/**************************************************************************
* TakeOwnershipOfFile [SETUPAPI.@]
*
* Takes the ownership of the given file.
*
* PARAMS
* lpFileName [I] Name of the file
*
* RETURNS
* Success: ERROR_SUCCESS
* Failure: other
*/
DWORD WINAPI TakeOwnershipOfFile(LPCWSTR lpFileName)
{
SECURITY_DESCRIPTOR SecDesc;
HANDLE hToken = NULL;
PTOKEN_OWNER pOwner = NULL;
DWORD dwError;
DWORD dwSize;
TRACE("%s\n", debugstr_w(lpFileName));
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
return GetLastError();
if (!GetTokenInformation(hToken, TokenOwner, NULL, 0, &dwSize))
{
goto fail;
}
pOwner = (PTOKEN_OWNER)MyMalloc(dwSize);
if (pOwner == NULL)
{
CloseHandle(hToken);
return ERROR_NOT_ENOUGH_MEMORY;
}
if (!GetTokenInformation(hToken, TokenOwner, pOwner, dwSize, &dwSize))
{
goto fail;
}
if (!InitializeSecurityDescriptor(&SecDesc, SECURITY_DESCRIPTOR_REVISION))
{
goto fail;
}
if (!SetSecurityDescriptorOwner(&SecDesc, pOwner->Owner, FALSE))
{
goto fail;
}
if (!SetFileSecurityW(lpFileName, OWNER_SECURITY_INFORMATION, &SecDesc))
{
goto fail;
}
MyFree(pOwner);
CloseHandle(hToken);
return ERROR_SUCCESS;
fail:;
dwError = GetLastError();
MyFree(pOwner);
if (hToken != NULL)
CloseHandle(hToken);
return dwError;
}
void ExtractACLNew(Archive &Arc,char *FileName,wchar *FileNameW)
{
#if defined(_XBOX) || defined(_LINUX) || (defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_APP))
return;
#else
if (!WinNT())
return;
Array<byte> SubData;
if (!Arc.ReadSubData(&SubData,NULL))
return;
SetPrivileges();
SECURITY_INFORMATION si=OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|
DACL_SECURITY_INFORMATION;
if (ReadSacl)
si|=SACL_SECURITY_INFORMATION;
SECURITY_DESCRIPTOR *sd=(SECURITY_DESCRIPTOR *)&SubData[0];
int SetCode;
if (FileNameW!=NULL)
SetCode=SetFileSecurityW(FileNameW,si,sd);
else
SetCode=SetFileSecurity(FileName,si,sd);
if (!SetCode)
{
RarLog(Arc.FileName,St(MACLSetError),FileName);
ErrHandler.SysErrMsg();
ErrHandler.SetErrorCode(WARNING);
}
#endif
}
void ExtractACLNew(Archive &Arc,char *FileName,wchar *FileNameW)
{
if (!WinNT())
return;
Array<byte> SubData;
if (!Arc.ReadSubData(&SubData,(File *) NULL))
return;
SetPrivileges();
SECURITY_INFORMATION si=OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|
DACL_SECURITY_INFORMATION;
if (ReadSacl)
si|=SACL_SECURITY_INFORMATION;
SECURITY_DESCRIPTOR *sd=(SECURITY_DESCRIPTOR *)&SubData[0];
int SetCode;
if (FileNameW!=NULL)
SetCode=SetFileSecurityW(FileNameW,si,sd);
else
SetCode=SetFileSecurityA(FileName,si,sd);
if (!SetCode)
{
Log(Arc.FileName,St(MACLSetError),FileName);
ErrHandler.SysErrMsg();
ErrHandler.SetErrorCode(WARNING);
}
}
BOOL SetFileDacl(LPCWSTR path)
{
BOOL bRet = FALSE;
