/// <summary> /// /// </summary> /// <param name="pFileName"></param> /// <param name="pAccount">ej: @"ALCO\moviedo"</param> /// <param name="pRights"><see cref="FileSystemRights"/></param> /// <param name="pControlType"><see cref="AccessControlType"/></param> public static void RemoveFileSecurity(string pFileName, string pAccount, FileSystemRights pRights, AccessControlType pControlType) { //Actual configuracion de seguridad System.Security.AccessControl.FileSecurity wFileSecurity = File.GetAccessControl(pFileName); // Elimina FileSystemAccessRule de la config de seguridad (wFileSecurity) wFileSecurity.RemoveAccessRule(new FileSystemAccessRule(pAccount, pRights, pControlType)); File.SetAccessControl(pFileName, wFileSecurity); }
protected override void ExecuteOnFile(FileInfo file) { FileSecurity fileSec = new FileSecurity(file.FullName, AccessControlSections.Access); IList<FileSystemAccessRule> targetRules = FindAccessRules(fileSec); if (targetRules.Count == 0) { Log(Level.Info, Resources.RemoveAccessRuleEmpty, NTAccount, file.FullName); } else { foreach (FileSystemAccessRule fileSystemAccessRule in targetRules) { Log(Level.Info, Resources.RemoveAccessRuleRemoving, NTAccount, file.FullName); fileSec.RemoveAccessRule(fileSystemAccessRule); } file.SetAccessControl(fileSec); } }
/// <summary> /// Removes all explicit access rules from the supplied file. /// </summary> /// <param name="path">The path to the file to have access removed on.</param> /// <param name="security">The FileSecurity object of the file once changed.</param> /// <param name="commitChanges">Indicates whether changes should be commited to this file. Useful when combining multiple commands.</param> /// <returns>True if access was removed. False otherwise.</returns> public static bool RemoveAllExplicitAccessRules(string path, out FileSecurity security, bool commitChanges) { // Check that a path was supplied. if (!string.IsNullOrEmpty(path)) { // The path was supplied. // Check whether the file exists. if (SystemFile.Exists(path)) { // The file exists. // Remove existing explicit permissions. security = GetSecurityObject(path); if (security != null) { AuthorizationRuleCollection rules = security.GetAccessRules(true, false, typeof(System.Security.Principal.SecurityIdentifier)); foreach (AuthorizationRule rule in rules) { security.RemoveAccessRule((FileSystemAccessRule)rule); } // Commit the changes if necessary. if (commitChanges) { try { SystemFile.SetAccessControl(path, security); } catch (IOException) { // An I/O error occurred while opening the file. return false; } catch (UnauthorizedAccessException) { // The path parameter specified a file that is read-only. // The operation is not supported on the current platform. // Or the current process does not have the required permission. return false; } } return true; } else { // Unable to get the file's security object. return false; } } else { // The file does not exist. security = null; return false; } } else { // A path was not supplied. security = null; return false; } }
public void ProjectCanNotBeOpened() { string projectFile = null; IdentityReference identity = new SecurityIdentifier(WellKnownSidType.WorldSid, null); FileSystemAccessRule rule = new FileSystemAccessRule(identity, FileSystemRights.Read, AccessControlType.Deny); FileSecurity security = null; try { // Does not have .sln or .vcproj extension so loads as project projectFile = Microsoft.Build.Shared.FileUtilities.GetTemporaryFile(); security = new FileSecurity(projectFile, System.Security.AccessControl.AccessControlSections.All); security.AddAccessRule(rule); File.SetAccessControl(projectFile, security); ProjectRootElement p = ProjectRootElement.Open(projectFile); } catch (PrivilegeNotHeldException) { throw new InvalidProjectFileException("Running unelevated so skipping the scenario."); } finally { if (security != null) { security.RemoveAccessRule(rule); } File.Delete(projectFile); Assert.AreEqual(false, File.Exists(projectFile)); } }
public void SolutionCanNotBeOpened() { string solutionFile = null; string tempFileSentinel = null; IdentityReference identity = new SecurityIdentifier(WellKnownSidType.WorldSid, null); FileSystemAccessRule rule = new FileSystemAccessRule(identity, FileSystemRights.Read, AccessControlType.Deny); FileSecurity security = null; try { tempFileSentinel = Microsoft.Build.Shared.FileUtilities.GetTemporaryFile(); solutionFile = Path.ChangeExtension(tempFileSentinel, ".sln"); File.Copy(tempFileSentinel, solutionFile); security = new FileSecurity(solutionFile, System.Security.AccessControl.AccessControlSections.All); security.AddAccessRule(rule); File.SetAccessControl(solutionFile, security); ProjectRootElement p = ProjectRootElement.Open(solutionFile); } catch (PrivilegeNotHeldException) { throw new InvalidProjectFileException("Running unelevated so skipping this scenario."); } finally { if (security != null) { security.RemoveAccessRule(rule); } File.Delete(solutionFile); File.Delete(tempFileSentinel); Assert.AreEqual(false, File.Exists(solutionFile)); } }
/// <summary> /// Tpo revoke read access /// </summary> /// <param name="identity">Identity to revoke read access</param> public void RevokeReadAccess(string identity) { if (!Exists()) { throw new KeyDoesNotExistsException(ContainerName); } // Get the unique filename associated and string path = UniqueKeyContainerFileName; FileSecurity fileSecurity = new FileSecurity(path, AccessControlSections.Access); fileSecurity.RemoveAccessRule(new FileSystemAccessRule(identity, FileSystemRights.ReadPermissions, AccessControlType.Allow)); File.SetAccessControl(path, fileSecurity); }