fix: add localservice ACL preflight

2025-11-12 10:30:09 -03:00 · 2025-11-12 10:30:09 -03:00 · 77f88f2aa6
commit 77f88f2aa6
parent a8cbfee03b
1 changed files with 39 additions and 3 deletions
--- a/apps/desktop/src-tauri/src/rustdesk.rs
+++ b/apps/desktop/src-tauri/src/rustdesk.rs
@ -379,7 +379,7 @@ fn ensure_service_running() -> Result<(), RustdeskError> {

    match start_sequence() {
        Ok(_) => Ok(()),
-        Err(RustdeskError::CommandFailed { command, status: Some(5), .. }) => {
+        Err(RustdeskError::CommandFailed { command: _, status: Some(5), .. }) => {
            log_event("SC retornou acesso negado; tentando ajustar ACL do LocalService...");
            fix_localservice_acl().map_err(|error| RustdeskError::CommandFailed {
                command: format!("fix_acl ({error})"),
@ -584,8 +584,6 @@ fn replicate_password_artifacts() -> io::Result<()> {
 }

 fn run_powershell_elevated(script: &str) -> Result<(), String> {
-    use std::io::Write;
-
    let temp_dir = env::temp_dir();
    let payload = temp_dir.join("raven_payload.ps1");
    fs::write(&payload, script).map_err(|error| format!("write payload: {error}"))?;
@ -644,6 +642,44 @@ icacls '{target}' /grant "${{admins}}":(OI)(CI)F "${{localSvc}}":(OI)(CI)F /T /C
    run_powershell_elevated(&script)
 }

+fn ensure_localservice_writable_preflight() -> Result<(), String> {
+    let dir = PathBuf::from(LOCAL_SERVICE_CONFIG);
+    if can_write_dir(&dir) {
+        return Ok(());
+    }
+    log_event("Tentando corrigir ACL do perfil LocalService via UAC (preflight)...");
+    fix_localservice_acl()?;
+    if can_write_dir(&dir) {
+        log_event("ACL do LocalService ajustada com sucesso.");
+        Ok(())
+    } else {
+        Err("continua sem permissão para LocalService (após preflight)".into())
+    }
+}
+
+fn can_write_dir(dir: &Path) -> bool {
+    if fs::create_dir_all(dir).is_err() {
+        return false;
+    }
+    let probe = dir.join(".raven_acl_probe");
+    match OpenOptions::new()
+        .create(true)
+        .write(true)
+        .truncate(true)
+        .open(&probe)
+    {
+        Ok(mut file) => {
+            if file.write_all(b"ok").is_err() {
+                let _ = fs::remove_file(&probe);
+                return false;
+            }
+            let _ = fs::remove_file(&probe);
+            true
+        }
+        Err(_) => false,
+    }
+}
+
 fn write_remote_id_value(path: &Path, id: &str) -> io::Result<()> {
    if let Some(parent) = path.parent() {
        fs::create_dir_all(parent)?;