Mercurial > trustbridge

comparison cinst/nssstore_win.c @ 824:a511c1f45c70

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
(Issue47) Drop privileges before executing NSS process.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 21 Jul 2014 18:51:34 +0200
parents 85c5aa9aba2b
children 24e1e47e2d1a
comparison
equal deleted inserted replaced
823:b8bc812e41ee 824:a511c1f45c70
37 process on login to make sure it is launched once in the 37 process on login to make sure it is launched once in the
38 security context of that user. 38 security context of that user.
39 */ 39 */
40 40
41 #include <windows.h> 41 #include <windows.h>
42 #include <winsafer.h>
42 #include <sddl.h> 43 #include <sddl.h>
43 #include <stdio.h> 44 #include <stdio.h>
44 #include <stdbool.h> 45 #include <stdbool.h>
45 #include <userenv.h> 46 #include <userenv.h>
46 #include <io.h> 47 #include <io.h>
66 /**@def The maximum time to wait for the NSS Process */ 67 /**@def The maximum time to wait for the NSS Process */
67 #define PROCESS_TIMEOUT 30000 68 #define PROCESS_TIMEOUT 30000
68 69
69 /**@def The registry key to look for user profile directories */ 70 /**@def The registry key to look for user profile directories */
70 #define PROFILE_LIST L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList" 71 #define PROFILE_LIST L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
72
73 /** @brief get a restricted access token to execute nss process
74 *
75 * This function uses the Software Restriction API to obtain the
76 * access token for a process run als normal user.
77 *
78 * @returns A restricted handle or NULL on error.
79 */
80 static HANDLE
81 get_restricted_token()
82 {
83 SAFER_LEVEL_HANDLE user_level = NULL;
84 HANDLE retval = NULL;
85 if (!SaferCreateLevel(SAFER_SCOPEID_USER,
86 SAFER_LEVELID_NORMALUSER,
87 SAFER_LEVEL_OPEN, &user_level, NULL))
88 {
89 PRINTLASTERROR ("Failed to create user level.\n");
90 return NULL;
91 }
92
93 if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL))
94 {
95 SaferCloseLevel(user_level);
96 return NULL;
97 }
98
99 return retval;
100 }
71 101
72 /**@brief Write strv of instructions to a handle 102 /**@brief Write strv of instructions to a handle
73 * 103 *
74 * Writes the null terminated list of instructions to 104 * Writes the null terminated list of instructions to
75 * the handle. 105 * the handle.
650 } 680 }
651 681
652 /* set up handles. stdin and stdout go to the same stdout*/ 682 /* set up handles. stdin and stdout go to the same stdout*/
653 siStartInfo.cb = sizeof (STARTUPINFO); 683 siStartInfo.cb = sizeof (STARTUPINFO);
654 684
655 if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken)) 685 if (is_elevated())
686 {
687 /* Start the child process as normal user */
688 hToken = get_restricted_token ();
689 if (hToken == NULL)
690 {
691 ERRORPRINTF ("Failed to get user level token.");
692 return false;
693 }
694 }
695 else if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
656 { 696 {
657 PRINTLASTERROR("Failed to get current handle."); 697 PRINTLASTERROR("Failed to get current handle.");
658 return false; 698 return false;
659 } 699 }
660 /* TODO! if (is_elevated())
661 restrict token -> hChildToken
662 */
663 700
664 lpCommandLine = get_command_line (selection_file); 701 lpCommandLine = get_command_line (selection_file);
665 702
666 if (lpCommandLine == NULL) 703 if (lpCommandLine == NULL)
667 { 704 {
http://wald.intevation.org/projects/trustbridge/