Mercurial > trustbridge
comparison common/util.c @ 1208:0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 23 Sep 2014 19:15:49 +0200 |
| parents | 2a1206932f53 |
| children | 845048d4a69f |
comparison
equal
deleted
inserted
replaced
| 1207:e79fc57f1f9c | 1208:0a803c3fb5a6 |
|---|---|
| 654 #endif | 654 #endif |
| 655 } | 655 } |
| 656 | 656 |
| 657 #ifdef WIN32 | 657 #ifdef WIN32 |
| 658 bool | 658 bool |
| 659 create_restricted_directory (LPWSTR path, bool objects_should_inherit) | 659 create_restricted_directory (LPWSTR path, bool objects_should_inherit, PACL *rACL) |
| 660 { | 660 { |
| 661 bool retval = false; | 661 bool retval = false; |
| 662 PSID everyone_SID = NULL, | 662 PSID everyone_SID = NULL, |
| 663 admin_SID = NULL; | 663 admin_SID = NULL; |
| 664 PACL access_control_list = NULL; | 664 PACL access_control_list = NULL; |
| 758 if (!CreateDirectoryW(path, &security_attributes)) | 758 if (!CreateDirectoryW(path, &security_attributes)) |
| 759 { | 759 { |
| 760 DWORD err = GetLastError(); | 760 DWORD err = GetLastError(); |
| 761 if (err == ERROR_ALREADY_EXISTS) | 761 if (err == ERROR_ALREADY_EXISTS) |
| 762 { | 762 { |
| 763 /* Verify that the directory has the correct rights */ | 763 if (!objects_should_inherit) |
| 764 // TODO (issue138) | 764 { |
| 765 retval = true; | 765 /* This means it is a parent directory of something and |
| 766 we should not touch the DACL. */ | |
| 767 retval = true; | |
| 768 goto done; | |
| 769 } | |
| 770 | |
| 771 /* Set our ACL on the directory */ | |
| 772 err = SetNamedSecurityInfoW (path, | |
| 773 SE_FILE_OBJECT, | |
| 774 DACL_SECURITY_INFORMATION | | |
| 775 OWNER_SECURITY_INFORMATION | | |
| 776 GROUP_SECURITY_INFORMATION, | |
| 777 admin_SID, /* owner */ | |
| 778 admin_SID, /* group */ | |
| 779 access_control_list, /* the dacl */ | |
| 780 NULL); | |
| 781 if (err != ERROR_SUCCESS) | |
| 782 { | |
| 783 ERRORPRINTF ("Failed to set security info on folder. Err: %lu", err); | |
| 784 goto done; | |
| 785 } | |
| 786 } | |
| 787 else | |
| 788 { | |
| 789 ERRORPRINTF ("Failed to create directory. Err: %lu", err); | |
| 766 goto done; | 790 goto done; |
| 767 } | 791 } |
| 768 ERRORPRINTF ("Failed to create directory. Err: %lu", err); | |
| 769 } | 792 } |
| 770 retval = true; | 793 retval = true; |
| 771 | 794 |
| 772 done: | 795 done: |
| 796 | |
| 797 if (retval != true) | |
| 798 { | |
| 799 ERRORPRINTF ("Failed to create directory for NSS installer instructions."); | |
| 800 syslog_error_printf ("Failed to create directory for NSS installer instructions."); | |
| 801 } | |
| 802 else if (rACL) | |
| 803 { | |
| 804 *rACL = access_control_list; | |
| 805 } | |
| 806 | |
| 773 | 807 |
| 774 if (everyone_SID) | 808 if (everyone_SID) |
| 775 FreeSid(everyone_SID); | 809 FreeSid(everyone_SID); |
| 776 if (admin_SID) | 810 if (admin_SID) |
| 777 FreeSid(admin_SID); | 811 FreeSid(admin_SID); |
| 778 if (access_control_list) | 812 if (!rACL && access_control_list) |
| 779 LocalFree(access_control_list); | 813 LocalFree(access_control_list); |
| 780 if (descriptor) | 814 if (descriptor) |
| 781 LocalFree(descriptor); | 815 LocalFree(descriptor); |
| 782 | 816 |
| 783 return retval; | 817 return retval; |