trustbridge: cinst/nssstore

annotate cinst/nssstore_win.c @ 499:077b4342d69b

Default autostart to true and change setting to bool

author	Andre Heinecke <aheinecke@intevation.de>
date	Fri, 25 Apr 2014 10:16:46 +0000
parents	a9da8e4eeff7
children	e551de11d8b6

rev	line source
404 17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	3 *
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	6 * See LICENSE.txt for details.
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	7 */
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	8 #ifdef WIN32
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	9
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	10 /* @file
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	11 @brief Windows implementation of nssstore process control.
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	12
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	13 The windows process will write an instructions file for
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	14 the mozilla process into the current users temp directory
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	15 (%APPDATA%/Local/Temp/) and start the NSS installation process to
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	16 exectute those instructions. If the current process is elevated
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	17 the NSS process is run with a restricted token.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	18 The execution of the mozilla process is not monitored.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	19 You have to refer to the system log to check which certificates were
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	20 installed / removed by it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	21
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	22 If the installation process is running elevated it
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	23 will create the file in the ProgramData directory in
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	24 a subdirectory with the defined application name.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	25 %PROGRAMDATA%/$APPLICATION_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	26 with the file name:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	27 current_selection.txt
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	28 The folder will have restricted permissions so
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	29 that only Administrators are allowed to access it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	30
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	31 Additionally if this process is Elevated it also starts the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	32 NSS installation process in default profile mode once to change
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	33 the default NSS certificate databases for new profiles.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	34
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	35 The process then adds a new RunOnce registry key
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	36 for each user on the system that executes the NSS installation
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	37 process on login to make sure it is launched once in the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	38 security context of that user.
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	39 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	40
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	41 #include <windows.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	42 #include <stdio.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	43 #include <stdbool.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	44 #include <userenv.h>
329 b1059360a0c7 Debugprintf with output debug string on windows. Andre Heinecke <aheinecke@intevation.de> parents: 324 diff changeset	45 #include <io.h>
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	46 #include <accctrl.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	47 #include <aclapi.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	48 #include <shlobj.h>
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	49
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	50 #include "logging.h"
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	51 #include "util.h"
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	52 #include "strhelp.h"
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	53
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	54 #ifndef APPNAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	55 #define APPNAME L"cinst"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	56 #endif
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	57
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	58 #ifndef SELECTION_FILE_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	59 #define SELECTION_FILE_NAME L"currently_selected.txt"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	60 #endif
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	61
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	62 #define PROCESS_TIMEOUT 30000
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	63
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	64 #define PRINTLASTERROR(msg) \
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	65 char *my_error = getLastErrorMsg(); \
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	66 if (my_error) { \
329 b1059360a0c7 Debugprintf with output debug string on windows. Andre Heinecke <aheinecke@intevation.de> parents: 324 diff changeset	67 DEBUGPRINTF(msg " : %s\n", my_error); \
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	68 ERRORPRINTF(msg" : %s\n", my_error); \
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	69 free (my_error); \
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	70 } \
329 b1059360a0c7 Debugprintf with output debug string on windows. Andre Heinecke <aheinecke@intevation.de> parents: 324 diff changeset	71 DEBUGPRINTF ("Failed to get error information\n");
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	72
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	73 /**@brief Write strv of instructions to a handle
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	74 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	75 * Writes the null terminated list of instructions to
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	76 * the handle.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	77 *
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	78 * @param [in] certificates base64 encoded der certificate to write
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	79 * @param [in] write_handle handle to write to
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	80 * @param [in] remove weather the certificate should be installed or removed
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	81 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	82 * @returns true on success, false on failure
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	83 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	84 static bool
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	85 write_instructions(char **certificates, HANDLE write_handle,
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	86 bool remove)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	87 {
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	88 bool retval = false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	89 int i = 0;
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	90 const char *line_end = "\r\n";
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	91 char *line_start = NULL;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	92
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	93 if (!certificates)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	94 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	95 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	96 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	97
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	98 line_start = remove ? "R:" : "I:";
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	99
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	100 for (i = 0; certificates[i]; i++)
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	101 {
