From 75d645c6aec0df0e02bd3aaf2fe2571d83316d4c Mon Sep 17 00:00:00 2001 From: Sean Hall Date: Tue, 3 Aug 2021 15:43:30 -0500 Subject: Remove unelevation code since clean room changes made it unreachable. --- src/burn/engine/core.cpp | 14 ---- src/burn/engine/core.h | 3 - src/burn/engine/elevation.cpp | 42 ++++++++++- src/burn/engine/engine.cpp | 30 +++----- src/burn/engine/pipe.cpp | 102 --------------------------- src/burn/engine/pipe.h | 13 ---- src/burn/test/BurnUnitTest/ElevationTest.cpp | 27 +++---- 7 files changed, 61 insertions(+), 170 deletions(-) diff --git a/src/burn/engine/core.cpp b/src/burn/engine/core.cpp index 94aaf204..3e45cdfc 100644 --- a/src/burn/engine/core.cpp +++ b/src/burn/engine/core.cpp @@ -1086,14 +1086,6 @@ extern "C" HRESULT CoreCreateCleanRoomCommandLine( ExitOnFailure(hr, "Failed to append /disablesystemrestore."); } -#ifdef ENABLE_UNELEVATE - if (pInternalCommand->fDisableUnelevate) - { - hr = StrAllocConcatFormatted(psczCommandLine, L" /%ls", BURN_COMMANDLINE_SWITCH_DISABLE_UNELEVATE); - ExitOnFailure(hr, "Failed to append switch: %ls.", BURN_COMMANDLINE_SWITCH_DISABLE_UNELEVATE); - } -#endif - if (pInternalCommand->sczOriginalSource) { hr = StrAllocConcat(psczCommandLine, L" /originalsource", 0); @@ -1646,12 +1638,6 @@ extern "C" HRESULT CoreParseCommandLine( { pCommand->fPassthrough = TRUE; } - else if (CSTR_EQUAL == ::CompareStringW(LOCALE_INVARIANT, NORM_IGNORECASE, &argv[i][1], -1, BURN_COMMANDLINE_SWITCH_DISABLE_UNELEVATE, -1)) - { -#ifdef ENABLE_UNELEVATE - pInternalCommand->fDisableUnelevate = TRUE; -#endif - } else if (CSTR_EQUAL == ::CompareStringW(LOCALE_INVARIANT, NORM_IGNORECASE, &argv[i][1], -1, BURN_COMMANDLINE_SWITCH_RUNONCE, -1)) { if (BURN_MODE_UNKNOWN != pInternalCommand->mode) diff --git a/src/burn/engine/core.h b/src/burn/engine/core.h index ccc33ba4..f3328738 100644 --- a/src/burn/engine/core.h +++ b/src/burn/engine/core.h @@ -91,9 +91,6 @@ typedef struct _BURN_ENGINE_COMMAND BURN_MODE mode; BURN_AU_PAUSE_ACTION automaticUpdates; BOOL fDisableSystemRestore; -#ifdef ENABLE_UNELEVATE - BOOL fDisableUnelevate; -#endif BOOL fInitiallyElevated; LPWSTR sczActiveParent; diff --git a/src/burn/engine/elevation.cpp b/src/burn/engine/elevation.cpp index 03674f0b..c229fa58 100644 --- a/src/burn/engine/elevation.cpp +++ b/src/burn/engine/elevation.cpp @@ -100,6 +100,16 @@ typedef struct _BURN_ELEVATION_CHILD_MESSAGE_CONTEXT // internal function declarations +/******************************************************************* + LaunchElevatedProcess - Called from the per-user process to create + the per-machine process and set up the + communication pipe. + +*******************************************************************/ +static HRESULT LaunchElevatedProcess( + __in BURN_ENGINE_STATE* pEngineState, + __in_opt HWND hwndParent + ); static DWORD WINAPI ElevatedChildCacheThreadProc( __in LPVOID lpThreadParameter ); @@ -367,7 +377,7 @@ extern "C" HRESULT ElevationElevate( nResult = IDOK; // Create the elevated process and if successful, wait for it to connect. - hr = PipeLaunchChildProcess(pEngineState->sczBundleEngineWorkingPath, &pEngineState->companionConnection, TRUE, hwndParent); + hr = LaunchElevatedProcess(pEngineState, hwndParent); if (SUCCEEDED(hr)) { LogId(REPORT_STANDARD, MSG_LAUNCH_ELEVATED_ENGINE_SUCCESS); @@ -1371,6 +1381,36 @@ LExit: // internal function