You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

GetAudit.cs 5.2 KiB

7 years ago
7 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
  1. using Alphaleonis.Win32.Filesystem;
  2. using Security2;
  3. using System;
  4. using System.Collections.Generic;
  5. using System.Linq;
  6. using System.Management.Automation;
  7. namespace NTFSSecurity
  8. {
  9. [Cmdlet(VerbsCommon.Get, "NTFSAudit")]
  10. [OutputType(typeof(FileSystemAuditRule2))]
  11. public class GetAudit : BaseCmdletWithPrivControl
  12. {
  13. private bool excludeInherited;
  14. private bool excludeExplicit;
  15. private IdentityReference2 account;
  16. protected bool getInheritedFrom = false;
  17. [Parameter(Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "Path")]
  18. [ValidateNotNullOrEmpty]
  19. [Alias("FullName")]
  20. public string[] Path
  21. {
  22. get { return paths.ToArray(); }
  23. set
  24. {
  25. paths.Clear();
  26. paths.AddRange(value);
  27. }
  28. }
  29. [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SD")]
  30. [ValidateNotNullOrEmpty]
  31. public FileSystemSecurity2[] SecurityDescriptor
  32. {
  33. get { return securityDescriptors.ToArray(); }
  34. set
  35. {
  36. securityDescriptors.Clear();
  37. securityDescriptors.AddRange(value);
  38. }
  39. }
  40. [Parameter(ValueFromRemainingArguments = true)]
  41. [Alias("IdentityReference, ID")]
  42. [ValidateNotNullOrEmpty]
  43. public IdentityReference2 Account
  44. {
  45. get { return account; }
  46. set { account = value; }
  47. }
  48. [Parameter]
  49. public SwitchParameter ExcludeExplicit
  50. {
  51. get { return excludeExplicit; }
  52. set { excludeExplicit = value; }
  53. }
  54. [Parameter]
  55. public SwitchParameter ExcludeInherited
  56. {
  57. get { return excludeInherited; }
  58. set { excludeInherited = value; }
  59. }
  60. protected override void BeginProcessing()
  61. {
  62. base.BeginProcessing();
  63. getInheritedFrom = (bool)((System.Collections.Hashtable)MyInvocation.MyCommand.Module.PrivateData)["GetInheritedFrom"];
  64. if (paths.Count == 0)
  65. {
  66. paths = new List<string>() { GetVariableValue("PWD").ToString() };
  67. }
  68. }
  69. protected override void ProcessRecord()
  70. {
  71. IEnumerable<FileSystemAuditRule2> acl = null;
  72. FileSystemInfo item = null;
  73. if (ParameterSetName == "Path")
  74. {
  75. foreach (var path in paths)
  76. {
  77. try
  78. {
  79. item = GetFileSystemInfo2(path);
  80. }
  81. catch (Exception ex)
  82. {
  83. WriteError(new ErrorRecord(ex, "ReadFileError", ErrorCategory.OpenError, path));
  84. continue;
  85. }
  86. try
  87. {
  88. acl = FileSystemAuditRule2.GetFileSystemAuditRules(item, !excludeExplicit, !excludeInherited, getInheritedFrom);
  89. }
  90. catch (UnauthorizedAccessException)
  91. {
  92. try
  93. {
  94. var ownerInfo = FileSystemOwner.GetOwner(item);
  95. var previousOwner = ownerInfo.Owner;
  96. FileSystemOwner.SetOwner(item, System.Security.Principal.WindowsIdentity.GetCurrent().User);
  97. acl = FileSystemAuditRule2.GetFileSystemAuditRules(item, !excludeExplicit, !excludeInherited, getInheritedFrom);
  98. FileSystemOwner.SetOwner(item, previousOwner);
  99. }
  100. catch (Exception ex2)
  101. {
  102. WriteError(new ErrorRecord(ex2, "ReadSecurityError", ErrorCategory.WriteError, path));
  103. continue;
  104. }
  105. }
  106. catch (Exception ex)
  107. {
  108. WriteError(new ErrorRecord(ex, "ReadSecurityError", ErrorCategory.OpenError, path));
  109. continue;
  110. }
  111. finally
  112. {
  113. if (acl != null)
  114. {
  115. if (account != null)
  116. {
  117. acl = acl.Where(ace => ace.Account == account);
  118. }
  119. acl.ForEach(ace => WriteObject(ace));
  120. }
  121. }
  122. }
  123. }
  124. else
  125. {
  126. foreach (var sd in securityDescriptors)
  127. {
  128. acl = FileSystemAuditRule2.GetFileSystemAuditRules(sd, !excludeExplicit, !excludeInherited, getInheritedFrom);
  129. if (account != null)
  130. {
  131. acl = acl.Where(ace => ace.Account == account);
  132. }
  133. acl.ForEach(ace => WriteObject(ace));
  134. }
  135. }
  136. }
  137. }
  138. }