Meik/LIAM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Align NTFS ensure traverse handling

Browse Source
This commit is contained in:
Meik
2026-05-08 21:25:00 +02:00
parent 898ed7dd8e
commit fc8e907011
3 changed files with 297 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
LiamNtfs/C4IT.LIAM.Ntfs.cs
View File

@@ -55,6 +55,7 @@ namespace C4IT.LIAM
public static Guid nftsModuleId = new Guid("77e213a1-6517-ea11-4881-000c2980fd94");
private const string AdditionalConfigurationExcludePathsKey = "NtfsExcludePaths";
private const string AdditionalConfigurationIncludePathsKey = "NtfsIncludePaths";
private const string AdditionalConfigurationTraverseBoundaryPathKey = "NtfsTraverseBoundaryPath";
public readonly cNtfsBase ntfsBase = new cNtfsBase();
public readonly cActiveDirectoryBase activeDirectoryBase = new cActiveDirectoryBase();
private readonly Dictionary<string, HashSet<string>> publishedShareCache = new Dictionary<string, HashSet<string>>(StringComparer.OrdinalIgnoreCase);
@@ -996,8 +997,10 @@ namespace C4IT.LIAM
groupDLTag = requiresDomainLocalTag ? GetRequiredCustomTag("Filesystem_GroupDomainLocalTag") : string.Empty,
groupGTag = GetRequiredCustomTag("Filesystem_GroupGlobalTag"),
CanManagePermissionsForPath = IsPermissionManagedFolderPath,
CanManageTraversePermissionsForPath = IsTraversePermissionManagedPath,
forceStrictAdGroupNames = IsAdditionalConfigurationEnabled("ForceStrictAdGroupNames")
};
engine.traverseBoundaryPath = GetAdditionalConfigurationValue(AdditionalConfigurationTraverseBoundaryPathKey);
foreach (var template in BuildSecurityGroupTemplates())
engine.templates.Add(template);
@@ -1018,6 +1021,17 @@ namespace C4IT.LIAM
|| rawValue.Equals("yes", StringComparison.OrdinalIgnoreCase);
}
private string GetAdditionalConfigurationValue(string key)
{
if (AdditionalConfiguration == null || string.IsNullOrWhiteSpace(key))
return string.Empty;
if (!AdditionalConfiguration.TryGetValue(key, out var rawValue) || string.IsNullOrWhiteSpace(rawValue))
return string.Empty;
return rawValue.Trim();
}
public bool IsPermissionManagedFolderPath(string path)
{
return IsPermissionManagedPath(path, eNtfsPathKind.Folder);
@@ -1042,6 +1056,23 @@ namespace C4IT.LIAM
return IsPathWhitelisted(classification, false, out matchingConfigurationKey, out matchingRule);
}
private bool IsTraversePermissionManagedPath(string path)
{
if (string.IsNullOrWhiteSpace(GetAdditionalConfigurationValue(AdditionalConfigurationTraverseBoundaryPathKey)))
return IsPermissionManagedFolderPath(path);
var classification = ClassifyPath(path);
if (classification == null || classification.Kind == eNtfsPathKind.ServerRoot || classification.Kind == eNtfsPathKind.Unknown)
return false;
string matchingConfigurationKey;
string matchingRule;
if (IsPathBlacklisted(classification, out matchingConfigurationKey, out matchingRule))
return false;
return Directory.Exists(path);
}
private static bool IsSupportedPermissionManagedPathKind(cNtfsPathClassification classification, params eNtfsPathKind[] supportedKinds)
{
if (classification == null || supportedKinds == null || supportedKinds.Length == 0)