Validation of write access to chrome profile.

cloud_print/service/win/cloud_print_service.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "cloud_print/service/win/cloud_print_service.h"
 
+#include <atlsecurity.h>
 #include <iomanip>
 #include <iostream>
 
 #include "base/at_exit.h"
 #include "base/command_line.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/path_service.h"
 #include "base/string_util.h"
 #include "base/win/scoped_handle.h"
 #include "cloud_print/service/win/chrome_launcher.h"
 #include "cloud_print/service/win/resource.h"
 #include "cloud_print/service/win/service_state.h"
 #include "cloud_print/service/win/service_switches.h"
 
 namespace {
 
 const wchar_t kServiceStateFileName[] = L"Service State";
 
+const wchar_t kUserToRunService[] = L"NT AUTHORITY\\LocalService";
+
 // The traits class for Windows Service.
 class ServiceHandleTraits {
  public:
   typedef SC_HANDLE Handle;
 
   // Closes the handle.
   static bool CloseHandle(Handle handle) {
     return ::CloseServiceHandle(handle) != FALSE;
   }
 
@@ skipping 81 matching lines @@
     ::SetConsoleMode(stdin_handle, saved_mode);
     std::cout << "\n";
   } else {
     std::getline(std::cin, tmp);
   }
   if (tmp.empty())
     return default;
   return tmp;
 }
 
+HRESULT WriteFileAsUser(const FilePath& path, const wchar_t* user,
+                        const char* data, int size) {
+    ATL::CAccessToken thread_token;
+    if (!thread_token.OpenThreadToken(TOKEN_DUPLICATE | TOKEN_IMPERSONATE)) {
+      LOG(ERROR) << "Failed to open thread token.";
+      return HResultFromLastError();
+    }
+
+    ATL::CSid local_service;
+    if (!local_service.LoadAccount(user)) {
+      LOG(ERROR) << "Failed create SID.";
+      return HResultFromLastError();
+    }
+
+    ATL::CAccessToken token;
+    ATL::CTokenGroups group;
+    group.Add(local_service, 0);
+
+    const ATL::CTokenGroups empty_group;
+    if (!thread_token.CreateRestrictedToken(&token, empty_group, group)) {
+      LOG(ERROR) << "Failed to create restricted token for " << user << ".";
+      return HResultFromLastError();
+    }
+
+    if (!token.Impersonate()) {
+      LOG(ERROR) << "Failed to impersonate " << user << ".";
+      return HResultFromLastError();
+    }
+
+    ATL::CAutoRevertImpersonation auto_revert(&token);
+    if (file_util::WriteFile(path, data, size) != size) {
+      LOG(ERROR) << "Failed to write file " << path.value() << ".";
+      return HResultFromLastError();
+    }
+    return S_OK;
+}
+
 }  // namespace
 
 class CloudPrintServiceModule
     : public ATL::CAtlServiceModuleT<CloudPrintServiceModule, IDS_SERVICENAME> {
  public:
   typedef ATL::CAtlServiceModuleT<CloudPrintServiceModule,
                                   IDS_SERVICENAME> Base;
 
   DECLARE_REGISTRY_APPID_RESOURCEID(IDR_CLOUDPRINTSERVICE,
                                     "{8013FB7C-2E3E-4992-B8BD-05C0C4AB0627}")
 
   HRESULT InitializeSecurity() {
     // TODO(gene): Check if we need to call CoInitializeSecurity and provide
     // the appropriate security settings for service.
     return S_OK;
   }
 
-  HRESULT InstallService(const FilePath& user_data_dir) {
+  HRESULT InstallService() {
     // TODO(vitalybuka): consider "lite" version if we don't want unregister
     // printers here.
     HRESULT hr = UninstallService();
     if (FAILED(hr))
       return hr;
 
     if (ChromeLauncher::GetChromePath(HKEY_LOCAL_MACHINE).empty()) {
       LOG(ERROR) << "Found no Chrome installed for all users.";
       return HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND);
     }
 
     hr = UpdateRegistryAppId(true);
     if (FAILED(hr))
       return hr;
 
     FilePath service_path;
     CHECK(PathService::Get(base::FILE_EXE, &service_path));
     CommandLine command_line(service_path);
     command_line.AppendSwitch(kServiceSwitch);
-    command_line.AppendSwitchPath(kUserDataDirSwitch, user_data_dir);
+    command_line.AppendSwitchPath(kUserDataDirSwitch, user_data_dir_);
 
     ServiceHandle scm;
     hr = OpenServiceManager(&scm);
     if (FAILED(hr))
       return hr;
 
