Powershell-Modules
/
NTFSSecurity-Module
mirror of https://github.com/raandree/NTFSSecurity
1
0
Fork 0
Code Issues 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16 Commits
3 Branches
17 MiB
 
 
Tree: e79653c0e1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e79653c0e1'
${ noResults }
NTFSSecurity-Module/AlphaFS/Filesystem/File Class/File.SetAccessControl.cs

265 lines
14 KiB
Raw Blame History 

  1. /*  Copyright (C) 2008-2016 Peter Palotas, Jeffrey Jangli, Alexandr Normuradov

  2.  *  

  3.  *  Permission is hereby granted, free of charge, to any person obtaining a copy 

  4.  *  of this software and associated documentation files (the "Software"), to deal 

  5.  *  in the Software without restriction, including without limitation the rights 

  6.  *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 

  7.  *  copies of the Software, and to permit persons to whom the Software is 

  8.  *  furnished to do so, subject to the following conditions:

  9.  *  

  10.  *  The above copyright notice and this permission notice shall be included in 

  11.  *  all copies or substantial portions of the Software.

  12.  *  

  13.  *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 

  14.  *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 

  15.  *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 

  16.  *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 

  17.  *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 

  18.  *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 

  19.  *  THE SOFTWARE. 

  20.  */

  21. 

  22. using System;

  23. using System.Diagnostics.CodeAnalysis;

  24. using System.Runtime.InteropServices;

  25. using System.Security;

  26. using System.Security.AccessControl;

  27. using Alphaleonis.Win32.Security;

  28. using Microsoft.Win32.SafeHandles;

  29. 

  30. namespace Alphaleonis.Win32.Filesystem

  31. {

  32.    partial class File

  33.    {

  34.       /// <summary>Applies access control list (ACL) entries described by a <see cref="FileSecurity"/> FileSecurity object to the specified file.</summary>

  35.       /// <exception cref="ArgumentNullException"/>

  36.       /// <exception cref="ArgumentException"/>

  37.       /// <exception cref="NotSupportedException"/>

  38.       /// <param name="path">A file to add or remove access control list (ACL) entries from.</param>

  39.       /// <param name="fileSecurity">A <see cref="FileSecurity"/> object that describes an ACL entry to apply to the file described by the <paramref name="path"/> parameter.</param>      

  40.       [SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]

  41.       [SecurityCritical]

  42.       public static void SetAccessControl(string path, FileSecurity fileSecurity)

  43.       {

  44.          SetAccessControlCore(path, null, fileSecurity, AccessControlSections.All, PathFormat.RelativePath);

  45.       }

  46. 

  47.       /// <summary>Applies access control list (ACL) entries described by a <see cref="DirectorySecurity"/> object to the specified directory.</summary>

  48.       /// <exception cref="ArgumentNullException"/>

  49.       /// <exception cref="ArgumentException"/>

  50.       /// <exception cref="NotSupportedException"/>

  51.       /// <param name="path">A directory to add or remove access control list (ACL) entries from.</param>

  52.       /// <param name="fileSecurity">A <see cref="FileSecurity "/> object that describes an ACL entry to apply to the directory described by the path parameter.</param>

  53.       /// <param name="includeSections">One or more of the <see cref="AccessControlSections"/> values that specifies the type of access control list (ACL) information to set.</param>      

  54.       [SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]

  55.       [SecurityCritical]

  56.       public static void SetAccessControl(string path, FileSecurity fileSecurity, AccessControlSections includeSections)

  57.       {

  58.          SetAccessControlCore(path, null, fileSecurity, includeSections, PathFormat.RelativePath);

  59.       }

  60. 

  61. 

  62.       /// <summary>[AlphaFS] Applies access control list (ACL) entries described by a <see cref="FileSecurity"/> FileSecurity object to the specified file.</summary>

  63.       /// <exception cref="ArgumentNullException"/>

  64.       /// <exception cref="ArgumentException"/>

  65.       /// <exception cref="NotSupportedException"/>

  66.       /// <param name="path">A file to add or remove access control list (ACL) entries from.</param>

  67.       /// <param name="fileSecurity">A <see cref="FileSecurity"/> object that describes an ACL entry to apply to the file described by the <paramref name="path"/> parameter.</param>

  68.       /// <param name="pathFormat">Indicates the format of the path parameter(s).</param>      

  69.       [SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]

  70.       [SecurityCritical]

  71.       public static void SetAccessControl(string path, FileSecurity fileSecurity, PathFormat pathFormat)

  72.       {

  73.          SetAccessControlCore(path, null, fileSecurity, AccessControlSections.All, pathFormat);

  74.       }

  75. 

