# HG changeset patch # User Andre Heinecke # Date 1396252966 0 # Node ID 4de97f74d038b9b7312c9a5f71ed08cc1f84dcf5 # Parent 1efe494c3d2b00b9130ea2f32f0195406dc285da Check for process elevation and write into system store accordingly diff -r 1efe494c3d2b -r 4de97f74d038 cinst/main.c --- a/cinst/main.c Sat Mar 29 15:19:45 2014 +0100 +++ b/cinst/main.c Mon Mar 31 08:02:46 2014 +0000 @@ -268,7 +268,7 @@ } #ifdef WIN32 - return write_stores_win (to_install, to_remove, true); + return write_stores_win (to_install, to_remove); #endif /* Make valgrind happy */ diff -r 1efe494c3d2b -r 4de97f74d038 cinst/windowsstore.c --- a/cinst/windowsstore.c Sat Mar 29 15:19:45 2014 +0100 +++ b/cinst/windowsstore.c Mon Mar 31 08:02:46 2014 +0000 @@ -185,8 +185,27 @@ return; } +static bool is_elevated() { + HANDLE hToken = NULL; + bool ret = false; + if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken)) + { + TOKEN_ELEVATION elevation; + DWORD cbSize = sizeof (TOKEN_ELEVATION); + if (GetTokenInformation (hToken, TokenElevation, &elevation, + sizeof (TokenElevation), &cbSize)) + { + ret = elevation.TokenIsElevated; + } + } + if (hToken) + CloseHandle (hToken); + + return ret; +} + int -write_stores_win (char **to_install, char **to_remove, bool user_store) +write_stores_win (char **to_install, char **to_remove) { HCERTSTORE hStore = NULL; @@ -196,7 +215,7 @@ return 0; } - if (user_store) + if (!is_elevated()) { hStore = CertOpenStore (CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root"); diff -r 1efe494c3d2b -r 4de97f74d038 cinst/windowsstore.h --- a/cinst/windowsstore.h Sat Mar 29 15:19:45 2014 +0100 +++ b/cinst/windowsstore.h Mon Mar 31 08:02:46 2014 +0000 @@ -13,14 +13,14 @@ /** @brief Access the Windows certificate store * + * If the process is running with elevated rights this function + * will write into the system store. User store is written otherwise. + * * @param [in] to_install strv of DER encoded certificates to be added. * @param [in] to_remove strv of DER encoded certificates to be remvoed. - * @param [in] user_store set to True if the certificates should be installed - * only for the current user. O for system wide installation. * @returns 0 on success an errorcode otherwise. */ -int write_stores_win (char **to_install, char **to_remove, - bool user_store); +int write_stores_win (char **to_install, char **to_remove); /* The do_ functions are private helper functions and should not be used * from other code. They are not static to allow it to use them directly