trustbridge: cinst/nssstore

annotate cinst/nssstore_win.c @ 825:24e1e47e2d1a

Start NSS process only from the current installation directory

author	Andre Heinecke <andre.heinecke@intevation.de>
date	Mon, 21 Jul 2014 18:52:41 +0200
parents	a511c1f45c70
children	4aa33c408776

rev	line source
404 17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	3 *
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	6 * See LICENSE.txt for details.
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	7 */
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	8 #ifdef WIN32
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	9
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	10 /* @file
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	11 @brief Windows implementation of nssstore process control.
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	12
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	13 The windows process will write an instructions file for
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	14 the mozilla process into the current users temp directory
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	15 (%APPDATA%/Local/Temp/) and start the NSS installation process to
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	16 exectute those instructions. If the current process is elevated
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	17 the NSS process is run with a restricted token.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	18 The execution of the mozilla process is not monitored.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	19 You have to refer to the system log to check which certificates were
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	20 installed / removed by it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	21
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	22 If the installation process is running elevated it
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	23 will create the file in the ProgramData directory in
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	24 a subdirectory with the defined application name.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	25 %PROGRAMDATA%/$APPLICATION_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	26 with the file name:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	27 current_selection.txt
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	28 The folder will have restricted permissions so
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	29 that only Administrators are allowed to access it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	30
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	31 Additionally if this process is Elevated it also starts the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	32 NSS installation process in default profile mode once to change
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	33 the default NSS certificate databases for new profiles.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	34
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	35 The process then adds a new RunOnce registry key
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	36 for each user on the system that executes the NSS installation
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	37 process on login to make sure it is launched once in the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	38 security context of that user.
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	39 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	40
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	41 #include <windows.h>
824 a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	42 #include <winsafer.h>
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	43 #include <sddl.h>
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	44 #include <stdio.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	45 #include <stdbool.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	46 #include <userenv.h>
329 b1059360a0c7 Debugprintf with output debug string on windows. Andre Heinecke <aheinecke@intevation.de> parents: 324 diff changeset	47 #include <io.h>
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	48 #include <accctrl.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	49 #include <aclapi.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	50 #include <shlobj.h>
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	51
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	52 #include "logging.h"
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	53 #include "util.h"
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	54 #include "strhelp.h"
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	55
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	56 #ifndef APPNAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	57 #define APPNAME L"cinst"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	58 #endif
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	59
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	60 /*@def The name of the nss installation process /
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	61 #define NSS_APP_NAME L"mozilla.exe"
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	62
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	63 #ifndef SELECTION_FILE_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	64 #define SELECTION_FILE_NAME L"currently_selected.txt"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	65 #endif
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	66
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	67 /*@def The maximum time to wait for the NSS Process /
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	68 #define PROCESS_TIMEOUT 30000
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	69
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	70 /*@def The registry key to look for user profile directories /
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	71 #define PROFILE_LIST L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	72
824 a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	73 /** @brief get a restricted access token to execute nss process
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	74 *
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	75 * This function uses the Software Restriction API to obtain the
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	76 * access token for a process run als normal user.
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	77 *
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	78 * @returns A restricted handle or NULL on error.
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	79 */
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	80 static HANDLE
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	81 get_restricted_token()
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	82 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	83 SAFER_LEVEL_HANDLE user_level = NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	84 HANDLE retval = NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	85 if (!SaferCreateLevel(SAFER_SCOPEID_USER,
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	86 SAFER_LEVELID_NORMALUSER,
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	87 SAFER_LEVEL_OPEN, &user_level, NULL))
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	88 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	89 PRINTLASTERROR ("Failed to create user level.\n");
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	90 return NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	91 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	92
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	93 if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL))
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	94 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	95 SaferCloseLevel(user_level);
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	96 return NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	97 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	98
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	99 return retval;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	100 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	101
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	102 /**@brief Write strv of instructions to a handle
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	103 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	104 * Writes the null terminated list of instructions to
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	105 * the handle.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	106 *
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	107 * @param [in] certificates base64 encoded der certificate to write
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	108 * @param [in] write_handle handle to write to
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	109 * @param [in] remove weather the certificate should be installed or removed
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	110 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	111 * @returns true on success, false on failure
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	112 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	113 static bool
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	114 write_instructions(char **certificates, HANDLE write_handle,
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	115 bool remove)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	116 {
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	117 bool retval = false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	118 int i = 0;
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	119 const char *line_end = "\r\n";
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	120 char *line_start = NULL;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	121
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	122 if (!certificates)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	123 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	124 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	125 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	126
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	127 line_start = remove ? "R:" : "I:";
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	128
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	129 for (i = 0; certificates[i]; i++)
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	130 {
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	131 DWORD written = 0;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	132 DWORD inst_len = strlen (certificates[i]);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	133 retval = WriteFile (write_handle, (LPCVOID) line_start, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	134 if (!retval)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	135 {
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	136 PRINTLASTERROR ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	137 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	138 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	139 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	140 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	141 ERRORPRINTF ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	142 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	143 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	144 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	145 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	146 retval = WriteFile (write_handle, (LPCVOID) certificates[i], inst_len, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	147 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	148 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	149 PRINTLASTERROR ("Failed to write certificate\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	150 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	151 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	152 if (inst_len != written)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	153 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	154 ERRORPRINTF ("Failed to write everything\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	155 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	156 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	157 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	158 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	159 retval = WriteFile (write_handle, (LPCVOID) line_end, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	160 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	161 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	162 PRINTLASTERROR ("Failed to write line end\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	163 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	164 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	165 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	166 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	167 ERRORPRINTF ("Failed to write full line end\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	168 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	169 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	170 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	171 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	172 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	173 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	174
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	175 /**@brief Read (and expand if necessary) a registry string.
