From 5eff57ede25d7fe51c3bb964aaba2745e3fb1896 Mon Sep 17 00:00:00 2001 From: "zysxqn@google.com" Date: Tue, 26 Jun 2012 00:28:46 +0000 Subject: Add a regenerate button to regenerate the password in Windows. BUG=120480 TEST=Not tested. Review URL: https://chromiumcodereview.appspot.com/10642009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144071 0039d316-1c4b-4281-b951-d872f2087c98 --- rlz/win/dll/dll_main.cc | 15 -- rlz/win/dll/exports.cc | 108 --------- rlz/win/lib/lib_mutex.cc | 67 ------ rlz/win/lib/lib_mutex.h | 28 --- rlz/win/lib/machine_deal.cc | 300 ------------------------- rlz/win/lib/machine_deal.h | 61 ----- rlz/win/lib/machine_deal_test.cc | 156 ------------- rlz/win/lib/machine_id_win.cc | 130 ----------- rlz/win/lib/process_info.cc | 196 ---------------- rlz/win/lib/process_info.h | 32 --- rlz/win/lib/registry_util.cc | 77 ------- rlz/win/lib/registry_util.h | 29 --- rlz/win/lib/rlz_lib.h | 56 ----- rlz/win/lib/rlz_lib_win.cc | 260 --------------------- rlz/win/lib/rlz_value_store_registry.cc | 384 -------------------------------- rlz/win/lib/rlz_value_store_registry.h | 55 ----- rlz/win/lib/vista_winnt.h | 99 -------- 17 files changed, 2053 deletions(-) delete mode 100644 rlz/win/dll/dll_main.cc delete mode 100644 rlz/win/dll/exports.cc delete mode 100644 rlz/win/lib/lib_mutex.cc delete mode 100644 rlz/win/lib/lib_mutex.h delete mode 100644 rlz/win/lib/machine_deal.cc delete mode 100644 rlz/win/lib/machine_deal.h delete mode 100644 rlz/win/lib/machine_deal_test.cc delete mode 100644 rlz/win/lib/machine_id_win.cc delete mode 100644 rlz/win/lib/process_info.cc delete mode 100644 rlz/win/lib/process_info.h delete mode 100644 rlz/win/lib/registry_util.cc delete mode 100644 rlz/win/lib/registry_util.h delete mode 100644 rlz/win/lib/rlz_lib.h delete mode 100644 rlz/win/lib/rlz_lib_win.cc delete mode 100644 rlz/win/lib/rlz_value_store_registry.cc delete mode 100644 rlz/win/lib/rlz_value_store_registry.h delete mode 100644 rlz/win/lib/vista_winnt.h (limited to 'rlz/win') diff --git a/rlz/win/dll/dll_main.cc b/rlz/win/dll/dll_main.cc deleted file mode 100644 index 943f517..0000000 --- a/rlz/win/dll/dll_main.cc +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// Main function for the RLZ DLL. - -#ifndef _WIN32_WINNT -#define _WIN32_WINNT 0x0501 -#endif -#include - -BOOL APIENTRY DllMain(HANDLE module, DWORD reason, LPVOID reserved) { - return TRUE; -} - diff --git a/rlz/win/dll/exports.cc b/rlz/win/dll/exports.cc deleted file mode 100644 index efe5cd98..0000000 --- a/rlz/win/dll/exports.cc +++ /dev/null @@ -1,108 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// Functions exported by the RLZ DLL. - -#include "rlz/win/lib/rlz_lib.h" - -#define RLZ_DLL_EXPORT extern "C" __declspec(dllexport) - -RLZ_DLL_EXPORT bool RecordProductEvent(rlz_lib::Product product, - rlz_lib::AccessPoint point, - rlz_lib::Event event_id) { - return rlz_lib::RecordProductEvent(product, point, event_id); -} - -RLZ_DLL_EXPORT bool GetProductEventsAsCgi(rlz_lib::Product product, - char* unescaped_cgi, - size_t unescaped_cgi_size) { - return rlz_lib::GetProductEventsAsCgi(product, unescaped_cgi, - unescaped_cgi_size); -} -RLZ_DLL_EXPORT bool ClearAllProductEvents(rlz_lib::Product product) { - return rlz_lib::ClearAllProductEvents(product); -} - -RLZ_DLL_EXPORT bool ClearProductEvent(rlz_lib::Product product, - rlz_lib::AccessPoint point, - rlz_lib::Event event_id) { - return rlz_lib::ClearProductEvent(product, point, event_id); -} - -RLZ_DLL_EXPORT bool GetAccessPointRlz(rlz_lib::AccessPoint point, - char* rlz, - size_t rlz_size) { - return rlz_lib::GetAccessPointRlz(point, rlz, rlz_size); -} - -RLZ_DLL_EXPORT bool SetAccessPointRlz(rlz_lib::AccessPoint point, - const char* new_rlz) { - return rlz_lib::SetAccessPointRlz(point, new_rlz); -} - -RLZ_DLL_EXPORT bool CreateMachineState() { - return rlz_lib::CreateMachineState(); -} - -RLZ_DLL_EXPORT bool SetMachineDealCode(const char* dcc) { - return rlz_lib::SetMachineDealCode(dcc); -} - -RLZ_DLL_EXPORT bool GetMachineDealCodeAsCgi(char* cgi, size_t cgi_size) { - return rlz_lib::GetMachineDealCodeAsCgi(cgi, cgi_size); -} - -RLZ_DLL_EXPORT bool GetMachineDealCode2(char* dcc, size_t dcc_size) { - return rlz_lib::GetMachineDealCode(dcc, dcc_size); -} - -RLZ_DLL_EXPORT bool GetPingParams(rlz_lib::Product product, - const rlz_lib::AccessPoint* access_points, - char* unescaped_cgi, - size_t unescaped_cgi_size) { - return rlz_lib::GetPingParams(product, access_points, unescaped_cgi, - unescaped_cgi_size); -} - -RLZ_DLL_EXPORT bool ParsePingResponse(rlz_lib::Product product, - const char* response) { - return rlz_lib::ParsePingResponse(product, response); -} - -RLZ_DLL_EXPORT bool IsPingResponseValid(const char* response, - int* checksum_idx) { - return rlz_lib::IsPingResponseValid(response, checksum_idx); -} - -RLZ_DLL_EXPORT bool SetMachineDealCodeFromPingResponse(const char* response) { - return rlz_lib::SetMachineDealCodeFromPingResponse(response); -} - -RLZ_DLL_EXPORT bool SendFinancialPing(rlz_lib::Product product, - const rlz_lib::AccessPoint* access_points, - const char* product_signature, - const char* product_brand, - const char* product_id, - const char* product_lang, - bool exclude_machine_id) { - return rlz_lib::SendFinancialPing(product, access_points, product_signature, - product_brand, product_id, product_lang, exclude_machine_id); -} - -RLZ_DLL_EXPORT bool SendFinancialPingNoDelay( - rlz_lib::Product product, - const rlz_lib::AccessPoint* access_points, - const char* product_signature, - const char* product_brand, - const char* product_id, - const char* product_lang, - bool exclude_machine_id) { - return rlz_lib::SendFinancialPing(product, access_points, product_signature, - product_brand, product_id, product_lang, exclude_machine_id, true); -} - -RLZ_DLL_EXPORT void ClearProductState( - rlz_lib::Product product, const rlz_lib::AccessPoint* access_points) { - return rlz_lib::ClearProductState(product, access_points); -} diff --git a/rlz/win/lib/lib_mutex.cc b/rlz/win/lib/lib_mutex.cc deleted file mode 100644 index 73dfade..0000000 --- a/rlz/win/lib/lib_mutex.cc +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// Mutex to guarantee serialization of RLZ key accesses. - -#include "rlz/win/lib/lib_mutex.h" - -#include -#include // For SDDL_REVISION_1, ConvertStringSecurityDescript.. -#include // For SetSecurityInfo - -#include "base/logging.h" -#include "base/win/windows_version.h" - -namespace { - -const wchar_t kMutexName[] = L"{A946A6A9-917E-4949-B9BC-6BADA8C7FD63}"; - -} // namespace anonymous - -namespace rlz_lib { - -// Needed to allow synchronization across integrity levels. -static bool SetObjectToLowIntegrity(HANDLE object, - SE_OBJECT_TYPE type = SE_KERNEL_OBJECT) { - if (base::win::GetVersion() < base::win::VERSION_VISTA) - return true; // Not needed on XP. - - // The LABEL_SECURITY_INFORMATION SDDL SACL to be set for low integrity. - static const wchar_t kLowIntegritySddlSacl[] = L"S:(ML;;NW;;;LW)"; - - bool result = false; - DWORD error = ERROR_SUCCESS; - PSECURITY_DESCRIPTOR security_descriptor = NULL; - PACL sacl = NULL; - BOOL sacl_present = FALSE; - BOOL sacl_defaulted = FALSE; - - if (ConvertStringSecurityDescriptorToSecurityDescriptorW( - kLowIntegritySddlSacl, SDDL_REVISION_1, &security_descriptor, NULL)) { - if (GetSecurityDescriptorSacl(security_descriptor, &sacl_present, - &sacl, &sacl_defaulted)) { - error = SetSecurityInfo(object, type, LABEL_SECURITY_INFORMATION, - NULL, NULL, NULL, sacl); - result = (ERROR_SUCCESS == error); - } - LocalFree(security_descriptor); - } - - return result; -} - -LibMutex::LibMutex() : acquired_(false), mutex_(NULL) { - mutex_ = CreateMutex(NULL, false, kMutexName); - bool result = SetObjectToLowIntegrity(mutex_); - if (result) { - acquired_ = (WAIT_OBJECT_0 == WaitForSingleObject(mutex_, 5000L)); - } -} - -LibMutex::~LibMutex() { - if (acquired_) ReleaseMutex(mutex_); - CloseHandle(mutex_); -} - -} // namespace rlz_lib diff --git a/rlz/win/lib/lib_mutex.h