public static bool UserHasRights(FileSystemSecurity sec)
{
NTAccount usersAccount = GetUsersAccount();
return Enumerable.Any(Enumerable.OfType<FileSystemAccessRule>(sec.GetAccessRules(true, true, typeof(NTAccount))), r =>
{
if (r.FileSystemRights == FileSystemRights.FullControl && r.AccessControlType == AccessControlType.Allow && r.InheritanceFlags == (InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit))
return r.IdentityReference == usersAccount;
return false;
});
}
public FileSystemAccessRule Create(System.Security.AccessControl.FileSystemSecurity owner)
{
return((FileSystemAccessRule)owner.AccessRuleFactory(
new System.Security.Principal.SecurityIdentifier(SID),
(int)Rights,
Inherited,
Inheritance,
Propagation,
ControlType));
}
private static bool TryGetFileSecurity(string path, AccessControlSections sectionsNeeded,
out FileSystemSecurity security)
{
var exists = false;
security = null;
if (File.Exists(path))
{
exists = true;
security = File.GetAccessControl(path, sectionsNeeded);
}
return exists;
}
private bool TryGetDirectorySecurity(string path, AccessControlSections sectionsNeeded,
out FileSystemSecurity security)
{
var exists = false;
security = null;
if (Directory.Exists(path))
{
exists = true;
security = Directory.GetAccessControl(path, sectionsNeeded);
}
return exists;
}
internal static void SetAccessControlExtracted(FileSystemSecurity security, string name)
{
//security.WriteLock();
AccessControlSections includeSections = AccessControlSections.Audit | AccessControlSections.Owner | AccessControlSections.Group;
SecurityInfos securityInfo = (SecurityInfos)0;
SecurityIdentifier owner = null;
SecurityIdentifier group = null;
SystemAcl sacl = null;
DiscretionaryAcl dacl = null;
if ((includeSections & AccessControlSections.Owner) != AccessControlSections.None)
{
owner = (SecurityIdentifier)security.GetOwner(typeof(SecurityIdentifier));
if (owner != null)
{
securityInfo = securityInfo | SecurityInfos.Owner;
}
}
if ((includeSections & AccessControlSections.Group) != AccessControlSections.None)
{
@group = (SecurityIdentifier)security.GetGroup(typeof(SecurityIdentifier));
if (@group != null)
{
securityInfo = securityInfo | SecurityInfos.Group;
}
}
var securityDescriptorBinaryForm = security.GetSecurityDescriptorBinaryForm();
RawSecurityDescriptor rawSecurityDescriptor = null;
bool isDiscretionaryAclPresent = false;
if (securityDescriptorBinaryForm != null)
{
rawSecurityDescriptor = new RawSecurityDescriptor(securityDescriptorBinaryForm, 0);
isDiscretionaryAclPresent = (rawSecurityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent) != ControlFlags.None;
}
if ((includeSections & AccessControlSections.Audit) != AccessControlSections.None)
{
securityInfo = securityInfo | SecurityInfos.SystemAcl;
sacl = null;
if (rawSecurityDescriptor != null)
{
var isSystemAclPresent = (rawSecurityDescriptor.ControlFlags & ControlFlags.SystemAclPresent) != ControlFlags.None;
if (isSystemAclPresent && rawSecurityDescriptor.SystemAcl != null && rawSecurityDescriptor.SystemAcl.Count > 0)
{
// are all system acls on a file not a container?
const bool notAContainer = false;
const bool notADirectoryObjectACL = false;
sacl = new SystemAcl(notAContainer, notADirectoryObjectACL,
rawSecurityDescriptor.SystemAcl);
}
securityInfo = (SecurityInfos)(((rawSecurityDescriptor.ControlFlags & ControlFlags.SystemAclProtected) == ControlFlags.None ?
(uint)securityInfo | UnprotectedSystemAcl : (uint)securityInfo | ProtectedSystemAcl));
}
}
if ((includeSections & AccessControlSections.Access) != AccessControlSections.None && isDiscretionaryAclPresent)
{
securityInfo = securityInfo | SecurityInfos.DiscretionaryAcl;
dacl = null;
if (rawSecurityDescriptor != null)
{
//if (!this._securityDescriptor.DiscretionaryAcl.EveryOneFullAccessForNullDacl)
{
dacl = new DiscretionaryAcl(false, false, rawSecurityDescriptor.DiscretionaryAcl);
}
securityInfo = (SecurityInfos)(((rawSecurityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclProtected) == ControlFlags.None ?
