Meik/LIAM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Skip NTFS ensure and traverse on share roots

Browse Source
This commit is contained in:
Meik
2026-03-18 15:54:42 +01:00
parent eb6f23321d
commit 9d9575c9ef
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
LiamNtfs/C4IT.LIAM.Ntfs.cs
View File

@@ -648,6 +648,15 @@ namespace C4IT.LIAM
bool ensureTraverseGroups = false, bool ensureTraverseGroups = false,
bool whatIf = false) bool whatIf = false)
{ {
if (!IsPermissionManagedFolderPath(folderPath))
{
return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString())
{
resultErrorId = 30008,
resultMessage = $"NTFS permission ensure is only supported for folder paths. Shares, DFS namespaces and server roots are skipped: {folderPath}"
});
}
var parentPath = Directory.GetParent(folderPath)?.FullName; var parentPath = Directory.GetParent(folderPath)?.FullName;
var engine = CreateFilesystemEngine( var engine = CreateFilesystemEngine(
folderPath, folderPath,
@@ -704,6 +713,7 @@ namespace C4IT.LIAM
groupTraverseTag = GetRequiredCustomTag("Filesystem_GroupTraverseTag"), groupTraverseTag = GetRequiredCustomTag("Filesystem_GroupTraverseTag"),
groupDLTag = requiresDomainLocalTag ? GetRequiredCustomTag("Filesystem_GroupDomainLocalTag") : string.Empty, groupDLTag = requiresDomainLocalTag ? GetRequiredCustomTag("Filesystem_GroupDomainLocalTag") : string.Empty,
groupGTag = GetRequiredCustomTag("Filesystem_GroupGlobalTag"), groupGTag = GetRequiredCustomTag("Filesystem_GroupGlobalTag"),
CanManagePermissionsForPath = IsPermissionManagedFolderPath,
forceStrictAdGroupNames = IsAdditionalConfigurationEnabled("ForceStrictAdGroupNames") forceStrictAdGroupNames = IsAdditionalConfigurationEnabled("ForceStrictAdGroupNames")
}; };
@@ -726,6 +736,12 @@ namespace C4IT.LIAM
|| rawValue.Equals("yes", StringComparison.OrdinalIgnoreCase); || rawValue.Equals("yes", StringComparison.OrdinalIgnoreCase);
} }
public bool IsPermissionManagedFolderPath(string path)
{
var classification = ClassifyPath(path);
return classification != null && classification.Kind == eNtfsPathKind.Folder;
}
private IEnumerable<IAM_SecurityGroupTemplate> BuildSecurityGroupTemplates() private IEnumerable<IAM_SecurityGroupTemplate> BuildSecurityGroupTemplates()
{ {
var templates = new List<IAM_SecurityGroupTemplate>(); var templates = new List<IAM_SecurityGroupTemplate>();

17
LiamNtfs/C4IT_IAM_SET/DataArea_FileSystem.cs
View File

@@ -52,6 +52,7 @@ namespace C4IT_IAM_SET
public ICollection<string> ownerUserSids; public ICollection<string> ownerUserSids;
public ICollection<string> readerUserSids; public ICollection<string> readerUserSids;
public ICollection<string> writerUserSids; public ICollection<string> writerUserSids;
public Func<string, bool> CanManagePermissionsForPath;
public bool forceStrictAdGroupNames; public bool forceStrictAdGroupNames;
public bool WhatIf; public bool WhatIf;
@@ -481,6 +482,22 @@ namespace C4IT_IAM_SET
break; break;
} }
if (CanManagePermissionsForPath != null && !CanManagePermissionsForPath(parent.FullName))
{
DefaultLogger.LogEntry(LogLevels.Debug, $"Überspringe Traverse-Verarbeitung für nicht verwaltbaren NTFS-Pfad: {parent.FullName}");
parent = parent.Parent;
if (parent != null)
{
lvl = DataArea.GetRelativePath(parent.FullName, baseFolder).Count(n => n == Path.DirectorySeparatorChar);
DefaultLogger.LogEntry(LogLevels.Debug, $"Neue Ebene (lvl) nach Überspringen: {lvl}");
}
else
{
DefaultLogger.LogEntry(LogLevels.Debug, "Parent nach Überspringen ist null.");
}
continue;
}
DefaultLogger.LogEntry(LogLevels.Debug, $"Hole ACL für Ordner: {parent.FullName}"); DefaultLogger.LogEntry(LogLevels.Debug, $"Hole ACL für Ordner: {parent.FullName}");
AuthorizationRuleCollection ACLs = null; AuthorizationRuleCollection ACLs = null;
try try