WIXFEAT:2006,2580,2751 Add Inheritable attribute to PermissionEx.

6 files changed, 47 insertions, 7 deletions

diff --git a/src/ca/secureobj.cpp b/src/ca/secureobj.cpp
index 392945d9..72842eb5 100644
--- a/src/ca/secureobj.cpp
+++ b/src/ca/secureobj.cpp
@@ -3,10 +3,10 @@
 #include "precomp.h"
 
 // structs
-LPCWSTR wzQUERY_SECUREOBJECTS = L"SELECT `Wix4SecureObject`.`Wix4SecureObject`, `Wix4SecureObject`.`Table`, `Wix4SecureObject`.`Domain`, `Wix4SecureObject`.`User`, "
+LPCWSTR wzQUERY_SECUREOBJECTS = L"SELECT `Wix4SecureObject`.`Wix4SecureObject`, `Wix4SecureObject`.`Table`, `Wix4SecureObject`.`Domain`, `Wix4SecureObject`.`User`, `Wix4SecureObject`.`Attributes`, "
                                 L"`Wix4SecureObject`.`Permission`, `Wix4SecureObject`.`Component_`, `Component`.`Attributes` FROM `Wix4SecureObject`,`Component` WHERE "
                                 L"`Wix4SecureObject`.`Component_`=`Component`.`Component`";
-enum eQUERY_SECUREOBJECTS { QSO_SECUREOBJECT = 1, QSO_TABLE, QSO_DOMAIN, QSO_USER, QSO_PERMISSION, QSO_COMPONENT, QSO_COMPATTRIBUTES };
+enum eQUERY_SECUREOBJECTS { QSO_SECUREOBJECT = 1, QSO_TABLE, QSO_DOMAIN, QSO_USER, QSO_ATTRIBUTES, QSO_PERMISSION, QSO_COMPONENT, QSO_COMPATTRIBUTES };
 
 LPCWSTR wzQUERY_REGISTRY = L"SELECT `Registry`.`Registry`, `Registry`.`Root`, `Registry`.`Key` FROM `Registry` WHERE `Registry`.`Registry`=?";
 enum eQUERY_OBJECTCOMPONENT { QSOC_REGISTRY = 1, QSOC_REGROOT, QSOC_REGKEY };
@@ -16,6 +16,11 @@ enum eQUERY_SECURESERVICEINSTALL { QSSI_NAME = 1 };
 
 enum eOBJECTTYPE { OT_UNKNOWN, OT_SERVICE, OT_FOLDER, OT_FILE, OT_REGISTRY };
 
+enum eSECURE_OBJECT_ATTRIBUTE
+{
+    SECURE_OBJECT_ATTRIBUTE_INHERITABLE = 0x1,
+};
+
 static eOBJECTTYPE EObjectTypeFromString(
     __in LPCWSTR pwzTable
     )
@@ -335,6 +340,7 @@ extern "C" UINT __stdcall SchedSecureObjects(
 
     DWORD cObjects = 0;
     eOBJECTTYPE eType = OT_UNKNOWN;
+    DWORD dwAttributes = 0;
 
     //
     // initialize
@@ -409,7 +415,6 @@ extern "C" UINT __stdcall SchedSecureObjects(
             // add the data to the CustomActionData
             hr = WcaGetRecordString(hRec, QSO_SECUREOBJECT, &pwzData);
             ExitOnFailure(hr, "failed to get name of object");
-
             hr = WcaWriteStringToCaData(pwzTable, &pwzCustomActionData);
             ExitOnFailure(hr, "failed to add data to CustomActionData");
 
@@ -423,6 +428,11 @@ extern "C" UINT __stdcall SchedSecureObjects(
             hr = WcaWriteStringToCaData(pwzData, &pwzCustomActionData);
             ExitOnFailure(hr, "failed to add data to CustomActionData");
 
+            hr = WcaGetRecordInteger(hRec, QSO_ATTRIBUTES, reinterpret_cast<int*>(&dwAttributes));
+            ExitOnFailure(hr, "failed to get attributes to configure object");
+            hr = WcaWriteIntegerToCaData(dwAttributes, &pwzCustomActionData);
+            ExitOnFailure(hr, "failed to add data to CustomActionData");
+
             hr = WcaGetRecordString(hRec, QSO_PERMISSION, &pwzData);
             ExitOnFailure(hr, "failed to get permission to configure object");
             hr = WcaWriteStringToCaData(pwzData, &pwzCustomActionData);
@@ -568,7 +578,7 @@ LExit:
                    called as Type 1025 CustomAction (deferred binary DLL)
 
