in Configurator/UI/Wizards/ServerConfigPages/ServerConfigSecurityPage.cs [225:379]
private void LoadUsersAndGroups()
{
if (string.IsNullOrEmpty(_dataDirectory))
{
Logger.LogError(Properties.Resources.ServerConfigNoValueAssignedToDataDirectory);
return;
}
// If the data directory does not exist we go up one level until we find a folder from
// where we can identify the default directory permissions.
var directoryInfo = new DirectoryInfo(_dataDirectory);
while(!directoryInfo.Exists)
{
if (directoryInfo.Parent == null)
{
break;
}
directoryInfo = directoryInfo.Parent;
}
if (!directoryInfo.Exists)
{
directoryInfo = new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData));
if (!directoryInfo.Exists)
{
Logger.LogError(Properties.Resources.ServerConfigNoValidBaseDirectoryFound);
return;
}
}
// Populate the List View controls with the default elements.
var rules = DirectoryServicesWrapper.GetAuthorizationRules(directoryInfo);
if (rules == null)
{
Logger.LogError(Properties.Resources.ServerConfigFailedToGetAuthorizationRules);
return;
}
foreach (FileSystemAccessRule rule in rules)
{
var ruleValue = rule.IdentityReference.Value;
if (string.IsNullOrEmpty(ruleValue))
{
Logger.LogWarning(Properties.Resources.ServerConfigNameMissingForRule);
continue;
}
var account = new NTAccount(ruleValue.Contains("\\") ? ruleValue.Split('\\')[1] : ruleValue);
if (account == null)
{
Logger.LogWarning(string.Format(Properties.Resources.ServerConfigConvertToNTAccountFailed, ruleValue));
continue;
}
SecurityIdentifier securityIdentifier = null;
try
{
securityIdentifier = account.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
}
catch (Exception ex)
{
Logger.LogException(ex);
}
if (securityIdentifier == null)
{
Logger.LogWarning(string.Format(Properties.Resources.ServerConfigNameMissingForRule, account.Value));
continue;
}
// Windows assigns full control to the CREATOR/OWNER and System accounts by default.
// We will set them as editable in the Full Control list in case the user wants to remove them.
if (securityIdentifier.Value == _creatorOwnerUser.Value
|| securityIdentifier.Value == _systemAccountUser.Value)
{
if (FullControlListView.Items.ContainsKey(account.Value))
{
continue;
}
AddItemToListView(FullControlListView, account.Value, false, false);
}
// Add the local Administrators group to the Full Control list as non-editable.
else if (securityIdentifier.Value == _administratorsGroup.Value)
{
if (FullControlListView.Items.ContainsKey(account.Value))
{
continue;
}
AddItemToListView(FullControlListView, account.Value, true, true);
}
// Add the local Users group to the No-Access list as non-editable.
else if (securityIdentifier.Value == _usersGroup.Value)
{
if (NoAccessListView.Items.ContainsKey(account.Value))
{
continue;
}
AddItemToListView(NoAccessListView, account.Value, true, true);
}
// Add any other inherited user/group to the No-Access list as editable.
else
{
if (NoAccessListView.Items.ContainsKey(account.Value))
{
continue;
}
AddItemToListView(NoAccessListView, account.Value, DirectoryServicesWrapper.IsGroup(rule.IdentityReference.Value) == true, true);
}
}
// Query for any other local groups and include them to the No-Access list as editable.
var groups = DirectoryServicesWrapper.GetLocalGroups();
if (groups != null)
{
foreach (var group in groups)
{
if (NoAccessListView.Items.ContainsKey(group)
|| FullControlListView.Items.ContainsKey(group))
{
continue;
}
AddItemToListView(NoAccessListView, group, true, false);
}
}
else
{
Logger.LogError(string.Format(Properties.Resources.ServerConfigFailedToRetrieveLocalPrincipals, "groups"));
}
// Query for any other local users and include them to the No-Access list as editable.
var users = DirectoryServicesWrapper.GetLocalUsers();
if (users != null)
{
foreach (var user in users)
{
if (NoAccessListView.Items.ContainsKey(user)
|| FullControlListView.Items.ContainsKey(user))
{
continue;
}
AddItemToListView(NoAccessListView, user, false, false);
}
}
else
{
Logger.LogError(string.Format(Properties.Resources.ServerConfigFailedToRetrieveLocalPrincipals, "users"));
}
}