[X2Go-Commits] [x2goclient] 01/01: Add special ACL for exported directories in Windows client.
git-admin at x2go.org
git-admin at x2go.org
Tue Nov 23 18:18:07 CET 2021
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2goclient.
commit d8a34ff590ae29571f611659358c5a36dd329473
Author: Oleksandr Shneyder <o.shneyder at phoca-gmbh.de>
Date: Tue Nov 23 11:17:57 2021 -0600
Add special ACL for exported directories in Windows client.
---
debian/changelog | 1 +
src/onmainwindow.cpp | 5 ++--
src/wapi.cpp | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++
src/wapi.h | 2 +-
4 files changed, 76 insertions(+), 3 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 8e38f2a..1759461 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -32,6 +32,7 @@ x2goclient (4.1.2.3-0x2go1) UNRELEASED; urgency=medium
- Improve synchronisation in broker mode.
- Fix loading HTTP icon in pass dialog in broker mode.
- Replace QFont::Thin with 0 to keep compatibility with Qt4.
+ - Add special ACL for exported directories in Windows client.
[ Ryan Schmidt ]
* New upstream version (4.1.2.3):
diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp
index c580f34..f47daf2 100644
--- a/src/onmainwindow.cpp
+++ b/src/onmainwindow.cpp
@@ -9015,13 +9015,14 @@ void ONMainWindow::exportDefaultDirs()
}
}
spoolDir=path;
+ QFile::setPermissions (
+ path,QFile::ReadOwner|QFile::WriteOwner|QFile::ExeOwner );
#ifdef Q_OS_WIN
+ wapiSetFilePermissions(path);
path=cygwinPath (
wapiShortFileName (
path ) );
#endif
- QFile::setPermissions (
- path,QFile::ReadOwner|QFile::WriteOwner|QFile::ExeOwner );
path+="__PRINT_SPOOL_";
dirs+=path;
diff --git a/src/wapi.cpp b/src/wapi.cpp
index 8d28ba4..2a889ba 100644
--- a/src/wapi.cpp
+++ b/src/wapi.cpp
@@ -26,10 +26,13 @@
#include <windows.h>
#include <winerror.h>
#include <sddl.h>
+#include <AccCtrl.h>
+#include <aclapi.h>
#include "wapi.h"
#include "x2gologdebug.h"
+
long wapiSetFSWindow ( HWND hWnd, const QRect& desktopGeometry )
{
SetWindowLong(hWnd, GWL_STYLE,
@@ -518,4 +521,72 @@ QString wapiGetUserName()
return QString::null;
return QString::fromUtf16 ( ( const ushort* ) infoBuf);
}
+
+
+//copied this function from https://docs.microsoft.com/en-us/windows/win32/secauthz/modifying-the-acls-of-an-object-in-c--
+DWORD AddAceToObjectsSecurityDescriptor (
+ LPTSTR pszObjName, // name of object
+ SE_OBJECT_TYPE ObjectType, // type of object
+ LPTSTR pszTrustee, // trustee for new ACE
+ TRUSTEE_FORM TrusteeForm, // format of trustee structure
+ DWORD dwAccessRights, // access mask for new ACE
+ ACCESS_MODE AccessMode, // type of ACE
+ DWORD dwInheritance // inheritance flags for new ACE
+)
+{
+ DWORD dwRes = 0;
+ PACL pOldDACL = NULL, pNewDACL = NULL;
+ PSECURITY_DESCRIPTOR pSD = NULL;
+ EXPLICIT_ACCESS ea;
+ if (NULL == pszObjName)
+ return ERROR_INVALID_PARAMETER;
+
+ // Get a pointer to the existing DACL.
+ dwRes = GetNamedSecurityInfo(pszObjName, ObjectType,
+ DACL_SECURITY_INFORMATION,
+ NULL, NULL, &pOldDACL, NULL, &pSD);
+ if (ERROR_SUCCESS != dwRes) {
+ goto Cleanup;
+ }
+ // Initialize an EXPLICIT_ACCESS structure for the new ACE.
+ ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
+ ea.grfAccessPermissions = dwAccessRights;
+ ea.grfAccessMode = AccessMode;
+ ea.grfInheritance= dwInheritance;
+ ea.Trustee.TrusteeForm = TrusteeForm;
+ ea.Trustee.ptstrName = pszTrustee;
+ // Create a new ACL that merges the new ACE
+ // into the existing DACL.
+ dwRes = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL);
+ if (ERROR_SUCCESS != dwRes) {
+ goto Cleanup;
+ }
+
+ // Attach the new ACL as the object's DACL.
+ dwRes = SetNamedSecurityInfo(pszObjName, ObjectType,
+ DACL_SECURITY_INFORMATION,
+ NULL, NULL, pNewDACL, NULL);
+ if (ERROR_SUCCESS != dwRes) {
+ goto Cleanup;
+ }
+Cleanup:
+ if(pSD != NULL)
+ LocalFree((HLOCAL) pSD);
+ if(pNewDACL != NULL)
+ LocalFree((HLOCAL) pNewDACL);
+ return dwRes;
+}
+
+void wapiSetFilePermissions(const QString& path)
+{
+ AddAceToObjectsSecurityDescriptor(
+ (wchar_t*) path.toStdWString().c_str(),
+ SE_FILE_OBJECT,
+ (wchar_t*) wapiGetUserName().toStdWString().c_str(),
+ TRUSTEE_IS_NAME,
+ ACCESS_SYSTEM_SECURITY | READ_CONTROL | WRITE_DAC | GENERIC_ALL,
+ GRANT_ACCESS,
+ CONTAINER_INHERIT_ACE);
+}
+
#endif
diff --git a/src/wapi.h b/src/wapi.h
index da90fce..bd15a1c 100644
--- a/src/wapi.h
+++ b/src/wapi.h
@@ -75,7 +75,7 @@ long wapiSetFSWindow ( HWND hWnd, const QRect& desktopGeometry );
void wapiRestoreWindow ( HWND hWnd, long style, const QRect& desktopGeometry );
QString wapiGetDriveByLabel(const QString& label);
QString wapiGetUserName();
-
+void wapiSetFilePermissions(const QString& path);
#endif
#endif
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
More information about the x2go-commits
mailing list