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	102 DWORD written = 0;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	103 DWORD inst_len = strlen (certificates[i]);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	104 retval = WriteFile (write_handle, (LPCVOID) line_start, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	105 if (!retval)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	106 {
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	107 PRINTLASTERROR ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	108 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	109 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	110 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	111 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	112 ERRORPRINTF ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	113 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	114 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	115 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	116 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	117 retval = WriteFile (write_handle, (LPCVOID) certificates[i], inst_len, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	118 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	119 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	120 PRINTLASTERROR ("Failed to write certificate\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	121 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	122 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	123 if (inst_len != written)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	124 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	125 ERRORPRINTF ("Failed to write everything\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	126 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	127 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	128 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	129 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	130 retval = WriteFile (write_handle, (LPCVOID) line_end, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	131 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	132 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	133 PRINTLASTERROR ("Failed to write line end\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	134 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	135 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	136 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	137 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	138 ERRORPRINTF ("Failed to write full line end\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	139 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	140 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	141 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	142 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	143 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	144 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	145
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	146 /**@brief Start the process to install / remove
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	147 *
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	148 * Starts the NSS installation process for the current user
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	149 *
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	150 * @param [in] selection_file filename of the file containing
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	151 * the users installall / remove selection.
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	152 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	153 * @returns true on success, false on error.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	154 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	155 static bool
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	156 start_procces_for_user (wchar_t *selection_file)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	157 {
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	158 HANDLE hToken = NULL;/*,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	159 hChildToken = NULL;*/
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	160 /* TODO get this as absolute path based on current module location */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	161 LPWSTR lpApplicationName = L"mozilla.exe",
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	162 lpCommandLine;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	163 PROCESS_INFORMATION piProcInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	164 STARTUPINFOW siStartInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	165 BOOL success = FALSE;
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	166 size_t cmd_line_len = 0;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	167
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	168 if (!selection_file)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	169 {
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	170 ERRORPRINTF ("Invalid call\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	171 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	172 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	173
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	174 /* set up handles. stdin and stdout go to the same stdout*/
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	175 siStartInfo.cb = sizeof (STARTUPINFO);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	176
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	177 if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	178 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	179 PRINTLASTERROR("Failed to get current handle.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	180 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	181 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	182 /* TODO! if (is_elevated())
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	183 restrict token -> hChildToken
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	184 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	185
392 8090a1bc1b5b Add a space in the command line Andre Heinecke <andre.heinecke@intevation.de> parents: 391 diff changeset	186 cmd_line_len = wcslen (lpApplicationName) + wcslen(selection_file) + 2;
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	187 lpCommandLine = xmalloc (cmd_line_len * sizeof(wchar_t));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	188
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	189 wcscpy_s (lpCommandLine, cmd_line_len, lpApplicationName);
392 8090a1bc1b5b Add a space in the command line Andre Heinecke <andre.heinecke@intevation.de> parents: 391 diff changeset	190 wcscpy_s (lpCommandLine, cmd_line_len, L" ");
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	191 wcscat_s (lpCommandLine, cmd_line_len, selection_file);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	192
392 8090a1bc1b5b Add a space in the command line Andre Heinecke <andre.heinecke@intevation.de> parents: 391 diff changeset	193 DEBUGPRINTF ("Starting %S with command line %S\n", lpApplicationName, lpCommandLine);
8090a1bc1b5b Add a space in the command line Andre Heinecke <andre.heinecke@intevation.de> parents: 391 diff changeset	194
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	195 success = CreateProcessAsUserW (hToken,
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	196 lpApplicationName,
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	197 lpCommandLine, /* Commandline */
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	198 NULL, /* Process attributes. Take hToken */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	199 NULL, /* Thread attribues. Take hToken */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	200 FALSE, /* Inherit Handles */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	201 0, /* Creation flags. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	202 NULL, /* Inherit environment */
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	203 NULL, /* Current working directory */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	204 &siStartInfo,
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	205 &piProcInfo);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	206 xfree (lpCommandLine);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	207 if (!success)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	208 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	209 PRINTLASTERROR ("Failed to create process.\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	210 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	211 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	212
