[X2Go-Commits] [x2goclient] 01/01: Add special ACL for exported directories in Windows client.

git-admin at x2go.org git-admin at x2go.org
Tue Nov 23 18:18:07 CET 2021 

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository x2goclient.

commit d8a34ff590ae29571f611659358c5a36dd329473
Author: Oleksandr Shneyder <o.shneyder at phoca-gmbh.de>
Date:   Tue Nov 23 11:17:57 2021 -0600

    Add special ACL for exported directories in Windows client.
---
 debian/changelog     |  1 +
 src/onmainwindow.cpp |  5 ++--
 src/wapi.cpp         | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/wapi.h           |  2 +-
 4 files changed, 76 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 8e38f2a..1759461 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -32,6 +32,7 @@ x2goclient (4.1.2.3-0x2go1) UNRELEASED; urgency=medium
     - Improve synchronisation in broker mode.
     - Fix loading HTTP icon in pass dialog in broker mode.
     - Replace QFont::Thin with 0 to keep compatibility with Qt4.
+    - Add special ACL for exported directories in Windows client.
 
   [ Ryan Schmidt ]
   * New upstream version (4.1.2.3):
diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp
index c580f34..f47daf2 100644
--- a/src/onmainwindow.cpp
+++ b/src/onmainwindow.cpp
@@ -9015,13 +9015,14 @@ void ONMainWindow::exportDefaultDirs()
             }
         }
         spoolDir=path;
+        QFile::setPermissions (
+            path,QFile::ReadOwner|QFile::WriteOwner|QFile::ExeOwner );
 #ifdef Q_OS_WIN
+        wapiSetFilePermissions(path);
         path=cygwinPath (
                  wapiShortFileName (
                      path ) );
 #endif
-        QFile::setPermissions (
-            path,QFile::ReadOwner|QFile::WriteOwner|QFile::ExeOwner );
 
         path+="__PRINT_SPOOL_";
         dirs+=path;
diff --git a/src/wapi.cpp b/src/wapi.cpp
index 8d28ba4..2a889ba 100644
--- a/src/wapi.cpp
+++ b/src/wapi.cpp
@@ -26,10 +26,13 @@
 #include <windows.h>
 #include <winerror.h>
 #include <sddl.h>
+#include <AccCtrl.h>
+#include <aclapi.h>
 #include "wapi.h"
 #include "x2gologdebug.h"
 
 
+
 long wapiSetFSWindow ( HWND hWnd, const QRect& desktopGeometry )
 {
     SetWindowLong(hWnd, GWL_STYLE,
@@ -518,4 +521,72 @@ QString wapiGetUserName()
         return QString::null;
     return QString::fromUtf16 ( ( const ushort* ) infoBuf);
 }
+
+
+//copied this function from https://docs.microsoft.com/en-us/windows/win32/secauthz/modifying-the-acls-of-an-object-in-c--
+DWORD AddAceToObjectsSecurityDescriptor (
+    LPTSTR pszObjName,          // name of object
+    SE_OBJECT_TYPE ObjectType,  // type of object
+    LPTSTR pszTrustee,          // trustee for new ACE
+    TRUSTEE_FORM TrusteeForm,   // format of trustee structure
+    DWORD dwAccessRights,       // access mask for new ACE
+    ACCESS_MODE AccessMode,     // type of ACE
+    DWORD dwInheritance         // inheritance flags for new ACE
+)
+{
+    DWORD dwRes = 0;
+    PACL pOldDACL = NULL, pNewDACL = NULL;
+    PSECURITY_DESCRIPTOR pSD = NULL;
+    EXPLICIT_ACCESS ea;
+    if (NULL == pszObjName)
+        return ERROR_INVALID_PARAMETER;
+
+    // Get a pointer to the existing DACL.
+    dwRes = GetNamedSecurityInfo(pszObjName, ObjectType,
+                                 DACL_SECURITY_INFORMATION,
+                                 NULL, NULL, &pOldDACL, NULL, &pSD);
+    if (ERROR_SUCCESS != dwRes) {
+        goto Cleanup;
+    }
+    // Initialize an EXPLICIT_ACCESS structure for the new ACE.
+    ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
+    ea.grfAccessPermissions = dwAccessRights;
+    ea.grfAccessMode = AccessMode;
+    ea.grfInheritance= dwInheritance;
+    ea.Trustee.TrusteeForm = TrusteeForm;
+    ea.Trustee.ptstrName = pszTrustee;
+    // Create a new ACL that merges the new ACE
+    // into the existing DACL.
+    dwRes = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL);
+    if (ERROR_SUCCESS != dwRes)  {
+        goto Cleanup;
+    }
+
+    // Attach the new ACL as the object's DACL.
+    dwRes = SetNamedSecurityInfo(pszObjName, ObjectType,
+                                 DACL_SECURITY_INFORMATION,
+                                 NULL, NULL, pNewDACL, NULL);
+    if (ERROR_SUCCESS != dwRes)  {
+        goto Cleanup;
+    }
+Cleanup:
+    if(pSD != NULL)
+        LocalFree((HLOCAL) pSD);
+    if(pNewDACL != NULL)
+        LocalFree((HLOCAL) pNewDACL);
+    return dwRes;
+}
+
+void wapiSetFilePermissions(const QString& path)
+{
+    AddAceToObjectsSecurityDescriptor(
+        (wchar_t*) path.toStdWString().c_str(),
+        SE_FILE_OBJECT,
+        (wchar_t*) wapiGetUserName().toStdWString().c_str(),
+        TRUSTEE_IS_NAME,
+        ACCESS_SYSTEM_SECURITY | READ_CONTROL | WRITE_DAC | GENERIC_ALL,
+        GRANT_ACCESS,
+        CONTAINER_INHERIT_ACE);
+}
+
 #endif
diff --git a/src/wapi.h b/src/wapi.h
index da90fce..bd15a1c 100644
--- a/src/wapi.h
+++ b/src/wapi.h
@@ -75,7 +75,7 @@ long wapiSetFSWindow ( HWND hWnd, const QRect& desktopGeometry );
 void wapiRestoreWindow ( HWND hWnd, long style, const QRect& desktopGeometry );
 QString wapiGetDriveByLabel(const QString& label);
 QString wapiGetUserName();
-
+void wapiSetFilePermissions(const QString& path);
 
 #endif
 #endif

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git

More information about the x2go-commits mailing list