trustbridge: cinst/nssstore

annotate cinst/nssstore_win.c @ 856:797aa8d9c785

(issue48) Fallback to HKEY_USERS on hive load failure If the hive can not be loaded it might mean that the user is currently logged on. In that case we can access his registry via HKEY_USERS.

author	Andre Heinecke <andre.heinecke@intevation.de>
date	Thu, 31 Jul 2014 12:56:26 +0200
parents	216a65d7fc4b
children	698b6a9bd75e

rev	line source
404 17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	3 *
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	6 * See LICENSE.txt for details.
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 392 diff changeset	7 */
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	8 #ifdef WIN32
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	9
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	10 /* @file
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	11 @brief Windows implementation of nssstore process control.
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	12
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	13 The windows process will write an instructions file for
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	14 the mozilla process into the current users temp directory
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	15 (%APPDATA%/Local/Temp/) and start the NSS installation process to
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	16 exectute those instructions. If the current process is elevated
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	17 the NSS process is run with a restricted token.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	18 The execution of the mozilla process is not monitored.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	19 You have to refer to the system log to check which certificates were
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	20 installed / removed by it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	21
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	22 If the installation process is running elevated it
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	23 will create the file in the ProgramData directory in
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	24 a subdirectory with the defined application name.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	25 %PROGRAMDATA%/$APPLICATION_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	26 with the file name:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	27 current_selection.txt
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	28 The folder will have restricted permissions so
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	29 that only Administrators are allowed to access it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	30
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	31 Additionally if this process is Elevated it also starts the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	32 NSS installation process in default profile mode once to change
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	33 the default NSS certificate databases for new profiles.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	34
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	35 The process then adds a new RunOnce registry key
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	36 for each user on the system that executes the NSS installation
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	37 process on login to make sure it is launched once in the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	38 security context of that user.
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	39 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	40
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	41 #include <windows.h>
824 a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	42 #include <winsafer.h>
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	43 #include <sddl.h>
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	44 #include <stdio.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	45 #include <stdbool.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	46 #include <userenv.h>
329 b1059360a0c7 Debugprintf with output debug string on windows. Andre Heinecke <aheinecke@intevation.de> parents: 324 diff changeset	47 #include <io.h>
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	48 #include <accctrl.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	49 #include <aclapi.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	50 #include <shlobj.h>
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	51
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	52 #include "logging.h"
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	53 #include "util.h"
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	54 #include "strhelp.h"
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	55
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	56 #ifndef APPNAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	57 #define APPNAME L"cinst"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	58 #endif
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	59
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	60 /*@def The name of the nss installation process /
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	61 #define NSS_APP_NAME L"mozilla.exe"
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	62
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	63 #ifndef SELECTION_FILE_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	64 #define SELECTION_FILE_NAME L"currently_selected.txt"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	65 #endif
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	66
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	67 /*@def The maximum time to wait for the NSS Process /
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	68 #define PROCESS_TIMEOUT 30000
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	69
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	70 /*@def The registry key to look for user profile directories /
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	71 #define PROFILE_LIST L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	72 #define RUNONCE_PATH L"Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	73
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	74 struct profile_key_path {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	75 char *sid;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	76 char *hive_path;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	77 struct profile_key_path *next;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	78 };
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	79
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	80 /**
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	81 * @brief combination of sid and hive path
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	82 */
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	83 typedef struct profile_key_path pkp_t;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	84
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	85 static void
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	86 pkp_t_free (pkp_t *item)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	87 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	88 if (!item)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	89 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	90 return;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	91 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	92 xfree (item->sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	93 xfree (item->hive_path);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	94 if (item->next)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	95 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	96 pkp_t_free (item->next);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	97 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	98 xfree (item);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	99 }
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	100
824 a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	101 /** @brief get a restricted access token to execute nss process
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	102 *
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	103 * This function uses the Software Restriction API to obtain the
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	104 * access token for a process run als normal user.
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	105 *
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	106 * @returns A restricted handle or NULL on error.
