Setting Folder Security Permissions w/ vb.net

#1

There is probably a simple answer to this problem, but i cant seem t
find it, so, please, help. What i have is a piece of code that adds
group to Active Directory, then it creates a folder, now i need to giv
that group security permissions on the folder. any ideas how to go abou
this

--
Sara

#2

I pulled this out of some old code i had. This is just a subset of the
code. hope it works okay. let me know if you need more.

using System;
using ActiveDs;

namespace Com.MyCompany.DirectoryServices
{
public enum DsPermissionTypes
{
Read,
Write,
Delete,
ChangePermissions
}

/// <summary>
/// Summary description for Permissions.
/// </summary>
public class DsPermissions
{

// Generic

/// <summary>
/// Grants generic read permissions.
/// </summary>
public static int GENERIC_READ = 0x8000000;
/// <summary>
/// Grants generic write permissions.
/// </summary>
public static int GENERIC_WRITE = 0x4000000;
/// <summary>
/// Grants generic execute permissions.
/// </summary>
public static int GENERIC_EXECUTE = 0x2000000;
/// <summary>
/// Grants generic all permissions.
/// </summary>
public static int GENERIC_ALL = 0x1000000;

//standard
/// <summary>
/// Grants standard STANDARD_RIGHTS_REQUIRED permissions.
/// </summary>
public static int STANDARD_RIGHTS_REQUIRED = 0xF0000;
/// <summary>
/// Grants standard STANDARD_RIGHTS_READ permissions.
/// </summary>
public static int STANDARD_RIGHTS_READ = READ_CONTROL;
/// <summary>
/// Grants standard STANDARD_RIGHTS_WRITE permissions.
/// </summary>
public static int STANDARD_RIGHTS_WRITE = READ_CONTROL;
/// <summary>
/// Grants standard STANDARD_RIGHTS_EXECUTE permissions.
/// </summary>
public static int STANDARD_RIGHTS_EXECUTE = READ_CONTROL;
/// <summary>
/// Grants standard STANDARD_RIGHTS_ALL permissions.
/// </summary>
public static int STANDARD_RIGHTS_ALL = 0x1F0000;
/// <summary>
/// Grants SPECIFIC_RIGHTS_ALL permissions.
/// </summary>
public static int SPECIFIC_RIGHTS_ALL = 0xFFFF;
/// <summary>
/// Grants standard ACCESS_SYSTEM_SECURITY permissions.
/// </summary>
public static int ACCESS_SYSTEM_SECURITY = 0x1000000;
/// <summary>
/// Grants standard MAXIMUM_ALLOWED permissions.
/// </summary>
public static int MAXIMUM_ALLOWED = 0x2000000;

/// <summary>
/// Grants all listed permissions.
/// </summary>
public static int FullAccess = 0x1F01FF;
/// <summary>
/// Grants the right to read data from the file. For a directory, this
value grants the right to list the contents of the directory.
/// </summary>
public static int FILE_READ_DATA = 0x1;
/// <summary>
/// Grants the right to list the contents of the directory.
/// </summary>
public static int FILE_LIST_DIRECTORY = 0x1;
/// <summary>
/// Grants the right to write data to the file. For a directory, this
value grants the right to create a file in the directory.
/// </summary>
public static int FILE_WRITE_DATA = 0x2;
/// <summary>
/// Grants the right to create a file in the directory.
/// </summary>
public static int FILE_ADD_FILE = 0x2;
/// <summary>
/// Grants the right to write data to the file.
/// </summary>
public static int FILE_APPEND_DATA = 0x4;
/// <summary>
/// Grants the right to create a subdirectory.
/// </summary>
public static int FILE_ADD_SUBDIRECTORY = 0x4;
/// <summary>
/// Grants the right to read extended attributes.
/// </summary>
public static int FILE_READ_EA = 0x8;
/// <summary>
/// Grants the right to write extended attributes.
/// </summary>
public static int FILE_WRITE_EA = 0x10;
/// <summary>
/// Grants the right so the directory can be traversed.
/// </summary>
public static int FILE_TRAVERSE = 0x20;
/// <summary>
/// Grants the right to execute a file.
/// </summary>
public static int FILE_EXECUTE = 0x20;
/// <summary>
/// Grants the right to delete a directory and all the files it contains
(its children), even if the files are read-only.
/// </summary>
public static int FILE_DELETE_CHILD = 0x40;
/// <summary>
/// Grants the right to read file attributes.
/// </summary>
public static int FILE_READ_ATTRIBUTES = 0x80;
/// <summary>
/// Grants the right to change file attributes.
/// </summary>
public static int FILE_WRITE_ATTRIBUTES = 0x100;
/// <summary>
/// Grants delete access.
/// </summary>
public static int DELETE = 0x10000;
/// <summary>
/// Grants read access to the security descriptor and owner.
/// </summary>
public static int READ_CONTROL = 0x20000;
/// <summary>
/// Grants write access to the discretionary ACL.
/// </summary>
public static int WRITE_DAC = 0x40000;
/// <summary>
/// Assigns the write owner.
/// </summary>
public static int WRITE_OWNER = 0x80000;
/// <summary>
/// Synchronizes access and allows a process to wait for an object to
enter the signaled state.
/// </summary>
public static int SYNCHRONIZE = 0x100000;

