From 8ce506ac6fee3345f45adfff96ded37e3c6ac25d Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 19 May 2021 17:00:57 +0300 Subject: [PATCH] Refactored windows permission handling into a separate file --- .../cc/environment/data_dir_generator.py | 51 +++---------------- .../cc/environment/windows_permissions.py | 31 +++++++++++ 2 files changed, 38 insertions(+), 44 deletions(-) create mode 100644 monkey/monkey_island/cc/environment/windows_permissions.py diff --git a/monkey/monkey_island/cc/environment/data_dir_generator.py b/monkey/monkey_island/cc/environment/data_dir_generator.py index 9d235e307..399ade277 100644 --- a/monkey/monkey_island/cc/environment/data_dir_generator.py +++ b/monkey/monkey_island/cc/environment/data_dir_generator.py @@ -1,53 +1,16 @@ import os import sys -from monkey_island.cc.server_utils.consts import DEFAULT_DATA_DIR +from monkey_island.cc.environment.windows_permissions import set_full_folder_access is_windows_os = sys.platform.startswith("win") -if is_windows_os: - import ntsecuritycon - import win32api - import win32con - import win32security - -def create_data_dir(data_dir: str) -> None: +def create_data_dir(data_dir: str, create_parent_dirs: bool) -> None: if not os.path.isdir(data_dir): - os.makedirs(data_dir, mode=0o700) + if create_parent_dirs: + os.makedirs(data_dir, mode=0o700) + else: + os.mkdir(data_dir, mode=0o700) if is_windows_os: # `mode=0o700` doesn't work on Windows - set_data_dir_security_to_read_and_write_by_owner(data_dir_path=data_dir) - - -def create_default_data_dir() -> None: - if not os.path.isdir(DEFAULT_DATA_DIR): - os.mkdir(DEFAULT_DATA_DIR, mode=0o700) - if is_windows_os: # `mode=0o700` doesn't work on Windows - set_data_dir_security_to_read_and_write_by_owner(data_dir_path=DEFAULT_DATA_DIR) - - -def set_data_dir_security_to_read_and_write_by_owner(data_dir_path: str) -> None: - user = get_user_pySID_object() # current user is newly created data dir's owner - - security_descriptor = win32security.GetFileSecurity( - data_dir_path, win32security.DACL_SECURITY_INFORMATION - ) - dacl = win32security.ACL() - dacl.AddAccessAllowedAce( - win32security.ACL_REVISION, - ntsecuritycon.FILE_GENERIC_READ | ntsecuritycon.FILE_GENERIC_WRITE, - user, - ) - security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0) - win32security.SetFileSecurity( - data_dir_path, win32security.DACL_SECURITY_INFORMATION, security_descriptor - ) - - -def get_user_pySID_object(): - # get current user's name - username = win32api.GetUserNameEx(win32con.NameSamCompatible) - # pySID object for the current user - user, _, _ = win32security.LookupAccountName("", username) - - return user + set_full_folder_access(folder_path=data_dir) diff --git a/monkey/monkey_island/cc/environment/windows_permissions.py b/monkey/monkey_island/cc/environment/windows_permissions.py new file mode 100644 index 000000000..5d4913151 --- /dev/null +++ b/monkey/monkey_island/cc/environment/windows_permissions.py @@ -0,0 +1,31 @@ +import ntsecuritycon +import win32api +import win32con +import win32security + + +def set_full_folder_access(folder_path: str) -> None: + user = get_user_pySID_object() + + security_descriptor = win32security.GetFileSecurity( + folder_path, win32security.DACL_SECURITY_INFORMATION + ) + dacl = win32security.ACL() + dacl.AddAccessAllowedAce( + win32security.ACL_REVISION, + ntsecuritycon.FILE_ALL_ACCESS, + user, + ) + security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0) + win32security.SetFileSecurity( + folder_path, win32security.DACL_SECURITY_INFORMATION, security_descriptor + ) + + +def get_user_pySID_object(): + # get current user's name + username = win32api.GetUserNameEx(win32con.NameSamCompatible) + # pySID object for the current user + user, _, _ = win32security.LookupAccountName("", username) + + return user