Mercurial > trustbridge
comparison cinst/nssstore_win.c @ 1119:5349e2354c48
(issue54) Merge branch runafterinstall
There is now an NSIS Plugin that executes the Software after
installation using COM in the shell of the current user.
With the way over the shell there is no inheritance /
token management required. As it is impossible to
drop all privileges of a token granted by UAC and
still be able to reelevate the Token again with another
RunAs call later this round trip over the Shell was
necessary.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 16 Sep 2014 19:48:22 +0200 |
| parents | fd85a02d771d |
| children | e210ecc32d69 |
comparison
equal
deleted
inserted
replaced
| 1117:5b6203f78b4e | 1119:5349e2354c48 |
|---|---|
| 37 process on login to make sure it is launched once in the | 37 process on login to make sure it is launched once in the |
| 38 security context of that user. | 38 security context of that user. |
| 39 */ | 39 */ |
| 40 | 40 |
| 41 #include <windows.h> | 41 #include <windows.h> |
| 42 #include <winsafer.h> | |
| 43 #include <sddl.h> | 42 #include <sddl.h> |
| 44 #include <stdio.h> | 43 #include <stdio.h> |
| 45 #include <stdbool.h> | 44 #include <stdbool.h> |
| 46 #include <userenv.h> | 45 #include <userenv.h> |
| 47 #include <io.h> | 46 #include <io.h> |
| 95 if (item->next) | 94 if (item->next) |
| 96 { | 95 { |
| 97 pkp_t_free (item->next); | 96 pkp_t_free (item->next); |
| 98 } | 97 } |
| 99 xfree (item); | 98 xfree (item); |
| 100 } | |
| 101 | |
| 102 /** @brief get a restricted access token to execute nss process | |
| 103 * | |
| 104 * This function uses the Software Restriction API to obtain the | |
| 105 * access token for a process run als normal user. | |
| 106 * | |
| 107 * @returns A restricted handle or NULL on error. | |
| 108 */ | |
| 109 static HANDLE | |
| 110 get_restricted_token() | |
| 111 { | |
| 112 SAFER_LEVEL_HANDLE user_level = NULL; | |
| 113 HANDLE retval = NULL; | |
| 114 SID_IDENTIFIER_AUTHORITY medium_identifier = {SECURITY_MANDATORY_LABEL_AUTHORITY}; | |
| 115 PSID medium_sid = NULL; | |
| 116 TOKEN_MANDATORY_LABEL integrity_label; | |
| 117 | |
| 118 memset (&integrity_label, 0, sizeof (integrity_label)); | |
| 119 | |
| 120 if (!SaferCreateLevel(SAFER_SCOPEID_USER, | |
| 121 SAFER_LEVELID_NORMALUSER, | |
| 122 SAFER_LEVEL_OPEN, &user_level, NULL)) | |
| 123 { | |
| 124 PRINTLASTERROR ("Failed to create user level.\n"); | |
| 125 return NULL; | |
| 126 } | |
| 127 | |
| 128 if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL)) | |
| 129 { | |
| 130 SaferCloseLevel(user_level); | |
| 131 return NULL; | |
| 132 } | |
| 133 | |
| 134 SaferCloseLevel(user_level); | |
| 135 | |
| 136 /* Set the SID to medium it will still be high otherwise. Even if | |
| 137 there is no high access allowed. */ | |
| 138 if (!AllocateAndInitializeSid(&medium_identifier, | |
| 139 1, | |
| 140 SECURITY_MANDATORY_MEDIUM_RID, | |
| 141 0, | |
| 142 0, | |
| 143 0, | |
| 144 0, | |
| 145 0, | |
| 146 0, | |
| 147 0, | |
| 148 &medium_sid)) | |
| 149 { | |
| 150 PRINTLASTERROR ("Failed to initialize sid.\n"); | |
| 151 return NULL; | |
| 152 } | |
| 153 | |
| 154 integrity_label.Label.Attributes = SE_GROUP_INTEGRITY; | |
| 155 integrity_label.Label.Sid = medium_sid; | |
| 156 | |
| 157 if (!SetTokenInformation(retval, | |
| 158 TokenIntegrityLevel, | |
| 159 &integrity_label, | |
| 160 sizeof(TOKEN_MANDATORY_LABEL))) | |
| 161 { | |
| 162 PRINTLASTERROR ("Failed to set token integrity.\n"); | |
| 163 return NULL; | |
| 164 } | |
| 165 | |
| 166 return retval; | |
| 167 } | 99 } |
| 168 | 100 |
| 169 /**@brief Write strv of instructions to a handle | 101 /**@brief Write strv of instructions to a handle |
| 170 * | 102 * |
| 171 * Writes the null terminated list of instructions to | 103 * Writes the null terminated list of instructions to |