/// <summary> /// Ensures that home folder for ftp account exists. /// </summary> /// <param name="folder">Path to home folder.</param> /// <param name="accountName">Account name.</param> /// <param name="allowRead">A value which specifies whether read operation is allowed or not.</param> /// <param name="allowWrite">A value which specifies whether write operation is allowed or not.</param> private void EnsureUserHomeFolderExists(string folder, string accountName, bool allowRead, bool allowWrite) { Log.WriteError(String.Format("Trying to create folder {0}", folder), new Exception()); // create folder if (!FileUtils.DirectoryExists(folder)) { FileUtils.CreateDirectory(folder); } if (!allowRead && !allowWrite) { return; } NTFSPermission permissions = allowRead ? NTFSPermission.Read : NTFSPermission.Write; if (allowRead && allowWrite) { permissions = NTFSPermission.Modify; } // Set ntfs permissions SecurityUtils.GrantNtfsPermissions(folder, accountName, permissions, true, true, ServerSettings, UsersOU, GroupsOU); }
public static void GrantNtfsPermissions(string path, string accountName, NTFSPermission permissions, bool inheritParentPermissions, bool preserveOriginalPermissions, RemoteServerSettings serverSettings, string usersOU, string groupsOU) { string sid = GetAccountSid(accountName, serverSettings, usersOU, groupsOU); // Check if loaded sid is not empty - because user can manually set up non existent account name. if (!String.IsNullOrEmpty(sid)) { GrantNtfsPermissionsBySid(path, sid, permissions, inheritParentPermissions, preserveOriginalPermissions); } }
public void GrantWebSiteAccess(string path, string siteId, NTFSPermission permission) { try { Log.WriteStart("'{0}' GrantWebSiteAccess", ProviderSettings.ProviderName); WebProvider.GrantWebSiteAccess(path, siteId, permission); Log.WriteEnd("'{0}' GrantWebSiteAccess", ProviderSettings.ProviderName); } catch (Exception ex) { Log.WriteError(String.Format("'{0}' GrantWebSiteAccess", ProviderSettings.ProviderName), ex); throw; } }
private void EnsureUserHomeFolderExists(string folder, string accountName, bool allowRead, bool allowWrite) { // create folder if (!FileUtils.DirectoryExists(folder)) { FileUtils.CreateDirectory(folder); } if (!allowRead && !allowWrite) { return; } NTFSPermission permissions = allowRead ? NTFSPermission.Read : NTFSPermission.Write; if (allowRead && allowWrite) { permissions = NTFSPermission.Modify; } // set permissions SecurityUtils.GrantNtfsPermissions(folder, accountName, permissions, true, true, ServerSettings, UsersOU, GroupsOU); }
/// <remarks/> public void GrantWebSiteAccessAsync(string path, string siteId, NTFSPermission permission, object userState) { if ((this.GrantWebSiteAccessOperationCompleted == null)) { this.GrantWebSiteAccessOperationCompleted = new System.Threading.SendOrPostCallback(this.OnGrantWebSiteAccessOperationCompleted); } this.InvokeAsync("GrantWebSiteAccess", new object[] { path, siteId, permission}, this.GrantWebSiteAccessOperationCompleted, userState); }
/// <remarks/> public void GrantWebSiteAccessAsync(string path, string siteId, NTFSPermission permission) { this.GrantWebSiteAccessAsync(path, siteId, permission, null); }
/// <remarks/> public System.IAsyncResult BeginGrantWebSiteAccess(string path, string siteId, NTFSPermission permission, System.AsyncCallback callback, object asyncState) { return this.BeginInvoke("GrantWebSiteAccess", new object[] { path, siteId, permission}, callback, asyncState); }
public void GrantWebSiteAccess(string path, string siteId, NTFSPermission permission) { this.Invoke("GrantWebSiteAccess", new object[] { path, siteId, permission}); }
public static void GrantNtfsPermissionsBySid(string path, string sid, NTFSPermission permissions, bool inheritParentPermissions, bool preserveOriginalPermissions) { // get file or directory security object FileSystemSecurity security = GetFileSystemSecurity(path); if (security == null) return; FileSystemRights rights = FileSystemRights.Read; if (permissions == NTFSPermission.FullControl) rights = FileSystemRights.FullControl; else if (permissions == NTFSPermission.Modify) rights = FileSystemRights.Modify; else if (permissions == NTFSPermission.Write) rights = FileSystemRights.Write; else if (permissions == NTFSPermission.Read && security is DirectorySecurity) rights = FileSystemRights.ReadAndExecute; else if (permissions == NTFSPermission.Read && security is FileSecurity) rights = FileSystemRights.Read; SecurityIdentifier identity = new SecurityIdentifier(sid); if (!preserveOriginalPermissions) security = CreateFileSystemSecurity(path); else security.RemoveAccessRuleAll(new FileSystemAccessRule(identity, FileSystemRights.Read, AccessControlType.Allow)); if (!inheritParentPermissions) security.SetAccessRuleProtection(true, inheritParentPermissions); else security.SetAccessRuleProtection(false, true); InheritanceFlags flags = security is FileSecurity ? InheritanceFlags.None : InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit; // change DACL FileSystemAccessRule rule = new FileSystemAccessRule( identity, rights, flags, PropagationFlags.None, AccessControlType.Allow); // add/modify rule security.AddAccessRule(rule); // set security object SetFileSystemSecurity(path, security); }
