fix: improve RustDesk ACL preflight and file writes
This commit is contained in:
Esdras Renan
parent
77f88f2aa6
commit
484eb8fbe9
1 changed files with 46 additions and 0 deletions
|
|
@ -540,6 +540,9 @@ fn propagate_password_profile() -> io::Result<bool> {
|
|||
if let Some(parent) = target_path.parent() {
|
||||
fs::create_dir_all(parent)?;
|
||||
}
|
||||
if target_path.is_dir() {
|
||||
fs::remove_dir_all(&target_path)?;
|
||||
}
|
||||
fs::write(&target_path, &contents)?;
|
||||
log_event(&format!(
|
||||
"RustDesk.toml propagado para {}",
|
||||
|
|
@ -572,6 +575,9 @@ fn replicate_password_artifacts() -> io::Result<()> {
|
|||
}
|
||||
|
||||
let target_path = dest.join(name);
|
||||
if target_path.is_dir() {
|
||||
fs::remove_dir_all(&target_path)?;
|
||||
}
|
||||
fs::copy(&source_path, &target_path)?;
|
||||
log_event(&format!(
|
||||
"Artefato de senha {name} replicado para {}",
|
||||
|
|
@ -636,7 +642,9 @@ if (-not (Test-Path '{target}')) {{ New-Item -ItemType Directory -Force -Path '{
|
|||
$admins = (New-Object Security.Principal.SecurityIdentifier('S-1-5-32-544')).Translate([Security.Principal.NTAccount]).Value
|
||||
$localSvc = (New-Object Security.Principal.SecurityIdentifier('S-1-5-19')).Translate([Security.Principal.NTAccount]).Value
|
||||
takeown /F '{target}' /R /D Y | Out-Null
|
||||
if ($LASTEXITCODE -ne 0) {{ exit $LASTEXITCODE }}
|
||||
icacls '{target}' /grant "${{admins}}":(OI)(CI)F "${{localSvc}}":(OI)(CI)F /T /C | Out-Null
|
||||
exit $LASTEXITCODE
|
||||
"#
|
||||
);
|
||||
run_powershell_elevated(&script)
|
||||
|
|
@ -657,6 +665,41 @@ fn ensure_localservice_writable_preflight() -> Result<(), String> {
|
|||
}
|
||||
}
|
||||
|
||||
fn can_write_dir(dir: &Path) -> bool {
|
||||
if fs::create_dir_all(dir).is_err() {
|
||||
return false;
|
||||
}
|
||||
let probe = dir.join(".raven_acl_probe");
|
||||
match OpenOptions::new()
|
||||
.create(true)
|
||||
.write(true)
|
||||
.truncate(true)
|
||||
.open(&probe)
|
||||
{
|
||||
Ok(mut file) => {
|
||||
let result = file.write_all(b"ok").is_ok();
|
||||
let _ = fs::remove_file(&probe);
|
||||
result
|
||||
}
|
||||
Err(_) => false,
|
||||
}
|
||||
}
|
||||
|
||||
fn ensure_localservice_writable_preflight() -> Result<(), String> {
|
||||
let dir = PathBuf::from(LOCAL_SERVICE_CONFIG);
|
||||
if can_write_dir(&dir) {
|
||||
return Ok(());
|
||||
}
|
||||
log_event("Tentando corrigir ACL do perfil LocalService via UAC (preflight)...");
|
||||
fix_localservice_acl()?;
|
||||
if can_write_dir(&dir) {
|
||||
log_event("ACL do LocalService ajustada com sucesso.");
|
||||
Ok(())
|
||||
} else {
|
||||
Err("continua sem permissão para LocalService (após preflight)".into())
|
||||
}
|
||||
}
|
||||
|
||||
fn can_write_dir(dir: &Path) -> bool {
|
||||
if fs::create_dir_all(dir).is_err() {
|
||||
return false;
|
||||
|
|
@ -720,6 +763,9 @@ fn write_toml_kv(path: &Path, key: &str, value: &str) -> io::Result<()> {
|
|||
if let Some(parent) = path.parent() {
|
||||
fs::create_dir_all(parent)?;
|
||||
}
|
||||
if path.is_dir() {
|
||||
fs::remove_dir_all(path)?;
|
||||
}
|
||||
let sanitized = value.replace('\\', "\\\\").replace('"', "\\\"");
|
||||
let replacement = format!("{key} = \"{sanitized}\"\n");
|
||||
let existing = fs::read_to_string(path).unwrap_or_default();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue