| Index: rlz/win/lib/rlz_lib_win.cc
|
| ===================================================================
|
| --- rlz/win/lib/rlz_lib_win.cc (revision 0)
|
| +++ rlz/win/lib/rlz_lib_win.cc (revision 0)
|
| @@ -0,0 +1,260 @@
|
| +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +//
|
| +// A library to manage RLZ information for access-points shared
|
| +// across different client applications.
|
| +
|
| +#include "rlz/win/lib/rlz_lib.h"
|
| +
|
| +#include <windows.h>
|
| +#include <aclapi.h>
|
| +#include <winerror.h>
|
| +
|
| +#include "base/basictypes.h"
|
| +#include "base/win/registry.h"
|
| +#include "base/win/windows_version.h"
|
| +#include "rlz/lib/assert.h"
|
| +#include "rlz/lib/rlz_value_store.h"
|
| +#include "rlz/win/lib/machine_deal.h"
|
| +#include "rlz/win/lib/rlz_value_store_registry.h"
|
| +
|
| +namespace {
|
| +
|
| +// Path to recursively copy into the replacemment hives. These are needed
|
| +// to make sure certain win32 APIs continue to run correctly once the real
|
| +// hives are replaced.
|
| +const wchar_t* kHKLMAccessProviders =
|
| + L"System\\CurrentControlSet\\Control\\Lsa\\AccessProviders";
|
| +
|
| +// Helper functions
|
| +
|
| +void CopyRegistryTree(const base::win::RegKey& src, base::win::RegKey* dest) {
|
| + // First copy values.
|
| + for (base::win::RegistryValueIterator i(src.Handle(), L"");
|
| + i.Valid(); ++i) {
|
| + dest->WriteValue(i.Name(), reinterpret_cast<const void*>(i.Value()),
|
| + i.ValueSize(), i.Type());
|
| + }
|
| +
|
| + // Next copy subkeys recursively.
|
| + for (base::win::RegistryKeyIterator i(src.Handle(), L"");
|
| + i.Valid(); ++i) {
|
| + base::win::RegKey subkey(dest->Handle(), i.Name(), KEY_ALL_ACCESS);
|
| + CopyRegistryTree(base::win::RegKey(src.Handle(), i.Name(), KEY_READ),
|
| + &subkey);
|
| + }
|
| +}
|
| +
|
| +} // namespace anonymous
|
| +
|
| +
|
| +namespace rlz_lib {
|
| +
|
| +// OEM Deal confirmation storage functions.
|
| +
|
| +template<class T>
|
| +class typed_buffer_ptr {
|
| + scoped_array<char> buffer_;
|
| +
|
| + public:
|
| + typed_buffer_ptr() {
|
| + }
|
| +
|
| + explicit typed_buffer_ptr(size_t size) : buffer_(new char[size]) {
|
| + }
|
| +
|
| + void reset(size_t size) {
|
| + buffer_.reset(new char[size]);
|
| + }
|
| +
|
| + operator T*() {
|
| + return reinterpret_cast<T*>(buffer_.get());
|
| + }
|
| +};
|
| +
|
| +// Check if this SID has the desired access by scanning the ACEs in the DACL.
|
| +// This function is part of the rlz_lib namespace so that it can be called from
|
| +// unit tests. Non-unit test code should not call this function.
