trustbridge: cinst/nssstore

annotate cinst/nssstore_win.c @ 831:747a48996c1f

(Issue13) Precompile uninstaller Create-dist-packge now creates a temporary installer that only writes the uninstaller. Then it excutes this installer (using wine) to create the uninstaller. That uninstaller is then packaged normaly and packaged instead of the written uninstaller.

author	Andre Heinecke <andre.heinecke@intevation.de>
date	Thu, 24 Jul 2014 15:59:00 +0200
parents	4aa33c408776
children	216a65d7fc4b

rev	line source
404 17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	3 *
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	6 * See LICENSE.txt for details.
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	7 */
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	8 #ifdef WIN32
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	9
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	10 /* @file
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	11 @brief Windows implementation of nssstore process control.
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	12
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	13 The windows process will write an instructions file for
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	14 the mozilla process into the current users temp directory
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	15 (%APPDATA%/Local/Temp/) and start the NSS installation process to
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	16 exectute those instructions. If the current process is elevated
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	17 the NSS process is run with a restricted token.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	18 The execution of the mozilla process is not monitored.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	19 You have to refer to the system log to check which certificates were
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	20 installed / removed by it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	21
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	22 If the installation process is running elevated it
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	23 will create the file in the ProgramData directory in
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	24 a subdirectory with the defined application name.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	25 %PROGRAMDATA%/$APPLICATION_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	26 with the file name:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	27 current_selection.txt
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	28 The folder will have restricted permissions so
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	29 that only Administrators are allowed to access it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	30
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	31 Additionally if this process is Elevated it also starts the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	32 NSS installation process in default profile mode once to change
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	33 the default NSS certificate databases for new profiles.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	34
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	35 The process then adds a new RunOnce registry key
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	36 for each user on the system that executes the NSS installation
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	37 process on login to make sure it is launched once in the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	38 security context of that user.
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	39 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	40
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	41 #include <windows.h>
824 a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	42 #include <winsafer.h>
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	43 #include <sddl.h>
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	44 #include <stdio.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	45 #include <stdbool.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	46 #include <userenv.h>
329 b1059360a0c7 Debugprintf with output debug string on windows. Andre Heinecke <aheinecke@intevation.de> parents: 324 diff changeset	47 #include <io.h>
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	48 #include <accctrl.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	49 #include <aclapi.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	50 #include <shlobj.h>
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	51
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	52 #include "logging.h"
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	53 #include "util.h"
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	54 #include "strhelp.h"
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	55
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	56 #ifndef APPNAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	57 #define APPNAME L"cinst"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	58 #endif
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	59
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	60 /*@def The name of the nss installation process /
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	61 #define NSS_APP_NAME L"mozilla.exe"
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	62
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	63 #ifndef SELECTION_FILE_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	64 #define SELECTION_FILE_NAME L"currently_selected.txt"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	65 #endif
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	66
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	67 /*@def The maximum time to wait for the NSS Process /
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	68 #define PROCESS_TIMEOUT 30000
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	69
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	70 /*@def The registry key to look for user profile directories /
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	71 #define PROFILE_LIST L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	72
824 a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	73 /** @brief get a restricted access token to execute nss process
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	74 *
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	75 * This function uses the Software Restriction API to obtain the
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	76 * access token for a process run als normal user.
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	77 *
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	78 * @returns A restricted handle or NULL on error.
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	79 */
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	80 static HANDLE
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	81 get_restricted_token()
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	82 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	83 SAFER_LEVEL_HANDLE user_level = NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	84 HANDLE retval = NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	85 if (!SaferCreateLevel(SAFER_SCOPEID_USER,
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	86 SAFER_LEVELID_NORMALUSER,
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	87 SAFER_LEVEL_OPEN, &user_level, NULL))
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	88 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	89 PRINTLASTERROR ("Failed to create user level.\n");
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	90 return NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	91 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	92
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	93 if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL))
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	94 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	95 SaferCloseLevel(user_level);
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	96 return NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	97 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	98
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	99 return retval;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	100 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	101
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	102 /**@brief Write strv of instructions to a handle
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	103 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	104 * Writes the null terminated list of instructions to
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	105 * the handle.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	106 *
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	107 * @param [in] certificates base64 encoded der certificate to write
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	108 * @param [in] write_handle handle to write to
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	109 * @param [in] remove weather the certificate should be installed or removed
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	110 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	111 * @returns true on success, false on failure
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	112 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	113 static bool
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	114 write_instructions(char **certificates, HANDLE write_handle,
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	115 bool remove)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	116 {
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	117 bool retval = false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	118 int i = 0;
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	119 const char *line_end = "\r\n";
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	120 char *line_start = NULL;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	121
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	122 if (!certificates)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	123 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	124 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	125 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	126
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	127 line_start = remove ? "R:" : "I:";
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	128
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	129 for (i = 0; certificates[i]; i++)
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	130 {
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	131 DWORD written = 0;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	132 DWORD inst_len = strlen (certificates[i]);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	133 retval = WriteFile (write_handle, (LPCVOID) line_start, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	134 if (!retval)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	135 {
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	136 PRINTLASTERROR ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	137 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	138 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	139 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	140 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	141 ERRORPRINTF ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	142 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	143 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	144 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	145 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	146 retval = WriteFile (write_handle, (LPCVOID) certificates[i], inst_len, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	147 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	148 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	149 PRINTLASTERROR ("Failed to write certificate\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	150 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	151 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	152 if (inst_len != written)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	153 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	154 ERRORPRINTF ("Failed to write everything\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	155 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	156 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	157 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	158 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	159 retval = WriteFile (write_handle, (LPCVOID) line_end, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	160 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	161 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	162 PRINTLASTERROR ("Failed to write line end\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	163 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	164 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	165 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	166 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	167 ERRORPRINTF ("Failed to write full line end\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	168 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	169 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	170 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	171 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	172 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	173 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	174
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	175 /**@brief Read (and expand if necessary) a registry string.
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	176 *
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	177 * Reads a registry string and calls ExpandEnvironmentString
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	178 * if necessary on it. Returns a newly allocated string array
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	179 * with the expanded registry value converted to UTF-8
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	180 *
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	181 * Caller has to free return value with free.
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	182 *
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	183 * @param [in] root the root key (e.g. HKEY_LOCAL_MACHINE)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	184 * @param [in] key the key
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	185 * @param [in] name the name of the value to read.
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	186 *
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	187 * @returns the expanded, null terminated utf-8 string of the value.
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	188 * or NULL on error.
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	189 */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	190 static char*
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	191 read_registry_string (const HKEY root, const wchar_t *key,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	192 const wchar_t *name)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	193 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	194 HKEY key_handle = NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	195 DWORD size = 0,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	196 type = 0,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	197 ex_size = 0,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	198 dwRet = 0;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	199 LONG ret = 0;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	200 char *retval = NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	201 wchar_t *buf = NULL,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	202 *ex_buf = NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	203 if (root == NULL \|\| key == NULL \|\| name == NULL)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	204 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	205 ERRORPRINTF ("Invalid call to read_registry_string");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	206 return NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	207 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	208
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	209 ret = RegOpenKeyExW (root, key, 0, KEY_READ, &key_handle);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	210 if (ret != ERROR_SUCCESS)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	211 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	212 ERRORPRINTF ("Failed to open key.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	213 return NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	214 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	215
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	216 /* Get the size */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	217 ret = RegQueryValueExW (key_handle, name, 0, NULL, NULL, &size);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	218 if (ret != ERROR_MORE_DATA && !(ret == ERROR_SUCCESS && size != 0))
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	219 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	220 ERRORPRINTF ("Failed to get required registry size.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	221 return retval;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	222 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	223
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	224 /* Size is size in bytes not in characters */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	225 buf = xmalloc (size + sizeof(wchar_t));
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	226
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	227 /* If the stored value is not zero terminated the returned value also
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	228 is not zero terminated. That's why we reserve more and ensure it's
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	229 initialized. */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	230 memset (buf, 0, size + sizeof(wchar_t));
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	231
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	232 ret = RegQueryValueExW (key_handle, name, 0, &type, (LPBYTE) buf, &size);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	233 if (ret != ERROR_SUCCESS)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	234 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	235 ERRORPRINTF ("Failed get registry value.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	236 return retval;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	237 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	238
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	239 if (type == REG_SZ \|\| (type == REG_EXPAND_SZ && wcschr (buf, '%') == NULL))
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	240 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	241 /* Nothing to expand, we are done */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	242 retval = wchar_to_utf8 (buf, wcslen (buf));
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	243 goto done;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	244 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	245
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	246 if (type != REG_EXPAND_SZ)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	247 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	248 ERRORPRINTF ("Unhandled registry type %i", type);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	249 goto done;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	250 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	251
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	252 /* Expand the registry string */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	253 ex_size = ExpandEnvironmentStringsW (buf, NULL, 0);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	254
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	255 if (ex_size == 0)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	256 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	257 PRINTLASTERROR ("Failed to determine expanded environment size.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	258 goto done;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	259 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	260
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	261 ex_buf = xmalloc ((ex_size + 1) * sizeof(wchar_t));
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	262
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	263 dwRet = ExpandEnvironmentStringsW (buf, ex_buf, ex_size);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	264
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	265 ex_buf[ex_size] = '\0'; /* Make sure it's a string */
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	266
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	267 if (dwRet == 0 \|\| dwRet != ex_size)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	268 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	269 PRINTLASTERROR ("Failed to expand environment variables.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	270 goto done;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	271 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	272
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	273 retval = wchar_to_utf8 (ex_buf, ex_size);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	274
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	275 done:
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	276 xfree (ex_buf);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	277 xfree (buf);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	278
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	279 RegCloseKey (key_handle);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	280 return retval;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	281 }
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	282 /**@brief Get the path to all users default registry hive
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	283 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	284 * Enumerates the keys in #PROFILE_LIST and retuns a
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	285 * strv array with the utf-8 encoded paths to their suggested
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	286 * registry hive location.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	287 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	288 * Users with an SID not starting with S-1-5-21- are ignored
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	289 * as is the current user.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	290 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	291 * Use strv_free to free that array.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	292 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	293 * @returns a newly allocated strv of the paths to the registry hives or NULL
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	294 */
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	295 static char**
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	296 locate_other_hives()
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	297 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	298 HKEY profile_list = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	299 int ret = 0;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	300 DWORD index = 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	301 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	302 /* According to
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	303 http://msdn.microsoft.com/en-us/library/windows/desktop/ms724872%28v=vs.85%29.aspx
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	304 a registry key is limited to 255 characters. But according to
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	305 http://www.sepago.de/e/holger/2010/07/20/how-long-can-a-registry-key-name-really-be
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	306 the actual limit is 256 + \0 thus we create a buffer for 257 wchar_t's*/
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	307 wchar_t key_name[257],
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	308 *current_user_sid = NULL;
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	309 char **retval = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	310 bool error = true;
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	311 PSID current_user = NULL;
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	312
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	313 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE, PROFILE_LIST, 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	314 KEY_READ, &profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	315 if (ret != ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	316 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	317 ERRORPRINTF ("Failed to open profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	318 return NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	319 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	320
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	321 /* Obtain the current user sid to prevent it from being returned. */
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	322 current_user = get_process_owner (GetCurrentProcess());
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	323
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	324 if (!current_user)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	325 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	326 ERRORPRINTF ("Failed to get the current user.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	327 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	328 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	329
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	330 if (!ConvertSidToStringSidW (current_user, &current_user_sid))
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	331 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	332 PRINTLASTERROR ("Failed to convert sid to string.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	333 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	334 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	335
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	336 while ((ret = RegEnumKeyExW (profile_list, index++,
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	337 key_name, &key_len,
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	338 NULL, NULL, NULL, NULL)) == ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	339 {
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	340 char *profile_path = NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	341 wchar_t *key_path = NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	342 size_t key_path_len = 0,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	343 profile_path_len = 0;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	344
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	345 if (key_len == 257)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	346 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	347 ERRORPRINTF ("Registry key too long.");
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	348 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	349 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	350
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	351 /* Reset key_len to buffer size */
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	352 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	353
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	354 if (wcsncmp (L"S-1-5-21-", key_name, 9) != 0 \|\|
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	355 wcscmp (current_user_sid, key_name) == 0)
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	356 {
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	357 /* S-1-5-21 is the well known prefix for local users. Skip all
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	358 others and the current user*/
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	359 continue;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	360 }
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	361
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	362 key_path_len = key_len + wcslen(PROFILE_LIST L"\\") + 1;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	363 key_path = xmalloc (key_path_len * sizeof (wchar_t));
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	364
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	365 wcscpy_s (key_path, key_path_len, PROFILE_LIST L"\\");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	366 wcscat_s (key_path, key_path_len, key_name);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	367 key_path[key_len - 1] = '\0';
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	368
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	369 DEBUGPRINTF ("Key : %S", key_name);
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	370 profile_path = read_registry_string (HKEY_LOCAL_MACHINE,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	371 key_path, L"ProfileImagePath");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	372 xfree (key_path);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	373
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	374 if (profile_path == NULL)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	375 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	376 ERRORPRINTF ("Failed to get profile path.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	377 continue;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	378 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	379 profile_path_len = strlen (profile_path);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	380 str_append_str (&profile_path, &profile_path_len, "\\ntuser.dat", 11);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	381
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	382 strv_append (&retval, profile_path, profile_path_len);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	383 DEBUGPRINTF ("Trying to access registry hive: %s", profile_path);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	384
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	385 xfree (profile_path);
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	386 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	387
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	388 if (ret != ERROR_NO_MORE_ITEMS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	389 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	390 ERRORPRINTF ("Failed to enumeratre profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	391 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	392 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	393
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	394 error = false;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	395
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	396 done:
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	397 xfree (current_user);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	398
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	399 RegCloseKey (profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	400
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	401 if (current_user_sid)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	402 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	403 LocalFree (current_user_sid);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	404 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	405
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	406 if (error)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	407 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	408 strv_free (retval);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	409 retval = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	410 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	411
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	412 return retval;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	413 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	414
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	415 /** @brief Build the command line for the NSS installation process
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	416 *
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	417 * Caller has to free the return value
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	418 *
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	419 * @param [in] selection_file the certificates to install
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	420 *
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	421 * @returns the command line to install the certificates. */
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	422 static wchar_t*
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	423 get_command_line(wchar_t *selection_file)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	424 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	425 LPWSTR retval;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	426 char *install_dir = get_install_dir();
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	427 wchar_t *w_inst_dir;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	428 size_t cmd_line_len = 0;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	429
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	430 if (install_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	431 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	432 ERRORPRINTF ("Failed to get installation directory");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	433 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	434 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	435
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	436 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	437 xfree (install_dir);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	438
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	439 if (w_inst_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	440 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	441 ERRORPRINTF ("Failed to convert installation directory");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	442 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	443 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	444
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	445 /* installdir + dirsep + quotes + process name + space + quotes + selection_file
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	446 + NULL */
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	447 cmd_line_len = wcslen (w_inst_dir) + 1 + 2 + wcslen (NSS_APP_NAME) +
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	448 + 1 + 2 + wcslen(selection_file) + 1;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	449 retval = xmalloc (cmd_line_len * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	450
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	451 wcscpy_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	452 wcscat_s (retval, cmd_line_len, w_inst_dir);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	453 wcscat_s (retval, cmd_line_len, L"\\");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	454 wcscat_s (retval, cmd_line_len, NSS_APP_NAME);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	455 wcscat_s (retval, cmd_line_len, L"\" \"");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	456 wcscat_s (retval, cmd_line_len, selection_file);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	457 wcscat_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	458
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	459 return retval;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	460 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	461
676 cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	462 /** @brief Increase the privileges of the current token to allow registry access
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	463 *
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	464 * To load another users registry you need SE_BACKUP_NAME and SE_RESTORE_NAME
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	465 * privileges. Normally if we are running elevated we can obtain them.
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	466 *
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	467 * @returns true if the privileges could be obtained. False otherwise
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	468 */
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	469 static bool
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	470 get_backup_restore_priv()
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	471 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	472 HANDLE hToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	473 PTOKEN_PRIVILEGES psToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	474 DWORD token_size = 0,
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	475 dwI = 0,
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	476 token_size_new = 0,
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	477 privilege_size = 128;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	478 char privilege_name[128];
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	479 bool retval = false;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	480 bool backup_found = false;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	481 bool restore_found = false;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	482
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	483
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	484 if (!OpenProcessToken (GetCurrentProcess(),
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	485 TOKEN_ADJUST_PRIVILEGES \| TOKEN_QUERY, &hToken))
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	486 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	487 PRINTLASTERROR ("Failed to get process token.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	488 return false;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	489 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	490
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	491 /* Get the size for the token */
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	492 GetTokenInformation (hToken, TokenPrivileges, NULL, 0, &token_size);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	493 if (token_size == 0)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	494 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	495 PRINTLASTERROR ("Failed to get token size.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	496 goto done;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	497 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	498
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	499 psToken = xmalloc(token_size);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	500
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	501 if (!GetTokenInformation (hToken, TokenPrivileges, psToken, token_size, &token_size_new))
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	502 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	503 PRINTLASTERROR ("Failed to get token information.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	504 goto done;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	505 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	506
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	507 if (token_size != token_size_new)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	508 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	509 ERRORPRINTF ("Size changed.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	510 goto done;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	511 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	512
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	513 for(dwI = 0; dwI < psToken->PrivilegeCount; dwI++)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	514 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	515 privilege_size = sizeof (privilege_name);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	516 if (!LookupPrivilegeNameA (NULL, &psToken->Privileges[dwI].Luid,
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	517 privilege_name, &privilege_size))
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	518 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	519 PRINTLASTERROR ("Failed to lookup privilege name");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	520 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	521
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	522 if(strcmp(privilege_name, "SeRestorePrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	523 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	524 psToken->Privileges[dwI].Attributes \|= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	525 restore_found = true;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	526 continue;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	527 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	528 if(strcmp(privilege_name, "SeBackupPrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	529 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	530 psToken->Privileges[dwI].Attributes \|= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	531 backup_found = true;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	532 continue;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	533 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	534 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	535 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	536 break;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	537 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	538 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	539
