annotate cinst/nssstore_win.c @ 848:9792c69201c2

Add note about runtime dependencies for admin tool
author Andre Heinecke <andre.heinecke@intevation.de>
date Wed, 30 Jul 2014 16:22:55 +0200
parents 216a65d7fc4b
children 797aa8d9c785
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
7 */
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #ifdef WIN32
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
10 /* @file
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
11 @brief Windows implementation of nssstore process control.
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
12
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
13 The windows process will write an instructions file for
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
14 the mozilla process into the current users temp directory
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
15 (%APPDATA%/Local/Temp/) and start the NSS installation process to
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
16 exectute those instructions. If the current process is elevated
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
17 the NSS process is run with a restricted token.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
18 The execution of the mozilla process is not monitored.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
19 You have to refer to the system log to check which certificates were
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
20 installed / removed by it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
21
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
22 If the installation process is running elevated it
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
23 will create the file in the ProgramData directory in
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
24 a subdirectory with the defined application name.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
25 %PROGRAMDATA%/$APPLICATION_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
26 with the file name:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
27 current_selection.txt
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
28 The folder will have restricted permissions so
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
29 that only Administrators are allowed to access it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
30
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
31 Additionally if this process is Elevated it also starts the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
32 NSS installation process in default profile mode once to change
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
33 the default NSS certificate databases for new profiles.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
34
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
35 The process then adds a new RunOnce registry key
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
36 for each user on the system that executes the NSS installation
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
37 process on login to make sure it is launched once in the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
38 security context of that user.
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
39 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
40
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
41 #include <windows.h>
824
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
42 #include <winsafer.h>
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
43 #include <sddl.h>
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
44 #include <stdio.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
45 #include <stdbool.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
46 #include <userenv.h>
329
b1059360a0c7 Debugprintf with output debug string on windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 324
diff changeset
47 #include <io.h>
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
48 #include <accctrl.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
49 #include <aclapi.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
50 #include <shlobj.h>
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
51
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
52 #include "logging.h"
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
53 #include "util.h"
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
54 #include "strhelp.h"
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
55
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
56 #ifndef APPNAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
57 #define APPNAME L"cinst"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
58 #endif
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
59
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
60 /**@def The name of the nss installation process */
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
61 #define NSS_APP_NAME L"mozilla.exe"
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
62
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
63 #ifndef SELECTION_FILE_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
64 #define SELECTION_FILE_NAME L"currently_selected.txt"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
65 #endif
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
66
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
67 /**@def The maximum time to wait for the NSS Process */
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
68 #define PROCESS_TIMEOUT 30000
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
69
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
70 /**@def The registry key to look for user profile directories */
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
71 #define PROFILE_LIST L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
72
824
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
73 /** @brief get a restricted access token to execute nss process
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
74 *
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
75 * This function uses the Software Restriction API to obtain the
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
76 * access token for a process run als normal user.
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
77 *
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
78 * @returns A restricted handle or NULL on error.
