mirror of
https://github.com/jonbranan/globalscape.git
synced 2024-10-20 13:57:57 -05:00
207 lines
8.0 KiB
PowerShell
207 lines
8.0 KiB
PowerShell
##
|
|
## Copyright (C) 2018 GlobalSCAPE, Inc.
|
|
##
|
|
## The copyright to the computer program(s) herein is the property of
|
|
## GlobalSCAPE, Inc. The program(s) may be used and/or copied only with
|
|
## the written permission of GlobalSCAPE, Inc. or in accordance with the
|
|
## terms and conditions stipulated in the agreement/contract under which
|
|
## the program(s) have been supplied.
|
|
|
|
[CmdletBinding()]
|
|
Param(
|
|
[Parameter(Position = 0, Mandatory = $false, HelpMessage = "path filter (I.E. /usr/*), wildcards allowed")]
|
|
[String]$path = "",
|
|
|
|
[Parameter(Position = 1, Mandatory = $false, HelpMessage = "Client name, filter to this client (Optional)")]
|
|
[String]$client = "",
|
|
|
|
[Parameter(Position = 2, Mandatory = $False, HelpMessage = "Enter a host name or IP address")]
|
|
[String] $EFTAdminHostname = "localhost",
|
|
|
|
[Parameter(Position = 3, Mandatory = $False, HelpMessage = "Enter a port where EFT Server is listening for admin connections")]
|
|
[int] [ValidateRange(0, 65535)] $EFTAdminPort = 1100,
|
|
|
|
[Parameter(Position = 4, Mandatory = $False, HelpMessage = "Enter the name of the Site, leave empty to process all sites")]
|
|
[String] $EFTSiteName = "",
|
|
|
|
[Parameter(Position = 5, Mandatory = $False, HelpMessage = "Enter a Authentication Type to connect to EFT Server. 0: EFT Login, 1: Windows Login, 2: Network Logon")]
|
|
[int] [ValidateSet(0, 1, 2)] $EFTAdminAuthType = 1,
|
|
|
|
[Parameter(Position = 6, Mandatory = $False, HelpMessage = "Enter login")]
|
|
[String] $EFTAdminUsername,
|
|
|
|
[Parameter(Position = 7, Mandatory = $False, HelpMessage = "Enter password")]
|
|
[String] $Password,
|
|
|
|
[Parameter(Position = 7, Mandatory = $False, HelpMessage = "Validate Physical Path exists and Client (user or group exists) ")]
|
|
[switch] $Validate = $false,
|
|
|
|
[Parameter(Mandatory = $false, HelpMessage = "Show inherited permissions")]
|
|
[switch]$showInherited = $false
|
|
)
|
|
## To Export to CSV use:
|
|
## .\EFT.FolderPermissions.Export.ps1 |Format-Table
|
|
## .\EFT.FolderPermissions.Export.ps1 | Export-csv permissions.csv -NoTypeInformation
|
|
## .\EFT.FolderPermissions.Export.ps1 -EFTSiteName "MySite"
|
|
## .\EFT.FolderPermissions.Export.ps1 -FolderFilter "/usr/*"
|
|
## .\EFT.FolderPermissions.Export.ps1 -FolderFilter "/usr/*" -client "Guest"
|
|
## .\EFT.FolderPermissions.Export.ps1 -EFTSiteName "MySite" | Where-Object {$_.Permissions -gt 1152} | format-table
|
|
|
|
Function PermissionsToInt($permission) {
|
|
|
|
$permissionAsInt = 0
|
|
|
|
if ($null -ne $permission) {
|
|
if ($permission.FileUpload -eq $true) {$permissionAsInt += 1}
|
|
if ($permission.FileDelete -eq $true) {$permissionAsInt += 2}
|
|
if ($permission.FileRename -eq $true) {$permissionAsInt += 4}
|
|
if ($permission.FileAppend -eq $true) {$permissionAsInt += 8}
|
|
if ($permission.FileDownload -eq $true) {$permissionAsInt += 16}
|
|
if ($permission.DirCreate -eq $true) {$permissionAsInt += 32}
|
|
if ($permission.DirDelete -eq $true) {$permissionAsInt += 64}
|
|
if ($permission.DirList -eq $true) {$permissionAsInt += 128}
|
|
if ($permission.DirShowHidden -eq $true) {$permissionAsInt += 256}
|
|
if ($permission.DirShowReadOnly -eq $true) {$permissionAsInt += 512}
|
|
if ($permission.DirShowInList -eq $true) {$permissionAsInt += 1024}
|
|
}
|
|
return $permissionAsInt
|
|
}
|
|
Function StripVirtualPortion ($path) {
|
|
if ($path -like "* - Virtual*") {
|
|
$path = $path.Substring(0, $path.Indexof(" - Virtual"))
|
|
}
|
|
return $path
|
|
}
|
|
|
|
$script:EftServer = $null
|
|
$script:EftSites = $null
|
|
$script:EftSite = $null
|
|
$MXE_FOLDER_NOT_FOUND = "MX Error: 82 (00000052)"
|
|
