如何删除已拒绝“列出文件夹内容”的目录的子目录?可以找到“列出文件夹/读取数据”权限的描述 here但我找不到关于它的 Microsoft 文档。
这是目录结构和权限的设置方式。
C:\Temp\A\B\test.txt
- A - 拒绝“列出文件夹内容”
- B - 在我设置 A 的权限之前拥有默认权限
- test.txt - 在我设置 A 的权限之前具有默认权限
这是我在代码注释中尝试过的代码。同样在每种方法上方,我都包含一条注释,说明我尝试过的路径值。对于所有这些示例,我从未尝试删除包含子目录的目录。我正在尝试删除文件或空目录。
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool RemoveDirectory(string lpPathName);
//C:\Temp\A - Success
//C:\Temp\A\B - Fail
private void RemoveDirectoryImpl(string path)
{
if (!RemoveDirectory(path))
//Returns error code 5 "access denied"
Debug.WriteLine(Marshal.GetLastWin32Error());
}
//C:\Temp\A - Success
//C:\Temp\A\B - Fail
private void DirectoryInfoDeleteImpl(string path)
{
DirectoryInfo directoryInfo = new DirectoryInfo(path);
//this throws an UnauthorizedAccessException but the directory is empty so it has no read-only files and the directory itself is not read-only.
directoryInfo.Delete();
}
//C:\Temp\A - Success
//C:\Temp\A\B - Fail
private void DirectoryDeleteImpl(string path)
{
//this throws an UnauthorizedAccessException but the directory is empty so it has no read-only files and the directory itself is not read-only.
Directory.Delete(path);
}
出于某种原因,我可以在 B 中添加和删除文件。我也可以删除带有拒绝“列出文件夹内容”的根目录,只要它是空的。
//C:\Temp\A\B\test.txt - Success
private void FileDeleteImpl(string path)
{
//this is successful and does not throw an error.
File.Delete(path);
}
我确实找到了 Bypass Traverse Checking这很有趣。我确认我们的组策略设置仍然包含 Everyone 组。
编辑 1:
使用@rbmm 在评论中给我的信息,我能够将这段代码放在一起,但它仍然不会删除目录。我在给自己“列出文件夹内容”后尝试了这段代码并且它有效。此代码中没有任何错误。
private void BackupPrivilegeDeleteImpl(string path)
{
TOKEN_PRIVILEGES tokenPrivileges = new TOKEN_PRIVILEGES();
tokenPrivileges.Privileges = new LUID_AND_ATTRIBUTES[40];
IntPtr token = IntPtr.Zero;
try
{
bool success = OpenProcessToken(Process.GetCurrentProcess().Handle, TOKEN_ADJUST_PRIVILEGES, ref token);
if (!success)
throw new Win32Exception(Marshal.GetLastWin32Error());
success = LookupPrivilegeValue(null, SE_BACKUP_NAME, ref tokenPrivileges.Privileges[0].Luid);
if (!success)
throw new Win32Exception(Marshal.GetLastWin32Error());
tokenPrivileges.PrivilegeCount = 1;
tokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
success = AdjustTokenPrivileges(token, false, ref tokenPrivileges, (uint)Marshal.SizeOf(tokenPrivileges), IntPtr.Zero, IntPtr.Zero);
if (!success)
throw new Win32Exception(Marshal.GetLastWin32Error());
//Directory always comes back as the value 0xffffffff
IntPtr directory = CreateFile(path, EFileAccessMasks.Delete, EFileShare.Delete, IntPtr.Zero, ECreationDisposition.OpenExisting, EFileAttributes.DeleteOnClose | EFileAttributes.ReparsePoint | EFileAttributes.BackupSemantics, IntPtr.Zero);
CloseHandle(directory);
Debug.WriteLine(success.ToString());
}
catch (Win32Exception e)
{
tbLastError.Text = e.NativeErrorCode.ToString();
Debug.WriteLine(e.ToString());
}
catch (Exception e)
{
Debug.WriteLine(e.ToString());
}
finally
{
CloseHandle(token);
}
}
编辑 2:
根据@eryksun 的请求,添加了 accessschk 的输出。
C:\Temp\A
DESCRIPTOR FLAGS:
[SE_DACL_PRESENT]
[SE_DACL_PROTECTED]
OWNER: REDACTED
[0] ACCESS_DENIED_ACE_TYPE: NT AUTHORITY\Authenticated Users
[CONTAINER_INHERIT_ACE]
FILE_LIST_DIRECTORY
FILE_READ_ATTRIBUTES
FILE_READ_EA
FILE_TRAVERSE
READ_CONTROL
[1] ACCESS_ALLOWED_ACE_TYPE: NT AUTHORITY\Authenticated Users
[OBJECT_INHERIT_ACE]
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
FILE_ADD_FILE
FILE_ADD_SUBDIRECTORY
FILE_LIST_DIRECTORY
FILE_READ_ATTRIBUTES
FILE_READ_EA
FILE_TRAVERSE