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	107 */
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	108 static HANDLE
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	109 get_restricted_token()
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	110 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	111 SAFER_LEVEL_HANDLE user_level = NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	112 HANDLE retval = NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	113 if (!SaferCreateLevel(SAFER_SCOPEID_USER,
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	114 SAFER_LEVELID_NORMALUSER,
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	115 SAFER_LEVEL_OPEN, &user_level, NULL))
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	116 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	117 PRINTLASTERROR ("Failed to create user level.\n");
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	118 return NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	119 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	120
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	121 if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL))
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	122 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	123 SaferCloseLevel(user_level);
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	124 return NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	125 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	126
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	127 return retval;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	128 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	129
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	130 /**@brief Write strv of instructions to a handle
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	131 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	132 * Writes the null terminated list of instructions to
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	133 * the handle.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	134 *
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	135 * @param [in] certificates base64 encoded der certificate to write
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	136 * @param [in] write_handle handle to write to
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	137 * @param [in] remove weather the certificate should be installed or removed
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	138 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	139 * @returns true on success, false on failure
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	140 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	141 static bool
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	142 write_instructions(char **certificates, HANDLE write_handle,
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	143 bool remove)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	144 {
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	145 bool retval = false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	146 int i = 0;
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	147 const char *line_end = "\r\n";
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	148 char *line_start = NULL;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	149
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	150 if (!certificates)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	151 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	152 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	153 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	154
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	155 line_start = remove ? "R:" : "I:";
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	156
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	157 for (i = 0; certificates[i]; i++)
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	158 {
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	159 DWORD written = 0;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	160 DWORD inst_len = strlen (certificates[i]);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	161 retval = WriteFile (write_handle, (LPCVOID) line_start, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	162 if (!retval)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	163 {
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	164 PRINTLASTERROR ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	165 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	166 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	167 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	168 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	169 ERRORPRINTF ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	170 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	171 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	172 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	173 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	174 retval = WriteFile (write_handle, (LPCVOID) certificates[i], inst_len, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	175 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	176 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	177 PRINTLASTERROR ("Failed to write certificate\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	178 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	179 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	180 if (inst_len != written)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	181 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	182 ERRORPRINTF ("Failed to write everything\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	183 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	184 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	185 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	186 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	187 retval = WriteFile (write_handle, (LPCVOID) line_end, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	188 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	189 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	190 PRINTLASTERROR ("Failed to write line end\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	191 return false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	192 }
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	193 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	194 {
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	195 ERRORPRINTF ("Failed to write full line end\n");
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	196 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	197 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	198 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	199 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	200 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	201 }
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	202 /**@brief Get the path to all users default registry hive
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	203 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	204 * Enumerates the keys in #PROFILE_LIST and retuns a
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	205 * list of their profile path / sid pairs with the utf-8 encoded paths to
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	206 * their suggestedregistry hive location.
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	207 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	208 * Users with an SID not starting with S-1-5-21- are ignored
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	209 * as is the current user.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	210 *
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	211 * The return value should be freed with pkp_t_free
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	212 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	213 * @returns a newly allocated strv of the paths to the registry hives or NULL
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	214 */
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	215 static pkp_t*
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	216 locate_other_hives()
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	217 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	218 HKEY profile_list = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	219 int ret = 0;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	220 DWORD index = 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	221 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	222 /* According to
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	223 http://msdn.microsoft.com/en-us/library/windows/desktop/ms724872%28v=vs.85%29.aspx
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	224 a registry key is limited to 255 characters. But according to
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	225 http://www.sepago.de/e/holger/2010/07/20/how-long-can-a-registry-key-name-really-be
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	226 the actual limit is 256 + \0 thus we create a buffer for 257 wchar_t's*/
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	227 wchar_t key_name[257],
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	228 *current_user_sid = NULL;
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	229 pkp_t *retval = NULL,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	230 *cur_item = NULL;
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	231 bool error = true;
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	232 PSID current_user = NULL;
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	233
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	234 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE, PROFILE_LIST, 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	235 KEY_READ, &profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	236 if (ret != ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	237 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	238 ERRORPRINTF ("Failed to open profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	239 return NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	240 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	241
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	242 /* Obtain the current user sid to prevent it from being returned. */
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	243 current_user = get_process_owner (GetCurrentProcess());
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	244
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	245 if (!current_user)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	246 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	247 ERRORPRINTF ("Failed to get the current user.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	248 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	249 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	250
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	251 if (!ConvertSidToStringSidW (current_user, &current_user_sid))
