/// <summary> /// Grants NTFS permissions by SID /// </summary> /// <param name="path"></param> /// <param name="sid"></param> /// <param name="permissions"></param> /// <param name="inheritParentPermissions"></param> /// <param name="preserveOriginalPermissions"></param> internal static void GrantNtfsPermissionsBySid(string path, string sid, NtfsPermission permissions, bool inheritParentPermissions, bool preserveOriginalPermissions) { // remove trailing slash if any if (path.EndsWith("\\")) { path = path.Substring(0, path.Length - 1); } // get security settings ManagementObject logicalFileSecuritySetting = wmi.GetObject(String.Format( "Win32_LogicalFileSecuritySetting.Path='{0}'", path)); // get original security descriptor ManagementBaseObject outParams = logicalFileSecuritySetting.InvokeMethod("GetSecurityDescriptor", null, null); ManagementBaseObject originalDescriptor = ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value)); // create new descriptor ManagementBaseObject descriptor = wmi.GetClass("Win32_SecurityDescriptor").CreateInstance(); descriptor.Properties["ControlFlags"].Value = inheritParentPermissions ? (uint)33796 : (uint)37892; // get original ACEs ManagementBaseObject[] originalAces = ((ManagementBaseObject[])(originalDescriptor.Properties["DACL"].Value)); // create a new ACEs list List <ManagementBaseObject> aces = new List <ManagementBaseObject>(); // copy original ACEs if required if (preserveOriginalPermissions) { foreach (ManagementBaseObject originalAce in originalAces) { // we don't want to include inherited and current ACEs ManagementBaseObject objTrustee = (ManagementBaseObject)originalAce.Properties["Trustee"].Value; string trusteeSid = (string)objTrustee.Properties["SIDString"].Value; bool inheritedAce = ((AceFlags)originalAce.Properties["AceFlags"].Value & AceFlags.INHERITED_ACE) > 0; if (String.Compare(trusteeSid, sid, true) != 0 && !inheritedAce) { aces.Add(originalAce); } } } // create new trustee object ManagementObject trustee = GetTrustee(sid); // system access mask uint mask = 0; if ((permissions & NtfsPermission.FullControl) > 0) { mask |= 0x1f01ff; } if ((permissions & NtfsPermission.Modify) > 0) { mask |= 0x1301bf; } if ((permissions & NtfsPermission.Write) > 0) { mask |= 0x100116 | 0x10000 | 0x40; } if ((permissions & NtfsPermission.Read) > 0) { mask |= 0x120089; } bool executeEnabled = ((permissions & NtfsPermission.Execute) > 0); bool listEnabled = ((permissions & NtfsPermission.ListFolderContents) > 0); bool equalState = (executeEnabled == listEnabled); // create and add to be modified ACE ManagementObject ace; if (equalState || (permissions & NtfsPermission.FullControl) > 0 || (permissions & NtfsPermission.Modify) > 0) // both "Execute" and "List" enabled or disabled { if ((permissions & NtfsPermission.Execute) > 0) { mask |= (uint)SystemAccessMask.FILE_TRAVERSE; } ace = wmi.GetClass("Win32_Ace").CreateInstance(); ace["Trustee"] = trustee; ace["AceFlags"] = AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE; ace["AceType"] = 0; // "Allow" type ace["AccessMask"] = mask; aces.Add(ace); } else // either "Execute" or "List" enabled or disabled { // we should place a separate permissions for folders and files // add FOLDER specific permissions uint foldersMask = mask; if ((permissions & NtfsPermission.ListFolderContents) > 0) { foldersMask |= (uint)SystemAccessMask.FILE_TRAVERSE; } ace = wmi.GetClass("Win32_Ace").CreateInstance(); ace["Trustee"] = trustee; ace["AceFlags"] = AceFlags.CONTAINER_INHERIT_ACE; ace["AceType"] = 0; // "Allow" type ace["AccessMask"] = foldersMask; // set default permissions aces.Add(ace); // add files specific permissions uint filesMask = mask; if ((permissions & NtfsPermission.Execute) > 0) { filesMask |= (uint)SystemAccessMask.FILE_TRAVERSE; } ace = wmi.GetClass("Win32_Ace").CreateInstance(); ace["Trustee"] = trustee; ace["AceFlags"] = AceFlags.OBJECT_INHERIT_ACE; ace["AceType"] = 0; // "Allow" type ace["AccessMask"] = filesMask; // set default permissions aces.Add(ace); } // set newly created ACEs ManagementBaseObject[] newAces = aces.ToArray(); descriptor.Properties["DACL"].Value = newAces; // set security descriptor ManagementBaseObject inParams = logicalFileSecuritySetting.GetMethodParameters("SetSecurityDescriptor"); inParams["Descriptor"] = descriptor; outParams = logicalFileSecuritySetting.InvokeMethod("SetSecurityDescriptor", inParams, null); // check results uint result = (uint)(outParams.Properties["ReturnValue"].Value); logicalFileSecuritySetting.Dispose(); }
/// <summary> /// Retreives site by site id. /// </summary> /// <param name="siteId">Site id.</param> /// <returns>Site object.</returns> internal static WebSiteItem GetSite(string siteId) { WebSiteItem site = new WebSiteItem(); // get web server settings object ManagementObject objSite = wmi.GetObject(String.Format("IIsWebServerSetting='{0}'", siteId)); FillWebSiteFromWmiObject(site, objSite); // get ROOT vritual directory settings object ManagementObject objVirtDir = wmi.GetObject( String.Format("IIsWebVirtualDirSetting='{0}'", GetVirtualDirectoryPath(siteId, ""))); FillVirtualDirectoryFromWmiObject(site, objVirtDir); FillVirtualDirectoryRestFromWmiObject(site, objVirtDir); return(site); }