(uint)securityInfo | UnprotectedDiscretionaryAcl : (uint)securityInfo | ProtectedDiscretionaryAcl));
}
}
if (securityInfo == 0) return;
int errorNum = SetSecurityInfo(ResourceType.FileObject, name, null, securityInfo, owner, @group, sacl, dacl);
if (errorNum != 0)
{
Exception exception = GetExceptionFromWin32Error(errorNum, name);
if (exception == null)
{
if (errorNum == NativeMethods.ERROR_ACCESS_DENIED)
{
exception = new UnauthorizedAccessException();
}
else if (errorNum == NativeMethods.ERROR_INVALID_OWNER)
{
exception = new InvalidOperationException("Invalid owner");
}
else if (errorNum == NativeMethods.ERROR_INVALID_PRIMARY_GROUP)
{
exception = new InvalidOperationException("Invalid group");
}
else if (errorNum == NativeMethods.ERROR_INVALID_NAME)
{
exception = new ArgumentException("Invalid name", "name");
}
else if (errorNum == NativeMethods.ERROR_INVALID_HANDLE)
{
exception = new NotSupportedException("Invalid Handle");
}
else if (errorNum == NativeMethods.ERROR_FILE_NOT_FOUND)
{
exception = new FileNotFoundException();
}
else if (errorNum != NativeMethods.ERROR_NO_SECURITY_ON_OBJECT)
{
exception = new InvalidOperationException("Unexpected error");
}
else
{
exception = new NotSupportedException("No associated security");
}
}
throw exception;
}
//finally
//{
//security.WriteLUnlck();
//}
}
/// <summary> /// Sets the access control security on all files and directories in the set. /// </summary> /// <param name="security">The security to apply.</param> /// <returns>The set</returns> public static Path AccessControl(this Path path, FileSystemSecurity security) => AccessControl(path, p => security);
DokanError IDokanOperations.GetFileSecurity(string filename, out FileSystemSecurity security,
AccessControlSections sections, DokanFileInfo info)
{
//Log("GetSecurrityInfo:{0}:{1}", filename, sections);
LogFSActionInit("GetFileSecurity", filename, (SftpContext)info.Context, "Sections:{0}",sections);
var sftpattributes = (info.Context as SftpContext).Attributes;
var rights = FileSystemRights.ReadPermissions | FileSystemRights.ReadExtendedAttributes |
FileSystemRights.ReadAttributes | FileSystemRights.Synchronize;
if (UserCanRead(sftpattributes))
{
rights |= FileSystemRights.ReadData;
}
if (UserCanWrite(sftpattributes))
{
rights |= FileSystemRights.Write;
}
if (UserCanExecute(sftpattributes) && info.IsDirectory)
{
rights |= FileSystemRights.Traverse;
}
security = info.IsDirectory ? new DirectorySecurity() as FileSystemSecurity : new FileSecurity();
// if(sections.HasFlag(AccessControlSections.Access))
security.AddAccessRule(new FileSystemAccessRule("Everyone", rights, AccessControlType.Allow));
security.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl ^ rights,
AccessControlType.Deny));
//not sure this works at all, needs testing
// if (sections.HasFlag(AccessControlSections.Owner))
security.SetOwner(new NTAccount("None"));
// if (sections.HasFlag(AccessControlSections.Group))
security.SetGroup(new NTAccount("None"));
LogFSActionSuccess("GetFileSecurity", filename, (SftpContext)info.Context, "Sections:{0} Rights:{1}", sections, rights);
return DokanError.ErrorSuccess;
}
DokanError IDokanOperations.SetFileSecurity(string filename, FileSystemSecurity security,
AccessControlSections sections, DokanFileInfo info)
{
//Log("TrySetSecurity:{0}", filename);
LogFSActionError("SetFileSecurity", filename, (SftpContext)info.Context, "NI");
return DokanError.ErrorAccessDenied;
}
public NtStatus GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
{
security = info.IsDirectory
? new DirectorySecurity() as FileSystemSecurity
: new FileSecurity() as FileSystemSecurity;
return Trace(nameof(GetFileSecurity), fileName, info, DokanResult.Success, $"out {security}", $"{sections}");
}
private static void SetFileSystemSecurity(string path, FileSystemSecurity security)
{
if (Directory.Exists(path))
new DirectoryInfo(path).SetAccessControl((DirectorySecurity)security);
else if (File.Exists(path))
new FileInfo(path).SetAccessControl((FileSecurity)security);
}
public DokanError SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections,
DokanFileInfo info)
{
try
{
if (info.IsDirectory)
{
Directory.SetAccessControl(GetPath(fileName), (DirectorySecurity) security);
}
else
{
File.SetAccessControl(GetPath(fileName), (FileSecurity) security);
}
return DokanError.ErrorSuccess;
}
catch (UnauthorizedAccessException)
{
return DokanError.ErrorAccessDenied;
}
}
protected IList<FileSystemAccessRule> FindAccessRules(FileSystemSecurity security)
{
System.Security.Principal.NTAccount typedAccount = GetNTAccount();
List<FileSystemAccessRule> result = new List<FileSystemAccessRule>();
foreach (FileSystemAccessRule fileSystemAccessRule in security.GetAccessRules(true, false, typeof(NTAccount)))
{
if (fileSystemAccessRule.IdentityReference.Value.Equals(typedAccount.Value,
StringComparison.InvariantCultureIgnoreCase))
{
result.Add(fileSystemAccessRule);
}
}
return result;
}
public DokanError SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
{
return ope_.SetFileSecurity(fileName, security, sections, info);
}
public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections,
DokanFileInfo info)
{
throw new NotImplementedException();
}
private void GetAccessRules(FileSystemSecurity fsSecurity, PropertyInfo file)
{
try
{
var getOwner = fsSecurity.GetOwner(typeof (SecurityIdentifier));
if (getOwner != null)
{
string ownerIdentifier = fsSecurity.GetOwner(typeof(SecurityIdentifier)).Value;
//var owner = fsSecurity.GetOwner(typeof(SecurityIdentifier));
//var nameOwner = owner.Translate(typeof(NTAccount)).Value;
file.Owner = ownerIdentifier;
}
}
catch(Exception ex){
/*
System.Security.Principal.IdentityNotMappedException was unhandled
Message="Some or all identity references could not be translated."