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	176 *
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	177 * Reads a registry string and calls ExpandEnvironmentString
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	178 * if necessary on it. Returns a newly allocated string array
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	179 * with the expanded registry value converted to UTF-8
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	180 *
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	181 * Caller has to free return value with free.
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	182 *
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	183 * @param [in] root the root key (e.g. HKEY_LOCAL_MACHINE)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	184 * @param [in] key the key
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	185 * @param [in] name the name of the value to read.
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	186 *
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	187 * @returns the expanded, null terminated utf-8 string of the value.
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	188 * or NULL on error.
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	189 */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	190 static char*
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	191 read_registry_string (const HKEY root, const wchar_t *key,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	192 const wchar_t *name)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	193 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	194 HKEY key_handle = NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	195 DWORD size = 0,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	196 type = 0,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	197 ex_size = 0,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	198 dwRet = 0;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	199 LONG ret = 0;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	200 char *retval = NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	201 wchar_t *buf = NULL,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	202 *ex_buf = NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	203 if (root == NULL \|\| key == NULL \|\| name == NULL)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	204 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	205 ERRORPRINTF ("Invalid call to read_registry_string");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	206 return NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	207 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	208
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	209 ret = RegOpenKeyExW (root, key, 0, KEY_READ, &key_handle);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	210 if (ret != ERROR_SUCCESS)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	211 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	212 ERRORPRINTF ("Failed to open key.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	213 return NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	214 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	215
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	216 /* Get the size */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	217 ret = RegQueryValueExW (key_handle, name, 0, NULL, NULL, &size);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	218 if (ret != ERROR_MORE_DATA && !(ret == ERROR_SUCCESS && size != 0))
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	219 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	220 ERRORPRINTF ("Failed to get required registry size.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	221 return retval;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	222 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	223
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	224 /* Size is size in bytes not in characters */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	225 buf = xmalloc (size + sizeof(wchar_t));
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	226
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	227 /* If the stored value is not zero terminated the returned value also
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	228 is not zero terminated. That's why we reserve more and ensure it's
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	229 initialized. */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	230 memset (buf, 0, size + sizeof(wchar_t));
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	231
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	232 ret = RegQueryValueExW (key_handle, name, 0, &type, (LPBYTE) buf, &size);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	233 if (ret != ERROR_SUCCESS)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	234 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	235 ERRORPRINTF ("Failed get registry value.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	236 return retval;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	237 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	238
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	239 if (type == REG_SZ \|\| (type == REG_EXPAND_SZ && wcschr (buf, '%') == NULL))
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	240 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	241 /* Nothing to expand, we are done */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	242 retval = wchar_to_utf8 (buf, wcslen (buf));
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	243 goto done;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	244 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	245
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	246 if (type != REG_EXPAND_SZ)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	247 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	248 ERRORPRINTF ("Unhandled registry type %i", type);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	249 goto done;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	250 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	251
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	252 /* Expand the registry string */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	253 ex_size = ExpandEnvironmentStringsW (buf, NULL, 0);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	254
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	255 if (ex_size == 0)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	256 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	257 PRINTLASTERROR ("Failed to determine expanded environment size.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	258 goto done;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	259 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	260
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	261 ex_buf = xmalloc ((ex_size + 1) * sizeof(wchar_t));
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	262
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	263 dwRet = ExpandEnvironmentStringsW (buf, ex_buf, ex_size);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	264
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	265 ex_buf[ex_size] = '\0'; /* Make sure it's a string */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	266
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	267 if (dwRet == 0 \|\| dwRet != ex_size)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	268 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	269 PRINTLASTERROR ("Failed to expand environment variables.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	270 goto done;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	271 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	272
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	273 retval = wchar_to_utf8 (ex_buf, ex_size);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	274
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	275 done:
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	276 xfree (ex_buf);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	277 xfree (buf);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	278
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	279 RegCloseKey (key_handle);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	280 return retval;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	281 }
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	282 /**@brief Get the path to all users default registry hive
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	283 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	284 * Enumerates the keys in #PROFILE_LIST and retuns a
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	285 * strv array with the utf-8 encoded paths to their suggested
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	286 * registry hive location.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	287 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	288 * Users with an SID not starting with S-1-5-21- are ignored
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	289 * as is the current user.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	290 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	291 * Use strv_free to free that array.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	292 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	293 * @returns a newly allocated strv of the paths to the registry hives or NULL
