Only add inetpub default access if no access rights have been inherited.

microsoft · Mar 8, 2017 · 823e32b · 823e32b
1 parent 1b8a7af
commit 823e32b
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 24 deletions.
diff --git a/src/Microsoft.IIS.Administration.Files.Core/AccessControl.cs b/src/Microsoft.IIS.Administration.Files.Core/AccessControl.cs
@@ -22,27 +22,21 @@ public AccessControl(IFileOptions options)
 
         public IEnumerable<string> GetClaims(string path)
         {
-            IEnumerable<string> claims = new List<string>();
-
             //
             // Path must be absolute with no environment variables
-            if (!PathUtil.IsFullPath(path)) {
-                return claims;
-            }
-
-            //
-            // Best match
-            foreach (var location in _options.Locations) {
-
-                if (HasPrefix(path, location.Path)) {
+            if (PathUtil.IsFullPath(path)) {
+                //
+                // Best match
+                foreach (var location in _options.Locations) {
 
-                    claims = location.Claims;
+                    if (HasPrefix(path, location.Path)) {
 
-                    break;
+                        return location.Claims;
+                    }
                 }
             }
 
-            return claims;
+            return null;
         }
 
 

diff --git a/src/Microsoft.IIS.Administration.Files.Core/FileProvider.cs b/src/Microsoft.IIS.Administration.Files.Core/FileProvider.cs
@@ -156,7 +156,7 @@ public IEnumerable<string> GetClaims(string path)
 
         public bool IsAccessAllowed(string path, FileAccess requestedAccess)
         {
-            var claims = _accessControl.GetClaims(path);
+            var claims = _accessControl.GetClaims(path) ?? Enumerable.Empty<string>();
 
             return (!requestedAccess.HasFlag(FileAccess.Read) || claims.Contains("read", StringComparer.OrdinalIgnoreCase))
                                          && (!requestedAccess.HasFlag(FileAccess.Write) || claims.Contains("write", StringComparer.OrdinalIgnoreCase));

diff --git a/src/Microsoft.IIS.Administration.Files/Files/FilesHelper.cs b/src/Microsoft.IIS.Administration.Files/Files/FilesHelper.cs
@@ -175,7 +175,7 @@ private object DirectoryToJsonModel(IFileInfo info, Fields fields = null, bool f
             //
             // claims
             if (fields.Exists("claims")) {
-                obj.claims = _fileProvider.GetClaims(info.Path);
+                obj.claims = _fileProvider.GetClaims(info.Path) ?? Enumerable.Empty<string>();
             }
 
             return Core.Environment.Hal.Apply(Defines.DirectoriesResource.Guid, obj, full);
@@ -295,7 +295,7 @@ private object FileToJsonModel(IFileInfo info, Fields fields = null, bool full =
             //
             // claims
             if (fields.Exists("claims")) {
-                obj.claims = _fileProvider.GetClaims(info.Path);
+                obj.claims = _fileProvider.GetClaims(info.Path) ?? Enumerable.Empty<string>();
             }
 
 
@@ -383,7 +383,7 @@ private object InfoToJsonModel(IFileInfo info, Fields fields = null, bool full =
             //
             // claims
             if (fields.Exists("claims")) {
-                obj.claims = _fileProvider.GetClaims(info.Path);
+                obj.claims = _fileProvider.GetClaims(info.Path) ?? Enumerable.Empty<string>();
             }
 
 

diff --git a/src/Microsoft.IIS.Administration.WebServer.Files/Startup.cs b/src/Microsoft.IIS.Administration.WebServer.Files/Startup.cs
@@ -25,15 +25,23 @@ public override void Start()
 
         private void ConfigureOptions()
         {
-            IFileOptions options = (IFileOptions) Environment.Host.ApplicationBuilder.ApplicationServices.GetService(typeof(IFileOptions));
+            IFileProvider fileProvider = (IFileProvider) Environment.Host.ApplicationBuilder.ApplicationServices.GetService(typeof(IFileProvider));
 
-            options.AddLocation(new Location() {
-                Alias = "inetpub",
-                Path = @"%SystemDrive%\inetpub",
-                Claims = new List<string> {
+            string inetpubPath = System.Environment.ExpandEnvironmentVariables(@"%SystemDrive%\inetpub");
+            IEnumerable<string> claims = fileProvider.GetClaims(inetpubPath);
+
+            if (claims == null) {
+                //
+                // Only add default inetpub access if no access rights have been specified
+
+                fileProvider.Options.AddLocation(new Location() {
+                    Alias = "inetpub",
+                    Path = inetpubPath,
+                    Claims = new List<string> {
                         "read"
                     }
-            });
+                });
+            }
         }
 
         private void ConfigureFiles()