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	213 if (WaitForSingleObject (piProcInfo.hProcess, PROCESS_TIMEOUT) != WAIT_OBJECT_0)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	214 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	215 /* Should not happen... */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	216 ERRORPRINTF ("Failed to wait for process.\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	217 if (piProcInfo.hProcess)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	218 CloseHandle (piProcInfo.hProcess);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	219 if (piProcInfo.hThread)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	220 CloseHandle (piProcInfo.hThread);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	221 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	222 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	223 if (piProcInfo.hProcess)
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	224 CloseHandle (piProcInfo.hProcess);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	225 if (piProcInfo.hThread)
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	226 CloseHandle (piProcInfo.hThread);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	227 return true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	228 }
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	229
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	230 /**@brief Create a directory with restricted access rights
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	231 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	232 * This creates a security attributes structure that restricts
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	233 * write access to the Administrators group but allows everyone to read files
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	234 * in that directory.
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	235 * Basically a very complicated version of mkdir path -m 644
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	236 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	237 * If the directory exists the permissions of that directory are checked if
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	238 * they are acceptable and true or false is returned accordingly.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	239 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	240 * Code based on msdn example:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	241 * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	242 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	243 * @param[in] path Path of the directory to create
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	244 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	245 * @returns true on success of if the directory exists, false on error
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	246 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	247 bool
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	248 create_restricted_directory (LPWSTR path)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	249 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	250 bool retval = false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	251 PSID everyone_SID = NULL,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	252 admin_SID = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	253 PACL access_control_list = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	254 PSECURITY_DESCRIPTOR descriptor = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	255 EXPLICIT_ACCESS explicit_access[2];
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	256 SID_IDENTIFIER_AUTHORITY world_identifier = {SECURITY_WORLD_SID_AUTHORITY},
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	257 admin_identifier = {SECURITY_NT_AUTHORITY};
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	258 SECURITY_ATTRIBUTES security_attributes;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	259
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	260 ZeroMemory(&security_attributes, sizeof(security_attributes));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	261 ZeroMemory(&explicit_access, 2 * sizeof(EXPLICIT_ACCESS));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	262
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	263 /* Create a well-known SID for the Everyone group. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	264 if(!AllocateAndInitializeSid(&world_identifier, /* top-level identifier */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	265 1, /* subauthorties count */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	266 SECURITY_WORLD_RID, /* Only one authority */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	267 0, 0, 0, 0, 0, 0, 0, /* No other authorities*/
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	268 &everyone_SID))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	269 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	270 PRINTLASTERROR ("Failed to allocate world sid.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	271 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	272 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	273
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	274 /* Initialize the first EXPLICIT_ACCESS structure for an ACE.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	275 to allow everyone read access */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	276 explicit_access[0].grfAccessPermissions = GENERIC_READ; /* Give read access */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	277 explicit_access[0].grfAccessMode = SET_ACCESS; /* Overwrite other access for all users */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	278 explicit_access[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; /* make it stick */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	279 explicit_access[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	280 explicit_access[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	281 explicit_access[0].Trustee.ptstrName = (LPTSTR) everyone_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	282
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	283 /* Create the SID for the BUILTIN\Administrators group. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	284 if(!AllocateAndInitializeSid(&admin_identifier,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	285 2,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	286 SECURITY_BUILTIN_DOMAIN_RID, /BUILTIN\ /
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	287 DOMAIN_ALIAS_RID_ADMINS, /\Administrators /
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	288 0, 0, 0, 0, 0, 0, /* No other */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	289 &admin_SID))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	290 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	291 PRINTLASTERROR ("Failed to allocate admin sid.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	292 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	293 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	294
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	295 /* explicit_access[1] grants admins full rights for this object and inherits
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	296 it to the children */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	297 explicit_access[1].grfAccessPermissions = GENERIC_ALL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	298 explicit_access[1].grfAccessMode = SET_ACCESS;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	299 explicit_access[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	300 explicit_access[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	301 explicit_access[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	302 explicit_access[1].Trustee.ptstrName = (LPTSTR) admin_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	303
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	304 /* Set up the ACL structure. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	305 if (ERROR_SUCCESS != SetEntriesInAcl(2, explicit_access, NULL, &access_control_list))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	306 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	307 PRINTLASTERROR ("Failed to set up Acl.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	308 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	309 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	310
