|
- using Alphaleonis.Win32.Filesystem;
- using System.Security.AccessControl;
- using System.Security.Principal;
-
- namespace Security2
- {
-
- public class FileSystemInheritanceInfo
- {
- private enum InheritanceScope
- {
- Access,
- Audit
- }
-
- private FileSystemInfo item;
- private bool? accessInheritanceEnabled;
- private bool? auditInheritanceEnabled;
-
- public FileSystemInfo Item
- {
- get { return item; }
- set { item = value; }
- }
-
- public bool? AccessInheritanceEnabled
- {
- get { return accessInheritanceEnabled; }
- set { accessInheritanceEnabled = value; }
- }
-
- public bool? AuditInheritanceEnabled
- {
- get { return auditInheritanceEnabled; }
- set { auditInheritanceEnabled = value; }
- }
-
- public string FullName { get { return Item.FullName; } }
-
- public string Name { get { return Path.GetFileName(item.FullName); } }
-
- private FileSystemInheritanceInfo(FileSystemInfo item, bool? accessInheritanceEnabled, bool? auditInheritanceEnabled)
- {
- this.item = item;
- this.accessInheritanceEnabled = accessInheritanceEnabled;
- this.auditInheritanceEnabled = auditInheritanceEnabled;
- }
-
- #region GetFileSystemInheritanceInfo
- public static FileSystemInheritanceInfo GetFileSystemInheritanceInfo(string path)
- {
- var item = new FileInfo(path);
- return GetFileSystemInheritanceInfo(item);
- }
-
- public static FileSystemInheritanceInfo GetFileSystemInheritanceInfo(FileSystemInfo item)
- {
- if (item is FileInfo)
- {
-
- bool? areAuditRulesProtected = null;
-
- var areAccessRulesProtected = ((FileInfo)item).GetAccessControl(AccessControlSections.Access).AreAccessRulesProtected;
-
- try
- {
- areAuditRulesProtected = ((FileInfo)item).GetAccessControl(AccessControlSections.Audit).AreAuditRulesProtected;
- }
- catch (System.IO.IOException)
- {
- //log that the security privilege is missing
- }
-
- return new FileSystemInheritanceInfo(item, !areAccessRulesProtected, !areAuditRulesProtected);
- }
- else
- {
- bool? areAuditRulesProtected = null;
-
- var areAccessRulesProtected = ((DirectoryInfo)item).GetAccessControl(AccessControlSections.Access).AreAccessRulesProtected;
-
- try
- {
- areAuditRulesProtected = ((DirectoryInfo)item).GetAccessControl(AccessControlSections.Audit).AreAuditRulesProtected;
- }
- catch (System.IO.IOException)
- {
- //log that the security privilege is missing
- }
-
- return new FileSystemInheritanceInfo(item, !areAccessRulesProtected, !areAuditRulesProtected);
- }
- }
-
- public static FileSystemInheritanceInfo GetFileSystemInheritanceInfo(FileSystemSecurity2 sd)
- {
- return new FileSystemInheritanceInfo(sd.Item, !sd.SecurityDescriptor.AreAccessRulesProtected, !sd.SecurityDescriptor.AreAuditRulesProtected);
- }
- #endregion GetFileSystemInheritanceInfo
-
- #region Enable / DisableInheritance internal
- private static void EnableInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules, InheritanceScope scope)
- {
- if (sd.IsFile)
- {
- if (scope == InheritanceScope.Access)
- {
- sd.SecurityDescriptor.SetAccessRuleProtection(false, false);
-
- //if RemoveExplicitAccessRules is set
- if (removeExplicitAccessRules)
- {
- //remove all explicitly set ACEs from the item
- foreach (FileSystemAccessRule ace in ((FileSecurity)sd.SecurityDescriptor).GetAccessRules(true, false, typeof(SecurityIdentifier)))
- {
- ((FileSecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
- }
- }
- }
- else
- {
- sd.SecurityDescriptor.SetAuditRuleProtection(false, false);
-
- //if RemoveExplicitAccessRules is set
- if (removeExplicitAccessRules)
- {
- //remove all explicitly set ACEs from the item
- foreach (FileSystemAuditRule ace in ((FileSecurity)sd.SecurityDescriptor).GetAuditRules(true, false, typeof(SecurityIdentifier)))
- {
- ((FileSecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
- }
- }
- }
- }
- else
- {
- if (scope == InheritanceScope.Access)
- {
- ((DirectorySecurity)sd.SecurityDescriptor).SetAccessRuleProtection(false, false);
-
- //if RemoveExplicitAccessRules is set
- if (removeExplicitAccessRules)
- {
- //remove all explicitly set ACEs from the item
- foreach (FileSystemAccessRule ace in ((DirectorySecurity)sd.SecurityDescriptor).GetAccessRules(true, false, typeof(SecurityIdentifier)))
- {
- ((DirectorySecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
- }
- }
- }
- else
- {
- ((DirectorySecurity)sd.SecurityDescriptor).SetAuditRuleProtection(false, false);