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	294 */
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	295 static char**
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	296 locate_other_hives()
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	297 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	298 HKEY profile_list = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	299 int ret = 0;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	300 DWORD index = 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	301 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	302 /* According to
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	303 http://msdn.microsoft.com/en-us/library/windows/desktop/ms724872%28v=vs.85%29.aspx
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	304 a registry key is limited to 255 characters. But according to
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	305 http://www.sepago.de/e/holger/2010/07/20/how-long-can-a-registry-key-name-really-be
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	306 the actual limit is 256 + \0 thus we create a buffer for 257 wchar_t's*/
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	307 wchar_t key_name[257],
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	308 *current_user_sid = NULL;
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	309 char **retval = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	310 bool error = true;
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	311 PSID current_user = NULL;
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	312
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	313 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE, PROFILE_LIST, 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	314 KEY_READ, &profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	315 if (ret != ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	316 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	317 ERRORPRINTF ("Failed to open profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	318 return NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	319 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	320
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	321 /* Obtain the current user sid to prevent it from being returned. */
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	322 current_user = get_process_owner (GetCurrentProcess());
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	323
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	324 if (!current_user)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	325 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	326 ERRORPRINTF ("Failed to get the current user.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	327 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	328 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	329
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	330 if (!ConvertSidToStringSidW (current_user, &current_user_sid))
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	331 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	332 PRINTLASTERROR ("Failed to convert sid to string.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	333 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	334 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	335
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	336 while ((ret = RegEnumKeyExW (profile_list, index++,
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	337 key_name, &key_len,
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	338 NULL, NULL, NULL, NULL)) == ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	339 {
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	340 char *profile_path = NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	341 wchar_t *key_path = NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	342 size_t key_path_len = 0,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	343 profile_path_len = 0;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	344
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	345 if (key_len == 257)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	346 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	347 ERRORPRINTF ("Registry key too long.");
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	348 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	349 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	350
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	351 /* Reset key_len to buffer size */
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	352 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	353
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	354 if (wcsncmp (L"S-1-5-21-", key_name, 9) != 0 \|\|
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	355 wcscmp (current_user_sid, key_name) == 0)
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	356 {
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	357 /* S-1-5-21 is the well known prefix for local users. Skip all
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	358 others and the current user*/
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	359 continue;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	360 }
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	361
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	362 key_path_len = key_len + wcslen(PROFILE_LIST L"\\") + 1;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	363 key_path = xmalloc (key_path_len * sizeof (wchar_t));
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	364
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	365 wcscpy_s (key_path, key_path_len, PROFILE_LIST L"\\");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	366 wcscat_s (key_path, key_path_len, key_name);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	367 key_path[key_len - 1] = '\0';
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	368
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	369 DEBUGPRINTF ("Key : %S", key_name);
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	370 profile_path = read_registry_string (HKEY_LOCAL_MACHINE,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	371 key_path, L"ProfileImagePath");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	372 xfree (key_path);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	373
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	374 if (profile_path == NULL)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	375 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	376 ERRORPRINTF ("Failed to get profile path.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	377 continue;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	378 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	379 profile_path_len = strlen (profile_path);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	380 str_append_str (&profile_path, &profile_path_len, "\\ntuser.dat", 11);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	381
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	382 strv_append (&retval, profile_path, profile_path_len);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	383 DEBUGPRINTF ("Trying to access registry hive: %s", profile_path);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	384
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	385 xfree (profile_path);
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	386 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	387
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	388 if (ret != ERROR_NO_MORE_ITEMS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	389 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	390 ERRORPRINTF ("Failed to enumeratre profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	391 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	392 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	393
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	394 error = false;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	395
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	396 done:
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	397 xfree (current_user);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	398
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	399 RegCloseKey (profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	400
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	401 if (current_user_sid)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	402 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	403 LocalFree (current_user_sid);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	404 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	405
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	406 if (error)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	407 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	408 strv_free (retval);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	409 retval = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	410 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	411
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	412 return retval;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	413 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	414
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	415 /** @brief Build the command line for the NSS installation process