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
79 */
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
80 static HANDLE
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
81 get_restricted_token()
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
82 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
83 SAFER_LEVEL_HANDLE user_level = NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
84 HANDLE retval = NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
85 if (!SaferCreateLevel(SAFER_SCOPEID_USER,
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
86 SAFER_LEVELID_NORMALUSER,
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
87 SAFER_LEVEL_OPEN, &user_level, NULL))
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
88 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
89 PRINTLASTERROR ("Failed to create user level.\n");
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
90 return NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
91 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
92
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
93 if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL))
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
94 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
95 SaferCloseLevel(user_level);
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
96 return NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
97 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
98
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
99 return retval;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
100 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
101
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
102 /**@brief Write strv of instructions to a handle
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
103 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
104 * Writes the null terminated list of instructions to
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
105 * the handle.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
106 *
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
107 * @param [in] certificates base64 encoded der certificate to write
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
108 * @param [in] write_handle handle to write to
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
109 * @param [in] remove weather the certificate should be installed or removed
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
110 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
111 * @returns true on success, false on failure
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
112 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
113 static bool
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
114 write_instructions(char **certificates, HANDLE write_handle,
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
115 bool remove)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
116 {
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
117 bool retval = false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
118 int i = 0;
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
119 const char *line_end = "\r\n";
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
120 char *line_start = NULL;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
121
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
122 if (!certificates)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
123 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
124 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
125 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
126
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
127 line_start = remove ? "R:" : "I:";
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
128
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
129 for (i = 0; certificates[i]; i++)
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
130 {
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
131 DWORD written = 0;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
132 DWORD inst_len = strlen (certificates[i]);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
133 retval = WriteFile (write_handle, (LPCVOID) line_start, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
134 if (!retval)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
135 {
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
136 PRINTLASTERROR ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
137 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
138 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
139 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
140 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
141 ERRORPRINTF ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
142 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
143 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
144 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
145 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
146 retval = WriteFile (write_handle, (LPCVOID) certificates[i], inst_len, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
147 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
148 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
149 PRINTLASTERROR ("Failed to write certificate\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
150 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
151 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
152 if (inst_len != written)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
153 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
154 ERRORPRINTF ("Failed to write everything\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
155 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
156 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
157 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
158 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
159 retval = WriteFile (write_handle, (LPCVOID) line_end, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
160 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
161 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
162 PRINTLASTERROR ("Failed to write line end\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
163 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
164 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
165 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
166 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
167 ERRORPRINTF ("Failed to write full line end\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
168 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
169 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
170 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
171 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
172 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
173 }
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
174 /**@brief Get the path to all users default registry hive
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
175 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
176 * Enumerates the keys in #PROFILE_LIST and retuns a
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
177 * strv array with the utf-8 encoded paths to their suggested
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
178 * registry hive location.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
179 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
180 * Users with an SID not starting with S-1-5-21- are ignored
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
181 * as is the current user.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
182 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
183 * Use strv_free to free that array.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
184 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
185 * @returns a newly allocated strv of the paths to the registry hives or NULL
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
186 */
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
187 static char**
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
188 locate_other_hives()
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
189 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
190 HKEY profile_list = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
191 int ret = 0;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
192 DWORD index = 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
193 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
194 /* According to
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
195 http://msdn.microsoft.com/en-us/library/windows/desktop/ms724872%28v=vs.85%29.aspx
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
196 a registry key is limited to 255 characters. But according to
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
197 http://www.sepago.de/e/holger/2010/07/20/how-long-can-a-registry-key-name-really-be
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
198 the actual limit is 256 + \0 thus we create a buffer for 257 wchar_t's*/
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
199 wchar_t key_name[257],
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
200 *current_user_sid = NULL;
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
201 char **retval = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
202 bool error = true;
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
203 PSID current_user = NULL;
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
204
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
205 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE, PROFILE_LIST, 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
206 KEY_READ, &profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
207 if (ret != ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
208 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
209 ERRORPRINTF ("Failed to open profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
210 return NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
211 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
212
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
213 /* Obtain the current user sid to prevent it from being returned. */
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
214 current_user = get_process_owner (GetCurrentProcess());
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
215
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
216 if (!current_user)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
217 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
218 ERRORPRINTF ("Failed to get the current user.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
