annotate cinst/nssstore_win.c @ 1250:7ea3a4c0e2ae

This should be serious software.
author Andre Heinecke <andre.heinecke@intevation.de>
date Thu, 25 Sep 2014 15:53:49 +0200
parents d4b24df4eed1
children 845048d4a69f
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
7 */
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #ifdef WIN32
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
10 /* @file
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
11 @brief Windows implementation of nssstore process control.
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
12
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
13 The windows process will write an instructions file for
1175
e210ecc32d69 (issue128) Rename mozilla process to trustbridge-nss-installer
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
14 the nss-installer process into the current users temp directory
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
15 (%APPDATA%/Local/Temp/) and start the NSS installation process to
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
16 exectute those instructions. If the current process is elevated
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
17 the NSS process is run with a restricted token.
1175
e210ecc32d69 (issue128) Rename mozilla process to trustbridge-nss-installer
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
18 The execution of the nss-installer process is not monitored.
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
19 You have to refer to the system log to check which certificates were
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
20 installed / removed by it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
21
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
22 If the installation process is running elevated it
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
23 will create the file in the ProgramData directory in
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
24 a subdirectory with the defined application name.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
25 %PROGRAMDATA%/$APPLICATION_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
26 with the file name:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
27 current_selection.txt
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
28 The folder will have restricted permissions so
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
29 that only Administrators are allowed to access it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
30
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
31 Additionally if this process is Elevated it also starts the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
32 NSS installation process in default profile mode once to change
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
33 the default NSS certificate databases for new profiles.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
34
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
35 The process then adds a new RunOnce registry key
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
36 for each user on the system that executes the NSS installation
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
37 process on login to make sure it is launched once in the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
38 security context of that user.
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
39 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
40
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
41 #include <windows.h>
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
42 #include <sddl.h>
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
43 #include <stdio.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
44 #include <stdbool.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
45 #include <userenv.h>
329
b1059360a0c7 Debugprintf with output debug string on windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 324
diff changeset
46 #include <io.h>
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
47 #include <accctrl.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
48 #include <aclapi.h>
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
49
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
50 #include "logging.h"
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
51 #include "util.h"
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
52 #include "strhelp.h"
1084
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
53 #include "binverify.h"
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
54
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
55 #ifndef APPNAME
1176
c8f698ca6355 (issue128) Rename cinst to trustbridge-certificate-installer
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1175
diff changeset
56 #define APPNAME L"trustbridge-certificate-installer"
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
57 #endif
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
58
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
59 /**@def The name of the nss installation process */
1175
e210ecc32d69 (issue128) Rename mozilla process to trustbridge-nss-installer
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
60 #define NSS_APP_NAME L"trustbridge-nss-installer.exe"
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
61
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
62 #ifndef SELECTION_FILE_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
63 #define SELECTION_FILE_NAME L"currently_selected.txt"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
64 #endif
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
65
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
66 /**@def The maximum time to wait for the NSS Process */
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
67 #define PROCESS_TIMEOUT 30000
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
68
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
69 /**@def The registry key to look for user profile directories */
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
70 #define PROFILE_LIST L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
71 #define RUNONCE_PATH L"Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
72
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
73 struct profile_key_path
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
74 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
75 char *sid;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
76 char *hive_path;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
77 struct profile_key_path *next;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
78 };
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
79
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
80 /**
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
81 * @brief combination of sid and hive path
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
82 */
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
83 typedef struct profile_key_path pkp_t;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
84
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
85 static void
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
86 pkp_t_free (pkp_t *item)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
87 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
88 if (!item)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
89 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
90 return;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
91 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
92 xfree (item->sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
93 xfree (item->hive_path);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
94 if (item->next)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
95 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
96 pkp_t_free (item->next);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
97 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
98 xfree (item);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
99 }
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
100
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
101 /**@brief Write strv of instructions to a handle
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
102 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
103 * Writes the null terminated list of instructions to
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
104 * the handle.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
105 *
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
106 * @param [in] certificates base64 encoded der certificate to write
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
107 * @param [in] write_handle handle to write to
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
108 * @param [in] remove weather the certificate should be installed or removed
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
109 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
110 * @returns true on success, false on failure
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
111 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
112 static bool
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
113 write_instructions(char **certificates, HANDLE write_handle,
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
114 bool remove)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
115 {
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
116 bool retval = false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
117 int i = 0;
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
118 const char *line_end = "\r\n";
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
119 char *line_start = NULL;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
120
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
