Powershell-Modules
/
NTFSSecurity-Module
mirror of https://github.com/raandree/NTFSSecurity
1
0
Fork 0
Code Issues 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 Commits
3 Branches
30 MiB
 
 
Tree: 4bcaaa9427
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4bcaaa9427'
${ noResults }
NTFSSecurity-Module/NTFSSecurity/AuditCmdlets/AddAudit.cs

183 lines
6.8 KiB
Raw Blame History 

  1. using Alphaleonis.Win32.Filesystem;

  2. using Security2;

  3. using System;

  4. using System.Linq;

  5. using System.Management.Automation;

  6. using System.Security.AccessControl;

  7. 

  8. namespace NTFSSecurity

  9. {

  10.     [Cmdlet(VerbsCommon.Add, "NTFSAudit", DefaultParameterSetName = "PathComplex")]

  11.     [OutputType(typeof(FileSystemAccessRule2))]

  12.     public class AddAudit : BaseCmdletWithPrivControl

  13.     {

  14.         private IdentityReference2[] account;

  15.         private FileSystemRights2 accessRights;

  16.         private AuditFlags auditFlags = AuditFlags.Failure | AuditFlags.Success;

  17.         private InheritanceFlags inheritanceFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;

  18.         private PropagationFlags propagationFlags = PropagationFlags.None;

  19.         private ApplyTo appliesTo = ApplyTo.ThisFolderSubfoldersAndFiles;

  20.         private bool passThru;

  21. 

  22.         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "PathSimple")]

  23.         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]

  24.         [ValidateNotNullOrEmpty]

  25.         [Alias("FullName")]

  26.         public string[] Path

  27.         {

  28.             get { return paths.ToArray(); }

  29.             set

  30.             {

  31.                 paths.Clear();

  32.                 paths.AddRange(value);

  33.             }

  34.         }

  35. 

  36.         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SDSimple")]

  37.         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]

  38.         [ValidateNotNullOrEmpty]

  39.         public FileSystemSecurity2[] SecurityDescriptor

  40.         {

  41.             get { return securityDescriptors.ToArray(); }

  42.             set

  43.             {

  44.                 securityDescriptors.Clear();

  45.                 securityDescriptors.AddRange(value);

  46.             }

  47.         }

  48. 

  49.         [Parameter(Mandatory = true, Position = 2, ValueFromPipelineByPropertyName = true)]

  50.         [Alias("IdentityReference, ID")]

  51.         public IdentityReference2[] Account

  52.         {

  53.             get { return account; }

  54.             set { account = value; }

  55.         }

  56. 

  57.         [Parameter(Mandatory = true, Position = 2, ValueFromPipelineByPropertyName = true)]

  58.         [Alias("FileSystemRights")]

  59.         public FileSystemRights2 AccessRights

  60.         {

  61.             get { return accessRights; }

  62.             set { accessRights = value; }

  63.         }

  64. 

  65.         [Parameter(ValueFromPipelineByPropertyName = true)]

  66.         public AuditFlags AuditFlags

  67.         {

  68.             get { return auditFlags; }

  69.             set { auditFlags = value; }

  70.         }

  71. 

  72.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]

  73.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]

  74.         public InheritanceFlags InheritanceFlags

  75.         {

  76.             get { return inheritanceFlags; }

  77.             set { inheritanceFlags = value; }

  78.         }

  79. 

  80.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]

  81.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]

  82.         public PropagationFlags PropagationFlags

  83.         {

  84.             get { return propagationFlags; }

  85.             set { propagationFlags = value; }

  86.         }

  87. 

  88.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathSimple")]

  89.         [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDSimple")]

  90.         public ApplyTo AppliesTo

  91.         {

  92.             get { return appliesTo; }

  93.             set { appliesTo = value; }

  94.         }

  95. 

  96.         [Parameter]

  97.         public SwitchParameter PassThru

  98.         {

  99.             get { return passThru; }

  100.             set { passThru = value; }

  101.         }

  102. 

  103.         protected override void BeginProcessing()

  104.         {

  105.             base.BeginProcessing();

  106.         }

  107. 

  108.         protected override void ProcessRecord()

  109.         {

  110.             if (ParameterSetName.EndsWith("Simple"))

  111.             {

  112.                 FileSystemSecurity2.ConvertToFileSystemFlags(appliesTo, out inheritanceFlags, out propagationFlags);

  113.             }

  114. 

  115.             if (ParameterSetName.StartsWith("Path"))

  116.             {

  117.                 FileSystemInfo item = null;

  118. 

  119.                 foreach (var path in paths)

  120.                 {

  121.                     try

  122.                     {

  123.                         item = GetFileSystemInfo2(path);

  124.                     }

  125.                     catch (Exception ex)

  126.                     {

  127.                         WriteError(new ErrorRecord(ex, "ReadFileError", ErrorCategory.OpenError, path));

  128.                         continue;

  129.                     }

  130. 

  131.                     try

  132.                     {

  133.                         FileSystemAuditRule2.AddFileSystemAuditRule(item, account.ToList(), accessRights, auditFlags, inheritanceFlags, propagationFlags);

  134.                     }

  135.                     catch (UnauthorizedAccessException)

  136.                     {

  137.                         try

  138.                         {

  139.                             var ownerInfo = FileSystemOwner.GetOwner(item);

  140.                             var previousOwner = ownerInfo.Owner;

  141. 

  142.                             FileSystemOwner.SetOwner(item, System.Security.Principal.WindowsIdentity.GetCurrent().User);

  143. 

  144.                             FileSystemAuditRule2.AddFileSystemAuditRule(item, account.ToList(), accessRights, auditFlags, inheritanceFlags, propagationFlags);

  145. 

  146.                             FileSystemOwner.SetOwner(item, previousOwner);

  147.                         }

  148.                         catch (Exception ex2)

  149.                         {

  150.                             WriteError(new ErrorRecord(ex2, "AddAceError", ErrorCategory.WriteError, path));

  151.                         }

  152.                     }

  153.                     catch (Exception ex)

  154.                     {

  155.                         WriteError(new ErrorRecord(ex, "AddAceError", ErrorCategory.WriteError, path));

  156.                     }

  157. 

  158.                     if (passThru == true)

  159.                     {

  160.                         FileSystemAuditRule2.GetFileSystemAuditRules(item, true, true).ForEach(ace => WriteObject(ace));

  161.                     }

  162.                 }

  163.             }

  164.             else

  165.             {

  166.                 foreach (var sd in securityDescriptors)

  167.                 {

  168.                     FileSystemAuditRule2.AddFileSystemAuditRule(sd, account.ToList(), accessRights, auditFlags, inheritanceFlags, propagationFlags);

  169. 

  170.                     if (passThru == true)

  171.                     {

  172.                         FileSystemAccessRule2.GetFileSystemAccessRules(sd, true, true).ForEach(ace => WriteObject(ace));

  173.                     }

  174.                 }

  175.             }

  176. 

  177.         }

  178.         protected override void EndProcessing()

  179.         {

  180.             base.EndProcessing();

  181.         }

  182.     }

  183. }