You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

SimpleAccessCmdlets.cs 12 KiB

8 vuotta sitten
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Diagnostics;
  6. using System.Management.Automation;
  7. using Security2;
  8. using Alphaleonis.Win32.Filesystem;
  9. namespace NTFSSecurity
  10. {
  11. #region Get-SimpleAccess
  12. [Cmdlet(VerbsCommon.Get, "NTFSSimpleAccess")]
  13. [OutputType(typeof(Security2.SimpleFileSystemAccessRule))]
  14. public class GetSimpleAccess : GetAccess
  15. {
  16. private bool includeRootFolder = true;
  17. protected List<SimpleFileSystemAccessRule> aceList = new List<SimpleFileSystemAccessRule>();
  18. protected List<DirectoryInfo> directoryList = new List<DirectoryInfo>();
  19. [Parameter]
  20. public SwitchParameter IncludeRootFolder
  21. {
  22. get { return includeRootFolder; }
  23. set { includeRootFolder = value; }
  24. }
  25. Dictionary<string, IEnumerable<SimpleFileSystemAccessRule>> previousAcls = new Dictionary<string, IEnumerable<SimpleFileSystemAccessRule>>();
  26. DirectoryInfo item;
  27. FileSystemInfo previousItem;
  28. bool isFirstFolder = true;
  29. protected override void ProcessRecord()
  30. {
  31. //as this cmdlet retreives also the current working folder to show the permissions.
  32. if (includeRootFolder & isFirstFolder)
  33. {
  34. string rootPath = System.IO.Path.GetDirectoryName(paths[0]);
  35. if (!string.IsNullOrEmpty(rootPath))
  36. {
  37. List<string> l = new List<string>();
  38. l.Add(rootPath);
  39. l.AddRange(paths);
  40. paths = l;
  41. }
  42. }
  43. foreach (var p in paths)
  44. {
  45. try
  46. {
  47. item = GetFileSystemInfo2(p) as DirectoryInfo;
  48. if (item != null)
  49. {
  50. WriteVerbose(string.Format("New folder: {0}", item.FullName));
  51. directoryList.Add(item);
  52. var acl = FileSystemAccessRule2.GetFileSystemAccessRules(item, true, true).Select(ace => ace.ToSimpleFileSystemAccessRule2());
  53. try
  54. {
  55. previousItem = item.GetParent();
  56. }
  57. catch { }
  58. IEnumerable<SimpleFileSystemAccessRule> previousAcl = null;
  59. if (isFirstFolder)
  60. {
  61. previousAcls.Add(item.FullName, acl);
  62. aceList.AddRange(acl);
  63. acl.ForEach(ace => WriteObject(ace));
  64. isFirstFolder = false;
  65. }
  66. else
  67. {
  68. if (previousAcls.ContainsKey(previousItem.FullName))
  69. {
  70. previousAcl = previousAcls[previousItem.FullName];
  71. previousAcls.Add(item.FullName, acl);
  72. List<SimpleFileSystemAccessRule> diffAcl = new List<SimpleFileSystemAccessRule>();
  73. foreach (var ace in acl)
  74. {
  75. var equalsUser = previousAcl.Where(prevAce => prevAce.Identity == ace.Identity);
  76. var equalsUserAndAccessType = previousAcl.Where(prevAce => prevAce.Identity == ace.Identity & prevAce.AccessControlType == ace.AccessControlType);
  77. var equalsRights = previousAcl.Where(prevAce => (prevAce.AccessRights & ace.AccessRights) == ace.AccessRights);
  78. var totalEqual = previousAcl.Where(prevAce => prevAce.Identity == ace.Identity & prevAce.AccessControlType == ace.AccessControlType & (prevAce.AccessRights & ace.AccessRights) == ace.AccessRights);
  79. if (previousAcl.Where(prevAce =>
  80. prevAce.AccessControlType == ace.AccessControlType &
