annotate cinst/nssstore_win.c @ 1386:90a8eb36e9b0

Add public certificate for updates.trustbridge.de
author Andre Heinecke <andre.heinecke@intevation.de>
date Thu, 15 Jan 2015 16:14:35 +0100
parents 845048d4a69f
children
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
7 */
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #ifdef WIN32
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
10 /* @file
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
11 @brief Windows implementation of nssstore process control.
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
12
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
13 The windows process will write an instructions file for
1175
e210ecc32d69 (issue128) Rename mozilla process to trustbridge-nss-installer
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
14 the nss-installer process into the current users temp directory
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
15 (%APPDATA%/Local/Temp/) and start the NSS installation process to
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
16 exectute those instructions. If the current process is elevated
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
17 the NSS process is run with a restricted token.
1175
e210ecc32d69 (issue128) Rename mozilla process to trustbridge-nss-installer
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
18 The execution of the nss-installer process is not monitored.
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
19 You have to refer to the system log to check which certificates were
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
20 installed / removed by it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
21
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
22 If the installation process is running elevated it
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
23 will create the file in the ProgramData directory in
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
24 a subdirectory with the defined application name.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
25 %PROGRAMDATA%/$APPLICATION_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
26 with the file name:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
27 current_selection.txt
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
28 The folder will have restricted permissions so
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
29 that only Administrators are allowed to access it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
30
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
31 Additionally if this process is Elevated it also starts the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
32 NSS installation process in default profile mode once to change
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
33 the default NSS certificate databases for new profiles.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
34
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
35 The process then adds a new RunOnce registry key
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
36 for each user on the system that executes the NSS installation
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
37 process on login to make sure it is launched once in the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
38 security context of that user.
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
39 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
40
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
41 #include <windows.h>
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
42 #include <sddl.h>
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
43 #include <stdio.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
44 #include <stdbool.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
45 #include <userenv.h>
329
b1059360a0c7 Debugprintf with output debug string on windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 324
diff changeset
46 #include <io.h>
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
47 #include <accctrl.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
48 #include <aclapi.h>
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
49
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
50 #include "logging.h"
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
51 #include "util.h"
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
52 #include "strhelp.h"
1084
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
53 #include "binverify.h"
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
54
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
55 #ifndef APPNAME
1176
c8f698ca6355 (issue128) Rename cinst to trustbridge-certificate-installer
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1175
diff changeset
56 #define APPNAME L"trustbridge-certificate-installer"
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
57 #endif
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
58
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
59 /**@def The name of the nss installation process */
1175
e210ecc32d69 (issue128) Rename mozilla process to trustbridge-nss-installer
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
60 #define NSS_APP_NAME L"trustbridge-nss-installer.exe"
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
61
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
62 #ifndef SELECTION_FILE_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
63 #define SELECTION_FILE_NAME L"currently_selected.txt"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
64 #endif
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
65
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
66 /**@def The maximum time to wait for the NSS Process */
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
67 #define PROCESS_TIMEOUT 30000
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
68
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
69 /**@def The registry key to look for user profile directories */
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
70 #define PROFILE_LIST L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
71 #define RUNONCE_PATH L"Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
72
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
73 struct profile_key_path
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
74 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
75 char *sid;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
76 char *hive_path;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
77 struct profile_key_path *next;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
78 };
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
79
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
80 /**
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
81 * @brief combination of sid and hive path
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
82 */
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
83 typedef struct profile_key_path pkp_t;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
84
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
85 static void
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
86 pkp_t_free (pkp_t *item)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
87 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
88 if (!item)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
89 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
90 return;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
91 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
92 xfree (item->sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
93 xfree (item->hive_path);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
94 if (item->next)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
95 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
96 pkp_t_free (item->next);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
97 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
98 xfree (item);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
99 }
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
100
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
101 /**@brief Write strv of instructions to a handle
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
102 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
103 * Writes the null terminated list of instructions to
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
104 * the handle.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
105 *
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
106 * @param [in] certificates base64 encoded der certificate to write
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
107 * @param [in] write_handle handle to write to
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
108 * @param [in] remove weather the certificate should be installed or removed
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
109 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
110 * @returns true on success, false on failure
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
111 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
112 static bool
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
113 write_instructions(char **certificates, HANDLE write_handle,
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
114 bool remove)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
115 {
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
116 bool retval = false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
117 int i = 0;
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
118 const char *line_end = "\r\n";
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
119 char *line_start = NULL;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
120
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
121 if (!certificates)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