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	252 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	253 PRINTLASTERROR ("Failed to convert sid to string.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	254 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	255 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	256
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	257 while ((ret = RegEnumKeyExW (profile_list, index++,
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	258 key_name, &key_len,
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	259 NULL, NULL, NULL, NULL)) == ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	260 {
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	261 char *profile_path = NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	262 wchar_t *key_path = NULL;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	263 size_t key_path_len = 0,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	264 profile_path_len = 0;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	265
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	266 if (key_len == 257)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	267 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	268 ERRORPRINTF ("Registry key too long.");
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	269 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	270 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	271
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	272 /* Reset key_len to buffer size */
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	273 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	274
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	275 if (wcsncmp (L"S-1-5-21-", key_name, 9) != 0 \|\|
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	276 wcscmp (current_user_sid, key_name) == 0)
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	277 {
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	278 /* S-1-5-21 is the well known prefix for local users. Skip all
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	279 others and the current user*/
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	280 continue;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	281 }
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	282
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	283 key_path_len = key_len + wcslen(PROFILE_LIST L"\\") + 1;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	284 key_path = xmalloc (key_path_len * sizeof (wchar_t));
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	285
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	286 wcscpy_s (key_path, key_path_len, PROFILE_LIST L"\\");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	287 wcscat_s (key_path, key_path_len, key_name);
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	288 key_path[key_path_len - 1] = '\0';
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	289
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	290 DEBUGPRINTF ("Key : %S", key_name);
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	291 profile_path = read_registry_string (HKEY_LOCAL_MACHINE,
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	292 key_path, L"ProfileImagePath");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	293 xfree (key_path);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	294
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	295 if (profile_path == NULL)
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	296 {
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	297 ERRORPRINTF ("Failed to get profile path.");
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	298 continue;
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	299 }
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	300 profile_path_len = strlen (profile_path);
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	301 str_append_str (&profile_path, &profile_path_len, "\\ntuser.dat", 11);
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	302 if (retval == NULL)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	303 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	304 retval = xmalloc (sizeof (pkp_t));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	305 cur_item = retval;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	306 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	307 else
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	308 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	309 cur_item->next = xmalloc (sizeof(pkp_t));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	310 cur_item = cur_item->next;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	311 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	312 cur_item->hive_path = profile_path;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	313 cur_item->sid = wchar_to_utf8 (key_name, wcslen(key_name));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	314 cur_item->next = NULL;
674 f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	315
f1795a232418 Implement reading registry entries for other users. Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	316 DEBUGPRINTF ("Trying to access registry hive: %s", profile_path);
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	317 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	318
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	319 if (ret != ERROR_NO_MORE_ITEMS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	320 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	321 ERRORPRINTF ("Failed to enumeratre profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	322 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	323 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	324
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	325 error = false;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	326
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	327 done:
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	328 xfree (current_user);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	329
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	330 RegCloseKey (profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	331
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	332 if (current_user_sid)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	333 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	334 LocalFree (current_user_sid);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	335 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 668 diff changeset	336
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	337 if (error)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	338 {
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	339 pkp_t_free (retval);
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	340 retval = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	341 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	342
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	343 return retval;
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	344 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	345
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	346 /** @brief Build the command line for the NSS installation process
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	347 *
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	348 * Caller has to free the return value
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	349 *
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	350 * @param [in] selection_file the certificates to install
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	351 *
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	352 * @returns the command line to install the certificates. */
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	353 static wchar_t*
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	354 get_command_line(wchar_t *selection_file)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	355 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	356 LPWSTR retval;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	357 char *install_dir = get_install_dir();
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	358 wchar_t *w_inst_dir;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	359 size_t cmd_line_len = 0;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	360
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	361 if (install_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	362 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	363 ERRORPRINTF ("Failed to get installation directory");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	364 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	365 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	366
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	367 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	368 xfree (install_dir);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	369
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	370 if (w_inst_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	371 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	372 ERRORPRINTF ("Failed to convert installation directory");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	373 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	374 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	375
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	376 /* installdir + dirsep + quotes + process name + space + quotes + selection_file
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	377 + NULL */
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	378 cmd_line_len = wcslen (w_inst_dir) + 1 + 2 + wcslen (NSS_APP_NAME) +
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	379 + 1 + 2 + wcslen(selection_file) + 1;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	380 retval = xmalloc (cmd_line_len * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	381
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	382 wcscpy_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	383 wcscat_s (retval, cmd_line_len, w_inst_dir);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	384 wcscat_s (retval, cmd_line_len, L"\\");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	385 wcscat_s (retval, cmd_line_len, NSS_APP_NAME);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	386 wcscat_s (retval, cmd_line_len, L"\" \"");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	387 wcscat_s (retval, cmd_line_len, selection_file);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	388 wcscat_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	389
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	390 return retval;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	391 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	392
676 cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	393 /** @brief Increase the privileges of the current token to allow registry access
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	394 *
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	395 * To load another users registry you need SE_BACKUP_NAME and SE_RESTORE_NAME
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	396 * privileges. Normally if we are running elevated we can obtain them.
