You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

289 lines
11 KiB

  1. using Alphaleonis.Win32.Filesystem;
  2. using System.Security.AccessControl;
  3. using System.Security.Principal;
  4. namespace Security2
  5. {
  6. public class FileSystemInheritanceInfo
  7. {
  8. private enum InheritanceScope
  9. {
  10. Access,
  11. Audit
  12. }
  13. private FileSystemInfo item;
  14. private bool? accessInheritanceEnabled;
  15. private bool? auditInheritanceEnabled;
  16. public FileSystemInfo Item
  17. {
  18. get { return item; }
  19. set { item = value; }
  20. }
  21. public bool? AccessInheritanceEnabled
  22. {
  23. get { return accessInheritanceEnabled; }
  24. set { accessInheritanceEnabled = value; }
  25. }
  26. public bool? AuditInheritanceEnabled
  27. {
  28. get { return auditInheritanceEnabled; }
  29. set { auditInheritanceEnabled = value; }
  30. }
  31. public string FullName { get { return Item.FullName; } }
  32. public string Name { get { return Path.GetFileName(item.FullName); } }
  33. private FileSystemInheritanceInfo(FileSystemInfo item, bool? accessInheritanceEnabled, bool? auditInheritanceEnabled)
  34. {
  35. this.item = item;
  36. this.accessInheritanceEnabled = accessInheritanceEnabled;
  37. this.auditInheritanceEnabled = auditInheritanceEnabled;
  38. }
  39. #region GetFileSystemInheritanceInfo
  40. public static FileSystemInheritanceInfo GetFileSystemInheritanceInfo(string path)
  41. {
  42. var item = new FileInfo(path);
  43. return GetFileSystemInheritanceInfo(item);
  44. }
  45. public static FileSystemInheritanceInfo GetFileSystemInheritanceInfo(FileSystemInfo item)
  46. {
  47. if (item is FileInfo)
  48. {
  49. bool? areAuditRulesProtected = null;
  50. var areAccessRulesProtected = ((FileInfo)item).GetAccessControl(AccessControlSections.Access).AreAccessRulesProtected;
  51. try
  52. {
  53. areAuditRulesProtected = ((FileInfo)item).GetAccessControl(AccessControlSections.Audit).AreAuditRulesProtected;
  54. }
  55. catch (System.IO.IOException)
  56. {
  57. //log that the security privilege is missing
  58. }
  59. return new FileSystemInheritanceInfo(item, !areAccessRulesProtected, !areAuditRulesProtected);
  60. }
  61. else
  62. {
  63. bool? areAuditRulesProtected = null;
  64. var areAccessRulesProtected = ((DirectoryInfo)item).GetAccessControl(AccessControlSections.Access).AreAccessRulesProtected;
  65. try
  66. {
  67. areAuditRulesProtected = ((DirectoryInfo)item).GetAccessControl(AccessControlSections.Audit).AreAuditRulesProtected;
  68. }
  69. catch (System.IO.IOException)
  70. {
  71. //log that the security privilege is missing
  72. }
  73. return new FileSystemInheritanceInfo(item, !areAccessRulesProtected, !areAuditRulesProtected);
  74. }
  75. }
  76. public static FileSystemInheritanceInfo GetFileSystemInheritanceInfo(FileSystemSecurity2 sd)
  77. {
  78. return new FileSystemInheritanceInfo(sd.Item, !sd.SecurityDescriptor.AreAccessRulesProtected, !sd.SecurityDescriptor.AreAuditRulesProtected);
  79. }
  80. #endregion GetFileSystemInheritanceInfo
  81. #region Enable / DisableInheritance internal
  82. private static void EnableInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules, InheritanceScope scope)
  83. {
  84. if (sd.IsFile)
  85. {
  86. if (scope == InheritanceScope.Access)
  87. {
  88. sd.SecurityDescriptor.SetAccessRuleProtection(false, false);
  89. //if RemoveExplicitAccessRules is set
  90. if (removeExplicitAccessRules)
  91. {
  92. //remove all explicitly set ACEs from the item
  93. foreach (FileSystemAccessRule ace in ((FileSecurity)sd.SecurityDescriptor).GetAccessRules(true, false, typeof(SecurityIdentifier)))
  94. {
  95. ((FileSecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
  96. }
  97. }
  98. }
  99. else
  100. {
  101. sd.SecurityDescriptor.SetAuditRuleProtection(false, false);
  102. //if RemoveExplicitAccessRules is set
  103. if (removeExplicitAccessRules)
  104. {
  105. //remove all explicitly set ACEs from the item
  106. foreach (FileSystemAuditRule ace in ((FileSecurity)sd.SecurityDescriptor).GetAuditRules(true, false, typeof(SecurityIdentifier)))
  107. {
  108. ((FileSecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
  109. }
  110. }
  111. }
  112. }
  113. else
  114. {
  115. if (scope == InheritanceScope.Access)
  116. {
  117. ((DirectorySecurity)sd.SecurityDescriptor).SetAccessRuleProtection(false, false);
  118. //if RemoveExplicitAccessRules is set
  119. if (removeExplicitAccessRules)
  120. {
  121. //remove all explicitly set ACEs from the item
  122. foreach (FileSystemAccessRule ace in ((DirectorySecurity)sd.SecurityDescriptor).GetAccessRules(true, false, typeof(SecurityIdentifier)))
  123. {
  124. ((DirectorySecurity)sd.SecurityDescriptor).RemoveAccessRule(ace);
  125. }
  126. }
  127. }
  128. else
  129. {
  130. ((DirectorySecurity)sd.SecurityDescriptor).SetAuditRuleProtection(false, false);