*/
SaveExc.Save(ex);
}
WindowsIdentity wi = WindowsIdentity.GetCurrent();
AuthorizationRuleCollection rules = fsSecurity.GetAccessRules(true, true, typeof(SecurityIdentifier));
foreach (FileSystemAccessRule rl in rules)
{
GetAccessRules(wi, rl, FileSystemRights.FullControl, file);
GetAccessRules(wi, rl, FileSystemRights.Modify, file);
GetAccessRules(wi, rl, FileSystemRights.Read, file);
GetAccessRules(wi, rl, FileSystemRights.ReadAndExecute, file);
GetAccessRules(wi, rl, FileSystemRights.Write, file);
}
}
DokanError IDokanOperations.SetFileSecurity(string fileName, FileSystemSecurity security,
AccessControlSections sections, DokanFileInfo info)
{
Log("VFS TrySetSecurity:{0}", fileName);
SftpDrive drive = this.GetDriveByMountPoint(fileName, out fileName);
if (drive != null)
return GetSubSystemOperations(drive).SetFileSecurity(fileName, security, sections, info);
return DokanError.ErrorAccessDenied;
}
public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
{
return Trace(nameof(SetFileAttributes), fileName, info, DokanResult.NotImplemented, sections.ToString());
}
public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections,
DokanFileInfo info)
{
return DokanResult.Error;
}
public DokanError GetFileSecurity(string fileName, out FileSystemSecurity security,
AccessControlSections sections, DokanFileInfo info)
{
try
{
security = info.IsDirectory
? (FileSystemSecurity) Directory.GetAccessControl(GetPath(fileName))
: File.GetAccessControl(GetPath(fileName));
return DokanError.ErrorSuccess;
}
catch (UnauthorizedAccessException)
{
security = null;
return DokanError.ErrorAccessDenied;
}
}
DokanError IDokanOperations.SetFileSecurity(string filename, FileSystemSecurity security,
AccessControlSections sections, DokanFileInfo info)
{
Log("TrySetSecurity:{0}", filename);
return DokanError.ErrorAccessDenied;
}
public DokanError SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections,
DokanFileInfo info)
{
return DokanError.ErrorError;
}
public NtStatus GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
{
try
{
security = info.IsDirectory
? (FileSystemSecurity)Directory.GetAccessControl(GetPath(fileName))
: File.GetAccessControl(GetPath(fileName));
return Trace("GetFileSecurity", fileName, info, DokanResult.Success, sections.ToString());
}
catch (UnauthorizedAccessException)
{
security = null;
return Trace("GetFileSecurity", fileName, info, DokanResult.AccessDenied, sections.ToString());
}
}
internal static bool UserHasRights(FileSystemSecurity sec)
{
NTAccount usersAccount = GetUsersAccount();
return sec.GetAccessRules(true, true, typeof(NTAccount)).OfType<FileSystemAccessRule>().Any<FileSystemAccessRule>(r => ((((r.FileSystemRights == FileSystemRights.FullControl) && (r.AccessControlType == AccessControlType.Allow)) && (r.InheritanceFlags == (InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit))) && (r.IdentityReference == usersAccount)));
}
public DokanError GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
{
security = null;
return DokanError.ErrorAccessDenied;
}
public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
{
try
{
if (info.IsDirectory)
{
Directory.SetAccessControl(GetPath(fileName), (DirectorySecurity)security);
}
else
{
File.SetAccessControl(GetPath(fileName), (FileSecurity)security);
}
return Trace("SetFileSecurity", fileName, info, DokanResult.Success, sections.ToString());
}
catch (UnauthorizedAccessException)
{
return Trace("SetFileSecurity", fileName, info, DokanResult.AccessDenied, sections.ToString());
}
}
NtStatus IDokanOperations.SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info)
{
return Operations.SetFileSecurity(fileName, security, sections, info);
}
