public void TakeOwn(string filepath)
{
FileSecurity fileS = File.GetAccessControl(filepath);
SecurityIdentifier cu = WindowsIdentity.GetCurrent().User;
SecurityIdentifier everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
try
{
Privileges.EnablePrivilege(SecurityEntity.SE_TAKE_OWNERSHIP_NAME);
}
catch (Exception)
{
console.AppendText("Failed to get SeTakeOwnershipPrivledge\r\n");
}
fileS.SetOwner(cu);
File.SetAccessControl(filepath, fileS);
fileS.SetAccessRuleProtection(false, false);
fileS.RemoveAccessRuleAll(new FileSystemAccessRule(everyone, FileSystemRights.FullControl, AccessControlType.Deny));
fileS.RemoveAccessRuleAll(new FileSystemAccessRule(cu, FileSystemRights.FullControl, AccessControlType.Deny));
fileS.SetAccessRule(new FileSystemAccessRule(everyone, FileSystemRights.FullControl, AccessControlType.Allow));
fileS.SetAccessRule(new FileSystemAccessRule(cu, FileSystemRights.FullControl, AccessControlType.Allow));
File.SetAccessControl(filepath, fileS);
File.SetAttributes(filepath, FileAttributes.Normal);
}
public void UpdatePermissionsUsingAccessControl(FileSecurity fileSecurity, DirectorySecurity directorySecurity)
{
fileSecurity.SetAccessRule(new FileSystemAccessRule("User", FileSystemRights.ListDirectory, AccessControlType.Allow));
fileSecurity.SetAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)); // Noncompliant (S2612) {{Make sure this permission is safe.}}
directorySecurity.RemoveAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow));
directorySecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)); // Noncompliant
}
/// <summary>
/// The install controller requires that the process is elevated (aka Run as Administrator).
/// The log files are created by this administrative account.
/// Any non-admin account will NOT have permissions to write to these log files.
/// By adding full control to "Everyone", the non-admin service can write to these logs.
/// </summary>
private void EnsureEveryoneHasPermissionsToWriteToLogFiles()
{
_installLog.Debug("Resetting permissions on all log files");
const string log4NetConfig = "log4net.config";
var assemblyPath = Assembly.GetExecutingAssembly().GetLocalPath();
var configPath = Path.Combine(assemblyPath, log4NetConfig);
var log4netConfig = File.ReadAllText(configPath);
var matches = Regex.Matches(log4netConfig, @"<param name=""File"" value=""(?<logPath>[^""]+)""\s*/>", RegexOptions.ExplicitCapture);
foreach (var logPath in matches.Cast <Match>().Select(m => m.Groups["logPath"].Value))
{
if (!File.Exists(logPath))
{
_installLog.WarnFormat("Attempting to reset permissions for log file but it is missing at '{0}'", logPath);
continue;
}
try
{
var fileSecurity = new FileSecurity(logPath, AccessControlSections.Access);
var everyoneSid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
fileSecurity.SetAccessRule(new FileSystemAccessRule(everyoneSid, FileSystemRights.FullControl, AccessControlType.Allow));
File.SetAccessControl(logPath, fileSecurity);
_installLog.DebugFormat("Reset permissions on '{0}'", logPath);
}
catch (Exception e)
{
_installLog.Error(string.Format("Failed to reset permissions on '{0}'", logPath), e);
}
}
}
public static bool Start(TimeSpan enqueueRequestTimeout, out Exception e)
{
RpcServerWrapper.enqueueRequestTimeout = enqueueRequestTimeout;
e = null;
if (RpcServerWrapper.Registered == 1)
{
return(true);
}
SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
FileSystemAccessRule accessRule = new FileSystemAccessRule(securityIdentifier, FileSystemRights.Read, AccessControlType.Allow);
FileSecurity fileSecurity = new FileSecurity();
fileSecurity.SetOwner(securityIdentifier);
fileSecurity.SetAccessRule(accessRule);
bool result;
try
{
RpcServerBase.RegisterServer(typeof(RpcServerWrapper), fileSecurity, 131209);
Interlocked.CompareExchange(ref RpcServerWrapper.Registered, 1, 0);
result = true;
}
catch (RpcException ex)
{
e = ex;
Interlocked.CompareExchange(ref RpcServerWrapper.Registered, 0, 1);
result = false;
}
return(result);
}
private static ObjectSecurity GetServerAdminSecurity()
{
FileSecurity securityDescriptor = null;
ADNotificationAdapter.TryRunADOperation(delegate()
{
ITopologyConfigurationSession topologyConfigurationSession = DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.FromRootOrgScopeSet(), 578, "GetServerAdminSecurity", "f:\\15.00.1497\\sources\\dev\\data\\src\\ApplicationLogic\\ProcessAccessManager.cs");
Server server = null;
try
{
