mirrors
/
AdGuardHome
mirror of https://github.com/AdguardTeam/AdGuardHome.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

permcheck: fix nil entries

This commit is contained in:
Eugene Burkov 2024-12-03 14:26:43 +03:00
parent e1d21c576d
commit 47040a14cd
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
internal/permcheck/security_windows.go
View File

@ -72,16 +72,23 @@ func rangeACEs(dacl *windows.ACL, f aceFunc) (err error) {
} }
// setSecurityInfo sets the security information on the specified file, using // setSecurityInfo sets the security information on the specified file, using
// ents to create a discretionary access control list. Both owner and ents can // ents to create a discretionary access control list. Either owner or ents can
// be nil, in which case the corresponding information is not set. // be nil, in which case the corresponding information is not set, but at least
// one of them should be specified.
func setSecurityInfo(fname string, owner *windows.SID, ents []windows.EXPLICIT_ACCESS) (err error) { func setSecurityInfo(fname string, owner *windows.SID, ents []windows.EXPLICIT_ACCESS) (err error) {
var secInfo windows.SECURITY_INFORMATION var secInfo windows.SECURITY_INFORMATION
var acl *windows.ACL
if len(ents) > 0 { if len(ents) > 0 {
// TODO(e.burkov): Investigate if this whole set is necessary. // TODO(e.burkov): Investigate if this whole set is necessary.
secInfo |= windows.DACL_SECURITY_INFORMATION | secInfo |= windows.DACL_SECURITY_INFORMATION |
windows.PROTECTED_DACL_SECURITY_INFORMATION | windows.PROTECTED_DACL_SECURITY_INFORMATION |
windows.UNPROTECTED_DACL_SECURITY_INFORMATION windows.UNPROTECTED_DACL_SECURITY_INFORMATION
acl, err = windows.ACLFromEntries(ents, nil)
if err != nil {
return fmt.Errorf("creating access control list: %w", err)
}
} }
if owner != nil { if owner != nil {
@ -92,11 +99,6 @@ func setSecurityInfo(fname string, owner *windows.SID, ents []windows.EXPLICIT_A
return errors.Error("no security information to set") return errors.Error("no security information to set")
} }
acl, err := windows.ACLFromEntries(ents, nil)
if err != nil {
return fmt.Errorf("creating access control list: %w", err)
}
err = windows.SetNamedSecurityInfo(fname, objectType, secInfo, owner, nil, acl, nil) err = windows.SetNamedSecurityInfo(fname, objectType, secInfo, owner, nil, acl, nil)
if err != nil { if err != nil {
return fmt.Errorf("setting security info: %w", err) return fmt.Errorf("setting security info: %w", err)