FILE_WRITE_ATTRIBUTES
FILE_WRITE_EA
SYNCHRONIZE
READ_CONTROL
[2] ACCESS_ALLOWED_ACE_TYPE: NT AUTHORITY\SYSTEM
[OBJECT_INHERIT_ACE]
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
FILE_ALL_ACCESS
[3] ACCESS_ALLOWED_ACE_TYPE: REDACTED
[OBJECT_INHERIT_ACE]
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
FILE_ALL_ACCESS
[4] ACCESS_ALLOWED_ACE_TYPE: BUILTIN\Administrators
[OBJECT_INHERIT_ACE]
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
FILE_ALL_ACCESS
[5] ACCESS_ALLOWED_ACE_TYPE: BUILTIN\Users
[OBJECT_INHERIT_ACE]
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
FILE_ALL_ACCESS
Accessschk v6.12 - 报告安全对象的有效权限 版权所有 (C) 2006-2017 Mark Russinovich Sysinternals - www.sysinternals.com
C:\Temp\A\B
DESCRIPTOR FLAGS:
[SE_DACL_PRESENT]
[SE_DACL_PROTECTED]
OWNER: REDACTED
[0] ACCESS_DENIED_ACE_TYPE: NT AUTHORITY\Authenticated Users
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
FILE_LIST_DIRECTORY
FILE_READ_ATTRIBUTES
FILE_READ_EA
FILE_TRAVERSE
READ_CONTROL
[1] ACCESS_ALLOWED_ACE_TYPE: NT AUTHORITY\Authenticated Users
[OBJECT_INHERIT_ACE]
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
FILE_ADD_FILE
FILE_ADD_SUBDIRECTORY
FILE_LIST_DIRECTORY
FILE_READ_ATTRIBUTES
FILE_READ_EA
FILE_TRAVERSE
FILE_WRITE_ATTRIBUTES
FILE_WRITE_EA
SYNCHRONIZE
READ_CONTROL
[2] ACCESS_ALLOWED_ACE_TYPE: NT AUTHORITY\SYSTEM
[OBJECT_INHERIT_ACE]
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
FILE_ALL_ACCESS
[3] ACCESS_ALLOWED_ACE_TYPE: REDACTED
[OBJECT_INHERIT_ACE]
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
FILE_ALL_ACCESS
[4] ACCESS_ALLOWED_ACE_TYPE: BUILTIN\Administrators
[OBJECT_INHERIT_ACE]
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
FILE_ALL_ACCESS
[5] ACCESS_ALLOWED_ACE_TYPE: BUILTIN\Users
[OBJECT_INHERIT_ACE]
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
FILE_ALL_ACCESS
最佳答案
这是使删除生效的最终代码。感谢@eryksun 和@rbmm 帮助我完成这项工作,并为我提供了我需要进行的正确的 win32 api 调用。我最大的问题是我在 LookupPrivilegeValue(null, "SeBackupPrivilege", ref tokenPrivileges.Privileges[0].Luid)
这行将 LUID 作为 uint 而不是 LUID 结构进行编码。在 token 上设置我的权限后,我能够对目录使用托管 C# 删除方法,因为在后台它只是调用 RemoveDirectory
。我也开始根据它返回的 bool 检查 AdjustPrivileges
是否成功,并且总是使用 Marshal.GetLastWin32Error() != 0
这确实有助于调试它。
private void BackupPrivilegeDeleteImpl(string path)
{
TOKEN_PRIVILEGES tokenPrivileges = new TOKEN_PRIVILEGES();
tokenPrivileges.Privileges = new LUID_AND_ATTRIBUTES[1];
IntPtr token = IntPtr.Zero;
try
{
bool success = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, ref token);
if (!success)
throw new Win32Exception(Marshal.GetLastWin32Error());
success = LookupPrivilegeValue(null, "SeBackupPrivilege", ref tokenPrivileges.Privileges[0].Luid);
if (!success)
throw new Win32Exception(Marshal.GetLastWin32Error());
tokenPrivileges.PrivilegeCount = 1;
tokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
success = AdjustTokenPrivileges(token, false, ref tokenPrivileges, (uint)Marshal.SizeOf(tokenPrivileges), IntPtr.Zero, IntPtr.Zero);
if (!success || Marshal.GetLastWin32Error() != 0)
throw new Win32Exception(Marshal.GetLastWin32Error());
if (!RemoveDirectory(path))
throw new Win32Exception(Marshal.GetLastWin32Error());
}
catch (Win32Exception e)
{
tbLastError.Text = e.NativeErrorCode.ToString();
Debug.WriteLine(e.ToString());
}
catch (Exception e)
{
Debug.WriteLine(e.ToString());
}
finally
{
CloseHandle(token);
}
}
关于c# - 如何删除已为 "List folder contents"设置拒绝的目录的子目录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52504969/