122 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
123 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
124 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
125
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
126 line_start = remove ? "R:" : "I:";
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
127
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
128 for (i = 0; certificates[i]; i++)
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
129 {
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
130 DWORD written = 0;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
131 DWORD inst_len = strlen (certificates[i]);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
132 retval = WriteFile (write_handle, (LPCVOID) line_start, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
133 if (!retval)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
134 {
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
135 PRINTLASTERROR ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
136 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
137 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
138 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
139 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
140 ERRORPRINTF ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
141 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
142 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
143 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
144 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
145 retval = WriteFile (write_handle, (LPCVOID) certificates[i], inst_len, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
146 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
147 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
148 PRINTLASTERROR ("Failed to write certificate\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
149 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
150 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
151 if (inst_len != written)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
152 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
153 ERRORPRINTF ("Failed to write everything\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
154 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
155 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
156 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
157 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
158 retval = WriteFile (write_handle, (LPCVOID) line_end, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
159 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
160 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
161 PRINTLASTERROR ("Failed to write line end\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
162 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
163 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
164 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
165 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
166 ERRORPRINTF ("Failed to write full line end\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
167 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
168 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
169 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
170 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
171 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
172 }
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
173 /**@brief Get the path to all users default registry hive
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
174 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
175 * Enumerates the keys in #PROFILE_LIST and retuns a
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
176 * list of their profile path / sid pairs with the utf-8 encoded paths to
1247
d4b24df4eed1 Doc: fix typo
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
177 * their suggested registry hive location.
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
178 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
179 * Users with an SID not starting with S-1-5-21- are ignored
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
180 * as is the current user.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
181 *
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
182 * The return value should be freed with pkp_t_free
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
183 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
184 * @returns a newly allocated strv of the paths to the registry hives or NULL
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
185 */
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
186 static pkp_t*
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
187 locate_other_hives()
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
188 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
189 HKEY profile_list = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
190 int ret = 0;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
191 DWORD index = 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
192 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
193 /* According to
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
194 http://msdn.microsoft.com/en-us/library/windows/desktop/ms724872%28v=vs.85%29.aspx
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
195 a registry key is limited to 255 characters. But according to
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
196 http://www.sepago.de/e/holger/2010/07/20/how-long-can-a-registry-key-name-really-be
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
197 the actual limit is 256 + \0 thus we create a buffer for 257 wchar_t's*/
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
198 wchar_t key_name[257],
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
199 *current_user_sid = NULL;
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
200 pkp_t *retval = NULL,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
201 *cur_item = NULL;
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
202 bool error = true;
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
203 PSID current_user = NULL;
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
204
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
205 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE, PROFILE_LIST, 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
206 KEY_READ, &profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
207 if (ret != ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
208 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
209 ERRORPRINTF ("Failed to open profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
210 return NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
211 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
212
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
213 /* Obtain the current user sid to prevent it from being returned. */
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
214 current_user = get_process_owner (GetCurrentProcess());
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
215
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
216 if (!current_user)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
217 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
218 ERRORPRINTF ("Failed to get the current user.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
219 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
220 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
221
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
222 if (!ConvertSidToStringSidW (current_user, &current_user_sid))
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
223 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
224 PRINTLASTERROR ("Failed to convert sid to string.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
225 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
226 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
227
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
228 while ((ret = RegEnumKeyExW (profile_list, index++,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
229 key_name, &key_len,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
230 NULL, NULL, NULL, NULL)) == ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
231 {
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
232 char *profile_path = NULL;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
233 wchar_t *key_path = NULL;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
234 size_t key_path_len = 0,
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
235 profile_path_len = 0;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
236
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
237 if (key_len == 257)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
238 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
239 ERRORPRINTF ("Registry key too long.");
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
240 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
241 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
242
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
243 /* Reset key_len to buffer size */
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
244 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
245
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
246 if (wcsncmp (L"S-1-5-21-", key_name, 9) != 0 ||
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
247 wcscmp (current_user_sid, key_name) == 0)
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
248 {
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
249 /* S-1-5-21 is the well known prefix for local users. Skip all
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
250 others and the current user*/
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
