Mercurial > trustbridge
diff common/util.c @ 1070:f110a3f6e387
(issue114) Fine tune ACL propagation
using mkdir_p the ACL of the parent directories would
propagate to all subdirectories and objects in the directory.
Now we only use ACL propagation in the last directory to make
sure that files we might create in that directory inherit the
correct (resitricted) ACL
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Wed, 10 Sep 2014 16:41:36 +0200 |
| parents | 1f23803e1f83 |
| children | fd85a02d771d |
line wrap: on
line diff
--- a/common/util.c Wed Sep 10 16:31:49 2014 +0200 +++ b/common/util.c Wed Sep 10 16:41:36 2014 +0200 @@ -655,7 +655,7 @@ #ifdef WIN32 bool -create_restricted_directory (LPWSTR path) +create_restricted_directory (LPWSTR path, bool objects_should_inherit) { bool retval = false; PSID everyone_SID = NULL, @@ -685,7 +685,9 @@ to allow everyone read access */ explicit_access[0].grfAccessPermissions = GENERIC_READ; /* Give read access */ explicit_access[0].grfAccessMode = SET_ACCESS; /* Overwrite other access for all users */ - explicit_access[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; /* make it stick */ + explicit_access[0].grfInheritance = objects_should_inherit ? + SUB_CONTAINERS_AND_OBJECTS_INHERIT : /* make it stick */ + NO_PROPAGATE_INHERIT_ACE; /* Don't inherit */ explicit_access[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; explicit_access[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; explicit_access[0].Trustee.ptstrName = (LPTSTR) everyone_SID; @@ -706,7 +708,9 @@ it to the children */ explicit_access[1].grfAccessPermissions = GENERIC_ALL; explicit_access[1].grfAccessMode = SET_ACCESS; - explicit_access[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; + explicit_access[1].grfInheritance = objects_should_inherit ? + SUB_CONTAINERS_AND_OBJECTS_INHERIT : /* make it stick */ + NO_PROPAGATE_INHERIT_ACE; /* Don't inherit */ explicit_access[1].Trustee.TrusteeForm = TRUSTEE_IS_SID; explicit_access[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP; explicit_access[1].Trustee.ptstrName = (LPTSTR) admin_SID;