WCHAR sddl[MAX_KRNLOBJNAME] = {L'\0'};
PSECURITY_DESCRIPTOR pSD = NULL;
LPWSTR pszUserSid;
if(GetUserSid(&pszUserSid))
{
_snwprintf_s(sddl, _TRUNCATE, L"D:%s(A;;FR;;;RC)(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;%s)",
(IsVersion62AndOver() ? L"(A;;FR;;;AC)" : L""), pszUserSid);
LocalFree(pszUserSid);
}
if(ConvertStringSecurityDescriptorToSecurityDescriptorW(sddl, SDDL_REVISION_1, &pSD, NULL))
{
if(SetFileSecurityW(path, DACL_SECURITY_INFORMATION, pSD))
{
bRet = TRUE;
}
LocalFree(pSD);
}
return bRet;
}
BOOL SetFileDacl(LPCWSTR path)
{
BOOL bRet = FALSE;
WCHAR sddl[MAX_KRNLOBJNAME] = {L'\0'};
PSECURITY_DESCRIPTOR psd = nullptr;
LPWSTR pszUserSid;
if(GetUserSid(&pszUserSid))
{
// SDDL_ALL_APP_PACKAGES / SDDL_RESTRICTED_CODE / SDDL_LOCAL_SYSTEM / SDDL_BUILTIN_ADMINISTRATORS / User SID
_snwprintf_s(sddl, _TRUNCATE, L"D:%s(A;;FR;;;RC)(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;%s)",
(IsWindowsVersion62OrLater() ? L"(A;;FR;;;AC)" : L""), pszUserSid);
LocalFree(pszUserSid);
}
if(ConvertStringSecurityDescriptorToSecurityDescriptorW(sddl, SDDL_REVISION_1, &psd, nullptr))
{
if(SetFileSecurityW(path, DACL_SECURITY_INFORMATION, psd))
{
bRet = TRUE;
}
LocalFree(psd);
}
return bRet;
}
void ExtractACL(Archive &Arc,char *FileName,wchar *FileNameW)
{
if (!WinNT())
return;
SetPrivileges();
if (Arc.HeaderCRC!=Arc.EAHead.HeadCRC)
{
Log(Arc.FileName,St(MACLBroken),FileName);
ErrHandler.SetErrorCode(CRC_ERROR);
return;
}
if (Arc.EAHead.Method<0x31 || Arc.EAHead.Method>0x35 || Arc.EAHead.UnpVer>PACK_VER)
{
Log(Arc.FileName,St(MACLUnknown),FileName);
ErrHandler.SetErrorCode(WARNING);
return;
}
ComprDataIO DataIO;
Unpack Unpack(&DataIO);
Unpack.Init();
Array<byte> UnpData(Arc.EAHead.UnpSize);
DataIO.SetUnpackToMemory(&UnpData[0],Arc.EAHead.UnpSize);
DataIO.SetPackedSizeToRead(Arc.EAHead.DataSize);
DataIO.EnableShowProgress(false);
DataIO.SetFiles(&Arc,NULL);
Unpack.SetDestSize(Arc.EAHead.UnpSize);
Unpack.DoUnpack(Arc.EAHead.UnpVer,false);
if (Arc.EAHead.EACRC!=~DataIO.UnpFileCRC)
{
Log(Arc.FileName,St(MACLBroken),FileName);
ErrHandler.SetErrorCode(CRC_ERROR);
return;
}
SECURITY_INFORMATION si=OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|
DACL_SECURITY_INFORMATION;
if (ReadSacl)
si|=SACL_SECURITY_INFORMATION;
SECURITY_DESCRIPTOR *sd=(SECURITY_DESCRIPTOR *)&UnpData[0];
int SetCode;
if (FileNameW!=NULL)
SetCode=SetFileSecurityW(FileNameW,si,sd);
else
SetCode=SetFileSecurityA(FileName,si,sd);
if (!SetCode)
{
Log(Arc.FileName,St(MACLSetError),FileName);
ErrHandler.SysErrMsg();
ErrHandler.SetErrorCode(WARNING);
}
}
/**************************************************************************
* StampFileSecurity [SETUPAPI.@]
*
* Assign a new security descriptor to the given file.