251 continue;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
252 }
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
253
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
254 key_path_len = key_len + wcslen(PROFILE_LIST L"\\") + 1;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
255 key_path = xmalloc (key_path_len * sizeof (wchar_t));
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
256
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
257 wcscpy_s (key_path, key_path_len, PROFILE_LIST L"\\");
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
258 wcscat_s (key_path, key_path_len, key_name);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
259 key_path[key_path_len - 1] = '\0';
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
260
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
261 DEBUGPRINTF ("Key : %S", key_name);
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
262 profile_path = read_registry_string (HKEY_LOCAL_MACHINE,
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
263 key_path, L"ProfileImagePath");
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
264 xfree (key_path);
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
265
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
266 if (profile_path == NULL)
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
267 {
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
268 ERRORPRINTF ("Failed to get profile path.");
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
269 continue;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
270 }
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
271 profile_path_len = strlen (profile_path);
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
272 str_append_str (&profile_path, &profile_path_len, "\\ntuser.dat", 11);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
273 if (retval == NULL)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
274 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
275 retval = xmalloc (sizeof (pkp_t));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
276 cur_item = retval;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
277 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
278 else
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
279 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
280 cur_item->next = xmalloc (sizeof(pkp_t));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
281 cur_item = cur_item->next;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
282 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
283 cur_item->hive_path = profile_path;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
284 cur_item->sid = wchar_to_utf8 (key_name, wcslen(key_name));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
285 cur_item->next = NULL;
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
286
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
287 DEBUGPRINTF ("Trying to access registry hive: %s", profile_path);
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
288 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
289
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
290 if (ret != ERROR_NO_MORE_ITEMS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
291 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
292 ERRORPRINTF ("Failed to enumeratre profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
293 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
294 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
295
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
296 error = false;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
297
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
298 done:
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
299 xfree (current_user);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
300
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
301 RegCloseKey (profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
302
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
303 if (current_user_sid)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
304 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
305 LocalFree (current_user_sid);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
306 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
307
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
308 if (error)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
309 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
310 pkp_t_free (retval);
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
311 retval = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
312 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
313
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
314 return retval;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
315 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
316
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
317 /** @brief Build the command line for the NSS installation process
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
318 *
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
319 * Caller has to free the return value
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
320 *
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
321 * @param [in] selection_file the certificates to install
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
322 *
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
323 * @returns the command line to install the certificates. */
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
324 static wchar_t*
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
325 get_command_line(wchar_t *selection_file)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
326 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
327 LPWSTR retval;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
328 char *install_dir = get_install_dir();
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
329 wchar_t *w_inst_dir;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
330 size_t cmd_line_len = 0;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
331
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
332 if (install_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
333 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
334 ERRORPRINTF ("Failed to get installation directory");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
335 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
336 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
337
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
338 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
339 xfree (install_dir);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
340
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
341 if (w_inst_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
342 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
343 ERRORPRINTF ("Failed to convert installation directory");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
344 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
345 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
346
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
347 /* installdir + dirsep + quotes + process name + space + quotes + selection_file
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
348 + NULL */
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
349 cmd_line_len = wcslen (w_inst_dir) + 1 + 2 + wcslen (NSS_APP_NAME) +
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
350 + 1 + 2 + wcslen(selection_file) + 1;
1060
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
351 if (g_debug)
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
352 {
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
353 /* Add space for whitespace and --debug*/
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
354 cmd_line_len += 8;
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
355 }
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
356 retval = xmalloc (cmd_line_len * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
357
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
358 wcscpy_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
359 wcscat_s (retval, cmd_line_len, w_inst_dir);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
360 wcscat_s (retval, cmd_line_len, L"\\");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
361 wcscat_s (retval, cmd_line_len, NSS_APP_NAME);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
362 wcscat_s (retval, cmd_line_len, L"\" \"");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
363 wcscat_s (retval, cmd_line_len, selection_file);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
364 wcscat_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
365
1060
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
366 if (g_debug)
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
367 {
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
368 wcscat_s (retval, cmd_line_len, L" --debug");
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
369 }
317ee9dc4684 (issue46) Make debug output optional in cinst and mozilla and propagate its setting.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
370
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
371 return retval;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
372 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
373
676
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
374 /** @brief Increase the privileges of the current token to allow registry access
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
375 *
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
376 * To load another users registry you need SE_BACKUP_NAME and SE_RESTORE_NAME
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
377 * privileges. Normally if we are running elevated we can obtain them.