121 if (!certificates)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
122 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
123 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
124 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
125
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
126 line_start = remove ? "R:" : "I:";
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
127
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
128 for (i = 0; certificates[i]; i++)
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
129 {
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
130 DWORD written = 0;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
131 DWORD inst_len = strlen (certificates[i]);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
132 retval = WriteFile (write_handle, (LPCVOID) line_start, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
133 if (!retval)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
134 {
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
135 PRINTLASTERROR ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
136 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
137 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
138 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
139 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
140 ERRORPRINTF ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
141 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
142 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
143 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
144 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
145 retval = WriteFile (write_handle, (LPCVOID) certificates[i], inst_len, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
146 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
147 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
148 PRINTLASTERROR ("Failed to write certificate\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
149 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
150 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
151 if (inst_len != written)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
152 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
153 ERRORPRINTF ("Failed to write everything\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
154 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
155 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
156 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
157 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
158 retval = WriteFile (write_handle, (LPCVOID) line_end, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
159 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
160 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
161 PRINTLASTERROR ("Failed to write line end\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
162 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
163 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
164 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
165 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
166 ERRORPRINTF ("Failed to write full line end\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
167 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
168 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
169 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
170 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
171 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
172 }
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
173 /**@brief Get the path to all users default registry hive
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
174 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
175 * Enumerates the keys in #PROFILE_LIST and retuns a
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
176 * list of their profile path / sid pairs with the utf-8 encoded paths to
1247
d4b24df4eed1 Doc: fix typo
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
177 * their suggested registry hive location.
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
178 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
179 * Users with an SID not starting with S-1-5-21- are ignored
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
180 * as is the current user.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
181 *
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
182 * The return value should be freed with pkp_t_free
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
183 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
184 * @returns a newly allocated strv of the paths to the registry hives or NULL
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
185 */
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
186 static pkp_t*
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
187 locate_other_hives()
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
188 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
189 HKEY profile_list = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
190 int ret = 0;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
191 DWORD index = 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
192 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
193 /* According to
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
194 http://msdn.microsoft.com/en-us/library/windows/desktop/ms724872%28v=vs.85%29.aspx
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
195 a registry key is limited to 255 characters. But according to
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
196 http://www.sepago.de/e/holger/2010/07/20/how-long-can-a-registry-key-name-really-be
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
197 the actual limit is 256 + \0 thus we create a buffer for 257 wchar_t's*/
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
198 wchar_t key_name[257],
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
199 *current_user_sid = NULL;
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
200 pkp_t *retval = NULL,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
201 *cur_item = NULL;
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
202 bool error = true;
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
203 PSID current_user = NULL;
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
204
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
205 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE, PROFILE_LIST, 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
206 KEY_READ, &profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
207 if (ret != ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
208 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
209 ERRORPRINTF ("Failed to open profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
210 return NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
211 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
212
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
213 /* Obtain the current user sid to prevent it from being returned. */
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
214 current_user = get_process_owner (GetCurrentProcess());
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
215
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
216 if (!current_user)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
217 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
218 ERRORPRINTF ("Failed to get the current user.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
219 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
220 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
221
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
222 if (!ConvertSidToStringSidW (current_user, &current_user_sid))
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
223 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
224 PRINTLASTERROR ("Failed to convert sid to string.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
225 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
226 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
227
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
228 while ((ret = RegEnumKeyExW (profile_list, index++,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
229 key_name, &key_len,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
230 NULL, NULL, NULL, NULL)) == ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
231 {
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
232 char *profile_path = NULL;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
233 wchar_t *key_path = NULL;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
234 size_t key_path_len = 0,
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
235 profile_path_len = 0;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
236
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
237 if (key_len == 257)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
238 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
239 ERRORPRINTF ("Registry key too long.");
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
240 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
241 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
242
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
243 /* Reset key_len to buffer size */
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
244 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
245
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
246 if (wcsncmp (L"S-1-5-21-", key_name, 9) != 0 ||
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
247 wcscmp (current_user_sid, key_name) == 0)
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
248 {
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
249 /* S-1-5-21 is the well known prefix for local users. Skip all
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