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	397 *
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	398 * @returns true if the privileges could be obtained. False otherwise
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	399 */
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	400 static bool
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	401 get_backup_restore_priv()
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	402 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	403 HANDLE hToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	404 PTOKEN_PRIVILEGES psToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	405 DWORD token_size = 0,
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	406 dwI = 0,
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	407 token_size_new = 0,
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	408 privilege_size = 128;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	409 char privilege_name[128];
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	410 bool retval = false;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	411 bool backup_found = false;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	412 bool restore_found = false;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	413
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	414
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	415 if (!OpenProcessToken (GetCurrentProcess(),
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	416 TOKEN_ADJUST_PRIVILEGES \| TOKEN_QUERY, &hToken))
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	417 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	418 PRINTLASTERROR ("Failed to get process token.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	419 return false;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	420 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	421
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	422 /* Get the size for the token */
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	423 GetTokenInformation (hToken, TokenPrivileges, NULL, 0, &token_size);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	424 if (token_size == 0)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	425 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	426 PRINTLASTERROR ("Failed to get token size.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	427 goto done;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	428 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	429
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	430 psToken = xmalloc(token_size);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	431
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	432 if (!GetTokenInformation (hToken, TokenPrivileges, psToken, token_size, &token_size_new))
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	433 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	434 PRINTLASTERROR ("Failed to get token information.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	435 goto done;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	436 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	437
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	438 if (token_size != token_size_new)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	439 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	440 ERRORPRINTF ("Size changed.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	441 goto done;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	442 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	443
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	444 for(dwI = 0; dwI < psToken->PrivilegeCount; dwI++)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	445 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	446 privilege_size = sizeof (privilege_name);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	447 if (!LookupPrivilegeNameA (NULL, &psToken->Privileges[dwI].Luid,
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	448 privilege_name, &privilege_size))
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	449 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	450 PRINTLASTERROR ("Failed to lookup privilege name");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	451 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	452
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	453 if(strcmp(privilege_name, "SeRestorePrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	454 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	455 psToken->Privileges[dwI].Attributes \|= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	456 restore_found = true;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	457 continue;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	458 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	459 if(strcmp(privilege_name, "SeBackupPrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	460 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	461 psToken->Privileges[dwI].Attributes \|= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	462 backup_found = true;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	463 continue;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	464 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	465 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	466 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	467 break;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	468 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	469 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	470
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	471 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	472 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	473 if(!AdjustTokenPrivileges (hToken, 0, psToken, token_size, NULL, NULL))
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	474 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	475 PRINTLASTERROR ("Failed to adjust token privileges.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	476 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	477 else
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	478 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	479 retval = true;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	480 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	481 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	482
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	483 done:
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	484 if (hToken != NULL)
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	485 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	486 CloseHandle(hToken);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	487 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	488 xfree(psToken);
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	489 return retval;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	490 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	491
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	492 /**@brief Register NSS process as runOnce for other users
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	493 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	494 * Loads the registry hives of other users on the system and
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	495 * adds a RunOnce registry key to start the NSS process to
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	496 * install the current selection on their next login.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	497 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	498 * This should avoid conflicts with their firefox / thunderbird
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	499 * while making the certificates available for their applications.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	500 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	501 * This function needs SE_BACKUP_NAME and SE_RESTORE_NAME
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	502 * privileges.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	503 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	504 * @param [in] selection_file filename of the file containing
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	505 * the users install / remove selection.
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	506 */
676 cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	507 static void
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	508 register_proccesses_for_others (wchar_t *selection_file)
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	509 {
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	510 pkp_t *pkplist = locate_other_hives(),
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	511 *cur = NULL;
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	512 wchar_t *run_command = NULL;
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	513
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	514 if (pkplist == NULL)
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	515 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	516 DEBUGPRINTF ("No hives found.");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	517 return;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	518 }
676 cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	519
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	520 if (!get_backup_restore_priv())
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	521 {
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	522 ERRORPRINTF ("Failed to obtain backup / restore privileges.");
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	523 return;
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	524 }
