diff options
Diffstat (limited to 'src/burn/engine/cache.cpp')
| -rw-r--r-- | src/burn/engine/cache.cpp | 35 |
1 files changed, 31 insertions, 4 deletions
diff --git a/src/burn/engine/cache.cpp b/src/burn/engine/cache.cpp index 251cd24b..119200ec 100644 --- a/src/burn/engine/cache.cpp +++ b/src/burn/engine/cache.cpp | |||
| @@ -107,6 +107,7 @@ static HRESULT SecurePath( | |||
| 107 | __in LPCWSTR wzPath | 107 | __in LPCWSTR wzPath |
| 108 | ); | 108 | ); |
| 109 | static HRESULT CopyEngineToWorkingFolder( | 109 | static HRESULT CopyEngineToWorkingFolder( |
| 110 | __in BOOL fElevated, | ||
| 110 | __in BURN_CACHE* pCache, | 111 | __in BURN_CACHE* pCache, |
| 111 | __in_z LPCWSTR wzSourcePath, | 112 | __in_z LPCWSTR wzSourcePath, |
| 112 | __in_z LPCWSTR wzWorkingFolderName, | 113 | __in_z LPCWSTR wzWorkingFolderName, |
| @@ -342,6 +343,7 @@ LExit: | |||
| 342 | } | 343 | } |
| 343 | 344 | ||
| 344 | extern "C" HRESULT CacheEnsureBaseWorkingFolder( | 345 | extern "C" HRESULT CacheEnsureBaseWorkingFolder( |
| 346 | __in BOOL fElevated, | ||
| 345 | __in BURN_CACHE* pCache, | 347 | __in BURN_CACHE* pCache, |
| 346 | __deref_out_z_opt LPWSTR* psczBaseWorkingFolder | 348 | __deref_out_z_opt LPWSTR* psczBaseWorkingFolder |
| 347 | ) | 349 | ) |
| @@ -350,15 +352,32 @@ extern "C" HRESULT CacheEnsureBaseWorkingFolder( | |||
| 350 | 352 | ||
| 351 | HRESULT hr = S_OK; | 353 | HRESULT hr = S_OK; |
| 352 | LPWSTR sczPotential = NULL; | 354 | LPWSTR sczPotential = NULL; |
| 355 | PSECURITY_DESCRIPTOR psd = NULL; | ||
| 356 | LPSECURITY_ATTRIBUTES pWorkingFolderAcl = NULL; | ||
| 353 | 357 | ||
| 354 | if (!pCache->fInitializedBaseWorkingFolder) | 358 | if (!pCache->fInitializedBaseWorkingFolder) |
| 355 | { | 359 | { |
| 360 | // If elevated, allocate the pWorkingFolderAcl to protect the working folder to only SYSTEM and Admins. | ||
| 361 | if (fElevated) | ||
| 362 | { | ||
| 363 | LPCWSTR wzSddl = L"D:PAI(A;;FA;;;BA)(A;OICIIO;GA;;;BA)(A;;FA;;;SY)(A;OICIIO;GA;;;SY)"; | ||
| 364 | if (!::ConvertStringSecurityDescriptorToSecurityDescriptorW(wzSddl, SDDL_REVISION_1, &psd, NULL)) | ||
| 365 | { | ||
| 366 | ExitWithLastError(hr, "Failed to create the security descriptor for the working folder."); | ||
| 367 | } | ||
| 368 | |||
| 369 | pWorkingFolderAcl = reinterpret_cast<LPSECURITY_ATTRIBUTES>(MemAlloc(sizeof(SECURITY_ATTRIBUTES), TRUE)); | ||
| 370 | pWorkingFolderAcl->nLength = sizeof(SECURITY_ATTRIBUTES); | ||
| 371 | pWorkingFolderAcl->lpSecurityDescriptor = psd; | ||
| 372 | pWorkingFolderAcl->bInheritHandle = FALSE; | ||
| 373 | } | ||
| 374 | |||
| 356 | for (DWORD i = 0; i < pCache->cPotentialBaseWorkingFolders; ++i) | 375 | for (DWORD i = 0; i < pCache->cPotentialBaseWorkingFolders; ++i) |
| 357 | { | 376 | { |
| 358 | hr = PathConcatRelativeToFullyQualifiedBase(pCache->rgsczPotentialBaseWorkingFolders[i], pCache->wzGuid, &sczPotential); | 377 | hr = PathConcatRelativeToFullyQualifiedBase(pCache->rgsczPotentialBaseWorkingFolders[i], pCache->wzGuid, &sczPotential); |
| 359 | if (SUCCEEDED(hr)) | 378 | if (SUCCEEDED(hr)) |
| 360 | { | 379 | { |
| 361 | hr = DirEnsureExists(sczPotential, NULL); | 380 | hr = DirEnsureExists(sczPotential, pWorkingFolderAcl); |
| 362 | if (SUCCEEDED(hr)) | 381 | if (SUCCEEDED(hr)) |
| 363 | { | 382 | { |
| 364 | pCache->sczBaseWorkingFolder = sczPotential; | 383 | pCache->sczBaseWorkingFolder = sczPotential; |
| @@ -385,6 +404,11 @@ extern "C" HRESULT CacheEnsureBaseWorkingFolder( | |||
| 385 | } | 404 | } |
| 386 | 405 | ||
| 387 | LExit: | 406 | LExit: |
| 407 | ReleaseMem(pWorkingFolderAcl); | ||
| 408 | if (psd) | ||
| 409 | { | ||
| 410 | ::LocalFree(psd); | ||
| 411 | } | ||
| 388 | ReleaseStr(sczPotential); | 412 | ReleaseStr(sczPotential); |
| 389 | 413 | ||
