Powershell-Modules
/
NTFSSecurity-Module
mirror of https://github.com/raandree/NTFSSecurity
1
0
Fork 0
Code Issues 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
78 Commits
3 Branches
60 MiB
 
 
Tree: 11f4f0b80c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '11f4f0b80c'
${ noResults }
NTFSSecurity-Module/Security2/FileSystem/FileSystemInheritanceInfo.cs

289 lines
11 KiB
Raw Blame History 

  1. using Alphaleonis.Win32.Filesystem;

  2. using System.Security.AccessControl;

  3. using System.Security.Principal;

  4. 

  5. namespace Security2

  6. {

  7. 

  8.     public class FileSystemInheritanceInfo

  9.     {

  10.         private enum InheritanceScope

  11.         {

  12.             Access,

  13.             Audit

  14.         }

  15. 

  16.         private FileSystemInfo item;

  17.         private bool? accessInheritanceEnabled;

  18.         private bool? auditInheritanceEnabled;

  19. 

  20.         public FileSystemInfo Item

  21.         {

  22.             get { return item; }

  23.             set { item = value; }

  24.         }

  25. 

  26.         public bool? AccessInheritanceEnabled

  27.         {

  28.             get { return accessInheritanceEnabled; }

  29.             set { accessInheritanceEnabled = value; }

  30.         }

  31. 

  32.         public bool? AuditInheritanceEnabled

  33.         {

  34.             get { return auditInheritanceEnabled; }

  35.             set { auditInheritanceEnabled = value; }

  36.         }

  37. 

  38.         public string FullName { get { return Item.FullName; } }

  39. 

  40.         public string Name { get { return Path.GetFileName(item.FullName); } }

  41. 

  42.         private FileSystemInheritanceInfo(FileSystemInfo item, bool? accessInheritanceEnabled, bool? auditInheritanceEnabled)

  43.         {

  44.             this.item = item;

  45.             this.accessInheritanceEnabled = accessInheritanceEnabled;

  46.             this.auditInheritanceEnabled = auditInheritanceEnabled;

  47.         }

  48. 

  49.         #region GetFileSystemInheritanceInfo

  50.         public static FileSystemInheritanceInfo GetFileSystemInheritanceInfo(string path)

  51.         {

  52.             var item = new FileInfo(path);

  53.             return GetFileSystemInheritanceInfo(item);

  54.         }

  55. 

  56.         public static FileSystemInheritanceInfo GetFileSystemInheritanceInfo(FileSystemInfo item)

  57.         {

  58.             if (item is FileInfo)

  59.             {

  60. 

  61.                 bool? areAuditRulesProtected = null;

  62. 

  63.                 var areAccessRulesProtected = ((FileInfo)item).GetAccessControl(AccessControlSections.Access).AreAccessRulesProtected;

  64. 

  65.                 try

  66.                 {

  67.                     areAuditRulesProtected = ((FileInfo)item).GetAccessControl(AccessControlSections.Audit).AreAuditRulesProtected;

  68.                 }

  69.                 catch (System.IO.IOException)

  70.                 {

  71.                     //log that the security privilege is missing

  72.                 }

  73. 

  74.                 return new FileSystemInheritanceInfo(item, !areAccessRulesProtected, !areAuditRulesProtected);

  75.             }

  76.             else

  77.             {

  78.                 bool? areAuditRulesProtected = null;

  79. 

  80.                 var areAccessRulesProtected = ((DirectoryInfo)item).GetAccessControl(AccessControlSections.Access).AreAccessRulesProtected;

  81. 

  82.                 try

  83.                 {

  84.                     areAuditRulesProtected = ((DirectoryInfo)item).GetAccessControl(AccessControlSections.Audit).AreAuditRulesProtected;

  85.                 }

  86.                 catch (System.IO.IOException)

  87.                 {

  88.                     //log that the security privilege is missing

  89.                 }

  90. 

  91.                 return new FileSystemInheritanceInfo(item, !areAccessRulesProtected, !areAuditRulesProtected);

  92.             }

  93.         }

  94. 

