From 141c42c4b5b0f7fcd6fffecb1162e7283ca9507b Mon Sep 17 00:00:00 2001
From: jp9000 <obs.jim@gmail.com>
Date: Sun, 8 Mar 2020 15:54:53 -0700
Subject: [PATCH] win-capture: Allow write permission on graphics hook

(This commit also modified the updater module on Windows)

Ensures that an older hook version can be replaced by a newer hook
version.
---
 UI/win-update/updater/init-hook-files.c      | 39 ++++++++++++++++----
 plugins/win-capture/game-capture-file-init.c | 39 ++++++++++++++++----
 2 files changed, 64 insertions(+), 14 deletions(-)

diff --git a/UI/win-update/updater/init-hook-files.c b/UI/win-update/updater/init-hook-files.c
index bbd591bdd..61017f12a 100644
--- a/UI/win-update/updater/init-hook-files.c
+++ b/UI/win-update/updater/init-hook-files.c
@@ -3,11 +3,15 @@
 #include <shlobj.h>
 #include <stdbool.h>
 #include <aclapi.h>
+#include <sddl.h>
 
 static bool add_aap_perms(const wchar_t *dir)
 {
 	PSECURITY_DESCRIPTOR sd = NULL;
-	PACL new_dacl = NULL;
+	SID *aap_sid = NULL;
+	SID *bu_sid = NULL;
+	PACL new_dacl1 = NULL;
+	PACL new_dacl2 = NULL;
 	bool success = false;
 
 	PACL dacl;
@@ -21,16 +25,31 @@ static bool add_aap_perms(const wchar_t *dir)
 	ea.grfAccessPermissions = GENERIC_READ | GENERIC_EXECUTE;
 	ea.grfAccessMode = GRANT_ACCESS;
 	ea.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
-	ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
-	ea.Trustee.ptstrName = L"ALL APPLICATION PACKAGES";
+	ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
 
-	if (SetEntriesInAclW(1, &ea, dacl, &new_dacl) != ERROR_SUCCESS) {
+	/* ALL_APP_PACKAGES */
+	ConvertStringSidToSidW(L"S-1-15-2-1", &aap_sid);
+	ea.Trustee.ptstrName = (wchar_t *)aap_sid;
+
+	if (SetEntriesInAclW(1, &ea, dacl, &new_dacl1) != ERROR_SUCCESS) {
+		goto fail;
+	}
+
+	ea.grfAccessPermissions = GENERIC_READ | GENERIC_WRITE |
+				  GENERIC_EXECUTE;
+
+	/* BUILTIN_USERS */
+	ConvertStringSidToSidW(L"S-1-5-32-545", &bu_sid);
+	ea.Trustee.ptstrName = (wchar_t *)bu_sid;
+
+	DWORD s = SetEntriesInAclW(1, &ea, new_dacl1, &new_dacl2);
+	if (s != ERROR_SUCCESS) {
 		goto fail;
 	}
 
 	if (SetNamedSecurityInfoW((wchar_t *)dir, SE_FILE_OBJECT,
 				  DACL_SECURITY_INFORMATION, NULL, NULL,
-				  new_dacl, NULL) != ERROR_SUCCESS) {
+				  new_dacl2, NULL) != ERROR_SUCCESS) {
 		goto fail;
 	}
 
@@ -38,8 +57,14 @@ static bool add_aap_perms(const wchar_t *dir)
 fail:
 	if (sd)
 		LocalFree(sd);
-	if (new_dacl)
-		LocalFree(new_dacl);
+	if (new_dacl1)
+		LocalFree(new_dacl1);
+	if (new_dacl2)
+		LocalFree(new_dacl2);
+	if (aap_sid)
+		LocalFree(aap_sid);
+	if (bu_sid)
+		LocalFree(bu_sid);
 	return success;
 }
 
diff --git a/plugins/win-capture/game-capture-file-init.c b/plugins/win-capture/game-capture-file-init.c
index c88c68653..3d183dc82 100644
--- a/plugins/win-capture/game-capture-file-init.c
+++ b/plugins/win-capture/game-capture-file-init.c
@@ -2,6 +2,7 @@
 #include <strsafe.h>
 #include <shlobj.h>
 #include <aclapi.h>
+#include <sddl.h>
 #include <obs-module.h>
 #include <util/windows/win-version.h>
 #include <util/platform.h>
@@ -44,7 +45,10 @@ static bool has_elevation()
 static bool add_aap_perms(const wchar_t *dir)
 {
 	PSECURITY_DESCRIPTOR sd = NULL;
-	PACL new_dacl = NULL;
+	SID *aap_sid = NULL;
+	SID *bu_sid = NULL;
+	PACL new_dacl1 = NULL;
+	PACL new_dacl2 = NULL;
 	bool success = false;
 
 	PACL dacl;
@@ -58,16 +62,31 @@ static bool add_aap_perms(const wchar_t *dir)
 	ea.grfAccessPermissions = GENERIC_READ | GENERIC_EXECUTE;
 	ea.grfAccessMode = GRANT_ACCESS;
 	ea.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
-	ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
-	ea.Trustee.ptstrName = L"ALL APPLICATION PACKAGES";
+	ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
 
-	if (SetEntriesInAclW(1, &ea, dacl, &new_dacl) != ERROR_SUCCESS) {
+	/* ALL_APP_PACKAGES */
+	ConvertStringSidToSidW(L"S-1-15-2-1", &aap_sid);
+	ea.Trustee.ptstrName = (wchar_t *)aap_sid;
+
+	if (SetEntriesInAclW(1, &ea, dacl, &new_dacl1) != ERROR_SUCCESS) {
+		goto fail;
+	}
+
+	ea.grfAccessPermissions = GENERIC_READ | GENERIC_WRITE |
+				  GENERIC_EXECUTE;
+
+	/* BUILTIN_USERS */
+	ConvertStringSidToSidW(L"S-1-5-32-545", &bu_sid);
+	ea.Trustee.ptstrName = (wchar_t *)bu_sid;
+
+	DWORD s = SetEntriesInAclW(1, &ea, new_dacl1, &new_dacl2);
+	if (s != ERROR_SUCCESS) {
 		goto fail;
 	}
 
 	if (SetNamedSecurityInfoW((wchar_t *)dir, SE_FILE_OBJECT,
 				  DACL_SECURITY_INFORMATION, NULL, NULL,
-				  new_dacl, NULL) != ERROR_SUCCESS) {
+				  new_dacl2, NULL) != ERROR_SUCCESS) {
 		goto fail;
 	}
 
@@ -75,8 +94,14 @@ static bool add_aap_perms(const wchar_t *dir)
 fail:
 	if (sd)
 		LocalFree(sd);
-	if (new_dacl)
-		LocalFree(new_dacl);
+	if (new_dacl1)
+		LocalFree(new_dacl1);
+	if (new_dacl2)
+		LocalFree(new_dacl2);
+	if (aap_sid)
+		LocalFree(aap_sid);
+	if (bu_sid)
+		LocalFree(bu_sid);
 	return success;
 }