219 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
220 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
221
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
222 if (!ConvertSidToStringSidW (current_user, &current_user_sid))
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
223 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
224 PRINTLASTERROR ("Failed to convert sid to string.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
225 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
226 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
227
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
228 while ((ret = RegEnumKeyExW (profile_list, index++,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
229 key_name, &key_len,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
230 NULL, NULL, NULL, NULL)) == ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
231 {
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
232 char *profile_path = NULL;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
233 wchar_t *key_path = NULL;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
234 size_t key_path_len = 0,
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
235 profile_path_len = 0;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
236
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
237 if (key_len == 257)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
238 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
239 ERRORPRINTF ("Registry key too long.");
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
240 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
241 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
242
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
243 /* Reset key_len to buffer size */
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
244 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
245
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
246 if (wcsncmp (L"S-1-5-21-", key_name, 9) != 0 ||
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
247 wcscmp (current_user_sid, key_name) == 0)
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
248 {
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
249 /* S-1-5-21 is the well known prefix for local users. Skip all
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
250 others and the current user*/
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
251 continue;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
252 }
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
253
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
254 key_path_len = key_len + wcslen(PROFILE_LIST L"\\") + 1;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
255 key_path = xmalloc (key_path_len * sizeof (wchar_t));
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
256
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
257 wcscpy_s (key_path, key_path_len, PROFILE_LIST L"\\");
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
258 wcscat_s (key_path, key_path_len, key_name);
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
259 key_path[key_len - 1] = '\0';
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
260
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
261 DEBUGPRINTF ("Key : %S", key_name);
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
262 profile_path = read_registry_string (HKEY_LOCAL_MACHINE,
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
263 key_path, L"ProfileImagePath");
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
264 xfree (key_path);
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
265
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
266 if (profile_path == NULL)
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
267 {
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
268 ERRORPRINTF ("Failed to get profile path.");
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
269 continue;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
270 }
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
271 profile_path_len = strlen (profile_path);
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
272 str_append_str (&profile_path, &profile_path_len, "\\ntuser.dat", 11);
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
273
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
274 strv_append (&retval, profile_path, profile_path_len);
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
275 DEBUGPRINTF ("Trying to access registry hive: %s", profile_path);
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
276
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
277 xfree (profile_path);
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
278 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
279
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
280 if (ret != ERROR_NO_MORE_ITEMS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
281 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
282 ERRORPRINTF ("Failed to enumeratre profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
283 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
284 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
285
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
286 error = false;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
287
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
288 done:
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
289 xfree (current_user);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
290
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
291 RegCloseKey (profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
292
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
293 if (current_user_sid)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
294 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
295 LocalFree (current_user_sid);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
296 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
297
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
298 if (error)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
299 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
300 strv_free (retval);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
301 retval = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
302 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
303
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
304 return retval;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
305 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
306
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
307 /** @brief Build the command line for the NSS installation process
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
308 *
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
309 * Caller has to free the return value
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
310 *
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
311 * @param [in] selection_file the certificates to install
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
312 *
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
313 * @returns the command line to install the certificates. */
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
314 static wchar_t*
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
315 get_command_line(wchar_t *selection_file)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
316 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
317 LPWSTR retval;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
318 char *install_dir = get_install_dir();
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
319 wchar_t *w_inst_dir;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
320 size_t cmd_line_len = 0;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
321
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
322 if (install_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
323 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
324 ERRORPRINTF ("Failed to get installation directory");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
325 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
326 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
327
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
328 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
329 xfree (install_dir);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
330
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
331 if (w_inst_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
332 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
333 ERRORPRINTF ("Failed to convert installation directory");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
334 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
335 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
336
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
337 /* installdir + dirsep + quotes + process name + space + quotes + selection_file
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
338 + NULL */
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
339 cmd_line_len = wcslen (w_inst_dir) + 1 + 2 + wcslen (NSS_APP_NAME) +
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
340 + 1 + 2 + wcslen(selection_file) + 1;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
341 retval = xmalloc (cmd_line_len * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
342
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
343 wcscpy_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
344 wcscat_s (retval, cmd_line_len, w_inst_dir);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
345 wcscat_s (retval, cmd_line_len, L"\\");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
346 wcscat_s (retval, cmd_line_len, NSS_APP_NAME);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
347 wcscat_s (retval, cmd_line_len, L"\" \"");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
348 wcscat_s (retval, cmd_line_len, selection_file);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
349 wcscat_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
350
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
351 return retval;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
352 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
353
676
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
354 /** @brief Increase the privileges of the current token to allow registry access
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
355 *
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
356 * To load another users registry you need SE_BACKUP_NAME and SE_RESTORE_NAME
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
357 * privileges. Normally if we are running elevated we can obtain them.