  131. //if RemoveExplicitAccessRules is set
  132. if (removeExplicitAccessRules)
  133. {
  134. //remove all explicitly set ACEs from the item
  135. foreach (FileSystemAuditRule ace in ((DirectorySecurity)sd.SecurityDescriptor).GetAuditRules(true, false, typeof(SecurityIdentifier)))
  136. {
  137. ((DirectorySecurity)sd.SecurityDescriptor).RemoveAuditRule(ace);
  138. }
  139. }
  140. }
  141. }
  142. }
  143. private static void DisableInheritance(FileSystemSecurity2 sd, bool removeInheritedAccessRules, InheritanceScope scope)
  144. {
  145. if (sd.IsFile)
  146. {
  147. if (scope == InheritanceScope.Access)
  148. ((FileSecurity)sd.SecurityDescriptor).SetAccessRuleProtection(true, !removeInheritedAccessRules);
  149. else
  150. ((FileSecurity)sd.SecurityDescriptor).SetAuditRuleProtection(true, !removeInheritedAccessRules);
  151. }
  152. else
  153. {
  154. if (scope == InheritanceScope.Access)
  155. ((DirectorySecurity)sd.SecurityDescriptor).SetAccessRuleProtection(true, !removeInheritedAccessRules);
  156. else
  157. ((DirectorySecurity)sd.SecurityDescriptor).SetAuditRuleProtection(true, !removeInheritedAccessRules);
  158. }
  159. }
  160. #endregion Enable / DisableInheritance internal
  161. #region Public Methods using SecurityDescriptor
  162. public static void EnableAccessInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)
  163. {
  164. EnableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Access);
  165. }
  166. public static void EnableAuditInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)
  167. {
  168. EnableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Audit);
  169. }
  170. public static void DisableAccessInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)
  171. {
  172. DisableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Access);
  173. }
  174. public static void DisableAuditInheritance(FileSystemSecurity2 sd, bool removeExplicitAccessRules)
  175. {
  176. DisableInheritance(sd, removeExplicitAccessRules, InheritanceScope.Audit);
  177. }
  178. #endregion Public Methods using SecurityDescriptor
  179. #region Public Methods using FileSystemInfo
  180. public static void EnableAccessInheritance(FileSystemInfo item, bool removeExplicitAccessRules)
  181. {
  182. var sd = new FileSystemSecurity2(item, AccessControlSections.Access);
  183. EnableAccessInheritance(sd, removeExplicitAccessRules);
  184. sd.Write();
  185. }
  186. public static void DisableAccessInheritance(FileSystemInfo item, bool removeInheritedAccessRules)
  187. {
  188. var sd = new FileSystemSecurity2(item, AccessControlSections.Access);
  189. DisableAccessInheritance(sd, removeInheritedAccessRules);
  190. sd.Write();
  191. }
  192. public static void EnableAuditInheritance(FileSystemInfo item, bool removeExplicitAccessRules)
  193. {
  194. var sd = new FileSystemSecurity2(item, AccessControlSections.Audit);
  195. EnableAuditInheritance(sd, removeExplicitAccessRules);
  196. sd.Write();
  197. }
  198. public static void DisableAuditInheritance(FileSystemInfo item, bool removeInheritedAccessRules)
  199. {
  200. var sd = new FileSystemSecurity2(item, AccessControlSections.Audit);
  201. DisableAuditInheritance(sd, removeInheritedAccessRules);
  202. sd.Write();
  203. }
  204. #endregion Public Methods using FileSystemInfo
  205. #region Public Methods using Path
  206. public static void EnableAccessInheritance(string path, bool removeExplicitAccessRules)
  207. {
  208. if (File.Exists(path))
  209. {
  210. EnableAccessInheritance(new FileInfo(path), removeExplicitAccessRules);
  211. }
  212. else if (Directory.Exists(path))
  213. {
  214. EnableAccessInheritance(new DirectoryInfo(path), removeExplicitAccessRules);
  215. }
  216. }
  217. public static void DisableAccessInheritance(string path, bool removeInheritedAccessRules)
  218. {
  219. if (File.Exists(path))
  220. {
  221. DisableAccessInheritance(new FileInfo(path), removeInheritedAccessRules);
  222. }
  223. else if (Directory.Exists(path))
  224. {
  225. DisableAccessInheritance(new DirectoryInfo(path), removeInheritedAccessRules);
  226. }
  227. }
  228. public static void EnableAuditInheritance(string path, bool removeExplicitAccessRules)
  229. {
  230. if (File.Exists(path))
  231. {
  232. EnableAuditInheritance(new FileInfo(path), removeExplicitAccessRules);
  233. }
  234. else if (Directory.Exists(path))
  235. {
  236. EnableAuditInheritance(new DirectoryInfo(path), removeExplicitAccessRules);
  237. }
  238. }
  239. public static void DisableAuditInheritance(string path, bool removeInheritedAccessRules)
  240. {
  241. if (File.Exists(path))
  242. {
  243. DisableAuditInheritance(new FileInfo(path), removeInheritedAccessRules);
  244. }
  245. else if (Directory.Exists(path))
  246. {
  247. DisableAuditInheritance(new DirectoryInfo(path), removeInheritedAccessRules);
  248. }
  249. }
  250. #endregion Public Methods using Path
  251. }
  252. }