cb40af11ec3a Obtain privileges required for registry modification Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	525
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	526 run_command = get_command_line (selection_file);
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	527 for (cur = pkplist; cur != NULL; cur = cur->next)
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	528 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	529 LONG ret = 0;
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	530 wchar_t *hivepath = utf8_to_wchar (cur->hive_path, strlen(cur->hive_path));
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	531 HKEY key_handle = NULL;
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	532 bool key_loaded = false;
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	533
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	534 if (hivepath == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	535 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	536 ERRORPRINTF ("Failed to read hive path");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	537 continue;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	538 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	539 ret = RegLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive", hivepath);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	540
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	541 xfree (hivepath);
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	542 hivepath = NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	543
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	544 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	545 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	546 /* This is somewhat expected if the registry is not located
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	547 in the standard location or already loaded. Try to access
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	548 the loaded registry in that case*/
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	549 wchar_t *user_key = NULL,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	550 *w_sid = NULL;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	551 size_t user_key_len = 0;
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	552
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	553 SetLastError((DWORD)ret);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	554 PRINTLASTERROR ("Failed to load hive. Trying to access already loaded hive.");
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	555
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	556 w_sid = utf8_to_wchar (cur->sid, strlen(cur->sid));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	557 if (!w_sid)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	558 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	559 ERRORPRINTF ("Failed to read sid.");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	560 continue;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	561 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	562 user_key_len = wcslen (L"\\" RUNONCE_PATH) + wcslen(w_sid) + 1;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	563 user_key = xmalloc (user_key_len * sizeof (wchar_t));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	564 wcscpy_s (user_key, user_key_len, w_sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	565 wcscat_s (user_key, user_key_len, L"\\" RUNONCE_PATH);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	566 user_key[user_key_len - 1] = '\0';
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	567 xfree (w_sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	568 w_sid = NULL;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	569
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	570 ret = RegOpenKeyExW (HKEY_USERS,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	571 user_key,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	572 0,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	573 KEY_WRITE,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	574 &key_handle);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	575 xfree (user_key);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	576 if (ret != ERROR_SUCCESS)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	577 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	578 ERRORPRINTF ("Failed to find RunOnce key for sid: %s in HKEY_USERS.", cur->sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	579 continue;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	580 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	581 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	582 else
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	583 {
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	584 key_loaded = true;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	585 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	586 APPNAME L"_tmphive\\" RUNONCE_PATH,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	587 0,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	588 KEY_WRITE,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	589 &key_handle);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	590
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	591 if (ret != ERROR_SUCCESS)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	592 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	593 ERRORPRINTF ("Failed to find RunOnce key in other registry.");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	594 RegUnLoadKey (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	595 continue;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	596 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	597
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	598 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	599
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	600 ret = RegSetValueExW (key_handle, APPNAME, 0, REG_SZ, (LPBYTE) run_command,
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	601 (wcslen(run_command) + 1) * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	602
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	603 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	604 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	605 ERRORPRINTF ("Failed to write RunOnce key.");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	606 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	607
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	608 RegCloseKey (key_handle);
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	609 if (key_loaded)
677 85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	610 {
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	611 ret = RegUnLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	612 if (ret != ERROR_SUCCESS)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	613 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	614 SetLastError ((DWORD)ret);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	615 PRINTLASTERROR ("Failed to unload hive.");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	616 }
677 85c5aa9aba2b Improve error handling and use unicode function for unload Andre Heinecke <andre.heinecke@intevation.de> parents: 676 diff changeset	617 }
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	618 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	619
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	620 xfree (run_command);
856 797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	621 pkp_t_free (pkplist);
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	622 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	623
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	624 /**@brief Start the process to install / remove
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	625 *
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	626 * Starts the NSS installation process for the current user
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	627 *
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	628 * @param [in] selection_file filename of the file containing
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	629 * the users install / remove selection.
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	630 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	631 * @returns true on success, false on error.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	632 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	633 static bool
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	634 start_procces_for_user (wchar_t *selection_file)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	635 {
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	636 HANDLE hToken = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	637 LPWSTR lpApplicationPath = NULL,
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	638 lpCommandLine = NULL;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	639 PROCESS_INFORMATION piProcInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	640 STARTUPINFOW siStartInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	641 BOOL success = FALSE;
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	642 char *install_dir = get_install_dir();
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	643 wchar_t *w_inst_dir;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	644 size_t w_path_len = 0;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	645
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	646 if (!selection_file)
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	647 {
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	648 ERRORPRINTF ("Invalid call\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	649 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	650 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	651