  95.         public static FileSystemInheritanceInfo GetFileSystemInheritanceInfo(FileSystemSecurity2 sd)

  96.         {

  97.             return new FileSystemInheritanceInfo(sd.Item, !sd.SecurityDescriptor.AreAccessRulesProtected, !sd.SecurityDescriptor.AreAuditRulesProtected);            

  98.         }

  99.         #endregion GetFileSystemInheritanceInfo

  100. 

  101.         #region Enable / DisableInheritance internal

  102.         private static void EnableInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules, InheritanceScope scope)

  103.         {

  104.             if (sd.IsFile)

  105.             {

  106.                 if (scope == InheritanceScope.Access)

  107.                 {

  108.                     sd.SecurityDescriptor.SetAccessRuleProtection(false, false);

  109. 

  110.                     //if RemoveExplicitAccessRules is set

  111.                     if (removeExplicitAccessRules)

  112.                     {

  113.                         //remove all explicitly set ACEs from the item

  114.                         foreach (FileSystemAccessRule ace in ((FileSecurity)sd.SecurityDescriptor).GetAccessRules(true, false, typeof(SecurityIdentifier)))

  115.                         {

  116.                             ((FileSecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);

  117.                         }

  118.                     }

  119.                 }

  120.                 else

  121.                 {

  122.                     sd.SecurityDescriptor.SetAuditRuleProtection(false, false);

  123. 

  124.                     //if RemoveExplicitAccessRules is set

  125.                     if (removeExplicitAccessRules)

  126.                     {

  127.                         //remove all explicitly set ACEs from the item

  128.                         foreach (FileSystemAuditRule ace in ((FileSecurity)sd.SecurityDescriptor).GetAuditRules(true, false, typeof(SecurityIdentifier)))

  129.                         {

  130.                             ((FileSecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);

  131.                         }

  132.                     }

  133.                 }

  134.             }

  135.             else

  136.             {

  137.                 if (scope == InheritanceScope.Access)

  138.                 {

  139.                     ((DirectorySecurity)sd.SecurityDescriptor).SetAccessRuleProtection(false, false);

  140. 

  141.                     //if RemoveExplicitAccessRules is set

  142.                     if (removeExplicitAccessRules)

  143.                     {

  144.                         //remove all explicitly set ACEs from the item

  145.                         foreach (FileSystemAccessRule ace in ((DirectorySecurity)sd.SecurityDescriptor).GetAccessRules(true, false, typeof(SecurityIdentifier)))

  146.                         {

  147.                             ((DirectorySecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);

  148.                         }

  149.                     }

  150.                 }

  151.                 else

  152.                 {

  153.                     ((DirectorySecurity)sd.SecurityDescriptor).SetAuditRuleProtection(false, false);

  154. 

  155.                     //if RemoveExplicitAccessRules is set

  156.                     if (removeExplicitAccessRules)

  157.                     {

  158.                         //remove all explicitly set ACEs from the item

  159.                         foreach (FileSystemAuditRule ace in ((DirectorySecurity)sd.SecurityDescriptor).GetAuditRules(true, false, typeof(SecurityIdentifier)))

  160.                         {

  161.                             ((DirectorySecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);

  162.                         }

  163.                     }

  164.                 }

  165.             }

  166.         }

  167. 

  168.         private static void DisableInheritance(FileSystemSecurity2 sd, bool removeInheritedAccessRules, InheritanceScope scope)

  169.         {

  170.             if (sd.IsFile)

  171.             {

  172.                 if (scope == InheritanceScope.Access)

  173.                     ((FileSecurity)sd.SecurityDescriptor).SetAccessRuleProtection(true, !removeInheritedAccessRules);

  174.                 else

  175.                     ((FileSecurity)sd.SecurityDescriptor).SetAuditRuleProtection(true, !removeInheritedAccessRules);

  176.             }

  177.             else

  178.             {

  179.                 if (scope == InheritanceScope.Access)

  180.                     ((DirectorySecurity)sd.SecurityDescriptor).SetAccessRuleProtection(true, !removeInheritedAccessRules);

  181.                 else

  182.                     ((DirectorySecurity)sd.SecurityDescriptor).SetAuditRuleProtection(true, !removeInheritedAccessRules);

  183.             }

  184.         }

  185.         #endregion Enable / DisableInheritance internal

  186. 

