Mercurial > trustbridge
annotate cinst/windowsstore.c @ 1070:f110a3f6e387
(issue114) Fine tune ACL propagation
using mkdir_p the ACL of the parent directories would
propagate to all subdirectories and objects in the directory.
Now we only use ACL propagation in the last directory to make
sure that files we might create in that directory inherit the
correct (resitricted) ACL
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Wed, 10 Sep 2014 16:41:36 +0200 |
parents | 698b6a9bd75e |
children | 265583011f24 |
rev | line source |
---|---|
404 | 1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
2 * Software engineering by Intevation GmbH | |
3 * | |
4 * This file is Free Software under the GNU GPL (v>=2) | |
5 * and comes with ABSOLUTELY NO WARRANTY! | |
6 * See LICENSE.txt for details. | |
7 */ | |
137
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 #ifdef WIN32 |
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 |
161
a4b1c77f3e6a
Change install_certificates_win to generic write_stores_win
Andre Heinecke <aheinecke@intevation.de>
parents:
149
diff
changeset
|
10 #include <stdio.h> |
a4b1c77f3e6a
Change install_certificates_win to generic write_stores_win
Andre Heinecke <aheinecke@intevation.de>
parents:
149
diff
changeset
|
11 |
137
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 #include "windowsstore.h" |
161
a4b1c77f3e6a
Change install_certificates_win to generic write_stores_win
Andre Heinecke <aheinecke@intevation.de>
parents:
149
diff
changeset
|
13 #include "errorcodes.h" |
a4b1c77f3e6a
Change install_certificates_win to generic write_stores_win
Andre Heinecke <aheinecke@intevation.de>
parents:
149
diff
changeset
|
14 #include "listutil.h" |
a4b1c77f3e6a
Change install_certificates_win to generic write_stores_win
Andre Heinecke <aheinecke@intevation.de>
parents:
149
diff
changeset
|
15 #include "strhelp.h" |
253
3595ea4fd3fb
Use getLastErrorMsg from logging
Andre Heinecke <aheinecke@intevation.de>
parents:
247
diff
changeset
|
16 #include "logging.h" |
321
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
262
diff
changeset
|
17 #include "util.h" |
137
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
18 |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
19 static PCCERT_CONTEXT |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
20 b64_to_cert_context(char *b64_data, size_t b64_size) |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
21 { |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
22 size_t buf_size = 0; |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
23 char *buf = NULL; |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
24 PCCERT_CONTEXT pCert = NULL; |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
25 int ret = -1; |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
26 |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
27 ret = str_base64_decode (&buf, &buf_size, b64_data, b64_size); |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
28 |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
29 if (ret != 0) |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
30 { |
626
f595fcbe3e76
Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents:
624
diff
changeset
|
31 ERRORPRINTF ("decoding certificate failed\n"); |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
32 return NULL; |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
33 } |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
34 |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
35 pCert = CertCreateContext (CERT_STORE_CERTIFICATE_CONTEXT, |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
36 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
37 (const PBYTE) buf, |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
38 (DWORD) buf_size, |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
39 0, |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
40 NULL); |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
41 free (buf); /* Windows has a copy */ |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
42 |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
43 if (pCert == NULL) |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
44 { |
253
3595ea4fd3fb
Use getLastErrorMsg from logging
Andre Heinecke <aheinecke@intevation.de>
parents:
247
diff
changeset
|
45 char *error = getLastErrorMsg(); |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
46 if (error) |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
47 { |
626
f595fcbe3e76
Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents:
624
diff
changeset
|
48 ERRORPRINTF ("Failed to create cert context: %s \n", error); |
253
3595ea4fd3fb
Use getLastErrorMsg from logging
Andre Heinecke <aheinecke@intevation.de>
parents:
247
diff
changeset
|
49 free (error); |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
50 } |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
51 return NULL; |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
52 } |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
53 return pCert; |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
54 } |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
55 |
219
57bef180d560
Add debug output and make windowsstore linkable from C++ code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
218
diff
changeset
|
56 void |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
57 do_remove(HCERTSTORE hStore, char **to_remove) |
137
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
58 { |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
59 PCCERT_CONTEXT pCert = NULL; |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
60 unsigned int i = 0; |
624
736e95c63b86
Log access to windows stores
Andre Heinecke <andre.heinecke@intevation.de>
parents:
504
diff
changeset
|
61 bool elevated = is_elevated(); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
62 |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
63 if (!to_remove) |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
64 { |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
65 return; |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
66 } |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
67 |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
68 for (i=0; to_remove[i]; i++) |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
69 { |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
70 PCCERT_CONTEXT pc_to_remove = NULL; |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
71 |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
72 pc_to_remove = b64_to_cert_context(to_remove[i], |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
73 strnlen(to_remove[i], MAX_LINE_LENGTH)); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
74 |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
75 if (pc_to_remove == NULL) |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
76 { |
253
3595ea4fd3fb
Use getLastErrorMsg from logging
Andre Heinecke <aheinecke@intevation.de>
parents:
247
diff
changeset
|
77 char *error = getLastErrorMsg(); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
78 if (error) |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
79 { |
626
f595fcbe3e76
Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents:
624
diff
changeset
|
80 ERRORPRINTF ("Failed to create cert context: %s \n", error); |
253
3595ea4fd3fb
Use getLastErrorMsg from logging
Andre Heinecke <aheinecke@intevation.de>
parents:
247
diff
changeset
|
81 free (error); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
82 } |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
83 continue; |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
84 } |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
85 |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
86 pCert = CertFindCertificateInStore (hStore, |
218
8fb12af98960
According to MSDN you Must also provide message encoding flag.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
217
diff
changeset
|
87 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
88 0, |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
89 CERT_FIND_EXISTING, |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
90 pc_to_remove, |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
91 NULL); |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
92 |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
93 CertFreeCertificateContext (pc_to_remove); |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
94 |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
95 if (pCert == NULL) |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
96 { |
626
f595fcbe3e76
Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents:
624
diff
changeset
|
97 ERRORPRINTF ("Did not find certificate\n"); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
98 continue; |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
99 } |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
100 |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
101 if (!CertDeleteCertificateFromStore (pCert)) |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
102 { |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
103 /* From MSDN: |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
104 The CertDeleteCertificateFromStore function always frees |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
105 pCertContext by calling the CertFreeCertificateContext |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
106 function, even if an error is encountered. */ |
253
3595ea4fd3fb
Use getLastErrorMsg from logging
Andre Heinecke <aheinecke@intevation.de>
parents:
247
diff
changeset
|
107 char *error = getLastErrorMsg(); |
626
f595fcbe3e76
Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents:
624
diff
changeset
|
108 ERRORPRINTF ("Error deleting certificate. %s", error); |
253
3595ea4fd3fb
Use getLastErrorMsg from logging
Andre Heinecke <aheinecke@intevation.de>
parents:
247
diff
changeset
|
109 free (error); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
110 continue; |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
111 } |
624
736e95c63b86
Log access to windows stores
Andre Heinecke <andre.heinecke@intevation.de>
parents:
504
diff
changeset
|
112 log_certificate (elevated ? "Local Machine" : "Current User", |
736e95c63b86
Log access to windows stores
Andre Heinecke <andre.heinecke@intevation.de>
parents:
504
diff
changeset
|
113 to_remove[i], false); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
114 } |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
115 return; |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
116 } |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
117 |
219
57bef180d560
Add debug output and make windowsstore linkable from C++ code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
218
diff
changeset
|
118 void |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
119 do_install(HCERTSTORE hStore, char **to_install) |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
120 { |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
121 int i = 0, |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
122 ret = -1; |
624
736e95c63b86
Log access to windows stores
Andre Heinecke <andre.heinecke@intevation.de>
parents:
504
diff
changeset
|
123 bool elevated = is_elevated(); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
124 |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
125 if (!to_install) |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
126 { |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
127 return; |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
128 } |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
129 |
217
83a015f2e078
Remove leftover incrementation of i from former loop style. Fixes a crash when adding only one
Andre Heinecke <andre.heinecke@intevation.de>
parents:
215
diff
changeset
|
130 for (i = 0; to_install[i]; i++) |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
131 { |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
132 PCCERT_CONTEXT pc_to_add = NULL; |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
133 PCCERT_CONTEXT found_cert = NULL; |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
134 |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
135 pc_to_add = b64_to_cert_context(to_install[i], |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
136 strnlen(to_install[i], MAX_LINE_LENGTH)); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
137 |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
138 if (pc_to_add == NULL) |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
139 { |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
140 continue; |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
141 } |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
142 |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
143 found_cert = CertFindCertificateInStore (hStore, |
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
626
diff
changeset
|
144 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, |
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
626
diff
changeset
|
145 0, |
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
626
diff
changeset
|
146 CERT_FIND_EXISTING, |
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
626
diff
changeset
|
147 pc_to_add, |
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
626
diff
changeset
|
148 NULL); |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
149 if (found_cert != NULL) |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
150 { |
626
f595fcbe3e76
Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents:
624
diff
changeset
|
151 DEBUGPRINTF ("Certificate already in store\n"); |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
152 CertFreeCertificateContext (found_cert); |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
153 CertFreeCertificateContext (pc_to_add); |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
154 continue; |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
155 } |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
156 |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
157 ret = CertAddCertificateContextToStore (hStore, |
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
158 pc_to_add, |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
159 CERT_STORE_ADD_ALWAYS, |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
160 NULL); |
222
53ea9b975d1c
Cleanup windowsstore.c
Andre Heinecke <aheinecke@intevation.de>
parents:
219
diff
changeset
|
161 CertFreeCertificateContext (pc_to_add); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
162 if (!ret) |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
163 { |
253
3595ea4fd3fb
Use getLastErrorMsg from logging
Andre Heinecke <aheinecke@intevation.de>
parents:
247
diff
changeset
|
164 char *error = getLastErrorMsg(); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
165 if (error) |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
166 { |
626
f595fcbe3e76
Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents:
624
diff
changeset
|
167 ERRORPRINTF ("Failed to add certificate: %s \n", error); |
253
3595ea4fd3fb
Use getLastErrorMsg from logging
Andre Heinecke <aheinecke@intevation.de>
parents:
247
diff
changeset
|
168 free (error); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
169 } |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
170 } |
624
736e95c63b86
Log access to windows stores
Andre Heinecke <andre.heinecke@intevation.de>
parents:
504
diff
changeset
|
171 log_certificate (elevated ? "Local Machine" : "Current User", |
736e95c63b86
Log access to windows stores
Andre Heinecke <andre.heinecke@intevation.de>
parents:
504
diff
changeset
|
172 to_install[i], true); |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
173 } |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
174 return; |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
175 } |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
176 |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
177 int |
247
4de97f74d038
Check for process elevation and write into system store accordingly
Andre Heinecke <aheinecke@intevation.de>
parents:
222
diff
changeset
|
178 write_stores_win (char **to_install, char **to_remove) |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
179 { |
163
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
180 HCERTSTORE hStore = NULL; |
137
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
181 |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
182 if (!to_install && !to_remove) |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
183 { |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
184 /* Nothing to do */ |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
185 return 0; |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
186 } |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
187 |
247
4de97f74d038
Check for process elevation and write into system store accordingly
Andre Heinecke <aheinecke@intevation.de>
parents:
222
diff
changeset
|
188 if (!is_elevated()) |
163
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
189 { |
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
190 hStore = CertOpenStore (CERT_STORE_PROV_SYSTEM, 0, |
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
191 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root"); |
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
192 } |
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
193 else |
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
194 { |
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
195 hStore = CertOpenStore (CERT_STORE_PROV_SYSTEM, 0, |
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
196 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"Root"); |
137
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
197 } |
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
198 |
163
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
199 if (!hStore) |
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
200 { |
504
3cf72c5282e8
Redirect errorprintf to output debug string on windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
201 ERRORPRINTF ("Failed to access store.\n"); |
163
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
202 return ERR_STORE_ACCESS_DENIED; |
137
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
203 } |
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
204 |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
205 /* Do the actual work */ |
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
206 do_install (hStore, to_install); |
137
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
207 |
215
292e2cb60ef0
Add removal of certificates
Andre Heinecke <andre.heinecke@intevation.de>
parents:
185
diff
changeset
|
208 do_remove (hStore, to_remove); |
161
a4b1c77f3e6a
Change install_certificates_win to generic write_stores_win
Andre Heinecke <aheinecke@intevation.de>
parents:
149
diff
changeset
|
209 |
163
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
210 if (hStore) |
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
211 { |
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
212 CertCloseStore (hStore, 0); |
137
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
213 } |
163
8cfcd38a9bb3
Change coding style for cinst main / windowsstore to GNU
Andre Heinecke <aheinecke@intevation.de>
parents:
161
diff
changeset
|
214 return 0; |
137
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
215 } |
4904fe01055d
Factor out windows specific parts
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
216 #endif // WIN32 |