/// <summary>
/// Grants NTFS permissions by SID
/// </summary>
/// <param name="path"></param>
/// <param name="sid"></param>
/// <param name="permissions"></param>
/// <param name="inheritParentPermissions"></param>
/// <param name="preserveOriginalPermissions"></param>
internal static void GrantNtfsPermissionsBySid(string path, string sid,
NtfsPermission permissions, bool inheritParentPermissions, bool preserveOriginalPermissions)
{
// remove trailing slash if any
if (path.EndsWith("\\"))
{
path = path.Substring(0, path.Length - 1);
}
// get security settings
ManagementObject logicalFileSecuritySetting = wmi.GetObject(String.Format(
"Win32_LogicalFileSecuritySetting.Path='{0}'", path));
// get original security descriptor
ManagementBaseObject outParams = logicalFileSecuritySetting.InvokeMethod("GetSecurityDescriptor", null, null);
ManagementBaseObject originalDescriptor = ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
// create new descriptor
ManagementBaseObject descriptor = wmi.GetClass("Win32_SecurityDescriptor").CreateInstance();
descriptor.Properties["ControlFlags"].Value = inheritParentPermissions ? (uint)33796 : (uint)37892;
// get original ACEs
ManagementBaseObject[] originalAces = ((ManagementBaseObject[])(originalDescriptor.Properties["DACL"].Value));
// create a new ACEs list
List <ManagementBaseObject> aces = new List <ManagementBaseObject>();
// copy original ACEs if required
if (preserveOriginalPermissions)
{
foreach (ManagementBaseObject originalAce in originalAces)
{
// we don't want to include inherited and current ACEs
ManagementBaseObject objTrustee = (ManagementBaseObject)originalAce.Properties["Trustee"].Value;
string trusteeSid = (string)objTrustee.Properties["SIDString"].Value;
bool inheritedAce = ((AceFlags)originalAce.Properties["AceFlags"].Value & AceFlags.INHERITED_ACE) > 0;
if (String.Compare(trusteeSid, sid, true) != 0 && !inheritedAce)
{
aces.Add(originalAce);
}
}
}
// create new trustee object
ManagementObject trustee = GetTrustee(sid);
// system access mask
uint mask = 0;
if ((permissions & NtfsPermission.FullControl) > 0)
{
mask |= 0x1f01ff;
}
if ((permissions & NtfsPermission.Modify) > 0)
{
mask |= 0x1301bf;
}
if ((permissions & NtfsPermission.Write) > 0)
{
mask |= 0x100116 | 0x10000 | 0x40;
}
if ((permissions & NtfsPermission.Read) > 0)
{
mask |= 0x120089;
}
bool executeEnabled = ((permissions & NtfsPermission.Execute) > 0);
bool listEnabled = ((permissions & NtfsPermission.ListFolderContents) > 0);
bool equalState = (executeEnabled == listEnabled);
// create and add to be modified ACE
ManagementObject ace;
if (equalState ||
(permissions & NtfsPermission.FullControl) > 0 ||
(permissions & NtfsPermission.Modify) > 0) // both "Execute" and "List" enabled or disabled
{
if ((permissions & NtfsPermission.Execute) > 0)
{
mask |= (uint)SystemAccessMask.FILE_TRAVERSE;
}
ace = wmi.GetClass("Win32_Ace").CreateInstance();
ace["Trustee"] = trustee;
ace["AceFlags"] = AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE;
ace["AceType"] = 0; // "Allow" type
ace["AccessMask"] = mask;
aces.Add(ace);
}
else // either "Execute" or "List" enabled or disabled
{
// we should place a separate permissions for folders and files
// add FOLDER specific permissions
uint foldersMask = mask;
if ((permissions & NtfsPermission.ListFolderContents) > 0)
{
