Skip NTFS ensure and traverse on share roots

2026-03-18 15:54:42 +01:00
parent eb6f23321d
commit 9d9575c9ef
2 changed files with 33 additions and 0 deletions
--- a/LiamNtfs/C4IT.LIAM.Ntfs.cs
+++ b/LiamNtfs/C4IT.LIAM.Ntfs.cs
@@ -648,6 +648,15 @@ namespace C4IT.LIAM
            bool ensureTraverseGroups = false,
            bool whatIf = false)
        {
+            if (!IsPermissionManagedFolderPath(folderPath))
+            {
+                return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString())
+                {
+                    resultErrorId = 30008,
+                    resultMessage = $"NTFS permission ensure is only supported for folder paths. Shares, DFS namespaces and server roots are skipped: {folderPath}"
+                });
+            }
+
            var parentPath = Directory.GetParent(folderPath)?.FullName;
            var engine = CreateFilesystemEngine(
                folderPath,
@@ -704,6 +713,7 @@ namespace C4IT.LIAM
                groupTraverseTag = GetRequiredCustomTag("Filesystem_GroupTraverseTag"),
                groupDLTag = requiresDomainLocalTag ? GetRequiredCustomTag("Filesystem_GroupDomainLocalTag") : string.Empty,
                groupGTag = GetRequiredCustomTag("Filesystem_GroupGlobalTag"),
+                CanManagePermissionsForPath = IsPermissionManagedFolderPath,
                forceStrictAdGroupNames = IsAdditionalConfigurationEnabled("ForceStrictAdGroupNames")
            };

@@ -726,6 +736,12 @@ namespace C4IT.LIAM
                || rawValue.Equals("yes", StringComparison.OrdinalIgnoreCase);
        }

+        public bool IsPermissionManagedFolderPath(string path)
+        {
+            var classification = ClassifyPath(path);
+            return classification != null && classification.Kind == eNtfsPathKind.Folder;
+        }
+
        private IEnumerable<IAM_SecurityGroupTemplate> BuildSecurityGroupTemplates()
        {
            var templates = new List<IAM_SecurityGroupTemplate>();
--- a/LiamNtfs/C4IT_IAM_SET/DataArea_FileSystem.cs
+++ b/LiamNtfs/C4IT_IAM_SET/DataArea_FileSystem.cs
@@ -52,6 +52,7 @@ namespace C4IT_IAM_SET
        public ICollection<string> ownerUserSids;
        public ICollection<string> readerUserSids;
        public ICollection<string> writerUserSids;
+        public Func<string, bool> CanManagePermissionsForPath;
        public bool forceStrictAdGroupNames;
        public bool WhatIf;

@@ -481,6 +482,22 @@ namespace C4IT_IAM_SET
                        break;
                    }

+                    if (CanManagePermissionsForPath != null && !CanManagePermissionsForPath(parent.FullName))
+                    {
+                        DefaultLogger.LogEntry(LogLevels.Debug, $"Überspringe Traverse-Verarbeitung für nicht verwaltbaren NTFS-Pfad: {parent.FullName}");
+                        parent = parent.Parent;
+                        if (parent != null)
+                        {
+                            lvl = DataArea.GetRelativePath(parent.FullName, baseFolder).Count(n => n == Path.DirectorySeparatorChar);
+                            DefaultLogger.LogEntry(LogLevels.Debug, $"Neue Ebene (lvl) nach Überspringen: {lvl}");
+                        }
+                        else
+                        {
+                            DefaultLogger.LogEntry(LogLevels.Debug, "Parent nach Überspringen ist null.");
+                        }
+                        continue;
+                    }
+
                    DefaultLogger.LogEntry(LogLevels.Debug, $"Hole ACL für Ordner: {parent.FullName}");
                    AuthorizationRuleCollection ACLs = null;
                    try