  76.       /// <summary>[AlphaFS] Applies access control list (ACL) entries described by a <see cref="DirectorySecurity"/> object to the specified directory.</summary>

  77.       /// <exception cref="ArgumentNullException"/>

  78.       /// <exception cref="ArgumentException"/>

  79.       /// <exception cref="NotSupportedException"/>

  80.       /// <param name="path">A directory to add or remove access control list (ACL) entries from.</param>

  81.       /// <param name="fileSecurity">A <see cref="FileSecurity "/> object that describes an ACL entry to apply to the directory described by the path parameter.</param>

  82.       /// <param name="includeSections">One or more of the <see cref="AccessControlSections"/> values that specifies the type of access control list (ACL) information to set.</param>

  83.       /// <param name="pathFormat">Indicates the format of the path parameter(s).</param>      

  84.       [SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]

  85.       [SecurityCritical]

  86.       public static void SetAccessControl(string path, FileSecurity fileSecurity, AccessControlSections includeSections, PathFormat pathFormat)

  87.       {

  88.          SetAccessControlCore(path, null, fileSecurity, includeSections, pathFormat);

  89.       }

  90. 

  91. 

  92.       /// <summary>Applies access control list (ACL) entries described by a <see cref="FileSecurity"/> FileSecurity object to the specified file.</summary>

  93.       /// <exception cref="ArgumentNullException"/>

  94.       /// <exception cref="ArgumentException"/>

  95.       /// <exception cref="NotSupportedException"/>

  96.       /// <param name="handle">A <see cref="SafeFileHandle"/> to a file to add or remove access control list (ACL) entries from.</param>

  97.       /// <param name="fileSecurity">A <see cref="FileSecurity"/> object that describes an ACL entry to apply to the file described by the <paramref name="handle"/> parameter.</param>      

  98.       [SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]

  99.       [SecurityCritical]

  100.       public static void SetAccessControl(SafeFileHandle handle, FileSecurity fileSecurity)

  101.       {

  102.          SetAccessControlCore(null, handle, fileSecurity, AccessControlSections.All, PathFormat.LongFullPath);

  103.       }

  104. 

  105.       /// <summary>Applies access control list (ACL) entries described by a <see cref="FileSecurity"/> FileSecurity object to the specified file.</summary>

  106.       /// <exception cref="ArgumentNullException"/>

  107.       /// <exception cref="ArgumentException"/>

  108.       /// <exception cref="NotSupportedException"/>

  109.       /// <param name="handle">A <see cref="SafeFileHandle"/> to a file to add or remove access control list (ACL) entries from.</param>

  110.       /// <param name="fileSecurity">A <see cref="FileSecurity"/> object that describes an ACL entry to apply to the file described by the <paramref name="handle"/> parameter.</param>      

  111.       /// <param name="includeSections">One or more of the <see cref="AccessControlSections"/> values that specifies the type of access control list (ACL) information to set.</param>

  112.       [SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters")]

  113.       [SecurityCritical]

  114.       public static void SetAccessControl(SafeFileHandle handle, FileSecurity fileSecurity, AccessControlSections includeSections)

  115.       {

  116.          SetAccessControlCore(null, handle, fileSecurity, includeSections, PathFormat.LongFullPath);

  117.       }

  118. 

  119. 

  120. 

  121. 

  122.       /// <summary>[AlphaFS] Applies access control list (ACL) entries described by a <see cref="FileSecurity"/>/<see cref="DirectorySecurity"/> object to the specified file or directory.</summary>

  123.       /// <remarks>Use either <paramref name="path"/> or <paramref name="handle"/>, not both.</remarks>

  124.       /// <exception cref="ArgumentNullException"/>

  125.       /// <exception cref="ArgumentException"/>

  126.       /// <exception cref="NotSupportedException"/>

  127.       /// <param name="path">A file/directory to add or remove access control list (ACL) entries from. This parameter This parameter may be <see langword="null"/>.</param>

  128.       /// <param name="handle">A <see cref="SafeFileHandle"/> to add or remove access control list (ACL) entries from. This parameter This parameter may be <see langword="null"/>.</param>

  129.       /// <param name="objectSecurity">A <see cref="FileSecurity"/>/<see cref="DirectorySecurity"/> object that describes an ACL entry to apply to the file/directory described by the <paramref name="path"/>/<paramref name="handle"/> parameter.</param>

  130.       /// <param name="includeSections">One or more of the <see cref="AccessControlSections"/> values that specifies the type of access control list (ACL) information to set.</param>

  131.       /// <param name="pathFormat">Indicates the format of the path parameter(s).</param>

  132.       [SuppressMessage("Microsoft.Maintainability", "CA1502:AvoidExcessiveComplexity")]

  133.       [SecurityCritical]

  134.       internal static void SetAccessControlCore(string path, SafeFileHandle handle, ObjectSecurity objectSecurity, AccessControlSections includeSections, PathFormat pathFormat)

  135.       {

  136.          if (pathFormat == PathFormat.RelativePath)

  137.             Path.CheckSupportedPathFormat(path, true, true);

  138. 

  139.          if (objectSecurity == null)

  140.             throw new ArgumentNullException("objectSecurity");

  141. 

  142. 

  143.          byte[] managedDescriptor = objectSecurity.GetSecurityDescriptorBinaryForm();

  144. 

  145.          using (var safeBuffer = new SafeGlobalMemoryBufferHandle(managedDescriptor.Length))

  146.          {

  147.             string pathLp = Path.GetExtendedLengthPathCore(null, path, pathFormat, GetFullPathOptions.RemoveTrailingDirectorySeparator | GetFullPathOptions.CheckInvalidPathChars);

  148. 