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
378 *
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
379 * @returns true if the privileges could be obtained. False otherwise
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
380 */
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
381 static bool
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
382 get_backup_restore_priv()
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
383 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
384 HANDLE hToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
385 PTOKEN_PRIVILEGES psToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
386 DWORD token_size = 0,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
387 dwI = 0,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
388 token_size_new = 0,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
389 privilege_size = 128;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
390 char privilege_name[128];
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
391 bool retval = false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
392 bool backup_found = false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
393 bool restore_found = false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
394
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
395
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
396 if (!OpenProcessToken (GetCurrentProcess(),
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
397 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
398 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
399 PRINTLASTERROR ("Failed to get process token.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
400 return false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
401 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
402
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
403 /* Get the size for the token */
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
404 GetTokenInformation (hToken, TokenPrivileges, NULL, 0, &token_size);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
405 if (token_size == 0)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
406 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
407 PRINTLASTERROR ("Failed to get token size.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
408 goto done;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
409 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
410
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
411 psToken = xmalloc(token_size);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
412
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
413 if (!GetTokenInformation (hToken, TokenPrivileges, psToken, token_size, &token_size_new))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
414 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
415 PRINTLASTERROR ("Failed to get token information.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
416 goto done;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
417 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
418
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
419 if (token_size != token_size_new)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
420 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
421 ERRORPRINTF ("Size changed.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
422 goto done;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
423 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
424
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
425 for(dwI = 0; dwI < psToken->PrivilegeCount; dwI++)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
426 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
427 privilege_size = sizeof (privilege_name);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
428 if (!LookupPrivilegeNameA (NULL, &psToken->Privileges[dwI].Luid,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
429 privilege_name, &privilege_size))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
430 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
431 PRINTLASTERROR ("Failed to lookup privilege name");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
432 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
433
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
434 if(strcmp(privilege_name, "SeRestorePrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
435 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
436 psToken->Privileges[dwI].Attributes |= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
437 restore_found = true;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
438 continue;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
439 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
440 if(strcmp(privilege_name, "SeBackupPrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
441 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
442 psToken->Privileges[dwI].Attributes |= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
443 backup_found = true;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
444 continue;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
445 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
446 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
447 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
448 break;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
449 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
450 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
451
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
452 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
453 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
454 if(!AdjustTokenPrivileges (hToken, 0, psToken, token_size, NULL, NULL))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
455 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
456 PRINTLASTERROR ("Failed to adjust token privileges.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
457 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
458 else
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
459 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
460 retval = true;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
461 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
462 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
463
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
464 done:
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
465 if (hToken != NULL)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
466 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
467 CloseHandle(hToken);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
468 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
469 xfree(psToken);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
470 return retval;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
471 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
472
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
473 /**@brief Register NSS process as runOnce for other users
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
474 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
475 * Loads the registry hives of other users on the system and
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
476 * adds a RunOnce registry key to start the NSS process to
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
477 * install the current selection on their next login.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
478 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
479 * This should avoid conflicts with their firefox / thunderbird
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
480 * while making the certificates available for their applications.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
481 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
482 * This function needs SE_BACKUP_NAME and SE_RESTORE_NAME
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
483 * privileges.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
484 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
485 * @param [in] selection_file filename of the file containing
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
486 * the users install / remove selection.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
487 */
676
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
488 static void
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
489 register_proccesses_for_others (wchar_t *selection_file)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
490 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
491 pkp_t *pkplist = locate_other_hives(),
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
492 *cur = NULL;
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
493 wchar_t *run_command = NULL;
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
494
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
495 if (pkplist == NULL)
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
