/// <remarks/> public void GetGroupNtfsPermissionsAsync(string path, UserPermission[] users, string usersOU) { this.GetGroupNtfsPermissionsAsync(path, users, usersOU, null); }
public static UserPermission[] GetGroupNtfsPermissions( string path, UserPermission[] users, RemoteServerSettings serverSettings, string usersOU, string groupsOU) { // get file or directory security object FileSystemSecurity security = GetFileSystemSecurity(path); if (security == null) return users; // get all explicit rules AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(SecurityIdentifier)); // iterate through each account foreach (UserPermission permission in users) { SecurityIdentifier identity = null; if (String.Compare(permission.AccountName, "network service", true) == 0) identity = new SecurityIdentifier(SystemSID.NETWORK_SERVICE); else identity = new SecurityIdentifier(GetAccountSid(permission.AccountName, serverSettings, usersOU, groupsOU)); foreach (FileSystemAccessRule rule in rules) { if (rule.IdentityReference == identity && rule.AccessControlType == AccessControlType.Allow && (rule.FileSystemRights & FileSystemRights.Read) == FileSystemRights.Read) permission.Read = true; if (rule.IdentityReference == identity && rule.AccessControlType == AccessControlType.Allow && (rule.FileSystemRights & FileSystemRights.Write) == FileSystemRights.Write) permission.Write = true; } } return users; }
public static ResultObject SetFolderNtfsPermissions(int storageSpaceId, string fullPath, UserPermission[] permissions, bool isProtected, bool preserveInheritance) { return SetFolderNtfsPermissionsInternal(storageSpaceId, fullPath, permissions, isProtected, preserveInheritance); }
/// <remarks/> public void SetFolderNtfsPermissionsAsync(string fullPath, UserPermission[] permissions, bool isProtected, bool preserveInheritance, object userState) { if ((this.SetFolderNtfsPermissionsOperationCompleted == null)) { this.SetFolderNtfsPermissionsOperationCompleted = new System.Threading.SendOrPostCallback(this.OnSetFolderNtfsPermissionsOperationCompleted); } this.InvokeAsync("SetFolderNtfsPermissions", new object[] { fullPath, permissions, isProtected, preserveInheritance}, this.SetFolderNtfsPermissionsOperationCompleted, userState); }
public static UserPermission[] GetGroupNtfsPermissions( string path, UserPermission[] users, RemoteServerSettings serverSettings, string usersOU, string groupsOU) { // get file or directory security object FileSystemSecurity security = GetFileSystemSecurity(path); if (security == null) return users; // get all explicit rules AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(SecurityIdentifier)); // 06.09.2015 [email protected] // Determine the correct AccountName by SID // 04.10.2015 [email protected] // For Performance Reason put this outside of foreach var networkServiceName = GetAccountNameFromSid(WellKnownSidType.NetworkServiceSid, serverSettings); var systemName = GetAccountNameFromSid(WellKnownSidType.LocalSystemSid, serverSettings); var currentUserName = Environment.UserName; // iterate through each account foreach (UserPermission permission in users) { SecurityIdentifier identity = null; if (String.Compare(permission.AccountName, networkServiceName, true) == 0 || string.Compare(permission.AccountName, "NETWORK SERVICE", true) == 0) identity = new SecurityIdentifier(SystemSID.NETWORK_SERVICE); else if (String.Compare(permission.AccountName, systemName, true) == 0) identity = new SecurityIdentifier(SystemSID.SYSTEM); else { // 04.10.2015 [email protected] // Check, if AD is enabled string sid = null; if (String.Compare(permission.AccountName, currentUserName, true) == 0) sid = GetAccountSid(currentUserName, serverSettings, null, null); else { if (serverSettings.ADEnabled) sid = GetAccountSid(permission.AccountName, serverSettings, usersOU, groupsOU); else sid = GetAccountSid(permission.AccountName, serverSettings, null, null); } if(!string.IsNullOrEmpty(sid)) identity = new SecurityIdentifier(sid); } foreach (FileSystemAccessRule rule in rules) { if (rule.IdentityReference == identity && rule.AccessControlType == AccessControlType.Allow && (rule.FileSystemRights & FileSystemRights.Read) == FileSystemRights.Read) permission.Read = true; if (rule.IdentityReference == identity && rule.AccessControlType == AccessControlType.Allow && (rule.FileSystemRights & FileSystemRights.Write) == FileSystemRights.Write) permission.Write = true; } } return users; }
