Mercurial > trustbridge
comparison cinst/nssstore_win.c @ 1118:fd85a02d771d
(issue54) Implement a privilege drop to execute the program after installation.
This commit is extremly ugly as I accidentally worked in a
working tree that was partially merged with default.
To review the real change please check the commit that will
merge this branch into default.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 16 Sep 2014 19:45:19 +0200 |
| parents | 1c1964c27b39 b8fb6bf7f980 |
| children | e210ecc32d69 |
comparison
equal
deleted
inserted
replaced
| 1117:5b6203f78b4e | 1118:fd85a02d771d |
|---|---|
| 37 process on login to make sure it is launched once in the | 37 process on login to make sure it is launched once in the |
| 38 security context of that user. | 38 security context of that user. |
| 39 */ | 39 */ |
| 40 | 40 |
| 41 #include <windows.h> | 41 #include <windows.h> |
| 42 #include <winsafer.h> | |
| 43 #include <sddl.h> | 42 #include <sddl.h> |
| 44 #include <stdio.h> | 43 #include <stdio.h> |
| 45 #include <stdbool.h> | 44 #include <stdbool.h> |
| 46 #include <userenv.h> | 45 #include <userenv.h> |
| 47 #include <io.h> | 46 #include <io.h> |
| 95 if (item->next) | 94 if (item->next) |
| 96 { | 95 { |
| 97 pkp_t_free (item->next); | 96 pkp_t_free (item->next); |
| 98 } | 97 } |
| 99 xfree (item); | 98 xfree (item); |
| 100 } | |
| 101 | |
| 102 /** @brief get a restricted access token to execute nss process | |
| 103 * | |
| 104 * This function uses the Software Restriction API to obtain the | |
| 105 * access token for a process run als normal user. | |
| 106 * | |
| 107 * @returns A restricted handle or NULL on error. | |
| 108 */ | |
| 109 static HANDLE | |
| 110 get_restricted_token() | |
| 111 { | |
| 112 SAFER_LEVEL_HANDLE user_level = NULL; | |
| 113 HANDLE retval = NULL; | |
| 114 SID_IDENTIFIER_AUTHORITY medium_identifier = {SECURITY_MANDATORY_LABEL_AUTHORITY}; | |
| 115 PSID medium_sid = NULL; | |
| 116 TOKEN_MANDATORY_LABEL integrity_label; | |
| 117 | |
| 118 memset (&integrity_label, 0, sizeof (integrity_label)); | |
| 119 | |
| 120 if (!SaferCreateLevel(SAFER_SCOPEID_USER, | |
| 121 SAFER_LEVELID_NORMALUSER, | |
| 122 SAFER_LEVEL_OPEN, &user_level, NULL)) | |
| 123 { | |
| 124 PRINTLASTERROR ("Failed to create user level.\n"); | |
| 125 return NULL; | |
| 126 } | |
| 127 | |
| 128 if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL)) | |
| 129 { | |
| 130 SaferCloseLevel(user_level); | |
| 131 return NULL; | |
| 132 } | |
| 133 | |
| 134 SaferCloseLevel(user_level); | |
| 135 | |
| 136 /* Set the SID to medium it will still be high otherwise. Even if | |
| 137 there is no high access allowed. */ | |
| 138 if (!AllocateAndInitializeSid(&medium_identifier, | |
| 139 1, | |
| 140 SECURITY_MANDATORY_MEDIUM_RID, | |
| 141 0, | |
| 142 0, | |
| 143 0, | |
| 144 0, | |
| 145 0, | |
| 146 0, | |
| 147 0, | |
| 148 &medium_sid)) | |
| 149 { | |
| 150 PRINTLASTERROR ("Failed to initialize sid.\n"); | |
| 151 return NULL; | |
| 152 } | |
| 153 | |
| 154 integrity_label.Label.Attributes = SE_GROUP_INTEGRITY; | |
| 155 integrity_label.Label.Sid = medium_sid; | |
| 156 | |
| 157 if (!SetTokenInformation(retval, | |
| 158 TokenIntegrityLevel, | |
| 159 &integrity_label, | |
| 160 sizeof(TOKEN_MANDATORY_LABEL))) | |
| 161 { | |
| 162 PRINTLASTERROR ("Failed to set token integrity.\n"); | |
| 163 return NULL; | |
| 164 } | |
| 165 | |
| 166 return retval; | |
| 167 } | 99 } |
| 168 | 100 |
| 169 /**@brief Write strv of instructions to a handle | 101 /**@brief Write strv of instructions to a handle |
| 170 * | 102 * |
| 171 * Writes the null terminated list of instructions to | 103 * Writes the null terminated list of instructions to |