diff options
Diffstat (limited to 'rlz/win/lib/rlz_lib_win.cc')
| -rw-r--r-- | rlz/win/lib/rlz_lib_win.cc | 260 |
1 files changed, 0 insertions, 260 deletions
diff --git a/rlz/win/lib/rlz_lib_win.cc b/rlz/win/lib/rlz_lib_win.cc deleted file mode 100644 index e7b145e..0000000 --- a/rlz/win/lib/rlz_lib_win.cc +++ /dev/null @@ -1,260 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// A library to manage RLZ information for access-points shared -// across different client applications. - -#include "rlz/win/lib/rlz_lib.h" - -#include <windows.h> -#include <aclapi.h> -#include <winerror.h> - -#include "base/basictypes.h" -#include "base/win/registry.h" -#include "base/win/windows_version.h" -#include "rlz/lib/assert.h" -#include "rlz/lib/rlz_value_store.h" -#include "rlz/win/lib/machine_deal.h" -#include "rlz/win/lib/rlz_value_store_registry.h" - -namespace { - -// Path to recursively copy into the replacemment hives. These are needed -// to make sure certain win32 APIs continue to run correctly once the real -// hives are replaced. -const wchar_t* kHKLMAccessProviders = - L"System\\CurrentControlSet\\Control\\Lsa\\AccessProviders"; - -// Helper functions - -void CopyRegistryTree(const base::win::RegKey& src, base::win::RegKey* dest) { - // First copy values. - for (base::win::RegistryValueIterator i(src.Handle(), L""); - i.Valid(); ++i) { - dest->WriteValue(i.Name(), reinterpret_cast<const void*>(i.Value()), - i.ValueSize(), i.Type()); - } - - // Next copy subkeys recursively. - for (base::win::RegistryKeyIterator i(src.Handle(), L""); - i.Valid(); ++i) { - base::win::RegKey subkey(dest->Handle(), i.Name(), KEY_ALL_ACCESS); - CopyRegistryTree(base::win::RegKey(src.Handle(), i.Name(), KEY_READ), - &subkey); - } -} - -} // namespace anonymous - - -namespace rlz_lib { - -// OEM Deal confirmation storage functions. - -template<class T> -class typed_buffer_ptr { - scoped_array<char> buffer_; - - public: - typed_buffer_ptr() { - } - - explicit typed_buffer_ptr(size_t size) : buffer_(new char[size]) { - } - - void reset(size_t size) { - buffer_.reset(new char[size]); - } - - operator T*() { - return reinterpret_cast<T*>(buffer_.get()); - } -}; - -// Check if this SID has the desired access by scanning the ACEs in the DACL. -// This function is part of the rlz_lib namespace so that it can be called from -// unit tests. Non-unit test code should not call this function. -bool HasAccess(PSID sid, ACCESS_MASK access_mask, ACL* dacl) { - if (dacl == NULL) - return false; - - ACL_SIZE_INFORMATION info; - if (!GetAclInformation(dacl, &info, sizeof(info), AclSizeInformation)) - return false; - - GENERIC_MAPPING generic_mapping = {KEY_READ, KEY_WRITE, KEY_EXECUTE, - KEY_ALL_ACCESS}; - MapGenericMask(&access_mask, &generic_mapping); - - for (DWORD i = 0; i < info.AceCount; ++i) { - ACCESS_ALLOWED_ACE* ace; - if (GetAce(dacl, i, reinterpret_cast<void**>(&ace))) { - if ((ace->Header.AceFlags & INHERIT_ONLY_ACE) == INHERIT_ONLY_ACE) - continue; - - PSID existing_sid = reinterpret_cast<PSID>(&ace->SidStart); - DWORD mask = ace->Mask; - MapGenericMask(&mask, &generic_mapping); - - if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE && - (mask & access_mask) == access_mask && EqualSid(existing_sid, sid)) - return true; - - if (ace->Header.AceType == ACCESS_DENIED_ACE_TYPE && - (mask & access_mask) != 0 && EqualSid(existing_sid, sid)) - return false; - } - } - - return false; -} - -bool CreateMachineState() { - LibMutex lock; - if (lock.failed()) - return false; - - base::win::RegKey hklm_key; - if (hklm_key.Create(HKEY_LOCAL_MACHINE, - RlzValueStoreRegistry::GetWideLibKeyName().c_str(), - KEY_ALL_ACCESS | KEY_WOW64_32KEY) != ERROR_SUCCESS) { - ASSERT_STRING("rlz_lib::CreateMachineState: " - "Unable to create / open machine key."); - return false; - } - - // Create a SID that represents ALL USERS. - DWORD users_sid_size = SECURITY_MAX_SID_SIZE; - typed_buffer_ptr<SID> users_sid(users_sid_size); - CreateWellKnownSid(WinBuiltinUsersSid, NULL, users_sid, &users_sid_size); - - // Get the security descriptor for the