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	311 /* Initialize a security descriptor */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	312 descriptor = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	313 SECURITY_DESCRIPTOR_MIN_LENGTH);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	314 if (descriptor == NULL)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	315 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	316 PRINTLASTERROR("Failed to allocate descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	317 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	318 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	319
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	320 if (!InitializeSecurityDescriptor(descriptor,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	321 SECURITY_DESCRIPTOR_REVISION))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	322 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	323 PRINTLASTERROR("Failed to initialize descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	324 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	325 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	326
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	327 /* Now we add the ACL to the the descriptor */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	328 if (!SetSecurityDescriptorDacl(descriptor,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	329 TRUE, /* bDaclPresent flag */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	330 access_control_list,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	331 FALSE)) /* not a default DACL */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	332 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	333 PRINTLASTERROR("Failed to set security descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	334 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	335 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	336
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	337 /* Finally set up the security attributes structure */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	338 security_attributes.nLength = sizeof (SECURITY_ATTRIBUTES);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	339 security_attributes.lpSecurityDescriptor = descriptor;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	340 security_attributes.bInheritHandle = FALSE;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	341
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	342 /* Use the security attributes to create the directory */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	343 if (!CreateDirectoryW(path, &security_attributes))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	344 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	345 DWORD err = GetLastError();
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	346 if (err == ERROR_ALREADY_EXISTS)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	347 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	348 /* Verify that the directory has the correct rights */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	349 // TODO
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	350 retval = true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	351 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	352 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	353 ERRORPRINTF ("Failed to create directory. Err: %lu", err);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	354 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	355 retval = true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	356
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	357 done:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	358
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	359 if (everyone_SID)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	360 FreeSid(everyone_SID);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	361 if (admin_SID)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	362 FreeSid(admin_SID);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	363 if (access_control_list)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	364 LocalFree(access_control_list);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	365 if (descriptor)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	366 LocalFree(descriptor);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	367
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	368 return retval;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	369 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	370
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	371 /**@brief Writes the selection file containing the instructions
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	372 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	373 * If the process is running elevated the instructions are
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	374 * written to the global ProgramData directory otherwise
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	375 * they are written in the temporary directory of the current user.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	376 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	377 * If the return value is not NULL it needs to be freed by the caller.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	378 * The returned path will contain backslashes as directory seperators.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	379 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	380 * @param[in] to_install Certificates that should be installed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	381 * @param[in] to_remove Certificates that should be removed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	382 * @returns pointer to the absolute filename of the selection file or NULL
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	383 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	384 wchar_t *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	385 write_selection_file (char to_install, char to_remove)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	386 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	387 wchar_t *folder_name = NULL,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	388 *path = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	389 bool elevated = is_elevated();
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	390 HRESULT result = E_FAIL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	391 HANDLE hFile = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	392 size_t path_len;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	393
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	394 if (!elevated)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	395 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	396 /* TODO */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	397 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	398
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	399 result = SHGetKnownFolderPath (&FOLDERID_ProgramData, /* Get program data dir */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	400 KF_FLAG_CREATE \| /* Create if it does not exist */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	401 KF_FLAG_INIT, /* Initialize it if created */
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	402 INVALID_HANDLE_VALUE, /* Get it for the default user */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	403 &folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	404
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	405 if (result != S_OK)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	406 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	407 PRINTLASTERROR ("Failed to get folder path");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	408 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	409 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	410
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	411 path_len = wcslen (folder_name) + wcslen (APPNAME) + 2; /* path + dirsep + \0 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	412 path_len += wcslen (SELECTION_FILE_NAME) + 1; /* filename + dirsep */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	413
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	414 if (path_len >= MAX_PATH)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	415 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	416 /* We could go and use the full 32,767 characters but this
