changeset 247:4de97f74d038

Check for process elevation and write into system store accordingly
author Andre Heinecke <aheinecke@intevation.de>
date Mon, 31 Mar 2014 08:02:46 +0000
parents 1efe494c3d2b
children 9f0865dc8b14
files cinst/main.c cinst/windowsstore.c cinst/windowsstore.h
diffstat 3 files changed, 26 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/cinst/main.c	Sat Mar 29 15:19:45 2014 +0100
+++ b/cinst/main.c	Mon Mar 31 08:02:46 2014 +0000
@@ -268,7 +268,7 @@
     }
 
 #ifdef WIN32
-  return write_stores_win (to_install, to_remove, true);
+  return write_stores_win (to_install, to_remove);
 #endif
 
   /* Make valgrind happy */
--- a/cinst/windowsstore.c	Sat Mar 29 15:19:45 2014 +0100
+++ b/cinst/windowsstore.c	Mon Mar 31 08:02:46 2014 +0000
@@ -185,8 +185,27 @@
   return;
 }
 
+static bool is_elevated() {
+    HANDLE hToken = NULL;
+    bool ret = false;
+    if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken))
+      {
+        TOKEN_ELEVATION elevation;
+        DWORD cbSize = sizeof (TOKEN_ELEVATION);
+        if (GetTokenInformation (hToken, TokenElevation, &elevation,
+                                 sizeof (TokenElevation), &cbSize))
+          {
+            ret = elevation.TokenIsElevated;
+          }
+      }
+    if (hToken)
+      CloseHandle (hToken);
+
+    return ret;
+}
+
 int
-write_stores_win (char **to_install, char **to_remove, bool user_store)
+write_stores_win (char **to_install, char **to_remove)
 {
   HCERTSTORE hStore = NULL;
 
@@ -196,7 +215,7 @@
       return 0;
     }
 
-  if (user_store)
+  if (!is_elevated())
     {
       hStore = CertOpenStore (CERT_STORE_PROV_SYSTEM, 0,
                               0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
--- a/cinst/windowsstore.h	Sat Mar 29 15:19:45 2014 +0100
+++ b/cinst/windowsstore.h	Mon Mar 31 08:02:46 2014 +0000
@@ -13,14 +13,14 @@
 
 /** @brief Access the Windows certificate store
  *
+ * If the process is running with elevated rights this function
+ * will write into the system store. User store is written otherwise.
+ *
  * @param [in] to_install strv of DER encoded certificates to be added.
  * @param [in] to_remove strv of DER encoded certificates to be remvoed.
- * @param [in] user_store set to True if the certificates should be installed
- *             only for the current user. O for system wide installation.
  * @returns 0 on success an errorcode otherwise.
  */
-int write_stores_win (char **to_install, char **to_remove,
-                      bool user_store);
+int write_stores_win (char **to_install, char **to_remove);
 
 /* The do_ functions are private helper functions and should not be used
  * from other code. They are not static to allow it to use them directly

http://wald.intevation.org/projects/trustbridge/