b/rlz/win/lib/lib_mutex.h deleted file mode 100644 index 6992bea..0000000 --- a/rlz/win/lib/lib_mutex.h +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// Mutex to guarantee serialization of RLZ key accesses. - -#ifndef RLZ_WIN_LIB_LIB_MUTEX_H_ -#define RLZ_WIN_LIB_LIB_MUTEX_H_ - -#include - -namespace rlz_lib { - -class LibMutex { - public: - LibMutex(); - ~LibMutex(); - - bool failed(void) { return !acquired_; } - - private: - bool acquired_; - HANDLE mutex_; -}; - -} // namespace rlz_lib - -#endif // RLZ_WIN_LIB_LIB_MUTEX_H_ diff --git a/rlz/win/lib/machine_deal.cc b/rlz/win/lib/machine_deal.cc deleted file mode 100644 index 3216260..0000000 --- a/rlz/win/lib/machine_deal.cc +++ /dev/null @@ -1,300 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// Library functions related to the OEM Deal Confirmation Code. - -#include "rlz/win/lib/machine_deal.h" - -#include -#include - -#include "base/basictypes.h" -#include "base/memory/scoped_ptr.h" -#include "base/string_split.h" -#include "base/string_util.h" -#include "base/stringprintf.h" -#include "base/win/registry.h" -#include "rlz/lib/assert.h" -#include "rlz/lib/lib_values.h" -#include "rlz/win/lib/lib_mutex.h" -#include "rlz/win/lib/registry_util.h" -#include "rlz/win/lib/rlz_value_store_registry.h" - -const wchar_t kDccValueName[] = L"DCC"; - -namespace { - -// Current DCC can only uses [a-zA-Z0-9_-!@$*();.<>,:] -// We will be more liberal and allow some additional chars, but not url meta -// chars. -bool IsGoodDccChar(char ch) { - if (IsAsciiAlpha(ch) || IsAsciiDigit(ch)) - return true; - - switch (ch) { - case '_': - case '-': - case '!': - case '@': - case '$': - case '*': - case '(': - case ')': - case ';': - case '.': - case '<': - case '>': - case ',': - case ':': - return true; - } - - return false; -} - -// This function will remove bad rlz chars and also limit the max rlz to some -// reasonable size. It also assumes that normalized_dcc is at least -// kMaxDccLength+1 long. -void NormalizeDcc(const char* raw_dcc, char* normalized_dcc) { - int index = 0; - for (; raw_dcc[index] != 0 && index < rlz_lib::kMaxDccLength; ++index) { - char current = raw_dcc[index]; - if (IsGoodDccChar(current)) { - normalized_dcc[index] = current; - } else { - normalized_dcc[index] = '.'; - } - } - - normalized_dcc[index] = 0; -} - -bool GetResponseLine(const char* response_text, int response_length, - int* search_index, std::string* response_line) { - if (!response_line || !search_index || *search_index > response_length) - return false; - - response_line->clear(); - - if (*search_index < 0) - return false; - - int line_begin = *search_index; - const char* line_end = strchr(response_text + line_begin, '\n'); - - if (line_end == NULL || line_end - response_text > response_length) { - line_end = response_text + response_length; - *search_index = -1; - } else { - *search_index = line_end - response_text + 1; - } - - response_line->assign(response_text + line_begin, - line_end - response_text - line_begin); - return true; -} - -bool GetResponseValue(const std::string& response_line, - const std::string& response_key, - std::string* value) { - if (!value) - return false; - - value->clear(); - - if (!StartsWithASCII(response_line, response_key, true)) - return false; - - std::vector tokens; - base::SplitString(response_line, ':', &tokens); - if (tokens.size() != 2) - return false; - - // The first token is the key, the second is the value. The value is already - // trimmed for whitespace. - *value = tokens[1]; - return true; -} - -} // namespace anonymous - -namespace rlz_lib { - -bool MachineDealCode::Set(const char* dcc) { - LibMutex lock; - if (lock.failed()) - return false; - - // TODO: if (!ProcessInfo::CanWriteMachineKey()) return false; - - // Validate the new dcc value. - size_t length = strlen(dcc); - if (length > kMaxDccLength) { - ASSERT_STRING("MachineDealCode::Set: DCC length is exceeds max allowed."); - return false; - } - - base::win::RegKey hklm_key(HKEY_LOCAL_MACHINE, - RlzValueStoreRegistry::GetWideLibKeyName().c_str(), - KEY_READ | KEY_WRITE | KEY_WOW64_32KEY); - if (!hklm_key.Valid()) { - ASSERT_STRING("MachineDealCode::Set: Unable to create / open machine key." - " Did you call rlz_lib::CreateMachineState()?"); - return false; - } - - char normalized_dcc[kMaxDccLength + 1]; - NormalizeDcc(dcc, normalized_dcc); - VERIFY(length == strlen(normalized_dcc)); - - // Write the DCC to HKLM. Note that we need to include the null character - // when writing the string. - if (!RegKeyWriteValue(hklm_key, kDccValueName, normalized_dcc)) { - ASSERT_STRING("MachineDealCode::Set: Could not write the DCC value"); - return false; - } - - return true; -} - -bool MachineDealCode::GetNewCodeFromPingResponse(const char* response, - bool* has_new_dcc, char* new_dcc, int new_dcc_size) { - if (!has_new_dcc || !new_dcc || !new_dcc_size) - return false; - - *has_new_dcc = false; - new_dcc[0] = 0; - - int response_length = -1; - if (!IsPingResponseValid(response, &response_length)) - return false; - - // Get the current DCC value to compare to later) - char stored_dcc[kMaxDccLength + 1]; - if (!Get(stored_dcc, arraysize(stored_dcc))) - stored_dcc[0] = 0; - - int search_index = 0; - std::string response_line; - std::string new_dcc_value; - bool old_dcc_confirmed = false; - const std::string dcc_cgi(kDccCgiVariable); - const std::string dcc_cgi_response(kSetDccResponseVariable); - while (GetResponseLine(response, response_length, &search_index, - &response_line)) { - std::string value; - - if (!old_dcc_confirmed && - GetResponseValue(response_line, dcc_cgi, &value)) { - // This is the old DCC confirmation - should match value in registry. - if (value != stored_dcc) - return false; // Corrupted DCC - ignore this response. - else - old_dcc_confirmed = true; - continue; - } - - if (!(*has_new_dcc) && - GetResponseValue(response_line, dcc_cgi_response, &value)) { - // This is the new DCC. - if (value.size() > kMaxDccLength) continue; // Too long - *has_new_dcc = true; - new_dcc_value = value; - } - } - - old_dcc_confirmed |= (NULL == stored_dcc[0]); - - base::strlcpy(new_dcc, new_dcc_value.c_str(), new_dcc_size); - return old_dcc_confirmed; -} - -bool MachineDealCode::SetFromPingResponse(const char* response) { - bool has_new_dcc = false; - char new_dcc[kMaxDccLength + 1]; - - bool response_valid = GetNewCodeFromPingResponse( - response, &has_new_dcc, new_dcc, arraysize(new_dcc)); - - if (response_valid && has_new_dcc) - return Set(new_dcc); - - return response_valid; -} - -bool MachineDealCode::GetAsCgi(char* cgi, int cgi_size) { - if (!cgi || cgi_size <= 0) { - ASSERT_STRING("MachineDealCode::GetAsCgi: Invalid buffer"); - return false; - } - - cgi[0] = 0; - - std::string cgi_arg; - base::StringAppendF(&cgi_arg, "%s=", kDccCgiVariable); - int cgi_arg_length = cgi_arg.size(); - - if (cgi_arg_length >= cgi_size) { - ASSERT_STRING("MachineDealCode::GetAsCgi: Insufficient buffer size"); - return false; - } - - base::strlcpy(cgi, cgi_arg.c_str(), cgi_size); - - if (!Get(cgi + cgi_arg_length, cgi_size - cgi_arg_length)) { - cgi[0] = 0; - return false; - } - return true; -} - -bool MachineDealCode::Get(char* dcc, int dcc_size) { - LibMutex lock; - if (lock.failed()) - return false; - - if (!dcc || dcc_size <= 0) { - ASSERT_STRING("MachineDealCode::Get: Invalid buffer"); - return false; - } - - dcc[0] = 0; - - base::win::RegKey dcc_key(HKEY_LOCAL_MACHINE, - RlzValueStoreRegistry::GetWideLibKeyName().c_str(), - KEY_READ | KEY_WOW64_32KEY); - if (!dcc_key.Valid()) - return false; // no DCC key. - - size_t size = dcc_size; - if (!RegKeyReadValue(dcc_key, kDccValueName, dcc, &size)) { - ASSERT_STRING("MachineDealCode::Get: Insufficient buffer size"); - dcc[0] = 0; - return false; - } - - return true; -} - -bool MachineDealCode::Clear() { - base::win::RegKey dcc_key(HKEY_LOCAL_MACHINE, - RlzValueStoreRegistry::GetWideLibKeyName().c_str(), - KEY_READ | KEY_WRITE | KEY_WOW64_32KEY); - if (!dcc_key.Valid()) - return false; // no DCC