|
| +bool HasAccess(PSID sid, ACCESS_MASK access_mask, ACL* dacl) {
|
| + if (dacl == NULL)
|
| + return false;
|
| +
|
| + ACL_SIZE_INFORMATION info;
|
| + if (!GetAclInformation(dacl, &info, sizeof(info), AclSizeInformation))
|
| + return false;
|
| +
|
| + GENERIC_MAPPING generic_mapping = {KEY_READ, KEY_WRITE, KEY_EXECUTE,
|
| + KEY_ALL_ACCESS};
|
| + MapGenericMask(&access_mask, &generic_mapping);
|
| +
|
| + for (DWORD i = 0; i < info.AceCount; ++i) {
|
| + ACCESS_ALLOWED_ACE* ace;
|
| + if (GetAce(dacl, i, reinterpret_cast<void**>(&ace))) {
|
| + if ((ace->Header.AceFlags & INHERIT_ONLY_ACE) == INHERIT_ONLY_ACE)
|
| + continue;
|
| +
|
| + PSID existing_sid = reinterpret_cast<PSID>(&ace->SidStart);
|
| + DWORD mask = ace->Mask;
|
| + MapGenericMask(&mask, &generic_mapping);
|
| +
|
| + if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE &&
|
| + (mask & access_mask) == access_mask && EqualSid(existing_sid, sid))
|
| + return true;
|
| +
|
| + if (ace->Header.AceType == ACCESS_DENIED_ACE_TYPE &&
|
| + (mask & access_mask) != 0 && EqualSid(existing_sid, sid))
|
| + return false;
|
| + }
|
| + }
|
| +
|
| + return false;
|
| +}
|
| +
|
| +bool CreateMachineState() {
|
| + LibMutex lock;
|
| + if (lock.failed())
|
| + return false;
|
| +
|
| + base::win::RegKey hklm_key;
|
| + if (hklm_key.Create(HKEY_LOCAL_MACHINE,
|
| + RlzValueStoreRegistry::GetWideLibKeyName().c_str(),
|
| + KEY_ALL_ACCESS | KEY_WOW64_32KEY) != ERROR_SUCCESS) {
|
| + ASSERT_STRING("rlz_lib::CreateMachineState: "
|
| + "Unable to create / open machine key.");
|
| + return false;
|
| + }
|
| +
|
| + // Create a SID that represents ALL USERS.
|
| + DWORD users_sid_size = SECURITY_MAX_SID_SIZE;
|
| + typed_buffer_ptr<SID> users_sid(users_sid_size);
|
| + CreateWellKnownSid(WinBuiltinUsersSid, NULL, users_sid, &users_sid_size);
|
| +
|
| + // Get the security descriptor for the registry key.
|
| + DWORD original_sd_size = 0;
|
| + ::RegGetKeySecurity(hklm_key.Handle(), DACL_SECURITY_INFORMATION, NULL,
|
| + &original_sd_size);
|
| + typed_buffer_ptr<SECURITY_DESCRIPTOR> original_sd(original_sd_size);
|
| +
|
| + LONG result = ::RegGetKeySecurity(hklm_key.Handle(),
|
| + DACL_SECURITY_INFORMATION, original_sd, &original_sd_size);
|
| + if (result != ERROR_SUCCESS) {
|
| + ASSERT_STRING("rlz_lib::CreateMachineState: "
|
| + "Unable to create / open machine key.");
|
| + return false;
|
| + }
|
| +
|
| + // Make a copy of the security descriptor so we can modify it. The one
|
| + // returned by RegGetKeySecurity() is self-relative, so we need to make it
|
| + // absolute.
|
| + DWORD new_sd_size = 0;
|
| + DWORD dacl_size = 0;
|
| + DWORD sacl_size = 0;
|
| + DWORD owner_size = 0;
|
| + DWORD group_size = 0;
|
| + ::MakeAbsoluteSD(original_sd, NULL, &new_sd_size, NULL, &dacl_size,
|
| + NULL, &sacl_size, NULL, &owner_size,
|
| + NULL, &group_size);
|
| +
|
| + typed_buffer_ptr<SECURITY_DESCRIPTOR> new_sd(new_sd_size);
|
| + // Make sure the DACL is big enough to add one more ACE.
|
| + typed_buffer_ptr<ACL> dacl(dacl_size + SECURITY_MAX_SID_SIZE);
|
| + typed_buffer_ptr<ACL> sacl(sacl_size);
|
| + typed_buffer_ptr<SID> owner(owner_size);
|
| + typed_buffer_ptr<SID> group(group_size);
|
| +
|
| + if (!::MakeAbsoluteSD(original_sd, new_sd, &new_sd_size, dacl, &dacl_size,
|
| + sacl, &sacl_size, owner, &owner_size,
|
| + group, &group_size)) {
|
| + ASSERT_STRING("rlz_lib::CreateMachineState: MakeAbsoluteSD failed");
|
| + return false;
|
| + }
|
| +
|
| + // If all users already have read/write access to the registry key, then
|
| + // nothing to do. Otherwise change the security descriptor of the key to
|
| + // give everyone access.
