diff options
| author | Vladislav Vaintroub <wlad@montyprogram.com> | 2011-02-02 01:30:24 +0100 |
|---|---|---|
| committer | Vladislav Vaintroub <wlad@montyprogram.com> | 2011-02-02 01:30:24 +0100 |
| commit | 1cb5bc32b6bcd6b923776356132ca2d376c7ea9c (patch) | |
| tree | f3b8e58ec02bff34a29694f74d5fb2636db97285 /sql/mysql_install_db.cc | |
| parent | 30f509187a1df38b41dd6b06c17a78dcabd84965 (diff) | |
| download | mariadb-git-1cb5bc32b6bcd6b923776356132ca2d376c7ea9c.tar.gz | |
Fix service user name and directory ACL setting on localized Windows
* Spell username correctly as "NT AUTHORITY\NetworkService"
* Also, use well-known SIDs for predefined user when assigning directory
ACLs (the names differ in localized Windows)
Diffstat (limited to 'sql/mysql_install_db.cc')
| -rw-r--r-- | sql/mysql_install_db.cc | 44 |
1 files changed, 40 insertions, 4 deletions
diff --git a/sql/mysql_install_db.cc b/sql/mysql_install_db.cc index ffa78cb89b8..3f712b196d4 100644 --- a/sql/mysql_install_db.cc +++ b/sql/mysql_install_db.cc @@ -16,7 +16,7 @@ extern "C" const char mysql_bootstrap_sql[]; -char default_os_user[] = "NT AUTHORITY\\Network Service"; +char default_os_user[] = "NT AUTHORITY\\NetworkService"; static int create_db_instance(); static uint opt_verbose, opt_silent; static char datadir_buffer[FN_REFLEN]; @@ -387,13 +387,49 @@ static int set_directory_permissions(const char *dir, const char *os_user) ACL* pOldDACL; SECURITY_DESCRIPTOR* pSD = NULL; EXPLICIT_ACCESS ea={0}; + BOOL isWellKnownSID= FALSE; + WELL_KNOWN_SID_TYPE wellKnownSidType = WinNullSid; + PSID pSid = NULL; + GetSecurityInfo(hDir, SE_FILE_OBJECT , DACL_SECURITY_INFORMATION,NULL, NULL, &pOldDACL, NULL, (void**)&pSD); - PSID pSid = NULL; + if(os_user) { - ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME; - ea.Trustee.ptstrName = (LPSTR)os_user; + /* Check for 3 predefined service users + They might have localized names in non-English Windows, thus they need + to be handled using well-known SIDs. + */ + if(stricmp(os_user, "NT AUTHORITY\\NetworkService") == 0) + { + wellKnownSidType= WinNetworkServiceSid; + } + else if(stricmp(os_user, "NT AUTHORITY\\LocalService") == 0) + { + wellKnownSidType= WinLocalServiceSid; + } + else if(stricmp(os_user, "NT AUTHORITY\\LocalSystem") == 0) + { + wellKnownSidType= WinLocalSystemSid; + } + + if(wellKnownSidType != WinNullSid) + { + DWORD size = SECURITY_MAX_SID_SIZE; + pSid= (PSID)tokenInfoBuffer.buffer; + if (!CreateWellKnownSid(wellKnownSidType, NULL, pSid, + &size)) + { + return 1; + } + ea.Trustee.TrusteeForm = TRUSTEE_IS_SID; + ea.Trustee.ptstrName = (LPTSTR)pSid; + } + else + { + ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME; + ea.Trustee.ptstrName = (LPSTR)os_user; + } } else { |