key. - - dcc_key.DeleteValue(kDccValueName); - - // Verify deletion. - wchar_t dcc[kMaxDccLength + 1]; - DWORD dcc_size = arraysize(dcc); - if (dcc_key.ReadValue(kDccValueName, dcc, &dcc_size, NULL) == ERROR_SUCCESS) { - ASSERT_STRING("MachineDealCode::Clear: Could not delete the DCC value."); - return false; - } - - return true; -} - -} // namespace rlz_lib diff --git a/rlz/win/lib/machine_deal.h b/rlz/win/lib/machine_deal.h deleted file mode 100644 index 5b8b84a..0000000 --- a/rlz/win/lib/machine_deal.h +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// Library functions related to the OEM Deal Confirmation Code. - -#ifndef RLZ_WIN_LIB_MACHINE_DEAL_H_ -#define RLZ_WIN_LIB_MACHINE_DEAL_H_ - -#include -#include "rlz/win/lib/rlz_lib.h" - -namespace rlz_lib { - -class MachineDealCode { - public: - // Set the OEM Deal Confirmation Code (DCC). This information is used for RLZ - // initalization. Must have write access to HKLM - SYSTEM or admin, unless - // rlz_lib::CreateMachineState() has been successfully called. - static bool Set(const char* dcc); - - // Get the OEM Deal Confirmation Code from the registry. Used to ping - // the server. - static bool Get(AccessPoint point, - char* dcc, - int dcc_size, - const wchar_t* sid = NULL); - - // Parses a ping response, checks if it is valid and sets the machine DCC - // from the response. The response should also contain the current value of - // the DCC to be considered valid. - // Write access to HKLM (system / admin) needed, unless - // rlz_lib::CreateMachineState() has been successfully called. - static bool SetFromPingResponse(const char* response); - - // Gets the new DCC to set from a ping response. Returns true if the ping - // response is valid. Sets has_new_dcc true if there is a new DCC value. - static bool GetNewCodeFromPingResponse(const char* response, - bool* has_new_dcc, - char* new_dcc, - int new_dcc_size); - - // Get the DCC cgi argument string to append to a daily or financial ping. - static bool GetAsCgi(char* cgi, int cgi_size); - - // Get the machine code. - static bool Get(char* dcc, int dcc_size); - - protected: - // Clear the DCC value. Only for testing purposes. - // Requires write access to HKLM, unless rlz_lib::CreateMachineState() has - // been successfully called. - static bool Clear(); - - MachineDealCode() {} - ~MachineDealCode() {} -}; - -} // namespace rlz_lib - -#endif // RLZ_WIN_LIB_MACHINE_DEAL_H_ diff --git a/rlz/win/lib/machine_deal_test.cc b/rlz/win/lib/machine_deal_test.cc deleted file mode 100644 index 47b7265..0000000 --- a/rlz/win/lib/machine_deal_test.cc +++ /dev/null @@ -1,156 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// A test application for the MachineDealCode class. -// -// These tests should not be executed on the build server: -// - They assert for the failed cases. -// - They modify machine state (registry). -// -// These tests require write access to HKLM and HKCU, unless -// rlz_lib::CreateMachineState() has been successfully called. - -#include "base/logging.h" -#include "testing/gmock/include/gmock/gmock.h" -#include "testing/gtest/include/gtest/gtest.h" - -#include "rlz/test/rlz_test_helpers.h" -#include "rlz/win/lib/machine_deal.h" - -class MachineDealCodeHelper : public rlz_lib::MachineDealCode { - public: - static bool Clear() { return rlz_lib::MachineDealCode::Clear(); } - - private: - MachineDealCodeHelper() {} - ~MachineDealCodeHelper() {} -}; - -class MachineDealCodeTest : public RlzLibTestBase { -}; - -TEST_F(MachineDealCodeTest, CreateMachineState) { - EXPECT_TRUE(rlz_lib::CreateMachineState()); -} - -TEST_F(MachineDealCodeTest, Set) { - MachineDealCodeHelper::Clear(); - char dcc_50[50]; - dcc_50[0] = 0; - - EXPECT_TRUE(rlz_lib::MachineDealCode::Set("dcc_value")); - - EXPECT_TRUE(rlz_lib::MachineDealCode::Get(dcc_50, 50)); - EXPECT_STREQ("dcc_value", dcc_50); - - EXPECT_TRUE(rlz_lib::MachineDealCode::Set("dcc_value_2")); - - EXPECT_TRUE(rlz_lib::MachineDealCode::Get(dcc_50, 50)); - EXPECT_STREQ("dcc_value_2", dcc_50); -} - -TEST_F(MachineDealCodeTest, Get) { - MachineDealCodeHelper::Clear(); - char dcc_50[50], dcc_2[2]; - dcc_50[0] = 0; - dcc_2[0] = 0; - - EXPECT_FALSE(rlz_lib::MachineDealCode::Get(dcc_50, 50)); - - EXPECT_TRUE(rlz_lib::MachineDealCode::Set("dcc_value")); - - EXPECT_TRUE(rlz_lib::MachineDealCode::Get(dcc_50, 50)); - EXPECT_STREQ("dcc_value", dcc_50); - - EXPECT_FALSE(rlz_lib::MachineDealCode::Get(dcc_2, 2)); -} - -TEST_F(MachineDealCodeTest, SetFromPingResponse) { - rlz_lib::MachineDealCode::Set("MyDCCode"); - char dcc_50[50]; - - // Bad responses - - char* kBadDccResponse = - "dcc: NotMyDCCode \r\n" - "set_dcc: NewDCCode\r\n" - "crc32: 1B4D6BB3"; - EXPECT_FALSE(rlz_lib::MachineDealCode::SetFromPingResponse( - kBadDccResponse)); - EXPECT_TRUE(rlz_lib::MachineDealCode::Get(dcc_50, 50)); - EXPECT_STREQ("MyDCCode", dcc_50); - - char* kBadCrcResponse = - "dcc: MyDCCode \r\n" - "set_dcc: NewDCCode\r\n" - "crc32: 90707106"; - EXPECT_FALSE(rlz_lib::MachineDealCode::SetFromPingResponse( - kBadCrcResponse)); - EXPECT_TRUE(rlz_lib::MachineDealCode::Get(dcc_50, 50)); - EXPECT_STREQ("MyDCCode", dcc_50); - - // Good responses - - char* kMissingSetResponse = - "dcc: MyDCCode \r\n" - "crc32: 35F2E717"; - EXPECT_TRUE(rlz_lib::MachineDealCode::SetFromPingResponse( - kMissingSetResponse)); - EXPECT_TRUE(rlz_lib::MachineDealCode::Get(dcc_50, 50)); - EXPECT_STREQ("MyDCCode", dcc_50); - - char* kGoodResponse = - "dcc: MyDCCode \r\n" - "set_dcc: NewDCCode\r\n" - "crc32: C8540E02"; - EXPECT_TRUE(rlz_lib::MachineDealCode::SetFromPingResponse( - kGoodResponse)); - EXPECT_TRUE(rlz_lib::MachineDealCode::Get(dcc_50, 50)); - EXPECT_STREQ("NewDCCode", dcc_50); - - char* kGoodResponse2 = - "set_dcc: NewDCCode2 \r\n" - "dcc: NewDCCode \r\n" - "crc32: 60B6409A"; - EXPECT_TRUE(rlz_lib::MachineDealCode::SetFromPingResponse( - kGoodResponse2)); - EXPECT_TRUE(rlz_lib::MachineDealCode::Get(dcc_50, 50)); - EXPECT_STREQ("NewDCCode2", dcc_50); - - MachineDealCodeHelper::Clear(); - char* kGoodResponse3 = - "set_dcc: NewDCCode \r\n" - "crc32: 374C1C47"; - EXPECT_TRUE(rlz_lib::MachineDealCode::SetFromPingResponse( - kGoodResponse3)); - EXPECT_TRUE(rlz_lib::MachineDealCode::Get(dcc_50, 50)); - EXPECT_STREQ("NewDCCode", dcc_50); - - MachineDealCodeHelper::Clear(); - char* kGoodResponse4 = - "dcc: \r\n" - "set_dcc: NewDCCode \r\n" - "crc32: 0AB1FB39"; - EXPECT_TRUE(rlz_lib::MachineDealCode::SetFromPingResponse( - kGoodResponse4)); - EXPECT_TRUE(rlz_lib::MachineDealCode::Get(dcc_50, 50)); - EXPECT_STREQ("NewDCCode", dcc_50); -} - -TEST_F(MachineDealCodeTest, GetAsCgi) { - MachineDealCodeHelper::Clear(); - char cgi_50[50], cgi_2[2]; - cgi_50[0] = 0; - cgi_2[0] = 0; - - EXPECT_FALSE(rlz_lib::MachineDealCode::GetAsCgi(cgi_50, 50)); - EXPECT_STREQ("", cgi_50); - - EXPECT_TRUE(rlz_lib::MachineDealCode::Set("dcc_value")); - - EXPECT_TRUE(rlz_lib::MachineDealCode::GetAsCgi(cgi_50, 50)); - EXPECT_STREQ("dcc=dcc_value", cgi_50); - - EXPECT_FALSE(rlz_lib::MachineDealCode::GetAsCgi(cgi_2, 2)); -} diff --git a/rlz/win/lib/machine_id_win.cc b/rlz/win/lib/machine_id_win.cc deleted file mode 100644 index 8eb138a..0000000 --- a/rlz/win/lib/machine_id_win.cc +++ /dev/null @@ -1,130 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include // For ConvertSidToStringSidW. -#include - -#include "base/memory/scoped_ptr.h" -#include "base/string16.h" -#include "rlz/lib/assert.h" - -namespace rlz_lib { - -namespace { - -bool GetSystemVolumeSerialNumber(int* number) { - if (!number) - return false; - - *number = 0; - - // Find the system root path (e.g: C:\). - wchar_t system_path[MAX_PATH + 1]; - if (!GetSystemDirectoryW(system_path, MAX_PATH)) - return false; - - wchar_t* first_slash = wcspbrk(system_path, L"\\/"); - if (first_slash != NULL) - *(first_slash + 1) = 0; - - DWORD number_local = 0; - if (!GetVolumeInformationW(system_path, NULL, 0, &number_local, NULL, NULL, - NULL, 0)) - return false; - - *number = number_local; - return true; -} - -bool GetComputerSid(const wchar_t* account_name, SID* sid, DWORD