definitions +static HRESULT LaunchElevatedProcess( + __in BURN_ENGINE_STATE* pEngineState, + __in_opt HWND hwndParent + ) +{ + HRESULT hr = S_OK; + DWORD dwCurrentProcessId = ::GetCurrentProcessId(); + LPWSTR sczParameters = NULL; + HANDLE hProcess = NULL; + BURN_PIPE_CONNECTION* pConnection = &pEngineState->companionConnection; + + hr = StrAllocFormatted(&sczParameters, L"-q -%ls %ls %ls %u", BURN_COMMANDLINE_SWITCH_ELEVATED, pConnection->sczName, pConnection->sczSecret, dwCurrentProcessId); + ExitOnFailure(hr, "Failed to allocate parameters for elevated process."); + + // Since ShellExecuteEx doesn't support passing inherited handles, don't bother with CoreAppendFileHandleSelfToCommandLine. + // We could fallback to using ::DuplicateHandle to inject the file handle later if necessary. + hr = ShelExec(pEngineState->sczBundleEngineWorkingPath, sczParameters, L"runas", NULL, SW_SHOWNA, hwndParent, &hProcess); + ExitOnFailure(hr, "Failed to launch elevated child process: %ls", pEngineState->sczBundleEngineWorkingPath); + + pConnection->dwProcessId = ::GetProcessId(hProcess); + pConnection->hProcess = hProcess; + hProcess = NULL; + +LExit: + ReleaseHandle(hProcess); + ReleaseStr(sczParameters); + + return hr; +} + static DWORD WINAPI ElevatedChildCacheThreadProc( __in LPVOID lpThreadParameter ) diff --git a/src/burn/engine/engine.cpp b/src/burn/engine/engine.cpp index 8b4a296b..0ce2de6d 100644 --- a/src/burn/engine/engine.cpp +++ b/src/burn/engine/engine.cpp @@ -462,31 +462,19 @@ static HRESULT RunUntrusted( hr = CoreCreateCleanRoomCommandLine(&sczParameters, pEngineState, wzCleanRoomBundlePath, sczCurrentProcessPath, &hFileAttached, &hFileSelf); ExitOnFailure(hr, "Failed to create clean room command-line."); -#ifdef ENABLE_UNELEVATE - // TODO: Pass file handle to unelevated process if this ever gets reenabled. - if (!pEngineState->internalCommand.fDisableUnelevate) - { - // Try to launch unelevated and if that fails for any reason, we'll launch our process normally (even though that may make it elevated). - hr = ProcExecuteAsInteractiveUser(wzCleanRoomBundlePath, sczParameters, &hProcess); - } -#endif + hr = StrAllocFormattedSecure(&sczFullCommandLine, L"\"%ls\" %ls", wzCleanRoomBundlePath, sczParameters); + ExitOnFailure(hr, "Failed to allocate full command-line."); - if (!hProcess) + si.cb = sizeof(si); + si.wShowWindow = static_cast(pEngineState->command.nCmdShow); + if (!::CreateProcessW(wzCleanRoomBundlePath, sczFullCommandLine, NULL, NULL, TRUE, 0, 0, NULL, &si, &pi)) { - hr = StrAllocFormattedSecure(&sczFullCommandLine, L"\"%ls\" %ls", wzCleanRoomBundlePath, sczParameters); - ExitOnFailure(hr, "Failed to allocate full command-line."); - - si.cb = sizeof(si); - si.wShowWindow = static_cast(pEngineState->command.nCmdShow); - if (!::CreateProcessW(wzCleanRoomBundlePath, sczFullCommandLine, NULL, NULL, TRUE, 0, 0, NULL, &si, &pi)) - { - ExitWithLastError(hr, "Failed to launch clean room process: %ls", sczFullCommandLine); - } - - hProcess = pi.hProcess; - pi.hProcess = NULL; + ExitWithLastError(hr, "Failed to launch clean room process: %ls", sczFullCommandLine); } + hProcess = pi.hProcess; + pi.hProcess = NULL; + hr = ProcWaitForCompletion(hProcess, INFINITE, &pEngineState->userExperience.dwExitCode); ExitOnFailure(hr, "Failed to wait for clean room process: %ls", wzCleanRoomBundlePath); diff --git