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	540 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	541 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	542 if(!AdjustTokenPrivileges (hToken, 0, psToken, token_size, NULL, NULL))
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	543 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	544 PRINTLASTERROR ("Failed to adjust token privileges.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	545 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	546 else
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	547 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	548 retval = true;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	549 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	550 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	551
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	552 done:
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	553 if (hToken != NULL)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	554 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	555 CloseHandle(hToken);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	556 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	557 xfree(psToken);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	558 return retval;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	559 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	560
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	561 /**@brief Register NSS process as runOnce for other users
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	562 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	563 * Loads the registry hives of other users on the system and
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	564 * adds a RunOnce registry key to start the NSS process to
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	565 * install the current selection on their next login.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	566 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	567 * This should avoid conflicts with their firefox / thunderbird
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	568 * while making the certificates available for their applications.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	569 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	570 * This function needs SE_BACKUP_NAME and SE_RESTORE_NAME
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	571 * privileges.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	572 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	573 * @param [in] selection_file filename of the file containing
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	574 * the users install / remove selection.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	575 */
676 cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	576 static void
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	577 register_proccesses_for_others (wchar_t *selection_file)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	578 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	579 char **hives = locate_other_hives();
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	580 int i = 0;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	581 wchar_t *run_command = NULL;
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	582
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	583 if (hives == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	584 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	585 DEBUGPRINTF ("No hives found.");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	586 return;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	587 }
676 cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	588
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	589 if (!get_backup_restore_priv())
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	590 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	591 ERRORPRINTF ("Failed to obtain backup / restore privileges.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	592 return;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	593 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	594
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	595 run_command = get_command_line (selection_file);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	596 for (i = 0; hives[i] != NULL; i++)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	597 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	598 LONG ret = 0;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	599 wchar_t *hivepath = utf8_to_wchar (hives[i], strlen(hives[i]));
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	600 HKEY key_handle = NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	601
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	602 if (hivepath == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	603 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	604 ERRORPRINTF ("Failed to read hive path");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	605 continue;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	606 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	607 ret = RegLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive", hivepath);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	608
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	609 xfree (hivepath);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	610 hivepath = NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	611
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	612 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	613 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	614 /* This is somewhat expected if the registry is not located
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	615 in the standard location. Failure is accepted in that case. */
677 85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	616 SetLastError((DWORD)ret);
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	617 PRINTLASTERROR ("Failed to load hive.");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	618 continue;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	619 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	620
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	621 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE,
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	622 APPNAME L"_tmphive\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	623 0,
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	624 KEY_WRITE,
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	625 &key_handle);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	626
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	627 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	628 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	629 ERRORPRINTF ("Failed to find RunOnce key in other registry.");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	630 RegUnLoadKey (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	631 continue;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	632 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	633
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	634 ret = RegSetValueExW (key_handle, APPNAME, 0, REG_SZ, (LPBYTE) run_command,
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	635 (wcslen(run_command) + 1) * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	636
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	637 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	638 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	639 ERRORPRINTF ("Failed to write RunOnce key.");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	640 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	641
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	642 RegCloseKey (key_handle);
677 85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	643 ret = RegUnLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	644 if (ret != ERROR_SUCCESS)
85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	645 {
85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	646 SetLastError ((DWORD)ret);
85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	647 PRINTLASTERROR ("Failed to unload hive.");
85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	648 }
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	649 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	650
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	651 xfree (run_command);
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	652 strv_free (hives);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	653 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	654
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	655 /**@brief Start the process to install / remove
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	656 *
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	657 * Starts the NSS installation process for the current user
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	658 *
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	659 * @param [in] selection_file filename of the file containing
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	660 * the users install / remove selection.