sid_size) { - static const DWORD kStartDomainLength = 128; // reasonable to start with - - scoped_array domain_buffer(new wchar_t[kStartDomainLength]); - DWORD domain_size = kStartDomainLength; - DWORD sid_dword_size = sid_size; - SID_NAME_USE sid_name_use; - - BOOL success = ::LookupAccountNameW(NULL, account_name, sid, - &sid_dword_size, domain_buffer.get(), - &domain_size, &sid_name_use); - if (!success && ::GetLastError() == ERROR_INSUFFICIENT_BUFFER) { - // We could have gotten the insufficient buffer error because - // one or both of sid and szDomain was too small. Check for that - // here. - if (sid_dword_size > sid_size) - return false; - - if (domain_size > kStartDomainLength) - domain_buffer.reset(new wchar_t[domain_size]); - - success = ::LookupAccountNameW(NULL, account_name, sid, &sid_dword_size, - domain_buffer.get(), &domain_size, - &sid_name_use); - } - - return success != FALSE; -} - -std::wstring ConvertSidToString(SID* sid) { - std::wstring sid_string; -#if _WIN32_WINNT >= 0x500 - wchar_t* sid_buffer = NULL; - if (ConvertSidToStringSidW(sid, &sid_buffer)) { - sid_string = sid_buffer; - LocalFree(sid_buffer); - } -#else - SID_IDENTIFIER_AUTHORITY* sia = ::GetSidIdentifierAuthority(sid); - - if(sia->Value[0] || sia->Value[1]) { - base::SStringPrintf( - &sid_string, L"S-%d-0x%02hx%02hx%02hx%02hx%02hx%02hx", - SID_REVISION, (USHORT)sia->Value[0], (USHORT)sia->Value[1], - (USHORT)sia->Value[2], (USHORT)sia->Value[3], (USHORT)sia->Value[4], - (USHORT)sia->Value[5]); - } else { - ULONG authority = 0; - for (int i = 2; i < 6; ++i) { - authority <<= 8; - authority |= sia->Value[i]; - } - base::SStringPrintf(&sid_string, L"S-%d-%lu", SID_REVISION, authority); - } - - int sub_auth_count = *::GetSidSubAuthorityCount(sid); - for(int i = 0; i < sub_auth_count; ++i) - base::StringAppendF(&sid_string, L"-%lu", *::GetSidSubAuthority(sid, i)); -#endif - - return sid_string; -} - -} // namespace - -bool GetRawMachineId(string16* sid_string, int* volume_id) { - // Calculate the Windows SID. - - wchar_t computer_name[MAX_COMPUTERNAME_LENGTH + 1] = {0}; - DWORD size = arraysize(computer_name); - - if (GetComputerNameW(computer_name, &size)) { - char sid_buffer[SECURITY_MAX_SID_SIZE]; - SID* sid = reinterpret_cast(sid_buffer); - if (GetComputerSid(computer_name, sid, SECURITY_MAX_SID_SIZE)) { - *sid_string = ConvertSidToString(sid); - } - } - - // Get the system drive volume serial number. - *volume_id = 0; - if (!GetSystemVolumeSerialNumber(volume_id)) { - ASSERT_STRING("GetMachineId: Failed to retrieve volume serial number"); - *volume_id = 0; - } - - return true; -} - -} // namespace rlz_lib diff --git a/rlz/win/lib/process_info.cc b/rlz/win/lib/process_info.cc deleted file mode 100644 index 8d4a02f..0000000 --- a/rlz/win/lib/process_info.cc +++ /dev/null @@ -1,196 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// Information about the current process. - -#include "rlz/win/lib/process_info.h" - -#include -#include // For ConvertSidToStringSid. -#include // For UNLEN - -#include "base/logging.h" -#include "base/memory/scoped_ptr.h" -#include "base/process_util.h" -#include "base/win/scoped_handle.h" -#include "base/win/windows_version.h" -#include "rlz/lib/assert.h" -#include "rlz/win/lib/vista_winnt.h" - -namespace { - -HRESULT GetCurrentUser(std::wstring* name, - std::wstring* domain, - std::wstring* sid) { - DWORD err; - - // Get the current username & domain the hard way. (GetUserNameEx would be - // nice, but unfortunately requires connectivity to a domain controller. - // Useless.) - - // (Following call doesn't work if running as a Service - because a Service - // runs under special accounts like LOCAL_SYSTEM, not as the logged in user. - // In which case, search for and use the process handle of a running - // Explorer.exe.) - HANDLE token; - if (!::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &token)) - return E_FAIL; - - base::win::ScopedHandle scoped_process_token(token); - - // (Following call will fail with ERROR_INSUFFICIENT_BUFFER and give us the - // required size.) - scoped_array token_user_bytes; - DWORD token_user_size; - DWORD token_user_size2; - BOOL result = ::GetTokenInformation(token, TokenUser, NULL, 0, - &token_user_size); - err = ::GetLastError(); - CHECK(!result && err == ERROR_INSUFFICIENT_BUFFER); - - token_user_bytes.reset(new char[token_user_size]); - if (!token_user_bytes.get()) - return E_OUTOFMEMORY; - - if (!::GetTokenInformation(token, TokenUser, token_user_bytes.get(), - token_user_size, &token_user_size2)) { - return E_FAIL; - } - - WCHAR user_name[UNLEN + 1]; // max username length - WCHAR domain_name[UNLEN + 1]; - DWORD user_name_size = UNLEN + 1; - DWORD domain_name_size = UNLEN + 1; - SID_NAME_USE sid_type; - TOKEN_USER* token_user = - reinterpret_cast(token_user_bytes.get()); - if (!token_user) - return E_FAIL; - PSID user_sid = token_user->User.Sid; - if (!::LookupAccountSidW(NULL, user_sid, user_name, &user_name_size, - domain_name, &domain_name_size, &sid_type)) { - return E_FAIL; - } - - if (name != NULL) { - *name = user_name; - } - if (domain != NULL) { - *domain = domain_name; - } - if (sid != NULL) { - LPWSTR string_sid; - ConvertSidToStringSidW(user_sid, &string_sid); - *sid = string_sid; // copy out to cstring - // free memory, as documented for ConvertSidToStringSid - LocalFree(string_sid); - } - - return S_OK; -} - -HRESULT GetElevationType(PTOKEN_ELEVATION_TYPE elevation) { - if (!elevation) - return E_POINTER; - - *elevation = TokenElevationTypeDefault; - - if (base::win::GetVersion() < base::win::VERSION_VISTA) - return E_FAIL; - - HANDLE process_token; - if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &process_token)) - return HRESULT_FROM_WIN32(GetLastError()); - - base::win::ScopedHandle scoped_process_token(process_token); - - DWORD size; - TOKEN_ELEVATION_TYPE elevation_type; - if (!GetTokenInformation(process_token, TokenElevationType, &elevation_type, - sizeof(elevation_type), &size)) { - return HRESULT_FROM_WIN32(GetLastError()); - } - - *elevation = elevation_type; - return S_OK; -} - -// based on http://msdn2.microsoft.com/en-us/library/aa376389.aspx -bool GetUserGroup(long* group) { - if (!group) - return false; - - *group = 0; - - // groups are listed in DECREASING order of importance - // (eg. If a user is a member of both the admin group and - // the power user group, it is more useful to list the user - // as an admin) - DWORD user_groups[] = {DOMAIN_ALIAS_RID_ADMINS, - DOMAIN_ALIAS_RID_POWER_USERS}; - SID_IDENTIFIER_AUTHORITY nt_authority = SECURITY_NT_AUTHORITY; - - for (int i = 0; i < arraysize(user_groups) && *group == 0; ++i) { - PSID current_group; - if (AllocateAndInitializeSid(&nt_authority, 2, - SECURITY_BUILTIN_DOMAIN_RID, - user_groups[i], 0, 0, 0, 0, - 0, 0, ¤t_group)) { - BOOL current_level; - if (CheckTokenMembership(NULL, current_group, ¤t_level) && - current_level) { - *group = user_groups[i]; - } - - FreeSid(current_group); - } - } - - return group != 0; -} -} //anonymous - - -namespace rlz_lib { - -bool ProcessInfo::IsRunningAsSystem() { - static std::wstring name; - static std::wstring domain; - static std::wstring sid; - if (name.empty()) - CHECK(SUCCEEDED(GetCurrentUser(&name, &domain, &sid))); - - return (name == L"SYSTEM"); -} - -bool ProcessInfo::HasAdminRights() { - static bool evaluated = false; - static bool has_rights = false; - - if (!evaluated) { - if (IsRunningAsSystem()) { - has_rights = true; - } else if (base::win::GetVersion() >= base::win::VERSION_VISTA) { - TOKEN_ELEVATION_TYPE elevation; - base::IntegrityLevel level; - - if (SUCCEEDED(GetElevationType(&elevation)) && - base::GetProcessIntegrityLevel(base::GetCurrentProcessHandle(), &level)) - has_rights = (elevation == TokenElevationTypeFull) || - (level == HIGH_INTEGRITY); - } else { - long group = 0; - if (GetUserGroup(&group)) - has_rights = (group == DOMAIN_ALIAS_RID_ADMINS); - } - } - - evaluated = true; - if (!has_rights) - ASSERT_STRING("ProcessInfo::HasAdminRights: Does not have admin rights."); - - return has_rights; -} - -}; // namespace diff --git a/rlz/win/lib/process_info.h b/rlz/win/lib/process_info.h deleted file mode 100644 index 84bd604..0000000 --- a/rlz/win/lib/process_info.h +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// Information about the current process. - -#ifndef RLZ_WIN_LIB_PROCESS_INFO_H_ -#define RLZ_WIN_LIB_PROCESS_INFO_H_ - -#include "base/basictypes.h" - -namespace rlz_lib { - -class ProcessInfo { - public: - enum IntegrityLevel { - INTEGRITY_UNKNOWN, - LOW_INTEGRITY, - MEDIUM_INTEGRITY, - HIGH_INTEGRITY, - }; - - // All these functions cache the result after first run. - static bool IsRunningAsSystem(); - static bool HasAdminRights(); // System / Admin / High Elevation on Vista - - private: - DISALLOW_COPY_AND_ASSIGN(ProcessInfo); -}; // class -}; // namespace - -#endif // RLZ_WIN_LIB_PROCESS_INFO_H_ diff --git a/rlz/win/lib/registry_util.cc b/rlz/win/lib/registry_util.cc deleted file mode 100644 index 6a324d5..0000000 --- a/rlz/win/lib/registry_util.cc +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// A helper library to keep track of a user's key by SID. -// Used by RLZ libary. Also to be used by SearchWithGoogle library. - -#include "rlz/win/lib/registry_util.h" - -#include "base/process_util.h" -#include "base/utf_string_conversions.h" -#include "base/win/registry.h" -#include "base/win/windows_version.h" -#include "rlz/lib/assert.h" -#include "rlz/win/lib/process_info.h" - -namespace rlz_lib { - -bool RegKeyReadValue(base::win::RegKey& key, const wchar_t* name, - char* value, size_t* value_size) { - value[0] = 0; - - std::wstring value_string; - if (key.ReadValue(name, &value_string) != ERROR_SUCCESS) { - return false; - } - - if (value_string.length() > *value_size) { - *value_size = value_string.length(); - return false; - } - - // Note that RLZ string are always ASCII by design. - strncpy(value, WideToUTF8(value_string).c_str(), *value_size); - value[*value_size - 1] = 0; - return true; -} - -bool RegKeyWriteValue(base::win::RegKey& key, const wchar_t* name, - const char* value) { - std::wstring value_string(ASCIIToWide(value)); - return key.WriteValue(name, value_string.c_str()) == ERROR_SUCCESS; -} - -bool HasUserKeyAccess(bool write_access) { - // The caller is trying to access HKEY_CURRENT_USER. Test to see if we can - // read from there. Don't try HKEY_CURRENT_USER because this will cause - // problems in the unit tests: if we open HKEY_CURRENT_USER directly here, - // the overriding done for unit tests will no longer work. So we try subkey - // "Software" which is known to always exist. - base::win::RegKey key; - if (key.Open(HKEY_CURRENT_USER, L"Software", KEY_READ) != ERROR_SUCCESS) - ASSERT_STRING("Could not open HKEY_CURRENT_USER"); - - if (ProcessInfo::IsRunningAsSystem()) { - ASSERT_STRING("UserKey::HasAccess: No access as SYSTEM without SID set."); - return false; - } - - if (write_access) { - if (base::win::GetVersion() < base::win::VERSION_VISTA) return true; - base::ProcessHandle process_handle = base::GetCurrentProcessHandle(); - base::IntegrityLevel level = base::INTEGRITY_UNKNOWN; - - if (!base::GetProcessIntegrityLevel(process_handle, &level)) { - ASSERT_STRING("UserKey::HasAccess: Cannot determine Integrity Level."); - return false; - } - if (level <= base::LOW_INTEGRITY) { - ASSERT_STRING("UserKey::HasAccess: Cannot write from Low Integrity."); - return false; - } - } - return true; -} - -} // namespace rlz_lib diff --git a/rlz/win/lib/registry_util.h b/rlz/win/lib/registry_util.h deleted file mode 100644 index 60b8be6..0000000 --- a/rlz/win/lib/registry_util.h +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef RLZ_WIN_LIB_REGISTRY_UTIL_H_ -#define RLZ_WIN_LIB_REGISTRY_UTIL_H_ - -namespace base { -namespace win { -class RegKey; -} // namespace win -} // namespace base - -namespace rlz_lib { - -bool RegKeyReadValue(base::win::RegKey& key, - const wchar_t* name, - char* value, - size_t* value_size); - -bool RegKeyWriteValue(base::win::RegKey& key, - const wchar_t* name, - const char* value); - -bool HasUserKeyAccess(bool write_access); - -} // namespace rlz_lib - -#endif // RLZ_WIN_LIB_REGISTRY_UTIL_H_ diff --git a/rlz/win/lib/rlz_lib.h b/rlz/win/lib/rlz_lib.h deleted file mode 100644 index 3adbf97..0000000 --- a/rlz/win/lib/rlz_lib.h +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// A library to manage RLZ information for access-points shared -// across different client applications. -// -// All functions return true on success and false on error. -// This implemenation is thread safe. -// -// Each prototype mentions the registry access requirements: -// -// HKLM read: Will work from any process and at any privilege level on Vista. -// HKCU read: Calls made from the SYSTEM account must pass the current user's -// SID as the optional 'sid' param. Can be called from low integrity -// process on Vista. -// HKCU write: Calls made from the SYSTEM account must pass the current user's -// SID as the optional 'sid' param. Calls require at least medium -// integrity on Vista (e.g. Toolbar will need to use their broker) -// HKLM write: Calls must be made from an account with admin rights. No SID -// need be passed when running as SYSTEM. -// Functions which do not access registry will be marked with "no restrictions". - -#ifndef RLZ_WIN_LIB_RLZ_LIB_H_ -#define RLZ_WIN_LIB_RLZ_LIB_H_ - -// Clients can get away by just including rlz/lib/rlz_lib.h. This file only -// contains function definitions for files used by tests. It's mostly kept -// around for backwards-compatibility. - -#include "rlz/lib/rlz_lib.h" - -#include "base/win/registry.h" - -namespace rlz_lib { - -#if defined(OS_WIN) - -// Initialize temporary HKLM/HKCU registry hives used for testing. -// Testing RLZ requires reading and writing to the Windows registry. To keep -// the tests isolated from the machine's state, as well as to prevent the tests -// from causing side effects in the registry, HKCU and HKLM are overridden for -// the duration of the tests. RLZ tests don't expect the HKCU and KHLM hives to -// be empty though, and this function initializes the minimum value needed so -// that the test will run successfully. -// -// The two arguments to this function should be the keys that will represent -// the HKLM and HKCU registry hives during the tests. This function should be -// called *before* the hives are overridden. -void InitializeTempHivesForTesting(const base::win::RegKey& temp_hklm_key, - const base::win::RegKey& temp_hkcu_key); -#endif // defined(OS_WIN) - -} // namespace rlz_lib - -#endif // RLZ_WIN_LIB_RLZ_LIB_H_ diff --git a/rlz/win/lib/rlz_lib_win.cc b/rlz/win/lib/rlz_lib_win.cc deleted file mode 100644 index e7b145e..0000000 --- a/rlz/win/lib/rlz_lib_win.cc +++ /dev/null @@ -1,260 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// A library to manage RLZ information for access-points shared -// across different client applications. - -#include "rlz/win/lib/rlz_lib.h" - -#include -#include -#include - -#include "base/basictypes.h" -#include "base/win/registry.h" -#include "base/win/windows_version.h" -#include "rlz/lib/assert.h" -#include "rlz/lib/rlz_value_store.h" -#include "rlz/win/lib/machine_deal.h" -#include "rlz/win/lib/rlz_value_store_registry.h" - -namespace { - -// Path to recursively copy into the replacemment hives. These are needed -// to make sure certain win32 APIs continue to run correctly once the real -// hives are replaced. -const wchar_t* kHKLMAccessProviders = - L"System\\CurrentControlSet\\Control\\Lsa\\AccessProviders"; - -// Helper functions - -void CopyRegistryTree(const base::win::RegKey& src, base::win::RegKey* dest) { - // First copy values. - for (base::win::RegistryValueIterator i(src.Handle(), L""); - i.Valid(); ++i) { - dest->WriteValue(i.Name(), reinterpret_cast(i.Value()), - i.ValueSize(), i.Type()); - } - - // Next copy subkeys recursively. - for (base::win::RegistryKeyIterator i(src.Handle(), L""); - i.Valid(); ++i) { - base::win::RegKey