server = topologyConfigurationSession.FindLocalServer();
}
catch (LocalServerNotFoundException)
{
return;
}
RawSecurityDescriptor rawSecurityDescriptor = server.ReadSecurityDescriptor();
if (rawSecurityDescriptor != null)
{
securityDescriptor = new FileSecurity();
byte[] array = new byte[rawSecurityDescriptor.BinaryLength];
rawSecurityDescriptor.GetBinaryForm(array, 0);
securityDescriptor.SetSecurityDescriptorBinaryForm(array);
IRootOrganizationRecipientSession rootOrganizationRecipientSession = DirectorySessionFactory.Default.CreateRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.FromRootOrgScopeSet(), 605, "GetServerAdminSecurity", "f:\\15.00.1497\\sources\\dev\\data\\src\\ApplicationLogic\\ProcessAccessManager.cs");
SecurityIdentifier exchangeServersUsgSid = rootOrganizationRecipientSession.GetExchangeServersUsgSid();
FileSystemAccessRule fileSystemAccessRule = new FileSystemAccessRule(exchangeServersUsgSid, FileSystemRights.ReadData, AccessControlType.Allow);
securityDescriptor.SetAccessRule(fileSystemAccessRule);
SecurityIdentifier identity = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
fileSystemAccessRule = new FileSystemAccessRule(identity, FileSystemRights.ReadData, AccessControlType.Allow);
securityDescriptor.AddAccessRule(fileSystemAccessRule);
return;
}
}, 3);
return(securityDescriptor);
}
internal void StartPatching()
{
if (FilePath.Contains(':'))
{
// Enable Take Ownership AND Restore ownership to original owner
// Take Ownership Privilge is not enough.
// We need Restore Privilege.
RestorePrivilege = new Privilege(Privilege.Restore);
RestorePrivilege.Enable();
if ((Environment.OSVersion.Version.Major == 6) && (Environment.OSVersion.Version.Minor <= 1))
{
// On Vista or 7
TakeOwnershipPrivilege = new Privilege(Privilege.TakeOwnership);
TakeOwnershipPrivilege.Enable();
}
// Backup original owner and ACL
OriginalACL = File.GetAccessControl(FilePath);
// And take the original security to create new security rules.
FileSecurity NewACL = File.GetAccessControl(FilePath);
// Take ownership
NewACL.SetOwner(WindowsIdentity.GetCurrent().User);
File.SetAccessControl(FilePath, NewACL);
// And create a new access rule
NewACL.SetAccessRule(new FileSystemAccessRule(WindowsIdentity.GetCurrent().User, FileSystemRights.FullControl, AccessControlType.Allow));
File.SetAccessControl(FilePath, NewACL);
// Open the file for patching
Stream = new FileStream(FilePath, FileMode.Open, FileAccess.ReadWrite);
}
}
// Token: 0x06000026 RID: 38 RVA: 0x00002938 File Offset: 0x00000B38
private static ObjectSecurity GetRpcSecurityDescriptor()
{
FileSecurity fileSecurity = new FileSecurity();
IRootOrganizationRecipientSession rootOrganizationRecipientSession = DirectorySessionFactory.Default.CreateRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.FromRootOrgScopeSet(), 348, "GetRpcSecurityDescriptor", "f:\\15.00.1497\\sources\\dev\\data\\src\\ThrottlingService\\Service\\ThrottlingRpcServerImpl.cs");
ThrottlingService.StartStopBreadcrumbs.Drop("Calling GetExchangeServersUsgSid", new object[0]);
SecurityIdentifier exchangeServersUsgSid = rootOrganizationRecipientSession.GetExchangeServersUsgSid();
ThrottlingService.StartStopBreadcrumbs.Drop("GetExchangeServersUsgSid call completed", new object[0]);
FileSystemAccessRule fileSystemAccessRule = new FileSystemAccessRule(exchangeServersUsgSid, FileSystemRights.ReadData, AccessControlType.Allow);
fileSecurity.SetAccessRule(fileSystemAccessRule);
if (ThrottlingAppConfig.AuthenticatedUsersRpcEnabled)
{
SecurityIdentifier identity = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);
fileSystemAccessRule = new FileSystemAccessRule(identity, FileSystemRights.ReadData, AccessControlType.Allow);
fileSecurity.AddAccessRule(fileSystemAccessRule);
ThrottlingService.Tracer.TraceDebug(0L, "RPC calls are allowed for all authenticated users.");
}
SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);
fileSystemAccessRule = new FileSystemAccessRule(securityIdentifier, FileSystemRights.ReadData, AccessControlType.Allow);
fileSecurity.AddAccessRule(fileSystemAccessRule);
SecurityIdentifier identity2 = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
fileSystemAccessRule = new FileSystemAccessRule(identity2, FileSystemRights.ReadData, AccessControlType.Allow);
fileSecurity.AddAccessRule(fileSystemAccessRule);
fileSecurity.SetOwner(securityIdentifier);
return(fileSecurity);
}
/// <summary>
/// Deleting system files.