a/src/burn/engine/pipe.cpp b/src/burn/engine/pipe.cpp index a9fd24e8..48be8785 100644 --- a/src/burn/engine/pipe.cpp +++ b/src/burn/engine/pipe.cpp @@ -313,108 +313,6 @@ LExit: return hr; } -/******************************************************************* - PipeLaunchParentProcess - Called from the per-machine process to create - a per-user process and set up the - communication pipe. - -*******************************************************************/ -const LPCWSTR BURN_COMMANDLINE_SWITCH_UNELEVATED = L"burn.unelevated"; -HRESULT PipeLaunchParentProcess( - __in_z LPCWSTR wzCommandLine, - __in int nCmdShow, - __in_z LPWSTR sczConnectionName, - __in_z LPWSTR sczSecret, - __in BOOL /*fDisableUnelevate*/ - ) -{ - HRESULT hr = S_OK; - DWORD dwProcessId = 0; - LPWSTR sczBurnPath = NULL; - LPWSTR sczParameters = NULL; - HANDLE hProcess = NULL; - - dwProcessId = ::GetCurrentProcessId(); - - hr = PathForCurrentProcess(&sczBurnPath, NULL); - ExitOnFailure(hr, "Failed to get current process path."); - - hr = StrAllocFormatted(&sczParameters, L"-%ls %ls %ls %u %ls", BURN_COMMANDLINE_SWITCH_UNELEVATED, sczConnectionName, sczSecret, dwProcessId, wzCommandLine); - ExitOnFailure(hr, "Failed to allocate parameters for unelevated process."); - -#ifdef ENABLE_UNELEVATE - if (fDisableUnelevate) - { - hr = ProcExec(sczBurnPath, sczParameters, nCmdShow, &hProcess); - ExitOnFailure(hr, "Failed to launch parent process with unelevate disabled: %ls", sczBurnPath); - } - else - { - // Try to launch unelevated and if that fails for any reason, try launch our process normally (even though that may make it elevated). - hr = ProcExecuteAsInteractiveUser(sczBurnPath, sczParameters, &hProcess); - if (FAILED(hr)) - { - hr = ShelExecUnelevated(sczBurnPath, sczParameters, L"open", NULL, nCmdShow); - if (FAILED(hr)) - { - hr = ShelExec(sczBurnPath, sczParameters, L"open", NULL, nCmdShow, NULL, NULL); - ExitOnFailure(hr, "Failed to launch parent process: %ls", sczBurnPath); - } - } - } -#else - hr = ProcExec(sczBurnPath, sczParameters, nCmdShow, &hProcess); - ExitOnFailure(hr, "Failed to launch parent process with unelevate disabled: %ls", sczBurnPath); -#endif - -LExit: - ReleaseHandle(hProcess); - ReleaseStr(sczParameters); - ReleaseStr(sczBurnPath); - - return hr; -} - -/******************************************************************* - PipeLaunchChildProcess - Called from the per-user process to create - the per-machine process and set up the - communication pipe. - -*******************************************************************/ -extern "C" HRESULT PipeLaunchChildProcess( - __in_z LPCWSTR wzExecutablePath, - __in BURN_PIPE_CONNECTION* pConnection, - __in BOOL fElevate, - __in_opt HWND hwndParent - ) -{ - HRESULT hr = S_OK; - DWORD dwCurrentProcessId = ::GetCurrentProcessId(); - LPWSTR sczParameters = NULL; - LPCWSTR wzVerb = NULL; - HANDLE hProcess = NULL; - - hr = StrAllocFormatted(&sczParameters, L"-q -%ls %ls %ls %u", BURN_COMMANDLINE_SWITCH_ELEVATED, pConnection->sczName, pConnection->sczSecret, dwCurrentProcessId); - ExitOnFailure(hr, "Failed to allocate parameters for elevated process."); - - wzVerb = !fElevate ? L"open" : L"runas"; - - // Since ShellExecuteEx doesn't support passing inherited handles, don't bother with CoreAppendFileHandleSelfToCommandLine. - // We could fallback to using ::DuplicateHandle to inject