foldersMask |= (uint)SystemAccessMask.FILE_TRAVERSE;
}
ace = wmi.GetClass("Win32_Ace").CreateInstance();
ace["Trustee"] = trustee;
ace["AceFlags"] = AceFlags.CONTAINER_INHERIT_ACE;
ace["AceType"] = 0; // "Allow" type
ace["AccessMask"] = foldersMask; // set default permissions
aces.Add(ace);
// add files specific permissions
uint filesMask = mask;
if ((permissions & NtfsPermission.Execute) > 0)
{
filesMask |= (uint)SystemAccessMask.FILE_TRAVERSE;
}
ace = wmi.GetClass("Win32_Ace").CreateInstance();
ace["Trustee"] = trustee;
ace["AceFlags"] = AceFlags.OBJECT_INHERIT_ACE;
ace["AceType"] = 0; // "Allow" type
ace["AccessMask"] = filesMask; // set default permissions
aces.Add(ace);
}
// set newly created ACEs
ManagementBaseObject[] newAces = aces.ToArray();
descriptor.Properties["DACL"].Value = newAces;
// set security descriptor
ManagementBaseObject inParams = logicalFileSecuritySetting.GetMethodParameters("SetSecurityDescriptor");
inParams["Descriptor"] = descriptor;
outParams = logicalFileSecuritySetting.InvokeMethod("SetSecurityDescriptor", inParams, null);
// check results
uint result = (uint)(outParams.Properties["ReturnValue"].Value);
logicalFileSecuritySetting.Dispose();
}
/// <summary>
/// Creates site.
/// </summary>
/// <param name="site">Site object.</param>
/// <returns>Site id.</returns>
internal static string CreateSite(WebSiteItem site)
{
//CheckWebServerBindings(site.Bindings);
// set folder permissions
//SetWebFolderPermissions(site.ContentPath, site.AnonymousUsername);
// create Web site
ManagementObject objService = wmi.GetObject(String.Format("IIsWebService='{0}'", IIS_SERVICE_ID));
ManagementBaseObject methodParams = objService.GetMethodParameters("CreateNewSite");
// create server bindings
ManagementClass clsBinding = wmi.GetClass("ServerBinding");
ManagementObject[] objBindings = new ManagementObject[site.Bindings.Length];
for (int i = 0; i < objBindings.Length; i++)
{
objBindings[i] = clsBinding.CreateInstance();
objBindings[i]["Hostname"] = site.Bindings[i].Host;
objBindings[i]["IP"] = site.Bindings[i].IP;
objBindings[i]["Port"] = site.Bindings[i].Port;
}
methodParams["ServerBindings"] = objBindings;
methodParams["ServerComment"] = site.Name;
methodParams["PathOfRootVirtualDir"] = site.ContentPath;
ManagementBaseObject objResult = objService.InvokeMethod("CreateNewSite", methodParams, new InvokeMethodOptions());
// get WEB settings
string siteId = ((string)objResult["returnValue"]).Remove(0, "IIsWebServer='".Length).Replace("'", "");
// update site properties
ManagementObject objSite = wmi.GetObject(String.Format("IIsWebServerSetting='{0}'", siteId));
ManagementObject objVirtDir = wmi.GetObject(
String.Format("IIsWebVirtualDirSetting='{0}'", GetVirtualDirectoryPath(siteId, "")));
if (site.LogFileDirectory != null && site.LogFileDirectory != "")
{
objSite.Properties["LogFileDirectory"].Value = site.LogFileDirectory;
}
FillWmiObjectFromVirtualDirectory(objSite, site);
objSite.Put();
FillWmiObjectFromVirtualDirectory(objVirtDir, site);
FillWmiObjectFromVirtualDirectoryRest(objVirtDir, site);
// set correct default documents
SetVirtualDirectoryDefaultDocs(objVirtDir);
// set ASP.NET
SetVirtualDirectoryAspNetMappings(objVirtDir, site.InstalledDotNetFramework);
// save object
objVirtDir.Put();
// start site
ChangeSiteState(siteId, ServerState.Started);
return(siteId);
}