public int SetFilePermissions(int packageId, string path, UserPermission[] users, bool resetChildPermissions) { return FilesController.SetFilePermissions(packageId, path, users, resetChildPermissions); }
/// <remarks/> public System.IAsyncResult BeginSetFolderNtfsPermissions(string fullPath, UserPermission[] permissions, bool isProtected, bool preserveInheritance, System.AsyncCallback callback, object asyncState) { return this.BeginInvoke("SetFolderNtfsPermissions", new object[] { fullPath, permissions, isProtected, preserveInheritance}, callback, asyncState); }
public void GrantGroupNtfsPermissions(string path, UserPermission[] users, string usersOU, bool resetChildPermissions) { SecurityUtils.GrantGroupNtfsPermissions(path, users, resetChildPermissions, ServerSettings, usersOU, null); }
protected void btnSetPermissions_Click(object sender, EventArgs e) { // create file string path = (string)ViewState["EditPermissions"]; try { // update permissions List<UserPermission> users = new List<UserPermission>(); foreach (GridViewRow row in gvFilePermissions.Rows) { Literal litAccountName = (Literal)row.FindControl("litAccountName"); CheckBox chkRead = (CheckBox)row.FindControl("chkRead"); CheckBox chkWrite = (CheckBox)row.FindControl("chkWrite"); if (litAccountName != null) { UserPermission user = new UserPermission(); user.AccountName = litAccountName.Text; user.Read = chkRead.Checked; user.Write = chkWrite.Checked; users.Add(user); } } int result = ES.Services.Files.SetFilePermissions(PanelSecurity.PackageId, path, users.ToArray(), chkReplaceChildPermissions.Checked); if (result < 0) { messageBox.ShowResultMessage(result); return; } } catch (Exception ex) { messageBox.ShowErrorMessage("FILES_UPDATE_PERMISSIONS", ex); } // hide form PermissionsFileModal.Hide(); }
/// <remarks/> public void GrantGroupNtfsPermissionsAsync(string path, UserPermission[] users, string usersOU, bool resetChildPermissions, object userState) { if ((this.GrantGroupNtfsPermissionsOperationCompleted == null)) { this.GrantGroupNtfsPermissionsOperationCompleted = new System.Threading.SendOrPostCallback(this.OnGrantGroupNtfsPermissionsOperationCompleted); } this.InvokeAsync("GrantGroupNtfsPermissions", new object[] { path, users, usersOU, resetChildPermissions}, this.GrantGroupNtfsPermissionsOperationCompleted, userState); }
public UserPermission[] GetGroupNtfsPermissions(string path, UserPermission[] users, string usersOU) { return SecurityUtils.GetGroupNtfsPermissions(path, users, ServerSettings, usersOU, null); }
/// <remarks/> public void GrantGroupNtfsPermissionsAsync(string path, UserPermission[] users, string usersOU, bool resetChildPermissions) { this.GrantGroupNtfsPermissionsAsync(path, users, usersOU, resetChildPermissions, null); }
/// <remarks/> public System.IAsyncResult BeginGrantGroupNtfsPermissions(string path, UserPermission[] users, string usersOU, bool resetChildPermissions, System.AsyncCallback callback, object asyncState) { return this.BeginInvoke("GrantGroupNtfsPermissions", new object[] { path, users, usersOU, resetChildPermissions}, callback, asyncState); }
public void GrantGroupNtfsPermissions(string path, UserPermission[] users, string usersOU, bool resetChildPermissions) { this.Invoke("GrantGroupNtfsPermissions", new object[] { path, users, usersOU, resetChildPermissions}); }