  149.             safeBuffer.CopyFrom(managedDescriptor, 0, managedDescriptor.Length);

  150. 

  151.             SecurityDescriptorControl control;

  152.             uint revision;

  153. 

  154.             if (!Security.NativeMethods.GetSecurityDescriptorControl(safeBuffer, out control, out revision))

  155.                NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);

  156. 

  157. 

  158.             PrivilegeEnabler privilegeEnabler = null;

  159. 

  160.             try

  161.             {

  162.                var securityInfo = SecurityInformation.None;

  163.                IntPtr pDacl = IntPtr.Zero;

  164. 

  165.                if ((includeSections & AccessControlSections.Access) != 0)

  166.                {

  167.                   bool daclDefaulted, daclPresent;

  168. 

  169.                   if (!Security.NativeMethods.GetSecurityDescriptorDacl(safeBuffer, out daclPresent, out pDacl, out daclDefaulted))

  170.                      NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);

  171. 

  172.                   if (daclPresent)

  173.                   {

  174.                      securityInfo |= SecurityInformation.Dacl;

  175.                      securityInfo |= (control & SecurityDescriptorControl.DaclProtected) != 0

  176.                         ? SecurityInformation.ProtectedDacl

  177.                         : SecurityInformation.UnprotectedDacl;

  178.                   }

  179.                }

  180. 

  181. 

  182.                IntPtr pSacl = IntPtr.Zero;

  183. 

  184.                if ((includeSections & AccessControlSections.Audit) != 0)

  185.                {

  186.                   bool saclDefaulted, saclPresent;

  187. 

  188.                   if (!Security.NativeMethods.GetSecurityDescriptorSacl(safeBuffer, out saclPresent, out pSacl, out saclDefaulted))

  189.                      NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);

  190. 

  191.                   if (saclPresent)

  192.                   {

  193.                      securityInfo |= SecurityInformation.Sacl;

  194.                      securityInfo |= (control & SecurityDescriptorControl.SaclProtected) != 0

  195.                         ? SecurityInformation.ProtectedSacl

  196.                         : SecurityInformation.UnprotectedSacl;

  197. 

  198.                      privilegeEnabler = new PrivilegeEnabler(Privilege.Security);

  199.                   }

  200.                }

  201. 

  202. 

  203.                IntPtr pOwner = IntPtr.Zero;

  204. 

  205.                if ((includeSections & AccessControlSections.Owner) != 0)

  206.                {

  207.                   bool ownerDefaulted;

  208. 

  209.                   if (!Security.NativeMethods.GetSecurityDescriptorOwner(safeBuffer, out pOwner, out ownerDefaulted))

  210.                      NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);

  211. 

  212.                   if (pOwner != IntPtr.Zero)

  213.                      securityInfo |= SecurityInformation.Owner;

  214.                }

  215. 

  216. 

  217.                IntPtr pGroup = IntPtr.Zero;

  218. 

  219.                if ((includeSections & AccessControlSections.Group) != 0)

  220.                {

  221.                   bool groupDefaulted;

  222. 

  223.                   if (!Security.NativeMethods.GetSecurityDescriptorGroup(safeBuffer, out pGroup, out groupDefaulted))

  224.                      NativeError.ThrowException(Marshal.GetLastWin32Error(), pathLp);

  225. 

  226.                   if (pGroup != IntPtr.Zero)

  227.                      securityInfo |= SecurityInformation.Group;

  228.                }

  229. 

  230. 

  231.                uint lastError;

  232. 

  233.                if (!Utils.IsNullOrWhiteSpace(pathLp))

  234.                {

  235.                   // SetNamedSecurityInfo()

  236.                   // In the ANSI version of this function, the name is limited to MAX_PATH characters.

  237.                   // To extend this limit to 32,767 wide characters, call the Unicode version of the function and prepend "\\?\" to the path.

  238.                   // 2013-01-13: MSDN does not confirm LongPath usage but a Unicode version of this function exists.

  239. 

  240.                   lastError = Security.NativeMethods.SetNamedSecurityInfo(pathLp, ObjectType.FileObject, securityInfo, pOwner, pGroup, pDacl, pSacl);

  241. 

  242.                   if (lastError != Win32Errors.ERROR_SUCCESS)

  243.                      NativeError.ThrowException(lastError, pathLp);

  244.                }

  245.                else

  246.                {

  247.                   if (NativeMethods.IsValidHandle(handle))

  248.                   {

  249.                      lastError = Security.NativeMethods.SetSecurityInfo(handle, ObjectType.FileObject, securityInfo, pOwner, pGroup, pDacl, pSacl);

  250. 

  251.                      if (lastError != Win32Errors.ERROR_SUCCESS)

  252.                         NativeError.ThrowException((int) lastError);

  253.                   }

  254.                }

  255.             }

  256.             finally

  257.             {

  258.                if (privilegeEnabler != null)

  259.                   privilegeEnabler.Dispose();

  260.             }

  261.          }

  262.       }

  263.    }

  264. }