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	417 should be a very weird setup if this is neccessary. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	418 ERRORPRINTF ("Path too long.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	419 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	420 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	421
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	422 path = xmalloc (path_len * sizeof (wchar_t));
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	423 if (wcscpy_s (path, path_len, folder_name) != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	424 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	425 ERRORPRINTF ("Failed to copy folder name.\n");
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	426
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	427 CoTaskMemFree (folder_name);
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	428
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	429 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	430 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	431
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	432 #if 0
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	433 CoTaskMemFree (folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	434 #endif
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	435
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	436 if (wcscat_s (path, path_len, L"\\") != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	437 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	438 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	439 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	440 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	441 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	442
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	443 if (wcscat_s (path, path_len, APPNAME) != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	444 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	445 ERRORPRINTF ("Failed to cat appname.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	446 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	447 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	448 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	449
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	450 /* Security: if someone has created this directory before
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	451 it might be a symlink to another place that a users
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	452 wants us to grant read access to or makes us overwrite
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	453 something */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	454 if(!create_restricted_directory (path))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	455 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	456 ERRORPRINTF ("Failed to create directory\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	457 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	458 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	459 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	460
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	461 if (wcscat_s (path, path_len, L"\\") != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	462 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	463 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	464 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	465 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	466 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	467
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	468 if (wcscat_s (path, path_len, SELECTION_FILE_NAME) != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	469 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	470 ERRORPRINTF ("Failed to cat filename.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	471 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	472 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	473 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	474
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	475 hFile = CreateFileW(path,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	476 GENERIC_WRITE,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	477 0, /* don't share */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	478 NULL, /* use the security attributes from the folder */
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	479 OPEN_ALWAYS \| TRUNCATE_EXISTING,
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	480 0,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	481 NULL);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	482
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	483 if (hFile == INVALID_HANDLE_VALUE)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	484 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	485 ERRORPRINTF ("Failed to create file\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	486 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	487 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	488 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	489 if (!write_instructions (to_install, hFile, false))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	490 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	491 ERRORPRINTF ("Failed to write install instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	492 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	493 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	494 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	495 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	496 if (!write_instructions (to_remove, hFile, true))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	497 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	498 ERRORPRINTF ("Failed to write remove instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	499 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	500 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	501 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	502 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	503 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	504
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	505 return path;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	506 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	507
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	508 int
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	509 write_stores_nss (char to_install, char to_remove)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	510 {
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	511 wchar_t *selection_file_name = NULL;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	512
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	513 selection_file_name = write_selection_file (to_install, to_remove);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	514 if (!selection_file_name)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	515 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	516 ERRORPRINTF ("Failed to write instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	517 return -1;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	518 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	519
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	520 DEBUGPRINTF ("Wrote selection file. Loc: %S\n", selection_file_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	521
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	522 /* TODO loop over all users create startup entries for them*/
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	523
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	524 if (!start_procces_for_user (selection_file_name))
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	525 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	526 ERRORPRINTF ("Failed to run NSS installation process.\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	527 xfree(selection_file_name);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	528 return -1;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	529 }
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	530 xfree(selection_file_name);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	531 return 0;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	532 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	533
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	534 #endif

Mercurial > trustbridge

annotate cinst/nssstore_win.c @ 499:077b4342d69b