Mercurial > trustbridge > trustbridge
changeset 247:4de97f74d038
Check for process elevation and write into system store accordingly
| author | Andre Heinecke <aheinecke@intevation.de> |
|---|---|
| date | Mon, 31 Mar 2014 08:02:46 +0000 |
| parents | 1efe494c3d2b |
| children | 9f0865dc8b14 |
| files | cinst/main.c cinst/windowsstore.c cinst/windowsstore.h |
| diffstat | 3 files changed, 26 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/cinst/main.c Sat Mar 29 15:19:45 2014 +0100 +++ b/cinst/main.c Mon Mar 31 08:02:46 2014 +0000 @@ -268,7 +268,7 @@ } #ifdef WIN32 - return write_stores_win (to_install, to_remove, true); + return write_stores_win (to_install, to_remove); #endif /* Make valgrind happy */
--- a/cinst/windowsstore.c Sat Mar 29 15:19:45 2014 +0100 +++ b/cinst/windowsstore.c Mon Mar 31 08:02:46 2014 +0000 @@ -185,8 +185,27 @@ return; } +static bool is_elevated() { + HANDLE hToken = NULL; + bool ret = false; + if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken)) + { + TOKEN_ELEVATION elevation; + DWORD cbSize = sizeof (TOKEN_ELEVATION); + if (GetTokenInformation (hToken, TokenElevation, &elevation, + sizeof (TokenElevation), &cbSize)) + { + ret = elevation.TokenIsElevated; + } + } + if (hToken) + CloseHandle (hToken); + + return ret; +} + int -write_stores_win (char **to_install, char **to_remove, bool user_store) +write_stores_win (char **to_install, char **to_remove) { HCERTSTORE hStore = NULL; @@ -196,7 +215,7 @@ return 0; } - if (user_store) + if (!is_elevated()) { hStore = CertOpenStore (CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
--- a/cinst/windowsstore.h Sat Mar 29 15:19:45 2014 +0100 +++ b/cinst/windowsstore.h Mon Mar 31 08:02:46 2014 +0000 @@ -13,14 +13,14 @@ /** @brief Access the Windows certificate store * + * If the process is running with elevated rights this function + * will write into the system store. User store is written otherwise. + * * @param [in] to_install strv of DER encoded certificates to be added. * @param [in] to_remove strv of DER encoded certificates to be remvoed. - * @param [in] user_store set to True if the certificates should be installed - * only for the current user. O for system wide installation. * @returns 0 on success an errorcode otherwise. */ -int write_stores_win (char **to_install, char **to_remove, - bool user_store); +int write_stores_win (char **to_install, char **to_remove); /* The do_ functions are private helper functions and should not be used * from other code. They are not static to allow it to use them directly