250 others and the current user*/
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
251 continue;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
252 }
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
253
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
254 key_path_len = key_len + wcslen(PROFILE_LIST L"\\") + 1;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
255 key_path = xmalloc (key_path_len * sizeof (wchar_t));
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
256
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
257 wcscpy_s (key_path, key_path_len, PROFILE_LIST L"\\");
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
258 wcscat_s (key_path, key_path_len, key_name);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
259 key_path[key_path_len - 1] = '\0';
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
260
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
261 DEBUGPRINTF ("Key : %S", key_name);
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
262 profile_path = read_registry_string (HKEY_LOCAL_MACHINE,
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
263 key_path, L"ProfileImagePath");
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
264 xfree (key_path);
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
265
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
266 if (profile_path == NULL)
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
267 {
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
268 ERRORPRINTF ("Failed to get profile path.");
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
269 continue;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
270 }
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
271 profile_path_len = strlen (profile_path);
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
272 str_append_str (&profile_path, &profile_path_len, "\\ntuser.dat", 11);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
273 if (retval == NULL)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
274 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
275 retval = xmalloc (sizeof (pkp_t));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
276 cur_item = retval;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
277 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
278 else
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
279 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
280 cur_item->next = xmalloc (sizeof(pkp_t));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
281 cur_item = cur_item->next;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
282 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
283 cur_item->hive_path = profile_path;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
284 cur_item->sid = wchar_to_utf8 (key_name, wcslen(key_name));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
285 cur_item->next = NULL;
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
286
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
287 DEBUGPRINTF ("Trying to access registry hive: %s", profile_path);
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
288 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
289
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
290 if (ret != ERROR_NO_MORE_ITEMS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
291 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
292 ERRORPRINTF ("Failed to enumeratre profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
293 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
294 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
295
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
296 error = false;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
297
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
298 done:
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
299 xfree (current_user);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
300
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
301 RegCloseKey (profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
302
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
303 if (current_user_sid)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
304 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
305 LocalFree (current_user_sid);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
306 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
307
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
308 if (error)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
309 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
310 pkp_t_free (retval);
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
311 retval = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
312 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
313
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
314 return retval;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
315 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
316
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
317 /** @brief Build the command line for the NSS installation process
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
318 *
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
319 * Caller has to free the return value
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
320 *
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
321 * @param [in] selection_file the certificates to install
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
322 *
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
323 * @returns the command line to install the certificates. */
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
324 static wchar_t*
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
325 get_command_line(wchar_t *selection_file)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
326 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
327 LPWSTR retval;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
328 char *install_dir = get_install_dir();
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
329 wchar_t *w_inst_dir;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
330 size_t cmd_line_len = 0;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
331
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
332 if (install_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
333 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
334 ERRORPRINTF ("Failed to get installation directory");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
335 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
336 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
337
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
338 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
339 xfree (install_dir);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
340
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
341 if (w_inst_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
342 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
343 ERRORPRINTF ("Failed to convert installation directory");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
344 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
345 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
346
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
347 /* installdir + dirsep + quotes + process name + space + quotes + selection_file
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
348 + NULL */
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
349 cmd_line_len = wcslen (w_inst_dir) + 1 + 2 + wcslen (NSS_APP_NAME) +
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
350 + 1 + 2 + wcslen(selection_file) + 1;
1060
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
351 if (g_debug)
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
352 {
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
353 /* Add space for whitespace and --debug*/
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
354 cmd_line_len += 8;
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
355 }
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
356 retval = xmalloc (cmd_line_len * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
357
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
358 wcscpy_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
359 wcscat_s (retval, cmd_line_len, w_inst_dir);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
360 wcscat_s (retval, cmd_line_len, L"\\");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
361 wcscat_s (retval, cmd_line_len, NSS_APP_NAME);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
362 wcscat_s (retval, cmd_line_len, L"\" \"");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
363 wcscat_s (retval, cmd_line_len, selection_file);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
364 wcscat_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
365
1060
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
366 if (g_debug)
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
367 {
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
368 wcscat_s (retval, cmd_line_len, L" --debug");
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
369 }
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
370
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
371 return retval;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
372 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
373
676
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
374 /** @brief Increase the privileges of the current token to allow registry access
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
375 *
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
376 * To load another users registry you need SE_BACKUP_NAME and SE_RESTORE_NAME
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
377 * privileges. Normally if we are running elevated we can obtain them.