|
| + if (HasAccess(users_sid, KEY_ALL_ACCESS, dacl)) {
|
| + return false;
|
| + }
|
| +
|
| + // Add ALL-USERS ALL-ACCESS ACL.
|
| + EXPLICIT_ACCESS ea;
|
| + ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
|
| + ea.grfAccessPermissions = GENERIC_ALL | KEY_ALL_ACCESS;
|
| + ea.grfAccessMode = GRANT_ACCESS;
|
| + ea.grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
|
| + ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
|
| + ea.Trustee.ptstrName = L"Everyone";
|
| +
|
| + ACL* new_dacl = NULL;
|
| + result = SetEntriesInAcl(1, &ea, dacl, &new_dacl);
|
| + if (result != ERROR_SUCCESS) {
|
| + ASSERT_STRING("rlz_lib::CreateMachineState: SetEntriesInAcl failed");
|
| + return false;
|
| + }
|
| +
|
| + BOOL ok = SetSecurityDescriptorDacl(new_sd, TRUE, new_dacl, FALSE);
|
| + if (!ok) {
|
| + ASSERT_STRING("rlz_lib::CreateMachineState: "
|
| + "SetSecurityDescriptorOwner failed");
|
| + LocalFree(new_dacl);
|
| + return false;
|
| + }
|
| +
|
| + result = ::RegSetKeySecurity(hklm_key.Handle(),
|
| + DACL_SECURITY_INFORMATION,
|
| + new_sd);
|
| + // Note that the new DACL cannot be freed until after the call to
|
| + // RegSetKeySecurity().
|
| + LocalFree(new_dacl);
|
| +
|
| + bool success = true;
|
| + if (result != ERROR_SUCCESS) {
|
| + ASSERT_STRING("rlz_lib::CreateMachineState: "
|
| + "Unable to create / open machine key.");
|
| + success = false;
|
| + }
|
| +
|
| +
|
| + return success;
|
| +}
|
| +
|
| +bool SetMachineDealCode(const char* dcc) {
|
| + return MachineDealCode::Set(dcc);
|
| +}
|
| +
|
| +bool GetMachineDealCodeAsCgi(char* cgi, size_t cgi_size) {
|
| + return MachineDealCode::GetAsCgi(cgi, cgi_size);
|
| +}
|
| +
|
| +bool GetMachineDealCode(char* dcc, size_t dcc_size) {
|
| + return MachineDealCode::Get(dcc, dcc_size);
|
| +}
|
| +
|
| +// Combined functions.
|
| +
|
| +bool SetMachineDealCodeFromPingResponse(const char* response) {
|
| + return MachineDealCode::SetFromPingResponse(response);
|
| +}
|
| +
|
| +void InitializeTempHivesForTesting(const base::win::RegKey& temp_hklm_key,
|
| + const base::win::RegKey& temp_hkcu_key) {
|
| + // For the moment, the HKCU hive requires no initialization.
|
| +
|
| + if (base::win::GetVersion() >= base::win::VERSION_WIN7) {
|
| + // Copy the following HKLM subtrees to the temporary location so that the
|
| + // win32 APIs used by the tests continue to work:
|
| + //
|
| + // HKLM\System\CurrentControlSet\Control\Lsa\AccessProviders
|
| + //
|
| + // This seems to be required since Win7.
|
| + base::win::RegKey dest(temp_hklm_key.Handle(), kHKLMAccessProviders,
|
| + KEY_ALL_ACCESS);
|
| + CopyRegistryTree(base::win::RegKey(HKEY_LOCAL_MACHINE,
|
| + kHKLMAccessProviders,
|
| + KEY_READ),
|
| + &dest);
|
| + }
|
| +}
|
| +
|
| +} // namespace rlz_lib
|
|
|
Chromium Code Reviews
Issue 10597002:
Check-in rlz code to src\rlz from http://code.google.com/p/rlz/. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/