WIXFEAT:2006,2580,2751 Add Inheritable attribute to PermissionEx.

author: Sean Hall <r.sean.hall@gmail.com> 2020-05-23 15:55:58 +1000
committer: Sean Hall <r.sean.hall@gmail.com> 2020-05-23 16:00:11 +1000
commit: 6fbe9b0b7e98e63daa89c1347e5388dec9fdc57f (patch)
tree: 98c04dcb4cfdd19aca0d292b97810cac00aa6adb /src/ca
parent: 242d5201cb75c686f4cb86e521ed0d8c025c563b (diff)
download: wix-6fbe9b0b7e98e63daa89c1347e5388dec9fdc57f.tar.gz
wix-6fbe9b0b7e98e63daa89c1347e5388dec9fdc57f.tar.bz2
wix-6fbe9b0b7e98e63daa89c1347e5388dec9fdc57f.zip
1 files changed, 19 insertions, 6 deletions
diff --git a/src/ca/secureobj.cpp b/src/ca/secureobj.cpp
index 392945d9..72842eb5 100644
--- a/src/ca/secureobj.cpp
+++ b/src/ca/secureobj.cpp
@@ -3,10 +3,10 @@
 #include "precomp.h"
 // structs
-LPCWSTR wzQUERY_SECUREOBJECTS = L"SELECT `Wix4SecureObject`.`Wix4SecureObject`, `Wix4SecureObject`.`Table`, `Wix4SecureObject`.`Domain`, `Wix4SecureObject`.`User`, "
+LPCWSTR wzQUERY_SECUREOBJECTS = L"SELECT `Wix4SecureObject`.`Wix4SecureObject`, `Wix4SecureObject`.`Table`, `Wix4SecureObject`.`Domain`, `Wix4SecureObject`.`User`, `Wix4SecureObject`.`Attributes`, "
                                L"`Wix4SecureObject`.`Permission`, `Wix4SecureObject`.`Component_`, `Component`.`Attributes` FROM `Wix4SecureObject`,`Component` WHERE "
                                L"`Wix4SecureObject`.`Component_`=`Component`.`Component`";
-enum eQUERY_SECUREOBJECTS { QSO_SECUREOBJECT = 1, QSO_TABLE, QSO_DOMAIN, QSO_USER, QSO_PERMISSION, QSO_COMPONENT, QSO_COMPATTRIBUTES };
+enum eQUERY_SECUREOBJECTS { QSO_SECUREOBJECT = 1, QSO_TABLE, QSO_DOMAIN, QSO_USER, QSO_ATTRIBUTES, QSO_PERMISSION, QSO_COMPONENT, QSO_COMPATTRIBUTES };
 LPCWSTR wzQUERY_REGISTRY = L"SELECT `Registry`.`Registry`, `Registry`.`Root`, `Registry`.`Key` FROM `Registry` WHERE `Registry`.`Registry`=?";
 enum eQUERY_OBJECTCOMPONENT { QSOC_REGISTRY = 1, QSOC_REGROOT, QSOC_REGKEY };
@@ -16,6 +16,11 @@ enum eQUERY_SECURESERVICEINSTALL { QSSI_NAME = 1 };
 enum eOBJECTTYPE { OT_UNKNOWN, OT_SERVICE, OT_FOLDER, OT_FILE, OT_REGISTRY };
+enum eSECURE_OBJECT_ATTRIBUTE
+{
+    SECURE_OBJECT_ATTRIBUTE_INHERITABLE = 0x1,
+};
 static eOBJECTTYPE EObjectTypeFromString(
    __in LPCWSTR pwzTable
    )
@@ -335,6 +340,7 @@ extern "C" UINT __stdcall SchedSecureObjects(
    DWORD cObjects = 0;
    eOBJECTTYPE eType = OT_UNKNOWN;
+    DWORD dwAttributes = 0;
    //
    // initialize
@@ -409,7 +415,6 @@ extern "C" UINT __stdcall SchedSecureObjects(
            // add the data to the CustomActionData
            hr = WcaGetRecordString(hRec, QSO_SECUREOBJECT, &pwzData);
            ExitOnFailure(hr, "failed to get name of object");
            hr = WcaWriteStringToCaData(pwzTable, &pwzCustomActionData);
            ExitOnFailure(hr, "failed to add data to CustomActionData");
@@ -423,6 +428,11 @@ extern "C" UINT __stdcall SchedSecureObjects(