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
378 *
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
379 * @returns true if the privileges could be obtained. False otherwise
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
380 */
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
381 static bool
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
382 get_backup_restore_priv()
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
383 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
384 HANDLE hToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
385 PTOKEN_PRIVILEGES psToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
386 DWORD token_size = 0,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
387 dwI = 0,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
388 token_size_new = 0,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
389 privilege_size = 128;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
390 char privilege_name[128];
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
391 bool retval = false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
392 bool backup_found = false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
393 bool restore_found = false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
394
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
395
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
396 if (!OpenProcessToken (GetCurrentProcess(),
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
397 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
398 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
399 PRINTLASTERROR ("Failed to get process token.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
400 return false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
401 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
402
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
403 /* Get the size for the token */
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
404 GetTokenInformation (hToken, TokenPrivileges, NULL, 0, &token_size);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
405 if (token_size == 0)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
406 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
407 PRINTLASTERROR ("Failed to get token size.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
408 goto done;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
409 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
410
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
411 psToken = xmalloc(token_size);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
412
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
413 if (!GetTokenInformation (hToken, TokenPrivileges, psToken, token_size, &token_size_new))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
414 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
415 PRINTLASTERROR ("Failed to get token information.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
416 goto done;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
417 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
418
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
419 if (token_size != token_size_new)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
420 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
421 ERRORPRINTF ("Size changed.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
422 goto done;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
423 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
424
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
425 for(dwI = 0; dwI < psToken->PrivilegeCount; dwI++)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
426 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
427 privilege_size = sizeof (privilege_name);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
428 if (!LookupPrivilegeNameA (NULL, &psToken->Privileges[dwI].Luid,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
429 privilege_name, &privilege_size))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
430 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
431 PRINTLASTERROR ("Failed to lookup privilege name");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
432 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
433
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
434 if(strcmp(privilege_name, "SeRestorePrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
435 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
436 psToken->Privileges[dwI].Attributes |= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
437 restore_found = true;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
438 continue;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
439 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
440 if(strcmp(privilege_name, "SeBackupPrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
441 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
442 psToken->Privileges[dwI].Attributes |= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
443 backup_found = true;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
444 continue;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
445 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
446 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
447 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
448 break;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
449 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
450 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
451
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
452 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
453 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
454 if(!AdjustTokenPrivileges (hToken, 0, psToken, token_size, NULL, NULL))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
455 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
456 PRINTLASTERROR ("Failed to adjust token privileges.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
457 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
458 else
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
459 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
460 retval = true;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
461 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
462 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
463
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
464 done:
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
465 if (hToken != NULL)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
466 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
467 CloseHandle(hToken);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
468 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
469 xfree(psToken);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
470 return retval;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
471 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
472
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
473 /**@brief Register NSS process as runOnce for other users
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
474 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
475 * Loads the registry hives of other users on the system and
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
476 * adds a RunOnce registry key to start the NSS process to
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
477 * install the current selection on their next login.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
478 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
479 * This should avoid conflicts with their firefox / thunderbird
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
480 * while making the certificates available for their applications.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
481 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
482 * This function needs SE_BACKUP_NAME and SE_RESTORE_NAME
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
483 * privileges.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
484 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
485 * @param [in] selection_file filename of the file containing
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
486 * the users install / remove selection.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
487 */
676
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
488 static void
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
489 register_proccesses_for_others (wchar_t *selection_file)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
490 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
491 pkp_t *pkplist = locate_other_hives(),
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
492 *cur = NULL;
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
493 wchar_t *run_command = NULL;
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
494
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
495 if (pkplist == NULL)
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