496 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
497 DEBUGPRINTF ("No hives found.");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
498 return;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
499 }
676
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
500
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
501 if (!get_backup_restore_priv())
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
502 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
503 ERRORPRINTF ("Failed to obtain backup / restore privileges.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
504 return;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
505 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
506
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
507 run_command = get_command_line (selection_file);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
508 for (cur = pkplist; cur != NULL; cur = cur->next)
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
509 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
510 LONG ret = 0;
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
511 wchar_t *hivepath = utf8_to_wchar (cur->hive_path, strlen(cur->hive_path));
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
512 HKEY key_handle = NULL;
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
513 bool key_loaded = false;
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
514
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
515 if (hivepath == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
516 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
517 ERRORPRINTF ("Failed to read hive path");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
518 continue;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
519 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
520 ret = RegLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive", hivepath);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
521
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
522 xfree (hivepath);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
523 hivepath = NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
524
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
525 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
526 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
527 /* This is somewhat expected if the registry is not located
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
528 in the standard location or already loaded. Try to access
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
529 the loaded registry in that case*/
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
530 wchar_t *user_key = NULL,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
531 *w_sid = NULL;
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
532 size_t user_key_len = 0;
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
533
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
534 SetLastError((DWORD)ret);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
535 PRINTLASTERROR ("Failed to load hive. Trying to access already loaded hive.");
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
536
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
537 w_sid = utf8_to_wchar (cur->sid, strlen(cur->sid));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
538 if (!w_sid)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
539 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
540 ERRORPRINTF ("Failed to read sid.");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
541 continue;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
542 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
543 user_key_len = wcslen (L"\\" RUNONCE_PATH) + wcslen(w_sid) + 1;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
544 user_key = xmalloc (user_key_len * sizeof (wchar_t));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
545 wcscpy_s (user_key, user_key_len, w_sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
546 wcscat_s (user_key, user_key_len, L"\\" RUNONCE_PATH);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
547 user_key[user_key_len - 1] = '\0';
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
548 xfree (w_sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
549 w_sid = NULL;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
550
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
551 ret = RegOpenKeyExW (HKEY_USERS,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
552 user_key,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
553 0,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
554 KEY_WRITE,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
555 &key_handle);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
556 xfree (user_key);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
557 if (ret != ERROR_SUCCESS)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
558 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
559 ERRORPRINTF ("Failed to find RunOnce key for sid: %s in HKEY_USERS.", cur->sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
560 continue;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
561 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
562 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
563 else
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
564 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
565 key_loaded = true;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
566 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
567 APPNAME L"_tmphive\\" RUNONCE_PATH,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
568 0,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
569 KEY_WRITE,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
570 &key_handle);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
571
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
572 if (ret != ERROR_SUCCESS)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
573 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
574 ERRORPRINTF ("Failed to find RunOnce key in other registry.");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
575 RegUnLoadKey (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
576 continue;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
577 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
578
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
579 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
580
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
581 ret = RegSetValueExW (key_handle, APPNAME, 0, REG_SZ, (LPBYTE) run_command,
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
582 (wcslen(run_command) + 1) * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
583
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
584 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
585 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
586 ERRORPRINTF ("Failed to write RunOnce key.");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
587 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
588
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
589 RegCloseKey (key_handle);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
590 if (key_loaded)
677
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
591 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
592 ret = RegUnLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
593 if (ret != ERROR_SUCCESS)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
594 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
595 SetLastError ((DWORD)ret);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
596 PRINTLASTERROR ("Failed to unload hive.");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
597 }
677
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
598 }
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
599 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
600
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
601 xfree (run_command);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
602 pkp_t_free (pkplist);
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
603 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
604
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
605 /**@brief Start the process to install / remove
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
606 *
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
607 * Starts the NSS installation process for the current user
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
608 *
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
609 * @param [in] selection_file filename of the file containing
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
610 * the users install / remove selection.
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
611 *
985
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
612 * @param [in] drop_privileges weather or not elevated privileges
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
613 * should be dropped before starting the process.
