From 4d65f0500043f11e6a2253f0200240904f57464d Mon Sep 17 00:00:00 2001 From: Mark McDowall Date: Mon, 12 Aug 2013 17:22:35 -0700 Subject: [PATCH] Use SID S-1-1-0 instead of EVERYONE for non-english systems --- NzbDrone.Common/DiskProvider.cs | 13 ++++++------- NzbDrone.Common/EnvironmentInfo/AppFolderInfo.cs | 3 ++- NzbDrone.Host/AccessControl/UrlAclAdapter.cs | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/NzbDrone.Common/DiskProvider.cs b/NzbDrone.Common/DiskProvider.cs index e83dc8e1a..f1b780ff4 100644 --- a/NzbDrone.Common/DiskProvider.cs +++ b/NzbDrone.Common/DiskProvider.cs @@ -4,6 +4,7 @@ using System.Linq; using System.Runtime.InteropServices; using System.Security.AccessControl; +using System.Security.Principal; using NLog; using NzbDrone.Common.EnsureThat; using NzbDrone.Common.EnvironmentInfo; @@ -38,7 +39,7 @@ public interface IDiskProvider void FolderSetLastWriteTimeUtc(string path, DateTime dateTime); bool IsFileLocked(FileInfo file); string GetPathRoot(string path); - void SetPermissions(string filename, string account, FileSystemRights rights, AccessControlType controlType); + void SetPermissions(string filename, WellKnownSidType accountSid, FileSystemRights rights, AccessControlType controlType); bool IsParent(string parentPath, string childPath); FileAttributes GetFileAttributes(string path); } @@ -243,7 +244,6 @@ private void TransferFolder(string source, string target, TransferAction transfe break; } } - } } @@ -403,17 +403,16 @@ public string GetPathRoot(string path) return Path.GetPathRoot(path); } - public void SetPermissions(string filename, string account, FileSystemRights rights, AccessControlType controlType) + public void SetPermissions(string filename, WellKnownSidType accountSid, FileSystemRights rights, AccessControlType controlType) { - try { - + var sid = new SecurityIdentifier(accountSid, null); var directoryInfo = new DirectoryInfo(filename); var directorySecurity = directoryInfo.GetAccessControl(); - var accessRule = new FileSystemAccessRule(account, rights, + var accessRule = new FileSystemAccessRule(sid, rights, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, controlType); @@ -423,7 +422,7 @@ public void SetPermissions(string filename, string account, FileSystemRights rig } catch (Exception e) { - Logger.WarnException(string.Format("Couldn't set permission for {0}. account:{1} rights:{2} accessControlType:{3}", filename, account, rights, controlType), e); + Logger.WarnException(string.Format("Couldn't set permission for {0}. account:{1} rights:{2} accessControlType:{3}", filename, accountSid, rights, controlType), e); throw; } diff --git a/NzbDrone.Common/EnvironmentInfo/AppFolderInfo.cs b/NzbDrone.Common/EnvironmentInfo/AppFolderInfo.cs index 49db460b0..6987c736a 100644 --- a/NzbDrone.Common/EnvironmentInfo/AppFolderInfo.cs +++ b/NzbDrone.Common/EnvironmentInfo/AppFolderInfo.cs @@ -2,6 +2,7 @@ using System.IO; using System.Reflection; using System.Security.AccessControl; +using System.Security.Principal; using NLog; namespace NzbDrone.Common.EnvironmentInfo @@ -47,7 +48,7 @@ private void SetPermissions() { try { - _diskProvider.SetPermissions(AppDataFolder, "Everyone", FileSystemRights.FullControl, AccessControlType.Allow); + _diskProvider.SetPermissions(AppDataFolder, WellKnownSidType.WorldSid, FileSystemRights.FullControl, AccessControlType.Allow); } catch (Exception ex) { diff --git a/NzbDrone.Host/AccessControl/UrlAclAdapter.cs b/NzbDrone.Host/AccessControl/UrlAclAdapter.cs index 03a0e6c8d..6dc5ff5c4 100644 --- a/NzbDrone.Host/AccessControl/UrlAclAdapter.cs +++ b/NzbDrone.Host/AccessControl/UrlAclAdapter.cs @@ -35,7 +35,7 @@ public void RefreshRegistration() private void RegisterUrl(int portNumber) { - var arguments = String.Format("http add urlacl http://*:{0}/ user=EVERYONE", portNumber); + var arguments = String.Format("http add urlacl http://*:{0}/ sddl=D:(A;;GX;;;S-1-1-0)", portNumber); RunNetsh(arguments); }