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
358 *
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
359 * @returns true if the privileges could be obtained. False otherwise
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
360 */
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
361 static bool
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
362 get_backup_restore_priv()
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
363 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
364 HANDLE hToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
365 PTOKEN_PRIVILEGES psToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
366 DWORD token_size = 0,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
367 dwI = 0,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
368 token_size_new = 0,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
369 privilege_size = 128;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
370 char privilege_name[128];
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
371 bool retval = false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
372 bool backup_found = false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
373 bool restore_found = false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
374
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
375
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
376 if (!OpenProcessToken (GetCurrentProcess(),
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
377 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
378 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
379 PRINTLASTERROR ("Failed to get process token.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
380 return false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
381 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
382
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
383 /* Get the size for the token */
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
384 GetTokenInformation (hToken, TokenPrivileges, NULL, 0, &token_size);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
385 if (token_size == 0)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
386 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
387 PRINTLASTERROR ("Failed to get token size.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
388 goto done;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
389 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
390
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
391 psToken = xmalloc(token_size);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
392
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
393 if (!GetTokenInformation (hToken, TokenPrivileges, psToken, token_size, &token_size_new))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
394 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
395 PRINTLASTERROR ("Failed to get token information.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
396 goto done;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
397 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
398
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
399 if (token_size != token_size_new)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
400 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
401 ERRORPRINTF ("Size changed.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
402 goto done;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
403 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
404
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
405 for(dwI = 0; dwI < psToken->PrivilegeCount; dwI++)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
406 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
407 privilege_size = sizeof (privilege_name);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
408 if (!LookupPrivilegeNameA (NULL, &psToken->Privileges[dwI].Luid,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
409 privilege_name, &privilege_size))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
410 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
411 PRINTLASTERROR ("Failed to lookup privilege name");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
412 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
413
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
414 if(strcmp(privilege_name, "SeRestorePrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
415 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
416 psToken->Privileges[dwI].Attributes |= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
417 restore_found = true;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
418 continue;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
419 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
420 if(strcmp(privilege_name, "SeBackupPrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
421 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
422 psToken->Privileges[dwI].Attributes |= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
423 backup_found = true;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
424 continue;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
425 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
426 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
427 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
428 break;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
429 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
430 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
431
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
432 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
433 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
434 if(!AdjustTokenPrivileges (hToken, 0, psToken, token_size, NULL, NULL))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
435 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
436 PRINTLASTERROR ("Failed to adjust token privileges.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
437 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
438 else
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
439 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
440 retval = true;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
441 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
442 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
443
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
444 done:
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
445 if (hToken != NULL)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
446 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
447 CloseHandle(hToken);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
448 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
449 xfree(psToken);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
450 return retval;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
451 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
452
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
453 /**@brief Register NSS process as runOnce for other users
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
454 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
455 * Loads the registry hives of other users on the system and
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
456 * adds a RunOnce registry key to start the NSS process to
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
457 * install the current selection on their next login.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
458 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
459 * This should avoid conflicts with their firefox / thunderbird
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
460 * while making the certificates available for their applications.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
461 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
462 * This function needs SE_BACKUP_NAME and SE_RESTORE_NAME
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
463 * privileges.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
464 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
465 * @param [in] selection_file filename of the file containing
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
466 * the users install / remove selection.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
467 */
676
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
468 static void
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
469 register_proccesses_for_others (wchar_t *selection_file)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
470 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
471 char **hives = locate_other_hives();
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
472 int i = 0;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
473 wchar_t *run_command = NULL;
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
474
