Refactored windows permission handling into a separate file

2021-05-19 17:00:57 +03:00 · 2021-05-19 17:00:57 +03:00 · 8ce506ac6f
parent 8c575b9d35
commit 8ce506ac6f
2 changed files with 38 additions and 44 deletions
--- a/monkey/monkey_island/cc/environment/data_dir_generator.py
+++ b/monkey/monkey_island/cc/environment/data_dir_generator.py
@ -1,53 +1,16 @@
 import os
 import sys

-from monkey_island.cc.server_utils.consts import DEFAULT_DATA_DIR
+from monkey_island.cc.environment.windows_permissions import set_full_folder_access

 is_windows_os = sys.platform.startswith("win")

-if is_windows_os:
-    import ntsecuritycon
-    import win32api
-    import win32con
-    import win32security

-
-def create_data_dir(data_dir: str) -> None:
+def create_data_dir(data_dir: str, create_parent_dirs: bool) -> None:
    if not os.path.isdir(data_dir):
-        os.makedirs(data_dir, mode=0o700)
+        if create_parent_dirs:
+            os.makedirs(data_dir, mode=0o700)
+        else:
+            os.mkdir(data_dir, mode=0o700)
        if is_windows_os:  # `mode=0o700` doesn't work on Windows
-            set_data_dir_security_to_read_and_write_by_owner(data_dir_path=data_dir)
-
-
-def create_default_data_dir() -> None:
-    if not os.path.isdir(DEFAULT_DATA_DIR):
-        os.mkdir(DEFAULT_DATA_DIR, mode=0o700)
-        if is_windows_os:  # `mode=0o700` doesn't work on Windows
-            set_data_dir_security_to_read_and_write_by_owner(data_dir_path=DEFAULT_DATA_DIR)
-
-
-def set_data_dir_security_to_read_and_write_by_owner(data_dir_path: str) -> None:
-    user = get_user_pySID_object()  # current user is newly created data dir's owner
-
-    security_descriptor = win32security.GetFileSecurity(
-        data_dir_path, win32security.DACL_SECURITY_INFORMATION
-    )
-    dacl = win32security.ACL()
-    dacl.AddAccessAllowedAce(
-        win32security.ACL_REVISION,
-        ntsecuritycon.FILE_GENERIC_READ | ntsecuritycon.FILE_GENERIC_WRITE,
-        user,
-    )
-    security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0)
-    win32security.SetFileSecurity(
-        data_dir_path, win32security.DACL_SECURITY_INFORMATION, security_descriptor
-    )
-
-
-def get_user_pySID_object():
-    # get current user's name
-    username = win32api.GetUserNameEx(win32con.NameSamCompatible)
-    # pySID object for the current user
-    user, _, _ = win32security.LookupAccountName("", username)
-
-    return user
+            set_full_folder_access(folder_path=data_dir)
--- a/monkey/monkey_island/cc/environment/windows_permissions.py
+++ b/monkey/monkey_island/cc/environment/windows_permissions.py
@ -0,0 +1,31 @@
+import ntsecuritycon
+import win32api
+import win32con
+import win32security
+
+
+def set_full_folder_access(folder_path: str) -> None:
+    user = get_user_pySID_object()
+
+    security_descriptor = win32security.GetFileSecurity(
+        folder_path, win32security.DACL_SECURITY_INFORMATION
+    )
+    dacl = win32security.ACL()
+    dacl.AddAccessAllowedAce(
+        win32security.ACL_REVISION,
+        ntsecuritycon.FILE_ALL_ACCESS,
+        user,
+    )
+    security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0)
+    win32security.SetFileSecurity(
+        folder_path, win32security.DACL_SECURITY_INFORMATION, security_descriptor
+    )
+
+
+def get_user_pySID_object():
+    # get current user's name
+    username = win32api.GetUserNameEx(win32con.NameSamCompatible)
+    # pySID object for the current user
+    user, _, _ = win32security.LookupAccountName("", username)
+
+    return user