我想编写一个检查共享目录权限的代码,我检查多个解决方案,但在尝试获取本地目录权限时效果很好,但是当我为共享目录创建测试用例时,它会失败。
我在这个问题中尝试了一些例子: SOF: checking-for-directory-and-file-write-permissions-in-net
但它仅适用于本地目录。
例如,我使用了这个类:
public class CurrentUserSecurity
{
WindowsIdentity _currentUser;
WindowsPrincipal _currentPrincipal;
public CurrentUserSecurity()
{
_currentUser = WindowsIdentity.GetCurrent();
_currentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
}
public bool HasAccess(DirectoryInfo directory, FileSystemRights right)
{
// Get the collection of authorization rules that apply to the directory.
AuthorizationRuleCollection acl = directory.GetAccessControl()
.GetAccessRules(true, true, typeof(SecurityIdentifier));
return HasFileOrDirectoryAccess(right, acl);
}
public bool HasAccess(FileInfo file, FileSystemRights right)
{
// Get the collection of authorization rules that apply to the file.
AuthorizationRuleCollection acl = file.GetAccessControl()
.GetAccessRules(true, true, typeof(SecurityIdentifier));
return HasFileOrDirectoryAccess(right, acl);
}
private bool HasFileOrDirectoryAccess(FileSystemRights right,
AuthorizationRuleCollection acl)
{
bool allow = false;
bool inheritedAllow = false;
bool inheritedDeny = false;
for (int i = 0; i < acl.Count; i++)
{
FileSystemAccessRule currentRule = (FileSystemAccessRule)acl[i];
// If the current rule applies to the current user.
if (_currentUser.User.Equals(currentRule.IdentityReference) ||
_currentPrincipal.IsInRole(
(SecurityIdentifier)currentRule.IdentityReference))
{
if (currentRule.AccessControlType.Equals(AccessControlType.Deny))
{
if ((currentRule.FileSystemRights & right) == right)
{
if (currentRule.IsInherited)
{
inheritedDeny = true;
}
else
{ // Non inherited "deny" takes overall precedence.
return false;
}
}
}
else if (currentRule.AccessControlType
.Equals(AccessControlType.Allow))
{
if ((currentRule.FileSystemRights & right) == right)
{
if (currentRule.IsInherited)
{
inheritedAllow = true;
}
else
{
allow = true;
}
}
}
}
}
if (allow)
{ // Non inherited "allow" takes precedence over inherited rules.
return true;
}
return inheritedAllow && !inheritedDeny;
}
}
检查目录或文件上当前模拟的权限。 检查本地目录时所有测试用例都正确传递,但是其中一些测试用例在共享目录中失败,这是我想要解决的问题,那么有什么解决办法吗?
虽然目录没有写入权限,但以下测试用例仍然失败:
[TestMethod]
public void HasAccess_NotHaveAccess_ReturnsFalse()
{
CurrentUserSecurity cus = new CurrentUserSecurity();
bool result = cus.HasAccess(new DirectoryInfo(@"\\sharedpc\readonly"), System.Security.AccessControl.FileSystemRights.Write);
Assert.AreEqual(result, false);
}
答案 0 :(得分:3)
您的代码WOMM。我鼓励你弄清楚标准.NET的原因 类失败(在您的环境中)直接使用Win32 API来发现BCL隐藏的任何潜在问题。
如果您尝试使用此较低级别的方法,则手指交叉会产生错误,以便您了解BCL类的问题或将其用作解决方法。
using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
class MainConsole
{
[DllImport("Netapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
static extern int NetShareGetInfo(
[MarshalAs(UnmanagedType.LPWStr)] string serverName,
[MarshalAs(UnmanagedType.LPWStr)] string netName,
Int32 level,
out IntPtr bufPtr);
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool GetSecurityDescriptorDacl(
IntPtr pSecurityDescriptor,
[MarshalAs(UnmanagedType.Bool)] out bool bDaclPresent,
ref IntPtr pDacl,
[MarshalAs(UnmanagedType.Bool)] out bool bDaclDefaulted
);
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool GetAclInformation(
IntPtr pAcl,
ref ACL_SIZE_INFORMATION pAclInformation,
uint nAclInformationLength,
ACL_INFORMATION_CLASS dwAclInformationClass
);
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
static extern int GetAce(
IntPtr aclPtr,
int aceIndex,
out IntPtr acePtr
);
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
static extern int GetLengthSid(
IntPtr pSID
);
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool ConvertSidToStringSid(
[MarshalAs(UnmanagedType.LPArray)] byte[] pSID,
out IntPtr ptrSid
);
