diff --git a/platforms/win32/winbareos-nsi.spec b/platforms/win32/winbareos-nsi.spec index 73051aaa94f..9973f031523 100644 --- a/platforms/win32/winbareos-nsi.spec +++ b/platforms/win32/winbareos-nsi.spec @@ -39,7 +39,7 @@ Source2: clientdialog.ini Source3: directordialog.ini Source4: KillProcWMI.dll Source5: bareos.ico - +Source6: AccessControl.dll %description bareos @@ -59,7 +59,8 @@ bareos %build mkdir -p $RPM_BUILD_ROOT/nsisplugins -cp %SOURCE4 $RPM_BUILD_ROOT/nsisplugins +cp %SOURCE4 $RPM_BUILD_ROOT/nsisplugins # KillProcWMI +cp %SOURCE6 $RPM_BUILD_ROOT/nsisplugins # AccessControl mkdir $RPM_BUILD_ROOT/release32 mkdir $RPM_BUILD_ROOT/release64 @@ -84,8 +85,8 @@ for cfg in /etc/mingw64-winbareos/*.conf; do cp $cfg $RPM_BUILD_ROOT/release64 done -cp %SOURCE1 %SOURCE2 %SOURCE3 %SOURCE4 %SOURCE5 %_sourcedir/LICENSE $RPM_BUILD_ROOT/release32 -cp %SOURCE1 %SOURCE2 %SOURCE3 %SOURCE4 %SOURCE5 %_sourcedir/LICENSE $RPM_BUILD_ROOT/release64 +cp %SOURCE1 %SOURCE2 %SOURCE3 %SOURCE4 %SOURCE5 %SOURCE6 %_sourcedir/LICENSE $RPM_BUILD_ROOT/release32 +cp %SOURCE1 %SOURCE2 %SOURCE3 %SOURCE4 %SOURCE5 %SOURCE6 %_sourcedir/LICENSE $RPM_BUILD_ROOT/release64 makensis -DPRODUCT_VERSION=%version-%release -DBIT_WIDTH=32 $RPM_BUILD_ROOT/release32/winbareos.nsi makensis -DPRODUCT_VERSION=%version-%release -DBIT_WIDTH=64 $RPM_BUILD_ROOT/release64/winbareos.nsi diff --git a/platforms/win32/winbareos.nsi b/platforms/win32/winbareos.nsi index 478e357c7e5..93243de89fb 100644 --- a/platforms/win32/winbareos.nsi +++ b/platforms/win32/winbareos.nsi @@ -181,6 +181,33 @@ FunctionEnd Rename "$PLUGINSDIR\${fname}" "$APPDATA\${PRODUCT_NAME}\${fname}" ${EndIf} CreateShortCut "$SMPROGRAMS\${PRODUCT_NAME}\Edit ${fname}.lnk" "write.exe" '"$APPDATA\${PRODUCT_NAME}\${fname}"' + +# disable file access inheritance + AccessControl::DisableFileInheritance "$APPDATA\${PRODUCT_NAME}\${fname}" + Pop $R0 + DetailPrint `AccessControl result: $R0` + ${If} $R0 == error + Pop $R0 + DetailPrint `AccessControl error: $R0` + ${EndIf} + +# set file owner to administrator + AccessControl::SetFileOwner "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-544)" # administratoren + Pop $R0 + DetailPrint `AccessControl result: $R0` + ${If} $R0 == error + Pop $R0 + DetailPrint `AccessControl error: $R0` + ${EndIf} + +# set fullaccess only for administrators (S-1-5-32-544) + AccessControl::ClearOnFile "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-544)" "FullAccess" + Pop $R0 + DetailPrint `AccessControl result: $R0` + ${If} $R0 == error + Pop $R0 + DetailPrint `AccessControl error: $R0` + ${EndIf} !macroend @@ -283,6 +310,7 @@ SectionIn 1 2 3 SetOutPath "$INSTDIR" SetOverwrite ifnewer + CreateDirectory "$INSTDIR\Plugins" CreateDirectory "$SMPROGRAMS\${PRODUCT_NAME}" CreateDirectory "$APPDATA\${PRODUCT_NAME}" File "bareos-fd.exe" @@ -893,6 +921,7 @@ ConfDeleteSkip: Delete "$SMPROGRAMS\${PRODUCT_NAME}\Website.lnk" Delete "$SMPROGRAMS\${PRODUCT_NAME}\Uninstall.lnk" RMDir "$SMPROGRAMS\${PRODUCT_NAME}" + RMDir "$INSTDIR\Plugins" RMDir "$INSTDIR" DeleteRegKey ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" DeleteRegKey HKLM "${PRODUCT_DIR_REGKEY}" @@ -924,22 +953,3 @@ Push $R1 Pop $R1 Pop $R0 FunctionEnd - - - -# TODO: -# - access on conf files has to be limited to administrators -# - tray-monitor automatic start at login -# - tray-monitor does not work right now (why?) -# - create snippet for restricted console that is only allowed to access -# this client -# -# DONE: -# - silent installer with configurable parameters that are otherwise in the forms -# - find out if a prior version is already installed and use that install directory or uninstall it first -# - add firewall rule for bareos-fd after installation. -# - put the config files in $APPDATA -# - add section bconsole automatically when section bat is selected -# - add license information to installer -# - kill tray monitor before installing / updateing TODO: testing -# - replace "the network backups solution" by "backup archiving recovery open sourced"