forked from p15670423/monkey
Refactored windows permission handling into a separate file
This commit is contained in:
parent
8c575b9d35
commit
8ce506ac6f
|
@ -1,53 +1,16 @@
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.consts import DEFAULT_DATA_DIR
|
from monkey_island.cc.environment.windows_permissions import set_full_folder_access
|
||||||
|
|
||||||
is_windows_os = sys.platform.startswith("win")
|
is_windows_os = sys.platform.startswith("win")
|
||||||
|
|
||||||
if is_windows_os:
|
|
||||||
import ntsecuritycon
|
|
||||||
import win32api
|
|
||||||
import win32con
|
|
||||||
import win32security
|
|
||||||
|
|
||||||
|
def create_data_dir(data_dir: str, create_parent_dirs: bool) -> None:
|
||||||
def create_data_dir(data_dir: str) -> None:
|
|
||||||
if not os.path.isdir(data_dir):
|
if not os.path.isdir(data_dir):
|
||||||
os.makedirs(data_dir, mode=0o700)
|
if create_parent_dirs:
|
||||||
|
os.makedirs(data_dir, mode=0o700)
|
||||||
|
else:
|
||||||
|
os.mkdir(data_dir, mode=0o700)
|
||||||
if is_windows_os: # `mode=0o700` doesn't work on Windows
|
if is_windows_os: # `mode=0o700` doesn't work on Windows
|
||||||
set_data_dir_security_to_read_and_write_by_owner(data_dir_path=data_dir)
|
set_full_folder_access(folder_path=data_dir)
|
||||||
|
|
||||||
|
|
||||||
def create_default_data_dir() -> None:
|
|
||||||
if not os.path.isdir(DEFAULT_DATA_DIR):
|
|
||||||
os.mkdir(DEFAULT_DATA_DIR, mode=0o700)
|
|
||||||
if is_windows_os: # `mode=0o700` doesn't work on Windows
|
|
||||||
set_data_dir_security_to_read_and_write_by_owner(data_dir_path=DEFAULT_DATA_DIR)
|
|
||||||
|
|
||||||
|
|
||||||
def set_data_dir_security_to_read_and_write_by_owner(data_dir_path: str) -> None:
|
|
||||||
user = get_user_pySID_object() # current user is newly created data dir's owner
|
|
||||||
|
|
||||||
security_descriptor = win32security.GetFileSecurity(
|
|
||||||
data_dir_path, win32security.DACL_SECURITY_INFORMATION
|
|
||||||
)
|
|
||||||
dacl = win32security.ACL()
|
|
||||||
dacl.AddAccessAllowedAce(
|
|
||||||
win32security.ACL_REVISION,
|
|
||||||
ntsecuritycon.FILE_GENERIC_READ | ntsecuritycon.FILE_GENERIC_WRITE,
|
|
||||||
user,
|
|
||||||
)
|
|
||||||
security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0)
|
|
||||||
win32security.SetFileSecurity(
|
|
||||||
data_dir_path, win32security.DACL_SECURITY_INFORMATION, security_descriptor
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def get_user_pySID_object():
|
|
||||||
# get current user's name
|
|
||||||
username = win32api.GetUserNameEx(win32con.NameSamCompatible)
|
|
||||||
# pySID object for the current user
|
|
||||||
user, _, _ = win32security.LookupAccountName("", username)
|
|
||||||
|
|
||||||
return user
|
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
import ntsecuritycon
|
||||||
|
import win32api
|
||||||
|
import win32con
|
||||||
|
import win32security
|
||||||
|
|
||||||
|
|
||||||
|
def set_full_folder_access(folder_path: str) -> None:
|
||||||
|
user = get_user_pySID_object()
|
||||||
|
|
||||||
|
security_descriptor = win32security.GetFileSecurity(
|
||||||
|
folder_path, win32security.DACL_SECURITY_INFORMATION
|
||||||
|
)
|
||||||
|
dacl = win32security.ACL()
|
||||||
|
dacl.AddAccessAllowedAce(
|
||||||
|
win32security.ACL_REVISION,
|
||||||
|
ntsecuritycon.FILE_ALL_ACCESS,
|
||||||
|
user,
|
||||||
|
)
|
||||||
|
security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0)
|
||||||
|
win32security.SetFileSecurity(
|
||||||
|
folder_path, win32security.DACL_SECURITY_INFORMATION, security_descriptor
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def get_user_pySID_object():
|
||||||
|
# get current user's name
|
||||||
|
username = win32api.GetUserNameEx(win32con.NameSamCompatible)
|
||||||
|
# pySID object for the current user
|
||||||
|
user, _, _ = win32security.LookupAccountName("", username)
|
||||||
|
|
||||||
|
return user
|
Loading…
Reference in New Issue