  187.         #region Public Methods using SecurityDescriptor

  188.         public static void EnableAccessInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)

  189.         {

  190.             EnableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Access);

  191.         }

  192. 

  193.         public static void EnableAuditInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)

  194.         {

  195.             EnableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Audit);

  196.         }

  197. 

  198.         public static void DisableAccessInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)

  199.         {

  200.             DisableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Access);

  201.         }

  202. 

  203.         public static void DisableAuditInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)

  204.         {

  205.             DisableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Audit);

  206.         }

  207.         #endregion Public Methods using SecurityDescriptor

  208. 

  209.         #region Public Methods using FileSystemInfo

  210.         public static void EnableAccessInheritance(FileSystemInfo item, bool removeExplicitAccessRules)

  211.         {

  212.             var sd = new FileSystemSecurity2(item, AccessControlSections.Access);

  213.             EnableAccessInheritance(sd, removeExplicitAccessRules);

  214.             sd.Write();

  215.         }

  216. 

  217.         public static void DisableAccessInheritance(FileSystemInfo item, bool removeInheritedAccessRules)

  218.         {

  219.             var sd = new FileSystemSecurity2(item, AccessControlSections.Access);

  220.             DisableAccessInheritance(sd, removeInheritedAccessRules);

  221.             sd.Write();

  222.         }

  223. 

  224.         public static void EnableAuditInheritance(FileSystemInfo item, bool removeExplicitAccessRules)

  225.         {

  226.             var sd = new FileSystemSecurity2(item, AccessControlSections.Audit);

  227.             EnableAuditInheritance(sd, removeExplicitAccessRules);

  228.             sd.Write();

  229.         }

  230. 

  231.         public static void DisableAuditInheritance(FileSystemInfo item, bool removeInheritedAccessRules)

  232.         {

  233.             var sd = new FileSystemSecurity2(item, AccessControlSections.Audit);

  234.             DisableAuditInheritance(sd, removeInheritedAccessRules);

  235.             sd.Write();

  236.         }

  237.         #endregion Public Methods using FileSystemInfo

  238. 

  239.         #region Public Methods using Path

  240.         public static void EnableAccessInheritance(string path, bool removeExplicitAccessRules)

  241.         {

  242.             if (File.Exists(path))

  243.             {

  244.                 EnableAccessInheritance(new FileInfo(path), removeExplicitAccessRules);

  245.             }

  246.             else if (Directory.Exists(path))

  247.             {

  248.                 EnableAccessInheritance(new DirectoryInfo(path), removeExplicitAccessRules);

  249.             }

  250.         }

  251. 

  252.         public static void DisableAccessInheritance(string path, bool removeInheritedAccessRules)

  253.         {

  254.             if (File.Exists(path))

  255.             {

  256.                 DisableAccessInheritance(new FileInfo(path), removeInheritedAccessRules);

  257.             }

  258.             else if (Directory.Exists(path))

  259.             {

  260.                 DisableAccessInheritance(new DirectoryInfo(path), removeInheritedAccessRules);

  261.             }

  262.         }

  263. 

  264.         public static void EnableAuditInheritance(string path, bool removeExplicitAccessRules)

  265.         {

  266.             if (File.Exists(path))

  267.             {

  268.                 EnableAuditInheritance(new FileInfo(path), removeExplicitAccessRules);

  269.             }

  270.             else if (Directory.Exists(path))

  271.             {

  272.                 EnableAuditInheritance(new DirectoryInfo(path), removeExplicitAccessRules);

  273.             }

  274.         }

  275. 

  276.         public static void DisableAuditInheritance(string path, bool removeInheritedAccessRules)

  277.         {

  278.             if (File.Exists(path))

  279.             {

  280.                 DisableAuditInheritance(new FileInfo(path), removeInheritedAccessRules);

  281.             }

  282.             else if (Directory.Exists(path))

  283.             {

  284.                 DisableAuditInheritance(new DirectoryInfo(path), removeInheritedAccessRules);

  285.             }

  286.         }

  287.         #endregion Public Methods using Path

  288.     }

  289. }