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	652 /* Set up the application path. It's installdir + NSS_APP_NAME */
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	653 if (install_dir == NULL)
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	654 {
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	655 ERRORPRINTF ("Failed to get installation directory");
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	656 return FALSE;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	657 }
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	658
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	659 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	660 xfree (install_dir);
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	661 install_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	662
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	663 w_path_len = wcslen(w_inst_dir) + wcslen(L"\\" NSS_APP_NAME) + 1;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	664 lpApplicationPath = xmalloc(w_path_len * sizeof (wchar_t));
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	665 wcscpy_s (lpApplicationPath, w_path_len, w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	666 xfree (w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	667 w_inst_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	668 wcscat_s (lpApplicationPath, w_path_len, L"\\" NSS_APP_NAME);
24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	669
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	670 /* set up handles. stdin and stdout go to the same stdout*/
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	671 siStartInfo.cb = sizeof (STARTUPINFO);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	672
824 a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	673 if (is_elevated())
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	674 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	675 /* Start the child process as normal user */
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	676 hToken = get_restricted_token ();
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	677 if (hToken == NULL)
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	678 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	679 ERRORPRINTF ("Failed to get user level token.");
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	680 return false;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	681 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	682 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process. Andre Heinecke <andre.heinecke@intevation.de> parents: 677 diff changeset	683 else if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	684 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	685 PRINTLASTERROR("Failed to get current handle.");
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	686 xfree (lpApplicationPath);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	687 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	688 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	689
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	690 lpCommandLine = get_command_line (selection_file);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	691
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	692 if (lpCommandLine == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	693 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	694 ERRORPRINTF ("Failed to build command line.");
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	695 xfree (lpApplicationPath);
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	696 return false;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 674 diff changeset	697 }
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	698
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	699 DEBUGPRINTF ("Starting %S with command line %S\n", lpApplicationPath, lpCommandLine);
392 8090a1bc1b5b Add a space in the command line Andre Heinecke <andre.heinecke@intevation.de> parents: 391 diff changeset	700
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	701 success = CreateProcessAsUserW (hToken,
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	702 lpApplicationPath,
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	703 lpCommandLine, /* Commandline */
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	704 NULL, /* Process attributes. Take hToken */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	705 NULL, /* Thread attribues. Take hToken */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	706 FALSE, /* Inherit Handles */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	707 0, /* Creation flags. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	708 NULL, /* Inherit environment */
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	709 NULL, /* Current working directory */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	710 &siStartInfo,
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	711 &piProcInfo);
825 24e1e47e2d1a Start NSS process only from the current installation directory Andre Heinecke <andre.heinecke@intevation.de> parents: 824 diff changeset	712 xfree (lpApplicationPath);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	713 xfree (lpCommandLine);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	714 if (!success)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	715 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	716 PRINTLASTERROR ("Failed to create process.\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	717 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	718 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	719
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	720 if (WaitForSingleObject (piProcInfo.hProcess, PROCESS_TIMEOUT) != WAIT_OBJECT_0)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	721 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	722 /* Should not happen... */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	723 ERRORPRINTF ("Failed to wait for process.\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	724 if (piProcInfo.hProcess)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	725 CloseHandle (piProcInfo.hProcess);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	726 if (piProcInfo.hThread)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	727 CloseHandle (piProcInfo.hThread);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	728 return false;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	729 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	730 if (piProcInfo.hProcess)
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	731 CloseHandle (piProcInfo.hProcess);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	732 if (piProcInfo.hThread)
330 1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written Andre Heinecke <aheinecke@intevation.de> parents: 329 diff changeset	733 CloseHandle (piProcInfo.hThread);
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	734 return true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	735 }
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	736
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	737 /**@brief Create a directory with restricted access rights
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	738 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	739 * This creates a security attributes structure that restricts
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	740 * write access to the Administrators group but allows everyone to read files
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	741 * in that directory.
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	742 * Basically a very complicated version of mkdir path -m 644
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	743 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	744 * If the directory exists the permissions of that directory are checked if
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	745 * they are acceptable and true or false is returned accordingly.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	746 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	747 * Code based on msdn example:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	748 * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	749 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	750 * @param[in] path Path of the directory to create
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	751 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	752 * @returns true on success of if the directory exists, false on error
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	753 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	754 bool
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	755 create_restricted_directory (LPWSTR path)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	756 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	757 bool retval = false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	758 PSID everyone_SID = NULL,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	759 admin_SID = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	760 PACL access_control_list = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	761 PSECURITY_DESCRIPTOR descriptor = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	762 EXPLICIT_ACCESS explicit_access[2];
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	763 SID_IDENTIFIER_AUTHORITY world_identifier = {SECURITY_WORLD_SID_AUTHORITY},
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	764 admin_identifier = {SECURITY_NT_AUTHORITY};
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	765 SECURITY_ATTRIBUTES security_attributes;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	766
