This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2goclient.
commit d8a34ff590ae29571f611659358c5a36dd329473 Author: Oleksandr Shneyder <o.shney...@phoca-gmbh.de> Date: Tue Nov 23 11:17:57 2021 -0600 Add special ACL for exported directories in Windows client. --- debian/changelog | 1 + src/onmainwindow.cpp | 5 ++-- src/wapi.cpp | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/wapi.h | 2 +- 4 files changed, 76 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index 8e38f2a..1759461 100644 --- a/debian/changelog +++ b/debian/changelog @@ -32,6 +32,7 @@ x2goclient (4.1.2.3-0x2go1) UNRELEASED; urgency=medium - Improve synchronisation in broker mode. - Fix loading HTTP icon in pass dialog in broker mode. - Replace QFont::Thin with 0 to keep compatibility with Qt4. + - Add special ACL for exported directories in Windows client. [ Ryan Schmidt ] * New upstream version (4.1.2.3): diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp index c580f34..f47daf2 100644 --- a/src/onmainwindow.cpp +++ b/src/onmainwindow.cpp @@ -9015,13 +9015,14 @@ void ONMainWindow::exportDefaultDirs() } } spoolDir=path; + QFile::setPermissions ( + path,QFile::ReadOwner|QFile::WriteOwner|QFile::ExeOwner ); #ifdef Q_OS_WIN + wapiSetFilePermissions(path); path=cygwinPath ( wapiShortFileName ( path ) ); #endif - QFile::setPermissions ( - path,QFile::ReadOwner|QFile::WriteOwner|QFile::ExeOwner ); path+="__PRINT_SPOOL_"; dirs+=path; diff --git a/src/wapi.cpp b/src/wapi.cpp index 8d28ba4..2a889ba 100644 --- a/src/wapi.cpp +++ b/src/wapi.cpp @@ -26,10 +26,13 @@ #include <windows.h> #include <winerror.h> #include <sddl.h> +#include <AccCtrl.h> +#include <aclapi.h> #include "wapi.h" #include "x2gologdebug.h" + long wapiSetFSWindow ( HWND hWnd, const QRect& desktopGeometry ) { SetWindowLong(hWnd, GWL_STYLE, @@ -518,4 +521,72 @@ QString wapiGetUserName() return QString::null; return QString::fromUtf16 ( ( const ushort* ) infoBuf); } + + +//copied this function from https://docs.microsoft.com/en-us/windows/win32/secauthz/modifying-the-acls-of-an-object-in-c-- +DWORD AddAceToObjectsSecurityDescriptor ( + LPTSTR pszObjName, // name of object + SE_OBJECT_TYPE ObjectType, // type of object + LPTSTR pszTrustee, // trustee for new ACE + TRUSTEE_FORM TrusteeForm, // format of trustee structure + DWORD dwAccessRights, // access mask for new ACE + ACCESS_MODE AccessMode, // type of ACE + DWORD dwInheritance // inheritance flags for new ACE +) +{ + DWORD dwRes = 0; + PACL pOldDACL = NULL, pNewDACL = NULL; + PSECURITY_DESCRIPTOR pSD = NULL; + EXPLICIT_ACCESS ea; + if (NULL == pszObjName) + return ERROR_INVALID_PARAMETER; + + // Get a pointer to the existing DACL. + dwRes = GetNamedSecurityInfo(pszObjName, ObjectType, + DACL_SECURITY_INFORMATION, + NULL, NULL, &pOldDACL, NULL, &pSD); + if (ERROR_SUCCESS != dwRes) { + goto Cleanup; + } + // Initialize an EXPLICIT_ACCESS structure for the new ACE. + ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); + ea.grfAccessPermissions = dwAccessRights; + ea.grfAccessMode = AccessMode; + ea.grfInheritance= dwInheritance; + ea.Trustee.TrusteeForm = TrusteeForm; + ea.Trustee.ptstrName = pszTrustee; + // Create a new ACL that merges the new ACE + // into the existing DACL. + dwRes = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL); + if (ERROR_SUCCESS != dwRes) { + goto Cleanup; + } + + // Attach the new ACL as the object's DACL. + dwRes = SetNamedSecurityInfo(pszObjName, ObjectType, + DACL_SECURITY_INFORMATION, + NULL, NULL, pNewDACL, NULL); + if (ERROR_SUCCESS != dwRes) { + goto Cleanup; + } +Cleanup: + if(pSD != NULL) + LocalFree((HLOCAL) pSD); + if(pNewDACL != NULL) + LocalFree((HLOCAL) pNewDACL); + return dwRes; +} + +void wapiSetFilePermissions(const QString& path) +{ + AddAceToObjectsSecurityDescriptor( + (wchar_t*) path.toStdWString().c_str(), + SE_FILE_OBJECT, + (wchar_t*) wapiGetUserName().toStdWString().c_str(), + TRUSTEE_IS_NAME, + ACCESS_SYSTEM_SECURITY | READ_CONTROL | WRITE_DAC | GENERIC_ALL, + GRANT_ACCESS, + CONTAINER_INHERIT_ACE); +} + #endif diff --git a/src/wapi.h b/src/wapi.h index da90fce..bd15a1c 100644 --- a/src/wapi.h +++ b/src/wapi.h @@ -75,7 +75,7 @@ long wapiSetFSWindow ( HWND hWnd, const QRect& desktopGeometry ); void wapiRestoreWindow ( HWND hWnd, long style, const QRect& desktopGeometry ); QString wapiGetDriveByLabel(const QString& label); QString wapiGetUserName(); - +void wapiSetFilePermissions(const QString& path); #endif #endif -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git _______________________________________________ x2go-commits mailing list x2go-commits@lists.x2go.org https://lists.x2go.org/listinfo/x2go-commits