  81. (prevAce.AccessRights & ace.AccessRights) == ace.AccessRights &
  82. prevAce.Identity == ace.Identity).Count() == 0)
  83. {
  84. diffAcl.Add(ace);
  85. }
  86. }
  87. aceList.AddRange(diffAcl);
  88. diffAcl.ForEach(ace => WriteObject(ace));
  89. }
  90. }
  91. }
  92. }
  93. catch (Exception ex)
  94. {
  95. WriteError(new ErrorRecord(ex, "ReadError", ErrorCategory.OpenError, p));
  96. }
  97. }
  98. }
  99. }
  100. #endregion
  101. //#region Get-SimpleEffectiveAccess
  102. //[Cmdlet(VerbsCommon.Get, "SimpleEffectiveAccess")]
  103. //public class GetSimpleEffectiveAccess : GetEffectiveAccess
  104. //{
  105. // private bool includeRootFolder = true;
  106. // protected List<SimpleFileSystemAccessRule> aceList = new List<SimpleFileSystemAccessRule>();
  107. // protected List<DirectoryInfo> directoryList = new List<DirectoryInfo>();
  108. // [Parameter]
  109. // public SwitchParameter IncludeRootFolder
  110. // {
  111. // get { return includeRootFolder; }
  112. // set { includeRootFolder = value; }
  113. // }
  114. // Dictionary<string, IQueryable<SimpleFileSystemAccessRule>> previousAcls = new Dictionary<string, IQueryable<SimpleFileSystemAccessRule>>();
  115. // DirectoryInfo item;
  116. // FileSystemInfo previousItem;
  117. // bool isFirstFolder = true;
  118. // protected override void ProcessRecord()
  119. // {
  120. // //as this cmdlet retreives also the current working folder to show the permissions.
  121. // if (includeRootFolder & isFirstFolder)
  122. // {
  123. // string rootPath = System.IO.Path.GetDirectoryName(path[0]);
  124. // if (!string.IsNullOrEmpty(rootPath))
  125. // {
  126. // List<string> l = new List<string>();
  127. // l.Add(rootPath);
  128. // l.AddRange(path);
  129. // path = l.ToArray<string>();
  130. // }
  131. // }
  132. // foreach (var p in path)
  133. // {
  134. // try
  135. // {
  136. // item = this.GetFileSystemInfo(p) as DirectoryInfo;
  137. // if (item != null)
  138. // {
  139. // WriteVerbose(string.Format("New folder: {0}", item.FullName));
  140. // directoryList.Add(item);
  141. // //var acl = FileSystemAccessRule2.GetFileSystemAccessRules(item, true, true).Select(ace => ace.ToSimpleFileSystemAccessRule2());
  142. // var acl = (new List<SimpleFileSystemAccessRule>() { EffectivePermissions.GetEffectiveAccess(item, Account).ToSimpleFileSystemAccessRule2() }).AsQueryable();
  143. // try
  144. // {
  145. // previousItem = item.GetParent();
  146. // }
  147. // catch { }
  148. // IQueryable<SimpleFileSystemAccessRule> previousAcl = null;
  149. // if (isFirstFolder)
  150. // {
  151. // previousAcls.Add(item.FullName, acl);
  152. // aceList.AddRange(acl);
  153. // acl.ForEach(ace => WriteObject(ace));
  154. // isFirstFolder = false;
  155. // }
  156. // else
  157. // {
  158. // if (previousAcls.ContainsKey(previousItem.FullName))
  159. // {
  160. // previousAcl = previousAcls[previousItem.FullName];
  161. // previousAcls.Add(item.FullName, acl);
  162. // List<SimpleFileSystemAccessRule> diffAcl = new List<SimpleFileSystemAccessRule>();
  163. // foreach (var ace in acl)
  164. // {
  165. // var equalsUser = previousAcl.Where(prevAce => prevAce.Identity == ace.Identity);