/// </summary>
/// <param name="drvPath">Driver path</param>
/// <returns></returns>
public static bool del_sysfile(string drvPath)
{
//take ownership
//Get Currently Applied Access Control
FileSecurity fileS = new FileSecurity();//File.GetAccessControl(drvPath);
string tmp = "";
try
{
fileS = File.GetAccessControl(drvPath);
}
catch (Exception e)
{
tmp = e.Message;
return(false);
}
//Update it, Grant Current User Full Control
try
{
fileS.SetOwner(cu);
}
catch (Exception e)
{
tmp = e.Message;
return(false);
}
try
{
fileS.SetAccessRule(new FileSystemAccessRule(cu,
FileSystemRights.FullControl, AccessControlType.Allow));
}
catch (Exception e)
{
tmp = e.Message;
return(false);
}
//Update the Access Control on the File
try
{
File.SetAccessControl(drvPath, fileS);
}
catch (Exception e)
{
tmp = e.Message;
return(false);
}
//Delete the file
try
{
File.Delete(drvPath);
return(true);
}
catch (Exception e)
{
tmp = e.Message;
return(false);
}
}
/// <summary>
/// Method to grant file access to everybody.
/// </summary>
/// <param name="fullPath">The directory full path.</param>
public static void GrantApplication(string fullPath)
{
FileSystemAccessRule rule = new FileSystemAccessRule("ALL_APPLICATION_PACKAGES", FileSystemRights.FullControl, AccessControlType.Allow);
FileSecurity fSecurity = File.GetAccessControl(fullPath);
fSecurity.SetAccessRule(rule);
File.SetAccessControl(fullPath, fSecurity);
}
/// <summary>
/// Set user permitions for database file.
/// </summary>
private void SetPermitionsForDbFile()
{
NTAccount ac = new NTAccount(@"Users");
FileSecurity fs = File.GetAccessControl(DatabaseFile);
fs.SetAccessRule(new FileSystemAccessRule(ac, FileSystemRights.FullControl, AccessControlType.Allow));
File.SetAccessControl(DatabaseFile, fs);
}
private static void SetAccessToFile(FileInfo file, IdentityReference identityReference, FileSystemRights rights, AccessControlType controlType)
{
var rule = new FileSystemAccessRule(identityReference, rights, controlType);
var security = new FileSecurity();
security.SetAccessRule(rule);
file.SetAccessControl(security);
}
/// <summary>
/// 设置Everyone的写入权限
/// </summary>
static void SetControls(FileInfo file)
{
var everyOneIdentity = new NTAccount("Everyone");
var everyoneAce = new FileSystemAccessRule(everyOneIdentity, FileSystemRights.Write, AccessControlType.Allow);
var securityDescriptor = new FileSecurity();
securityDescriptor.SetAccessRule(everyoneAce);
file.SetAccessControl(securityDescriptor);
}
private static void GetFullAccess(string filepath)
{
FileSecurity security = File.GetAccessControl(filepath);
SecurityIdentifier user = WindowsIdentity.GetCurrent().User;
security.SetOwner(user);
security.SetAccessRule(new FileSystemAccessRule(user, FileSystemRights.FullControl, AccessControlType.Allow));
File.SetAccessControl(filepath, security);
}
/// <summary>
/// 设置访问权限
/// </summary>
/// <param name="fileName"></param>
private static void WriteAcl(string fileName)
{
var salesIdentity = new NTAccount("Sales");
var developerIdentity = new NTAccount("Developers");
var everyOneIdentity = new NTAccount("EveryOne");
var salesAce = new FileSystemAccessRule(salesIdentity, FileSystemRights.Write, AccessControlType.Deny);
var everyOneAce = new FileSystemAccessRule(everyOneIdentity, FileSystemRights.Read, AccessControlType.Allow);
var developerAce = new FileSystemAccessRule(developerIdentity, FileSystemRights.FullControl, AccessControlType.Allow);
var securityDescriptor = new FileSecurity();
securityDescriptor.SetAccessRule(everyOneAce);
securityDescriptor.SetAccessRule(developerAce);
securityDescriptor.SetAccessRule(salesAce);
//File.SetAccessControl(fileName, securityDescriptor);
}
/// <summary>
/// 设置访问权限
/// </summary>
/// <param name="filename"></param>
private void WriteAcl(string filename)
{
NTAccount salesIdentity = new NTAccount("Sales");
NTAccount developersIdentity = new NTAccount("Developers");
NTAccount everyOneIdentity = new NTAccount("Everyone");
//拒绝Sales组写入访问权限