//generic rights masks for files and directories
/// <summary>
/// Grants File All Access;
/// </summary>
public static int FILE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE

Quote:

0x1FF;
/// <summary

/// Synchronizes access and allows a process to wait for an objectto enter
the signaled state.
/// </summary>
public static int FILE_GENERIC_READ = STANDARD_RIGHTS_READ |
FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | SYNCHRONIZE;
/// <summary>
/// Synchronizes access and allows a process to wait for an objectto enter
the signaled state.
/// </summary>
public static int FILE_GENERIC_WRITE = STANDARD_RIGHTS_WRITE |
FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA |
SYNCHRONIZE;
/// <summary>
/// Synchronizes access and allows a process to wait for an objectto enter
the signaled state.
/// </summary>
public static int FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE |
FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE;

private long _mask;

public DsPermissions() : this(0) {}

public DsPermissions(long mask)
{
_mask = mask;
}

public long Mask
{
get { return _mask; }
set { _mask = value; }
}

// Read
public bool ReadData
{
get { return (_mask & FILE_READ_DATA) == FILE_READ_DATA; }
}
public bool ListDirectory
{
get { return (_mask & FILE_LIST_DIRECTORY) == FILE_LIST_DIRECTORY; }
}

// Write
public bool WriteData
{
get { return (_mask & FILE_WRITE_DATA) == FILE_WRITE_DATA; }
}
public bool AddFile
{
get { return (_mask & FILE_ADD_FILE) == FILE_ADD_FILE; }
}
public bool AppendData
{
get { return (_mask & FILE_APPEND_DATA) == FILE_APPEND_DATA; }
}

// File
public bool Execute
{
get { return (_mask & FILE_EXECUTE) == FILE_EXECUTE; }
}

// Directory
public bool AddSubDirectory
{
get { return (_mask & FILE_ADD_SUBDIRECTORY) == FILE_ADD_SUBDIRECTORY; }
}
public bool TraverseDirectory
{
get { return (_mask & FILE_TRAVERSE) == FILE_TRAVERSE; }
}
public bool Delete
{
get { return (_mask & FILE_DELETE_CHILD) == FILE_DELETE_CHILD; }
}

// Attributes
public bool ReadAttributes
{
get { return (_mask & FILE_READ_ATTRIBUTES) == FILE_READ_ATTRIBUTES; }
}
public bool WriteAttributes
{
get { return (_mask & FILE_WRITE_ATTRIBUTES) == FILE_WRITE_ATTRIBUTES; }
}
public bool ReadExtendedAttributes
{
get { return (_mask & FILE_READ_EA) == FILE_READ_EA; }
}
public bool WriteExtendedAttributes
{
get { return (_mask & FILE_WRITE_EA) == FILE_WRITE_EA; }
}

// Permissions
public bool ReadPermissions
{
get { return (_mask & READ_CONTROL) == READ_CONTROL; }
}
public bool WritePermissions
{
get { return (_mask & WRITE_DAC) == WRITE_DAC; }
}
}
}

using System;
using ActiveDs;

public class DsFolder
{
public DsFolder() : this(null) {}

public DsFolder(string FolderName)
{
_folderName = FolderName;

if (_folderName!=null)
LoadFolder();
}

private void LoadFolder()
{
if ( _users == null )
_users = new DsUsersArrayList();
else
_users.Clear();