the file handle later if necessary. - hr = ShelExec(wzExecutablePath, sczParameters, wzVerb, NULL, SW_SHOWNA, hwndParent, &hProcess); - ExitOnFailure(hr, "Failed to launch elevated child process: %ls", wzExecutablePath); - - pConnection->dwProcessId = ::GetProcessId(hProcess); - pConnection->hProcess = hProcess; - hProcess = NULL; - -LExit: - ReleaseHandle(hProcess); - ReleaseStr(sczParameters); - - return hr; -} - /******************************************************************* PipeWaitForChildConnect - diff --git a/src/burn/engine/pipe.h b/src/burn/engine/pipe.h index 429cd824..4ec6bfa2 100644 --- a/src/burn/engine/pipe.h +++ b/src/burn/engine/pipe.h @@ -80,19 +80,6 @@ HRESULT PipeCreatePipes( __in BOOL fCreateCachePipe, __out HANDLE* phEvent ); -HRESULT PipeLaunchParentProcess( - __in LPCWSTR wzCommandLine, - __in int nCmdShow, - __in_z LPWSTR sczConnectionName, - __in_z LPWSTR sczSecret, - __in BOOL fDisableUnelevate - ); -HRESULT PipeLaunchChildProcess( - __in_z LPCWSTR wzExecutablePath, - __in BURN_PIPE_CONNECTION* pConnection, - __in BOOL fElevate, - __in_opt HWND hwndParent - ); HRESULT PipeWaitForChildConnect( __in BURN_PIPE_CONNECTION* pConnection ); diff --git a/src/burn/test/BurnUnitTest/ElevationTest.cpp b/src/burn/test/BurnUnitTest/ElevationTest.cpp index 3d144128..97d76b7d 100644 --- a/src/burn/test/BurnUnitTest/ElevationTest.cpp +++ b/src/burn/test/BurnUnitTest/ElevationTest.cpp @@ -52,38 +52,33 @@ namespace Bootstrapper void ElevateTest() { HRESULT hr = S_OK; - BURN_PIPE_CONNECTION connection = { }; + BURN_ENGINE_STATE engineState = { }; + BURN_PIPE_CONNECTION* pConnection = &engineState.companionConnection; HANDLE hEvent = NULL; DWORD dwResult = S_OK; + + engineState.sczBundleEngineWorkingPath = L"tests\\ignore\\this\\path\\to\\burn.exe"; + try { ShelFunctionOverride(ElevateTest_ShellExecuteExW); - PipeConnectionInitialize(&connection); + PipeConnectionInitialize(pConnection); // // per-user side setup // - hr = PipeCreateNameAndSecret(&connection.sczName, &connection.sczSecret); - TestThrowOnFailure(hr, L"Failed to create connection name and secret."); - - hr = PipeCreatePipes(&connection, TRUE, &hEvent); - TestThrowOnFailure(hr, L"Failed to create pipes."); - - hr = PipeLaunchChildProcess(L"tests\\ignore\\this\\path\\to\\burn.exe", &connection, TRUE, NULL); - TestThrowOnFailure(hr, L"Failed to create elevated process."); - - hr = PipeWaitForChildConnect(&connection); - TestThrowOnFailure(hr, L"Failed to wait for child process to connect."); + hr = ElevationElevate(&engineState, NULL); + TestThrowOnFailure(hr, L"Failed to elevate."); // post execute message - hr = PipeSendMessage(connection.hPipe, TEST_PARENT_SENT_MESSAGE_ID, NULL, 0, ProcessParentMessages, NULL, &dwResult); + hr = PipeSendMessage(pConnection->hPipe, TEST_PARENT_SENT_MESSAGE_ID, NULL, 0, ProcessParentMessages, NULL, &dwResult); TestThrowOnFailure(hr, "Failed to post execute message to per-machine process."); // // initiate termination // - hr = PipeTerminateChildProcess(&connection, 666, FALSE); + hr = PipeTerminateChildProcess(pConnection, 666, FALSE); TestThrowOnFailure(hr, L"Failed to terminate elevated process."); // check flags @@ -91,7 +86,7 @@ namespace Bootstrapper } finally { - PipeConnectionUninitialize(&connection); + PipeConnectionUninitialize(pConnection); ReleaseHandle(hEvent); } } -- cgit v1.2.3-55-g6feb