Mercurial > trustbridge
comparison cinst/nssstore_win.c @ 676:cb40af11ec3a
Obtain privileges required for registry modification
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 30 Jun 2014 11:25:40 +0200 |
| parents | 4ad764bfb39c |
| children | 85c5aa9aba2b |
comparison
equal
deleted
inserted
replaced
| 675:4ad764bfb39c | 676:cb40af11ec3a |
|---|---|
| 427 wcscat_s (retval, cmd_line_len, L"\""); | 427 wcscat_s (retval, cmd_line_len, L"\""); |
| 428 | 428 |
| 429 return retval; | 429 return retval; |
| 430 } | 430 } |
| 431 | 431 |
| 432 /** @brief Increase the privileges of the current token to allow registry access | |
| 433 * | |
| 434 * To load another users registry you need SE_BACKUP_NAME and SE_RESTORE_NAME | |
| 435 * privileges. Normally if we are running elevated we can obtain them. | |
| 436 * | |
| 437 * @returns true if the privileges could be obtained. False otherwise | |
| 438 */ | |
| 439 static bool | |
| 440 get_backup_restore_priv() | |
| 441 { | |
| 442 HANDLE hToken = NULL; | |
| 443 PTOKEN_PRIVILEGES psToken = NULL; | |
| 444 DWORD token_size = 0, | |
| 445 dwI = 0, | |
| 446 token_size_new = 0, | |
| 447 privilege_size = 128; | |
| 448 char privilege_name[128]; | |
| 449 bool retval = false; | |
| 450 bool backup_found = false; | |
| 451 bool restore_found = false; | |
| 452 | |
| 453 | |
| 454 if (!OpenProcessToken (GetCurrentProcess(), | |
| 455 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) | |
| 456 { | |
| 457 PRINTLASTERROR ("Failed to get process token."); | |
| 458 return false; | |
| 459 } | |
| 460 | |
| 461 /* Get the size for the token */ | |
| 462 GetTokenInformation (hToken, TokenPrivileges, NULL, 0, &token_size); | |
| 463 if (token_size == 0) | |
| 464 { | |
| 465 PRINTLASTERROR ("Failed to get token size."); | |
| 466 goto done; | |
| 467 } | |
| 468 | |
| 469 psToken = xmalloc(token_size); | |
| 470 | |
| 471 if (!GetTokenInformation (hToken, TokenPrivileges, psToken, token_size, &token_size_new)) | |
| 472 { | |
| 473 PRINTLASTERROR ("Failed to get token information."); | |
| 474 goto done; | |
| 475 } | |
| 476 | |
| 477 if (token_size != token_size_new) | |
| 478 { | |
| 479 ERRORPRINTF ("Size changed."); | |
| 480 goto done; | |
| 481 } | |
| 482 | |
| 483 for(dwI = 0; dwI < psToken->PrivilegeCount; dwI++) | |
| 484 { | |
| 485 privilege_size = sizeof (privilege_name); | |
| 486 if (!LookupPrivilegeNameA (NULL, &psToken->Privileges[dwI].Luid, | |
| 487 privilege_name, &privilege_size)) | |
| 488 { | |
| 489 PRINTLASTERROR ("Failed to lookup privilege name"); | |
| 490 } | |
| 491 | |
| 492 if(strcmp(privilege_name, "SeRestorePrivilege") == 0) | |
| 493 { | |
| 494 psToken->Privileges[dwI].Attributes |= SE_PRIVILEGE_ENABLED; | |
| 495 restore_found = true; | |
| 496 continue; | |
| 497 } | |
| 498 if(strcmp(privilege_name, "SeBackupPrivilege") == 0) | |
| 499 { | |
| 500 psToken->Privileges[dwI].Attributes |= SE_PRIVILEGE_ENABLED; | |
| 501 backup_found = true; | |
| 502 continue; | |
| 503 } | |
| 504 if (backup_found && restore_found) | |
| 505 { | |
| 506 break; | |
| 507 } | |
| 508 } | |
| 509 | |
| 510 if (backup_found && restore_found) | |
| 511 { | |
| 512 if(!AdjustTokenPrivileges (hToken, 0, psToken, token_size, NULL, NULL)) | |
| 513 { | |
| 514 PRINTLASTERROR ("Failed to adjust token privileges."); | |
| 515 } | |
| 516 else | |
| 517 { | |
| 518 retval = true; | |
| 519 } | |
| 520 } | |
| 521 | |
| 522 done: | |
| 523 if (hToken != NULL) | |
| 524 { | |
| 525 CloseHandle(hToken); | |
| 526 } | |
| 527 xfree(psToken); | |
| 528 return retval; | |
| 529 } | |
| 530 | |
| 432 /**@brief Register NSS process as runOnce for other users | 531 /**@brief Register NSS process as runOnce for other users |
| 433 * | 532 * |
| 434 * Loads the registry hives of other users on the system and | 533 * Loads the registry hives of other users on the system and |
| 435 * adds a RunOnce registry key to start the NSS process to | 534 * adds a RunOnce registry key to start the NSS process to |
| 436 * install the current selection on their next login. | 535 * install the current selection on their next login. |
| 442 * privileges. | 541 * privileges. |
| 443 * | 542 * |
| 444 * @param [in] selection_file filename of the file containing | 543 * @param [in] selection_file filename of the file containing |
| 445 * the users install / remove selection. | 544 * the users install / remove selection. |
| 446 */ | 545 */ |
| 447 void | 546 static void |
| 448 register_proccesses_for_others (wchar_t *selection_file) | 547 register_proccesses_for_others (wchar_t *selection_file) |
| 449 { | 548 { |
| 450 char **hives = locate_other_hives(); | 549 char **hives = locate_other_hives(); |
| 451 int i = 0; | 550 int i = 0; |
| 452 wchar_t *run_command = NULL; | 551 wchar_t *run_command = NULL; |
| 454 if (hives == NULL) | 553 if (hives == NULL) |
| 455 { | 554 { |
| 456 DEBUGPRINTF ("No hives found."); | 555 DEBUGPRINTF ("No hives found."); |
| 457 return; | 556 return; |
| 458 } | 557 } |
| 558 | |
| 559 if (!get_backup_restore_priv()) | |
| 560 { | |
| 561 ERRORPRINTF ("Failed to obtain backup / restore privileges."); | |
| 562 return; | |
| 563 } | |
| 564 | |
| 459 run_command = get_command_line (selection_file); | 565 run_command = get_command_line (selection_file); |
| 460 for (i = 0; hives[i] != NULL; i++) | 566 for (i = 0; hives[i] != NULL; i++) |
| 461 { | 567 { |
| 462 LONG ret = 0; | 568 LONG ret = 0; |
| 463 wchar_t *hivepath = utf8_to_wchar (hives[i], strlen(hives[i])); | 569 wchar_t *hivepath = utf8_to_wchar (hives[i], strlen(hives[i])); |