496 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
497 DEBUGPRINTF ("No hives found.");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
498 return;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
499 }
676
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
500
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
501 if (!get_backup_restore_priv())
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
502 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
503 ERRORPRINTF ("Failed to obtain backup / restore privileges.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
504 return;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
505 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
506
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
507 run_command = get_command_line (selection_file);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
508 for (cur = pkplist; cur != NULL; cur = cur->next)
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
509 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
510 LONG ret = 0;
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
511 wchar_t *hivepath = utf8_to_wchar (cur->hive_path, strlen(cur->hive_path));
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
512 HKEY key_handle = NULL;
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
513 bool key_loaded = false;
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
514
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
515 if (hivepath == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
516 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
517 ERRORPRINTF ("Failed to read hive path");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
518 continue;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
519 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
520 ret = RegLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive", hivepath);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
521
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
522 xfree (hivepath);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
523 hivepath = NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
524
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
525 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
526 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
527 /* This is somewhat expected if the registry is not located
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
528 in the standard location or already loaded. Try to access
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
529 the loaded registry in that case*/
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
530 wchar_t *user_key = NULL,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
531 *w_sid = NULL;
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
532 size_t user_key_len = 0;
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
533
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
534 SetLastError((DWORD)ret);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
535 PRINTLASTERROR ("Failed to load hive. Trying to access already loaded hive.");
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
536
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
537 w_sid = utf8_to_wchar (cur->sid, strlen(cur->sid));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
538 if (!w_sid)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
539 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
540 ERRORPRINTF ("Failed to read sid.");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
541 continue;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
542 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
543 user_key_len = wcslen (L"\\" RUNONCE_PATH) + wcslen(w_sid) + 1;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
544 user_key = xmalloc (user_key_len * sizeof (wchar_t));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
545 wcscpy_s (user_key, user_key_len, w_sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
546 wcscat_s (user_key, user_key_len, L"\\" RUNONCE_PATH);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
547 user_key[user_key_len - 1] = '\0';
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
548 xfree (w_sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
549 w_sid = NULL;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
550
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
551 ret = RegOpenKeyExW (HKEY_USERS,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
552 user_key,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
553 0,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
554 KEY_WRITE,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
555 &key_handle);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
556 xfree (user_key);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
557 if (ret != ERROR_SUCCESS)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
558 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
559 ERRORPRINTF ("Failed to find RunOnce key for sid: %s in HKEY_USERS.", cur->sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
560 continue;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
561 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
562 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
563 else
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
564 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
565 key_loaded = true;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
566 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
567 APPNAME L"_tmphive\\" RUNONCE_PATH,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
568 0,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
569 KEY_WRITE,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
570 &key_handle);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
571
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
572 if (ret != ERROR_SUCCESS)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
573 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
574 ERRORPRINTF ("Failed to find RunOnce key in other registry.");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
575 RegUnLoadKey (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
576 continue;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
577 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
578
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
579 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
580
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
581 ret = RegSetValueExW (key_handle, APPNAME, 0, REG_SZ, (LPBYTE) run_command,
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
582 (wcslen(run_command) + 1) * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
583
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
584 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
585 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
586 ERRORPRINTF ("Failed to write RunOnce key.");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
587 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
588
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
589 RegCloseKey (key_handle);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
590 if (key_loaded)
677
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
591 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
592 ret = RegUnLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
593 if (ret != ERROR_SUCCESS)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
594 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
595 SetLastError ((DWORD)ret);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
596 PRINTLASTERROR ("Failed to unload hive.");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
597 }
677
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
598 }
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
599 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
600
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
601 xfree (run_command);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
602 pkp_t_free (pkplist);
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
603 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
604
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
605 /**@brief Start the process to install / remove
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
606 *
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
607 * Starts the NSS installation process for the current user
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
608 *
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
609 * @param [in] selection_file filename of the file containing
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
610 * the users install / remove selection.
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
611 *
985
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
612 * @param [in] drop_privileges weather or not elevated privileges
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
613 * should be dropped before starting the process.