*
* PARAMS
* lpFileName [I] Name of the file
* pSecurityDescriptor [I] New security descriptor
*
* RETURNS
* Success: ERROR_SUCCESS
* Failure: other
*/
DWORD WINAPI StampFileSecurity(LPCWSTR lpFileName, PSECURITY_DESCRIPTOR pSecurityDescriptor)
{
TRACE("%s %p\n", debugstr_w(lpFileName), pSecurityDescriptor);
if (!SetFileSecurityW(lpFileName, OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
pSecurityDescriptor))
return GetLastError();
return ERROR_SUCCESS;
}
void ExtractACL20(Archive &Arc,const wchar *FileName)
{
SetACLPrivileges();
if (Arc.BrokenHeader)
{
Log(Arc.FileName,St(MACLBroken),FileName);
ErrHandler.SetErrorCode(RARX_CRC);
return;
}
if (Arc.EAHead.Method<0x31 || Arc.EAHead.Method>0x35 || Arc.EAHead.UnpVer>VER_PACK)
{
Log(Arc.FileName,St(MACLUnknown),FileName);
ErrHandler.SetErrorCode(RARX_WARNING);
return;
}
ComprDataIO DataIO;
Unpack Unpack(&DataIO);
Unpack.Init(0x10000,false);
Array<byte> UnpData(Arc.EAHead.UnpSize);
DataIO.SetUnpackToMemory(&UnpData[0],Arc.EAHead.UnpSize);
DataIO.SetPackedSizeToRead(Arc.EAHead.DataSize);
DataIO.EnableShowProgress(false);
DataIO.SetFiles(&Arc,NULL);
DataIO.UnpHash.Init(HASH_CRC32,1);
Unpack.SetDestSize(Arc.EAHead.UnpSize);
Unpack.DoUnpack(Arc.EAHead.UnpVer,false);
if (Arc.EAHead.EACRC!=DataIO.UnpHash.GetCRC32())
{
Log(Arc.FileName,St(MACLBroken),FileName);
ErrHandler.SetErrorCode(RARX_CRC);
return;
}
SECURITY_INFORMATION si=OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|
DACL_SECURITY_INFORMATION;
if (ReadSacl)
si|=SACL_SECURITY_INFORMATION;
SECURITY_DESCRIPTOR *sd=(SECURITY_DESCRIPTOR *)&UnpData[0];
int SetCode=SetFileSecurityW(FileName,si,sd);
if (!SetCode)
{
Log(Arc.FileName,St(MACLSetError),FileName);
ErrHandler.SysErrMsg();
ErrHandler.SetErrorCode(RARX_WARNING);
}
}
JNIEXPORT void JNICALL
Java_org_gudy_azureus2_platform_win32_access_impl_AEWin32AccessInterface_copyPermissionW(
JNIEnv *env,
jclass cla,
jstring _fileNameIn,
jstring _fileNameOut )
{
WCHAR file_name_in[2048];
WCHAR file_name_out[2048];
if ( !jstringToCharsW( env, _fileNameIn, file_name_in, sizeof( file_name_in )-1)){
return;
}
if ( !jstringToCharsW( env, _fileNameOut, file_name_out, sizeof( file_name_out )-1)){
return;
}
SECURITY_INFORMATION secInfo = DACL_SECURITY_INFORMATION;
DWORD cbFileSD = 0;
PSECURITY_DESCRIPTOR pFileSD = NULL;
BOOL ok = GetFileSecurityW(file_name_in, secInfo, pFileSD, 0, &cbFileSD);
// API should have failed with insufficient buffer.
