示例#1
0
        public bool SetOwner(string ownerSid)
        {
            var acsResult = GetAccessControl(FilePath, IsFolder, out var acs);

            if (acsResult)
            {
                try
                {
                    acs.SetOwner(new SecurityIdentifier(ownerSid));
                    if (IsFolder)
                    {
                        FileSystemAclExtensions.SetAccessControl(new DirectoryInfo(FilePath), acs as DirectorySecurity);
                    }
                    else
                    {
                        FileSystemAclExtensions.SetAccessControl(new FileInfo(FilePath), acs as FileSecurity);
                    }
                    return(true);
                }
                catch (UnauthorizedAccessException)
                {
                    // User does not have rights to set the owner
                }
                catch (Exception)
                {
                }
            }

            // Set through powershell (admin)
            return(Win32API.RunPowershellCommand($"-command \"try {{ $path = '{FilePath}'; $ID = new-object System.Security.Principal.SecurityIdentifier('{ownerSid}'); $acl = get-acl $path; $acl.SetOwner($ID); set-acl -path $path -aclObject $acl }} catch {{ exit 1; }}\"", true));
        }
示例#2
0
        public bool SetAccessRuleProtection(bool isProtected, bool preserveInheritance)
        {
            var acsResult = GetAccessControl(FilePath, IsFolder, out var acs);

            if (acsResult)
            {
                try
                {
                    acs.SetAccessRuleProtection(isProtected, preserveInheritance);
                    if (IsFolder)
                    {
                        FileSystemAclExtensions.SetAccessControl(new DirectoryInfo(FilePath), acs as DirectorySecurity);
                    }
                    else
                    {
                        FileSystemAclExtensions.SetAccessControl(new FileInfo(FilePath), acs as FileSecurity);
                    }
                    return(true);
                }
                catch (UnauthorizedAccessException)
                {
                    // User does not have rights to set access rules
                    return(false);
                }
                catch (Exception)
                {
                    return(false);
                }
            }
            return(false);
        }
示例#3
0
        private bool SetMountpointRWAccessForUsers(string mountPointPath, string traceId)
        {
            string status  = String.Empty;
            bool   fSetACL = false;

#if DotNetCoreClrLinux
            try
            {
                const int defaultFilePermission = 0x1ed;
                Chmod(mountPointPath, defaultFilePermission);
                fSetACL = true;
            }
            catch
            {
                status = "Chmod failed";
            }
#else
            try
            {
                // Create a new DirectoryInfo object.
                DirectoryInfo dInfo = new DirectoryInfo(mountPointPath);

                // Get a DirectorySecurity object that represents the
                // current security settings.
                DirectorySecurity dSecurity = FileSystemAclExtensions.GetAccessControl(dInfo);

                var allUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);

                // Add the FileSystemAccessRule to the security settings.
                bool fModified = false;
                dSecurity.ModifyAccessRule(AccessControlModification.Add, new FileSystemAccessRule(allUsers,
                                                                                                   FileSystemRights.Modify,
                                                                                                   InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                                                                                                   PropagationFlags.None, // Make it applied to This Folder, subfolders and files
                                                                                                   AccessControlType.Allow), out fModified);

                // Set the new access settings.
                if (fModified)
                {
                    FileSystemAclExtensions.SetAccessControl(dInfo, dSecurity);
                    fSetACL = true;
                }
                else
                {
                    status = String.Format("Failed to change ACL of mountpoint {0}.", mountPointPath);
                }
            }
            catch (Exception ex)
            {
                status = String.Format("Failed to change ACL of mountpoint {0} due to exception: {1}.", mountPointPath, ex.Message);
            }
#endif

            if (!String.IsNullOrEmpty(status))
            {
                TraceWriter.WriteErrorWithId(Constants.TraceSource, traceId, status);
            }

            return(fSetACL);
        }
示例#4
0
        public bool SetPermissions()
        {
            var acsResult = GetAccessControl(FilePath, IsFolder, out var acs);

