예제 #1
0
        /// <summary>
        /// Converts a SID to a user account name.
        /// </summary>
        public static string SidToAccountName(string sid)
        {
            SecurityIdentifier identifier = new SecurityIdentifier(sid);
            
            if (!identifier.IsValidTargetType(typeof(NTAccount)))
            {
                return null;
            }

            return identifier.Translate(typeof(NTAccount)).ToString();
        }
예제 #2
0
        /// <summary>
        /// Gets the application access rules implied by the access rights to the file.
        /// </summary>
        public static void SetAccessRules(String filePath, IList<ApplicationAccessRule> accessRules, bool replaceExisting)
        {
            // get the current permissions from the file or directory.
            FileSystemSecurity security = null;

            FileInfo fileInfo = new FileInfo(filePath);
            DirectoryInfo directoryInfo = null;

            if (!fileInfo.Exists)
            {
                directoryInfo = new DirectoryInfo(filePath);

                if (!directoryInfo.Exists)
                {
                    throw new FileNotFoundException("File or directory does not exist.", filePath);
                }

                security = directoryInfo.GetAccessControl(AccessControlSections.Access);
            }
            else
            {
                security = fileInfo.GetAccessControl(AccessControlSections.Access);
            }

            if (replaceExisting)
            {
                // can't use inhieritance when setting permissions 
                security.SetAccessRuleProtection(true, false);

                // remove all existing access rules.
                AuthorizationRuleCollection authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));

                for (int ii = 0; ii < authorizationRules.Count; ii++)
                {
                    FileSystemAccessRule accessRule = authorizationRules[ii] as FileSystemAccessRule;

                    // only care about file system rules.
                    if (accessRule == null)
                    {
                        continue;
                    }

                    security.RemoveAccessRule(accessRule);
                }
            }

            // allow children to inherit rules for directories.
            InheritanceFlags flags = InheritanceFlags.None;

            if (directoryInfo != null)
            {
                flags = InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit;
            }

            // add the new rules.
            for (int ii = 0; ii < accessRules.Count; ii++)
            {
                ApplicationAccessRule applicationRule = accessRules[ii];

                IdentityReference identityReference = applicationRule.IdentityReference;

                if (identityReference == null)
                {
                    if (applicationRule.IdentityName.StartsWith("S-"))
                    {
                        SecurityIdentifier sid = new SecurityIdentifier(applicationRule.IdentityName);

                        if (!sid.IsValidTargetType(typeof(NTAccount)))
                        {
                            continue;
                        }

                        identityReference = sid.Translate(typeof(NTAccount));
                    }
                    else
                    {
                        identityReference = new NTAccount(applicationRule.IdentityName);
                    }
                }
                
                FileSystemAccessRule fileRule = null;

                switch (applicationRule.Right)
                {
                    case ApplicationAccessRight.Run:
                    {
                        fileRule = new FileSystemAccessRule(
                            identityReference,
                            (applicationRule.RuleType == AccessControlType.Allow) ? Read : Configure,
                            flags,
                            PropagationFlags.None,
                            ApplicationAccessRule.Convert(applicationRule.RuleType));

                        break;
                    }

                    case ApplicationAccessRight.Update:
                    {
                        fileRule = new FileSystemAccessRule(
                            identityReference,
                            (applicationRule.RuleType == AccessControlType.Allow) ? Update : ConfigureOnly | UpdateOnly,
                            flags,
                            PropagationFlags.None,
                            ApplicationAccessRule.Convert(applicationRule.RuleType));

                        security.SetAccessRule(fileRule);
                        break;
                    }

                    case ApplicationAccessRight.Configure:
                    {
                        fileRule = new FileSystemAccessRule(
                            identityReference,
                            (applicationRule.RuleType == AccessControlType.Allow) ? Configure : ConfigureOnly,
                            flags,
                            PropagationFlags.None,
                            ApplicationAccessRule.Convert(applicationRule.RuleType));

                        break;
                    }
                }

                try
                {
                    security.SetAccessRule(fileRule);
                }
                catch (Exception e)
                {
                    Utils.Trace(
                        "Could not set access rule for account '{0}' on file '{1}'. Error={2}", 
                        applicationRule.IdentityName,
                        filePath,
                        e.Message);
                }
            }

            if (directoryInfo != null)
            {
                directoryInfo.SetAccessControl((DirectorySecurity)security);
                return;
            }

            fileInfo.SetAccessControl((FileSecurity)security);
        }