessControl.AuditFlags flags) : base(default(System.Security.Principal.IdentityReference), default(int), default(bool), default(System.Security.AccessControl.InheritanceFlags), default(System.Security.AccessControl.PropagationFlags), default(System.Security.AccessControl.AuditFlags)) { }
public FileStream(string path, FileMode mode, System.Security.AccessControl.FileSystemRights rights, FileShare share, int bufferSize, FileOptions options) { }
} // End Function IsCyclicSymlink // https://stackoverflow.com/questions/45132081/file-permissions-on-linux-unix-with-net-core private static unsafe bool DirectoryHasPermission_Unix(System.IO.DirectoryInfo di, System.Security.AccessControl.FileSystemRights AccessRight) { return(CrapLord.LinuxNativeMethods.Access(di.FullName, CrapLord.LinuxNativeMethods.AccessModes.F_OK | CrapLord.LinuxNativeMethods.AccessModes.R_OK)); } // End Function DirectoryHasPermission_Unix
public FileSystemAccessRule(string identity, System.Security.AccessControl.FileSystemRights fileSystemRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type) : this(new NTAccount(identity), AccessMaskFromRights(fileSystemRights, type), false, inheritanceFlags, propagationFlags, type) { }
} // End Function DirectoryHasPermission /// <summary> /// Test a directory for create file access permissions /// </summary> /// <param name="DirectoryPath">Full path to directory </param> /// <param name="AccessRight">File System right tested</param> /// <returns>State [bool]</returns> public static bool DirectoryHasPermission_Windows(System.IO.DirectoryInfo di, System.Security.AccessControl.FileSystemRights AccessRight) { if (!di.Exists) { return(false); } // Requires nuget: System.IO.FileSystem.AccessControl try { System.Security.AccessControl.AuthorizationRuleCollection rules = System.IO.FileSystemAclExtensions.GetAccessControl(di).GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); System.Security.Principal.WindowsIdentity identity = System.Security.Principal.WindowsIdentity.GetCurrent(); // https://stackoverflow.com/questions/1410127/c-sharp-test-if-user-has-write-access-to-a-folder // AccessControlType deny takes precedence over allow, so to be completely thorough rules that deny the access right should be checked as well, foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules) { // if (identity.Groups.Contains(rule.IdentityReference)) if (identity.Groups.Contains(rule.IdentityReference) || identity.Owner.Equals(rule.IdentityReference)) { if ((AccessRight & rule.FileSystemRights) > 0) { if (rule.AccessControlType == System.Security.AccessControl.AccessControlType.Deny) { return(false); } } } } foreach (System.Security.AccessControl.FileSystemAccessRule rule in rules) { // if (identity.Groups.Contains(rule.IdentityReference)) if (identity.Groups.Contains(rule.IdentityReference) || identity.Owner.Equals(rule.IdentityReference)) { if ((AccessRight & rule.FileSystemRights) == AccessRight) { if (rule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow) { return(true); } } } } } catch (System.Exception) { } return(false); }
public static string CollectFilePermissionInformation(string filePath) { var bldr = new StringBuilder(); try { if (SIL.PlatformUtilities.Platform.IsWindows) { var currentUser = System.Security.Principal.WindowsIdentity.GetCurrent(); bldr.AppendLine($"current user is {currentUser.Name}"); var principal = new System.Security.Principal.WindowsPrincipal(currentUser); bool isInRoleWithAccess = false; bool accessDenied = false; bool accessAllowed = false; System.Security.AccessControl.FileSystemRights accessRights = System.Security.AccessControl.FileSystemRights.Write; var acl = File.GetAccessControl(filePath); var rules = acl.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); var sid = acl.GetOwner(typeof(System.Security.Principal.SecurityIdentifier)); var acct = sid.Translate(typeof(System.Security.Principal.NTAccount)) as System.Security.Principal.NTAccount; if (acct != null) { bldr.AppendLine($"owner of \"{filePath}\" is {acct.Value}"); } var fileAttributes = RobustFile.GetAttributes(filePath); bldr.AppendLine($"{filePath} current ReadOnly attribute of {filePath} is {(fileAttributes & FileAttributes.ReadOnly) == FileAttributes.ReadOnly}"); foreach (System.Security.AccessControl.AuthorizationRule rule in rules) { var fsAccessRule = rule as System.Security.AccessControl.FileSystemAccessRule; if (fsAccessRule == null) { continue; } if ((fsAccessRule.FileSystemRights & accessRights) > 0) { var ntAccount = rule.IdentityReference as System.Security.Principal.NTAccount; if (ntAccount == null) { continue; } if (principal.IsInRole(ntAccount.Value)) { if (fsAccessRule.AccessControlType == System.Security.AccessControl.AccessControlType.Deny) { bldr.AppendLine($"current user is denied write access to {filePath} by {ntAccount.Value}{(rule.IsInherited ? " (inherited)":"")}"); accessDenied = true; } if (fsAccessRule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow) { bldr.AppendLine($"current user is allowed write access to {filePath} by {ntAccount.Value}{(rule.IsInherited ? " (inherited)":"")}"); accessAllowed = true; } isInRoleWithAccess = true; } } } if (isInRoleWithAccess) { if (!accessAllowed) { bldr.AppendLine($"current user is not explicitly allowed write access to {filePath}"); } if (!accessDenied) { bldr.AppendLine($"current user is not explicitly denied write access to {filePath}"); } } else { bldr.AppendLine($"current user is not explicitly given access to {filePath}"); } } else { var folder = Path.GetDirectoryName(filePath); var fileInfo = new Mono.Unix.UnixFileInfo(filePath); var dirInfo = new Mono.Unix.UnixDirectoryInfo(folder); var userInfo = Mono.Unix.UnixUserInfo.GetRealUser(); bldr.AppendLine($"current user is {userInfo.UserName}"); bldr.AppendLine($"owner of \"{filePath}\" is {fileInfo.OwnerUser.UserName}"); bldr.AppendLine($"permissions of \"{filePath}\" = {fileInfo.FileAccessPermissions.ToString()}"); bldr.AppendLine($"owner of \"{folder}\" is {dirInfo.OwnerUser.UserName}"); bldr.AppendLine($"permissions of \"{folder}\" = {dirInfo.FileAccessPermissions.ToString()}"); } } catch (Exception e) { bldr.AppendLine($"Caught exception {e} while trying to collect information about {filePath}"); } return(bldr.ToString()); }