  166. // var equalsUserAndAccessType = previousAcl.Where(prevAce => prevAce.Identity == ace.Identity & prevAce.AccessControlType == ace.AccessControlType);
  167. // var equalsRights = previousAcl.Where(prevAce => (prevAce.AccessRights & ace.AccessRights) == ace.AccessRights);
  168. // var totalEqual = previousAcl.Where(prevAce => prevAce.Identity == ace.Identity & prevAce.AccessControlType == ace.AccessControlType & (prevAce.AccessRights & ace.AccessRights) == ace.AccessRights);
  169. // if (previousAcl.Where(prevAce =>
  170. // prevAce.AccessControlType == ace.AccessControlType &
  171. // (prevAce.AccessRights & ace.AccessRights) == ace.AccessRights &
  172. // prevAce.Identity == ace.Identity).Count() == 0)
  173. // {
  174. // diffAcl.Add(ace);
  175. // }
  176. // }
  177. // aceList.AddRange(diffAcl);
  178. // diffAcl.ForEach(ace => WriteObject(ace));
  179. // }
  180. // }
  181. // }
  182. // }
  183. // catch (Exception ex)
  184. // {
  185. // this.WriteError(new ErrorRecord(ex, "ReadError", ErrorCategory.OpenError, p));
  186. // }
  187. // }
  188. // }
  189. //}
  190. //#endregion
  191. #region Show-SimpleAccess
  192. [Cmdlet(VerbsCommon.Show, "SimpleAccess")]
  193. public class ShowSimpleAccess : GetSimpleAccess
  194. {
  195. Stopwatch stopwatch;
  196. protected override void BeginProcessing()
  197. {
  198. stopwatch = new Stopwatch();
  199. stopwatch.Start();
  200. WriteDebug("Running Get-SimpleAccess");
  201. }
  202. protected override void ProcessRecord()
  203. {
  204. base.ProcessRecord();
  205. }
  206. protected override void EndProcessing()
  207. {
  208. stopwatch.Stop();
  209. WriteDebug(string.Format("Runtime of Get-SimpleAccess: {0}.", stopwatch.Elapsed.ToString()));
  210. stopwatch.Reset(); stopwatch.Start();
  211. WriteDebug("Creating TreeView");
  212. ShowSimpleAccessForm form = new ShowSimpleAccessForm();
  213. form.BuildDirectoryTreeNodes(directoryList, aceList.AsQueryable());
  214. stopwatch.Stop();
  215. WriteDebug(string.Format("Creating the Treeview took: {0}.", stopwatch.Elapsed.ToString()));
  216. form.ShowDialog();
  217. }
  218. }
  219. #endregion
  220. //#region Show-SimpleEffectiveAccess
  221. //[Cmdlet(VerbsCommon.Show, "SimpleEffectiveAccess")]
  222. //public class ShowSimpleEffectiveAccess : GetSimpleEffectiveAccess
  223. //{
  224. // Stopwatch stopwatch;
  225. // protected override void BeginProcessing()
  226. // {
  227. // stopwatch = new Stopwatch();
  228. // stopwatch.Start();
  229. // this.WriteDebug("Running Get-SimpleAccess");
  230. // }
  231. // protected override void ProcessRecord()
  232. // {
  233. // base.ProcessRecord();
  234. // }
  235. // protected override void EndProcessing()
  236. // {
  237. // stopwatch.Stop();
  238. // this.WriteDebug(string.Format("Runtime of Get-SimpleAccess: {0}.", stopwatch.Elapsed.ToString()));
  239. // stopwatch.Reset(); stopwatch.Start();
  240. // this.WriteDebug("Creating TreeView");
  241. // ShowSimpleEffectiveAccessForm form = new ShowSimpleEffectiveAccessForm();
  242. // form.BuildDirectoryTreeNodes(directoryList, aceList.AsQueryable());
  243. // stopwatch.Stop();
  244. // this.WriteDebug(string.Format("Creating the Treeview took: {0}.", stopwatch.Elapsed.ToString()));
  245. // form.ShowDialog();
  246. // }
  247. //}
  248. //#endregion
  249. }