     ServiceHandle service(
         ::CreateService(
             scm, m_szServiceName, m_szServiceName, SERVICE_ALL_ACCESS,
             SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL,
             command_line.GetCommandLineString().c_str(), NULL, NULL, NULL,
-            L"NT AUTHORITY\\LocalService", NULL));
+            kUserToRunService, NULL));
 
     if (!service.IsValid())
       return HResultFromLastError();
 
     return S_OK;
   }
 
   HRESULT UninstallService() {
     if (!Uninstall())
       return E_FAIL;
@@ skipping 45 matching lines @@
 
     if (command_line.HasSwitch(kUninstallSwitch))
       return UninstallService();
 
     if (command_line.HasSwitch(kInstallSwitch)) {
       if (!command_line.HasSwitch(kUserDataDirSwitch)) {
         InvalidUsage();
         return S_FALSE;
       }
 
-      HRESULT hr = ProcessServiceState(user_data_dir_,
-                                       command_line.HasSwitch(kQuietSwitch));
+      HRESULT hr = ValidateUserDataDir();
       if (FAILED(hr))
         return hr;
 
-      hr = InstallService(user_data_dir_);
+      hr = ProcessServiceState(command_line.HasSwitch(kQuietSwitch));
+      if (FAILED(hr))
+        return hr;
+
+      hr = InstallService();
       if (SUCCEEDED(hr) && command_line.HasSwitch(kStartSwitch))
         return StartService();
 
       return hr;
     }
 
     if (command_line.HasSwitch(kStartSwitch))
       return StartService();
 
     if (command_line.HasSwitch(kServiceSwitch)) {
       *is_service = true;
       return S_OK;
     }
 
     if (command_line.HasSwitch(kConsoleSwitch)) {
       ::SetConsoleCtrlHandler(&ConsoleCtrlHandler, TRUE);
       HRESULT hr = Run();
       ::SetConsoleCtrlHandler(NULL, FALSE);
       return hr;
     }
 
     InvalidUsage();
     return S_FALSE;
   }
 
-  HRESULT ProcessServiceState(const FilePath& user_data_dir, bool quiet) {
-    FilePath file = user_data_dir.Append(kServiceStateFileName);
+  HRESULT ValidateUserDataDir() {
+    FilePath temp_file;
+    const char some_data[] = "1234";
+    if (!file_util::CreateTemporaryFileInDir(user_data_dir_, &temp_file))
+      return E_FAIL;
+    HRESULT hr = WriteFileAsUser(temp_file, kUserToRunService, some_data,
+                                 sizeof(some_data));
+    if (FAILED(hr)) {
+      LOG(ERROR) << "Failed to write user data. Make sure that account \'" <<
+          kUserToRunService << "\'has full access to \'" <<
+          user_data_dir_.value() << "\'.";
+    }
+    file_util::Delete(temp_file, false);
+    return hr;
+  }
+
+  HRESULT ProcessServiceState(bool quiet) {
+    FilePath file = user_data_dir_.Append(kServiceStateFileName);
 
     for (;;) {
       std::string contents;
       ServiceState service_state;
 
       bool is_valid = file_util::ReadFileToString(file, &contents) &&
                       service_state.FromString(contents);
 
       if (!quiet) {
         std::cout << file.value() << ":\n";
@@ skipping 23 matching lines @@
 
       while (!is_valid) {
         std::string email = GetOption("email", service_state.email(), false);
         std::string password = GetOption("password", "", true);
         std::string proxy_id = GetOption("connector_id",
                                          service_state.proxy_id(), false);
         is_valid = service_state.Configure(email, password, proxy_id);
         if (is_valid) {
           std::string new_contents = service_state.ToString();
           if (new_contents != contents) {
-            if (file_util::WriteFile(file, new_contents.c_str(),
-                                     new_contents.size()) <= 0) {
-              return HResultFromLastError();
-            }
+            HRESULT hr = WriteFileAsUser(file, kUserToRunService,
+                                         new_contents.c_str(),
+                                         new_contents.size());
+            if (FAILED(hr))
+              return hr;
           }
         }
       }
     }
 
     return S_OK;
   }
 
   HRESULT OpenServiceManager(ServiceHandle* service_manager) {
     if (!service_manager)
@@ skipping 64 matching lines @@
 
 BOOL CloudPrintServiceModule::ConsoleCtrlHandler(DWORD type) {
   PostThreadMessage(_AtlModule.m_dwThreadID, WM_QUIT, 0, 0);
   return TRUE;
 }
 
 int main() {
   base::AtExitManager at_exit;
   return _AtlModule.WinMain(0);
 }