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
614 *
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
615 * @returns true on success, false on error.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
616 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
617 static bool
985
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
618 start_procces_for_user (wchar_t *selection_file, bool drop_privileges)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
619 {
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
620 HANDLE hToken = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
621 LPWSTR lpApplicationPath = NULL,
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
622 lpCommandLine = NULL;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
623 PROCESS_INFORMATION piProcInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
624 STARTUPINFOW siStartInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
625 BOOL success = FALSE;
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
626 char *install_dir = get_install_dir();
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
627 wchar_t *w_inst_dir;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
628 size_t w_path_len = 0;
1084
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
629 bin_verify_result v_res;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
630
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
631 if (!selection_file)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
632 {
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
633 ERRORPRINTF ("Invalid call\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
634 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
635 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
636
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
637 /* Set up the application path. It's installdir + NSS_APP_NAME */
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
638 if (install_dir == NULL)
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
639 {
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
640 ERRORPRINTF ("Failed to get installation directory");
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
641 return FALSE;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
642 }
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
643
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
644 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
645 xfree (install_dir);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
646 install_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
647
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
648 w_path_len = wcslen(w_inst_dir) + wcslen(L"\\" NSS_APP_NAME) + 1;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
649 lpApplicationPath = xmalloc(w_path_len * sizeof (wchar_t));
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
650 wcscpy_s (lpApplicationPath, w_path_len, w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
651 xfree (w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
652 w_inst_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
653 wcscat_s (lpApplicationPath, w_path_len, L"\\" NSS_APP_NAME);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
654
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
655 /* set up handles. stdin and stdout go to the same stdout*/
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
656 siStartInfo.cb = sizeof (STARTUPINFO);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
657
985
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
658 if (is_elevated() && drop_privileges)
824
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
659 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
660 /* Start the child process as normal user */
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
661 hToken = get_restricted_token ();
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
662 if (hToken == NULL)
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
663 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
664 ERRORPRINTF ("Failed to get user level token.");
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
665 return false;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
666 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
667 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
668 else if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
669 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
670 PRINTLASTERROR("Failed to get current handle.");
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
671 xfree (lpApplicationPath);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
672 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
673 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
674
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
675 lpCommandLine = get_command_line (selection_file);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
676
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
677 if (lpCommandLine == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
678 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
679 ERRORPRINTF ("Failed to build command line.");
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
680 xfree (lpApplicationPath);
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
681 return false;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
682 }
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
683
1084
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
684 /* Verify the binary */
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
685 {
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
686 char *utf8_name = wchar_to_utf8 (lpApplicationPath, wcslen(lpApplicationPath));
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
687 v_res = verify_binary (utf8_name, strlen(utf8_name));
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
688 xfree(utf8_name);
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
689 }
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
690
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
691 if (v_res.result != VerifyValid)
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
692 {
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
693 ERRORPRINTF ("Failed to verify the NSS installer.\n");
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
694 syslog_error_printf ("Integrity check of the certificate installation subprocess for NSS failed.\n");
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
695 xfree (lpApplicationPath);
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
696 xfree (lpCommandLine);
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
697 return false;
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
698 }
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
699
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
700 DEBUGPRINTF ("Starting %S with command line %S\n", lpApplicationPath, lpCommandLine);
392
8090a1bc1b5b Add a space in the command line
Andre Heinecke <andre.heinecke@intevation.de>
parents: 391
diff changeset
701
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
702 success = CreateProcessAsUserW (hToken,
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
703 lpApplicationPath,
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
704 lpCommandLine, /* Commandline */
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
705 NULL, /* Process attributes. Take hToken */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
706 NULL, /* Thread attribues. Take hToken */
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
707 FALSE, /* Inherit Handles */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
708 0, /* Creation flags. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
709 NULL, /* Inherit environment */
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
710 NULL, /* Current working directory */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
711 &siStartInfo,
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
712 &piProcInfo);
1084
b8fb6bf7f980 (issue118) Add signature check for cinst.exe and mozilla.exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1070
diff changeset
713 fclose (v_res.fptr);
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
714 xfree (lpApplicationPath);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
715 xfree (lpCommandLine);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
716 if (!success)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
717 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
718 PRINTLASTERROR ("Failed to create process.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
719 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
720 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
721
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
722 if (WaitForSingleObject (piProcInfo.hProcess, PROCESS_TIMEOUT) != WAIT_OBJECT_0)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
723 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
724 /* Should not happen... */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
725 ERRORPRINTF ("Failed to wait for process.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
726 if (piProcInfo.hProcess)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
727 CloseHandle (piProcInfo.hProcess);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
728 if (piProcInfo.hThread)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
729 CloseHandle (piProcInfo.hThread);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
730 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
731 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
732 if (piProcInfo.hProcess)
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
733 CloseHandle (piProcInfo.hProcess);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
734 if (piProcInfo.hThread)
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
735 CloseHandle (piProcInfo.hThread);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
736 return true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
737 }
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
738
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
739 /**@brief Writes the selection file containing the instructions
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
740 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
741 * If the process is running elevated the instructions are
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
742 * written to the global ProgramData directory otherwise
826
4aa33c408776 Remove TODO windows gracefully handles the case where the data directory is not accessible.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 825
diff changeset
743 * they are written in the directory of the current user.
