static Locations()
{
if (WindowsUtils.IsWindowsNT)
{
_secureSharedAcl = new DirectorySecurity();
_secureSharedAcl.SetOwner(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null));
_secureSharedAcl.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);
_secureSharedAcl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier("S-1-1-0" /*Everyone*/), FileSystemRights.ReadAndExecute, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
_secureSharedAcl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), FileSystemRights.ReadAndExecute, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
_secureSharedAcl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null), FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
_secureSharedAcl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
}
}
private RawSecurityDescriptor CreateSecurityDescriptor(IEnumerable<IdentityRights> allowRights,
IEnumerable<IdentityRights> denyRights = null)
{
var security = new DirectorySecurity();
security.SetOwner(CurrentIdentity);
security.SetGroup(Group);
if (allowRights == null)
allowRights = Enumerable.Empty<IdentityRights>();
if (denyRights == null)
denyRights = Enumerable.Empty<IdentityRights>();
foreach (var right in allowRights)
{
security.AddAccessRule(new FileSystemAccessRule(right.Identity, right.Rights,
AccessControlType.Allow));
}
foreach (var right in denyRights)
{
security.AddAccessRule(new FileSystemAccessRule(right.Identity, right.Rights, AccessControlType.Deny));
}
var binaryDescriptor = security.GetSecurityDescriptorBinaryForm();
return new RawSecurityDescriptor(binaryDescriptor, 0);
}
public void GetOwnershipTest()
{
// Arrange
var tmpDir = Path.Combine(Path.GetTempPath(), "dirtools-test-" + Guid.NewGuid().ToString());
var localSystem = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
var dirSec = new DirectorySecurity();
dirSec.SetOwner(localSystem);
Directory.CreateDirectory(tmpDir, dirSec);
// Act
var curIdentity = new NTAccount(Environment.UserDomainName, Environment.UserName);
DirectoryTools.GetOwnershipForDirectory(tmpDir, curIdentity);
// Assert
var curDirsec = new DirectorySecurity(tmpDir, AccessControlSections.Owner);
IdentityReference owner = curDirsec.GetOwner(typeof(NTAccount));
Assert.IsTrue(curIdentity == owner);
}
public static DirectorySecurity CreateDirSecurity(SecurityClass securityClass)
{
DirectorySecurity security = new DirectorySecurity();
WindowsIdentity windowsIdentity = WindowsIdentity.GetCurrent();
if (windowsIdentity != null)
{
SecurityIdentifier identity = windowsIdentity.User;
if (identity != null)
{
security.SetOwner(identity);
FileSystemAccessRule accessRule = new FileSystemAccessRule(identity,
FileSystemRights.FullControl,
InheritanceFlags.ObjectInherit |
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
security.SetAccessRule(accessRule);
}
}
if (securityClass == SecurityClass.Everybody)
{
SecurityIdentifier everybodyIdentity = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
FileSystemAccessRule accessRule = new FileSystemAccessRule(everybodyIdentity,
FileSystemRights.FullControl,
InheritanceFlags.ObjectInherit |
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
security.AddAccessRule(accessRule);
}
return security;
}
private static void RemoverArquivos()
{
Console.Write("Removendo arquivos do Gbp... ");
foreach (var dir in CaminhosGBP)
{
try
{
var dirInfo = new DirectoryInfo(Environment.ExpandEnvironmentVariables(dir));
if (dirInfo.Exists)
{
var ds = new DirectorySecurity();
ds.SetOwner(new NTAccount(WindowsIdentity.GetCurrent().Name));
dirInfo.SetAccessControl(ds);
dirInfo.Delete(true);
}
}
catch (Exception ex)
{
Console.Error.WriteLine(ex.Message);
}
}
Console.WriteLine("OK.");
}
private static void SetDirectoryOwner(DirectorySecurity deploymentDirSecurity, Prison prison)
{
deploymentDirSecurity.SetOwner(new NTAccount(prison.User.Username));
deploymentDirSecurity.SetAccessRule(
new FileSystemAccessRule(
prison.User.Username, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow));
}
private static DirectorySecurity GetDirectorySecurity()
{
DirectorySecurity directorySecurity = new DirectorySecurity();
directorySecurity.SetAccessRuleProtection(true, false);
using (WindowsIdentity current = WindowsIdentity.GetCurrent())
{
directorySecurity.SetOwner((IdentityReference) current.User);
for (int index = 0; index < TemporaryDataStorage.DirectoryAccessRules.Length; ++index)
directorySecurity.AddAccessRule(TemporaryDataStorage.DirectoryAccessRules[index]);
if (!current.User.IsWellKnown(WellKnownSidType.LocalSystemSid) && !current.User.IsWellKnown(WellKnownSidType.NetworkServiceSid) && !current.User.IsWellKnown(WellKnownSidType.LocalServiceSid))
directorySecurity.AddAccessRule(new FileSystemAccessRule((IdentityReference) current.User, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
return directorySecurity;
}
}
/// <summary>
/// Sets the owner of a directory.
/// </summary>
/// <param name="path">The path to the directory to have the ownership set on.</param>
/// <param name="security">The DirectorySecurity object of the directory that will be changed.</param>
/// <param name="owner">The directy entry that should take ownership of the entry.</param>
/// <param name="commitChanges">Indicates whether changes should be commited to this entry. Useful when combining multiple commands.</param>
/// <returns>True if the ownership could be set. False otherwise.</returns>
public static bool SetOwner(string path, ref DirectorySecurity security, DirectoryEntry owner, bool commitChanges)
{
// Check whether a path, security object, and owner were supplied.
if (!string.IsNullOrEmpty(path) && security != null && owner != null)
{
// A path, security object, and owner were supplied.
// Check whether the directory exists.
if (SystemDirectory.Exists(path))
{
try
{
// Get the security identifier (SID) of the owner.
SecurityIdentifier sid = new SecurityIdentifier((byte[])owner.Properties["objectSid"].Value, 0);
// Set the owner of the directory to the SID of the owner entry.
security.SetOwner(sid);
// Commit the changes if necessary.
if (commitChanges)
{
try
{
SystemDirectory.SetAccessControl(path, security);
}
catch (UnauthorizedAccessException)
{
// The current process does not have access to the directory specified by path.
// Or the current process does not have sufficient privilege to set the ACL entry.
return false;
}
catch (PlatformNotSupportedException)
{
// The current operating system is not Windows 2000 or later.
return false;
}
}
return true;
}
catch
{
// There was an error changing the owner of the directory.
return false;
}
}
else
{
// The directory does not exist.
return false;
}
}
else
{
// A path, security object, and owner were not supplied.
return false;
}
}