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	416 *
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	417 * Caller has to free the return value
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	418 *
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	419 * @param [in] selection_file the certificates to install
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	420 *
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	421 * @returns the command line to install the certificates. */
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	422 static wchar_t*
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	423 get_command_line(wchar_t *selection_file)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	424 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	425 LPWSTR retval;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	426 char *install_dir = get_install_dir();
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	427 wchar_t *w_inst_dir;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	428 size_t cmd_line_len = 0;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	429
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	430 if (install_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	431 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	432 ERRORPRINTF ("Failed to get installation directory");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	433 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	434 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	435
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	436 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	437 xfree (install_dir);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	438
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	439 if (w_inst_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	440 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	441 ERRORPRINTF ("Failed to convert installation directory");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	442 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	443 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	444
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	445 /* installdir + dirsep + quotes + process name + space + quotes + selection_file
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	446 + NULL */
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	447 cmd_line_len = wcslen (w_inst_dir) + 1 + 2 + wcslen (NSS_APP_NAME) +
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	448 + 1 + 2 + wcslen(selection_file) + 1;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	449 retval = xmalloc (cmd_line_len * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	450
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	451 wcscpy_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	452 wcscat_s (retval, cmd_line_len, w_inst_dir);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	453 wcscat_s (retval, cmd_line_len, L"\\");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	454 wcscat_s (retval, cmd_line_len, NSS_APP_NAME);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	455 wcscat_s (retval, cmd_line_len, L"\" \"");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	456 wcscat_s (retval, cmd_line_len, selection_file);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	457 wcscat_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	458
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	459 return retval;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	460 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	461
676 cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	462 /** @brief Increase the privileges of the current token to allow registry access
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	463 *
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	464 * To load another users registry you need SE_BACKUP_NAME and SE_RESTORE_NAME
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	465 * privileges. Normally if we are running elevated we can obtain them.
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	466 *
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	467 * @returns true if the privileges could be obtained. False otherwise
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	468 */
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	469 static bool
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	470 get_backup_restore_priv()
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	471 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	472 HANDLE hToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	473 PTOKEN_PRIVILEGES psToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	474 DWORD token_size = 0,
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	475 dwI = 0,
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	476 token_size_new = 0,
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	477 privilege_size = 128;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	478 char privilege_name[128];
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	479 bool retval = false;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	480 bool backup_found = false;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	481 bool restore_found = false;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	482
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	483
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	484 if (!OpenProcessToken (GetCurrentProcess(),
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	485 TOKEN_ADJUST_PRIVILEGES \| TOKEN_QUERY, &hToken))
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	486 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	487 PRINTLASTERROR ("Failed to get process token.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	488 return false;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	489 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	490
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	491 /* Get the size for the token */
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	492 GetTokenInformation (hToken, TokenPrivileges, NULL, 0, &token_size);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	493 if (token_size == 0)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	494 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	495 PRINTLASTERROR ("Failed to get token size.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	496 goto done;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	497 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	498
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	499 psToken = xmalloc(token_size);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	500
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	501 if (!GetTokenInformation (hToken, TokenPrivileges, psToken, token_size, &token_size_new))
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	502 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	503 PRINTLASTERROR ("Failed to get token information.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	504 goto done;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	505 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	506
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	507 if (token_size != token_size_new)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	508 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	509 ERRORPRINTF ("Size changed.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	510 goto done;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	511 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	512
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	513 for(dwI = 0; dwI < psToken->PrivilegeCount; dwI++)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	514 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	515 privilege_size = sizeof (privilege_name);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	516 if (!LookupPrivilegeNameA (NULL, &psToken->Privileges[dwI].Luid,
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	517 privilege_name, &privilege_size))
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	518 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	519 PRINTLASTERROR ("Failed to lookup privilege name");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	520 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	521
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	522 if(strcmp(privilege_name, "SeRestorePrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	523 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	524 psToken->Privileges[dwI].Attributes \|= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	525 restore_found = true;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	526 continue;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	527 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	528 if(strcmp(privilege_name, "SeBackupPrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	529 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	530 psToken->Privileges[dwI].Attributes \|= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	531 backup_found = true;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	532 continue;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	533 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	534 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	535 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	536 break;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	537 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	538 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	539