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	661 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	662 * @returns true on success, false on error.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	663 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	664 static bool
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	665 start_procces_for_user (wchar_t *selection_file)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	666 {
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	667 HANDLE hToken = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	668 LPWSTR lpApplicationPath = NULL,
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	669 lpCommandLine = NULL;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	670 PROCESS_INFORMATION piProcInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	671 STARTUPINFOW siStartInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	672 BOOL success = FALSE;
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	673 char *install_dir = get_install_dir();
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	674 wchar_t *w_inst_dir;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	675 size_t w_path_len = 0;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	676
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	677 if (!selection_file)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	678 {
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	679 ERRORPRINTF ("Invalid call\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	680 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	681 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	682
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	683 /* Set up the application path. It's installdir + NSS_APP_NAME */
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	684 if (install_dir == NULL)
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	685 {
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	686 ERRORPRINTF ("Failed to get installation directory");
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	687 return FALSE;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	688 }
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	689
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	690 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	691 xfree (install_dir);
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	692 install_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	693
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	694 w_path_len = wcslen(w_inst_dir) + wcslen(L"\\" NSS_APP_NAME) + 1;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	695 lpApplicationPath = xmalloc(w_path_len * sizeof (wchar_t));
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	696 wcscpy_s (lpApplicationPath, w_path_len, w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	697 xfree (w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	698 w_inst_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	699 wcscat_s (lpApplicationPath, w_path_len, L"\\" NSS_APP_NAME);
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	700
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	701 /* set up handles. stdin and stdout go to the same stdout*/
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	702 siStartInfo.cb = sizeof (STARTUPINFO);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	703
824 a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	704 if (is_elevated())
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	705 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	706 /* Start the child process as normal user */
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	707 hToken = get_restricted_token ();
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	708 if (hToken == NULL)
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	709 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	710 ERRORPRINTF ("Failed to get user level token.");
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	711 return false;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	712 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	713 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	714 else if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	715 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	716 PRINTLASTERROR("Failed to get current handle.");
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	717 xfree (lpApplicationPath);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	718 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	719 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	720
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	721 lpCommandLine = get_command_line (selection_file);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	722
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	723 if (lpCommandLine == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	724 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	725 ERRORPRINTF ("Failed to build command line.");
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	726 xfree (lpApplicationPath);
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	727 return false;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	728 }
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	729
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	730 DEBUGPRINTF ("Starting %S with command line %S\n", lpApplicationPath, lpCommandLine);
392 8090a1bc1b5b Add a space in the command line Andre Heinecke <andre.heinecke@intevation.de> parents: 391 diff changeset	731
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	732 success = CreateProcessAsUserW (hToken,
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	733 lpApplicationPath,
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	734 lpCommandLine, /* Commandline */
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	735 NULL, /* Process attributes. Take hToken */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	736 NULL, /* Thread attribues. Take hToken */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	737 FALSE, /* Inherit Handles */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	738 0, /* Creation flags. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	739 NULL, /* Inherit environment */
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	740 NULL, /* Current working directory */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	741 &siStartInfo,
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	742 &piProcInfo);
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	743 xfree (lpApplicationPath);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	744 xfree (lpCommandLine);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	745 if (!success)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	746 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	747 PRINTLASTERROR ("Failed to create process.\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	748 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	749 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	750
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	751 if (WaitForSingleObject (piProcInfo.hProcess, PROCESS_TIMEOUT) != WAIT_OBJECT_0)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	752 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	753 /* Should not happen... */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	754 ERRORPRINTF ("Failed to wait for process.\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	755 if (piProcInfo.hProcess)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	756 CloseHandle (piProcInfo.hProcess);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	757 if (piProcInfo.hThread)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	758 CloseHandle (piProcInfo.hThread);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	759 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	760 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	761 if (piProcInfo.hProcess)
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	762 CloseHandle (piProcInfo.hProcess);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	763 if (piProcInfo.hThread)
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	764 CloseHandle (piProcInfo.hThread);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	765 return true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	766 }
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	767
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	768 /**@brief Create a directory with restricted access rights
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	769 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	770 * This creates a security attributes structure that restricts
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	771 * write access to the Administrators group but allows everyone to read files
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	772 * in that directory.
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	773 * Basically a very complicated version of mkdir path -m 644
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	774 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	775 * If the directory exists the permissions of that directory are checked if
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	776 * they are acceptable and true or false is returned accordingly.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	777 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	778 * Code based on msdn example:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	779 * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	780 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	781 * @param[in] path Path of the directory to create
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	782 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	783 * @returns true on success of if the directory exists, false on error
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	784 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	785 bool
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	786 create_restricted_directory (LPWSTR path)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	787 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	788 bool retval = false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	789 PSID everyone_SID = NULL,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	790 admin_SID = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	791 PACL access_control_list = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	792 PSECURITY_DESCRIPTOR descriptor = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	793 EXPLICIT_ACCESS explicit_access[2];