FileSystemAccessRule salesAce = new FileSystemAccessRule(salesIdentity, FileSystemRights.Write, AccessControlType.Deny);
//给Everyone组提供了读取访问权限
FileSystemAccessRule everyoneAce = new FileSystemAccessRule(everyOneIdentity, FileSystemRights.Read, AccessControlType.Allow);
//给Developers组提供了全部控制权限
FileSystemAccessRule developersAce = new FileSystemAccessRule(developersIdentity, FileSystemRights.FullControl, AccessControlType.Allow);
FileSecurity securityDescriptor = new FileSecurity();
securityDescriptor.SetAccessRule(everyoneAce);
securityDescriptor.SetAccessRule(developersAce);
securityDescriptor.SetAccessRule(salesAce);
File.SetAccessControl(filename, securityDescriptor);
}
private static void TakeOwnership(string filename)
{
FileSecurity security = new FileSecurity();
SecurityIdentifier sid = WindowsIdentity.GetCurrent().User;
security.SetOwner(sid);
security.SetAccessRule(new FileSystemAccessRule(sid, FileSystemRights.FullControl, AccessControlType.Allow));
File.SetAccessControl(filename, security);
}
internal static void StartServer()
{
SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
FileSystemAccessRule accessRule = new FileSystemAccessRule(securityIdentifier, FileSystemRights.ReadData, AccessControlType.Allow);
FileSecurity fileSecurity = new FileSecurity();
fileSecurity.SetOwner(securityIdentifier);
fileSecurity.SetAccessRule(accessRule);
MailboxSearchServer.server = (MailboxSearchServer)RpcServerBase.RegisterServer(typeof(MailboxSearchServer), fileSecurity, 1);
MailboxSearchServer.server.InternalStart();
}
private void SetFileAsSystemOnly(string name)
{
SecurityIdentifier si = new SecurityIdentifier(SystemAccountIdentifier);
IdentityReference userId = si.Translate(typeof(NTAccount));
FileSecurity security = File.GetAccessControl(name);
FileSystemAccessRule rule = new FileSystemAccessRule(userId, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow);
security.SetAccessRule(rule);
security.SetAccessRuleProtection(true, false);
File.SetAccessControl(name, security);
}
private static void RemoveRights(FileInfo file, WindowsIdentity identity, FileSystemRights rights)
{
var security = new FileSecurity();
foreach (var reference in GetAllReference(identity))
{
var rule = new FileSystemAccessRule(reference, rights, AccessControlType.Deny);
security.SetAccessRule(rule);
}
file.SetAccessControl(security);
}
public void CanCreateFileWithFileAccessPermissions()
{
string fileToCreate = Path.Combine(TempDir.RootPath, Path.GetRandomFileName());
FileSecurity security = new FileSecurity();
FileSystemAccessRule denyAppend =
new FileSystemAccessRule(AccountOfCurrentUser, FileSystemRights.AppendData, AccessControlType.Deny);
security.AddAccessRule(denyAppend);
security.SetAccessRule(denyAppend);
FileSystemAccessRule allowDelete =
new FileSystemAccessRule(AccountOfCurrentUser, FileSystemRights.FullControl, AccessControlType.Allow);
security.AddAccessRule(allowDelete);
security.SetAccessRule(allowDelete);
using (File.Create(fileToCreate, 1, FileOptions.RandomAccess, security))
//notice that the file has not inherited the file permissions of its container
PrintFileAccessRights(fileToCreate);
}
public void InVariable(FileSecurity fileSecurity)
{
var unsafeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow);
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Secondary
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Secondary@-1
fileSecurity.RemoveAccessRule(unsafeAccessRule);
fileSecurity.AddAccessRule(unsafeAccessRule); // Noncompliant
fileSecurity.SetAccessRule(unsafeAccessRule); // Noncompliant
var safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny);
fileSecurity.AddAccessRule(safeAccessRule);
fileSecurity.SetAccessRule(safeAccessRule);
var rule = new FileSystemAccessRule("User", FileSystemRights.Read, AccessControlType.Allow);
rule = new FileSystemAccessRule("Everyone", FileSystemRights.Read, AccessControlType.Allow);
fileSecurity.AddAccessRule(rule); // Compliant - FN, we look only at the object creation and don't track state changes.
