Fix race condition during Windows directory creation

2021-06-10 15:04:56 +05:30 · 2021-06-10 15:04:56 +05:30 · 54f5524760
parent b282e5276b
commit 54f5524760
2 changed files with 18 additions and 14 deletions
--- a/monkey/monkey_island/cc/environment/utils.py
+++ b/monkey/monkey_island/cc/environment/utils.py
@ -8,6 +8,8 @@ def is_windows_os() -> bool:


 if is_windows_os():
+    import win32file
+
    import monkey_island.cc.environment.windows_permissions as windows_permissions

 LOG = logging.getLogger(__name__)
@ -15,11 +17,13 @@ LOG = logging.getLogger(__name__)

 def create_secure_directory(path: str, create_parent_dirs: bool):
    if not os.path.isdir(path):
-        _create_secure_directory(path, create_parent_dirs)
-        set_secure_permissions(path)
+        if is_windows_os():
+            _create_secure_directory_windows(path)
+        else:
+            _create_secure_directory_linux(path, create_parent_dirs)


-def _create_secure_directory(path: str, create_parent_dirs: bool):
+def _create_secure_directory_linux(path: str, create_parent_dirs: bool):
    try:
        if create_parent_dirs:
            # Don't split directory creation and permission setting
@ -35,10 +39,13 @@ def _create_secure_directory(path: str, create_parent_dirs: bool):
        raise ex


-def set_secure_permissions(dir_path: str):
+def _create_secure_directory_windows(path: str):
+    security_descriptor = windows_permissions.get_sd_for_owner_only_perms()
    try:
-        if is_windows_os():
-            windows_permissions.set_perms_to_owner_only(folder_path=dir_path)
+        win32file.CreateDirectory(path, security_descriptor)
    except Exception as ex:
-        LOG.error(f"Permissions could not be set successfully for {dir_path}: {str(ex)}")
+        LOG.error(
+            f'Could not create a directory at "{path}" (maybe environmental variables could not be '
+            f"resolved?): {str(ex)}"
+        )
        raise ex
--- a/monkey/monkey_island/cc/environment/windows_permissions.py
+++ b/monkey/monkey_island/cc/environment/windows_permissions.py
@ -4,12 +4,10 @@ import win32con
 import win32security


-def set_perms_to_owner_only(folder_path: str) -> None:
+def get_sd_for_owner_only_perms() -> None:
    user = get_user_pySID_object()
+    security_descriptor = win32security.SECURITY_DESCRIPTOR()

-    security_descriptor = win32security.GetFileSecurity(
-        folder_path, win32security.DACL_SECURITY_INFORMATION
-    )
    dacl = win32security.ACL()
    dacl.AddAccessAllowedAce(
        win32security.ACL_REVISION,
@ -17,9 +15,8 @@ def set_perms_to_owner_only(folder_path: str) -> None:
        user,
    )
    security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0)
-    win32security.SetFileSecurity(
-        folder_path, win32security.DACL_SECURITY_INFORMATION, security_descriptor
-    )
+
+    return security_descriptor


 def get_user_pySID_object():