            hr = WcaWriteStringToCaData(pwzData, &pwzCustomActionData);
            ExitOnFailure(hr, "failed to add data to CustomActionData");
+            hr = WcaGetRecordInteger(hRec, QSO_ATTRIBUTES, reinterpret_cast<int*>(&dwAttributes));
+            ExitOnFailure(hr, "failed to get attributes to configure object");
+            hr = WcaWriteIntegerToCaData(dwAttributes, &pwzCustomActionData);
+            ExitOnFailure(hr, "failed to add data to CustomActionData");
            hr = WcaGetRecordString(hRec, QSO_PERMISSION, &pwzData);
            ExitOnFailure(hr, "failed to get permission to configure object");
            hr = WcaWriteStringToCaData(pwzData, &pwzCustomActionData);
@@ -568,7 +578,7 @@ LExit:
                   called as Type 1025 CustomAction (deferred binary DLL)
 NOTE: deferred CustomAction since it modifies the machine
- NOTE: CustomActionData == wzObject\twzTable\twzDomain\twzUser\tdwPermissions\twzObject\t...
+ NOTE: CustomActionData == wzObject\twzTable\twzDomain\twzUser\tdwAttributes\tdwPermissions\t...
 ******************************************************************/
 extern "C" UINT __stdcall ExecSecureObjects(
    __in MSIHANDLE hInstall
@@ -586,6 +596,7 @@ extern "C" UINT __stdcall ExecSecureObjects(
    DWORD dwRevision = 0;
    LPWSTR pwzUser = NULL;
    DWORD dwPermissions = 0;
+    DWORD dwAttributes = 0;
    LPWSTR pwzAccount = NULL;
    PSID psid = NULL;
@@ -626,8 +637,10 @@ extern "C" UINT __stdcall ExecSecureObjects(
        ExitOnFailure(hr, "failed to process CustomActionData");
        hr = WcaReadStringFromCaData(&pwz, &pwzUser);
        ExitOnFailure(hr, "failed to process CustomActionData");
+        hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int*>(&dwAttributes));
+        ExitOnFailure(hr, "failed to process CustomActionData");
        hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int*>(&dwPermissions));
-        ExitOnFailure(hr, "failed to processCustomActionData");
+        ExitOnFailure(hr, "failed to process CustomActionData");
        WcaLog(LOGMSG_VERBOSE, "Securing Object: %ls Type: %ls User: %ls", pwzObject, pwzTable, pwzUser);
@@ -690,7 +703,7 @@ extern "C" UINT __stdcall ExecSecureObjects(
        //
        ea.grfAccessMode = SET_ACCESS;
-        if (0 == lstrcmpW(L"CreateFolder", pwzTable))
+        if (dwAttributes & SECURE_OBJECT_ATTRIBUTE_INHERITABLE)
        {
            ea.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
        }
author	Sean Hall <r.sean.hall@gmail.com>	2020-05-23 15:55:58 +1000
committer	Sean Hall <r.sean.hall@gmail.com>	2020-05-23 16:00:11 +1000
commit	6fbe9b0b7e98e63daa89c1347e5388dec9fdc57f (patch)
tree	98c04dcb4cfdd19aca0d292b97810cac00aa6adb /src/ca
parent	242d5201cb75c686f4cb86e521ed0d8c025c563b (diff)
download	wix-6fbe9b0b7e98e63daa89c1347e5388dec9fdc57f.tar.gz wix-6fbe9b0b7e98e63daa89c1347e5388dec9fdc57f.tar.bz2 wix-6fbe9b0b7e98e63daa89c1347e5388dec9fdc57f.zip