Powershell-Modules
/
NTFSSecurity-Module
mirror of https://github.com/raandree/NTFSSecurity
1
0
Fork 0
Code Issues 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
3 Branches
8.3 MiB
 
 
Tree: 34a13efb74
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '34a13efb74'
${ noResults }
NTFSSecurity-Module/NTFSSecurity/AccessCmdlets/RemoveAccess.cs

189 lines
7.1 KiB
Raw Blame History 

  1. using Alphaleonis.Win32.Filesystem;

  2. using Security2;

  3. using System;

  4. using System.Linq;

  5. using System.Management.Automation;

  6. using System.Security.AccessControl;

  7. 

  8. namespace NTFSSecurity

  9. {

  10.     [Cmdlet(VerbsCommon.Remove, "NTFSAccess", DefaultParameterSetName = "PathComplex")]

  11.     [OutputType(typeof(FileSystemAccessRule2))]

  12.     public class RemoveAccess : BaseCmdletWithPrivControl

  13.     {

  14.         private IdentityReference2[] account;

  15.         private FileSystemRights2 accessRights;

  16.         private AccessControlType accessType = AccessControlType.Allow;

  17.         private InheritanceFlags inheritanceFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;

  18.         private PropagationFlags propagationFlags = PropagationFlags.None;

  19.         private ApplyTo appliesTo;

  20.         private bool removeSpecific;

  21.         private bool passThru;

  22. 

  23.         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "PathSimple")]

  24.         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]

  25.         [ValidateNotNullOrEmpty]

  26.         [Alias("FullName")]

  27.         public string[] Path

  28.         {

  29.             get { return paths.ToArray(); }

  30.             set

  31.             {

  32.                 paths.Clear();

  33.                 paths.AddRange(value);

  34.             }

  35.         }

  36. 

  37.         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SDSimple")]

  38.         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]

  39.         [ValidateNotNullOrEmpty]

  40.         public FileSystemSecurity2[] SecurityDescriptor

  41.         {

  42.             get { return securityDescriptors.ToArray(); }

  43.             set

  44.             {

  45.                 securityDescriptors.Clear();

  46.                 securityDescriptors.AddRange(value);

  47.             }

  48.         }

  49. 

  50.         [Parameter(Mandatory = true, Position = 2, ValueFromPipelineByPropertyName = true)]

  51.         [Alias("IdentityReference, ID")]

  52.         public IdentityReference2[] Account

  53.         {

  54.             get { return account; }

  55.             set { account = value; }

  56.         }

  57. 

  58.         [Parameter(Mandatory = true, Position = 3, ValueFromPipelineByPropertyName = true)]

  59.         [Alias("FileSystemRights")]

  60.         public FileSystemRights2 AccessRights

  61.         {

  62.             get { return accessRights; }

  63.             set { accessRights = value; }

  64.         }

  65. 

  66.         [Parameter(ValueFromPipelineByPropertyName = true)]

  67.         [Alias("AccessControlType")]

  68.         public AccessControlType AccessType

  69.         {

  70.             get { return accessType; }

  71.             set { accessType = value; }

  72.         }

  73. 

  74.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]

  75.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]

  76.         public InheritanceFlags InheritanceFlags

  77.         {

  78.             get { return inheritanceFlags; }

  79.             set { inheritanceFlags = value; }

  80.         }

  81. 

  82.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]

  83.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]

  84.         public PropagationFlags PropagationFlags

  85.         {

  86.             get { return propagationFlags; }

  87.             set { propagationFlags = value; }

  88.         }

  89. 

  90.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathSimple")]

  91.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDSimple")]

  92.         public ApplyTo AppliesTo

  93.         {

  94.             get { return appliesTo; }

  95.             set { appliesTo = value; }

  96.         }

  97. 

  98.         [Parameter]

  99.         public SwitchParameter PassThru

  100.         {

  101.             get { return passThru; }

  102.             set { passThru = value; }

  103.         }

  104. 

  105.         protected override void BeginProcessing()

  106.         {

  107.             base.BeginProcessing();

  108.         }

  109. 

  110.         protected override void ProcessRecord()

  111.         {

  112.             if (ParameterSetName.EndsWith("Simple"))

  113.             {

  114.                 FileSystemSecurity2.ConvertToFileSystemFlags(appliesTo, out inheritanceFlags, out propagationFlags);

  115.             }

  116. 

  117.             if (ParameterSetName.StartsWith("Path"))

  118.             {

  119.                 foreach (var path in paths)

  120.                 {

  121.                     FileSystemInfo item = null;

  122. 

  123.                     try

  124.                     {

  125.                         item = GetFileSystemInfo2(path);

  126.                     }

  127.                     catch (Exception ex)

  128.                     {

  129.                         WriteError(new ErrorRecord(ex, "ReadFileError", ErrorCategory.OpenError, path));

  130.                     }

  131. 

  132.                     if (ParameterSetName == "PathSimple")

  133.                     {

  134.                         FileSystemSecurity2.ConvertToFileSystemFlags(appliesTo, out inheritanceFlags, out propagationFlags);

  135.                     }

  136. 

  137.                     try

  138.                     {

  139.                         FileSystemAccessRule2.RemoveFileSystemAccessRule(item, account.ToList(), accessRights, accessType, inheritanceFlags, propagationFlags);

  140.                     }

  141.                     catch (UnauthorizedAccessException)

  142.                     {

  143.                         try

  144.                         {

  145.                             var ownerInfo = FileSystemOwner.GetOwner(item);

  146.                             var previousOwner = ownerInfo.Owner;

  147. 

  148.                             FileSystemOwner.SetOwner(item, System.Security.Principal.WindowsIdentity.GetCurrent().User);

  149. 

  150.                             FileSystemAccessRule2.RemoveFileSystemAccessRule(item, account.ToList(), accessRights, accessType, inheritanceFlags, propagationFlags);

  151. 

  152.                             FileSystemOwner.SetOwner(item, previousOwner);

  153.                         }

  154.                         catch (Exception ex2)

  155.                         {

  156.                             WriteError(new ErrorRecord(ex2, "RemoveAceError", ErrorCategory.WriteError, path));

  157.                         }

  158.                     }

  159.                     catch (Exception ex)

  160.                     {

  161.                         WriteError(new ErrorRecord(ex, "RemoveAceError", ErrorCategory.WriteError, path));

  162.                     }

  163. 

  164.                     if (passThru == true)

  165.                     {

  166.                         FileSystemAccessRule2.GetFileSystemAccessRules(item, true, true).ForEach(ace => WriteObject(ace));

  167.                     }

  168.                 }

  169.             }

  170.             else

  171.             {

  172.                 foreach (var sd in securityDescriptors)

  173.                 {

  174.                     FileSystemAccessRule2.RemoveFileSystemAccessRule(sd, account.ToList(), accessRights, accessType, inheritanceFlags, propagationFlags);

  175. 

  176.                     if (passThru == true)

  177.                     {

  178.                         FileSystemAccessRule2.GetFileSystemAccessRules(sd, true, true).ForEach(ace => WriteObject(ace));

  179.                     }

  180.                 }

  181.             }

  182.         }

  183. 

  184.         protected override void EndProcessing()

  185.         {

  186.             base.EndProcessing();

  187.         }

  188.     }

  189. }