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	540 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	541 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	542 if(!AdjustTokenPrivileges (hToken, 0, psToken, token_size, NULL, NULL))
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	543 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	544 PRINTLASTERROR ("Failed to adjust token privileges.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	545 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	546 else
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	547 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	548 retval = true;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	549 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	550 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	551
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	552 done:
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	553 if (hToken != NULL)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	554 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	555 CloseHandle(hToken);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	556 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	557 xfree(psToken);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	558 return retval;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	559 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	560
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	561 /**@brief Register NSS process as runOnce for other users
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	562 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	563 * Loads the registry hives of other users on the system and
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	564 * adds a RunOnce registry key to start the NSS process to
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	565 * install the current selection on their next login.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	566 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	567 * This should avoid conflicts with their firefox / thunderbird
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	568 * while making the certificates available for their applications.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	569 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	570 * This function needs SE_BACKUP_NAME and SE_RESTORE_NAME
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	571 * privileges.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	572 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	573 * @param [in] selection_file filename of the file containing
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	574 * the users install / remove selection.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	575 */
676 cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	576 static void
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	577 register_proccesses_for_others (wchar_t *selection_file)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	578 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	579 char **hives = locate_other_hives();
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	580 int i = 0;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	581 wchar_t *run_command = NULL;
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	582
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	583 if (hives == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	584 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	585 DEBUGPRINTF ("No hives found.");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	586 return;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	587 }
676 cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	588
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	589 if (!get_backup_restore_priv())
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	590 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	591 ERRORPRINTF ("Failed to obtain backup / restore privileges.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	592 return;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	593 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	594
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	595 run_command = get_command_line (selection_file);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	596 for (i = 0; hives[i] != NULL; i++)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	597 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	598 LONG ret = 0;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	599 wchar_t *hivepath = utf8_to_wchar (hives[i], strlen(hives[i]));
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	600 HKEY key_handle = NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	601
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	602 if (hivepath == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	603 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	604 ERRORPRINTF ("Failed to read hive path");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	605 continue;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	606 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	607 ret = RegLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive", hivepath);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	608
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	609 xfree (hivepath);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	610 hivepath = NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	611
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	612 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	613 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	614 /* This is somewhat expected if the registry is not located
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	615 in the standard location. Failure is accepted in that case. */
677 85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	616 SetLastError((DWORD)ret);
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	617 PRINTLASTERROR ("Failed to load hive.");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	618 continue;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	619 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	620
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	621 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE,
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	622 APPNAME L"_tmphive\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	623 0,
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	624 KEY_WRITE,
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	625 &key_handle);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	626
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	627 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	628 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	629 ERRORPRINTF ("Failed to find RunOnce key in other registry.");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	630 RegUnLoadKey (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	631 continue;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	632 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	633
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	634 ret = RegSetValueExW (key_handle, APPNAME, 0, REG_SZ, (LPBYTE) run_command,
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	635 (wcslen(run_command) + 1) * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	636
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	637 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	638 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	639 ERRORPRINTF ("Failed to write RunOnce key.");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	640 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	641
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	642 RegCloseKey (key_handle);
677 85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	643 ret = RegUnLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	644 if (ret != ERROR_SUCCESS)
85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	645 {
85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	646 SetLastError ((DWORD)ret);
85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	647 PRINTLASTERROR ("Failed to unload hive.");
85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	648 }
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	649 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	650
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	651 xfree (run_command);
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	652 strv_free (hives);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	653 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	654
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	655 /**@brief Start the process to install / remove
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	656 *
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	657 * Starts the NSS installation process for the current user
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	658 *
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	659 * @param [in] selection_file filename of the file containing
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	660 * the users install / remove selection.