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
744 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
745 * If the return value is not NULL it needs to be freed by the caller.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
746 * The returned path will contain backslashes as directory seperators.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
747 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
748 * @param[in] to_install Certificates that should be installed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
749 * @param[in] to_remove Certificates that should be removed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
750 * @returns pointer to the absolute filename of the selection file or NULL
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
751 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
752 wchar_t *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
753 write_selection_file (char **to_install, char **to_remove)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
754 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
755 wchar_t *folder_name = NULL,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
756 *path = NULL;
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
757 HANDLE hFile = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
758 size_t path_len;
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
759 PACL access_control_list = NULL;
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
760
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
761 folder_name = get_program_data_folder();
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
762 if (!folder_name)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
763 {
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
764 ERRORPRINTF("Failed to look up ProgramData folder.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
765 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
766 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
767
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
768 path_len = wcslen (folder_name) + wcslen (APPNAME) + 2; /* path + dirsep + \0 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
769 path_len += wcslen (SELECTION_FILE_NAME) + 1; /* filename + dirsep */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
770
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
771 if (path_len >= MAX_PATH)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
772 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
773 /* We could go and use the full 32,767 characters but this
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
774 should be a very weird setup if this is neccessary. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
775 ERRORPRINTF ("Path too long.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
776 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
777 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
778
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
779 path = xmalloc (path_len * sizeof (wchar_t));
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
780 if (wcscpy_s (path, path_len, folder_name) != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
781 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
782 ERRORPRINTF ("Failed to copy folder name.\n");
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
783
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
784 CoTaskMemFree (folder_name);
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
785
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
786 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
787 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
788
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
789 CoTaskMemFree (folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
790
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
791 if (wcscat_s (path, path_len, L"\\") != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
792 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
793 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
794 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
795 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
796 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
797
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
798 if (wcscat_s (path, path_len, APPNAME) != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
799 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
800 ERRORPRINTF ("Failed to cat appname.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
801 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
802 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
803 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
804
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
805 /* Security: if someone has created this directory before
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
806 it might be a symlink to another place that a users
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
807 wants us to grant read access to or makes us overwrite
1306
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
808 something so we take the acl that would have been used to
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
809 create the directory and apply it later on if the directory
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
810 exists. */
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
811 if (is_elevated())
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
812 {
1306
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
813 if(!create_restricted_directory (path, true, &access_control_list))
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
814 {
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
815 ERRORPRINTF ("Failed to create directory\n");
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
816 xfree(path);
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
817 return NULL;
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
818 }
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
819 }
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
820 else
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
821 {
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
822 /* We are not elevated so we do not have to care about
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
823 restricting access and just create the directory with
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
824 default access rights. */
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
825 if (!CreateDirectoryW(path, NULL))
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
826 {
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
827 DWORD err = GetLastError();
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
828 if (err != ERROR_ALREADY_EXISTS)
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
829 {
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
830 PRINTLASTERROR ("Failed to create directory");
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
831 DEBUGPRINTF ("Directory path is: %S ", path);
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
832 xfree (path);
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
833 return NULL;
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
834 }
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
835 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
836 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
837
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
838 if (wcscat_s (path, path_len, L"\\") != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
839 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
840 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
841 xfree(path);
1306
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
842 if (access_control_list)
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
843 {
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
844 LocalFree(access_control_list);
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
845 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
846 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
847 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
848
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
849 if (wcscat_s (path, path_len, SELECTION_FILE_NAME) != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
850 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
851 ERRORPRINTF ("Failed to cat filename.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
852 xfree(path);
1306
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
853 if (access_control_list)
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
854 {
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
855 LocalFree(access_control_list);
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
856 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
857 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
858 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
859
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
860 hFile = CreateFileW(path,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
861 GENERIC_WRITE,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
862 0, /* don't share */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
863 NULL, /* use the security attributes from the folder */
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
864 OPEN_ALWAYS | TRUNCATE_EXISTING,
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
865 0,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
866 NULL);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
867
502
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
868 if (hFile == INVALID_HANDLE_VALUE && GetLastError() == ERROR_FILE_NOT_FOUND)
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
869 {
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
870 hFile = CreateFileW(path,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
871 GENERIC_WRITE,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
872 0, /* don't share */
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