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
614 *
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
615 * @returns true on success, false on error.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
616 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
617 static bool
985
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
618 start_procces_for_user (wchar_t *selection_file, bool drop_privileges)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
619 {
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
620 HANDLE hToken = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
621 LPWSTR lpApplicationPath = NULL,
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
622 lpCommandLine = NULL;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
623 PROCESS_INFORMATION piProcInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
624 STARTUPINFOW siStartInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
625 BOOL success = FALSE;
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
626 char *install_dir = get_install_dir();
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
627 wchar_t *w_inst_dir;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
628 size_t w_path_len = 0;
1084
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
629 bin_verify_result v_res;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
630
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
631 if (!selection_file)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
632 {
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
633 ERRORPRINTF ("Invalid call\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
634 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
635 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
636
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
637 /* Set up the application path. It's installdir + NSS_APP_NAME */
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
638 if (install_dir == NULL)
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
639 {
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
640 ERRORPRINTF ("Failed to get installation directory");
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
641 return FALSE;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
642 }
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
643
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
644 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
645 xfree (install_dir);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
646 install_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
647
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
648 w_path_len = wcslen(w_inst_dir) + wcslen(L"\\" NSS_APP_NAME) + 1;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
649 lpApplicationPath = xmalloc(w_path_len * sizeof (wchar_t));
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
650 wcscpy_s (lpApplicationPath, w_path_len, w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
651 xfree (w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
652 w_inst_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
653 wcscat_s (lpApplicationPath, w_path_len, L"\\" NSS_APP_NAME);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
654
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
655 /* set up handles. stdin and stdout go to the same stdout*/
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
656 siStartInfo.cb = sizeof (STARTUPINFO);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
657
985
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
658 if (is_elevated() && drop_privileges)
824
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
659 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
660 /* Start the child process as normal user */
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
661 hToken = get_restricted_token ();
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
662 if (hToken == NULL)
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
663 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
664 ERRORPRINTF ("Failed to get user level token.");
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
665 return false;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
666 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
667 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
668 else if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
669 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
670 PRINTLASTERROR("Failed to get current handle.");
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
671 xfree (lpApplicationPath);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
672 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
673 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
674
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
675 lpCommandLine = get_command_line (selection_file);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
676
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
677 if (lpCommandLine == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
678 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
679 ERRORPRINTF ("Failed to build command line.");
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
680 xfree (lpApplicationPath);
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
681 return false;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
682 }
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
683
1084
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
684 /* Verify the binary */
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
685 {
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
686 char *utf8_name = wchar_to_utf8 (lpApplicationPath, wcslen(lpApplicationPath));
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
687 v_res = verify_binary (utf8_name, strlen(utf8_name));
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
688 xfree(utf8_name);
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
689 }
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
690
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
691 if (v_res.result != VerifyValid)
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
692 {
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
693 ERRORPRINTF ("Failed to verify the NSS installer.\n");
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
694 syslog_error_printf ("Integrity check of the certificate installation subprocess for NSS failed.\n");
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
695 xfree (lpApplicationPath);
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
696 xfree (lpCommandLine);
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
697 return false;
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
698 }
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
699
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
700 DEBUGPRINTF ("Starting %S with command line %S\n", lpApplicationPath, lpCommandLine);
392
8090a1bc1b5b Add a space in the command line
Andre Heinecke <andre.heinecke@intevation.de>
parents: 391
diff changeset
701
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
702 success = CreateProcessAsUserW (hToken,
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
703 lpApplicationPath,
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
704 lpCommandLine, /* Commandline */
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
705 NULL, /* Process attributes. Take hToken */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
706 NULL, /* Thread attribues. Take hToken */
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
707 FALSE, /* Inherit Handles */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
708 0, /* Creation flags. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
709 NULL, /* Inherit environment */
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
710 NULL, /* Current working directory */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
711 &siStartInfo,
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
712 &piProcInfo);
1084
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
713 fclose (v_res.fptr);
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
714 xfree (lpApplicationPath);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
715 xfree (lpCommandLine);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
716 if (!success)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
717 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
718 PRINTLASTERROR ("Failed to create process.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
719 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
720 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
721
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
722 if (WaitForSingleObject (piProcInfo.hProcess, PROCESS_TIMEOUT) != WAIT_OBJECT_0)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
723 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
724 /* Should not happen... */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
725 ERRORPRINTF ("Failed to wait for process.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
726 if (piProcInfo.hProcess)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
727 CloseHandle (piProcInfo.hProcess);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
728 if (piProcInfo.hThread)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
729 CloseHandle (piProcInfo.hThread);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
730 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
731 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
732 if (piProcInfo.hProcess)
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
733 CloseHandle (piProcInfo.hProcess);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
734 if (piProcInfo.hThread)
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
735 CloseHandle (piProcInfo.hThread);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
736 return true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
737 }
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
738
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
739 /**@brief Writes the selection file containing the instructions
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
740 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
741 * If the process is running elevated the instructions are
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
742 * written to the global ProgramData directory otherwise
826
4aa33c408776 Remove TODO windows gracefully handles the case where the data directory is not accessible.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 825
diff changeset
743 * they are written in the directory of the current user.