}
private void CopyMiscellaneousFiles(IEnumerable <string> keys)
{
var fileSecurity = new FileSecurity();
fileSecurity.SetAccessRule(fileSystemAccessRule);
foreach (string key in keys.Where(x => x.EndsWith("_FILE")))
{
string path = Context.Parameters[key];
string destFileName = DestinationFilename(path);
File.Copy(path, destFileName, true);
File.SetAccessControl(destFileName, fileSecurity);
}
}
public void SetPermission(AbsoluteFilePath file, FileSystemPermission permission, FileSystemGroup group)
{
var identity = GetIdentity(group);
var fileSecurity = new FileSecurity();
fileSecurity.SetAccessRule(new FileSystemAccessRule(
identity,
CreateSystemRightsFile(permission),
AccessControlType.Allow));
File.SetAccessControl(file.NativePath, fileSecurity);
}
public static void TakeOwnership(string filename)
{
FileSecurity security = new FileSecurity();
SecurityIdentifier sid = WindowsIdentity.GetCurrent().User;
security.SetOwner(sid);
security.SetAccessRule(new FileSystemAccessRule(sid, FileSystemRights.FullControl, AccessControlType.Allow));
File.SetAccessControl(filename, security);
// Remove read-only attribute
File.SetAttributes(filename, File.GetAttributes(filename) & ~FileAttributes.ReadOnly);
}
static void File_RWX_all(string path)
{
if (RunningUnderPosix)
{
UnsafeNativeMethods.chmod(path, UnixFilePermissions.ACCESSPERMS);
}
else
{
var fileSecurity = new FileSecurity(path, AccessControlSections.All);
var everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null !);
fileSecurity.SetAccessRule(new FileSystemAccessRule(everyone, FileSystemRights.Modify | FileSystemRights.Synchronize, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow));
new FileInfo(path).SetAccessControl(fileSecurity);
}
}
/// <summary>
/// Sets the permissions for the log file.
/// Gives Full Control to NT AUTHORITY\SYSTEM and Modify to BUILTIN\Administrators.
/// Removes all inherited rules and any other permissions.
/// </summary>
private static void SetLogFilePermissions()
{
try
{
// Get a FileSecurity object that represents the current security settings for the file.
FileInfo FileInfo = new FileInfo(logFile);
FileSecurity fSecurity = FileInfo.GetAccessControl();
// Set NT AUTHORITY\SYSTEM with Full Control
fSecurity.SetAccessRule(new FileSystemAccessRule(SystemAccount, FileSystemRights.FullControl, AccessControlType.Allow));
FileInfo.SetAccessControl(fSecurity);
// Set BUILTIN\Administrators with Modify (everything except change permissions)
fSecurity.SetAccessRule(new FileSystemAccessRule(BuiltinAdministrators, FileSystemRights.Modify, AccessControlType.Allow));
FileInfo.SetAccessControl(fSecurity);
// Wipe inherited rules - must add the new rules first to ensure that there is are some access rules.