public static int SetFilePermissions(int packageId, string path, UserPermission[] users, bool resetChildPermissions) { // check account int accountCheck = SecurityContext.CheckAccount(DemandAccount.NotDemo | DemandAccount.IsActive); if (accountCheck < 0) return accountCheck; // place log record TaskManager.StartTask("FILES", "SET_PERMISSIONS", path); TaskManager.ItemId = packageId; try { OS.OperatingSystem os = GetOS(packageId); string fullPath = GetFullPackagePath(packageId, path); // get users OU defined on web server string usersOU = WebServerController.GetWebUsersOU(packageId); os.GrantGroupNtfsPermissions(fullPath, users, usersOU, resetChildPermissions); return 0; } catch (Exception ex) { throw TaskManager.WriteError(ex); } finally { TaskManager.CompleteTask(); } }
public int SetFilePermissions(int packageId, string path, UserPermission[] users, bool resetChildPermissions) { object[] results = this.Invoke("SetFilePermissions", new object[] { packageId, path, users, resetChildPermissions}); return ((int)(results[0])); }
private static UserPermission[] GetAvailableSecurityAccounts(int packageId) { List<UserPermission> users = new List<UserPermission>(); // all web sites List<WebSite> sites = WebServerController.GetWebSites(packageId, false); int webServiceId = PackageController.GetPackageServiceId(packageId, ResourceGroups.Web); if (webServiceId > 0) { List<string> siteIds = new List<string>(); foreach (WebSite site in sites) siteIds.Add(site.SiteId); WebServer web = WebServerController.GetWebServer(webServiceId); string[] siteAccounts = web.GetSitesAccounts(siteIds.ToArray()); for (int i = 0; i < sites.Count; i++) { UserPermission user = new UserPermission(); user.DisplayName = sites[i].Name; user.AccountName = siteAccounts[i]; users.Add(user); } } // add "network service" UserPermission ns = new UserPermission(); ns.DisplayName = "NETWORK SERVICE"; ns.AccountName = "NETWORK SERVICE"; users.Add(ns); return users.ToArray(); }
/// <remarks/> public System.IAsyncResult BeginSetFilePermissions(int packageId, string path, UserPermission[] users, bool resetChildPermissions, System.AsyncCallback callback, object asyncState) { return this.BeginInvoke("SetFilePermissions", new object[] { packageId, path, users, resetChildPermissions}, callback, asyncState); }
public void SetFolderNtfsPermissions(string fullPath, UserPermission[] permissions, bool isProtected, bool preserveInheritance) { this.Invoke("SetFolderNtfsPermissions", new object[] { fullPath, permissions, isProtected, preserveInheritance}); }
/// <remarks/> public void SetFilePermissionsAsync(int packageId, string path, UserPermission[] users, bool resetChildPermissions) { this.SetFilePermissionsAsync(packageId, path, users, resetChildPermissions, null); }
/// <remarks/> public void SetFolderNtfsPermissionsAsync(string fullPath, UserPermission[] permissions, bool isProtected, bool preserveInheritance) { this.SetFolderNtfsPermissionsAsync(fullPath, permissions, isProtected, preserveInheritance, null); }
/// <remarks/> public void SetFilePermissionsAsync(int packageId, string path, UserPermission[] users, bool resetChildPermissions, object userState) { if ((this.SetFilePermissionsOperationCompleted == null)) { this.SetFilePermissionsOperationCompleted = new System.Threading.SendOrPostCallback(this.OnSetFilePermissionsOperationCompleted); } this.InvokeAsync("SetFilePermissions", new object[] { packageId, path, users, resetChildPermissions}, this.SetFilePermissionsOperationCompleted, userState); }
public void SetFolderNtfsPermissions(string fullPath, UserPermission[] permissions, bool isProtected, bool preserveInheritance) { try { Log.WriteStart("'{0}' SetFolderNtfsPermissions", ProviderSettings.ProviderName); StorageSpaceProvider.SetFolderNtfsPermissions(fullPath, permissions, isProtected, preserveInheritance); Log.WriteEnd("'{0}' SetFolderNtfsPermissions", ProviderSettings.ProviderName); } catch (Exception ex) { Log.WriteError(String.Format("'{0}' SetFolderNtfsPermissions", ProviderSettings.ProviderName), ex); throw; } }
