Meik/LIAM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support NTFS permission ensure for shares

Browse Source
This commit is contained in:
Meik
2026-03-29 23:13:17 +02:00
parent 54be771569
commit ae65f8e758
3 changed files with 52 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
LiamNtfs/C4IT.LIAM.Ntfs.cs
View File

@@ -896,12 +896,33 @@ namespace C4IT.LIAM
bool ensureTraverseGroups = false, bool ensureTraverseGroups = false,
bool whatIf = false) bool whatIf = false)
{ {
if (!IsPermissionManagedFolderPath(folderPath)) var classification = ClassifyPath(folderPath);
if (!IsSupportedPermissionManagedPathKind(classification, eNtfsPathKind.Folder, eNtfsPathKind.ClassicShare, eNtfsPathKind.DfsLink))
{ {
return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString()) return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString())
{ {
resultErrorId = 30008, resultErrorId = 30008,
resultMessage = $"NTFS permission ensure is only supported for folder paths. Shares, DFS namespaces and server roots are skipped: {folderPath}" resultMessage = $"NTFS permission ensure is only supported for folder and share paths. DFS namespaces and server roots are skipped: {folderPath}"
});
}
string matchingConfigurationKey;
string matchingRule;
if (IsPathBlacklisted(classification, out matchingConfigurationKey, out matchingRule))
{
return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString())
{
resultErrorId = 30008,
resultMessage = $"NTFS permission ensure skipped for '{folderPath}' due to AdditionalConfiguration rule '{matchingConfigurationKey}={matchingRule}'."
});
}
if (!IsPathWhitelisted(classification, false, out matchingConfigurationKey, out matchingRule))
{
return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString())
{
resultErrorId = 30008,
resultMessage = $"NTFS permission ensure skipped for '{folderPath}' because no AdditionalConfiguration whitelist matched."
}); });
} }
@@ -915,7 +936,12 @@ namespace C4IT.LIAM
writerSids); writerSids);
engine.WhatIf = whatIf; engine.WhatIf = whatIf;
return Task.FromResult(engine.ensureDataAreaPermissions(ensureTraverseGroups)); var allowTraverseGroups = classification.Kind == eNtfsPathKind.Folder && ensureTraverseGroups;
var resultToken = engine.ensureDataAreaPermissions(allowTraverseGroups);
if (!allowTraverseGroups && ensureTraverseGroups)
resultToken.warnings.Add($"Traverse groups are currently only ensured for folder paths. Traverse processing was skipped for '{folderPath}'.");
return Task.FromResult(resultToken);
} }
private DataArea_FileSystem CreateFilesystemEngine( private DataArea_FileSystem CreateFilesystemEngine(
@@ -985,9 +1011,19 @@ namespace C4IT.LIAM
} }
public bool IsPermissionManagedFolderPath(string path) public bool IsPermissionManagedFolderPath(string path)
{
return IsPermissionManagedPath(path, eNtfsPathKind.Folder);
}
public bool IsPermissionManagedSharePath(string path)
{
return IsPermissionManagedPath(path, eNtfsPathKind.ClassicShare, eNtfsPathKind.DfsLink);
}
private bool IsPermissionManagedPath(string path, params eNtfsPathKind[] supportedKinds)
{ {
var classification = ClassifyPath(path); var classification = ClassifyPath(path);
if (classification == null || classification.Kind != eNtfsPathKind.Folder) if (!IsSupportedPermissionManagedPathKind(classification, supportedKinds))
return false; return false;
string matchingConfigurationKey; string matchingConfigurationKey;
@@ -998,6 +1034,14 @@ namespace C4IT.LIAM
return IsPathWhitelisted(classification, false, out matchingConfigurationKey, out matchingRule); return IsPathWhitelisted(classification, false, out matchingConfigurationKey, out matchingRule);
} }
private static bool IsSupportedPermissionManagedPathKind(cNtfsPathClassification classification, params eNtfsPathKind[] supportedKinds)
{
if (classification == null || supportedKinds == null || supportedKinds.Length == 0)
return false;
return supportedKinds.Contains(classification.Kind);
}
private IEnumerable<IAM_SecurityGroupTemplate> BuildSecurityGroupTemplates() private IEnumerable<IAM_SecurityGroupTemplate> BuildSecurityGroupTemplates()
{ {
var templates = new List<IAM_SecurityGroupTemplate>(); var templates = new List<IAM_SecurityGroupTemplate>();

2
LiamWorkflowActivities/C4IT.LIAM.WorkflowActivities.cs
View File

@@ -909,7 +909,7 @@ namespace C4IT.LIAM.Activities
public InArgument<Guid> ConfigID { get; set; } public InArgument<Guid> ConfigID { get; set; }
[Category("Input")] [Category("Input")]
[DisplayName("Folder Path")] [DisplayName("Path")]
[RequiredArgument] [RequiredArgument]
public InArgument<string> FolderPath { get; set; } public InArgument<string> FolderPath { get; set; }

4
LiamWorkflowActivities/LiamWorkflowRuntime.cs
View File

@@ -420,7 +420,9 @@ namespace LiamWorkflowActivities
if (!IsAdditionalConfigurationEnabled(provider, "EnsureNtfsPermissionGroups")) if (!IsAdditionalConfigurationEnabled(provider, "EnsureNtfsPermissionGroups"))
return true; return true;
foreach (var ntfsArea in dataAreas.OfType<cLiamNtfsFolder>()) foreach (var ntfsArea in dataAreas
.Where(dataArea => dataArea is cLiamNtfsFolder || dataArea is cLiamNtfsShare)
.Cast<cLiamNtfsPermissionDataAreaBase>())
{ {
var folderPath = ntfsArea.TechnicalName; var folderPath = ntfsArea.TechnicalName;
if (string.IsNullOrWhiteSpace(folderPath)) if (string.IsNullOrWhiteSpace(folderPath))