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	794 SID_IDENTIFIER_AUTHORITY world_identifier = {SECURITY_WORLD_SID_AUTHORITY},
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	795 admin_identifier = {SECURITY_NT_AUTHORITY};
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	796 SECURITY_ATTRIBUTES security_attributes;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	797
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	798 ZeroMemory(&security_attributes, sizeof(security_attributes));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	799 ZeroMemory(&explicit_access, 2 * sizeof(EXPLICIT_ACCESS));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	800
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	801 /* Create a well-known SID for the Everyone group. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	802 if(!AllocateAndInitializeSid(&world_identifier, /* top-level identifier */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	803 1, /* subauthorties count */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	804 SECURITY_WORLD_RID, /* Only one authority */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	805 0, 0, 0, 0, 0, 0, 0, /* No other authorities*/
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	806 &everyone_SID))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	807 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	808 PRINTLASTERROR ("Failed to allocate world sid.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	809 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	810 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	811
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	812 /* Initialize the first EXPLICIT_ACCESS structure for an ACE.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	813 to allow everyone read access */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	814 explicit_access[0].grfAccessPermissions = GENERIC_READ; /* Give read access */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	815 explicit_access[0].grfAccessMode = SET_ACCESS; /* Overwrite other access for all users */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	816 explicit_access[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; /* make it stick */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	817 explicit_access[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	818 explicit_access[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	819 explicit_access[0].Trustee.ptstrName = (LPTSTR) everyone_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	820
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	821 /* Create the SID for the BUILTIN\Administrators group. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	822 if(!AllocateAndInitializeSid(&admin_identifier,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	823 2,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	824 SECURITY_BUILTIN_DOMAIN_RID, /BUILTIN\ /
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	825 DOMAIN_ALIAS_RID_ADMINS, /\Administrators /
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	826 0, 0, 0, 0, 0, 0, /* No other */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	827 &admin_SID))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	828 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	829 PRINTLASTERROR ("Failed to allocate admin sid.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	830 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	831 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	832
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	833 /* explicit_access[1] grants admins full rights for this object and inherits
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	834 it to the children */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	835 explicit_access[1].grfAccessPermissions = GENERIC_ALL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	836 explicit_access[1].grfAccessMode = SET_ACCESS;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	837 explicit_access[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	838 explicit_access[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	839 explicit_access[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	840 explicit_access[1].Trustee.ptstrName = (LPTSTR) admin_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	841
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	842 /* Set up the ACL structure. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	843 if (ERROR_SUCCESS != SetEntriesInAcl(2, explicit_access, NULL, &access_control_list))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	844 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	845 PRINTLASTERROR ("Failed to set up Acl.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	846 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	847 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	848
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	849 /* Initialize a security descriptor */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	850 descriptor = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	851 SECURITY_DESCRIPTOR_MIN_LENGTH);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	852 if (descriptor == NULL)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	853 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	854 PRINTLASTERROR("Failed to allocate descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	855 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	856 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	857
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	858 if (!InitializeSecurityDescriptor(descriptor,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	859 SECURITY_DESCRIPTOR_REVISION))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	860 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	861 PRINTLASTERROR("Failed to initialize descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	862 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	863 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	864
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	865 /* Now we add the ACL to the the descriptor */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	866 if (!SetSecurityDescriptorDacl(descriptor,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	867 TRUE, /* bDaclPresent flag */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	868 access_control_list,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	869 FALSE)) /* not a default DACL */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	870 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	871 PRINTLASTERROR("Failed to set security descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	872 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	873 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	874
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	875 /* Finally set up the security attributes structure */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	876 security_attributes.nLength = sizeof (SECURITY_ATTRIBUTES);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	877 security_attributes.lpSecurityDescriptor = descriptor;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	878 security_attributes.bInheritHandle = FALSE;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	879
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	880 /* Use the security attributes to create the directory */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	881 if (!CreateDirectoryW(path, &security_attributes))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	882 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	883 DWORD err = GetLastError();
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	884 if (err == ERROR_ALREADY_EXISTS)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	885 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	886 /* Verify that the directory has the correct rights */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	887 // TODO
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	888 retval = true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	889 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	890 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	891 ERRORPRINTF ("Failed to create directory. Err: %lu", err);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	892 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	893 retval = true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	894
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	895 done:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	896
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	897 if (everyone_SID)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	898 FreeSid(everyone_SID);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	899 if (admin_SID)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	900 FreeSid(admin_SID);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	901 if (access_control_list)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	902 LocalFree(access_control_list);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	903 if (descriptor)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	904 LocalFree(descriptor);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	905
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	906 return retval;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	907 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	908
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	909 /**@brief Writes the selection file containing the instructions
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	910 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	911 * If the process is running elevated the instructions are
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	912 * written to the global ProgramData directory otherwise
826 4aa33c408776 Remove TODO windows gracefully handles the case where the data directory is not accessible. Andre Heinecke <andre.heinecke@intevation.de> parents: 825 diff changeset	913 * they are written in the directory of the current user.