-
- //if RemoveExplicitAccessRules is set
- if (removeExplicitAccessRules)
- {
- //remove all explicitly set ACEs from the item
- foreach (FileSystemAuditRule ace in ((DirectorySecurity)sd.SecurityDescriptor).GetAuditRules(true, false, typeof(SecurityIdentifier)))
- {
- ((DirectorySecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
- }
- }
- }
- }
- }
-
- private static void DisableInheritance(FileSystemSecurity2 sd, bool removeInheritedAccessRules, InheritanceScope scope)
- {
- if (sd.IsFile)
- {
- if (scope == InheritanceScope.Access)
- ((FileSecurity)sd.SecurityDescriptor).SetAccessRuleProtection(true, !removeInheritedAccessRules);
- else
- ((FileSecurity)sd.SecurityDescriptor).SetAuditRuleProtection(true, !removeInheritedAccessRules);
- }
- else
- {
- if (scope == InheritanceScope.Access)
- ((DirectorySecurity)sd.SecurityDescriptor).SetAccessRuleProtection(true, !removeInheritedAccessRules);
- else
- ((DirectorySecurity)sd.SecurityDescriptor).SetAuditRuleProtection(true, !removeInheritedAccessRules);
- }
- }
- #endregion Enable / DisableInheritance internal
-
- #region Public Methods using SecurityDescriptor
- public static void EnableAccessInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)
- {
- EnableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Access);
- }
-
- public static void EnableAuditInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)
- {
- EnableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Audit);
- }
-
- public static void DisableAccessInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)
- {
- DisableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Access);
- }
-
- public static void DisableAuditInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)
- {
- DisableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Audit);
- }
- #endregion Public Methods using SecurityDescriptor
-
- #region Public Methods using FileSystemInfo
- public static void EnableAccessInheritance(FileSystemInfo item, bool removeExplicitAccessRules)
- {
- var sd = new FileSystemSecurity2(item, AccessControlSections.Access);
- EnableAccessInheritance(sd, removeExplicitAccessRules);
- sd.Write();
- }
-
- public static void DisableAccessInheritance(FileSystemInfo item, bool removeInheritedAccessRules)
- {
- var sd = new FileSystemSecurity2(item, AccessControlSections.Access);
- DisableAccessInheritance(sd, removeInheritedAccessRules);
- sd.Write();
- }
-
- public static void EnableAuditInheritance(FileSystemInfo item, bool removeExplicitAccessRules)
- {
- var sd = new FileSystemSecurity2(item, AccessControlSections.Audit);
- EnableAuditInheritance(sd, removeExplicitAccessRules);
- sd.Write();
- }
-
- public static void DisableAuditInheritance(FileSystemInfo item, bool removeInheritedAccessRules)
- {
- var sd = new FileSystemSecurity2(item, AccessControlSections.Audit);
- DisableAuditInheritance(sd, removeInheritedAccessRules);
- sd.Write();
- }
- #endregion Public Methods using FileSystemInfo
-
- #region Public Methods using Path
- public static void EnableAccessInheritance(string path, bool removeExplicitAccessRules)
- {
- if (File.Exists(path))
- {
- EnableAccessInheritance(new FileInfo(path), removeExplicitAccessRules);
- }
- else if (Directory.Exists(path))
- {
- EnableAccessInheritance(new DirectoryInfo(path), removeExplicitAccessRules);
- }
- }
-
- public static void DisableAccessInheritance(string path, bool removeInheritedAccessRules)
- {
- if (File.Exists(path))
- {
- DisableAccessInheritance(new FileInfo(path), removeInheritedAccessRules);
- }
- else if (Directory.Exists(path))
- {
- DisableAccessInheritance(new DirectoryInfo(path), removeInheritedAccessRules);
- }
- }
-
- public static void EnableAuditInheritance(string path, bool removeExplicitAccessRules)
- {
- if (File.Exists(path))
- {
- EnableAuditInheritance(new FileInfo(path), removeExplicitAccessRules);
- }
- else if (Directory.Exists(path))
- {
- EnableAuditInheritance(new DirectoryInfo(path), removeExplicitAccessRules);
- }
- }
-
- public static void DisableAuditInheritance(string path, bool removeInheritedAccessRules)
- {
- if (File.Exists(path))
- {
- DisableAuditInheritance(new FileInfo(path), removeInheritedAccessRules);
- }
- else if (Directory.Exists(path))
- {
- DisableAuditInheritance(new DirectoryInfo(path), removeInheritedAccessRules);
- }
- }
- #endregion Public Methods using Path
- }
- }
|