Mercurial > trustbridge > trustbridge
diff common/util.c @ 1208:0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 23 Sep 2014 19:15:49 +0200 |
| parents | 2a1206932f53 |
| children | 845048d4a69f |
line wrap: on
line diff
--- a/common/util.c Tue Sep 23 17:05:17 2014 +0200 +++ b/common/util.c Tue Sep 23 19:15:49 2014 +0200 @@ -656,7 +656,7 @@ #ifdef WIN32 bool -create_restricted_directory (LPWSTR path, bool objects_should_inherit) +create_restricted_directory (LPWSTR path, bool objects_should_inherit, PACL *rACL) { bool retval = false; PSID everyone_SID = NULL, @@ -760,22 +760,56 @@ DWORD err = GetLastError(); if (err == ERROR_ALREADY_EXISTS) { - /* Verify that the directory has the correct rights */ - // TODO (issue138) - retval = true; + if (!objects_should_inherit) + { + /* This means it is a parent directory of something and + we should not touch the DACL. */ + retval = true; + goto done; + } + + /* Set our ACL on the directory */ + err = SetNamedSecurityInfoW (path, + SE_FILE_OBJECT, + DACL_SECURITY_INFORMATION | + OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION, + admin_SID, /* owner */ + admin_SID, /* group */ + access_control_list, /* the dacl */ + NULL); + if (err != ERROR_SUCCESS) + { + ERRORPRINTF ("Failed to set security info on folder. Err: %lu", err); + goto done; + } + } + else + { + ERRORPRINTF ("Failed to create directory. Err: %lu", err); goto done; } - ERRORPRINTF ("Failed to create directory. Err: %lu", err); } retval = true; done: + if (retval != true) + { + ERRORPRINTF ("Failed to create directory for NSS installer instructions."); + syslog_error_printf ("Failed to create directory for NSS installer instructions."); + } + else if (rACL) + { + *rACL = access_control_list; + } + + if (everyone_SID) FreeSid(everyone_SID); if (admin_SID) FreeSid(admin_SID); - if (access_control_list) + if (!rACL && access_control_list) LocalFree(access_control_list); if (descriptor) LocalFree(descriptor);