public static void GrantNtfsPermissions(string path, string accountName, NTFSPermission permissions, bool inheritParentPermissions, bool preserveOriginalPermissions, RemoteServerSettings serverSettings) { GrantNtfsPermissions(path, accountName, permissions, inheritParentPermissions, preserveOriginalPermissions, serverSettings, null, null); }
public new void GrantWebSiteAccess(string path, string siteId, NTFSPermission permission) { // TODO }
private void GrantWebManagementAccessInternally(string siteName, string accountName, string accountPassword, NTFSPermission permissions) { // Preserve setting to restore it back bool adEnabled = ServerSettings.ADEnabled; // !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user // against the web server ServerSettings.ADEnabled = false; // string fqWebPath = String.Format("/{0}", siteName); // Trace input parameters Log.WriteInfo("Site Name: {0}; Account Name: {1}; Account Password: {2}; FqWebPath: {3};", siteName, accountName, accountPassword, fqWebPath); // if (IdentityCredentialsMode == "IISMNGR") { ManagementAuthentication.CreateUser(accountName, accountPassword); } else { // Create Windows user SecurityUtils.CreateUser( new SystemUser { Name = accountName, FullName = accountName, Description = "WMSVC Service Account created by WebsitePanel", PasswordCantChange = true, PasswordNeverExpires = true, AccountDisabled = false, Password = accountPassword, System = true }, ServerSettings, String.Empty, String.Empty); // Convert account name to the full-qualified one accountName = GetFullQualifiedAccountName(accountName); // Log.WriteInfo("FQ Account Name: {0};", accountName); } // ManagementAuthorization.Grant(accountName, fqWebPath, false); // WebSite site = webObjectsSvc.GetWebSiteFromIIS(siteName); // string contentPath = webObjectsSvc.GetPhysicalPath(site); // Log.WriteInfo("Site Content Path: {0};", contentPath); // if (IdentityCredentialsMode == "IISMNGR") { SecurityUtils.GrantNtfsPermissionsBySid(contentPath, SystemSID.LOCAL_SERVICE, permissions, true, true); } else { SecurityUtils.GrantNtfsPermissions(contentPath, accountName, permissions, true, true, ServerSettings, String.Empty, String.Empty); } // Restore setting back ServerSettings.ADEnabled = adEnabled; }
private void GrantWebManagementAccessInternally(string siteName, string accountName, string accountPassword, NTFSPermission permissions) { // Preserve setting to restore it back bool adEnabled = ServerSettings.ADEnabled; // !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user // against the web server //ServerSettings.ADEnabled = false; // string fqWebPath = String.Format("/{0}", siteName); // Trace input parameters Log.WriteInfo("Site Name: {0}; Account Name: {1}; Account Password: {2}; FqWebPath: {3};", siteName, accountName, accountPassword, fqWebPath); string contentPath = string.Empty; using (ServerManager srvman = webObjectsSvc.GetServerManager()) { WebSite site = webObjectsSvc.GetWebSiteFromIIS(srvman, siteName); // contentPath = webObjectsSvc.GetPhysicalPath(srvman, site); // Log.WriteInfo("Site Content Path: {0};", contentPath); } string FTPRoot = string.Empty; string FTPDir = string.Empty; if (contentPath.IndexOf("\\\\") != -1) { string[] Tmp = contentPath.Split('\\'); FTPRoot = "\\\\" + Tmp[2] + "\\" + Tmp[3]; FTPDir = contentPath.Replace(FTPRoot, ""); } // string accountNameSid = string.Empty; // if (IdentityCredentialsMode == "IISMNGR") { ManagementAuthentication.CreateUser(accountName, accountPassword); } else { // Create Windows user SecurityUtils.CreateUser( new SystemUser { Name = accountName, FullName = accountName, Description = "WMSVC Service Account created by WebsitePanel", PasswordCantChange = true, PasswordNeverExpires = true, AccountDisabled = false, Password = accountPassword, System = true, MsIIS_FTPDir = FTPDir, MsIIS_FTPRoot = FTPRoot }, ServerSettings, UsersOU, GroupsOU); // Convert account name to the full-qualified one accountName = GetFullQualifiedAccountName(accountName); accountNameSid = GetFullQualifiedAccountNameSid(accountName); // Log.WriteInfo("FQ Account Name: {0};", accountName); } ManagementAuthorization.Grant(accountName, fqWebPath, false); // if (IdentityCredentialsMode == "IISMNGR") { SecurityUtils.GrantNtfsPermissionsBySid(contentPath, SystemSID.LOCAL_SERVICE, permissions, true, true); } else { SecurityUtils.GrantNtfsPermissions(contentPath, accountNameSid, NTFSPermission.Modify, true, true, ServerSettings, UsersOU, GroupsOU); } }