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
744 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
745 * If the return value is not NULL it needs to be freed by the caller.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
746 * The returned path will contain backslashes as directory seperators.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
747 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
748 * @param[in] to_install Certificates that should be installed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
749 * @param[in] to_remove Certificates that should be removed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
750 * @returns pointer to the absolute filename of the selection file or NULL
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
751 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
752 wchar_t *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
753 write_selection_file (char **to_install, char **to_remove)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
754 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
755 wchar_t *folder_name = NULL,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
756 *path = NULL;
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
757 HANDLE hFile = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
758 size_t path_len;
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
759 PACL access_control_list = NULL;
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
760
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
761 folder_name = get_program_data_folder();
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
762 if (!folder_name)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
763 {
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
764 ERRORPRINTF("Failed to look up ProgramData folder.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
765 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
766 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
767
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
768 path_len = wcslen (folder_name) + wcslen (APPNAME) + 2; /* path + dirsep + \0 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
769 path_len += wcslen (SELECTION_FILE_NAME) + 1; /* filename + dirsep */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
770
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
771 if (path_len >= MAX_PATH)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
772 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
773 /* We could go and use the full 32,767 characters but this
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
774 should be a very weird setup if this is neccessary. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
775 ERRORPRINTF ("Path too long.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
776 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
777 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
778
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
779 path = xmalloc (path_len * sizeof (wchar_t));
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
780 if (wcscpy_s (path, path_len, folder_name) != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
781 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
782 ERRORPRINTF ("Failed to copy folder name.\n");
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
783
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
784 CoTaskMemFree (folder_name);
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
785
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
786 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
787 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
788
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
789 CoTaskMemFree (folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
790
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
791 if (wcscat_s (path, path_len, L"\\") != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
792 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
793 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
794 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
795 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
796 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
797
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
798 if (wcscat_s (path, path_len, APPNAME) != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
799 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
800 ERRORPRINTF ("Failed to cat appname.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
801 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
802 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
803 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
804
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
805 /* Security: if someone has created this directory before
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
806 it might be a symlink to another place that a users
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
807 wants us to grant read access to or makes us overwrite
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
808 something */
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
809 if(!create_restricted_directory (path, true, &access_control_list))
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
810 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
811 ERRORPRINTF ("Failed to create directory\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
812 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
813 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
814 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
815
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
816 if (wcscat_s (path, path_len, L"\\") != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
817 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
818 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
819 xfree(path);
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
820 LocalFree(access_control_list);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
821 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
822 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
823
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
824 if (wcscat_s (path, path_len, SELECTION_FILE_NAME) != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
825 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
826 ERRORPRINTF ("Failed to cat filename.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
827 xfree(path);
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
828 LocalFree(access_control_list);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
829 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
830 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
831
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
832 hFile = CreateFileW(path,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
833 GENERIC_WRITE,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
834 0, /* don't share */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
835 NULL, /* use the security attributes from the folder */
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
836 OPEN_ALWAYS | TRUNCATE_EXISTING,
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
837 0,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
838 NULL);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
839
502
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
840 if (hFile == INVALID_HANDLE_VALUE && GetLastError() == ERROR_FILE_NOT_FOUND)
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
841 {
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
842 hFile = CreateFileW(path,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
843 GENERIC_WRITE,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
844 0, /* don't share */
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
845 NULL, /* use the security attributes from the folder */
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
846 CREATE_NEW,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
847 0,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
848 NULL);
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
849 }
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
850 else
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
851 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
852 /* Opened existing file */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
853 /* Set our ACL on it */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
854 PSID admin_SID = NULL;
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
855 SID_IDENTIFIER_AUTHORITY admin_identifier = {SECURITY_NT_AUTHORITY};