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
475 if (hives == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
476 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
477 DEBUGPRINTF ("No hives found.");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
478 return;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
479 }
676
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
480
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
481 if (!get_backup_restore_priv())
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
482 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
483 ERRORPRINTF ("Failed to obtain backup / restore privileges.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
484 return;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
485 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
486
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
487 run_command = get_command_line (selection_file);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
488 for (i = 0; hives[i] != NULL; i++)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
489 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
490 LONG ret = 0;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
491 wchar_t *hivepath = utf8_to_wchar (hives[i], strlen(hives[i]));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
492 HKEY key_handle = NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
493
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
494 if (hivepath == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
495 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
496 ERRORPRINTF ("Failed to read hive path");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
497 continue;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
498 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
499 ret = RegLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive", hivepath);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
500
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
501 xfree (hivepath);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
502 hivepath = NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
503
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
504 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
505 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
506 /* This is somewhat expected if the registry is not located
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
507 in the standard location. Failure is accepted in that case. */
677
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
508 SetLastError((DWORD)ret);
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
509 PRINTLASTERROR ("Failed to load hive.");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
510 continue;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
511 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
512
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
513 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE,
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
514 APPNAME L"_tmphive\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
515 0,
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
516 KEY_WRITE,
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
517 &key_handle);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
518
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
519 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
520 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
521 ERRORPRINTF ("Failed to find RunOnce key in other registry.");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
522 RegUnLoadKey (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
523 continue;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
524 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
525
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
526 ret = RegSetValueExW (key_handle, APPNAME, 0, REG_SZ, (LPBYTE) run_command,
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
527 (wcslen(run_command) + 1) * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
528
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
529 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
530 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
531 ERRORPRINTF ("Failed to write RunOnce key.");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
532 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
533
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
534 RegCloseKey (key_handle);
677
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
535 ret = RegUnLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
536 if (ret != ERROR_SUCCESS)
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
537 {
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
538 SetLastError ((DWORD)ret);
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
539 PRINTLASTERROR ("Failed to unload hive.");
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
540 }
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
541 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
542
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
543 xfree (run_command);
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
544 strv_free (hives);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
545 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
546
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
547 /**@brief Start the process to install / remove
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
548 *
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
549 * Starts the NSS installation process for the current user
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
550 *
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
551 * @param [in] selection_file filename of the file containing
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
552 * the users install / remove selection.
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
553 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
554 * @returns true on success, false on error.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
555 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
556 static bool
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
557 start_procces_for_user (wchar_t *selection_file)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
558 {
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
559 HANDLE hToken = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
560 LPWSTR lpApplicationPath = NULL,
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
561 lpCommandLine = NULL;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
562 PROCESS_INFORMATION piProcInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
563 STARTUPINFOW siStartInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
564 BOOL success = FALSE;
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
565 char *install_dir = get_install_dir();
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
566 wchar_t *w_inst_dir;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
567 size_t w_path_len = 0;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
568
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
569 if (!selection_file)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
570 {
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
571 ERRORPRINTF ("Invalid call\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
572 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
573 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
574
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
575 /* Set up the application path. It's installdir + NSS_APP_NAME */
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
576 if (install_dir == NULL)
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
577 {
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
578 ERRORPRINTF ("Failed to get installation directory");
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
579 return FALSE;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
580 }
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
581
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
582 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
583 xfree (install_dir);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
584 install_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
585
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
586 w_path_len = wcslen(w_inst_dir) + wcslen(L"\\" NSS_APP_NAME) + 1;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
587 lpApplicationPath = xmalloc(w_path_len * sizeof (wchar_t));
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
588 wcscpy_s (lpApplicationPath, w_path_len, w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
589 xfree (w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
590 w_inst_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
591 wcscat_s (lpApplicationPath, w_path_len, L"\\" NSS_APP_NAME);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
592
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
593 /* set up handles. stdin and stdout go to the same stdout*/
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
594 siStartInfo.cb = sizeof (STARTUPINFO);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
595
824
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
596 if (is_elevated())
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
597 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
598 /* Start the child process as normal user */
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
599 hToken = get_restricted_token ();
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
600 if (hToken == NULL)
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
601 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
602 ERRORPRINTF ("Failed to get user level token.");
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
603 return false;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
604 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
605 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
606 else if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
607 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
608 PRINTLASTERROR("Failed to get current handle.");
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
609 xfree (lpApplicationPath);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
610 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
611 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
612
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
613 lpCommandLine = get_command_line (selection_file);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
614
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
615 if (lpCommandLine == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
616 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
617 ERRORPRINTF ("Failed to build command line.");
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
618 xfree (lpApplicationPath);
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
619 return false;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
620 }
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
621
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
622 DEBUGPRINTF ("Starting %S with command line %S\n", lpApplicationPath, lpCommandLine);
392
8090a1bc1b5b Add a space in the command line
Andre Heinecke <andre.heinecke@intevation.de>
parents: 391
diff changeset
623
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
624 success = CreateProcessAsUserW (hToken,
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
625 lpApplicationPath,
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
626 lpCommandLine, /* Commandline */
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
627 NULL, /* Process attributes. Take hToken */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
628 NULL, /* Thread attribues. Take hToken */
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
629 FALSE, /* Inherit Handles */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
630 0, /* Creation flags. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
631 NULL, /* Inherit environment */
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
632 NULL, /* Current working directory */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
633 &siStartInfo,
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
634 &piProcInfo);
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
635 xfree (lpApplicationPath);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
636 xfree (lpCommandLine);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
637 if (!success)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
638 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
639 PRINTLASTERROR ("Failed to create process.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
640 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
641 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
642
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
643 if (WaitForSingleObject (piProcInfo.hProcess, PROCESS_TIMEOUT) != WAIT_OBJECT_0)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
644 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
645 /* Should not happen... */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
646 ERRORPRINTF ("Failed to wait for process.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
647 if (piProcInfo.hProcess)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
648 CloseHandle (piProcInfo.hProcess);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
649 if (piProcInfo.hThread)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
650 CloseHandle (piProcInfo.hThread);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
651 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
652 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
653 if (piProcInfo.hProcess)
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
654 CloseHandle (piProcInfo.hProcess);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
655 if (piProcInfo.hThread)
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
656 CloseHandle (piProcInfo.hThread);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
657 return true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
658 }
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
659
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
660 /**@brief Create a directory with restricted access rights
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
661 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
662 * This creates a security attributes structure that restricts
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
663 * write access to the Administrators group but allows everyone to read files
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
664 * in that directory.
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
665 * Basically a very complicated version of mkdir path -m 644
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
666 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
667 * If the directory exists the permissions of that directory are checked if
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
668 * they are acceptable and true or false is returned accordingly.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
669 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
670 * Code based on msdn example:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
671 * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
672 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
673 * @param[in] path Path of the directory to create
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
674 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
675 * @returns true on success of if the directory exists, false on error
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
676 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
677 bool
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
678 create_restricted_directory (LPWSTR path)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
679 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
680 bool retval = false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
681 PSID everyone_SID = NULL,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
682 admin_SID = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
683 PACL access_control_list = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
684 PSECURITY_DESCRIPTOR descriptor = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
685 EXPLICIT_ACCESS explicit_access[2];
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
686 SID_IDENTIFIER_AUTHORITY world_identifier = {SECURITY_WORLD_SID_AUTHORITY},
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
687 admin_identifier = {SECURITY_NT_AUTHORITY};
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
688 SECURITY_ATTRIBUTES security_attributes;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
689
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
690 ZeroMemory(&security_attributes, sizeof(security_attributes));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
691 ZeroMemory(&explicit_access, 2 * sizeof(EXPLICIT_ACCESS));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
692
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
693 /* Create a well-known SID for the Everyone group. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
694 if(!AllocateAndInitializeSid(&world_identifier, /* top-level identifier */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
695 1, /* subauthorties count */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
696 SECURITY_WORLD_RID, /* Only one authority */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
697 0, 0, 0, 0, 0, 0, 0, /* No other authorities*/
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
698 &everyone_SID))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
699 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
700 PRINTLASTERROR ("Failed to allocate world sid.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
701 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
702 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
703
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
704 /* Initialize the first EXPLICIT_ACCESS structure for an ACE.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
705 to allow everyone read access */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
706 explicit_access[0].grfAccessPermissions = GENERIC_READ; /* Give read access */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
707 explicit_access[0].grfAccessMode = SET_ACCESS; /* Overwrite other access for all users */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
708 explicit_access[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; /* make it stick */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
709 explicit_access[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
710 explicit_access[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
711 explicit_access[0].Trustee.ptstrName = (LPTSTR) everyone_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
712
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
713 /* Create the SID for the BUILTIN\Administrators group. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
714 if(!AllocateAndInitializeSid(&admin_identifier,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
715 2,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
716 SECURITY_BUILTIN_DOMAIN_RID, /*BUILTIN\ */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
717 DOMAIN_ALIAS_RID_ADMINS, /*\Administrators */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
718 0, 0, 0, 0, 0, 0, /* No other */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
719 &admin_SID))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
720 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
721 PRINTLASTERROR ("Failed to allocate admin sid.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
722 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
723 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
724
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
725 /* explicit_access[1] grants admins full rights for this object and inherits
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
726 it to the children */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
727 explicit_access[1].grfAccessPermissions = GENERIC_ALL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
728 explicit_access[1].grfAccessMode = SET_ACCESS;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
729 explicit_access[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
730 explicit_access[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
731 explicit_access[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
732 explicit_access[1].Trustee.ptstrName = (LPTSTR) admin_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
733
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
734 /* Set up the ACL structure. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
735 if (ERROR_SUCCESS != SetEntriesInAcl(2, explicit_access, NULL, &access_control_list))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
736 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
737 PRINTLASTERROR ("Failed to set up Acl.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
738 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
739 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
740
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
741 /* Initialize a security descriptor */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
742 descriptor = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
743 SECURITY_DESCRIPTOR_MIN_LENGTH);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
744 if (descriptor == NULL)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
745 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
746 PRINTLASTERROR("Failed to allocate descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
747 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
748 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
749
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
750 if (!InitializeSecurityDescriptor(descriptor,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
751 SECURITY_DESCRIPTOR_REVISION))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
752 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
753 PRINTLASTERROR("Failed to initialize descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
754 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
755 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
756
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
757 /* Now we add the ACL to the the descriptor */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
758 if (!SetSecurityDescriptorDacl(descriptor,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
759 TRUE, /* bDaclPresent flag */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
760 access_control_list,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
761 FALSE)) /* not a default DACL */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
762 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
763 PRINTLASTERROR("Failed to set security descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
764 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
765 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
766
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
767 /* Finally set up the security attributes structure */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
768 security_attributes.nLength = sizeof (SECURITY_ATTRIBUTES);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
769 security_attributes.lpSecurityDescriptor = descriptor;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
770 security_attributes.bInheritHandle = FALSE;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
771
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
772 /* Use the security attributes to create the directory */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
773 if (!CreateDirectoryW(path, &security_attributes))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
774 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
775 DWORD err = GetLastError();
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
776 if (err == ERROR_ALREADY_EXISTS)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
777 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
778 /* Verify that the directory has the correct rights */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
779 // TODO
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
780 retval = true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
781 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
782 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
783 ERRORPRINTF ("Failed to create directory. Err: %lu", err);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
784 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
785 retval = true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
786
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
787 done:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
788
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
789 if (everyone_SID)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
790 FreeSid(everyone_SID);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
791 if (admin_SID)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
792 FreeSid(admin_SID);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
793 if (access_control_list)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
794 LocalFree(access_control_list);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
795 if (descriptor)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
796 LocalFree(descriptor);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
797
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
798 return retval;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
799 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
800
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
801 /**@brief Writes the selection file containing the instructions
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
802 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
803 * If the process is running elevated the instructions are
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
804 * written to the global ProgramData directory otherwise
826
4aa33c408776 Remove TODO windows gracefully handles the case where the data directory is not accessible.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 825
diff changeset
805 * they are written in the directory of the current user.