  NOTE: deferred CustomAction since it modifies the machine
- NOTE: CustomActionData == wzObject\twzTable\twzDomain\twzUser\tdwPermissions\twzObject\t...
+ NOTE: CustomActionData == wzObject\twzTable\twzDomain\twzUser\tdwAttributes\tdwPermissions\t...
 ******************************************************************/
 extern "C" UINT __stdcall ExecSecureObjects(
     __in MSIHANDLE hInstall
@@ -586,6 +596,7 @@ extern "C" UINT __stdcall ExecSecureObjects(
     DWORD dwRevision = 0;
     LPWSTR pwzUser = NULL;
     DWORD dwPermissions = 0;
+    DWORD dwAttributes = 0;
     LPWSTR pwzAccount = NULL;
     PSID psid = NULL;
 
@@ -626,8 +637,10 @@ extern "C" UINT __stdcall ExecSecureObjects(
         ExitOnFailure(hr, "failed to process CustomActionData");
         hr = WcaReadStringFromCaData(&pwz, &pwzUser);
         ExitOnFailure(hr, "failed to process CustomActionData");
+        hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int*>(&dwAttributes));
+        ExitOnFailure(hr, "failed to process CustomActionData");
         hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int*>(&dwPermissions));
-        ExitOnFailure(hr, "failed to processCustomActionData");
+        ExitOnFailure(hr, "failed to process CustomActionData");
 
         WcaLog(LOGMSG_VERBOSE, "Securing Object: %ls Type: %ls User: %ls", pwzObject, pwzTable, pwzUser);
 
@@ -690,7 +703,7 @@ extern "C" UINT __stdcall ExecSecureObjects(
         //
         ea.grfAccessMode = SET_ACCESS;
 
-        if (0 == lstrcmpW(L"CreateFolder", pwzTable))
+        if (dwAttributes & SECURE_OBJECT_ATTRIBUTE_INHERITABLE)
         {
             ea.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
         }
diff --git a/src/test/WixToolsetTest.Util/UtilExtensionFixture.cs b/src/test/WixToolsetTest.Util/UtilExtensionFixture.cs
index c8ad24ad..fabef160 100644
--- a/src/test/WixToolsetTest.Util/UtilExtensionFixture.cs
+++ b/src/test/WixToolsetTest.Util/UtilExtensionFixture.cs
@@ -105,7 +105,7 @@ namespace WixToolsetTest.Util
                 "CustomAction:Wix4ExecSecureObjectsRollback_X64\t11521\tWix4UtilCA_X64\tExecSecureObjectsRollback\t",
                 "CustomAction:Wix4SchedSecureObjects_X64\t1\tWix4UtilCA_X64\tSchedSecureObjects\t",
                 "CustomAction:Wix4SchedSecureObjectsRollback_X64\t1\tWix4UtilCA_X64\tSchedSecureObjectsRollback\t",
-                "Wix4SecureObject:INSTALLFOLDER\tCreateFolder\t\tEveryone\t268435456\tfilF5_pLhBuF5b4N9XEo52g_hUM5Lo",
+                "Wix4SecureObject:INSTALLFOLDER\tCreateFolder\t\tEveryone\t1\t268435456\tfilF5_pLhBuF5b4N9XEo52g_hUM5Lo",
             }, results.OrderBy(s => s).ToArray());
         }
 
diff --git a/src/wixext/Tuples/SecureObjectsTuple.cs b/src/wixext/Tuples/SecureObjectsTuple.cs
index 3602a5ea..95c24979 100644
--- a/src/wixext/Tuples/SecureObjectsTuple.cs
+++ b/src/wixext/Tuples/SecureObjectsTuple.cs
@@ -15,6 +15,7 @@ namespace WixToolset.Util
                 new IntermediateFieldDefinition(nameof(SecureObjectsTupleFields.Table), IntermediateFieldType.String),
                 new IntermediateFieldDefinition(nameof(SecureObjectsTupleFields.Domain), IntermediateFieldType.String),
                 new IntermediateFieldDefinition(nameof(SecureObjectsTupleFields.User), IntermediateFieldType.String),
+                new IntermediateFieldDefinition(nameof(SecureObjectsTupleFields.Attributes), IntermediateFieldType.Number),
                 new IntermediateFieldDefinition(nameof(SecureObjectsTupleFields.Permission), IntermediateFieldType.Number),
                 new IntermediateFieldDefinition(nameof(SecureObjectsTupleFields.ComponentRef), IntermediateFieldType.String),
             },
@@ -32,6 +33,7 @@ namespace WixToolset.Util.Tuples
         Table,
         Domain,
         User,
+        Attributes,
         Permission,
         ComponentRef,
     }
@@ -72,6 +74,12 @@ namespace WixToolset.Util.Tuples
             set => this.Set((int)SecureObjectsTupleFields.User, value);
         }
 