$MXE_INVALID_FOLDER_NAME = "MX Error: 97 (00000061)"
|
|
$script:EftServer = new-object -ComObject "SFTPCOMInterface.CIServer"
|
|
|
|
try {
|
|
$script:EftServer.ConnectEx($EFTAdminHostname, $EFTAdminPort, $EFTAdminAuthType, $EFTAdminUsername, $Password)
|
|
}
|
|
catch [System.Runtime.InteropServices.COMException] {
|
|
Write-Host "Fail to connect to EFT '$($hostname)'. Exception : $($_.Exception.Message)"
|
|
throw
|
|
}
|
|
|
|
$script:EftSites = $script:EftServer.Sites()
|
|
$sitesCount = $script:EftSites.Count()
|
|
|
|
$results = @()
|
|
for ($j = 0; $j -le $sitesCount - 1; $j++ ) {
|
|
$script:EftSite = $script:EftSites.Item($j)
|
|
$SiteName = $script:EftSite.Name
|
|
if ($EFTSiteName -ne "") {
|
|
if ( $EFTSiteName -ne $siteName) {
|
|
continue
|
|
}
|
|
}
|
|
Write-Progress -Activity "Processing Sites" -status "Site '$SiteName' $j/$sitesCount" -percentComplete ($j / $sitesCount * 100)
|
|
$i = 0
|
|
$errorCount = 0
|
|
# Retrieve all the paths that have permissions in the config and decorate the orphans with a *
|
|
$folders = $script:EftSite.GetPermPathsList("-do")
|
|
if ($Validate) {
|
|
$users = $script:EftSite.GetUsers()
|
|
$groups = $script:EftSite.GetPermissionGroups()
|
|
}
|
|
$folderList = $folders.Split([string[]]"`r`n", "RemoveEmptyEntries")
|
|
|
|
Foreach ($folder in $folderList) {
|
|
Write-Progress -Activity "Processing Folders" -status "Folder $folder ($i/$($folderList.length))" -percentComplete ($i / $folderList.length * 100)
|
|
$i++
|
|
# check if folder paths ends with * (orphans) and ignore
|
|
if ($folder[-1] -eq "*") {
|
|
continue
|
|
}
|
|
|
|
if ($path -ne "" -and $folder -notlike $path) {
|
|
continue
|
|
}
|
|
|
|
$folder = StripVirtualPortion($folder)
|
|
try {
|
|
$permissions = $script:EftSite.GetFolderPermissions($folder)
|
|
}
|
|
catch [System.Runtime.InteropServices.COMException] {
|
|
switch ($_) {
|
|
$MXE_FOLDER_NOT_FOUND { $Errors = "**MXE_FOLDER_NOT_FOUND** : $_ " }
|
|
$MXE_INVALID_FOLDER_NAME { $Errors = "**MXE_INVALID_FOLDER_NAME** : $_ "}
|
|
Default { $Errors = "**Exception** : $_"}
|
|
}
|
|
$errorCount++
|
|
continue
|
|
}
|
|
Foreach ($permission in $permissions) {
|
|
|
|
## Is this filtered to a client?
|
|
if ($null -ne $client -and $client.Length -gt 0 -and $permission.Client -ne $client) {
|
|
continue
|
|
}
|
|
|
|
$permissionsAsInt = PermissionsToInt $permission
|
|
$InheritedFrom = $permission.InheritedFrom
|
|
if ($InheritedFrom[-1] -ne '/') {
|
|
$InheritedFrom = $InheritedFrom + "/"
|
|
}
|
|
|
|
## Is this $showInherited
|
|
if ($showInherited -eq $false -and $permission.IsInherited -eq $true) {
|
|
continue
|
|
}
|
|
if ($Validate) {
|
|
try {
|
|
$physicalPath = $script:EftSite.GetPhysicalPath($folder)
|
|
|
|
if (Test-Path $physicalPath) {
|
|
$ValidPath = "OK"
|
|
}
|
|
else {
|
|
$ValidPath = "FOLDER_NOT_FOUND: $physicalPath"
|
|
}
|
|
}
|
|
catch [System.Runtime.InteropServices.COMException] {
|
|
switch ($_) {
|
|
$MXE_FOLDER_NOT_FOUND { $ValidPath = "MXE_FOLDER_NOT_FOUND :$physicalPath $_ " }
|
|
Default { $ValidPath = "Exception: $_"}
|
|
}
|
|
}
|
|
catch {
|
|
$ValidPath = "ERROR : $physicalPath $_"
|
|
}
|
|
|
|
|
|
if ($users -contains $permission.Client -or $groups -contains $permission.Client) {
|
|
$ValidClient = "OK"
|
|
}
|
|
else {
|
|
$ValidClient = "USER_GROUP_NOT_FOUND"
|
|
}
|
|
}
|
|
|
|
$results += new-object PSObject -Property @{
|
|
SiteName = $script:EftSite.Name;
|
|
Path = $folder;
|
|
Client = $permission.Client;
|
|
Permissions = $permissionsAsInt;
|
|
IsInherited = $permission.IsInherited;
|
|
InheritedFrom = $InheritedFrom;
|
|
ValidPath = $ValidPath;
|
|
ValidClient = $ValidClient;
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
}
|
|
$results | Sort-Object SiteName, Path, Client
|
|
|
|
$script:EftServer.close()
|
|
|
|
$script:EftSite = $null
|
|
$script:EftSites = $null
|
|
$script:EftServer = $null |