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
806 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
807 * If the return value is not NULL it needs to be freed by the caller.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
808 * The returned path will contain backslashes as directory seperators.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
809 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
810 * @param[in] to_install Certificates that should be installed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
811 * @param[in] to_remove Certificates that should be removed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
812 * @returns pointer to the absolute filename of the selection file or NULL
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
813 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
814 wchar_t *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
815 write_selection_file (char **to_install, char **to_remove)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
816 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
817 wchar_t *folder_name = NULL,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
818 *path = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
819 HRESULT result = E_FAIL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
820 HANDLE hFile = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
821 size_t path_len;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
822
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
823 result = SHGetKnownFolderPath (&FOLDERID_ProgramData, /* Get program data dir */
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
824 KF_FLAG_CREATE | /* Create if it does not exist */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
825 KF_FLAG_INIT, /* Initialize it if created */
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
826 INVALID_HANDLE_VALUE, /* Get it for the default user */
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
827 &folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
828
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
829 if (result != S_OK)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
830 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
831 PRINTLASTERROR ("Failed to get folder path");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
832 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
833 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
834
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
835 path_len = wcslen (folder_name) + wcslen (APPNAME) + 2; /* path + dirsep + \0 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
836 path_len += wcslen (SELECTION_FILE_NAME) + 1; /* filename + dirsep */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
837
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
838 if (path_len >= MAX_PATH)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
839 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
840 /* We could go and use the full 32,767 characters but this
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
841 should be a very weird setup if this is neccessary. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
842 ERRORPRINTF ("Path too long.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
843 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
844 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
845
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
846 path = xmalloc (path_len * sizeof (wchar_t));
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
847 if (wcscpy_s (path, path_len, folder_name) != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
848 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
849 ERRORPRINTF ("Failed to copy folder name.\n");
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
850
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
851 CoTaskMemFree (folder_name);
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
852
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
853 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
854 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
855
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
856 CoTaskMemFree (folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
857
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
858 if (wcscat_s (path, path_len, L"\\") != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
859 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
860 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
861 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
862 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
863 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
864
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
865 if (wcscat_s (path, path_len, APPNAME) != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
866 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
867 ERRORPRINTF ("Failed to cat appname.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
868 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
869 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
870 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
871
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
872 /* Security: if someone has created this directory before
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
873 it might be a symlink to another place that a users
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
874 wants us to grant read access to or makes us overwrite
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
875 something */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
876 if(!create_restricted_directory (path))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
877 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
878 ERRORPRINTF ("Failed to create directory\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
879 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
880 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
881 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
882
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
883 if (wcscat_s (path, path_len, L"\\") != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
884 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
885 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
886 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
887 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
888 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
889
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
890 if (wcscat_s (path, path_len, SELECTION_FILE_NAME) != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
891 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
892 ERRORPRINTF ("Failed to cat filename.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
893 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
894 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
895 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
896
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
897 hFile = CreateFileW(path,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
898 GENERIC_WRITE,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
899 0, /* don't share */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
900 NULL, /* use the security attributes from the folder */
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
901 OPEN_ALWAYS | TRUNCATE_EXISTING,
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
902 0,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
903 NULL);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
904
502
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
905 if (hFile == INVALID_HANDLE_VALUE && GetLastError() == ERROR_FILE_NOT_FOUND)
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
906 {
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
907 hFile = CreateFileW(path,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
908 GENERIC_WRITE,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
909 0, /* don't share */
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
910 NULL, /* use the security attributes from the folder */
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
911 CREATE_NEW,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
912 0,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
913 NULL);
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
914 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
915 if (hFile == INVALID_HANDLE_VALUE)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
916 {
502
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
917 PRINTLASTERROR ("Failed to create file\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
918 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
919 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
920 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
921 if (!write_instructions (to_install, hFile, false))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
922 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
923 ERRORPRINTF ("Failed to write install instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
924 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
925 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
926 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
927 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
928 if (!write_instructions (to_remove, hFile, true))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
929 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
930 ERRORPRINTF ("Failed to write remove instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
931 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
932 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
933 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
934 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
935 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
936
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
937 return path;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
938 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
939
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
940 int
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
941 write_stores_nss (char **to_install, char **to_remove)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
942 {
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
943 wchar_t *selection_file_name = NULL;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
944
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
945 selection_file_name = write_selection_file (to_install, to_remove);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
946 if (!selection_file_name)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
947 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
948 ERRORPRINTF ("Failed to write instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
949 return -1;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
950 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
951
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
952 DEBUGPRINTF ("Wrote selection file. Loc: %S\n", selection_file_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
953
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
954 if (is_elevated())
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
955 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
956 register_proccesses_for_others (selection_file_name);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
957 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
958
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
959 if (!start_procces_for_user (selection_file_name))
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
960 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
961 ERRORPRINTF ("Failed to run NSS installation process.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
962 xfree(selection_file_name);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
963 return -1;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
964 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
965 xfree(selection_file_name);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
966 return 0;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
967 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
968
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
969 #endif

http://wald.intevation.org/projects/trustbridge/