+        public int Attributes
+        {
+            get => this.Fields[(int)SecureObjectsTupleFields.Attributes].AsNumber();
+            set => this.Set((int)SecureObjectsTupleFields.Attributes, value);
+        }
+
         public int? Permission
         {
             get => this.Fields[(int)SecureObjectsTupleFields.Permission].AsNullableNumber();
diff --git a/src/wixext/UtilCompiler.cs b/src/wixext/UtilCompiler.cs
index 65ca406d..672c3f68 100644
--- a/src/wixext/UtilCompiler.cs
+++ b/src/wixext/UtilCompiler.cs
@@ -49,6 +49,11 @@ namespace WixToolset.Util
             TypeMask = 0xf,
         }
 
+        internal enum WixPermissionExAttributes
+        {
+            Inheritable = 0x01
+        }
+
         internal enum WixRemoveFolderExOn
         {
             Install = 1,
@@ -2367,6 +2372,8 @@ namespace WixToolset.Util
             string domain = null;
             string[] specialPermissions = null;
             string user = null;
+            var inheritable = YesNoType.NotSet;
+            int attributes = 0;
 
             var permissionType = PermissionType.SecureObjects;
 
@@ -2407,6 +2414,9 @@ namespace WixToolset.Util
                             }
                             domain = this.ParseHelper.GetAttributeValue(sourceLineNumbers, attrib);
                             break;
+                        case "Inheritable":
+                            inheritable = this.ParseHelper.GetAttributeYesNoValue(sourceLineNumbers, attrib);
+                            break;
                         case "User":
                             user = this.ParseHelper.GetAttributeValue(sourceLineNumbers, attrib);
                             break;
@@ -2444,6 +2454,8 @@ namespace WixToolset.Util
                 this.Messaging.Write(ErrorMessages.GenericReadNotAllowed(sourceLineNumbers));
             }
 
+            attributes |= inheritable == YesNoType.No ? 0 : (int)WixPermissionExAttributes.Inheritable; // default to inheritable.
+
             this.ParseHelper.ParseForExtensionElements(this.Context.Extensions, intermediate, section, element);
 
             if (!this.Messaging.EncounteredError)
@@ -2457,6 +2469,7 @@ namespace WixToolset.Util
                     Table = tableName,
                     Domain = domain,
                     User = user,
+                    Attributes = attributes,
                     Permission = permission,
                     ComponentRef = componentId,
                 });
diff --git a/src/wixext/UtilTableDefinitions.cs b/src/wixext/UtilTableDefinitions.cs
index 5e227a05..4dfeb4bd 100644
--- a/src/wixext/UtilTableDefinitions.cs
+++ b/src/wixext/UtilTableDefinitions.cs
@@ -164,6 +164,7 @@ namespace WixToolset.Util
                 new ColumnDefinition("Table", ColumnType.String, 32, primaryKey: true, nullable: false, ColumnCategory.Text, description: "Table SecureObject should be securing"),
                 new ColumnDefinition("Domain", ColumnType.String, 255, primaryKey: true, nullable: true, ColumnCategory.Text, description: "Domain half of user account to secure", modularizeType: ColumnModularizeType.Property),
                 new ColumnDefinition("User", ColumnType.String, 255, primaryKey: true, nullable: false, ColumnCategory.Text, description: "User name half of user account to secure", modularizeType: ColumnModularizeType.Property),
+                new ColumnDefinition("Attributes", ColumnType.Number, 4, primaryKey: false, nullable: false, ColumnCategory.Integer, minValue: 0, maxValue: 2147483647, description: "A 32-bit word that specifies the attribute flags to be applied."),
                 new ColumnDefinition("Permission", ColumnType.Number, 4, primaryKey: false, nullable: true, ColumnCategory.Unknown, minValue: -2147483647, maxValue: 2147483647, description: "Permissions to grant to User"),
                 new ColumnDefinition("Component_", ColumnType.String, 72, primaryKey: false, nullable: false, ColumnCategory.Identifier, keyTable: "Component", keyColumn: 1, description: "Foreign key into the Component table used to determine install state", modularizeType: ColumnModularizeType.Column),
             },
diff --git a/src/wixext/util.xsd b/src/wixext/util.xsd
index a8c3d208..93cdd4ba 100644
--- a/src/wixext/util.xsd
+++ b/src/wixext/util.xsd
@@ -775,6 +775,11 @@
     <xs:complexType>
       <xs:attribute name="Domain" type="xs:string"></xs:attribute>
       <xs:attribute name="User" use="required" type="xs:string"></xs:attribute>
+      <xs:attribute name="Inheritable" type="xs:YesNoType">
+        <xs:annotation>
+          <xs:documentation>Whether the permissions are inheritable. The default is "yes".</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
       <!-- Common ACLs -->
       <xs:attribute name="Read" type="YesNoType"></xs:attribute>
       <xs:attribute name="Delete" type="YesNoType"></xs:attribute>