From 6fbe9b0b7e98e63daa89c1347e5388dec9fdc57f Mon Sep 17 00:00:00 2001 From: Sean Hall Date: Sat, 23 May 2020 15:55:58 +1000 Subject: WIXFEAT:2006,2580,2751 Add Inheritable attribute to PermissionEx. --- src/ca/secureobj.cpp | 25 ++++++++++++++++------ .../WixToolsetTest.Util/UtilExtensionFixture.cs | 2 +- src/wixext/Tuples/SecureObjectsTuple.cs | 8 +++++++ src/wixext/UtilCompiler.cs | 13 +++++++++++ src/wixext/UtilTableDefinitions.cs | 1 + src/wixext/util.xsd | 5 +++++ 6 files changed, 47 insertions(+), 7 deletions(-) diff --git a/src/ca/secureobj.cpp b/src/ca/secureobj.cpp index 392945d9..72842eb5 100644 --- a/src/ca/secureobj.cpp +++ b/src/ca/secureobj.cpp @@ -3,10 +3,10 @@ #include "precomp.h" // structs -LPCWSTR wzQUERY_SECUREOBJECTS = L"SELECT `Wix4SecureObject`.`Wix4SecureObject`, `Wix4SecureObject`.`Table`, `Wix4SecureObject`.`Domain`, `Wix4SecureObject`.`User`, " +LPCWSTR wzQUERY_SECUREOBJECTS = L"SELECT `Wix4SecureObject`.`Wix4SecureObject`, `Wix4SecureObject`.`Table`, `Wix4SecureObject`.`Domain`, `Wix4SecureObject`.`User`, `Wix4SecureObject`.`Attributes`, " L"`Wix4SecureObject`.`Permission`, `Wix4SecureObject`.`Component_`, `Component`.`Attributes` FROM `Wix4SecureObject`,`Component` WHERE " L"`Wix4SecureObject`.`Component_`=`Component`.`Component`"; -enum eQUERY_SECUREOBJECTS { QSO_SECUREOBJECT = 1, QSO_TABLE, QSO_DOMAIN, QSO_USER, QSO_PERMISSION, QSO_COMPONENT, QSO_COMPATTRIBUTES }; +enum eQUERY_SECUREOBJECTS { QSO_SECUREOBJECT = 1, QSO_TABLE, QSO_DOMAIN, QSO_USER, QSO_ATTRIBUTES, QSO_PERMISSION, QSO_COMPONENT, QSO_COMPATTRIBUTES }; LPCWSTR wzQUERY_REGISTRY = L"SELECT `Registry`.`Registry`, `Registry`.`Root`, `Registry`.`Key` FROM `Registry` WHERE `Registry`.`Registry`=?"; enum eQUERY_OBJECTCOMPONENT { QSOC_REGISTRY = 1, QSOC_REGROOT, QSOC_REGKEY }; @@ -16,6 +16,11 @@ enum eQUERY_SECURESERVICEINSTALL { QSSI_NAME = 1 }; enum eOBJECTTYPE { OT_UNKNOWN, OT_SERVICE, OT_FOLDER, OT_FILE, OT_REGISTRY }; +enum eSECURE_OBJECT_ATTRIBUTE +{ + SECURE_OBJECT_ATTRIBUTE_INHERITABLE = 0x1, +}; + static eOBJECTTYPE EObjectTypeFromString( __in LPCWSTR pwzTable ) @@ -335,6 +340,7 @@ extern "C" UINT __stdcall SchedSecureObjects( DWORD cObjects = 0; eOBJECTTYPE eType = OT_UNKNOWN; + DWORD dwAttributes = 0; // // initialize @@ -409,7 +415,6 @@ extern "C" UINT __stdcall SchedSecureObjects( // add the data to the CustomActionData hr = WcaGetRecordString(hRec, QSO_SECUREOBJECT, &pwzData); ExitOnFailure(hr, "failed to get name of object"); - hr = WcaWriteStringToCaData(pwzTable, &pwzCustomActionData); ExitOnFailure(hr, "failed to add data to CustomActionData"); @@ -423,6 +428,11 @@ extern "C" UINT __stdcall SchedSecureObjects( hr = WcaWriteStringToCaData(pwzData, &pwzCustomActionData); ExitOnFailure(hr, "failed to add data to CustomActionData"); + hr = WcaGetRecordInteger(hRec, QSO_ATTRIBUTES, reinterpret_cast(&dwAttributes)); + ExitOnFailure(hr, "failed to get attributes to configure object"); + hr = WcaWriteIntegerToCaData(dwAttributes, &pwzCustomActionData); + ExitOnFailure(hr, "failed to add data to CustomActionData"); + hr = WcaGetRecordString(hRec, QSO_PERMISSION, &pwzData); ExitOnFailure(hr, "failed to get permission to configure object"); hr = WcaWriteStringToCaData(pwzData, &pwzCustomActionData); @@ -568,7 +578,7 @@ LExit: called as Type 1025 CustomAction (deferred binary DLL) NOTE: deferred CustomAction since it modifies the machine - NOTE: CustomActionData == wzObject\twzTable\twzDomain\twzUser\tdwPermissions\twzObject\t... + NOTE: CustomActionData == wzObject\twzTable\twzDomain\twzUser\tdwAttributes\tdwPermissions\t... ******************************************************************/ extern "C" UINT __stdcall ExecSecureObjects( __in MSIHANDLE hInstall @@ -586,6 +596,7 @@ extern "C" UINT __stdcall ExecSecureObjects( DWORD dwRevision = 0; LPWSTR pwzUser = NULL; DWORD dwPermissions = 0; + DWORD dwAttributes = 0; LPWSTR pwzAccount = NULL; PSID psid = NULL; @@ -626,8 +637,10 @@ extern "C" UINT __stdcall ExecSecureObjects( ExitOnFailure(hr, "failed to process CustomActionData"); hr = WcaReadStringFromCaData(&pwz, &pwzUser); ExitOnFailure(hr, "failed to process CustomActionData"); + hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast(&dwAttributes)); + ExitOnFailure(hr, "failed to process CustomActionData"); hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast(&dwPermissions)); - ExitOnFailure(hr, "failed to processCustomActionData"); + ExitOnFailure(hr, "failed to process CustomActionData"); WcaLog(LOGMSG_VERBOSE, "Securing Object: %ls Type: %ls User: %ls", pwzObject, pwzTable, pwzUser); @@ -690,7 +703,7 @@ extern "C" UINT __stdcall ExecSecureObjects( // ea.grfAccessMode = SET_ACCESS; - if (0 == lstrcmpW(L"CreateFolder", pwzTable)) + if (dwAttributes & SECURE_OBJECT_ATTRIBUTE_INHERITABLE) { ea.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; } diff --git a/src/test/WixToolsetTest.Util/UtilExtensionFixture.cs b/src/test/WixToolsetTest.Util/UtilExtensionFixture.cs index c8ad24ad..fabef160 100644 --- a/src/test/WixToolsetTest.Util/UtilExtensionFixture.cs +++ b/src/test/WixToolsetTest.Util/UtilExtensionFixture.cs @@ -105,7 +105,7 @@ namespace WixToolsetTest.Util "CustomAction:Wix4ExecSecureObjectsRollback_X64\t11521\tWix4UtilCA_X64\tExecSecureObjectsRollback\t", "CustomAction:Wix4SchedSecureObjects_X64\t1\tWix4UtilCA_X64\tSchedSecureObjects\t", "CustomAction:Wix4SchedSecureObjectsRollback_X64\t1\tWix4UtilCA_X64\tSchedSecureObjectsRollback\t", - "Wix4SecureObject:INSTALLFOLDER\tCreateFolder\t\tEveryone\t268435456\tfilF5_pLhBuF5b4N9XEo52g_hUM5Lo", + "Wix4SecureObject:INSTALLFOLDER\tCreateFolder\t\tEveryone\t1\t268435456\tfilF5_pLhBuF5b4N9XEo52g_hUM5Lo", }, results.OrderBy(s => s).ToArray()); } diff --git a/src/wixext/Tuples/SecureObjectsTuple.cs b/src/wixext/Tuples/SecureObjectsTuple.cs index 3602a5ea..95c24979 100644 --- a/src/wixext/Tuples/SecureObjectsTuple.cs +++ b/src/wixext/Tuples/SecureObjectsTuple.cs @@ -15,6 +15,7 @@ namespace WixToolset.Util new IntermediateFieldDefinition(nameof(SecureObjectsTupleFields.Table), IntermediateFieldType.String), new IntermediateFieldDefinition(nameof(SecureObjectsTupleFields.Domain), IntermediateFieldType.String), new IntermediateFieldDefinition(nameof(SecureObjectsTupleFields.User), IntermediateFieldType.String), + new IntermediateFieldDefinition(nameof(SecureObjectsTupleFields.Attributes), IntermediateFieldType.Number), new IntermediateFieldDefinition(nameof(SecureObjectsTupleFields.Permission), IntermediateFieldType.Number), new IntermediateFieldDefinition(nameof(SecureObjectsTupleFields.ComponentRef), IntermediateFieldType.String), }, @@ -32,6 +33,7 @@ namespace WixToolset.Util.Tuples Table, Domain, User, + Attributes, Permission, ComponentRef, } @@ -72,6 +74,12 @@ namespace WixToolset.Util.Tuples set => this.Set((int)SecureObjectsTupleFields.User, value); } + public int Attributes + { + get => this.Fields[(int)SecureObjectsTupleFields.Attributes].AsNumber(); + set => this.Set((int)SecureObjectsTupleFields.Attributes, value); + } + public int? Permission { get => this.Fields[(int)SecureObjectsTupleFields.Permission].AsNullableNumber(); diff --git a/src/wixext/UtilCompiler.cs b/src/wixext/UtilCompiler.cs index 65ca406d..672c3f68 100644 --- a/src/wixext/UtilCompiler.cs +++ b/src/wixext/UtilCompiler.cs @@ -49,6 +49,11 @@ namespace WixToolset.Util TypeMask = 0xf, } + internal enum WixPermissionExAttributes + { + Inheritable = 0x01 + } + internal enum WixRemoveFolderExOn { Install = 1, @@ -2367,6 +2372,8 @@ namespace WixToolset.Util string domain = null; string[] specialPermissions = null; string user = null; + var inheritable = YesNoType.NotSet; + int attributes = 0; var permissionType = PermissionType.SecureObjects; @@ -2407,6 +2414,9 @@ namespace WixToolset.Util } domain = this.ParseHelper.GetAttributeValue(sourceLineNumbers, attrib); break; + case "Inheritable": + inheritable = this.ParseHelper.GetAttributeYesNoValue(sourceLineNumbers, attrib); + break; case "User": user = this.ParseHelper.GetAttributeValue(sourceLineNumbers, attrib); break; @@ -2444,6 +2454,8 @@ namespace WixToolset.Util this.Messaging.Write(ErrorMessages.GenericReadNotAllowed(sourceLineNumbers)); } + attributes |= inheritable == YesNoType.No ? 0 : (int)WixPermissionExAttributes.Inheritable; // default to inheritable. + this.ParseHelper.ParseForExtensionElements(this.Context.Extensions, intermediate, section, element); if (!this.Messaging.EncounteredError) @@ -2457,6 +2469,7 @@ namespace WixToolset.Util Table = tableName, Domain = domain, User = user, + Attributes = attributes, Permission = permission, ComponentRef = componentId, }); diff --git a/src/wixext/UtilTableDefinitions.cs b/src/wixext/UtilTableDefinitions.cs index 5e227a05..4dfeb4bd 100644 --- a/src/wixext/UtilTableDefinitions.cs +++ b/src/wixext/UtilTableDefinitions.cs @@ -164,6 +164,7 @@ namespace WixToolset.Util new ColumnDefinition("Table", ColumnType.String, 32, primaryKey: true, nullable: false, ColumnCategory.Text, description: "Table SecureObject should be securing"), new ColumnDefinition("Domain", ColumnType.String, 255, primaryKey: true, nullable: true, ColumnCategory.Text, description: "Domain half of user account to secure", modularizeType: ColumnModularizeType.Property), new ColumnDefinition("User", ColumnType.String, 255, primaryKey: true, nullable: false, ColumnCategory.Text, description: "User name half of user account to secure", modularizeType: ColumnModularizeType.Property), + new ColumnDefinition("Attributes", ColumnType.Number, 4, primaryKey: false, nullable: false, ColumnCategory.Integer, minValue: 0, maxValue: 2147483647, description: "A 32-bit word that specifies the attribute flags to be applied."), new ColumnDefinition("Permission", ColumnType.Number, 4, primaryKey: false, nullable: true, ColumnCategory.Unknown, minValue: -2147483647, maxValue: 2147483647, description: "Permissions to grant to User"), new ColumnDefinition("Component_", ColumnType.String, 72, primaryKey: false, nullable: false, ColumnCategory.Identifier, keyTable: "Component", keyColumn: 1, description: "Foreign key into the Component table used to determine install state", modularizeType: ColumnModularizeType.Column), }, diff --git a/src/wixext/util.xsd b/src/wixext/util.xsd index a8c3d208..93cdd4ba 100644 --- a/src/wixext/util.xsd +++ b/src/wixext/util.xsd @@ -775,6 +775,11 @@ + + + Whether the permissions are inheritable. The default is "yes". + + -- cgit v1.2.3-55-g6feb