| 390 | return hr; | 414 | return hr; |
| @@ -900,6 +924,7 @@ extern "C" HRESULT CachePreparePackage( | |||
| 900 | } | 924 | } |
| 901 | 925 | ||
| 902 | extern "C" HRESULT CacheBundleToCleanRoom( | 926 | extern "C" HRESULT CacheBundleToCleanRoom( |
| 927 | __in BOOL fElevated, | ||
| 903 | __in BURN_CACHE* pCache, | 928 | __in BURN_CACHE* pCache, |
| 904 | __in BURN_SECTION* pSection, | 929 | __in BURN_SECTION* pSection, |
| 905 | __deref_out_z_opt LPWSTR* psczCleanRoomBundlePath | 930 | __deref_out_z_opt LPWSTR* psczCleanRoomBundlePath |
| @@ -914,7 +939,7 @@ extern "C" HRESULT CacheBundleToCleanRoom( | |||
| 914 | 939 | ||
| 915 | wzExecutableName = PathFile(sczSourcePath); | 940 | wzExecutableName = PathFile(sczSourcePath); |
| 916 | 941 | ||
| 917 | hr = CopyEngineToWorkingFolder(pCache, sczSourcePath, BUNDLE_CLEAN_ROOM_WORKING_FOLDER_NAME, wzExecutableName, pSection, psczCleanRoomBundlePath); | 942 | hr = CopyEngineToWorkingFolder(fElevated, pCache, sczSourcePath, BUNDLE_CLEAN_ROOM_WORKING_FOLDER_NAME, wzExecutableName, pSection, psczCleanRoomBundlePath); |
| 918 | ExitOnFailure(hr, "Failed to cache bundle to clean room."); | 943 | ExitOnFailure(hr, "Failed to cache bundle to clean room."); |
| 919 | 944 | ||
| 920 | LExit: | 945 | LExit: |
| @@ -924,6 +949,7 @@ LExit: | |||
| 924 | } | 949 | } |
| 925 | 950 | ||
| 926 | extern "C" HRESULT CacheBundleToWorkingDirectory( | 951 | extern "C" HRESULT CacheBundleToWorkingDirectory( |
| 952 | __in BOOL fElevated, | ||
| 927 | __in BURN_CACHE* pCache, | 953 | __in BURN_CACHE* pCache, |
| 928 | __in_z LPCWSTR wzExecutableName, | 954 | __in_z LPCWSTR wzExecutableName, |
| 929 | __in BURN_SECTION* pSection, | 955 | __in BURN_SECTION* pSection, |
| @@ -948,7 +974,7 @@ extern "C" HRESULT CacheBundleToWorkingDirectory( | |||
| 948 | } | 974 | } |
| 949 | else // otherwise, carry on putting the bundle in the working folder. | 975 | else // otherwise, carry on putting the bundle in the working folder. |
| 950 | { | 976 | { |
| 951 | hr = CopyEngineToWorkingFolder(pCache, sczSourcePath, BUNDLE_WORKING_FOLDER_NAME, wzExecutableName, pSection, psczEngineWorkingPath); | 977 | hr = CopyEngineToWorkingFolder(fElevated, pCache, sczSourcePath, BUNDLE_WORKING_FOLDER_NAME, wzExecutableName, pSection, psczEngineWorkingPath); |
| 952 | ExitOnFailure(hr, "Failed to copy engine to working folder."); | 978 | ExitOnFailure(hr, "Failed to copy engine to working folder."); |
| 953 | } | 979 | } |
| 954 | 980 | ||
| @@ -2099,6 +2125,7 @@ LExit: | |||
| 2099 | 2125 | ||
| 2100 | 2126 | ||
| 2101 | static HRESULT CopyEngineToWorkingFolder( | 2127 | static HRESULT CopyEngineToWorkingFolder( |
| 2128 | __in BOOL fElevated, | ||
| 2102 | __in BURN_CACHE* pCache, | 2129 | __in BURN_CACHE* pCache, |
| 2103 | __in_z LPCWSTR wzSourcePath, | 2130 | __in_z LPCWSTR wzSourcePath, |
| 2104 | __in_z LPCWSTR wzWorkingFolderName, | 2131 | __in_z LPCWSTR wzWorkingFolderName, |
| @@ -2115,7 +2142,7 @@ static HRESULT CopyEngineToWorkingFolder( | |||
| 2115 | LPWSTR sczPayloadSourcePath = NULL; | 2142 | LPWSTR sczPayloadSourcePath = NULL; |
| 2116 | LPWSTR sczPayloadTargetPath = NULL; | 2143 | LPWSTR sczPayloadTargetPath = NULL; |
| 2117 | 2144 | ||
| 2118 | hr = CacheEnsureBaseWorkingFolder(pCache, &sczWorkingFolder); | 2145 | hr = CacheEnsureBaseWorkingFolder(fElevated, pCache, &sczWorkingFolder); |
| 2119 | ExitOnFailure(hr, "Failed to create working path to copy engine."); | 2146 | ExitOnFailure(hr, "Failed to create working path to copy engine."); |
| 2120 | 2147 | ||
| 2121 | hr = PathConcatRelativeToFullyQualifiedBase(sczWorkingFolder, wzWorkingFolderName, &sczTargetDirectory); | 2148 | hr = PathConcatRelativeToFullyQualifiedBase(sczWorkingFolder, wzWorkingFolderName, &sczTargetDirectory); |