You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

185 rivejä
6.9 KiB

  1. using Alphaleonis.Win32.Filesystem;
  2. using Security2;
  3. using System;
  4. using System.Linq;
  5. using System.Management.Automation;
  6. using System.Security.AccessControl;
  7. namespace NTFSSecurity
  8. {
  9. [Cmdlet(VerbsCommon.Add, "NTFSAccess", DefaultParameterSetName = "PathComplex")]
  10. [OutputType(typeof(FileSystemAccessRule2))]
  11. public class AddAccess : BaseCmdletWithPrivControl
  12. {
  13. private IdentityReference2[] account;
  14. private FileSystemRights2 accessRights;
  15. private AccessControlType accessType = AccessControlType.Allow;
  16. private InheritanceFlags inheritanceFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
  17. private PropagationFlags propagationFlags = PropagationFlags.None;
  18. private ApplyTo appliesTo = ApplyTo.ThisFolderSubfoldersAndFiles;
  19. private bool passThru;
  20. [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "PathSimple")]
  21. [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]
  22. [ValidateNotNullOrEmpty]
  23. [Alias("FullName")]
  24. public string[] Path
  25. {
  26. get { return paths.ToArray(); }
  27. set
  28. {
  29. paths.Clear();
  30. paths.AddRange(value);
  31. }
  32. }
  33. [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SDSimple")]
  34. [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]
  35. [ValidateNotNullOrEmpty]
  36. public FileSystemSecurity2[] SecurityDescriptor
  37. {
  38. get { return securityDescriptors.ToArray(); }
  39. set
  40. {
  41. securityDescriptors.Clear();
  42. securityDescriptors.AddRange(value);
  43. }
  44. }
  45. [Parameter(Mandatory = true, Position = 2, ValueFromPipelineByPropertyName = true)]
  46. [Alias("IdentityReference, ID")]
  47. public IdentityReference2[] Account
  48. {
  49. get { return account; }
  50. set { account = value; }
  51. }
  52. [Parameter(Mandatory = true, Position = 3, ValueFromPipelineByPropertyName = true)]
  53. [Alias("FileSystemRights")]
  54. public FileSystemRights2 AccessRights
  55. {
  56. get { return accessRights; }
  57. set { accessRights = value; }
  58. }
  59. [Parameter(ValueFromPipelineByPropertyName = true)]
  60. [Alias("AccessControlType")]
  61. public AccessControlType AccessType
  62. {
  63. get { return accessType; }
  64. set { accessType = value; }
  65. }
  66. [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]
  67. [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]
  68. public InheritanceFlags InheritanceFlags
  69. {
  70. get { return inheritanceFlags; }
  71. set { inheritanceFlags = value; }
  72. }
  73. [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]
  74. [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]
  75. public PropagationFlags PropagationFlags
  76. {
  77. get { return propagationFlags; }
  78. set { propagationFlags = value; }
  79. }
  80. [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathSimple")]
  81. [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDSimple")]
  82. public ApplyTo AppliesTo
  83. {
  84. get { return appliesTo; }
  85. set { appliesTo = value; }
  86. }
  87. [Parameter]
  88. public SwitchParameter PassThru
  89. {
  90. get { return passThru; }
  91. set { passThru = value; }
  92. }
  93. protected override void BeginProcessing()
  94. {
  95. base.BeginProcessing();
  96. }
  97. protected override void ProcessRecord()
  98. {
  99. if (ParameterSetName.EndsWith("Simple"))
  100. {
  101. FileSystemSecurity2.ConvertToFileSystemFlags(appliesTo, out inheritanceFlags, out propagationFlags);
  102. }
  103. if (ParameterSetName.StartsWith("Path"))
  104. {
  105. FileSystemInfo item = null;
  106. foreach (var path in paths)
  107. {
  108. try
  109. {
  110. item = GetFileSystemInfo2(path);
  111. }
  112. catch (Exception ex)
  113. {
  114. WriteError(new ErrorRecord(ex, "ReadFileError", ErrorCategory.OpenError, path));
  115. continue;
  116. }
  117. try
  118. {
  119. FileSystemAccessRule2.AddFileSystemAccessRule(item, account.ToList(), accessRights, accessType, inheritanceFlags, propagationFlags);
  120. }
  121. catch (UnauthorizedAccessException)
  122. {
  123. try
  124. {
  125. var ownerInfo = FileSystemOwner.GetOwner(item);
  126. var previousOwner = ownerInfo.Owner;
  127. FileSystemOwner.SetOwner(item, System.Security.Principal.WindowsIdentity.GetCurrent().User);
  128. FileSystemAccessRule2.AddFileSystemAccessRule(item, account.ToList(), accessRights, accessType, inheritanceFlags, propagationFlags);
  129. FileSystemOwner.SetOwner(item, previousOwner);
  130. }
  131. catch (Exception ex2)
  132. {
  133. WriteError(new ErrorRecord(ex2, "AddAceError", ErrorCategory.WriteError, path));
  134. }
  135. }
  136. catch (Exception ex)
  137. {
  138. WriteError(new ErrorRecord(ex, "AddAceError", ErrorCategory.WriteError, path));
  139. }
  140. if (passThru == true)
  141. {
  142. FileSystemAccessRule2.GetFileSystemAccessRules(item, true, true).ForEach(ace => WriteObject(ace));
  143. }
  144. }
  145. }
  146. else
  147. {
  148. foreach (var sd in securityDescriptors)
  149. {
  150. FileSystemAccessRule2.AddFileSystemAccessRule(sd, account.ToList(), accessRights, accessType, inheritanceFlags, propagationFlags);
  151. if (passThru == true)
  152. {
  153. FileSystemAccessRule2.GetFileSystemAccessRules(sd, true, true).ForEach(ace => WriteObject(ace));
  154. }
  155. }
  156. }
  157. }
  158. protected override void EndProcessing()
  159. {
  160. base.EndProcessing();
  161. }
  162. }
  163. }