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	914 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	915 * If the return value is not NULL it needs to be freed by the caller.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	916 * The returned path will contain backslashes as directory seperators.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	917 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	918 * @param[in] to_install Certificates that should be installed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	919 * @param[in] to_remove Certificates that should be removed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	920 * @returns pointer to the absolute filename of the selection file or NULL
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	921 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	922 wchar_t *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	923 write_selection_file (char to_install, char to_remove)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	924 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	925 wchar_t *folder_name = NULL,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	926 *path = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	927 HRESULT result = E_FAIL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	928 HANDLE hFile = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	929 size_t path_len;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	930
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	931 result = SHGetKnownFolderPath (&FOLDERID_ProgramData, /* Get program data dir */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	932 KF_FLAG_CREATE \| /* Create if it does not exist */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	933 KF_FLAG_INIT, /* Initialize it if created */
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	934 INVALID_HANDLE_VALUE, /* Get it for the default user */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	935 &folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	936
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	937 if (result != S_OK)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	938 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	939 PRINTLASTERROR ("Failed to get folder path");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	940 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	941 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	942
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	943 path_len = wcslen (folder_name) + wcslen (APPNAME) + 2; /* path + dirsep + \0 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	944 path_len += wcslen (SELECTION_FILE_NAME) + 1; /* filename + dirsep */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	945
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	946 if (path_len >= MAX_PATH)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	947 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	948 /* We could go and use the full 32,767 characters but this
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	949 should be a very weird setup if this is neccessary. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	950 ERRORPRINTF ("Path too long.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	951 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	952 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	953
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	954 path = xmalloc (path_len * sizeof (wchar_t));
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	955 if (wcscpy_s (path, path_len, folder_name) != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	956 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	957 ERRORPRINTF ("Failed to copy folder name.\n");
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	958
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	959 CoTaskMemFree (folder_name);
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	960
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	961 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	962 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	963
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	964 CoTaskMemFree (folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	965
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	966 if (wcscat_s (path, path_len, L"\\") != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	967 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	968 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	969 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	970 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	971 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	972
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	973 if (wcscat_s (path, path_len, APPNAME) != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	974 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	975 ERRORPRINTF ("Failed to cat appname.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	976 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	977 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	978 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	979
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	980 /* Security: if someone has created this directory before
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	981 it might be a symlink to another place that a users
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	982 wants us to grant read access to or makes us overwrite
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	983 something */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	984 if(!create_restricted_directory (path))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	985 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	986 ERRORPRINTF ("Failed to create directory\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	987 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	988 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	989 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	990
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	991 if (wcscat_s (path, path_len, L"\\") != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	992 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	993 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	994 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	995 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	996 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	997
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	998 if (wcscat_s (path, path_len, SELECTION_FILE_NAME) != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	999 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1000 ERRORPRINTF ("Failed to cat filename.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1001 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1002 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1003 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1004
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1005 hFile = CreateFileW(path,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1006 GENERIC_WRITE,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1007 0, /* don't share */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1008 NULL, /* use the security attributes from the folder */
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	1009 OPEN_ALWAYS \| TRUNCATE_EXISTING,
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1010 0,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1011 NULL);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1012
502 e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1013 if (hFile == INVALID_HANDLE_VALUE && GetLastError() == ERROR_FILE_NOT_FOUND)
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1014 {
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1015 hFile = CreateFileW(path,
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1016 GENERIC_WRITE,
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1017 0, /* don't share */
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1018 NULL, /* use the security attributes from the folder */
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1019 CREATE_NEW,
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1020 0,
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1021 NULL);
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1022 }
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1023 if (hFile == INVALID_HANDLE_VALUE)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1024 {
502 e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	1025 PRINTLASTERROR ("Failed to create file\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1026 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1027 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1028 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1029 if (!write_instructions (to_install, hFile, false))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1030 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1031 ERRORPRINTF ("Failed to write install instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1032 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1033 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1034 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1035 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1036 if (!write_instructions (to_remove, hFile, true))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1037 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1038 ERRORPRINTF ("Failed to write remove instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1039 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1040 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1041 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1042 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1043 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1044
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1045 return path;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1046 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1047
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1048 int
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1049 write_stores_nss (char to_install, char to_remove)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1050 {
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1051 wchar_t *selection_file_name = NULL;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1052
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1053 selection_file_name = write_selection_file (to_install, to_remove);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1054 if (!selection_file_name)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1055 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1056 ERRORPRINTF ("Failed to write instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1057 return -1;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1058 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1059
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1060 DEBUGPRINTF ("Wrote selection file. Loc: %S\n", selection_file_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1061
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	1062 if (is_elevated())
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	1063 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	1064 register_proccesses_for_others (selection_file_name);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	1065 }
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1066
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1067 if (!start_procces_for_user (selection_file_name))
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1068 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1069 ERRORPRINTF ("Failed to run NSS installation process.\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1070 xfree(selection_file_name);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1071 return -1;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1072 }
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1073 xfree(selection_file_name);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1074 return 0;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1075 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1076
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1077 #endif

Mercurial > trustbridge

annotate cinst/nssstore_win.c @ 831:747a48996c1f