annotate cinst/nssstore_win.c @ 975:b3695a3399de

(issue86) Install into default directories on Linux If the mozilla process is now started as root it will try to write into the default directories for NSS Shared and mozilla / thunderbird profiles. Cinst will now start the mozilla process once as root.
author Andre Heinecke <andre.heinecke@intevation.de>
date Fri, 29 Aug 2014 12:59:44 +0200
parents 698b6a9bd75e
children 427e2e18b8c8
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 392
diff changeset
7 */
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #ifdef WIN32
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
10 /* @file
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
11 @brief Windows implementation of nssstore process control.
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
12
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
13 The windows process will write an instructions file for
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
14 the mozilla process into the current users temp directory
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
15 (%APPDATA%/Local/Temp/) and start the NSS installation process to
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
16 exectute those instructions. If the current process is elevated
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
17 the NSS process is run with a restricted token.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
18 The execution of the mozilla process is not monitored.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
19 You have to refer to the system log to check which certificates were
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
20 installed / removed by it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
21
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
22 If the installation process is running elevated it
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
23 will create the file in the ProgramData directory in
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
24 a subdirectory with the defined application name.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
25 %PROGRAMDATA%/$APPLICATION_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
26 with the file name:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
27 current_selection.txt
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
28 The folder will have restricted permissions so
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
29 that only Administrators are allowed to access it.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
30
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
31 Additionally if this process is Elevated it also starts the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
32 NSS installation process in default profile mode once to change
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
33 the default NSS certificate databases for new profiles.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
34
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
35 The process then adds a new RunOnce registry key
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
36 for each user on the system that executes the NSS installation
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
37 process on login to make sure it is launched once in the
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
38 security context of that user.
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
39 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
40
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
41 #include <windows.h>
824
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
42 #include <winsafer.h>
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
43 #include <sddl.h>
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
44 #include <stdio.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
45 #include <stdbool.h>
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
46 #include <userenv.h>
329
b1059360a0c7 Debugprintf with output debug string on windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 324
diff changeset
47 #include <io.h>
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
48 #include <accctrl.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
49 #include <aclapi.h>
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
50 #include <shlobj.h>
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
51
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
52 #include "logging.h"
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
53 #include "util.h"
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
54 #include "strhelp.h"
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
55
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
56 #ifndef APPNAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
57 #define APPNAME L"cinst"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
58 #endif
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
59
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
60 /**@def The name of the nss installation process */
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
61 #define NSS_APP_NAME L"mozilla.exe"
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
62
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
63 #ifndef SELECTION_FILE_NAME
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
64 #define SELECTION_FILE_NAME L"currently_selected.txt"
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
65 #endif
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
66
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
67 /**@def The maximum time to wait for the NSS Process */
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
68 #define PROCESS_TIMEOUT 30000
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
69
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
70 /**@def The registry key to look for user profile directories */
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
71 #define PROFILE_LIST L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
72 #define RUNONCE_PATH L"Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
73
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
74 struct profile_key_path
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
75 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
76 char *sid;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
77 char *hive_path;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
78 struct profile_key_path *next;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
79 };
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
80
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
81 /**
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
82 * @brief combination of sid and hive path
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
83 */
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
84 typedef struct profile_key_path pkp_t;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
85
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
86 static void
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
87 pkp_t_free (pkp_t *item)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
88 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
89 if (!item)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
90 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
91 return;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
92 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
93 xfree (item->sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
94 xfree (item->hive_path);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
95 if (item->next)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
96 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
97 pkp_t_free (item->next);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
98 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
99 xfree (item);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
100 }
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
101
824
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
102 /** @brief get a restricted access token to execute nss process
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
103 *
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
104 * This function uses the Software Restriction API to obtain the
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
105 * access token for a process run als normal user.
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
106 *
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
107 * @returns A restricted handle or NULL on error.
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
108 */
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
109 static HANDLE
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
110 get_restricted_token()
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
111 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
112 SAFER_LEVEL_HANDLE user_level = NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
113 HANDLE retval = NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
114 if (!SaferCreateLevel(SAFER_SCOPEID_USER,
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
115 SAFER_LEVELID_NORMALUSER,
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
116 SAFER_LEVEL_OPEN, &user_level, NULL))
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
117 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
118 PRINTLASTERROR ("Failed to create user level.\n");
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
119 return NULL;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
120 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
121
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
122 if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL))
824
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
123 {
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
124 SaferCloseLevel(user_level);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
125 return NULL;
824
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
126 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
127
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
128 return retval;
824
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
129 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
130
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
131 /**@brief Write strv of instructions to a handle
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
132 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
133 * Writes the null terminated list of instructions to
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
134 * the handle.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
135 *
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
136 * @param [in] certificates base64 encoded der certificate to write
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
137 * @param [in] write_handle handle to write to
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
138 * @param [in] remove weather the certificate should be installed or removed
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
139 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
140 * @returns true on success, false on failure
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
141 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
142 static bool
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
143 write_instructions(char **certificates, HANDLE write_handle,
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
144 bool remove)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
145 {
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
146 bool retval = false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
147 int i = 0;
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
148 const char *line_end = "\r\n";
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
149 char *line_start = NULL;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
150
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
151 if (!certificates)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
152 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
153 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
154 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
155
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
156 line_start = remove ? "R:" : "I:";
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
157
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
158 for (i = 0; certificates[i]; i++)
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
159 {
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
160 DWORD written = 0;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
161 DWORD inst_len = strlen (certificates[i]);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
162 retval = WriteFile (write_handle, (LPCVOID) line_start, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
163 if (!retval)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
164 {
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
165 PRINTLASTERROR ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
166 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
167 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
168 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
169 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
170 ERRORPRINTF ("Failed to write line start\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
171 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
172 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
173 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
174 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
175 retval = WriteFile (write_handle, (LPCVOID) certificates[i], inst_len, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
176 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
177 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
178 PRINTLASTERROR ("Failed to write certificate\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
179 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
180 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
181 if (inst_len != written)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
182 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
183 ERRORPRINTF ("Failed to write everything\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
184 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
185 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
186 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
187 written = 0;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
188 retval = WriteFile (write_handle, (LPCVOID) line_end, 2, &written, NULL);
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
189 if (!retval)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
190 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
191 PRINTLASTERROR ("Failed to write line end\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
192 return false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
193 }
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
194 if (written != 2)
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
195 {
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
196 ERRORPRINTF ("Failed to write full line end\n");
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
197 retval = false;
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
198 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
199 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
200 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
201 return true;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
202 }
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
203 /**@brief Get the path to all users default registry hive
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
204 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
205 * Enumerates the keys in #PROFILE_LIST and retuns a
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
206 * list of their profile path / sid pairs with the utf-8 encoded paths to
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
207 * their suggestedregistry hive location.
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
208 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
209 * Users with an SID not starting with S-1-5-21- are ignored
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
210 * as is the current user.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
211 *
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
212 * The return value should be freed with pkp_t_free
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
213 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
214 * @returns a newly allocated strv of the paths to the registry hives or NULL
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
215 */
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
216 static pkp_t*
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
217 locate_other_hives()
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
218 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
219 HKEY profile_list = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
220 int ret = 0;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
221 DWORD index = 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
222 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
223 /* According to
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
224 http://msdn.microsoft.com/en-us/library/windows/desktop/ms724872%28v=vs.85%29.aspx
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
225 a registry key is limited to 255 characters. But according to
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
226 http://www.sepago.de/e/holger/2010/07/20/how-long-can-a-registry-key-name-really-be
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
227 the actual limit is 256 + \0 thus we create a buffer for 257 wchar_t's*/
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
228 wchar_t key_name[257],
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
229 *current_user_sid = NULL;
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
230 pkp_t *retval = NULL,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
231 *cur_item = NULL;
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
232 bool error = true;
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
233 PSID current_user = NULL;
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
234
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
235 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE, PROFILE_LIST, 0,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
236 KEY_READ, &profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
237 if (ret != ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
238 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
239 ERRORPRINTF ("Failed to open profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
240 return NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
241 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
242
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
243 /* Obtain the current user sid to prevent it from being returned. */
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
244 current_user = get_process_owner (GetCurrentProcess());
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
245
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
246 if (!current_user)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
247 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
248 ERRORPRINTF ("Failed to get the current user.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
249 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
250 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
251
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
252 if (!ConvertSidToStringSidW (current_user, &current_user_sid))
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
