Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Impl win permissions #2132

Open
wants to merge 19 commits into
base: develop
Choose a base branch
from
+378 −19
Open

Impl win permissions #2132

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
83e9c56
Impl. file permissions (windows)
Feb 10, 2025
edd9ace
Switched to UTF16 and to well-known SID (WinLocalSystemSid)
Feb 11, 2025
e1b5f16
Removed extra dependencies
Feb 12, 2025
fc73f9b
minor fix
Feb 13, 2025
0d6ee56
fmt fix
Feb 13, 2025
419618d
Revert "minor fix"
Feb 13, 2025
7dc4c68
windows-sys fix
Feb 13, 2025
cb999cc
Revert "windows-sys fix"
Feb 13, 2025
b7c207e
minor fix
Feb 13, 2025
3218c46
:Revert "minor fix"
Feb 13, 2025
18b3161
const introduced, windows-sys ver updated
Feb 13, 2025
c417336
const introduced, windows-sys ver updated
Feb 13, 2025
697a837
Merge branch 'impl_win_permissions' of github.com:nymtech/nym-vpn-cli…
Feb 13, 2025
1b5f19d
Added windows acl for create_data_dir
Feb 14, 2025
f2e234f
Added windows acl to on_disk
Feb 14, 2025
38f054c
Added windows acl to config
Feb 14, 2025
4acb348
Updated cargo-file for store
Feb 14, 2025
f070a75
Fixed build issues
Feb 14, 2025
48c0d23
Merge branch 'develop' into impl_win_permissions
coddie83 Feb 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions nym-vpn-core/crates/nym-vpn-account-controller/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ tracing.workspace = true
url.workspace = true
uuid.workspace = true
zeroize.workspace = true
windows-sys = { version = "0.59.0", features = ["Win32_System_Threading", "Win32_System_SystemServices"] }
widestring.workspace = true

[build-dependencies]
sqlx = { workspace = true, features = ["runtime-tokio-rustls", "sqlite"] }
Expand Down
107 changes: 99 additions & 8 deletions ...tes/nym-vpn-account-controller/src/storage/credentials/pending_credential_requests/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,18 +6,22 @@ pub mod models;

mod sqlite;

use error::PendingCredentialRequestsStorageError;
use models::{PendingCredentialRequest, PendingCredentialRequestStored};
use sqlite::SqliteZkNymRequestsStorageManager;
use sqlx::ConnectOptions;
#[cfg(windows)]
use std::os::raw::c_void;
use std::{
path::{Path, PathBuf},
time::Duration,
};

use sqlite::SqliteZkNymRequestsStorageManager;
use sqlx::ConnectOptions;
use time::OffsetDateTime;
use tracing::log::LevelFilter;

use error::PendingCredentialRequestsStorageError;
use models::{PendingCredentialRequest, PendingCredentialRequestStored};
#[cfg(windows)]
use windows_sys::Win32::Foundation::{FALSE, TRUE};
#[cfg(windows)]
use windows_sys::Win32::System::SystemServices::SECURITY_DESCRIPTOR_REVISION;

// Consider requests older than 60 days as stale
const DEFAULT_STALE_REQUESTS_MAX_AGE: Duration = Duration::from_secs(60 * 60 * 24 * 60);
Expand Down Expand Up @@ -197,7 +201,94 @@ fn set_file_permission_owner_rw_unix<P: AsRef<Path>>(path: P) -> Result<(), std:
}

#[cfg(windows)]
fn set_file_permission_owner_rw_windows<P: AsRef<Path>>(_path: P) -> Result<(), std::io::Error> {
tracing::info!("Setting file permissions on Windows is not yet implemented!");
fn set_file_permission_owner_rw_windows<P: AsRef<Path>>(path: P) -> Result<(), std::io::Error> {
use std::mem;
use std::ptr;
use widestring::U16CString;
use windows_sys::Win32::Security::*;
use windows_sys::Win32::Storage::FileSystem::*;

let file_path = path.as_ref();
let wide_path = U16CString::from_os_str(file_path.as_os_str()).map_err(|e| {
std::io::Error::new(
std::io::ErrorKind::InvalidInput,
format!("Invalid UTF-16 conversion: {e}"),
)
})?;

let mut sid_size = SECURITY_MAX_SID_SIZE;
let mut system_sid = vec![0u8; sid_size as usize];

unsafe {
if CreateWellKnownSid(
WinLocalSystemSid,
ptr::null_mut(),
system_sid.as_mut_ptr().cast(),
&mut sid_size,
) == 0
{
return Err(std::io::Error::last_os_error());
}
}

let sid_ptr = system_sid.as_mut_ptr().cast();

let acl_size = mem::size_of::<ACL>() as u32
+ mem::size_of::<ACCESS_ALLOWED_ACE>() as u32
+ unsafe { GetLengthSid(sid_ptr) };

let mut acl_buffer = vec![0u8; acl_size as usize];
let acl = acl_buffer.as_mut_ptr() as *mut ACL;

unsafe {
if InitializeAcl(acl, acl_size, ACL_REVISION) == 0 {
return Err(std::io::Error::last_os_error());
}

if AddAccessAllowedAce(
acl,
ACL_REVISION,
FILE_GENERIC_READ | FILE_GENERIC_WRITE,
sid_ptr.cast(),
) == 0
{
return Err(std::io::Error::last_os_error());
}
}

let mut security_desc: SECURITY_DESCRIPTOR = unsafe { mem::zeroed() };

unsafe {
if InitializeSecurityDescriptor(
&mut security_desc as *mut _ as *mut _,
SECURITY_DESCRIPTOR_REVISION,
) == 0
{
return Err(std::io::Error::last_os_error());
}

if SetSecurityDescriptorDacl(
&mut security_desc as *mut _ as *mut c_void,
TRUE,
acl,
FALSE,
) == 0
{
return Err(std::io::Error::last_os_error());
}
}

unsafe {
if SetFileSecurityW(
wide_path.as_ptr(),
DACL_SECURITY_INFORMATION,
&mut security_desc as *mut _ as *mut _,
) == 0
{
return Err(std::io::Error::last_os_error());
}
}

tracing::info!("Successfully set file permissions for {:?}", file_path);
Ok(())
}
Loading