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	661 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	662 * @returns true on success, false on error.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	663 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	664 static bool
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	665 start_procces_for_user (wchar_t *selection_file)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	666 {
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	667 HANDLE hToken = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	668 LPWSTR lpApplicationPath = NULL,
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	669 lpCommandLine = NULL;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	670 PROCESS_INFORMATION piProcInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	671 STARTUPINFOW siStartInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	672 BOOL success = FALSE;
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	673 char *install_dir = get_install_dir();
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	674 wchar_t *w_inst_dir;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	675 size_t w_path_len = 0;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	676
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	677 if (!selection_file)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	678 {
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	679 ERRORPRINTF ("Invalid call\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	680 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	681 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	682
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	683 /* Set up the application path. It's installdir + NSS_APP_NAME */
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	684 if (install_dir == NULL)
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	685 {
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	686 ERRORPRINTF ("Failed to get installation directory");
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	687 return FALSE;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	688 }
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	689
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	690 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	691 xfree (install_dir);
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	692 install_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	693
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	694 w_path_len = wcslen(w_inst_dir) + wcslen(L"\\" NSS_APP_NAME) + 1;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	695 lpApplicationPath = xmalloc(w_path_len * sizeof (wchar_t));
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	696 wcscpy_s (lpApplicationPath, w_path_len, w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	697 xfree (w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	698 w_inst_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	699 wcscat_s (lpApplicationPath, w_path_len, L"\\" NSS_APP_NAME);
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	700
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	701 /* set up handles. stdin and stdout go to the same stdout*/
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	702 siStartInfo.cb = sizeof (STARTUPINFO);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	703
824 a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	704 if (is_elevated())
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	705 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	706 /* Start the child process as normal user */
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	707 hToken = get_restricted_token ();
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	708 if (hToken == NULL)
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	709 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	710 ERRORPRINTF ("Failed to get user level token.");
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	711 return false;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	712 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	713 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	714 else if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	715 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	716 PRINTLASTERROR("Failed to get current handle.");
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	717 xfree (lpApplicationPath);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	718 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	719 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	720
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	721 lpCommandLine = get_command_line (selection_file);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	722
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	723 if (lpCommandLine == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	724 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	725 ERRORPRINTF ("Failed to build command line.");
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	726 xfree (lpApplicationPath);
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	727 return false;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	728 }
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	729
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	730 DEBUGPRINTF ("Starting %S with command line %S\n", lpApplicationPath, lpCommandLine);
392 8090a1bc1b5b Add a space in the command line Andre Heinecke <andre.heinecke@intevation.de> parents: 391 diff changeset	731
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	732 success = CreateProcessAsUserW (hToken,
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	733 lpApplicationPath,
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	734 lpCommandLine, /* Commandline */
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	735 NULL, /* Process attributes. Take hToken */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	736 NULL, /* Thread attribues. Take hToken */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	737 FALSE, /* Inherit Handles */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	738 0, /* Creation flags. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	739 NULL, /* Inherit environment */
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	740 NULL, /* Current working directory */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	741 &siStartInfo,
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	742 &piProcInfo);
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	743 xfree (lpApplicationPath);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	744 xfree (lpCommandLine);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	745 if (!success)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	746 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	747 PRINTLASTERROR ("Failed to create process.\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	748 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	749 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	750
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	751 if (WaitForSingleObject (piProcInfo.hProcess, PROCESS_TIMEOUT) != WAIT_OBJECT_0)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	752 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	753 /* Should not happen... */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	754 ERRORPRINTF ("Failed to wait for process.\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	755 if (piProcInfo.hProcess)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	756 CloseHandle (piProcInfo.hProcess);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	757 if (piProcInfo.hThread)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	758 CloseHandle (piProcInfo.hThread);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	759 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	760 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	761 if (piProcInfo.hProcess)
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	762 CloseHandle (piProcInfo.hProcess);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	763 if (piProcInfo.hThread)
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	764 CloseHandle (piProcInfo.hThread);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	765 return true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	766 }
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	767
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	768 /**@brief Create a directory with restricted access rights
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	769 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	770 * This creates a security attributes structure that restricts
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	771 * write access to the Administrators group but allows everyone to read files
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	772 * in that directory.
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	773 * Basically a very complicated version of mkdir path -m 644
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	774 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	775 * If the directory exists the permissions of that directory are checked if
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	776 * they are acceptable and true or false is returned accordingly.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	777 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	778 * Code based on msdn example:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	779 * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	780 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	781 * @param[in] path Path of the directory to create
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	782 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	783 * @returns true on success of if the directory exists, false on error
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	784 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	785 bool
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	786 create_restricted_directory (LPWSTR path)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	787 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	788 bool retval = false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	789 PSID everyone_SID = NULL,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	790 admin_SID = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	791 PACL access_control_list = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	792 PSECURITY_DESCRIPTOR descriptor = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	793 EXPLICIT_ACCESS explicit_access[2];
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	794 SID_IDENTIFIER_AUTHORITY world_identifier = {SECURITY_WORLD_SID_AUTHORITY},
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	795 admin_identifier = {SECURITY_NT_AUTHORITY};
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	796 SECURITY_ATTRIBUTES security_attributes;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	797