            if (acsResult)
            {
                try
                {
                    var accessRules = acs.GetAccessRules(true, true, typeof(SecurityIdentifier));
                    foreach (var existingRule in accessRules.Cast <FileSystemAccessRule>().Where(x => !x.IsInherited))
                    {
                        acs.RemoveAccessRule(existingRule);
                    }
                    foreach (var rule in AccessRules.Where(x => !x.IsInherited))
                    {
                        acs.AddAccessRule(rule.ToFileSystemAccessRule());
                    }
                    if (IsFolder)
                    {
                        FileSystemAclExtensions.SetAccessControl(new DirectoryInfo(FilePath), acs as DirectorySecurity);
                    }
                    else
                    {
                        FileSystemAclExtensions.SetAccessControl(new FileInfo(FilePath), acs as FileSecurity);
                    }
                    return(true);
                }
                catch (UnauthorizedAccessException)
                {
                    // User does not have rights to set access rules
                    return(false);
                }
                catch (Exception)
                {
                    return(false);
                }
            }
            return(false);
        }
示例#5
0
 private void Persist(string path)
 {
     Directory.CreateDirectory(Path.GetDirectoryName(path));
     using (FileStream fileStream = File.Open(path, FileMode.OpenOrCreate, FileAccess.Write, FileShare.ReadWrite))
     {
         new BinaryFormatter().Serialize(fileStream, JsonConvert.SerializeObject((object)store));
         if (fileStream.Position != fileStream.Length)
         {
             fileStream.SetLength(fileStream.Position);
         }
     }
     try
     {
         var file          = new FileInfo(path);
         var accessControl = FileSystemAclExtensions.GetAccessControl(file);
         accessControl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier("S-1-15-2-1"), FileSystemRights.FullControl, AccessControlType.Allow));
         accessControl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier("S-1-1-0"), FileSystemRights.FullControl, AccessControlType.Allow));
         FileSystemAclExtensions.SetAccessControl(file, accessControl);
     }
     catch (Exception)
     {
     }
 }
        public bool Install(string path, out string errorMessage)
        {
            IntPtr manager = AdvApi32.OpenSCManager(null, null, AdvApi32.SC_MANAGER_ACCESS_MASK.SC_MANAGER_ALL_ACCESS);

            if (manager == IntPtr.Zero)
            {
                errorMessage = "OpenSCManager returned zero.";
                return(false);
            }

            IntPtr service = AdvApi32.CreateService(manager,
                                                    _id,
                                                    _id,
                                                    AdvApi32.SERVICE_ACCESS_MASK.SERVICE_ALL_ACCESS,
                                                    AdvApi32.SERVICE_TYPE.SERVICE_KERNEL_DRIVER,
                                                    AdvApi32.SERVICE_START.SERVICE_DEMAND_START,
                                                    AdvApi32.SERVICE_ERROR.SERVICE_ERROR_NORMAL,
                                                    path,
                                                    null,
                                                    null,
                                                    null,
                                                    null,
                                                    null);

            if (service == IntPtr.Zero)
            {
                if (Marshal.GetHRForLastWin32Error() == Kernel32.ERROR_SERVICE_EXISTS)
                {
                    errorMessage = "Service already exists";
                    return(false);
                }

                errorMessage = "CreateService returned the error: " + Marshal.GetExceptionForHR(Marshal.GetHRForLastWin32Error()).Message;
                AdvApi32.CloseServiceHandle(manager);
                return(false);
            }

            if (!AdvApi32.StartService(service, 0, null))
            {
                if (Marshal.GetHRForLastWin32Error() != Kernel32.ERROR_SERVICE_ALREADY_RUNNING)
                {
                    errorMessage = "StartService returned the error: " + Marshal.GetExceptionForHR(Marshal.GetHRForLastWin32Error()).Message;
                    AdvApi32.CloseServiceHandle(service);
                    AdvApi32.CloseServiceHandle(manager);
                    return(false);
                }
            }

            AdvApi32.CloseServiceHandle(service);
            AdvApi32.CloseServiceHandle(manager);

#if !NETSTANDARD2_0
            try
            {
                // restrict the driver access to system (SY) and builtin admins (BA)
                // TODO: replace with a call to IoCreateDeviceSecure in the driver
                FileInfo     fileInfo     = new FileInfo(@"\\.\" + _id);
                FileSecurity fileSecurity = FileSystemAclExtensions.GetAccessControl(fileInfo);
                fileSecurity.SetSecurityDescriptorSddlForm("O:BAG:SYD:(A;;FA;;;SY)(A;;FA;;;BA)");
                FileSystemAclExtensions.SetAccessControl(fileInfo, fileSecurity);
            }
            catch
            { }
#endif
            errorMessage = null;
            return(true);
        }