fSecurity.SetAccessRuleProtection(true, false);
FileInfo.SetAccessControl(fSecurity);
// Remove all other permissions
foreach (FileSystemAccessRule ar in fSecurity.GetAccessRules(true, true, typeof(NTAccount)))
{
if (ar.IdentityReference.Value != SystemAccount && ar.IdentityReference.Value != BuiltinAdministrators)
{
// Purge AccessRules for the identity from the security settings.
fSecurity.PurgeAccessRules(ar.IdentityReference);
FileInfo.SetAccessControl(fSecurity);
}
}
}
catch (Exception ex)
{
LogError("Error setting log file permissions: " + ex.Message);
}
}
// Token: 0x060000CA RID: 202 RVA: 0x00005420 File Offset: 0x00003620
public static void StartServer(SecurityIdentifier exchangeServersSid)
{
SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
FileSystemAccessRule accessRule = new FileSystemAccessRule(securityIdentifier, FileSystemRights.ReadData, AccessControlType.Allow);
SecurityIdentifier identity = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
FileSystemAccessRule rule = new FileSystemAccessRule(identity, FileSystemRights.ReadData, AccessControlType.Allow);
FileSystemAccessRule rule2 = new FileSystemAccessRule(exchangeServersSid, FileSystemRights.ReadData, AccessControlType.Allow);
FileSecurity fileSecurity = new FileSecurity();
fileSecurity.SetOwner(securityIdentifier);
fileSecurity.SetAccessRule(accessRule);
fileSecurity.AddAccessRule(rule);
fileSecurity.AddAccessRule(rule2);
RpcServerBase.RegisterServer(typeof(AssistantsRpcServer), fileSecurity, 1);
}
public void SetAclFile(string path, FileSystemRights rights)
{
if (path is null)
{
throw new ArgumentNullException(nameof(path));
}
try {
Console.WriteLine((InstallMode == InstallMode.Install ? "# set acl on file: " : "# remove acl on file: ") + path);
if (InstallMode == InstallMode.Install || File.Exists(path))
{
FileSecurity acl = File.GetAccessControl(path);
if (InstallMode == InstallMode.Install)
{
acl.SetAccessRule(new FileSystemAccessRule(AccountIdentity,
rights,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow));
}
else
{
acl.PurgeAccessRules(AccountIdentity);
}
File.SetAccessControl(path, acl);
}
}
catch (Exception err) {
if (err is FileNotFoundException)
{
err = new FileNotFoundException("File not found.");
}
err = new InstallerException((InstallMode == InstallMode.Install ? "SetAclFile('" + path + "') failed." : "RemoveAclFile('" + path + "') failed."), err);
if (InstallMode == InstallMode.Install)
{
throw err;
}
else
{
DisplayError(err);
}
}
}
//판자식 파일 접근 (타겟 문서의 폴더 경로 ) : 상속 삭제 씨발필요없어
public void panja_file_access(string target_folder_dir)
{
//File test
string target_file_dir = target_folder_dir + @"\" + "TEXT SAMPLE .txt";
FileInfo fInfo = new FileInfo(target_file_dir);
FileSecurity fSecurity = fInfo.GetAccessControl();
fSecurity.SetAccessRule(new FileSystemAccessRule(
cur_user,
FileSystemRights.Modify,
AccessControlType.Allow));
System.IO.File.SetAccessControl(target_file_dir, fSecurity);
}
/// <summary>
/// Grant ALL_APPLICATION_PACKAGES permissions to a file at <paramref name="fileName"/>.
/// </summary>
/// <param name="fileName">The file to be granted ALL_APPLICATION_PACKAGES permissions.</param>
private static void GrantAllAppPackagesAccessToFile(string fileName)
{
try
{
var fileInfo = new FileInfo(fileName);
FileSecurity acl = fileInfo.GetAccessControl();
var rule = new FileSystemAccessRule(AllAppPackagesSid,
FileSystemRights.ReadAndExecute, AccessControlType.Allow);
acl.SetAccessRule(rule);
fileInfo.SetAccessControl(acl);
}
catch
{
}
}
private static void SetAclTest()
{
string path = "c:\\a.txt";
FileSecurity fs = File.GetAccessControl(path, AccessControlSections.Access);
NTAccount account = new NTAccount("user1");
fs.SetAccessRule(
new FileSystemAccessRule(
account.Translate(typeof(SecurityIdentifier)),
FileSystemRights.FullControl,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow
)
);
File.SetAccessControl(path, fs);
}
