fix: add localservice ACL preflight
This commit is contained in:
Esdras Renan
parent
a8cbfee03b
commit
77f88f2aa6
1 changed files with 39 additions and 3 deletions
|
|
@ -379,7 +379,7 @@ fn ensure_service_running() -> Result<(), RustdeskError> {
|
||||||
|
|
||||||
match start_sequence() {
|
match start_sequence() {
|
||||||
Ok(_) => Ok(()),
|
Ok(_) => Ok(()),
|
||||||
Err(RustdeskError::CommandFailed { command, status: Some(5), .. }) => {
|
Err(RustdeskError::CommandFailed { command: _, status: Some(5), .. }) => {
|
||||||
log_event("SC retornou acesso negado; tentando ajustar ACL do LocalService...");
|
log_event("SC retornou acesso negado; tentando ajustar ACL do LocalService...");
|
||||||
fix_localservice_acl().map_err(|error| RustdeskError::CommandFailed {
|
fix_localservice_acl().map_err(|error| RustdeskError::CommandFailed {
|
||||||
command: format!("fix_acl ({error})"),
|
command: format!("fix_acl ({error})"),
|
||||||
|
|
@ -584,8 +584,6 @@ fn replicate_password_artifacts() -> io::Result<()> {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn run_powershell_elevated(script: &str) -> Result<(), String> {
|
fn run_powershell_elevated(script: &str) -> Result<(), String> {
|
||||||
use std::io::Write;
|
|
||||||
|
|
||||||
let temp_dir = env::temp_dir();
|
let temp_dir = env::temp_dir();
|
||||||
let payload = temp_dir.join("raven_payload.ps1");
|
let payload = temp_dir.join("raven_payload.ps1");
|
||||||
fs::write(&payload, script).map_err(|error| format!("write payload: {error}"))?;
|
fs::write(&payload, script).map_err(|error| format!("write payload: {error}"))?;
|
||||||
|
|
@ -644,6 +642,44 @@ icacls '{target}' /grant "${{admins}}":(OI)(CI)F "${{localSvc}}":(OI)(CI)F /T /C
|
||||||
run_powershell_elevated(&script)
|
run_powershell_elevated(&script)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn ensure_localservice_writable_preflight() -> Result<(), String> {
|
||||||
|
let dir = PathBuf::from(LOCAL_SERVICE_CONFIG);
|
||||||
|
if can_write_dir(&dir) {
|
||||||
|
return Ok(());
|
||||||
|
}
|
||||||
|
log_event("Tentando corrigir ACL do perfil LocalService via UAC (preflight)...");
|
||||||
|
fix_localservice_acl()?;
|
||||||
|
if can_write_dir(&dir) {
|
||||||
|
log_event("ACL do LocalService ajustada com sucesso.");
|
||||||
|
Ok(())
|
||||||
|
} else {
|
||||||
|
Err("continua sem permissão para LocalService (após preflight)".into())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn can_write_dir(dir: &Path) -> bool {
|
||||||
|
if fs::create_dir_all(dir).is_err() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
let probe = dir.join(".raven_acl_probe");
|
||||||
|
match OpenOptions::new()
|
||||||
|
.create(true)
|
||||||
|
.write(true)
|
||||||
|
.truncate(true)
|
||||||
|
.open(&probe)
|
||||||
|
{
|
||||||
|
Ok(mut file) => {
|
||||||
|
if file.write_all(b"ok").is_err() {
|
||||||
|
let _ = fs::remove_file(&probe);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
let _ = fs::remove_file(&probe);
|
||||||
|
true
|
||||||
|
}
|
||||||
|
Err(_) => false,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
fn write_remote_id_value(path: &Path, id: &str) -> io::Result<()> {
|
fn write_remote_id_value(path: &Path, id: &str) -> io::Result<()> {
|
||||||
if let Some(parent) = path.parent() {
|
if let Some(parent) = path.parent() {
|
||||||
fs::create_dir_all(parent)?;
|
fs::create_dir_all(parent)?;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue