comparison cinst/main.c @ 137:4904fe01055d

Factor out windows specific parts
author Andre Heinecke <aheinecke@intevation.de>
date Mon, 24 Mar 2014 14:55:48 +0000
parents 898446d9d23e
children 095d0e7f8ed4
comparison
equal deleted inserted replaced
130:ffb20e76e7d0 137:4904fe01055d
1 /** @brief Main entry point for the cinst process. 1 /**
2 * @file main.c
3 * @brief Main entry point for the cinst process.
2 * 4 *
3 * The cinst process may or may not be run with elevated 5 * The cinst process may or may not be run with elevated
4 * privileges. When run with elevated privileges this 6 * privileges. When run with elevated privileges this
5 * process will modify system wide certificate stores. 7 * process will modify system wide certificate stores.
6 * Otherwise only the users certificate stores are modified. 8 * Otherwise only the users certificate stores are modified.
27 #include <stdio.h> 29 #include <stdio.h>
28 #include <stdlib.h> 30 #include <stdlib.h>
29 #include <string.h> 31 #include <string.h>
30 #include <assert.h> 32 #include <assert.h>
31 33
32 #include <polarssl/base64.h>
33
34 #include "strhelp.h" 34 #include "strhelp.h"
35 #include "listutil.h" 35 #include "listutil.h"
36 #include "errorcodes.h" 36 #include "errorcodes.h"
37 37 #include "windowsstore.h"
38 #ifdef WIN32
39 #include <windows.h>
40 #include <wincrypt.h>
41 #endif
42
43 #ifdef WIN32
44 LPWSTR getLastErrorMsg() {
45 LPWSTR bufPtr = NULL;
46 DWORD err = GetLastError();
47 FormatMessageW(FORMAT_MESSAGE_ALLOCATE_BUFFER |
48 FORMAT_MESSAGE_FROM_SYSTEM |
49 FORMAT_MESSAGE_IGNORE_INSERTS,
50 NULL, err, 0, (LPWSTR)&bufPtr, 0, NULL);
51 if (!bufPtr) {
52 HMODULE hWinhttp = GetModuleHandleW(L"winhttp");
53 if (hWinhttp) {
54 FormatMessageW(FORMAT_MESSAGE_ALLOCATE_BUFFER |
55 FORMAT_MESSAGE_FROM_HMODULE |
56 FORMAT_MESSAGE_IGNORE_INSERTS,
57 hWinhttp, HRESULT_CODE(err), 0,
58 (LPWSTR)&bufPtr, 0, NULL);
59 }
60 }
61 if (!bufPtr)
62 printf("Error getting last error\n");
63 return bufPtr;
64 }
65 #endif
66 38
67 /* The certificate list + instructions may only be so long as 39 /* The certificate list + instructions may only be so long as
68 * twice the accepted certificatelist size */ 40 * twice the accepted certificatelist size */
69 #define MAX_INPUT_SIZE MAX_LINE_LENGTH * MAX_LINES * 2 41 #define MAX_INPUT_SIZE MAX_LINE_LENGTH * MAX_LINES * 2
70 42
158 130
159 return 0; 131 return 0;
160 } 132 }
161 */ 133 */
162 134
163 #ifdef WIN32
164 /** @brief Install certificates into Windows store
165 *
166 * @param [in] to_install NULL terminated array of base64 encoded certificates.
167 * @param [in] user_store set to True if the certificates should be installed
168 * only for the current user. O for system wide installation.
169 * @returns 0 on success an errorcode otherwise.
170 */
171 int install_certificates_win(const char **to_install, int user_store)
172 {
173 int i = 0;
174 HCERTSTORE hStore = NULL;
175
176 if (user_store) {
177 // Access user store
178 hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0,
179 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
180 } else {
181 // Access machine store
182 hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0,
183 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"Root");
184 }
185
186 if (!hStore) {
187 return ERR_STORE_ACCESS_DENIED;
188 }
189
190 while (to_install[i]) {
191 size_t needed_len = 0;
192 size_t cert_len = strnlen(to_install[i], MAX_LINE_LENGTH);
193 int ret = -1;
194 unsigned char *buf;
195
196 /* Check the needed size for the buffer */
197 ret = base64_decode(NULL, &needed_len,
198 (unsigned char *)to_install[i], cert_len);
199
200 if (ret != 0 && ret != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL) {
201 return ERR_INVALID_INSTRUCTIONS;
202 }
203
204 buf = xmalloc(needed_len);
205 memset (buf, 0, needed_len);
206
207 ret = base64_decode(buf, &needed_len,
208 (unsigned char *)to_install[i], cert_len);
209
210 if (ret != 0) {
211 return ERR_INVALID_INSTRUCTIONS;
212 }
213
214 ret = CertAddEncodedCertificateToStore (hStore,
215 X509_ASN_ENCODING,
216 (PBYTE)buf,
217 needed_len,
218 CERT_STORE_ADD_ALWAYS,
219 NULL);
220
221 if (ret == 0) {
222 LPWSTR error = getLastErrorMsg();
223 if (error) {
224 printf("Failed to add certificate: %S \n", error);
225 LocalFree(error);
226 }
227 }
228 i++;
229 free(buf);
230 }
231 if(hStore) {
232 CertCloseStore(hStore, 0);
233 }
234 return 0;
235 }
236 #endif
237
238 int main() { 135 int main() {
239 char **to_install = NULL; 136 char **to_install = NULL;
240 char **to_remove = NULL; 137 char **to_remove = NULL;
241 char *certificate_list = NULL; 138 char *certificate_list = NULL;
242 size_t list_len = 0; 139 size_t list_len = 0;

http://wald.intevation.org/projects/trustbridge/