Windows agent wizard: apply permissions recursively

refs #7998
2025-09-22 01:08:04 +02:00 · 2020-05-14 13:30:01 +02:00 · 2020-05-14 13:30:01 +02:00 · 4580aaeafa
commit 4580aaeafa
parent 5bb929c2e8
1 changed files with 23 additions and 2 deletions
--- a/agent/windows-setup-agent/SetupWizard.cs
+++ b/agent/windows-setup-agent/SetupWizard.cs
@ -242,8 +242,8 @@ namespace Icinga
 				FileSystemRights.Modify,
 				InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow);
 			try {
-				AddAccessRuleToDir(rule, Program.Icinga2InstallDir);
-				AddAccessRuleToDir(rule, Program.Icinga2DataDir);
+				AddAccessRuleToFSTree(rule, Program.Icinga2InstallDir);
+				AddAccessRuleToFSTree(rule, Program.Icinga2DataDir);
 			} catch (System.Security.Principal.IdentityNotMappedException) {
 				ShowErrorText("Could not set ACLs for user \"" + serviceUser + "\". Identitiy is not mapped.\n");
 				return;
@ -283,6 +283,14 @@ namespace Icinga
 			FinishConfigure();
 		}

+		private void AddAccessRuleToFile(FileSystemAccessRule rule, string file)
+		{
+			FileInfo fi = new FileInfo(file);
+			FileSecurity fs = fi.GetAccessControl();
+			fs.AddAccessRule(rule);
+			fi.SetAccessControl(fs);
+		}
+
 		private void AddAccessRuleToDir(FileSystemAccessRule rule, string dir)
 		{
 			DirectoryInfo di = new DirectoryInfo(dir);
@ -291,6 +299,19 @@ namespace Icinga
 			di.SetAccessControl(ds);
 		}

+		private void AddAccessRuleToFSTree(FileSystemAccessRule rule, string root)
+		{
+			AddAccessRuleToDir(rule, root);
+
+			foreach (string path in Directory.EnumerateDirectories(root, "*", SearchOption.AllDirectories)) {
+				AddAccessRuleToDir(rule, path);
+			}
+
+			foreach (string path in Directory.EnumerateFiles(root, "*", SearchOption.AllDirectories)) {
+				AddAccessRuleToFile(rule, path);
+			}
+		}
+
 		private void FinishConfigure()
 		{
 			if (InvokeRequired) {