public void SetFolderNtfsPermissions(string fullPath, UserPermission[] permissions, bool isProtected, bool preserveInheritance) { Log.WriteStart("SetFolderNtfsPermissions"); Log.WriteInfo("Full path : {0}", fullPath); try { if (preserveInheritance == false && permissions != null) { if (permissions.All(x =>!string.Equals(x.AccountName, "Domain Admins",StringComparison.InvariantCultureIgnoreCase))) { permissions = permissions.Concat(new[] { new UserPermission {AccountName = "Domain Admins", Read = true, Write = true} }).ToArray(); } if (permissions.All(x => !string.Equals(x.AccountName, "System", StringComparison.InvariantCultureIgnoreCase))) { permissions = permissions.Concat(new[] { new UserPermission {AccountName = "System", Read = true, Write = true} }).ToArray(); } } SecurityUtils.ResetNtfsPermissions(fullPath); SecurityUtils.GrantGroupNtfsPermissions(fullPath, permissions, false, new RemoteServerSettings(), null, null,isProtected, preserveInheritance); } catch (Exception ex) { Log.WriteError(ex); throw; } finally { Log.WriteEnd("SetFolderNtfsPermissions"); } }
public static void GrantGroupNtfsPermissions( string path, UserPermission[] users, bool resetChildPermissions, RemoteServerSettings serverSettings, string usersOU, string groupsOU, bool isProteted = false, bool inheritePermissions = true) { // get file or directory security object FileSystemSecurity security = GetFileSystemSecurity(path); if (security == null) return; // 06.09.2015 [email protected] // Determine the correct AccountName by SID // 04.10.2015 [email protected] // For Performance Reason put this outside of foreach var networkServiceName = GetAccountNameFromSid(WellKnownSidType.NetworkServiceSid, serverSettings); var systemName = GetAccountNameFromSid(WellKnownSidType.LocalSystemSid, serverSettings); var currentUserName = Environment.UserName; // iterate through each account foreach (UserPermission permission in users) { SecurityIdentifier identity = null; if (String.Compare(permission.AccountName, networkServiceName, true) == 0 || string.Compare(permission.AccountName, "NETWORK SERVICE", true) == 0) identity = new SecurityIdentifier(SystemSID.NETWORK_SERVICE); else if (String.Compare(permission.AccountName, systemName, true) == 0) identity = new SecurityIdentifier(SystemSID.SYSTEM); else { // 04.10.2015 [email protected] // Check, if AD is enabled string sid = null; if (String.Compare(permission.AccountName, currentUserName, true) == 0) sid = GetAccountSid(currentUserName, serverSettings, null, null); else { if (serverSettings.ADEnabled) sid = GetAccountSid(permission.AccountName, serverSettings, usersOU, groupsOU); else sid = GetAccountSid(permission.AccountName, serverSettings, null, null); } if (!string.IsNullOrEmpty(sid)) identity = new SecurityIdentifier(sid); } // remove explicit permissions security.RemoveAccessRuleAll(new FileSystemAccessRule(identity, FileSystemRights.Read, AccessControlType.Allow)); if (!permission.Read && !permission.Write) continue; FileSystemRights rights = 0; if (permission.Write) rights |= FileSystemRights.Write; if (permission.Read && security is DirectorySecurity) rights |= FileSystemRights.ReadAndExecute; if (permission.Read && security is FileSecurity) rights |= FileSystemRights.Read; if (permission.Read && permission.Write) rights |= FileSystemRights.Modify; InheritanceFlags flags = security is FileSecurity ? InheritanceFlags.None : InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit; // change DACL FileSystemAccessRule rule = new FileSystemAccessRule( identity, rights, flags, PropagationFlags.None, AccessControlType.Allow); // add/modify rule security.AddAccessRule(rule); } // allow inherited rules security.SetAccessRuleProtection(isProteted, inheritePermissions); // set security object SetFileSystemSecurity(path, security); // reset child permissions if required if (resetChildPermissions && Directory.Exists(path)) ResetChildNtfsPermissions(path); }