registry key. - DWORD original_sd_size = 0; - ::RegGetKeySecurity(hklm_key.Handle(), DACL_SECURITY_INFORMATION, NULL, - &original_sd_size); - typed_buffer_ptr<SECURITY_DESCRIPTOR> original_sd(original_sd_size); - - LONG result = ::RegGetKeySecurity(hklm_key.Handle(), - DACL_SECURITY_INFORMATION, original_sd, &original_sd_size); - if (result != ERROR_SUCCESS) { - ASSERT_STRING("rlz_lib::CreateMachineState: " - "Unable to create / open machine key."); - return false; - } - - // Make a copy of the security descriptor so we can modify it. The one - // returned by RegGetKeySecurity() is self-relative, so we need to make it - // absolute. - DWORD new_sd_size = 0; - DWORD dacl_size = 0; - DWORD sacl_size = 0; - DWORD owner_size = 0; - DWORD group_size = 0; - ::MakeAbsoluteSD(original_sd, NULL, &new_sd_size, NULL, &dacl_size, - NULL, &sacl_size, NULL, &owner_size, - NULL, &group_size); - - typed_buffer_ptr<SECURITY_DESCRIPTOR> new_sd(new_sd_size); - // Make sure the DACL is big enough to add one more ACE. - typed_buffer_ptr<ACL> dacl(dacl_size + SECURITY_MAX_SID_SIZE); - typed_buffer_ptr<ACL> sacl(sacl_size); - typed_buffer_ptr<SID> owner(owner_size); - typed_buffer_ptr<SID> group(group_size); - - if (!::MakeAbsoluteSD(original_sd, new_sd, &new_sd_size, dacl, &dacl_size, - sacl, &sacl_size, owner, &owner_size, - group, &group_size)) { - ASSERT_STRING("rlz_lib::CreateMachineState: MakeAbsoluteSD failed"); - return false; - } - - // If all users already have read/write access to the registry key, then - // nothing to do. Otherwise change the security descriptor of the key to - // give everyone access. - if (HasAccess(users_sid, KEY_ALL_ACCESS, dacl)) { - return false; - } - - // Add ALL-USERS ALL-ACCESS ACL. - EXPLICIT_ACCESS ea; - ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); - ea.grfAccessPermissions = GENERIC_ALL | KEY_ALL_ACCESS; - ea.grfAccessMode = GRANT_ACCESS; - ea.grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT; - ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME; - ea.Trustee.ptstrName = L"Everyone"; - - ACL* new_dacl = NULL; - result = SetEntriesInAcl(1, &ea, dacl, &new_dacl); - if (result != ERROR_SUCCESS) { - ASSERT_STRING("rlz_lib::CreateMachineState: SetEntriesInAcl failed"); - return false; - } - - BOOL ok = SetSecurityDescriptorDacl(new_sd, TRUE, new_dacl, FALSE); - if (!ok) { - ASSERT_STRING("rlz_lib::CreateMachineState: " - "SetSecurityDescriptorOwner failed"); - LocalFree(new_dacl); - return false; - } - - result = ::RegSetKeySecurity(hklm_key.Handle(), - DACL_SECURITY_INFORMATION, - new_sd); - // Note that the new DACL cannot be freed until after the call to - // RegSetKeySecurity(). - LocalFree(new_dacl); - - bool success = true; - if (result != ERROR_SUCCESS) { - ASSERT_STRING("rlz_lib::CreateMachineState: " - "Unable to create / open machine key."); - success = false; - } - - - return success; -} - -bool SetMachineDealCode(const char* dcc) { - return MachineDealCode::Set(dcc); -} - -bool GetMachineDealCodeAsCgi(char* cgi, size_t cgi_size) { - return MachineDealCode::GetAsCgi(cgi, cgi_size); -} - -bool GetMachineDealCode(char* dcc, size_t dcc_size) { - return MachineDealCode::Get(dcc, dcc_size); -} - -// Combined functions. - -bool SetMachineDealCodeFromPingResponse(const char* response) { - return MachineDealCode::SetFromPingResponse(response); -} - -void InitializeTempHivesForTesting(const base::win::RegKey& temp_hklm_key, - const base::win::RegKey& temp_hkcu_key) { - // For the moment, the HKCU hive requires no initialization. - - if (base::win::GetVersion() >= base::win::VERSION_WIN7) { - // Copy the following HKLM subtrees to the temporary location so that the - // win32 APIs used by the tests continue to work: - // - // HKLM\System\CurrentControlSet\Control\Lsa\AccessProviders - // - // This seems to be required since Win7. - base::win::RegKey dest(temp_hklm_key.Handle(), kHKLMAccessProviders, - KEY_ALL_ACCESS); - CopyRegistryTree(base::win::RegKey(HKEY_LOCAL_MACHINE, - kHKLMAccessProviders, - KEY_READ), - &dest); - } -} - -} // namespace rlz_lib |