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	767 ZeroMemory(&security_attributes, sizeof(security_attributes));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	768 ZeroMemory(&explicit_access, 2 * sizeof(EXPLICIT_ACCESS));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	769
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	770 /* Create a well-known SID for the Everyone group. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	771 if(!AllocateAndInitializeSid(&world_identifier, /* top-level identifier */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	772 1, /* subauthorties count */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	773 SECURITY_WORLD_RID, /* Only one authority */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	774 0, 0, 0, 0, 0, 0, 0, /* No other authorities*/
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	775 &everyone_SID))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	776 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	777 PRINTLASTERROR ("Failed to allocate world sid.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	778 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	779 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	780
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	781 /* Initialize the first EXPLICIT_ACCESS structure for an ACE.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	782 to allow everyone read access */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	783 explicit_access[0].grfAccessPermissions = GENERIC_READ; /* Give read access */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	784 explicit_access[0].grfAccessMode = SET_ACCESS; /* Overwrite other access for all users */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	785 explicit_access[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; /* make it stick */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	786 explicit_access[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	787 explicit_access[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	788 explicit_access[0].Trustee.ptstrName = (LPTSTR) everyone_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	789
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	790 /* Create the SID for the BUILTIN\Administrators group. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	791 if(!AllocateAndInitializeSid(&admin_identifier,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	792 2,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	793 SECURITY_BUILTIN_DOMAIN_RID, /BUILTIN\ /
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	794 DOMAIN_ALIAS_RID_ADMINS, /\Administrators /
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	795 0, 0, 0, 0, 0, 0, /* No other */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	796 &admin_SID))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	797 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	798 PRINTLASTERROR ("Failed to allocate admin sid.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	799 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	800 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	801
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	802 /* explicit_access[1] grants admins full rights for this object and inherits
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	803 it to the children */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	804 explicit_access[1].grfAccessPermissions = GENERIC_ALL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	805 explicit_access[1].grfAccessMode = SET_ACCESS;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	806 explicit_access[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	807 explicit_access[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	808 explicit_access[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	809 explicit_access[1].Trustee.ptstrName = (LPTSTR) admin_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	810
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	811 /* Set up the ACL structure. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	812 if (ERROR_SUCCESS != SetEntriesInAcl(2, explicit_access, NULL, &access_control_list))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	813 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	814 PRINTLASTERROR ("Failed to set up Acl.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	815 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	816 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	817
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	818 /* Initialize a security descriptor */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	819 descriptor = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	820 SECURITY_DESCRIPTOR_MIN_LENGTH);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	821 if (descriptor == NULL)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	822 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	823 PRINTLASTERROR("Failed to allocate descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	824 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	825 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	826
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	827 if (!InitializeSecurityDescriptor(descriptor,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	828 SECURITY_DESCRIPTOR_REVISION))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	829 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	830 PRINTLASTERROR("Failed to initialize descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	831 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	832 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	833
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	834 /* Now we add the ACL to the the descriptor */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	835 if (!SetSecurityDescriptorDacl(descriptor,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	836 TRUE, /* bDaclPresent flag */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	837 access_control_list,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	838 FALSE)) /* not a default DACL */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	839 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	840 PRINTLASTERROR("Failed to set security descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	841 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	842 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	843
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	844 /* Finally set up the security attributes structure */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	845 security_attributes.nLength = sizeof (SECURITY_ATTRIBUTES);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	846 security_attributes.lpSecurityDescriptor = descriptor;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	847 security_attributes.bInheritHandle = FALSE;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	848
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	849 /* Use the security attributes to create the directory */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	850 if (!CreateDirectoryW(path, &security_attributes))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	851 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	852 DWORD err = GetLastError();
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	853 if (err == ERROR_ALREADY_EXISTS)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	854 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	855 /* Verify that the directory has the correct rights */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	856 // TODO
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	857 retval = true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	858 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	859 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	860 ERRORPRINTF ("Failed to create directory. Err: %lu", err);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	861 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	862 retval = true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	863
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	864 done:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	865
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	866 if (everyone_SID)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	867 FreeSid(everyone_SID);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	868 if (admin_SID)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	869 FreeSid(admin_SID);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	870 if (access_control_list)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	871 LocalFree(access_control_list);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	872 if (descriptor)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	873 LocalFree(descriptor);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	874
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	875 return retval;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	876 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	877
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	878 /**@brief Writes the selection file containing the instructions
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	879 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	880 * If the process is running elevated the instructions are
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	881 * written to the global ProgramData directory otherwise
826 4aa33c408776 Remove TODO windows gracefully handles the case where the data directory is not accessible. Andre Heinecke <andre.heinecke@intevation.de> parents: 825 diff changeset	882 * they are written in the directory of the current user.