public UserPermission[] GetGroupNtfsPermissions(string path, UserPermission[] users, string usersOU) { try { Log.WriteStart("'{0}' GetGroupNtfsPermissions", ProviderSettings.ProviderName); UserPermission[] result = OsProvider.GetGroupNtfsPermissions(path, users, usersOU); Log.WriteEnd("'{0}' GetGroupNtfsPermissions", ProviderSettings.ProviderName); return result; } catch (Exception ex) { Log.WriteError(String.Format("'{0}' GetGroupNtfsPermissions", ProviderSettings.ProviderName), ex); throw; } }
public static void GrantGroupNtfsPermissions( string path, UserPermission[] users, bool resetChildPermissions, RemoteServerSettings serverSettings, string usersOU, string groupsOU) { // get file or directory security object FileSystemSecurity security = GetFileSystemSecurity(path); if (security == null) return; // iterate through each account foreach (UserPermission permission in users) { SecurityIdentifier identity = null; if (String.Compare(permission.AccountName, "network service", true) == 0) identity = new SecurityIdentifier(SystemSID.NETWORK_SERVICE); else identity = new SecurityIdentifier(GetAccountSid(permission.AccountName, serverSettings, usersOU, groupsOU)); // remove explicit permissions security.RemoveAccessRuleAll(new FileSystemAccessRule(identity, FileSystemRights.Read, AccessControlType.Allow)); if (!permission.Read && !permission.Write) continue; FileSystemRights rights = 0; if (permission.Write) rights |= FileSystemRights.Write; if (permission.Read && security is DirectorySecurity) rights |= FileSystemRights.ReadAndExecute; if (permission.Read && security is FileSecurity) rights |= FileSystemRights.Read; if (permission.Read && permission.Write) rights |= FileSystemRights.Modify; InheritanceFlags flags = security is FileSecurity ? InheritanceFlags.None : InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit; // change DACL FileSystemAccessRule rule = new FileSystemAccessRule( identity, rights, flags, PropagationFlags.None, AccessControlType.Allow); // add/modify rule security.AddAccessRule(rule); } // allow inherited rules security.SetAccessRuleProtection(false, true); // set security object SetFileSystemSecurity(path, security); // reset child permissions if required if (resetChildPermissions && Directory.Exists(path)) ResetChildNtfsPermissions(path); }
public void GrantGroupNtfsPermissions(string path, UserPermission[] users, string usersOU, bool resetChildPermissions) { try { Log.WriteStart("'{0}' GrantGroupNtfsPermissions", ProviderSettings.ProviderName); OsProvider.GrantGroupNtfsPermissions(path, users, usersOU, resetChildPermissions); Log.WriteEnd("'{0}' GrantGroupNtfsPermissions", ProviderSettings.ProviderName); } catch (Exception ex) { Log.WriteError(String.Format("'{0}' GrantGroupNtfsPermissions", ProviderSettings.ProviderName), ex); throw; } }
private static ResultObject SetFolderNtfsPermissionsInternal(int storageSpaceId, string fullPath, UserPermission[] permissions, bool isProtected, bool preserveInheritance) { var result = TaskManager.StartResultTask<IntResult>("STORAGE_SPACES", "SET_NTFS_PERMISSIONS_ON_FOLDER"); try { if (storageSpaceId < 0) { throw new ArgumentException("Storage Space iD must be greater than 0"); } var storage = GetStorageSpaceById(storageSpaceId); if (storage == null) { throw new Exception(string.Format("Storage space with id={0} not found", storageSpaceId)); } var ss = GetStorageSpaceService(storage.ServiceId); ss.SetFolderNtfsPermissions(fullPath, permissions, isProtected, preserveInheritance); } catch (Exception exception) { TaskManager.WriteError(exception); result.AddError("Error setting NTFS permissions on Storage Space folder", exception); if (result.Value > 0) { DataProvider.RemoveStorageSpaceFolder(result.Value); } } finally { if (!result.IsSuccess) { TaskManager.CompleteResultTask(result); } else { TaskManager.CompleteResultTask(); } } return result; }
public UserPermission[] GetGroupNtfsPermissions(string path, UserPermission[] users, string usersOU) { object[] results = this.Invoke("GetGroupNtfsPermissions", new object[] { path, users, usersOU}); return ((UserPermission[])(results[0])); }