873 NULL, /* use the security attributes from the folder */
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
874 CREATE_NEW,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
875 0,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
876 NULL);
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
877 }
1306
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
878 else if (access_control_list)
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
879 {
1306
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
880 /* Opened existing file so set our ACL on it if
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
881 we created a restricted directory where
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
882 we obtained the access_control_list */
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
883 PSID admin_SID = NULL;
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
884 SID_IDENTIFIER_AUTHORITY admin_identifier = {SECURITY_NT_AUTHORITY};
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
885
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
886 /* Create the SID for the BUILTIN\Administrators group. */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
887 if(!AllocateAndInitializeSid(&admin_identifier,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
888 2,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
889 SECURITY_BUILTIN_DOMAIN_RID, /*BUILTIN\ */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
890 DOMAIN_ALIAS_RID_ADMINS, /*\Administrators */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
891 0, 0, 0, 0, 0, 0, /* No other */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
892 &admin_SID))
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
893 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
894 PRINTLASTERROR ("Failed to allocate admin sid.");
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
895 syslog_error_printf ( "Failed to allocate admin sid.");
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
896 if (hFile)
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
897 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
898 CloseHandle (hFile);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
899 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
900 xfree (path);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
901 LocalFree(access_control_list);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
902 return NULL;
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
903 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
904
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
905 if (SetNamedSecurityInfoW (path,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
906 SE_FILE_OBJECT,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
907 DACL_SECURITY_INFORMATION |
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
908 OWNER_SECURITY_INFORMATION |
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
909 GROUP_SECURITY_INFORMATION,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
910 admin_SID, /* owner */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
911 admin_SID, /* group */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
912 access_control_list, /* the dacl */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
913 NULL) != ERROR_SUCCESS)
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
914 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
915 ERRORPRINTF ("Failed to set the ACL on the NSS instruction file.");
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
916 if (hFile)
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
917 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
918 CloseHandle (hFile);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
919 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
920 FreeSid(admin_SID);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
921 LocalFree(access_control_list);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
922 xfree (path);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
923 return NULL;
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
924 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
925 FreeSid(admin_SID);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
926 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
927
1306
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
928 if (access_control_list)
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
929 {
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
930 LocalFree(access_control_list);
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
931 }
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
932
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
933 if (hFile == INVALID_HANDLE_VALUE)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
934 {
1306
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
935 DEBUGPRINTF("Failed to create or open file: %S", path);
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1247
diff changeset
936 PRINTLASTERROR ("ERROR");
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
937 syslog_error_printf ( "Failed to create nss instruction file.");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
938 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
939 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
940 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
941 if (!write_instructions (to_install, hFile, false))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
942 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
943 ERRORPRINTF ("Failed to write install instructions.\n");
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
944 syslog_error_printf ( "Failed to write nss instruction file.");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
945 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
946 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
947 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
948 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
949 if (!write_instructions (to_remove, hFile, true))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
950 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
951 ERRORPRINTF ("Failed to write remove instructions.\n");
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1176
diff changeset
952 syslog_error_printf ( "Failed to write nss instruction file removal entries.");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
953 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
954 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
955 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
956 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
957 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
958
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
959 return path;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
960 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
961
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
962 int
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
963 write_stores_nss (char **to_install, char **to_remove)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
964 {
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
965 wchar_t *selection_file_name = NULL;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
966
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
967 selection_file_name = write_selection_file (to_install, to_remove);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
968 if (!selection_file_name)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
969 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
970 ERRORPRINTF ("Failed to write instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
971 return -1;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
972 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
973
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
974 DEBUGPRINTF ("Wrote selection file. Loc: %S\n", selection_file_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
975
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
976 if (is_elevated())
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
977 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
978 register_proccesses_for_others (selection_file_name);
985
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
979 /* Start the NSS process once with elevated rights to
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
980 install into the default profile directories. */
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
981 if (!start_procces_for_user (selection_file_name, false))
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
982 {
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
983 ERRORPRINTF ("Failed to run NSS installation process for default folders.\n");
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
984 xfree(selection_file_name);
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
985 return -1;
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
986 }
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
987 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
988
985
1743895b39b8 (issue86) Install into default profile folders on windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
989 if (!start_procces_for_user (selection_file_name, true))
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
990 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
991 ERRORPRINTF ("Failed to run NSS installation process.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
992 xfree(selection_file_name);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
993 return -1;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
994 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
995 xfree(selection_file_name);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
996 return 0;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
997 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
998
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
999 #endif

http://wald.intevation.org/projects/trustbridge/