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	798 ZeroMemory(&security_attributes, sizeof(security_attributes));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	799 ZeroMemory(&explicit_access, 2 * sizeof(EXPLICIT_ACCESS));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	800
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	801 /* Create a well-known SID for the Everyone group. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	802 if(!AllocateAndInitializeSid(&world_identifier, /* top-level identifier */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	803 1, /* subauthorties count */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	804 SECURITY_WORLD_RID, /* Only one authority */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	805 0, 0, 0, 0, 0, 0, 0, /* No other authorities*/
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	806 &everyone_SID))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	807 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	808 PRINTLASTERROR ("Failed to allocate world sid.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	809 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	810 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	811
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	812 /* Initialize the first EXPLICIT_ACCESS structure for an ACE.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	813 to allow everyone read access */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	814 explicit_access[0].grfAccessPermissions = GENERIC_READ; /* Give read access */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	815 explicit_access[0].grfAccessMode = SET_ACCESS; /* Overwrite other access for all users */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	816 explicit_access[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; /* make it stick */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	817 explicit_access[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	818 explicit_access[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	819 explicit_access[0].Trustee.ptstrName = (LPTSTR) everyone_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	820
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	821 /* Create the SID for the BUILTIN\Administrators group. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	822 if(!AllocateAndInitializeSid(&admin_identifier,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	823 2,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	824 SECURITY_BUILTIN_DOMAIN_RID, /BUILTIN\ /
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	825 DOMAIN_ALIAS_RID_ADMINS, /\Administrators /
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	826 0, 0, 0, 0, 0, 0, /* No other */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	827 &admin_SID))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	828 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	829 PRINTLASTERROR ("Failed to allocate admin sid.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	830 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	831 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	832
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	833 /* explicit_access[1] grants admins full rights for this object and inherits
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	834 it to the children */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	835 explicit_access[1].grfAccessPermissions = GENERIC_ALL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	836 explicit_access[1].grfAccessMode = SET_ACCESS;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	837 explicit_access[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	838 explicit_access[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	839 explicit_access[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	840 explicit_access[1].Trustee.ptstrName = (LPTSTR) admin_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	841
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	842 /* Set up the ACL structure. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	843 if (ERROR_SUCCESS != SetEntriesInAcl(2, explicit_access, NULL, &access_control_list))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	844 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	845 PRINTLASTERROR ("Failed to set up Acl.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	846 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	847 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	848
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	849 /* Initialize a security descriptor */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	850 descriptor = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	851 SECURITY_DESCRIPTOR_MIN_LENGTH);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	852 if (descriptor == NULL)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	853 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	854 PRINTLASTERROR("Failed to allocate descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	855 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	856 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	857
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	858 if (!InitializeSecurityDescriptor(descriptor,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	859 SECURITY_DESCRIPTOR_REVISION))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	860 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	861 PRINTLASTERROR("Failed to initialize descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	862 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	863 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	864
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	865 /* Now we add the ACL to the the descriptor */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	866 if (!SetSecurityDescriptorDacl(descriptor,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	867 TRUE, /* bDaclPresent flag */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	868 access_control_list,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	869 FALSE)) /* not a default DACL */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	870 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	871 PRINTLASTERROR("Failed to set security descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	872 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	873 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	874
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	875 /* Finally set up the security attributes structure */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	876 security_attributes.nLength = sizeof (SECURITY_ATTRIBUTES);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	877 security_attributes.lpSecurityDescriptor = descriptor;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	878 security_attributes.bInheritHandle = FALSE;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	879
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	880 /* Use the security attributes to create the directory */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	881 if (!CreateDirectoryW(path, &security_attributes))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	882 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	883 DWORD err = GetLastError();
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	884 if (err == ERROR_ALREADY_EXISTS)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	885 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	886 /* Verify that the directory has the correct rights */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	887 // TODO
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	888 retval = true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	889 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	890 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	891 ERRORPRINTF ("Failed to create directory. Err: %lu", err);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	892 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	893 retval = true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	894
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	895 done:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	896
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	897 if (everyone_SID)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	898 FreeSid(everyone_SID);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	899 if (admin_SID)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	900 FreeSid(admin_SID);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	901 if (access_control_list)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	902 LocalFree(access_control_list);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	903 if (descriptor)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	904 LocalFree(descriptor);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	905
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	906 return retval;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	907 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	908
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	909 /**@brief Writes the selection file containing the instructions
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	910 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	911 * If the process is running elevated the instructions are
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	912 * written to the global ProgramData directory otherwise
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	913 * they are written in the temporary directory of the current user.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	914 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	915 * If the return value is not NULL it needs to be freed by the caller.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	916 * The returned path will contain backslashes as directory seperators.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	917 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	918 * @param[in] to_install Certificates that should be installed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	919 * @param[in] to_remove Certificates that should be removed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	920 * @returns pointer to the absolute filename of the selection file or NULL
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	921 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	922 wchar_t *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	923 write_selection_file (char to_install, char to_remove)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	924 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	925 wchar_t *folder_name = NULL,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	926 *path = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	927 bool elevated = is_elevated();
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	928 HRESULT result = E_FAIL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	929 HANDLE hFile = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	930 size_t path_len;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	931
