From 5bb929c2e8bd13ec6c8f08612ff1ae1fa02c21d0 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Mon, 11 May 2020 14:38:41 +0200 Subject: [PATCH 1/2] Windows agent wizard: apply permissions also to Icinga's data dir refs #7998 --- agent/windows-setup-agent/SetupWizard.cs | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/agent/windows-setup-agent/SetupWizard.cs b/agent/windows-setup-agent/SetupWizard.cs index 327611c4b..0421960b9 100644 --- a/agent/windows-setup-agent/SetupWizard.cs +++ b/agent/windows-setup-agent/SetupWizard.cs @@ -238,14 +238,12 @@ namespace Icinga string serviceUser = txtUser.Text.Trim(); - DirectoryInfo di = new DirectoryInfo(Program.Icinga2InstallDir); - DirectorySecurity ds = di.GetAccessControl(); FileSystemAccessRule rule = new FileSystemAccessRule(serviceUser, FileSystemRights.Modify, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow); try { - ds.AddAccessRule(rule); - di.SetAccessControl(ds); + AddAccessRuleToDir(rule, Program.Icinga2InstallDir); + AddAccessRuleToDir(rule, Program.Icinga2DataDir); } catch (System.Security.Principal.IdentityNotMappedException) { ShowErrorText("Could not set ACLs for user \"" + serviceUser + "\". Identitiy is not mapped.\n"); return; @@ -285,6 +283,14 @@ namespace Icinga FinishConfigure(); } + private void AddAccessRuleToDir(FileSystemAccessRule rule, string dir) + { + DirectoryInfo di = new DirectoryInfo(dir); + DirectorySecurity ds = di.GetAccessControl(); + ds.AddAccessRule(rule); + di.SetAccessControl(ds); + } + private void FinishConfigure() { if (InvokeRequired) { From 4580aaeafac2cc0ce582cf0f4bcf843429eff397 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Thu, 14 May 2020 13:30:01 +0200 Subject: [PATCH 2/2] Windows agent wizard: apply permissions recursively refs #7998 --- agent/windows-setup-agent/SetupWizard.cs | 25 ++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/agent/windows-setup-agent/SetupWizard.cs b/agent/windows-setup-agent/SetupWizard.cs index 0421960b9..842b69ba9 100644 --- a/agent/windows-setup-agent/SetupWizard.cs +++ b/agent/windows-setup-agent/SetupWizard.cs @@ -242,8 +242,8 @@ namespace Icinga FileSystemRights.Modify, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow); try { - AddAccessRuleToDir(rule, Program.Icinga2InstallDir); - AddAccessRuleToDir(rule, Program.Icinga2DataDir); + AddAccessRuleToFSTree(rule, Program.Icinga2InstallDir); + AddAccessRuleToFSTree(rule, Program.Icinga2DataDir); } catch (System.Security.Principal.IdentityNotMappedException) { ShowErrorText("Could not set ACLs for user \"" + serviceUser + "\". Identitiy is not mapped.\n"); return; @@ -283,6 +283,14 @@ namespace Icinga FinishConfigure(); } + private void AddAccessRuleToFile(FileSystemAccessRule rule, string file) + { + FileInfo fi = new FileInfo(file); + FileSecurity fs = fi.GetAccessControl(); + fs.AddAccessRule(rule); + fi.SetAccessControl(fs); + } + private void AddAccessRuleToDir(FileSystemAccessRule rule, string dir) { DirectoryInfo di = new DirectoryInfo(dir); @@ -291,6 +299,19 @@ namespace Icinga di.SetAccessControl(ds); } + private void AddAccessRuleToFSTree(FileSystemAccessRule rule, string root) + { + AddAccessRuleToDir(rule, root); + + foreach (string path in Directory.EnumerateDirectories(root, "*", SearchOption.AllDirectories)) { + AddAccessRuleToDir(rule, path); + } + + foreach (string path in Directory.EnumerateFiles(root, "*", SearchOption.AllDirectories)) { + AddAccessRuleToFile(rule, path); + } + } + private void FinishConfigure() { if (InvokeRequired) {