253 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
254 PRINTLASTERROR ("Failed to convert sid to string.");
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
255 goto done;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
256 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
257
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
258 while ((ret = RegEnumKeyExW (profile_list, index++,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
259 key_name, &key_len,
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
260 NULL, NULL, NULL, NULL)) == ERROR_SUCCESS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
261 {
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
262 char *profile_path = NULL;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
263 wchar_t *key_path = NULL;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
264 size_t key_path_len = 0,
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
265 profile_path_len = 0;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
266
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
267 if (key_len == 257)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
268 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
269 ERRORPRINTF ("Registry key too long.");
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
270 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
271 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
272
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
273 /* Reset key_len to buffer size */
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
274 key_len = 257;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
275
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
276 if (wcsncmp (L"S-1-5-21-", key_name, 9) != 0 ||
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
277 wcscmp (current_user_sid, key_name) == 0)
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
278 {
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
279 /* S-1-5-21 is the well known prefix for local users. Skip all
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
280 others and the current user*/
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
281 continue;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
282 }
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
283
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
284 key_path_len = key_len + wcslen(PROFILE_LIST L"\\") + 1;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
285 key_path = xmalloc (key_path_len * sizeof (wchar_t));
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
286
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
287 wcscpy_s (key_path, key_path_len, PROFILE_LIST L"\\");
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
288 wcscat_s (key_path, key_path_len, key_name);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
289 key_path[key_path_len - 1] = '\0';
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
290
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
291 DEBUGPRINTF ("Key : %S", key_name);
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
292 profile_path = read_registry_string (HKEY_LOCAL_MACHINE,
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
293 key_path, L"ProfileImagePath");
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
294 xfree (key_path);
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
295
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
296 if (profile_path == NULL)
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
297 {
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
298 ERRORPRINTF ("Failed to get profile path.");
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
299 continue;
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
300 }
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
301 profile_path_len = strlen (profile_path);
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
302 str_append_str (&profile_path, &profile_path_len, "\\ntuser.dat", 11);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
303 if (retval == NULL)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
304 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
305 retval = xmalloc (sizeof (pkp_t));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
306 cur_item = retval;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
307 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
308 else
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
309 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
310 cur_item->next = xmalloc (sizeof(pkp_t));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
311 cur_item = cur_item->next;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
312 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
313 cur_item->hive_path = profile_path;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
314 cur_item->sid = wchar_to_utf8 (key_name, wcslen(key_name));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
315 cur_item->next = NULL;
674
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
316
f1795a232418 Implement reading registry entries for other users.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
317 DEBUGPRINTF ("Trying to access registry hive: %s", profile_path);
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
318 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
319
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
320 if (ret != ERROR_NO_MORE_ITEMS)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
321 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
322 ERRORPRINTF ("Failed to enumeratre profile list. Error: %i", ret);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
323 goto done;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
324 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
325
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
326 error = false;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
327
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
328 done:
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
329 xfree (current_user);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
330
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
331 RegCloseKey (profile_list);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
332
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
333 if (current_user_sid)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
334 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
335 LocalFree (current_user_sid);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
336 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 668
diff changeset
337
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
338 if (error)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
339 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
340 pkp_t_free (retval);
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
341 retval = NULL;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
342 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
343
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
344 return retval;
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
345 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
346
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
347 /** @brief Build the command line for the NSS installation process
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
348 *
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
349 * Caller has to free the return value
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
350 *
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
351 * @param [in] selection_file the certificates to install
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
352 *
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
353 * @returns the command line to install the certificates. */
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
354 static wchar_t*
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
355 get_command_line(wchar_t *selection_file)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
356 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
357 LPWSTR retval;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
358 char *install_dir = get_install_dir();
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
359 wchar_t *w_inst_dir;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
360 size_t cmd_line_len = 0;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
361
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
362 if (install_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
363 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
364 ERRORPRINTF ("Failed to get installation directory");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
365 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
366 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
367
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
368 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
369 xfree (install_dir);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
370
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
371 if (w_inst_dir == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
372 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
373 ERRORPRINTF ("Failed to convert installation directory");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
374 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
375 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
376
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
377 /* installdir + dirsep + quotes + process name + space + quotes + selection_file
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
378 + NULL */
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
379 cmd_line_len = wcslen (w_inst_dir) + 1 + 2 + wcslen (NSS_APP_NAME) +
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
380 + 1 + 2 + wcslen(selection_file) + 1;
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
381 retval = xmalloc (cmd_line_len * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
382
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
383 wcscpy_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
384 wcscat_s (retval, cmd_line_len, w_inst_dir);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
385 wcscat_s (retval, cmd_line_len, L"\\");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
386 wcscat_s (retval, cmd_line_len, NSS_APP_NAME);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
387 wcscat_s (retval, cmd_line_len, L"\" \"");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
388 wcscat_s (retval, cmd_line_len, selection_file);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
389 wcscat_s (retval, cmd_line_len, L"\"");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
390
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
391 return retval;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
392 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
393
676
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
394 /** @brief Increase the privileges of the current token to allow registry access
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
395 *
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
396 * To load another users registry you need SE_BACKUP_NAME and SE_RESTORE_NAME
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
397 * privileges. Normally if we are running elevated we can obtain them.
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
398 *
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
399 * @returns true if the privileges could be obtained. False otherwise
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
400 */
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
401 static bool
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
402 get_backup_restore_priv()
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
403 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
404 HANDLE hToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
405 PTOKEN_PRIVILEGES psToken = NULL;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
406 DWORD token_size = 0,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
407 dwI = 0,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
408 token_size_new = 0,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
409 privilege_size = 128;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
410 char privilege_name[128];
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
411 bool retval = false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
412 bool backup_found = false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
413 bool restore_found = false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
414
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
415
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
416 if (!OpenProcessToken (GetCurrentProcess(),
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
417 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
418 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
419 PRINTLASTERROR ("Failed to get process token.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
420 return false;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
421 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
422
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
423 /* Get the size for the token */
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
424 GetTokenInformation (hToken, TokenPrivileges, NULL, 0, &token_size);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
425 if (token_size == 0)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
426 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
427 PRINTLASTERROR ("Failed to get token size.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
428 goto done;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
429 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
430
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
431 psToken = xmalloc(token_size);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
432
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
433 if (!GetTokenInformation (hToken, TokenPrivileges, psToken, token_size, &token_size_new))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
434 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
435 PRINTLASTERROR ("Failed to get token information.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
436 goto done;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
437 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
438
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
439 if (token_size != token_size_new)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
440 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
441 ERRORPRINTF ("Size changed.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
442 goto done;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
443 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
444
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
445 for(dwI = 0; dwI < psToken->PrivilegeCount; dwI++)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
446 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
447 privilege_size = sizeof (privilege_name);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
448 if (!LookupPrivilegeNameA (NULL, &psToken->Privileges[dwI].Luid,
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
449 privilege_name, &privilege_size))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
450 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
451 PRINTLASTERROR ("Failed to lookup privilege name");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
452 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
453
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
454 if(strcmp(privilege_name, "SeRestorePrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
455 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
456 psToken->Privileges[dwI].Attributes |= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
457 restore_found = true;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
458 continue;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
459 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
460 if(strcmp(privilege_name, "SeBackupPrivilege") == 0)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
461 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
462 psToken->Privileges[dwI].Attributes |= SE_PRIVILEGE_ENABLED;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
463 backup_found = true;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
464 continue;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
465 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
466 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
467 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
468 break;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
469 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
470 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
471
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
472 if (backup_found && restore_found)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
473 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
474 if(!AdjustTokenPrivileges (hToken, 0, psToken, token_size, NULL, NULL))
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
475 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
476 PRINTLASTERROR ("Failed to adjust token privileges.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
477 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
478 else
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
479 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
480 retval = true;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
481 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
482 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
483
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
484 done:
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
485 if (hToken != NULL)
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
486 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
487 CloseHandle(hToken);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
488 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
489 xfree(psToken);
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
490 return retval;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
491 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
492
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
493 /**@brief Register NSS process as runOnce for other users
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
494 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
495 * Loads the registry hives of other users on the system and
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
496 * adds a RunOnce registry key to start the NSS process to
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
497 * install the current selection on their next login.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
498 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
499 * This should avoid conflicts with their firefox / thunderbird
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
500 * while making the certificates available for their applications.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
501 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
502 * This function needs SE_BACKUP_NAME and SE_RESTORE_NAME
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
503 * privileges.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
504 *
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
505 * @param [in] selection_file filename of the file containing
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
506 * the users install / remove selection.
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
507 */
676
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
508 static void
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
509 register_proccesses_for_others (wchar_t *selection_file)
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
510 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
511 pkp_t *pkplist = locate_other_hives(),
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
512 *cur = NULL;
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
513 wchar_t *run_command = NULL;
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
514
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
515 if (pkplist == NULL)
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
516 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
517 DEBUGPRINTF ("No hives found.");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
518 return;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
519 }
676
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
520
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
521 if (!get_backup_restore_priv())
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
522 {
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
523 ERRORPRINTF ("Failed to obtain backup / restore privileges.");
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
524 return;
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
525 }
cb40af11ec3a Obtain privileges required for registry modification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
526
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
527 run_command = get_command_line (selection_file);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
528 for (cur = pkplist; cur != NULL; cur = cur->next)
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
529 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
530 LONG ret = 0;
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
531 wchar_t *hivepath = utf8_to_wchar (cur->hive_path, strlen(cur->hive_path));
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
532 HKEY key_handle = NULL;
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
533 bool key_loaded = false;
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
534
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
535 if (hivepath == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
536 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
537 ERRORPRINTF ("Failed to read hive path");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
538 continue;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
539 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
540 ret = RegLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive", hivepath);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
541
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
542 xfree (hivepath);
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
543 hivepath = NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
544
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
545 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
546 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
547 /* This is somewhat expected if the registry is not located
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
548 in the standard location or already loaded. Try to access
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
549 the loaded registry in that case*/
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
550 wchar_t *user_key = NULL,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
551 *w_sid = NULL;
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
552 size_t user_key_len = 0;
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
553
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
554 SetLastError((DWORD)ret);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
555 PRINTLASTERROR ("Failed to load hive. Trying to access already loaded hive.");
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
556
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
557 w_sid = utf8_to_wchar (cur->sid, strlen(cur->sid));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
558 if (!w_sid)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
559 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
560 ERRORPRINTF ("Failed to read sid.");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
561 continue;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
562 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
563 user_key_len = wcslen (L"\\" RUNONCE_PATH) + wcslen(w_sid) + 1;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
564 user_key = xmalloc (user_key_len * sizeof (wchar_t));
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
565 wcscpy_s (user_key, user_key_len, w_sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
566 wcscat_s (user_key, user_key_len, L"\\" RUNONCE_PATH);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
567 user_key[user_key_len - 1] = '\0';
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
568 xfree (w_sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
569 w_sid = NULL;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
570
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
571 ret = RegOpenKeyExW (HKEY_USERS,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
572 user_key,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
573 0,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
574 KEY_WRITE,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
575 &key_handle);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
576 xfree (user_key);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
577 if (ret != ERROR_SUCCESS)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
578 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
579 ERRORPRINTF ("Failed to find RunOnce key for sid: %s in HKEY_USERS.", cur->sid);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
580 continue;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
581 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
582 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
583 else
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
584 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
585 key_loaded = true;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
586 ret = RegOpenKeyExW (HKEY_LOCAL_MACHINE,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
587 APPNAME L"_tmphive\\" RUNONCE_PATH,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
588 0,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
589 KEY_WRITE,
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
590 &key_handle);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
591
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
592 if (ret != ERROR_SUCCESS)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
593 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
594 ERRORPRINTF ("Failed to find RunOnce key in other registry.");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
595 RegUnLoadKey (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
596 continue;
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
597 }
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
598
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
599 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
600
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
601 ret = RegSetValueExW (key_handle, APPNAME, 0, REG_SZ, (LPBYTE) run_command,
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
602 (wcslen(run_command) + 1) * sizeof(wchar_t));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
603
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
604 if (ret != ERROR_SUCCESS)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
605 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
606 ERRORPRINTF ("Failed to write RunOnce key.");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
607 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
608
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
609 RegCloseKey (key_handle);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
610 if (key_loaded)
677
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
611 {
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
612 ret = RegUnLoadKeyW (HKEY_LOCAL_MACHINE, APPNAME L"_tmphive");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
613 if (ret != ERROR_SUCCESS)
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
614 {
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
615 SetLastError ((DWORD)ret);
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
616 PRINTLASTERROR ("Failed to unload hive.");
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
617 }
677
85c5aa9aba2b Improve error handling and use unicode function for unload
Andre Heinecke <andre.heinecke@intevation.de>
parents: 676
diff changeset
618 }
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
619 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
620
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
621 xfree (run_command);
856
797aa8d9c785 (issue48) Fallback to HKEY_USERS on hive load failure
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
622 pkp_t_free (pkplist);
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
623 }
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
624
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
625 /**@brief Start the process to install / remove
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
626 *
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
627 * Starts the NSS installation process for the current user
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
628 *
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
629 * @param [in] selection_file filename of the file containing
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
630 * the users install / remove selection.
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
631 *
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
632 * @returns true on success, false on error.
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
633 */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
634 static bool
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
635 start_procces_for_user (wchar_t *selection_file)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
636 {
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
637 HANDLE hToken = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
638 LPWSTR lpApplicationPath = NULL,
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
639 lpCommandLine = NULL;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
640 PROCESS_INFORMATION piProcInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
641 STARTUPINFOW siStartInfo = {0};
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
642 BOOL success = FALSE;
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
643 char *install_dir = get_install_dir();
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
644 wchar_t *w_inst_dir;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
645 size_t w_path_len = 0;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
646
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
647 if (!selection_file)
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
648 {
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
649 ERRORPRINTF ("Invalid call\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
650 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
651 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
652
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
653 /* Set up the application path. It's installdir + NSS_APP_NAME */
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
654 if (install_dir == NULL)
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
655 {
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
656 ERRORPRINTF ("Failed to get installation directory");
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
657 return FALSE;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
658 }
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
659
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
660 w_inst_dir = utf8_to_wchar (install_dir, strlen(install_dir));
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
661 xfree (install_dir);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
662 install_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
663
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
664 w_path_len = wcslen(w_inst_dir) + wcslen(L"\\" NSS_APP_NAME) + 1;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
665 lpApplicationPath = xmalloc(w_path_len * sizeof (wchar_t));
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
666 wcscpy_s (lpApplicationPath, w_path_len, w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
667 xfree (w_inst_dir);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
668 w_inst_dir = NULL;
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
669 wcscat_s (lpApplicationPath, w_path_len, L"\\" NSS_APP_NAME);
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
670
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
671 /* set up handles. stdin and stdout go to the same stdout*/
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
672 siStartInfo.cb = sizeof (STARTUPINFO);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
673
824
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
674 if (is_elevated())
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
675 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
676 /* Start the child process as normal user */
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
677 hToken = get_restricted_token ();
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
678 if (hToken == NULL)
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
679 {
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
680 ERRORPRINTF ("Failed to get user level token.");
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
681 return false;
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
682 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
683 }
a511c1f45c70 (Issue47) Drop privileges before executing NSS process.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 677
diff changeset
684 else if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
685 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
686 PRINTLASTERROR("Failed to get current handle.");
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
687 xfree (lpApplicationPath);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
688 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
689 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
690
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
691 lpCommandLine = get_command_line (selection_file);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
692
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
693 if (lpCommandLine == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
694 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
695 ERRORPRINTF ("Failed to build command line.");
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
696 xfree (lpApplicationPath);
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
697 return false;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 674
diff changeset
698 }
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
699
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
700 DEBUGPRINTF ("Starting %S with command line %S\n", lpApplicationPath, lpCommandLine);
392
8090a1bc1b5b Add a space in the command line
Andre Heinecke <andre.heinecke@intevation.de>
parents: 391
diff changeset
701
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
702 success = CreateProcessAsUserW (hToken,
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
703 lpApplicationPath,
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
704 lpCommandLine, /* Commandline */
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
705 NULL, /* Process attributes. Take hToken */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
706 NULL, /* Thread attribues. Take hToken */
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
707 FALSE, /* Inherit Handles */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
708 0, /* Creation flags. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
709 NULL, /* Inherit environment */
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
710 NULL, /* Current working directory */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
711 &siStartInfo,
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
712 &piProcInfo);
825
24e1e47e2d1a Start NSS process only from the current installation directory
Andre Heinecke <andre.heinecke@intevation.de>
parents: 824
diff changeset
713 xfree (lpApplicationPath);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
714 xfree (lpCommandLine);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
715 if (!success)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
716 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
717 PRINTLASTERROR ("Failed to create process.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
718 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
719 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
720
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
721 if (WaitForSingleObject (piProcInfo.hProcess, PROCESS_TIMEOUT) != WAIT_OBJECT_0)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
722 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
723 /* Should not happen... */
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
724 ERRORPRINTF ("Failed to wait for process.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
725 if (piProcInfo.hProcess)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
726 CloseHandle (piProcInfo.hProcess);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
727 if (piProcInfo.hThread)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
728 CloseHandle (piProcInfo.hThread);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
729 return false;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
730 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
731 if (piProcInfo.hProcess)
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
732 CloseHandle (piProcInfo.hProcess);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
733 if (piProcInfo.hThread)
330
1e6d1eab8395 Fix NSS unit test for Windows and change how instructions are written
Andre Heinecke <aheinecke@intevation.de>
parents: 329
diff changeset
734 CloseHandle (piProcInfo.hThread);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
735 return true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
736 }
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
737
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
738 /**@brief Create a directory with restricted access rights
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
739 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
740 * This creates a security attributes structure that restricts
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
741 * write access to the Administrators group but allows everyone to read files
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
742 * in that directory.
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
743 * Basically a very complicated version of mkdir path -m 644
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
744 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
745 * If the directory exists the permissions of that directory are checked if
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
746 * they are acceptable and true or false is returned accordingly.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
747 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
748 * Code based on msdn example:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
749 * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
750 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
751 * @param[in] path Path of the directory to create
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
752 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
753 * @returns true on success of if the directory exists, false on error
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
754 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
755 bool
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
756 create_restricted_directory (LPWSTR path)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
757 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
758 bool retval = false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
759 PSID everyone_SID = NULL,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
760 admin_SID = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
761 PACL access_control_list = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
762 PSECURITY_DESCRIPTOR descriptor = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
763 EXPLICIT_ACCESS explicit_access[2];
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
764 SID_IDENTIFIER_AUTHORITY world_identifier = {SECURITY_WORLD_SID_AUTHORITY},
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
765 admin_identifier = {SECURITY_NT_AUTHORITY};
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
766 SECURITY_ATTRIBUTES security_attributes;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
767
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
768 ZeroMemory(&security_attributes, sizeof(security_attributes));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
769 ZeroMemory(&explicit_access, 2 * sizeof(EXPLICIT_ACCESS));
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
770
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
771 /* Create a well-known SID for the Everyone group. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
772 if(!AllocateAndInitializeSid(&world_identifier, /* top-level identifier */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
773 1, /* subauthorties count */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
774 SECURITY_WORLD_RID, /* Only one authority */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
775 0, 0, 0, 0, 0, 0, 0, /* No other authorities*/
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
776 &everyone_SID))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
777 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
778 PRINTLASTERROR ("Failed to allocate world sid.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
779 return false;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
780 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
781
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
782 /* Initialize the first EXPLICIT_ACCESS structure for an ACE.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
783 to allow everyone read access */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
784 explicit_access[0].grfAccessPermissions = GENERIC_READ; /* Give read access */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
785 explicit_access[0].grfAccessMode = SET_ACCESS; /* Overwrite other access for all users */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
786 explicit_access[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; /* make it stick */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
787 explicit_access[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
788 explicit_access[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
789 explicit_access[0].Trustee.ptstrName = (LPTSTR) everyone_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
790
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
791 /* Create the SID for the BUILTIN\Administrators group. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
792 if(!AllocateAndInitializeSid(&admin_identifier,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
793 2,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
794 SECURITY_BUILTIN_DOMAIN_RID, /*BUILTIN\ */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
795 DOMAIN_ALIAS_RID_ADMINS, /*\Administrators */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
796 0, 0, 0, 0, 0, 0, /* No other */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
797 &admin_SID))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
798 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
799 PRINTLASTERROR ("Failed to allocate admin sid.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
800 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
801 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
802
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
803 /* explicit_access[1] grants admins full rights for this object and inherits
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
804 it to the children */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
805 explicit_access[1].grfAccessPermissions = GENERIC_ALL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
806 explicit_access[1].grfAccessMode = SET_ACCESS;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
807 explicit_access[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
808 explicit_access[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
809 explicit_access[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
810 explicit_access[1].Trustee.ptstrName = (LPTSTR) admin_SID;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
811
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
812 /* Set up the ACL structure. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
813 if (ERROR_SUCCESS != SetEntriesInAcl(2, explicit_access, NULL, &access_control_list))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
814 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
815 PRINTLASTERROR ("Failed to set up Acl.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
816 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
817 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
818
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
819 /* Initialize a security descriptor */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
820 descriptor = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
821 SECURITY_DESCRIPTOR_MIN_LENGTH);
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
822 if (descriptor == NULL)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
823 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
824 PRINTLASTERROR("Failed to allocate descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
825 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
826 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
827
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
828 if (!InitializeSecurityDescriptor(descriptor,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
829 SECURITY_DESCRIPTOR_REVISION))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
830 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
831 PRINTLASTERROR("Failed to initialize descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
832 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
833 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
834
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
835 /* Now we add the ACL to the the descriptor */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
836 if (!SetSecurityDescriptorDacl(descriptor,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
837 TRUE, /* bDaclPresent flag */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
838 access_control_list,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
839 FALSE)) /* not a default DACL */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
840 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
841 PRINTLASTERROR("Failed to set security descriptor.");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
842 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
843 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
844
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
845 /* Finally set up the security attributes structure */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
846 security_attributes.nLength = sizeof (SECURITY_ATTRIBUTES);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
847 security_attributes.lpSecurityDescriptor = descriptor;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
848 security_attributes.bInheritHandle = FALSE;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
849
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
850 /* Use the security attributes to create the directory */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
851 if (!CreateDirectoryW(path, &security_attributes))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
852 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
853 DWORD err = GetLastError();
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
854 if (err == ERROR_ALREADY_EXISTS)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
855 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
856 /* Verify that the directory has the correct rights */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
857 // TODO
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
858 retval = true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
859 goto done;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
860 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
861 ERRORPRINTF ("Failed to create directory. Err: %lu", err);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
862 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
863 retval = true;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
864
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
865 done:
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
866
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
867 if (everyone_SID)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
868 FreeSid(everyone_SID);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
869 if (admin_SID)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
870 FreeSid(admin_SID);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
871 if (access_control_list)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
872 LocalFree(access_control_list);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
873 if (descriptor)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
874 LocalFree(descriptor);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
875
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
876 return retval;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
877 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
878
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
879 /**@brief Writes the selection file containing the instructions
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
880 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
881 * If the process is running elevated the instructions are
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
882 * written to the global ProgramData directory otherwise
826
4aa33c408776 Remove TODO windows gracefully handles the case where the data directory is not accessible.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 825
diff changeset
883 * they are written in the directory of the current user.
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
884 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
885 * If the return value is not NULL it needs to be freed by the caller.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
886 * The returned path will contain backslashes as directory seperators.
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
887 *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
888 * @param[in] to_install Certificates that should be installed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
889 * @param[in] to_remove Certificates that should be removed
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
890 * @returns pointer to the absolute filename of the selection file or NULL
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
891 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
892 wchar_t *
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
893 write_selection_file (char **to_install, char **to_remove)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
894 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
895 wchar_t *folder_name = NULL,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 856
diff changeset
896 *path = NULL;
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
897 HRESULT result = E_FAIL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
898 HANDLE hFile = NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
899 size_t path_len;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
900
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
901 result = SHGetKnownFolderPath (&FOLDERID_ProgramData, /* Get program data dir */
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
902 KF_FLAG_CREATE | /* Create if it does not exist */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
903 KF_FLAG_INIT, /* Initialize it if created */
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
904 INVALID_HANDLE_VALUE, /* Get it for the default user */
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
905 &folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
906
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
907 if (result != S_OK)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
908 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
909 PRINTLASTERROR ("Failed to get folder path");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
910 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
911 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
912
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
913 path_len = wcslen (folder_name) + wcslen (APPNAME) + 2; /* path + dirsep + \0 */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
914 path_len += wcslen (SELECTION_FILE_NAME) + 1; /* filename + dirsep */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
915
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
916 if (path_len >= MAX_PATH)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
917 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
918 /* We could go and use the full 32,767 characters but this
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
919 should be a very weird setup if this is neccessary. */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
920 ERRORPRINTF ("Path too long.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
921 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
922 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
923
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
924 path = xmalloc (path_len * sizeof (wchar_t));
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
925 if (wcscpy_s (path, path_len, folder_name) != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
926 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
927 ERRORPRINTF ("Failed to copy folder name.\n");
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
928
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
929 CoTaskMemFree (folder_name);
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
930
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
931 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
932 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
933
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
934 CoTaskMemFree (folder_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
935
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
936 if (wcscat_s (path, path_len, L"\\") != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
937 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
938 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
939 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
940 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
941 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
942
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
943 if (wcscat_s (path, path_len, APPNAME) != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
944 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
945 ERRORPRINTF ("Failed to cat appname.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
946 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
947 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
948 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
949
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
950 /* Security: if someone has created this directory before
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
951 it might be a symlink to another place that a users
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
952 wants us to grant read access to or makes us overwrite
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
953 something */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
954 if(!create_restricted_directory (path))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
955 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
956 ERRORPRINTF ("Failed to create directory\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
957 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
958 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
959 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
960
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
961 if (wcscat_s (path, path_len, L"\\") != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
962 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
963 ERRORPRINTF ("Failed to cat dirsep.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
964 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
965 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
966 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
967
363
d10d9bc2e84f Update Windows api usage. Warning: To build on windows you need
Andre Heinecke <aheinecke@intevation.de>
parents: 360
diff changeset
968 if (wcscat_s (path, path_len, SELECTION_FILE_NAME) != 0)
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
969 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
970 ERRORPRINTF ("Failed to cat filename.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
971 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
972 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
973 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
974
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
975 hFile = CreateFileW(path,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
976 GENERIC_WRITE,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
977 0, /* don't share */
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
978 NULL, /* use the security attributes from the folder */
489
a9da8e4eeff7 Fix instruction writing for Windows.
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
979 OPEN_ALWAYS | TRUNCATE_EXISTING,
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
980 0,
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
981 NULL);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
982
502
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
983 if (hFile == INVALID_HANDLE_VALUE && GetLastError() == ERROR_FILE_NOT_FOUND)
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
984 {
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
985 hFile = CreateFileW(path,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
986 GENERIC_WRITE,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
987 0, /* don't share */
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
988 NULL, /* use the security attributes from the folder */
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
989 CREATE_NEW,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
990 0,
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
991 NULL);
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
992 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
993 if (hFile == INVALID_HANDLE_VALUE)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
994 {
502
e551de11d8b6 Properly handle the case that the file does not exist.
Andre Heinecke <aheinecke@intevation.de>
parents: 489
diff changeset
995 PRINTLASTERROR ("Failed to create file\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
996 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
997 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
998 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
999 if (!write_instructions (to_install, hFile, false))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1000 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1001 ERRORPRINTF ("Failed to write install instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1002 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1003 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1004 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1005 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1006 if (!write_instructions (to_remove, hFile, true))
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1007 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1008 ERRORPRINTF ("Failed to write remove instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1009 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1010 xfree(path);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1011 return NULL;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1012 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1013 CloseHandle(hFile);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1014
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1015 return path;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1016 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1017
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1018 int
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1019 write_stores_nss (char **to_install, char **to_remove)
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1020 {
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1021 wchar_t *selection_file_name = NULL;
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1022
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1023 selection_file_name = write_selection_file (to_install, to_remove);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1024 if (!selection_file_name)
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1025 {
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1026 ERRORPRINTF ("Failed to write instructions.\n");
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1027 return -1;
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1028 }
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1029
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1030 DEBUGPRINTF ("Wrote selection file. Loc: %S\n", selection_file_name);
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1031
668
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
1032 if (is_elevated())
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
1033 {
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
1034 register_proccesses_for_others (selection_file_name);
ef6d3dc9e930 Framework for NSS multiuser installation on windows
Andre Heinecke <andre.heinecke@intevation.de>
parents: 665
diff changeset
1035 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1036
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1037 if (!start_procces_for_user (selection_file_name))
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1038 {
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1039 ERRORPRINTF ("Failed to run NSS installation process.\n");
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1040 xfree(selection_file_name);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1041 return -1;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1042 }
360
c0eac5c8c245 Keep working on nssstore_win and clarify its specification
Andre Heinecke <andre.heinecke@intevation.de>
parents: 330
diff changeset
1043 xfree(selection_file_name);
324
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1044 return 0;
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1045 }
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1046
eff8e7ce4dae Add first compiling implementation of nssstore_win.c
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1047 #endif

http://wald.intevation.org/projects/trustbridge/