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	932 if (!elevated)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	933 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	934 /* TODO */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	935 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	936
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	937 result = SHGetKnownFolderPath (&FOLDERID_ProgramData, /* Get program data dir */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	938 KF_FLAG_CREATE \| /* Create if it does not exist */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	939 KF_FLAG_INIT, /* Initialize it if created */
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	940 INVALID_HANDLE_VALUE, /* Get it for the default user */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	941 &folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	942
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	943 if (result != S_OK)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	944 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	945 PRINTLASTERROR ("Failed to get folder path");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	946 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	947 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	948
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	949 path_len = wcslen (folder_name) + wcslen (APPNAME) + 2; /* path + dirsep + \0 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	950 path_len += wcslen (SELECTION_FILE_NAME) + 1; /* filename + dirsep */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	951
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	952 if (path_len >= MAX_PATH)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	953 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	954 /* We could go and use the full 32,767 characters but this
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	955 should be a very weird setup if this is neccessary. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	956 ERRORPRINTF ("Path too long.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	957 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	958 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	959
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	960 path = xmalloc (path_len * sizeof (wchar_t));
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	961 if (wcscpy_s (path, path_len, folder_name) != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	962 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	963 ERRORPRINTF ("Failed to copy folder name.\n");
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	964
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	965 CoTaskMemFree (folder_name);
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	966
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	967 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	968 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	969
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	970 CoTaskMemFree (folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	971
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	972 if (wcscat_s (path, path_len, L"\\") != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	973 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	974 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	975 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	976 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	977 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	978
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	979 if (wcscat_s (path, path_len, APPNAME) != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	980 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	981 ERRORPRINTF ("Failed to cat appname.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	982 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	983 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	984 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	985
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	986 /* Security: if someone has created this directory before
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	987 it might be a symlink to another place that a users
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	988 wants us to grant read access to or makes us overwrite
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	989 something */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	990 if(!create_restricted_directory (path))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	991 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	992 ERRORPRINTF ("Failed to create directory\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	993 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	994 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	995 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	996
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	997 if (wcscat_s (path, path_len, L"\\") != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	998 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	999 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1000 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1001 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1002 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1003
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	1004 if (wcscat_s (path, path_len, SELECTION_FILE_NAME) != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1005 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1006 ERRORPRINTF ("Failed to cat filename.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1007 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1008 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1009 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1010
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1011 hFile = CreateFileW(path,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1012 GENERIC_WRITE,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1013 0, /* don't share */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1014 NULL, /* use the security attributes from the folder */
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	1015 OPEN_ALWAYS \| TRUNCATE_EXISTING,
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1016 0,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1017 NULL);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1018
502 e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1019 if (hFile == INVALID_HANDLE_VALUE && GetLastError() == ERROR_FILE_NOT_FOUND)
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1020 {
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1021 hFile = CreateFileW(path,
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1022 GENERIC_WRITE,
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1023 0, /* don't share */
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1024 NULL, /* use the security attributes from the folder */
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1025 CREATE_NEW,
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1026 0,
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1027 NULL);
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1028 }
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1029 if (hFile == INVALID_HANDLE_VALUE)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1030 {
502 e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1031 PRINTLASTERROR ("Failed to create file\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1032 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1033 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1034 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1035 if (!write_instructions (to_install, hFile, false))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1036 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1037 ERRORPRINTF ("Failed to write install instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1038 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1039 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1040 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1041 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1042 if (!write_instructions (to_remove, hFile, true))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1043 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1044 ERRORPRINTF ("Failed to write remove instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1045 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1046 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1047 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1048 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1049 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1050
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1051 return path;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1052 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1053
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1054 int
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1055 write_stores_nss (char to_install, char to_remove)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1056 {
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1057 wchar_t *selection_file_name = NULL;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1058
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1059 selection_file_name = write_selection_file (to_install, to_remove);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1060 if (!selection_file_name)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1061 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1062 ERRORPRINTF ("Failed to write instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1063 return -1;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1064 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1065
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1066 DEBUGPRINTF ("Wrote selection file. Loc: %S\n", selection_file_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1067
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	1068 if (is_elevated())
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	1069 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	1070 register_proccesses_for_others (selection_file_name);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	1071 }
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1072
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1073 if (!start_procces_for_user (selection_file_name))
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1074 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1075 ERRORPRINTF ("Failed to run NSS installation process.\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1076 xfree(selection_file_name);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1077 return -1;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1078 }
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1079 xfree(selection_file_name);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1080 return 0;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1081 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1082
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1083 #endif

Mercurial > trustbridge

annotate cinst/nssstore_win.c @ 825:24e1e47e2d1a