subkey(dest->Handle(), i.Name(), KEY_ALL_ACCESS); - CopyRegistryTree(base::win::RegKey(src.Handle(), i.Name(), KEY_READ), - &subkey); - } -} - -} // namespace anonymous - - -namespace rlz_lib { - -// OEM Deal confirmation storage functions. - -template -class typed_buffer_ptr { - scoped_array buffer_; - - public: - typed_buffer_ptr() { - } - - explicit typed_buffer_ptr(size_t size) : buffer_(new char[size]) { - } - - void reset(size_t size) { - buffer_.reset(new char[size]); - } - - operator T*() { - return reinterpret_cast(buffer_.get()); - } -}; - -// Check if this SID has the desired access by scanning the ACEs in the DACL. -// This function is part of the rlz_lib namespace so that it can be called from -// unit tests. Non-unit test code should not call this function. -bool HasAccess(PSID sid, ACCESS_MASK access_mask, ACL* dacl) { - if (dacl == NULL) - return false; - - ACL_SIZE_INFORMATION info; - if (!GetAclInformation(dacl, &info, sizeof(info), AclSizeInformation)) - return false; - - GENERIC_MAPPING generic_mapping = {KEY_READ, KEY_WRITE, KEY_EXECUTE, - KEY_ALL_ACCESS}; - MapGenericMask(&access_mask, &generic_mapping); - - for (DWORD i = 0; i < info.AceCount; ++i) { - ACCESS_ALLOWED_ACE* ace; - if (GetAce(dacl, i, reinterpret_cast(&ace))) { - if ((ace->Header.AceFlags & INHERIT_ONLY_ACE) == INHERIT_ONLY_ACE) - continue; - - PSID existing_sid = reinterpret_cast(&ace->SidStart); - DWORD mask = ace->Mask; - MapGenericMask(&mask, &generic_mapping); - - if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE && - (mask & access_mask) == access_mask && EqualSid(existing_sid, sid)) - return true; - - if (ace->Header.AceType == ACCESS_DENIED_ACE_TYPE && - (mask & access_mask) != 0 && EqualSid(existing_sid, sid)) - return false; - } - } - - return false; -} - -bool CreateMachineState() { - LibMutex lock; - if (lock.failed()) - return false; - - base::win::RegKey hklm_key; - if (hklm_key.Create(HKEY_LOCAL_MACHINE, - RlzValueStoreRegistry::GetWideLibKeyName().c_str(), - KEY_ALL_ACCESS | KEY_WOW64_32KEY) != ERROR_SUCCESS) { - ASSERT_STRING("rlz_lib::CreateMachineState: " - "Unable to create / open machine key."); - return false; - } - - // Create a SID that represents ALL USERS. - DWORD users_sid_size = SECURITY_MAX_SID_SIZE; - typed_buffer_ptr users_sid(users_sid_size); - CreateWellKnownSid(WinBuiltinUsersSid, NULL, users_sid, &users_sid_size); - - // Get the security descriptor for the registry key. - DWORD original_sd_size = 0; - ::RegGetKeySecurity(hklm_key.Handle(), DACL_SECURITY_INFORMATION, NULL, - &original_sd_size); - typed_buffer_ptr original_sd(original_sd_size); - - LONG result = ::RegGetKeySecurity(hklm_key.Handle(), - DACL_SECURITY_INFORMATION, original_sd, &original_sd_size); - if (result != ERROR_SUCCESS) { - ASSERT_STRING("rlz_lib::CreateMachineState: " - "Unable to create / open machine key."); - return false; - } - - // Make a copy of the security descriptor so we can modify it. The one - // returned by RegGetKeySecurity() is self-relative, so we need to make it - // absolute. - DWORD new_sd_size = 0; - DWORD dacl_size = 0; - DWORD sacl_size = 0; - DWORD owner_size = 0; - DWORD group_size = 0; - ::MakeAbsoluteSD(original_sd, NULL, &new_sd_size, NULL, &dacl_size, - NULL, &sacl_size, NULL, &owner_size, - NULL, &group_size); - - typed_buffer_ptr new_sd(new_sd_size); - // Make sure the DACL is big enough to add one more ACE. - typed_buffer_ptr dacl(dacl_size + SECURITY_MAX_SID_SIZE); - typed_buffer_ptr sacl(sacl_size); - typed_buffer_ptr owner(owner_size); - typed_buffer_ptr group(group_size); - - if (!::MakeAbsoluteSD(original_sd, new_sd, &new_sd_size, dacl, &dacl_size, - sacl, &sacl_size, owner, &owner_size, - group, &group_size)) { - ASSERT_STRING("rlz_lib::CreateMachineState: MakeAbsoluteSD failed"); - return false; - } - - // If all users already have read/write access to the registry key, then - // nothing to do. Otherwise change the security descriptor of the key to - // give everyone access. - if (HasAccess(users_sid, KEY_ALL_ACCESS, dacl)) { - return false; - } - - // Add ALL-USERS ALL-ACCESS ACL. - EXPLICIT_ACCESS ea; - ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); - ea.grfAccessPermissions = GENERIC_ALL | KEY_ALL_ACCESS; - ea.grfAccessMode = GRANT_ACCESS; - ea.grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT; - ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME; - ea.Trustee.ptstrName = L"Everyone"; - - ACL* new_dacl = NULL; - result = SetEntriesInAcl(1, &ea, dacl, &new_dacl); - if (result != ERROR_SUCCESS) { - ASSERT_STRING("rlz_lib::CreateMachineState: SetEntriesInAcl failed"); - return false; - } - - BOOL ok = SetSecurityDescriptorDacl(new_sd, TRUE, new_dacl, FALSE); - if (!ok) { - ASSERT_STRING("rlz_lib::CreateMachineState: " - "SetSecurityDescriptorOwner failed"); - LocalFree(new_dacl); - return false; - } - - result = ::RegSetKeySecurity(hklm_key.Handle(), - DACL_SECURITY_INFORMATION, - new_sd); - // Note that the new DACL cannot be freed until after the call to - // RegSetKeySecurity(). - LocalFree(new_dacl); - - bool success = true; - if (result != ERROR_SUCCESS) { - ASSERT_STRING("rlz_lib::CreateMachineState: " - "Unable to create / open machine key."); - success = false; - } - - - return success; -} - -bool SetMachineDealCode(const char* dcc) { - return MachineDealCode::Set(dcc); -} - -bool GetMachineDealCodeAsCgi(char* cgi, size_t cgi_size) { - return MachineDealCode::GetAsCgi(cgi, cgi_size); -} - -bool GetMachineDealCode(char* dcc, size_t dcc_size) { - return MachineDealCode::Get(dcc, dcc_size); -} - -// Combined functions. - -bool SetMachineDealCodeFromPingResponse(const char* response) { - return MachineDealCode::SetFromPingResponse(response); -} - -void InitializeTempHivesForTesting(const base::win::RegKey& temp_hklm_key, - const base::win::RegKey& temp_hkcu_key) { - // For the moment, the HKCU hive requires no initialization. - - if (base::win::GetVersion() >= base::win::VERSION_WIN7) { - // Copy the following HKLM subtrees to the temporary location so that the - // win32 APIs used by the tests continue to work: - // - // HKLM\System\CurrentControlSet\Control\Lsa\AccessProviders - // - // This seems to be required since Win7. - base::win::RegKey dest(temp_hklm_key.Handle(), kHKLMAccessProviders, - KEY_ALL_ACCESS); - CopyRegistryTree(base::win::RegKey(HKEY_LOCAL_MACHINE, - kHKLMAccessProviders, - KEY_READ), - &dest); - } -} - -} // namespace rlz_lib diff --git a/rlz/win/lib/rlz_value_store_registry.cc b/rlz/win/lib/rlz_value_store_registry.cc deleted file mode 100644 index 36c53d5..0000000 --- a/rlz/win/lib/rlz_value_store_registry.cc +++ /dev/null @@ -1,384 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "rlz/win/lib/rlz_value_store_registry.h" - -#include "base/win/registry.h" -#include "base/stringprintf.h" -#include "base/utf_string_conversions.h" -#include "rlz/lib/assert.h" -#include "rlz/lib/lib_values.h" -#include "rlz/lib/rlz_lib.h" -#include "rlz/lib/string_utils.h" -#include "rlz/win/lib/registry_util.h" - -namespace rlz_lib { - -namespace { - -// -// Registry keys: -// -// RLZ's are stored as: -// = @ kRootKey\kLibKeyName\kRlzsSubkeyName. -// -// Events are stored as: -// = 1 @ -// HKCU\kLibKeyName\kEventsSubkeyName\GetProductName(product). -// -// The OEM Deal Confirmation Code (DCC) is stored as -// kDccValueName = @ HKLM\kLibKeyName -// -// The last ping time, per product is stored as: -// GetProductName(product) = @ -// HKCU\kLibKeyName\kPingTimesSubkeyName. -// -// The server does not care about any of these constants. -// -const char kLibKeyName[] = "Software\\Google\\Common\\Rlz"; -const wchar_t kGoogleKeyName[] = L"Software\\Google"; -const wchar_t kGoogleCommonKeyName[] = L"Software\\Google\\Common"; -const char kRlzsSubkeyName[] = "RLZs"; -const char kEventsSubkeyName[] = "Events"; -const char kStatefulEventsSubkeyName[] = "StatefulEvents"; -const char kPingTimesSubkeyName[] = "PTimes"; - -std::wstring GetWideProductName(Product product) { - return