ActiveDs.ADsSecurityUtilityClass secuUtil=null;
ActiveDs.SecurityDescriptor secuDesc=null;
// Load folder Info
try
{
secuUtil = new ActiveDs.ADsSecurityUtilityClass();
secuDesc = (ActiveDs.SecurityDescriptor)secuUtil.GetSecurityD escriptor(
this.FolderName,
(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID );
if (secuDesc != null)
{
// Since we asked for ADS_SD_FORMAT_IID format, that means the returned
// object is IADsSecurityDescriptor. So we can use the methods on this
// object to get more information about the secutity descrptor.
ActiveDs.IADsSecurityDescriptor sd =
(ActiveDs.IADsSecurityDescriptor)secuDesc;
this.Owner = sd.Owner;
//long lRevision = sd.Revision;
//long lControlFlags = sd.Control;
ActiveDs.IADsAccessControlList oDacl =
(ActiveDs.IADsAccessControlList)sd.DiscretionaryAc l;

// Get Ace enumerator.
IEnumerator oAceEnum = oDacl.GetEnumerator();
while (oAceEnum.MoveNext())
{
//Get Information about Ace.
ActiveDs.IADsAccessControlEntry oAce =
(ActiveDs.IADsAccessControlEntry)oAceEnum.Current;

_users.Add(new DsUser(oAce.Trustee, oAce.ObjectType, oAce.AceType,
oAce.AccessMask, oAce.AceFlags));
}
}
}
catch(Exception exp)
{
throw(exp);
}
finally
{
secuUtil = null;
secuDesc = null;
}
}

public bool GrantPermission(string username, string domain,
DsPermissionTypes permissionType)
{
try
{

ADsSecurityUtilityClass secuUtil = new ADsSecurityUtilityClass();
object secuDesc = secuUtil.GetSecurityDescriptor(
this.FolderName,
(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID );
if (secuDesc != null)
{
// Since we asked for ADS_SD_FORMAT_IID format, that means the returned
// object is IADsSecurityDescriptor. So we can use the methods on this
// object to get more information about the secutity descrptor.
ActiveDs.IADsSecurityDescriptor folderSD =
(IADsSecurityDescriptor)secuDesc;

AccessControlEntry newAce = new AccessControlEntryClass();
ActiveDs.IADsAccessControlList folderAcl =
(ActiveDs.IADsAccessControlList)folderSD.Discretio naryAcl;

newAce.AceType =
(int)ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ ALLOWED;

switch (permissionType)
{
case DsPermissionTypes.Read:
newAce.AccessMask = DsPermissions.FILE_GENERIC_READ;
break;
case DsPermissionTypes.Write:
newAce.AccessMask = DsPermissions.FILE_GENERIC_WRITE;
break;
case DsPermissionTypes.Delete:
newAce.AccessMask = DsPermissions.DELETE |
DsPermissions.FILE_DELETE_CHILD;
break;
case DsPermissionTypes.ChangePermissions:
newAce.AccessMask = DsPermissions.READ_CONTROL |
DsPermissions.WRITE_DAC;
break;
}

newAce.AceFlags=(int)ActiveDs.ADS_ACEFLAG_ENUM.ADS _ACEFLAG_INHERIT_ACE;
newAce.Flags=(int)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_F LAG_OBJECT_TYPE_PRESENT

Quote:

(int)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_FLAG_INHERITED _OBJECT_TYPE_PRESENT;

newAce.Trustee = (domain==null)?username:domain + @"\" + username;

folderAcl.AddAce(newAce);
folderSD.DiscretionaryAcl = folderAcl;

secuUtil.SetSecurityDescriptor(this.FolderName,
(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
folderSD,
(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID );
return true;
}
else
{
return false;
}
}
catch(Exception exp)
{
throw exp;
}
}
}

#3

Sorry, this code is C#.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Setting Folder Security Permissions w/ vb.net

Dotnet Scripting microsoft.public.dotnet.scripting

Setting Folder Security Permissions w/ vb.net - 11-16-2005 , 09:35 AM

Re: Setting Folder Security Permissions w/ vb.net - 12-20-2005 , 11:48 AM

Re: Setting Folder Security Permissions w/ vb.net - 12-20-2005 , 11:49 AM