in runAs-agent/src/main/java/jetbrains/buildServer/runAs/agent/WindowsFileAccessService.java [40:121]
private Result<AccessControlEntry, Boolean> tryApplyAccess(@NotNull final AccessControlEntry entry) {
final EnumSet<AccessPermissions> permissions = entry.getPermissions();
if(permissions.size() == 0) {
return null;
}
final AccessControlAccount account = entry.getAccount();
String username = null;
switch (account.getTargetType()) {
case User:
username = account.getUserName();
break;
case All:
username = "NT AUTHORITY\\Authenticated Users";
break;
default:
throw new IllegalStateException("Unknown AccessControlAccountType: " + account.getTargetType());
}
String filePath = entry.getFile().getAbsolutePath();
final ArrayList<CommandLineArgument> args = new ArrayList<CommandLineArgument>();
args.add(new CommandLineArgument(filePath, CommandLineArgument.Type.PARAMETER));
args.add(new CommandLineArgument("/C", CommandLineArgument.Type.PARAMETER));
args.add(new CommandLineArgument("/Q", CommandLineArgument.Type.PARAMETER));
List<String> grantedPermissionList = new ArrayList<String>();
if(permissions.contains(AccessPermissions.GrantRead)) {
grantedPermissionList.add("R");
}
if(permissions.contains(AccessPermissions.GrantWrite)) {
grantedPermissionList.add("W,D,DC");
}
if(permissions.contains(AccessPermissions.GrantExecute)) {
grantedPermissionList.add("RX");
}
List<String> deniedPermissionList = new ArrayList<String>();
if(permissions.contains(AccessPermissions.DenyRead)) {
deniedPermissionList.add("R");
}
if(permissions.contains(AccessPermissions.DenyWrite)) {
deniedPermissionList.add("W,D,DC");
}
if(permissions.contains(AccessPermissions.DenyExecute)) {
deniedPermissionList.add("X");
}
if(grantedPermissionList.size() > 0) {
args.add(new CommandLineArgument("/grant", CommandLineArgument.Type.PARAMETER));
final boolean recursive = permissions.contains(AccessPermissions.Recursive);
final String permissionsStr = username + ":" + (recursive ? "(OI)(CI)" : "") + "(" + StringUtil.join(grantedPermissionList, ",") + ")";
args.add(new CommandLineArgument(permissionsStr, CommandLineArgument.Type.PARAMETER));
}
if(deniedPermissionList.size() > 0) {
args.add(new CommandLineArgument("/deny", CommandLineArgument.Type.PARAMETER));
final boolean recursive = permissions.contains(AccessPermissions.Recursive);
final String permissionsStr = username + ":" + (recursive ? "(OI)(CI)" : "") + "(" + StringUtil.join(deniedPermissionList, ",") + ")";
args.add(new CommandLineArgument(permissionsStr, CommandLineArgument.Type.PARAMETER));
}
final CommandLineSetup icaclsCommandLineSetup = new CommandLineSetup(ICACLS_TOOL_NAME, args, Collections.<CommandLineResource>emptyList());
try {
final ExecResult result = myCommandLineExecutor.runProcess(icaclsCommandLineSetup, EXECUTION_TIMEOUT_SECONDS);
if(result == null ) {
return null;
}
return processResult(entry, result);
}
catch (ExecutionException e) {
LOG.error(e);
return new Result<AccessControlEntry, Boolean>(entry, e);
}
}