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
856
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
857 /* Create the SID for the BUILTIN\Administrators group. */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
858 if(!AllocateAndInitializeSid(&admin_identifier,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
859 2,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
860 SECURITY_BUILTIN_DOMAIN_RID, /*BUILTIN\ */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
861 DOMAIN_ALIAS_RID_ADMINS, /*\Administrators */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
862 0, 0, 0, 0, 0, 0, /* No other */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
863 &admin_SID))
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
864 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
865 PRINTLASTERROR ("Failed to allocate admin sid.");
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
866 syslog_error_printf ( "Failed to allocate admin sid.");
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
867 if (hFile)
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
868 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
869 CloseHandle (hFile);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
870 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
871 xfree (path);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
872 LocalFree(access_control_list);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
873 return NULL;
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
874 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
875
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
876 if (SetNamedSecurityInfoW (path,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
877 SE_FILE_OBJECT,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
878 DACL_SECURITY_INFORMATION |
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
879 OWNER_SECURITY_INFORMATION |
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
880 GROUP_SECURITY_INFORMATION,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
881 admin_SID, /* owner */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
882 admin_SID, /* group */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
883 access_control_list, /* the dacl */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
884 NULL) != ERROR_SUCCESS)
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
885 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
886 ERRORPRINTF ("Failed to set the ACL on the NSS instruction file.");
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
887 if (hFile)
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
888 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
889 CloseHandle (hFile);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
890 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
891 FreeSid(admin_SID);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
892 LocalFree(access_control_list);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
893 xfree (path);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
894 return NULL;
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
895 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
896 FreeSid(admin_SID);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
897 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
898
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
899 LocalFree(access_control_list);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
900
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
901 if (hFile == INVALID_HANDLE_VALUE)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
902 {
502
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
903 PRINTLASTERROR ("Failed to create file\n");
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
904 syslog_error_printf ( "Failed to create nss instruction file.");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
905 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
906 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
907 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
908 if (!write_instructions (to_install, hFile, false))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
909 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
910 ERRORPRINTF ("Failed to write install instructions.\n");
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
911 syslog_error_printf ( "Failed to write nss instruction file.");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
912 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
913 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
914 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
915 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
916 if (!write_instructions (to_remove, hFile, true))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
917 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
918 ERRORPRINTF ("Failed to write remove instructions.\n");
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
919 syslog_error_printf ( "Failed to write nss instruction file removal entries.");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
920 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
921 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
922 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
923 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
924 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
925
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
926 return path;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
927 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
928
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
929 int
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
930 write_stores_nss (char **to_install, char **to_remove)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
931 {
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
932 wchar_t *selection_file_name = NULL;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
933
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
934 selection_file_name = write_selection_file (to_install, to_remove);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
935 if (!selection_file_name)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
936 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
937 ERRORPRINTF ("Failed to write instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
938 return -1;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
939 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
940
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
941 DEBUGPRINTF ("Wrote selection file. Loc: %S\n", selection_file_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
942
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
943 if (is_elevated())
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
944 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
945 register_proccesses_for_others (selection_file_name);
985
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
946 /* Start the NSS process once with elevated rights to
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
947 install into the default profile directories. */
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
948 if (!start_procces_for_user (selection_file_name, false))
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
949 {
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
950 ERRORPRINTF ("Failed to run NSS installation process for default folders.\n");
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
951 xfree(selection_file_name);
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
952 return -1;
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
953 }
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
954 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
955
985
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
956 if (!start_procces_for_user (selection_file_name, true))
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
957 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
958 ERRORPRINTF ("Failed to run NSS installation process.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
959 xfree(selection_file_name);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
960 return -1;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
961 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
962 xfree(selection_file_name);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
963 return 0;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
964 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
965
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
966 #endif

http://wald.intevation.org/projects/trustbridge/