Refactored windows permission handling into a separate file

This commit is contained in:
VakarisZ 2021-05-19 17:00:57 +03:00 committed by Shreya
parent 8c575b9d35
commit 8ce506ac6f
2 changed files with 38 additions and 44 deletions

View File

@ -1,53 +1,16 @@
import os import os
import sys import sys
from monkey_island.cc.server_utils.consts import DEFAULT_DATA_DIR from monkey_island.cc.environment.windows_permissions import set_full_folder_access
is_windows_os = sys.platform.startswith("win") is_windows_os = sys.platform.startswith("win")
if is_windows_os:
import ntsecuritycon
import win32api
import win32con
import win32security
def create_data_dir(data_dir: str, create_parent_dirs: bool) -> None:
def create_data_dir(data_dir: str) -> None:
if not os.path.isdir(data_dir): if not os.path.isdir(data_dir):
if create_parent_dirs:
os.makedirs(data_dir, mode=0o700) os.makedirs(data_dir, mode=0o700)
else:
os.mkdir(data_dir, mode=0o700)
if is_windows_os: # `mode=0o700` doesn't work on Windows if is_windows_os: # `mode=0o700` doesn't work on Windows
set_data_dir_security_to_read_and_write_by_owner(data_dir_path=data_dir) set_full_folder_access(folder_path=data_dir)
def create_default_data_dir() -> None:
if not os.path.isdir(DEFAULT_DATA_DIR):
os.mkdir(DEFAULT_DATA_DIR, mode=0o700)
if is_windows_os: # `mode=0o700` doesn't work on Windows
set_data_dir_security_to_read_and_write_by_owner(data_dir_path=DEFAULT_DATA_DIR)
def set_data_dir_security_to_read_and_write_by_owner(data_dir_path: str) -> None:
user = get_user_pySID_object() # current user is newly created data dir's owner
security_descriptor = win32security.GetFileSecurity(
data_dir_path, win32security.DACL_SECURITY_INFORMATION
)
dacl = win32security.ACL()
dacl.AddAccessAllowedAce(
win32security.ACL_REVISION,
ntsecuritycon.FILE_GENERIC_READ | ntsecuritycon.FILE_GENERIC_WRITE,
user,
)
security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0)
win32security.SetFileSecurity(
data_dir_path, win32security.DACL_SECURITY_INFORMATION, security_descriptor
)
def get_user_pySID_object():
# get current user's name
username = win32api.GetUserNameEx(win32con.NameSamCompatible)
# pySID object for the current user
user, _, _ = win32security.LookupAccountName("", username)
return user

View File

@ -0,0 +1,31 @@
import ntsecuritycon
import win32api
import win32con
import win32security
def set_full_folder_access(folder_path: str) -> None:
user = get_user_pySID_object()
security_descriptor = win32security.GetFileSecurity(
folder_path, win32security.DACL_SECURITY_INFORMATION
)
dacl = win32security.ACL()
dacl.AddAccessAllowedAce(
win32security.ACL_REVISION,
ntsecuritycon.FILE_ALL_ACCESS,
user,
)
security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0)
win32security.SetFileSecurity(
folder_path, win32security.DACL_SECURITY_INFORMATION, security_descriptor
)
def get_user_pySID_object():
# get current user's name
username = win32api.GetUserNameEx(win32con.NameSamCompatible)
# pySID object for the current user
user, _, _ = win32security.LookupAccountName("", username)
return user