if ( ok ){
throwException( env, "copyPermission", "GetFileSecurity ok" );
return;
}else if (GetLastError() == ERROR_FILE_NOT_FOUND) {
throwException( env, "copyPermission", "from file not found" );
return;
}else if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
throwException( env, "copyPermission", "GetFileSecurity unexpected response", GetLastError() );
return;
}else{
pFileSD = myheapalloc( cbFileSD );
if (!pFileSD) {
throwException( env, "copyPermission", "no memory" );
return;
}
ok = GetFileSecurityW(file_name_in, secInfo, pFileSD, cbFileSD, &cbFileSD );
if (!ok) {
myheapfree( pFileSD );
throwException( env, "copyPermission", "GetFileSecurity", GetLastError());
return;
}
ok = SetFileSecurityW( file_name_out, secInfo, pFileSD );
myheapfree( pFileSD );
if ( !ok ){
if (GetLastError() == ERROR_FILE_NOT_FOUND) {
throwException( env, "copyPermission", "to file not found" );
}else{
throwException( env, "copyPermission", "SetFileSecurity unexpected response", GetLastError() );
}
}
}
}
int RemoveFileDACLs(LPCWSTR pszPath, BOOL fDiagnostic, BPRINT_BUFFER *pbp)
{
//
// make sure that we have ESE_SECURITY priviledge
//
int err = 0;
if ( ! AddLocalPrivilege(ESE_SECURITY))
{
err = GetLastError();
if (fDiagnostic)
ReportError(err, "AdjustTokenPrivileges");
}
// setup globals, this do nothing if this is not the first time
// this function was called.
//
InitStandardSids(fDiagnostic, pbp);
//InitUserSid(fDiagnostic, pbp);
InitOwnerSid(fDiagnostic, pbp);
//
// Attempt to put a NULL Dacl on the file/directory
//
SECURITY_DESCRIPTOR si;
ZeroMemory(&si, sizeof(si));
InitializeSecurityDescriptor(&si, SECURITY_DESCRIPTOR_REVISION);
MSC_SUPPRESS_WARNING(6248) // warning: setting the DACL to null will result in unprotected object...
SetSecurityDescriptorDacl (&si, TRUE, NULL, FALSE);
if ( ! SetFileSecurityW(pszPath, DACL_SECURITY_INFORMATION, &si))
{
err = GetLastError();
if (fDiagnostic)
ReportErrorW (err, "SetFileSecurity(DACL)[1] ", pszPath);
}
else
{
if (fDiagnostic)
{
if (bprint_IsEmpty(*pbp))
bprintfl(*pbp, "DACLs removed from %s", pszPath);
else
bprint(*pbp, " DACLs removed");
}
return 0;
}
//
// Attempt to make take ownership of the file.
//
SetSecurityDescriptorOwner (&si, ls.OwnerSid, FALSE);
if (SetFileSecurityW(pszPath, OWNER_SECURITY_INFORMATION, &si))
err = 0;
else
{
err = GetLastError();
if (fDiagnostic)
ReportErrorW (err, "SetFileSecurity(Owner)[1] ", pszPath);
//ZeroMemory(&si,sizeof(si));
//InitializeSecurityDescriptor(&si, SECURITY_DESCRIPTOR_REVISION);
//SetSecurityDescriptorOwner (&si, ls.OwnerSid, FALSE);
if ( ! AddLocalPrivilege(ESE_TAKE_OWNERSHIP))
{
static bool fReportedSeTakeOwner = false;
if (fDiagnostic && ! fReportedSeTakeOwner)
{
ReportErrorW(GetLastError(), "SeTakeOwnership ", pszPath);
fReportedSeTakeOwner = true;
}