[DllImport("netapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
static extern int NetApiBufferFree(
IntPtr buffer
);
enum SID_NAME_USE
{
SidTypeUser = 1,
SidTypeGroup,
SidTypeDomain,
SidTypeAlias,
SidTypeWellKnownGroup,
SidTypeDeletedAccount,
SidTypeInvalid,
SidTypeUnknown,
SidTypeComputer
}
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
static extern bool LookupAccountSid(
string lpSystemName,
[MarshalAs(UnmanagedType.LPArray)] byte[] Sid,
System.Text.StringBuilder lpName,
ref uint cchName,
System.Text.StringBuilder ReferencedDomainName,
ref uint cchReferencedDomainName,
out SID_NAME_USE peUse);
[StructLayout(LayoutKind.Sequential)]
struct SHARE_INFO_502
{
[MarshalAs(UnmanagedType.LPWStr)]
public string shi502_netname;
public uint shi502_type;
[MarshalAs(UnmanagedType.LPWStr)]
public string shi502_remark;
public Int32 shi502_permissions;
public Int32 shi502_max_uses;
public Int32 shi502_current_uses;
[MarshalAs(UnmanagedType.LPWStr)]
public string shi502_path;
public IntPtr shi502_passwd;
public Int32 shi502_reserved;
public IntPtr shi502_security_descriptor;
}
[StructLayout(LayoutKind.Sequential)]
struct ACL_SIZE_INFORMATION
{
public uint AceCount;
public uint AclBytesInUse;
public uint AclBytesFree;
}
[StructLayout(LayoutKind.Sequential)]
public struct ACE_HEADER
{
public byte AceType;
public byte AceFlags;
public short AceSize;
}
[StructLayout(LayoutKind.Sequential)]
struct ACCESS_ALLOWED_ACE
{
public ACE_HEADER Header;
public int Mask;
public int SidStart;
}
enum ACL_INFORMATION_CLASS
{
AclRevisionInformation = 1,
AclSizeInformation
}
static void Main(string[] args)
{
IntPtr bufptr = IntPtr.Zero;
int err = NetShareGetInfo("ServerName", "ShareName", 502, out bufptr);
if (0 == err)
{
SHARE_INFO_502 shareInfo = (SHARE_INFO_502)Marshal.PtrToStructure(bufptr, typeof(SHARE_INFO_502));
bool bDaclPresent;
bool bDaclDefaulted;
IntPtr pAcl = IntPtr.Zero;
GetSecurityDescriptorDacl(shareInfo.shi502_security_descriptor, out bDaclPresent, ref pAcl, out bDaclDefaulted);
if (bDaclPresent)
{
ACL_SIZE_INFORMATION AclSize = new ACL_SIZE_INFORMATION();
GetAclInformation(pAcl, ref AclSize, (uint)Marshal.SizeOf(typeof(ACL_SIZE_INFORMATION)), ACL_INFORMATION_CLASS.AclSizeInformation);
for (int i = 0; i < AclSize.AceCount; i++)
{
IntPtr pAce;
err = GetAce(pAcl, i, out pAce);
ACCESS_ALLOWED_ACE ace = (ACCESS_ALLOWED_ACE)Marshal.PtrToStructure(pAce, typeof(ACCESS_ALLOWED_ACE));
IntPtr iter = (IntPtr)((long)pAce + (long)Marshal.OffsetOf(typeof(ACCESS_ALLOWED_ACE), "SidStart"));
byte[] bSID = null;
int size = (int)GetLengthSid(iter);
bSID = new byte[size];
Marshal.Copy(iter, bSID, 0, size);
IntPtr ptrSid;
ConvertSidToStringSid(bSID, out ptrSid);
string strSID = Marshal.PtrToStringAuto(ptrSid);
Console.WriteLine("The details of ACE number {0} are: ", i+1);
StringBuilder name = new StringBuilder();
uint cchName = (uint)name.Capacity;
StringBuilder referencedDomainName = new StringBuilder();
uint cchReferencedDomainName = (uint)referencedDomainName.Capacity;
SID_NAME_USE sidUse;
LookupAccountSid(null, bSID, name, ref cchName, referencedDomainName, ref cchReferencedDomainName, out sidUse);
Console.WriteLine("Trustee Name: " + name);
Console.WriteLine("Domain Name: " + referencedDomainName);
if ((ace.Mask & 0x1F01FF) == 0x1F01FF)
{
Console.WriteLine("Permission: Full Control");
}
else if ((ace.Mask & 0x1301BF) == 0x1301BF)
{
Console.WriteLine("Permission: READ and CHANGE");
}
else if ((ace.Mask & 0x1200A9) == 0x1200A9)
{
Console.WriteLine("Permission: READ only");
}
Console.WriteLine("SID: {0} \nHeader AceType: {1} \nAccess Mask: {2} \nHeader AceFlag: {3}", strSID, ace.Header.AceType.ToString(), ace.Mask.ToString(), ace.Header.AceFlags.ToString());
Console.WriteLine("\n");
}
}
err = NetApiBufferFree(bufptr);
}
}
}
另外,如果可以,请在另一个网络上尝试您的代码和此代码,因为我认为它存在一些环境问题。