Mercurial > trustbridge
comparison cinst/main.c @ 144:dc9970d7b9bf
Merged
| author | Sascha Wilde <wilde@intevation.de> |
|---|---|
| date | Mon, 24 Mar 2014 16:10:26 +0100 |
| parents | 4904fe01055d |
| children | 095d0e7f8ed4 |
comparison
equal
deleted
inserted
replaced
| 143:b026e6d2a161 | 144:dc9970d7b9bf |
|---|---|
| 1 /** @brief Main entry point for the cinst process. | 1 /** |
| 2 * @file main.c | |
| 3 * @brief Main entry point for the cinst process. | |
| 2 * | 4 * |
| 3 * The cinst process may or may not be run with elevated | 5 * The cinst process may or may not be run with elevated |
| 4 * privileges. When run with elevated privileges this | 6 * privileges. When run with elevated privileges this |
| 5 * process will modify system wide certificate stores. | 7 * process will modify system wide certificate stores. |
| 6 * Otherwise only the users certificate stores are modified. | 8 * Otherwise only the users certificate stores are modified. |
| 27 #include <stdio.h> | 29 #include <stdio.h> |
| 28 #include <stdlib.h> | 30 #include <stdlib.h> |
| 29 #include <string.h> | 31 #include <string.h> |
| 30 #include <assert.h> | 32 #include <assert.h> |
| 31 | 33 |
| 32 #include <polarssl/base64.h> | |
| 33 | |
| 34 #include "strhelp.h" | 34 #include "strhelp.h" |
| 35 #include "listutil.h" | 35 #include "listutil.h" |
| 36 #include "errorcodes.h" | 36 #include "errorcodes.h" |
| 37 | 37 #include "windowsstore.h" |
| 38 #ifdef WIN32 | |
| 39 #include <windows.h> | |
| 40 #include <wincrypt.h> | |
| 41 #endif | |
| 42 | |
| 43 #ifdef WIN32 | |
| 44 LPWSTR getLastErrorMsg() { | |
| 45 LPWSTR bufPtr = NULL; | |
| 46 DWORD err = GetLastError(); | |
| 47 FormatMessageW(FORMAT_MESSAGE_ALLOCATE_BUFFER | | |
| 48 FORMAT_MESSAGE_FROM_SYSTEM | | |
| 49 FORMAT_MESSAGE_IGNORE_INSERTS, | |
| 50 NULL, err, 0, (LPWSTR)&bufPtr, 0, NULL); | |
| 51 if (!bufPtr) { | |
| 52 HMODULE hWinhttp = GetModuleHandleW(L"winhttp"); | |
| 53 if (hWinhttp) { | |
| 54 FormatMessageW(FORMAT_MESSAGE_ALLOCATE_BUFFER | | |
| 55 FORMAT_MESSAGE_FROM_HMODULE | | |
| 56 FORMAT_MESSAGE_IGNORE_INSERTS, | |
| 57 hWinhttp, HRESULT_CODE(err), 0, | |
| 58 (LPWSTR)&bufPtr, 0, NULL); | |
| 59 } | |
| 60 } | |
| 61 if (!bufPtr) | |
| 62 printf("Error getting last error\n"); | |
| 63 return bufPtr; | |
| 64 } | |
| 65 #endif | |
| 66 | 38 |
| 67 /* The certificate list + instructions may only be so long as | 39 /* The certificate list + instructions may only be so long as |
| 68 * twice the accepted certificatelist size */ | 40 * twice the accepted certificatelist size */ |
| 69 #define MAX_INPUT_SIZE MAX_LINE_LENGTH * MAX_LINES * 2 | 41 #define MAX_INPUT_SIZE MAX_LINE_LENGTH * MAX_LINES * 2 |
| 70 | 42 |
| 158 | 130 |
| 159 return 0; | 131 return 0; |
| 160 } | 132 } |
| 161 */ | 133 */ |
| 162 | 134 |
| 163 #ifdef WIN32 | |
| 164 /** @brief Install certificates into Windows store | |
| 165 * | |
| 166 * @param [in] to_install NULL terminated array of base64 encoded certificates. | |
| 167 * @param [in] user_store set to True if the certificates should be installed | |
| 168 * only for the current user. O for system wide installation. | |
| 169 * @returns 0 on success an errorcode otherwise. | |
| 170 */ | |
| 171 int install_certificates_win(const char **to_install, int user_store) | |
| 172 { | |
| 173 int i = 0; | |
| 174 HCERTSTORE hStore = NULL; | |
| 175 | |
| 176 if (user_store) { | |
| 177 // Access user store | |
| 178 hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, | |
| 179 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root"); | |
| 180 } else { | |
| 181 // Access machine store | |
| 182 hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, | |
| 183 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"Root"); | |
| 184 } | |
| 185 | |
| 186 if (!hStore) { | |
| 187 return ERR_STORE_ACCESS_DENIED; | |
| 188 } | |
| 189 | |
| 190 while (to_install[i]) { | |
| 191 size_t needed_len = 0; | |
| 192 size_t cert_len = strnlen(to_install[i], MAX_LINE_LENGTH); | |
| 193 int ret = -1; | |
| 194 unsigned char *buf; | |
| 195 | |
| 196 /* Check the needed size for the buffer */ | |
| 197 ret = base64_decode(NULL, &needed_len, | |
| 198 (unsigned char *)to_install[i], cert_len); | |
| 199 | |
| 200 if (ret != 0 && ret != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL) { | |
| 201 return ERR_INVALID_INSTRUCTIONS; | |
| 202 } | |
| 203 | |
| 204 buf = xmalloc(needed_len); | |
| 205 memset (buf, 0, needed_len); | |
| 206 | |
| 207 ret = base64_decode(buf, &needed_len, | |
| 208 (unsigned char *)to_install[i], cert_len); | |
| 209 | |
| 210 if (ret != 0) { | |
| 211 return ERR_INVALID_INSTRUCTIONS; | |
| 212 } | |
| 213 | |
| 214 ret = CertAddEncodedCertificateToStore (hStore, | |
| 215 X509_ASN_ENCODING, | |
| 216 (PBYTE)buf, | |
| 217 needed_len, | |
| 218 CERT_STORE_ADD_ALWAYS, | |
| 219 NULL); | |
| 220 | |
| 221 if (ret == 0) { | |
| 222 LPWSTR error = getLastErrorMsg(); | |
| 223 if (error) { | |
| 224 printf("Failed to add certificate: %S \n", error); | |
| 225 LocalFree(error); | |
| 226 } | |
| 227 } | |
| 228 i++; | |
| 229 free(buf); | |
| 230 } | |
| 231 if(hStore) { | |
| 232 CertCloseStore(hStore, 0); | |
| 233 } | |
| 234 return 0; | |
| 235 } | |
| 236 #endif | |
| 237 | |
| 238 int main() { | 135 int main() { |
| 239 char **to_install = NULL; | 136 char **to_install = NULL; |
| 240 char **to_remove = NULL; | 137 char **to_remove = NULL; |
| 241 char *certificate_list = NULL; | 138 char *certificate_list = NULL; |
| 242 size_t list_len = 0; | 139 size_t list_len = 0; |