/// <summary>
/// Converts a SID to a user account name.
/// </summary>
public static string SidToAccountName(string sid)
{
SecurityIdentifier identifier = new SecurityIdentifier(sid);
if (!identifier.IsValidTargetType(typeof(NTAccount)))
{
return null;
}
return identifier.Translate(typeof(NTAccount)).ToString();
}
/// <summary>
/// Gets the application access rules implied by the access rights to the file.
/// </summary>
public static void SetAccessRules(String filePath, IList<ApplicationAccessRule> accessRules, bool replaceExisting)
{
// get the current permissions from the file or directory.
FileSystemSecurity security = null;
FileInfo fileInfo = new FileInfo(filePath);
DirectoryInfo directoryInfo = null;
if (!fileInfo.Exists)
{
directoryInfo = new DirectoryInfo(filePath);
if (!directoryInfo.Exists)
{
throw new FileNotFoundException("File or directory does not exist.", filePath);
}
security = directoryInfo.GetAccessControl(AccessControlSections.Access);
}
else
{
security = fileInfo.GetAccessControl(AccessControlSections.Access);
}
if (replaceExisting)
{
// can't use inhieritance when setting permissions
security.SetAccessRuleProtection(true, false);
// remove all existing access rules.
AuthorizationRuleCollection authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
for (int ii = 0; ii < authorizationRules.Count; ii++)
{
FileSystemAccessRule accessRule = authorizationRules[ii] as FileSystemAccessRule;
// only care about file system rules.
if (accessRule == null)
{
continue;
}
security.RemoveAccessRule(accessRule);
}
}
// allow children to inherit rules for directories.
InheritanceFlags flags = InheritanceFlags.None;
if (directoryInfo != null)
{
flags = InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit;
}
// add the new rules.
for (int ii = 0; ii < accessRules.Count; ii++)
{
ApplicationAccessRule applicationRule = accessRules[ii];
IdentityReference identityReference = applicationRule.IdentityReference;
if (identityReference == null)
{
if (applicationRule.IdentityName.StartsWith("S-"))
{
SecurityIdentifier sid = new SecurityIdentifier(applicationRule.IdentityName);
if (!sid.IsValidTargetType(typeof(NTAccount)))
{
continue;
}
identityReference = sid.Translate(typeof(NTAccount));
}
else
{
identityReference = new NTAccount(applicationRule.IdentityName);
}
}
FileSystemAccessRule fileRule = null;
switch (applicationRule.Right)
{
case ApplicationAccessRight.Run:
{
fileRule = new FileSystemAccessRule(
identityReference,
(applicationRule.RuleType == AccessControlType.Allow) ? Read : Configure,
flags,
PropagationFlags.None,
ApplicationAccessRule.Convert(applicationRule.RuleType));
break;
}
case ApplicationAccessRight.Update:
{
fileRule = new FileSystemAccessRule(
identityReference,
(applicationRule.RuleType == AccessControlType.Allow) ? Update : ConfigureOnly | UpdateOnly,
flags,
PropagationFlags.None,
ApplicationAccessRule.Convert(applicationRule.RuleType));
security.SetAccessRule(fileRule);
break;
}
case ApplicationAccessRight.Configure:
{
fileRule = new FileSystemAccessRule(
identityReference,
(applicationRule.RuleType == AccessControlType.Allow) ? Configure : ConfigureOnly,
flags,
PropagationFlags.None,
ApplicationAccessRule.Convert(applicationRule.RuleType));
break;
}
}
try
{
security.SetAccessRule(fileRule);
}
catch (Exception e)
{
Utils.Trace(
"Could not set access rule for account '{0}' on file '{1}'. Error={2}",
applicationRule.IdentityName,
filePath,
e.Message);
}
}
if (directoryInfo != null)
{
directoryInfo.SetAccessControl((DirectorySecurity)security);
return;
}
fileInfo.SetAccessControl((FileSecurity)security);
}