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	883 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	884 * If the return value is not NULL it needs to be freed by the caller.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	885 * The returned path will contain backslashes as directory seperators.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	886 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	887 * @param[in] to_install Certificates that should be installed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	888 * @param[in] to_remove Certificates that should be removed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	889 * @returns pointer to the absolute filename of the selection file or NULL
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	890 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	891 wchar_t *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	892 write_selection_file (char to_install, char to_remove)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	893 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	894 wchar_t *folder_name = NULL,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	895 *path = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	896 HRESULT result = E_FAIL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	897 HANDLE hFile = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	898 size_t path_len;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	899
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	900 result = SHGetKnownFolderPath (&FOLDERID_ProgramData, /* Get program data dir */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	901 KF_FLAG_CREATE \| /* Create if it does not exist */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	902 KF_FLAG_INIT, /* Initialize it if created */
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	903 INVALID_HANDLE_VALUE, /* Get it for the default user */
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	904 &folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	905
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	906 if (result != S_OK)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	907 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	908 PRINTLASTERROR ("Failed to get folder path");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	909 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	910 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	911
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	912 path_len = wcslen (folder_name) + wcslen (APPNAME) + 2; /* path + dirsep + \0 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	913 path_len += wcslen (SELECTION_FILE_NAME) + 1; /* filename + dirsep */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	914
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	915 if (path_len >= MAX_PATH)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	916 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	917 /* We could go and use the full 32,767 characters but this
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	918 should be a very weird setup if this is neccessary. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	919 ERRORPRINTF ("Path too long.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	920 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	921 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	922
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	923 path = xmalloc (path_len * sizeof (wchar_t));
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	924 if (wcscpy_s (path, path_len, folder_name) != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	925 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	926 ERRORPRINTF ("Failed to copy folder name.\n");
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	927
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	928 CoTaskMemFree (folder_name);
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	929
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	930 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	931 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	932
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	933 CoTaskMemFree (folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	934
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	935 if (wcscat_s (path, path_len, L"\\") != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	936 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	937 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	938 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	939 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	940 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	941
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	942 if (wcscat_s (path, path_len, APPNAME) != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	943 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	944 ERRORPRINTF ("Failed to cat appname.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	945 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	946 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	947 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	948
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	949 /* Security: if someone has created this directory before
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	950 it might be a symlink to another place that a users
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	951 wants us to grant read access to or makes us overwrite
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	952 something */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	953 if(!create_restricted_directory (path))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	954 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	955 ERRORPRINTF ("Failed to create directory\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	956 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	957 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	958 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	959
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	960 if (wcscat_s (path, path_len, L"\\") != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	961 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	962 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	963 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	964 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	965 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	966
363 d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need Andre Heinecke <aheinecke@intevation.de> parents: 360 diff changeset	967 if (wcscat_s (path, path_len, SELECTION_FILE_NAME) != 0)
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	968 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	969 ERRORPRINTF ("Failed to cat filename.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	970 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	971 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	972 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	973
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	974 hFile = CreateFileW(path,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	975 GENERIC_WRITE,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	976 0, /* don't share */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	977 NULL, /* use the security attributes from the folder */
489 a9da8e4eeff7 Fix instruction writing for Windows. Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	978 OPEN_ALWAYS \| TRUNCATE_EXISTING,
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	979 0,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	980 NULL);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	981
502 e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	982 if (hFile == INVALID_HANDLE_VALUE && GetLastError() == ERROR_FILE_NOT_FOUND)
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	983 {
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	984 hFile = CreateFileW(path,
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	985 GENERIC_WRITE,
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	986 0, /* don't share */
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	987 NULL, /* use the security attributes from the folder */
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	988 CREATE_NEW,
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	989 0,
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	990 NULL);
e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	991 }
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	992 if (hFile == INVALID_HANDLE_VALUE)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	993 {
502 e551de11d8b6 Properly handle the case that the file does not exist. Andre Heinecke <aheinecke@intevation.de> parents: 489 diff changeset	994 PRINTLASTERROR ("Failed to create file\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	995 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	996 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	997 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	998 if (!write_instructions (to_install, hFile, false))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	999 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1000 ERRORPRINTF ("Failed to write install instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1001 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1002 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1003 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1004 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1005 if (!write_instructions (to_remove, hFile, true))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1006 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1007 ERRORPRINTF ("Failed to write remove instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1008 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1009 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1010 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1011 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1012 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1013
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1014 return path;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1015 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1016
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1017 int
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1018 write_stores_nss (char to_install, char to_remove)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1019 {
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1020 wchar_t *selection_file_name = NULL;
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1021
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1022 selection_file_name = write_selection_file (to_install, to_remove);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1023 if (!selection_file_name)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1024 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1025 ERRORPRINTF ("Failed to write instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1026 return -1;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1027 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1028
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1029 DEBUGPRINTF ("Wrote selection file. Loc: %S\n", selection_file_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1030
668 ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	1031 if (is_elevated())
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	1032 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	1033 register_proccesses_for_others (selection_file_name);
ef6d3dc9e930 Framework for NSS multiuser installation on windows Andre Heinecke <andre.heinecke@intevation.de> parents: 665 diff changeset	1034 }
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1035
c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1036 if (!start_procces_for_user (selection_file_name))
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1037 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1038 ERRORPRINTF ("Failed to run NSS installation process.\n");
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1039 xfree(selection_file_name);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1040 return -1;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1041 }
360 c0eac5c8c245 Keep working on nssstore_win and clarify its specification Andre Heinecke <andre.heinecke@intevation.de> parents: 330 diff changeset	1042 xfree(selection_file_name);
324 eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1043 return 0;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1044 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1045
eff8e7ce4dae Add first compiling implementation of nssstore_win.c Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1046 #endif

Mercurial > trustbridge

annotate cinst/nssstore_win.c @ 856:797aa8d9c785