ASCIIToWide(GetProductName(product)); -} - -void AppendBrandToString(std::string* str) { - std::string brand(SupplementaryBranding::GetBrand()); - if (!brand.empty()) - base::StringAppendF(str, "\\_%s", brand.c_str()); -} - -// Function to get the specific registry keys. -bool GetRegKey(const char* name, REGSAM access, base::win::RegKey* key) { - std::string key_location; - base::StringAppendF(&key_location, "%s\\%s", kLibKeyName, name); - AppendBrandToString(&key_location); - - LONG ret = ERROR_SUCCESS; - if (access & (KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_CREATE_LINK)) { - ret = key->Create(HKEY_CURRENT_USER, ASCIIToWide(key_location).c_str(), - access); - } else { - ret = key->Open(HKEY_CURRENT_USER, ASCIIToWide(key_location).c_str(), - access); - } - - return ret == ERROR_SUCCESS; -} - -bool GetPingTimesRegKey(REGSAM access, base::win::RegKey* key) { - return GetRegKey(kPingTimesSubkeyName, access, key); -} - - -bool GetEventsRegKey(const char* event_type, - const rlz_lib::Product* product, - REGSAM access, base::win::RegKey* key) { - std::string key_location; - base::StringAppendF(&key_location, "%s\\%s", kLibKeyName, - event_type); - AppendBrandToString(&key_location); - - if (product != NULL) { - std::string product_name = GetProductName(*product); - if (product_name.empty()) - return false; - - base::StringAppendF(&key_location, "\\%s", product_name.c_str()); - } - - LONG ret = ERROR_SUCCESS; - if (access & (KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_CREATE_LINK)) { - ret = key->Create(HKEY_CURRENT_USER, ASCIIToWide(key_location).c_str(), - access); - } else { - ret = key->Open(HKEY_CURRENT_USER, ASCIIToWide(key_location).c_str(), - access); - } - - return ret == ERROR_SUCCESS; -} - -bool GetAccessPointRlzsRegKey(REGSAM access, base::win::RegKey* key) { - return GetRegKey(kRlzsSubkeyName, access, key); -} - -bool ClearAllProductEventValues(rlz_lib::Product product, const char* key) { - std::wstring product_name = GetWideProductName(product); - if (product_name.empty()) - return false; - - base::win::RegKey reg_key; - GetEventsRegKey(key, NULL, KEY_WRITE, ®_key); - reg_key.DeleteKey(product_name.c_str()); - - // Verify that the value no longer exists. - base::win::RegKey product_events( - reg_key.Handle(), product_name.c_str(), KEY_READ); - if (product_events.Valid()) { - ASSERT_STRING("ClearAllProductEvents: Key deletion failed"); - return false; - } - - return true; -} - -// Deletes a registry key if it exists and has no subkeys or values. -// TODO: Move this to a registry_utils file and add unittest. -bool DeleteKeyIfEmpty(HKEY root_key, const wchar_t* key_name) { - if (!key_name) { - ASSERT_STRING("DeleteKeyIfEmpty: key_name is NULL"); - return false; - } else { // Scope needed for RegKey - base::win::RegKey key(root_key, key_name, KEY_READ); - if (!key.Valid()) - return true; // Key does not exist - nothing to do. - - base::win::RegistryKeyIterator key_iter(root_key, key_name); - if (key_iter.SubkeyCount() > 0) - return true; // Not empty, so nothing to do - - base::win::RegistryValueIterator value_iter(root_key, key_name); - if (value_iter.ValueCount() > 0) - return true; // Not empty, so nothing to do - } - - // The key is empty - delete it now. - base::win::RegKey key(root_key, L"", KEY_WRITE); - return key.DeleteKey(key_name) == ERROR_SUCCESS; -} - -} // namespace - -// static -std::wstring RlzValueStoreRegistry::GetWideLibKeyName() { - return ASCIIToWide(kLibKeyName); -} - -bool RlzValueStoreRegistry::HasAccess(AccessType type) { - return HasUserKeyAccess(type == kWriteAccess); -} - -bool RlzValueStoreRegistry::WritePingTime(Product product, int64 time) { - base::win::RegKey key; - std::wstring product_name = GetWideProductName(product); - return GetPingTimesRegKey(KEY_WRITE, &key) && - key.WriteValue(product_name.c_str(), &time, sizeof(time), - REG_QWORD) == ERROR_SUCCESS; -} - -bool RlzValueStoreRegistry::ReadPingTime(Product product, int64* time) { - base::win::RegKey key; - std::wstring product_name = GetWideProductName(product); - return GetPingTimesRegKey(KEY_READ, &key) && - key.ReadInt64(product_name.c_str(), time) == ERROR_SUCCESS; -} - -bool RlzValueStoreRegistry::ClearPingTime(Product product) { - base::win::RegKey key; - GetPingTimesRegKey(KEY_WRITE, &key); - - std::wstring product_name = GetWideProductName(product); - key.DeleteValue(product_name.c_str()); - - // Verify deletion. - uint64 value; - DWORD size = sizeof(value); - if (key.ReadValue( - product_name.c_str(), &value, &size, NULL) == ERROR_SUCCESS) { - ASSERT_STRING("RlzValueStoreRegistry::ClearPingTime: Failed to delete."); - return false; - } - - return true; -} - -bool RlzValueStoreRegistry::WriteAccessPointRlz(AccessPoint access_point, - const char* new_rlz) { - const char* access_point_name = GetAccessPointName(access_point); - if (!access_point_name) - return false; - - std::wstring access_point_name_wide(ASCIIToWide(access_point_name)); - base::win::RegKey key; - GetAccessPointRlzsRegKey(KEY_WRITE, &key); - - if (!RegKeyWriteValue(key, access_point_name_wide.c_str(), new_rlz)) { - ASSERT_STRING("SetAccessPointRlz: Could not write the new RLZ value"); - return false; - } - return true; -} - -bool RlzValueStoreRegistry::ReadAccessPointRlz(AccessPoint access_point, - char* rlz, - size_t rlz_size) { - const char* access_point_name = GetAccessPointName(access_point); - if (!access_point_name) - return false; - - size_t size = rlz_size; - base::win::RegKey key; - GetAccessPointRlzsRegKey(KEY_READ, &key); - if (!RegKeyReadValue(key, ASCIIToWide(access_point_name).c_str(), - rlz, &size)) { - rlz[0] = 0; - if (size > rlz_size) { - ASSERT_STRING("GetAccessPointRlz: Insufficient buffer size"); - return false; - } - } - return true; -} - -bool RlzValueStoreRegistry::ClearAccessPointRlz(AccessPoint access_point) { - const char* access_point_name = GetAccessPointName(access_point); - if (!access_point_name) - return false; - - std::wstring access_point_name_wide(ASCIIToWide(access_point_name)); - base::win::RegKey key; - GetAccessPointRlzsRegKey(KEY_WRITE, &key); - - key.DeleteValue(access_point_name_wide.c_str()); - - // Verify deletion. - DWORD value; - if (key.ReadValueDW(access_point_name_wide.c_str(), &value) == - ERROR_SUCCESS) { - ASSERT_STRING("SetAccessPointRlz: Could not clear the RLZ value."); - return false; - } - return true; -} - -bool RlzValueStoreRegistry::AddProductEvent(Product product, - const char* event_rlz) { - std::wstring event_rlz_wide(ASCIIToWide(event_rlz)); - base::win::RegKey reg_key; - GetEventsRegKey(kEventsSubkeyName, &product, KEY_WRITE, ®_key); - if (reg_key.WriteValue(event_rlz_wide.c_str(), 1) != ERROR_SUCCESS) { - ASSERT_STRING("AddProductEvent: Could not write the new event value"); - return false; - } - - return true; -} - -bool RlzValueStoreRegistry::ReadProductEvents(Product product, - std::vector* events) { - // Open the events key. - base::win::RegKey events_key; - GetEventsRegKey(kEventsSubkeyName, &product, KEY_READ, &events_key); - if (!events_key.Valid()) - return false; - - // Append the events to the buffer. - int num_values = 0; - LONG result = ERROR_SUCCESS; - for (num_values = 0; result == ERROR_SUCCESS; ++num_values) { - // Max 32767 bytes according to MSDN, but we never use that much. - const size_t kMaxValueNameLength = 2048; - char buffer[kMaxValueNameLength]; - DWORD size = arraysize(buffer); - - result = RegEnumValueA(events_key.Handle(), num_values, buffer, &size, - NULL, NULL, NULL, NULL); - if (result == ERROR_SUCCESS) - events->push_back(std::string(buffer)); - } - - return result == ERROR_NO_MORE_ITEMS; -} - -bool RlzValueStoreRegistry::ClearProductEvent(Product product, - const char* event_rlz) { - std::wstring event_rlz_wide(ASCIIToWide(event_rlz)); - base::win::RegKey key; - GetEventsRegKey(kEventsSubkeyName, &product, KEY_WRITE, &key); - key.DeleteValue(event_rlz_wide.c_str()); - - // Verify deletion. - DWORD value; - if (key.ReadValueDW(event_rlz_wide.c_str(), &value) == ERROR_SUCCESS) { - ASSERT_STRING("ClearProductEvent: Could not delete the event value."); - return false; - } - - return true; -} - -bool RlzValueStoreRegistry::ClearAllProductEvents(Product product) { - return ClearAllProductEventValues(product, kEventsSubkeyName); -} - -bool RlzValueStoreRegistry::AddStatefulEvent(Product product, - const char* event_rlz) { - base::win::RegKey key; - std::wstring event_rlz_wide(ASCIIToWide(event_rlz)); - if (!GetEventsRegKey(kStatefulEventsSubkeyName, &product, KEY_WRITE, &key) || - key.WriteValue(event_rlz_wide.c_str(), 1) != ERROR_SUCCESS) { - ASSERT_STRING( - "AddStatefulEvent: Could not write the new stateful event"); - return false; - } - - return true; -} - -bool RlzValueStoreRegistry::IsStatefulEvent(Product product, - const char* event_rlz) { - DWORD value; - base::win::RegKey key; - GetEventsRegKey(kStatefulEventsSubkeyName, &product, KEY_READ, &key); - std::wstring event_rlz_wide(ASCIIToWide(event_rlz)); - return key.ReadValueDW(event_rlz_wide.c_str(), &value) == ERROR_SUCCESS; -} - -bool RlzValueStoreRegistry::ClearAllStatefulEvents(Product product) { - return ClearAllProductEventValues(product, kStatefulEventsSubkeyName); -} - -void RlzValueStoreRegistry::CollectGarbage() { - // Delete each of the known subkeys if empty. - const char* subkeys[] = { - kRlzsSubkeyName, - kEventsSubkeyName, - kStatefulEventsSubkeyName, - kPingTimesSubkeyName - }; - - for (int i = 0; i < arraysize(subkeys); i++) { - std::string subkey_name; - base::StringAppendF(&subkey_name, "%s\\%s", kLibKeyName, subkeys[i]); - AppendBrandToString(&subkey_name); - - VERIFY(DeleteKeyIfEmpty(HKEY_CURRENT_USER, - ASCIIToWide(subkey_name).c_str())); - } - - // Delete the library key and its parents too now if empty. - VERIFY(DeleteKeyIfEmpty(HKEY_CURRENT_USER, GetWideLibKeyName().c_str())); - VERIFY(DeleteKeyIfEmpty(HKEY_CURRENT_USER, kGoogleCommonKeyName)); - VERIFY(DeleteKeyIfEmpty(HKEY_CURRENT_USER, kGoogleKeyName)); -} - -ScopedRlzValueStoreLock::ScopedRlzValueStoreLock() { - if (!lock_.failed()) - store_.reset(new RlzValueStoreRegistry); -} - -ScopedRlzValueStoreLock::~ScopedRlzValueStoreLock() { -} - -RlzValueStore* ScopedRlzValueStoreLock::GetStore() { - return store_.get(); -} - -} // namespace rlz_lib diff --git a/rlz/win/lib/rlz_value_store_registry.h b/rlz/win/lib/rlz_value_store_registry.h deleted file mode 100644 index c7fae46..0000000 --- a/rlz/win/lib/rlz_value_store_registry.h +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef RLZ_WIN_LIB_RLZ_VALUE_STORE_REGISTRY_H_ -#define RLZ_WIN_LIB_RLZ_VALUE_STORE_REGISTRY_H_ - -#include "base/compiler_specific.h" -#include "rlz/lib/rlz_value_store.h" - -namespace rlz_lib { - -// Implements RlzValueStore by storing values in the windows registry. -class RlzValueStoreRegistry : public RlzValueStore { - public: - static std::wstring GetWideLibKeyName(); - - virtual bool HasAccess(AccessType type) OVERRIDE; - - virtual bool WritePingTime(Product product, int64 time) OVERRIDE; - virtual bool ReadPingTime(Product product, int64* time) OVERRIDE; - virtual bool ClearPingTime(Product product) OVERRIDE; - - virtual bool WriteAccessPointRlz(AccessPoint access_point, - const char* new_rlz) OVERRIDE; - virtual bool ReadAccessPointRlz(AccessPoint access_point, - char* rlz, - size_t rlz_size) OVERRIDE; - virtual bool ClearAccessPointRlz(AccessPoint access_point) OVERRIDE; - - virtual bool AddProductEvent(Product product, const char* event_rlz) OVERRIDE; - virtual bool ReadProductEvents(Product product, - std::vector* events) OVERRIDE; - virtual bool ClearProductEvent(Product product, - const char* event_rlz) OVERRIDE; - virtual bool ClearAllProductEvents(Product product) OVERRIDE; - - virtual bool AddStatefulEvent(Product product, - const char* event_rlz) OVERRIDE; - virtual bool IsStatefulEvent(Product product, - const char* event_rlz) OVERRIDE; - virtual bool ClearAllStatefulEvents(Product product) OVERRIDE; - - virtual void CollectGarbage() OVERRIDE; - - private: - RlzValueStoreRegistry() {} - DISALLOW_COPY_AND_ASSIGN(RlzValueStoreRegistry); - friend class ScopedRlzValueStoreLock; -}; - -} // namespace rlz_lib - -#endif // RLZ_WIN_LIB_RLZ_VALUE_STORE_REGISTRY_H_ - diff --git a/rlz/win/lib/vista_winnt.h b/rlz/win/lib/vista_winnt.h deleted file mode 100644 index 073e66f..0000000 --- a/rlz/win/lib/vista_winnt.h +++ /dev/null @@ -1,99 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// This file contains snippets borrowed from the Vista SDK version of -// WinNT.h, (c) Microsoft (2006) - -#ifndef RLZ_WIN_LIB_VISTA_WINNT_H_ -#define RLZ_WIN_LIB_VISTA_WINNT_H_ - -#include - -// If no Vista SDK yet, borrow these from Vista's version of WinNT.h -#ifndef SE_GROUP_INTEGRITY - -// TOKEN_MANDATORY_LABEL.Label.Attributes = SE_GROUP_INTEGRITY -#define SE_GROUP_INTEGRITY (0x00000020L) -#define SE_GROUP_INTEGRITY_ENABLED (0x00000040L) - -typedef struct _TOKEN_MANDATORY_LABEL { - SID_AND_ATTRIBUTES Label; -} TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL; - -// These are a few new enums for TOKEN_INFORMATION_CLASS -#define TokenElevationType static_cast(18) -#define TokenLinkedToken static_cast(19) -#define TokenElevation static_cast(20) -#define TokenHasRestrictions static_cast(21) -#define TokenAccessInformation static_cast(22) -#define TokenVirtualizationAllowed static_cast(23) -#define TokenVirtualizationEnabled static_cast(24) -// TokenIntegrityLevel is the proces's privilege level, low, med, or high -#define TokenIntegrityLevel static_cast(25) -// TokenIntegrityLevelDeasktop is an alternate level used for access apis -// (screen readers, imes) -#define TokenIntegrityLevelDesktop static_cast(26) - -// This is a new flag to pass to GetNamedSecurityInfo or SetNamedSecurityInfo -// that puts the mandatory level label info in an access control list (ACL) -// structure in the parameter normally used for system acls (SACL) -#define LABEL_SECURITY_INFORMATION (0x00000010L) - -// The new Access Control Entry type identifier for mandatory labels -#define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11) - -// The structure of mandatory label acess control binary entry -typedef struct _SYSTEM_MANDATORY_LABEL_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE; - -// Masks for ACCESS_MASK above -#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 -#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 -#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 -#define SYSTEM_MANDATORY_LABEL_VALID_MASK \ - (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \ - SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ - SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) - -// The SID authority for mandatory labels -#define SECURITY_MANDATORY_LABEL_AUTHORITY {0, 0, 0, 0, 0, 16} - -// the RID values (sub authorities) that define mandatory label levels -#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L) -#define SECURITY_MANDATORY_LOW_RID (0x00001000L) -#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L) -#define SECURITY_MANDATORY_HIGH_RID (0x00003000L) -#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L) -#define SECURITY_MANDATORY_UI_ACCESS_RID (0x00004100L) -#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L) - -// Vista's mandatory labels, enumerated -typedef enum _MANDATORY_LEVEL { - MandatoryLevelUntrusted = 0, - MandatoryLevelLow, - MandatoryLevelMedium, - MandatoryLevelHigh, - MandatoryLevelSystem, - MandatoryLevelSecureProcess, - MandatoryLevelCount -} MANDATORY_LEVEL, *PMANDATORY_LEVEL; - - -// Token elevation values describe the relative strength of a given token. -// A full token is a token with all groups and privileges to which the -// principal is authorized. A limited token is one with some groups or -// privileges removed. - -typedef enum _TOKEN_ELEVATION_TYPE { - TokenElevationTypeDefault = 1, - TokenElevationTypeFull, - TokenElevationTypeLimited, -} TOKEN_ELEVATION_TYPE, *PTOKEN_ELEVATION_TYPE; - -#endif // #ifndef SE_GROUP_INTEGRITY - -#endif // RLZ_WIN_LIB_VISTA_WINNT_H_ -- cgit v1.1