From 4730f4a3af240d0a6e3d3ce35fe906674cef06a9 Mon Sep 17 00:00:00 2001 From: Cameron Gutman Date: Sat, 29 Apr 2023 15:45:40 -0500 Subject: [PATCH] Ensure the credentials dir exists before setting ACLs on it --- CMakeLists.txt | 3 --- src_assets/windows/misc/migration/migrate-config.bat | 7 +++++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index cd71fd33..33b6d093 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -739,9 +739,6 @@ if(WIN32) # see options at: https://cmake.org/cmake/help/latest/cpack_gen/nsis.h IfSilent +2 0 ExecShell 'open' 'https://sunshinestream.readthedocs.io/' nsExec::ExecToLog 'icacls \\\"$INSTDIR\\\" /reset /T' - nsExec::ExecToLog 'icacls \\\"$INSTDIR\\\\config\\\\credentials\\\" /inheritance:r' - nsExec::ExecToLog 'icacls \\\"$INSTDIR\\\\config\\\\credentials\\\" \ - /grant:r Administrators:\\\(OI\\\)\\\(CI\\\)\\\(F\\\)' nsExec::ExecToLog '\\\"$INSTDIR\\\\scripts\\\\migrate-config.bat\\\"' nsExec::ExecToLog '\\\"$INSTDIR\\\\scripts\\\\add-firewall-rule.bat\\\"' nsExec::ExecToLog '\\\"$INSTDIR\\\\scripts\\\\install-service.bat\\\"' diff --git a/src_assets/windows/misc/migration/migrate-config.bat b/src_assets/windows/misc/migration/migrate-config.bat index 313b472e..201f71ef 100644 --- a/src_assets/windows/misc/migration/migrate-config.bat +++ b/src_assets/windows/misc/migration/migrate-config.bat @@ -31,6 +31,13 @@ if exist "%OLD_DIR%\credentials\" ( ) ) +rem Create the credentials directory if it wasn't migrated or already existing +if not exist "%NEW_DIR%\credentials\" mkdir "%NEW_DIR%\credentials" + +rem Disallow read access to the credentials directory for normal users +icacls "%NEW_DIR%\credentials" /inheritance:r +icacls "%NEW_DIR%\credentials" /grant:r Administrators:(OI)(CI)(F) + rem Migrate the covers directory if exist "%OLD_DIR%\covers\" ( if not exist "%NEW_DIR%\covers\" (