25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

238 lines
9.9 KiB

  1. using Alphaleonis.Win32.Filesystem;
  2. using Security2;
  3. using System;
  4. using System.Management.Automation;
  5. namespace NTFSSecurity
  6. {
  7. [Cmdlet(VerbsCommon.Set, "NTFSInheritance", DefaultParameterSetName = "Path")]
  8. public class SetInheritance : BaseCmdletWithPrivControl
  9. {
  10. private bool? accessInheritanceEnabled;
  11. private bool? auditInheritanceEnabled;
  12. private bool passThru;
  13. [Parameter(Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "Path")]
  14. [ValidateNotNullOrEmpty]
  15. [Alias("FullName")]
  16. public string[] Path
  17. {
  18. get { return paths.ToArray(); }
  19. set
  20. {
  21. paths.Clear();
  22. paths.AddRange(value);
  23. }
  24. }
  25. [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SecurityDescriptor")]
  26. [ValidateNotNullOrEmpty]
  27. public FileSystemSecurity2[] SecurityDescriptor
  28. {
  29. get { return securityDescriptors.ToArray(); }
  30. set
  31. {
  32. securityDescriptors.Clear();
  33. securityDescriptors.AddRange(value);
  34. }
  35. }
  36. [Parameter(ValueFromPipelineByPropertyName = true)]
  37. public bool? AccessInheritanceEnabled
  38. {
  39. get { return accessInheritanceEnabled; }
  40. set { accessInheritanceEnabled = value; }
  41. }
  42. [Parameter(ValueFromPipelineByPropertyName = true)]
  43. public bool? AuditInheritanceEnabled
  44. {
  45. get { return auditInheritanceEnabled; }
  46. set { auditInheritanceEnabled = value; }
  47. }
  48. [Parameter]
  49. public SwitchParameter PassThru
  50. {
  51. get { return passThru; }
  52. set { passThru = value; }
  53. }
  54. protected override void BeginProcessing()
  55. {
  56. base.BeginProcessing();
  57. EnableFileSystemPrivileges(true);
  58. }
  59. protected override void ProcessRecord()
  60. {
  61. if (ParameterSetName == "Path")
  62. {
  63. foreach (var path in paths)
  64. {
  65. FileSystemInfo item = null;
  66. try
  67. {
  68. item = GetFileSystemInfo2(path);
  69. }
  70. catch (Exception ex)
  71. {
  72. WriteError(new ErrorRecord(ex, "ReadFileError", ErrorCategory.OpenError, path));
  73. continue;
  74. }
  75. try
  76. {
  77. var currentState = FileSystemInheritanceInfo.GetFileSystemInheritanceInfo(item);
  78. if (currentState.AccessInheritanceEnabled != accessInheritanceEnabled)
  79. {
  80. WriteVerbose("AccessInheritanceEnabled not equal");
  81. if (accessInheritanceEnabled.Value)
  82. {
  83. WriteVerbose("Calling EnableAccessInheritance");
  84. FileSystemInheritanceInfo.EnableAccessInheritance(item, false);
  85. }
  86. else
  87. {
  88. WriteVerbose("Calling DisableAccessInheritance");
  89. FileSystemInheritanceInfo.DisableAccessInheritance(item, true);
  90. }
  91. }
  92. else
  93. WriteVerbose("AccessInheritanceEnabled is equal - no change was done");
  94. if (currentState.AuditInheritanceEnabled != auditInheritanceEnabled)
  95. {
  96. WriteVerbose("AuditInheritanceEnabled not equal");
  97. if (auditInheritanceEnabled.Value)
  98. {
  99. WriteVerbose("Calling EnableAuditInheritance");
  100. FileSystemInheritanceInfo.EnableAuditInheritance(item, true);
  101. }
  102. else
  103. {
  104. WriteVerbose("Calling DisableAuditInheritance");
  105. FileSystemInheritanceInfo.DisableAuditInheritance(item, false);
  106. }
  107. }
  108. else
  109. WriteVerbose("AuditInheritanceEnabled is equal - no change was done");
  110. }
  111. catch (UnauthorizedAccessException)
  112. {
  113. try
  114. {
  115. var ownerInfo = FileSystemOwner.GetOwner(item);
  116. var previousOwner = ownerInfo.Owner;
  117. FileSystemOwner.SetOwner(item, System.Security.Principal.WindowsIdentity.GetCurrent().User);
  118. var currentState = FileSystemInheritanceInfo.GetFileSystemInheritanceInfo(item);
  119. if (currentState.AccessInheritanceEnabled != accessInheritanceEnabled)
  120. {
  121. WriteVerbose("AccessInheritanceEnabled not equal");
  122. if (accessInheritanceEnabled.Value)
  123. {
  124. WriteVerbose("Calling EnableAccessInheritance");
  125. FileSystemInheritanceInfo.EnableAccessInheritance(item, false);
  126. }
  127. else
  128. {
  129. WriteVerbose("Calling DisableAccessInheritance");
  130. FileSystemInheritanceInfo.DisableAccessInheritance(item, true);
  131. }
  132. }
  133. else
  134. WriteVerbose("AccessInheritanceEnabled is equal - no change was done");
  135. if (currentState.AuditInheritanceEnabled != auditInheritanceEnabled)
  136. {
  137. WriteVerbose("AuditInheritanceEnabled not equal");
  138. if (auditInheritanceEnabled.Value)
  139. {
  140. WriteVerbose("Calling EnableAuditInheritance");
  141. FileSystemInheritanceInfo.EnableAuditInheritance(item, true);
  142. }
  143. else
  144. {
  145. WriteVerbose("Calling DisableAuditInheritance");
  146. FileSystemInheritanceInfo.DisableAuditInheritance(item, false);
  147. }
  148. }
  149. else
  150. WriteVerbose("AuditInheritanceEnabled is equal - no change was done");
  151. FileSystemOwner.SetOwner(item, previousOwner);
  152. }
  153. catch (Exception ex2)
  154. {
  155. WriteError(new ErrorRecord(ex2, "ModifySdError", ErrorCategory.WriteError, path));
  156. continue;
  157. }
  158. }
  159. catch (Exception ex)
  160. {
  161. WriteError(new ErrorRecord(ex, "ModifySdError", ErrorCategory.WriteError, path));
  162. continue;
  163. }
  164. finally
  165. {
  166. if (passThru)
  167. {
  168. WriteObject(FileSystemInheritanceInfo.GetFileSystemInheritanceInfo(item));
  169. }
  170. }
  171. }
  172. }
  173. else
  174. {
  175. foreach (var sd in securityDescriptors)
  176. {
  177. var currentState = FileSystemInheritanceInfo.GetFileSystemInheritanceInfo(sd);
  178. if (currentState.AccessInheritanceEnabled != accessInheritanceEnabled)
  179. {
  180. WriteVerbose("AccessInheritanceEnabled not equal");
  181. if (accessInheritanceEnabled.Value)
  182. {
  183. WriteVerbose("Calling EnableAccessInheritance");
  184. FileSystemInheritanceInfo.EnableAccessInheritance(sd, false);
  185. }
  186. else
  187. {
  188. WriteVerbose("Calling DisableAccessInheritance");
  189. FileSystemInheritanceInfo.DisableAccessInheritance(sd, true);
  190. }
  191. }
  192. else
  193. WriteVerbose("AccessInheritanceEnabled is equal - no change was done");
  194. if (currentState.AuditInheritanceEnabled != auditInheritanceEnabled)
  195. {
  196. WriteVerbose("AuditInheritanceEnabled not equal");
  197. if (auditInheritanceEnabled.Value)
  198. {
  199. WriteVerbose("Calling EnableAuditInheritance");
  200. FileSystemInheritanceInfo.EnableAuditInheritance(sd, true);
  201. }
  202. else
  203. {
  204. WriteVerbose("Calling DisableAuditInheritance");
  205. FileSystemInheritanceInfo.DisableAuditInheritance(sd, false);
  206. }
  207. }
  208. else
  209. WriteVerbose("AuditInheritanceEnabled is equal - no change was done");
  210. if (passThru)
  211. {
  212. WriteObject(FileSystemInheritanceInfo.GetFileSystemInheritanceInfo(sd));
  213. }
  214. }
  215. }
  216. }
  217. }
  218. }