Ensure the credentials dir exists before setting ACLs on it

2025-02-06 09:39:50 +00:00 · 2023-04-29 15:45:40 -05:00 · 2023-04-29 15:45:40 -05:00 · 4730f4a3af
commit 4730f4a3af
parent c8d4fd9f69
2 changed files with 7 additions and 3 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -739,9 +739,6 @@ if(WIN32) # see options at: https://cmake.org/cmake/help/latest/cpack_gen/nsis.h
        IfSilent +2 0
        ExecShell 'open' 'https://sunshinestream.readthedocs.io/'
        nsExec::ExecToLog 'icacls \\\"$INSTDIR\\\" /reset /T'
-        nsExec::ExecToLog 'icacls \\\"$INSTDIR\\\\config\\\\credentials\\\" /inheritance:r'
-        nsExec::ExecToLog 'icacls \\\"$INSTDIR\\\\config\\\\credentials\\\" \
-                                  /grant:r Administrators:\\\(OI\\\)\\\(CI\\\)\\\(F\\\)'
        nsExec::ExecToLog '\\\"$INSTDIR\\\\scripts\\\\migrate-config.bat\\\"'
        nsExec::ExecToLog '\\\"$INSTDIR\\\\scripts\\\\add-firewall-rule.bat\\\"'
        nsExec::ExecToLog '\\\"$INSTDIR\\\\scripts\\\\install-service.bat\\\"'
--- a/src_assets/windows/misc/migration/migrate-config.bat
+++ b/src_assets/windows/misc/migration/migrate-config.bat
@ -31,6 +31,13 @@ if exist "%OLD_DIR%\credentials\" (
    )
 )

+rem Create the credentials directory if it wasn't migrated or already existing
+if not exist "%NEW_DIR%\credentials\" mkdir "%NEW_DIR%\credentials"
+
+rem Disallow read access to the credentials directory for normal users
+icacls "%NEW_DIR%\credentials" /inheritance:r
+icacls "%NEW_DIR%\credentials" /grant:r Administrators:(OI)(CI)(F)
+
 rem Migrate the covers directory
 if exist "%OLD_DIR%\covers\" (
    if not exist "%NEW_DIR%\covers\" (