}
else if ( ! SetFileSecurityW(pszPath, OWNER_SECURITY_INFORMATION, &si))
{
err = GetLastError();
if (fDiagnostic)
ReportErrorW (err, "SetFileSecurity(Owner)[2] ", pszPath);
}
else
{
err = 0;
}
}
// if we successfully took ownership, try again to set a NULL DACL
//
if ( ! err)
{
if (fDiagnostic)
{
if (bprint_IsEmpty(*pbp))
bprintfl(*pbp, "Ownership taken of %s", pszPath);
else
bprint(*pbp, " Ownership taken");
}
if ( ! SetFileSecurityW(pszPath, DACL_SECURITY_INFORMATION, &si))
{
err = GetLastError();
if (fDiagnostic)
ReportErrorW (err, "SetFileSecurity(DACL)[2] ", pszPath);
}
else
{
if (fDiagnostic)
{
if (bprint_IsEmpty(*pbp))
bprintfl(*pbp, "DACLs removed from %s", pszPath);
else
bprintfl(*pbp, " DACLs removed", pszPath);
}
return 0;
}
}
return err;
}
BOOL WipeFileW(wchar_t *filename)
{
DWORD Error=0,OldAttr,needed; void *SD=NULL; int correct_SD=FALSE;
wchar_t dir[2*MAX_PATH],tmpname[MAX_PATH],*fileptr=wcsrchr(filename,L'\\');
unsigned char *buffer=(unsigned char *)malloc(BUFF_SIZE);
if(fileptr&&buffer)
{
OldAttr=GetFileAttributesW(filename);
SetFileAttributesW(filename,OldAttr&(~FILE_ATTRIBUTE_READONLY));
if(!GetFileSecurityW(filename,DACL_SECURITY_INFORMATION,NULL,0,&needed))
if(GetLastError()==ERROR_INSUFFICIENT_BUFFER)
{
SD=malloc(needed);
if(SD)
if(GetFileSecurityW(filename,DACL_SECURITY_INFORMATION,SD,needed,&needed)) correct_SD=TRUE;
}
wcsncpy(dir,filename,fileptr-filename+1);
dir[fileptr-filename+1]=0;
if(GetTempFileNameW(dir,L"bc",0,tmpname))
{
if(MoveFileExW(filename,tmpname,MOVEFILE_REPLACE_EXISTING|MOVEFILE_WRITE_THROUGH))
{
HANDLE f=CreateFileW(tmpname,FILE_GENERIC_WRITE,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_FLAG_BACKUP_SEMANTICS|FILE_FLAG_SEQUENTIAL_SCAN,NULL);
if(f!=INVALID_HANDLE_VALUE)
{
BY_HANDLE_FILE_INFORMATION info;
if(GetFileInformationByHandle(f,&info))
{
unsigned long long size=(unsigned long long)info.nFileSizeLow+(unsigned long long)info.nFileSizeHigh*4294967296ULL;
unsigned long long processed_size=0;
while(size)
{
unsigned long outsize=(unsigned long)((size>=BUFF_SIZE)?BUFF_SIZE:size),transferred;
WriteFile(f,buffer,outsize,&transferred,NULL);
size-=outsize;
processed_size+=outsize;
if(UpdatePosInfo(0ULL,processed_size)) break;
}
}
if((SetFilePointer(f,0,NULL,FILE_BEGIN)==INVALID_SET_FILE_POINTER)||(!SetEndOfFile(f))) Error=GetLastError();
CloseHandle(f);
}
if(Error) MoveFileExW(tmpname,filename,MOVEFILE_REPLACE_EXISTING|MOVEFILE_WRITE_THROUGH);
else if(!DeleteFileW(tmpname)) Error=GetLastError();
}
else
{
Error=GetLastError();
DeleteFileW(tmpname);
}
} else Error=GetLastError();
if(Error)
{
SetFileAttributesW(filename,OldAttr);
if(correct_SD) SetFileSecurityW(filename,DACL_SECURITY_INFORMATION,SD);
}
}
free(SD);
free(buffer);
if(Error)
{
SetLastError(Error);
return FALSE;
}
return TRUE;
}
