This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch master in repository x2goclient. from 4c08e04 Replace QFont::Thin with 0 to keep compatibility with Qt4. new d8a34ff Add special ACL for exported directories in Windows client. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: debian/changelog | 1 + src/onmainwindow.cpp | 5 ++-- src/wapi.cpp | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/wapi.h | 2 +- 4 files changed, 76 insertions(+), 3 deletions(-) -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2goclient. commit d8a34ff590ae29571f611659358c5a36dd329473 Author: Oleksandr Shneyder <o.shneyder@phoca-gmbh.de> Date: Tue Nov 23 11:17:57 2021 -0600 Add special ACL for exported directories in Windows client. --- debian/changelog | 1 + src/onmainwindow.cpp | 5 ++-- src/wapi.cpp | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/wapi.h | 2 +- 4 files changed, 76 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index 8e38f2a..1759461 100644 --- a/debian/changelog +++ b/debian/changelog @@ -32,6 +32,7 @@ x2goclient (4.1.2.3-0x2go1) UNRELEASED; urgency=medium - Improve synchronisation in broker mode. - Fix loading HTTP icon in pass dialog in broker mode. - Replace QFont::Thin with 0 to keep compatibility with Qt4. + - Add special ACL for exported directories in Windows client. [ Ryan Schmidt ] * New upstream version (4.1.2.3): diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp index c580f34..f47daf2 100644 --- a/src/onmainwindow.cpp +++ b/src/onmainwindow.cpp @@ -9015,13 +9015,14 @@ void ONMainWindow::exportDefaultDirs() } } spoolDir=path; + QFile::setPermissions ( + path,QFile::ReadOwner|QFile::WriteOwner|QFile::ExeOwner ); #ifdef Q_OS_WIN + wapiSetFilePermissions(path); path=cygwinPath ( wapiShortFileName ( path ) ); #endif - QFile::setPermissions ( - path,QFile::ReadOwner|QFile::WriteOwner|QFile::ExeOwner ); path+="__PRINT_SPOOL_"; dirs+=path; diff --git a/src/wapi.cpp b/src/wapi.cpp index 8d28ba4..2a889ba 100644 --- a/src/wapi.cpp +++ b/src/wapi.cpp @@ -26,10 +26,13 @@ #include <windows.h> #include <winerror.h> #include <sddl.h> +#include <AccCtrl.h> +#include <aclapi.h> #include "wapi.h" #include "x2gologdebug.h" + long wapiSetFSWindow ( HWND hWnd, const QRect& desktopGeometry ) { SetWindowLong(hWnd, GWL_STYLE, @@ -518,4 +521,72 @@ QString wapiGetUserName() return QString::null; return QString::fromUtf16 ( ( const ushort* ) infoBuf); } + + +//copied this function from https://docs.microsoft.com/en-us/windows/win32/secauthz/modifying-the-acls-o... +DWORD AddAceToObjectsSecurityDescriptor ( + LPTSTR pszObjName, // name of object + SE_OBJECT_TYPE ObjectType, // type of object + LPTSTR pszTrustee, // trustee for new ACE + TRUSTEE_FORM TrusteeForm, // format of trustee structure + DWORD dwAccessRights, // access mask for new ACE + ACCESS_MODE AccessMode, // type of ACE + DWORD dwInheritance // inheritance flags for new ACE +) +{ + DWORD dwRes = 0; + PACL pOldDACL = NULL, pNewDACL = NULL; + PSECURITY_DESCRIPTOR pSD = NULL; + EXPLICIT_ACCESS ea; + if (NULL == pszObjName) + return ERROR_INVALID_PARAMETER; + + // Get a pointer to the existing DACL. + dwRes = GetNamedSecurityInfo(pszObjName, ObjectType, + DACL_SECURITY_INFORMATION, + NULL, NULL, &pOldDACL, NULL, &pSD); + if (ERROR_SUCCESS != dwRes) { + goto Cleanup; + } + // Initialize an EXPLICIT_ACCESS structure for the new ACE. + ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); + ea.grfAccessPermissions = dwAccessRights; + ea.grfAccessMode = AccessMode; + ea.grfInheritance= dwInheritance; + ea.Trustee.TrusteeForm = TrusteeForm; + ea.Trustee.ptstrName = pszTrustee; + // Create a new ACL that merges the new ACE + // into the existing DACL. + dwRes = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL); + if (ERROR_SUCCESS != dwRes) { + goto Cleanup; + } + + // Attach the new ACL as the object's DACL. + dwRes = SetNamedSecurityInfo(pszObjName, ObjectType, + DACL_SECURITY_INFORMATION, + NULL, NULL, pNewDACL, NULL); + if (ERROR_SUCCESS != dwRes) { + goto Cleanup; + } +Cleanup: + if(pSD != NULL) + LocalFree((HLOCAL) pSD); + if(pNewDACL != NULL) + LocalFree((HLOCAL) pNewDACL); + return dwRes; +} + +void wapiSetFilePermissions(const QString& path) +{ + AddAceToObjectsSecurityDescriptor( + (wchar_t*) path.toStdWString().c_str(), + SE_FILE_OBJECT, + (wchar_t*) wapiGetUserName().toStdWString().c_str(), + TRUSTEE_IS_NAME, + ACCESS_SYSTEM_SECURITY | READ_CONTROL | WRITE_DAC | GENERIC_ALL, + GRANT_ACCESS, + CONTAINER_INHERIT_ACE); +} + #endif diff --git a/src/wapi.h b/src/wapi.h index da90fce..bd15a1c 100644 --- a/src/wapi.h +++ b/src/wapi.h @@ -75,7 +75,7 @@ long wapiSetFSWindow ( HWND hWnd, const QRect& desktopGeometry ); void wapiRestoreWindow ( HWND hWnd, long style, const QRect& desktopGeometry ); QString wapiGetDriveByLabel(const QString& label); QString wapiGetUserName(); - +void wapiSetFilePermissions(const QString& path); #endif #endif -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git