From 4194343c39fa66778a8de9804c88789bd41dae48 Mon Sep 17 00:00:00 2001 From: Rob Mensching Date: Tue, 4 May 2021 22:47:19 -0700 Subject: Move Http.wixext into ext --- src/ext/Http/ca/caDecor.h | 13 + src/ext/Http/ca/cost.h | 6 + src/ext/Http/ca/dllmain.cpp | 26 ++ src/ext/Http/ca/httpca.vcxproj | 72 ++++ src/ext/Http/ca/httpca.vcxproj.filters | 42 ++ src/ext/Http/ca/packages.config | 5 + src/ext/Http/ca/precomp.h | 25 ++ src/ext/Http/ca/snisslcert.cpp | 704 +++++++++++++++++++++++++++++++++ src/ext/Http/ca/wixhttpca.cpp | 530 +++++++++++++++++++++++++ src/ext/Http/ca/wixhttpca.def | 12 + 10 files changed, 1435 insertions(+) create mode 100644 src/ext/Http/ca/caDecor.h create mode 100644 src/ext/Http/ca/cost.h create mode 100644 src/ext/Http/ca/dllmain.cpp create mode 100644 src/ext/Http/ca/httpca.vcxproj create mode 100644 src/ext/Http/ca/httpca.vcxproj.filters create mode 100644 src/ext/Http/ca/packages.config create mode 100644 src/ext/Http/ca/precomp.h create mode 100644 src/ext/Http/ca/snisslcert.cpp create mode 100644 src/ext/Http/ca/wixhttpca.cpp create mode 100644 src/ext/Http/ca/wixhttpca.def (limited to 'src/ext/Http/ca') diff --git a/src/ext/Http/ca/caDecor.h b/src/ext/Http/ca/caDecor.h new file mode 100644 index 00000000..da274650 --- /dev/null +++ b/src/ext/Http/ca/caDecor.h @@ -0,0 +1,13 @@ +#pragma once +// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. + + +#if defined(_M_ARM64) +#define CUSTOM_ACTION_DECORATION(f) L"Wix4" f L"_A64" +#elif defined(_M_AMD64) +#define CUSTOM_ACTION_DECORATION(f) L"Wix4" f L"_X64" +#elif defined(_M_ARM) +#define CUSTOM_ACTION_DECORATION(f) L"Wix4" f L"_ARM" +#else +#define CUSTOM_ACTION_DECORATION(f) L"Wix4" f L"_X86" +#endif diff --git a/src/ext/Http/ca/cost.h b/src/ext/Http/ca/cost.h new file mode 100644 index 00000000..9677e7e8 --- /dev/null +++ b/src/ext/Http/ca/cost.h @@ -0,0 +1,6 @@ +#pragma once +// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. + + +const UINT COST_HTTP_URL_ACL = 2000; +const UINT COST_HTTP_SNI_SSL = 2000; diff --git a/src/ext/Http/ca/dllmain.cpp b/src/ext/Http/ca/dllmain.cpp new file mode 100644 index 00000000..b4c8c037 --- /dev/null +++ b/src/ext/Http/ca/dllmain.cpp @@ -0,0 +1,26 @@ +// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. + +#include "precomp.h" + +/******************************************************************** +DllMain - standard entry point for all WiX CustomActions + +********************************************************************/ +extern "C" BOOL WINAPI DllMain( + IN HINSTANCE hInstance, + IN ULONG ulReason, + IN LPVOID) +{ + switch(ulReason) + { + case DLL_PROCESS_ATTACH: + WcaGlobalInitialize(hInstance); + break; + + case DLL_PROCESS_DETACH: + WcaGlobalFinalize(); + break; + } + + return TRUE; +} diff --git a/src/ext/Http/ca/httpca.vcxproj b/src/ext/Http/ca/httpca.vcxproj new file mode 100644 index 00000000..fde00ff4 --- /dev/null +++ b/src/ext/Http/ca/httpca.vcxproj @@ -0,0 +1,72 @@ + + + + + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + Debug + ARM64 + + + Release + ARM64 + + + + + {90743805-C043-47C7-B5FF-8F5EE5C8A2DE} + DynamicLibrary + v142 + Unicode + httpca + wixhttpca.def + WiX Toolset Http CustomAction + + + + + + + crypt32.lib;httpapi.lib;msi.lib;rpcrt4.lib;ws2_32.lib + + + + + Create + + + + + + + + + + + + + + This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}. + + + + + diff --git a/src/ext/Http/ca/httpca.vcxproj.filters b/src/ext/Http/ca/httpca.vcxproj.filters new file mode 100644 index 00000000..2ccd604d --- /dev/null +++ b/src/ext/Http/ca/httpca.vcxproj.filters @@ -0,0 +1,42 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + Source Files + + + Source Files + + + + + Header Files + + + Header Files + + + + + Source Files + + + + \ No newline at end of file diff --git a/src/ext/Http/ca/packages.config b/src/ext/Http/ca/packages.config new file mode 100644 index 00000000..9d88f529 --- /dev/null +++ b/src/ext/Http/ca/packages.config @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/src/ext/Http/ca/precomp.h b/src/ext/Http/ca/precomp.h new file mode 100644 index 00000000..c78d78c1 --- /dev/null +++ b/src/ext/Http/ca/precomp.h @@ -0,0 +1,25 @@ +#pragma once +// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. + + +#include +#include +#include + +#include "wcautil.h" +#include "cryputil.h" +#include "dutil.h" +#include "memutil.h" +#include "strutil.h" +#include "aclutil.h" + +#include "cost.h" + +#include "caDecor.h" + +enum eHandleExisting +{ + heReplace = 0, + heIgnore = 1, + heFail = 2 +}; diff --git a/src/ext/Http/ca/snisslcert.cpp b/src/ext/Http/ca/snisslcert.cpp new file mode 100644 index 00000000..3a7336af --- /dev/null +++ b/src/ext/Http/ca/snisslcert.cpp @@ -0,0 +1,704 @@ +// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. + +#include "precomp.h" + +#if _WIN32_WINNT < 0x0602 + +typedef struct _HTTP_SERVICE_CONFIG_SSL_SNI_KEY +{ + SOCKADDR_STORAGE IpPort; + PWSTR Host; +} HTTP_SERVICE_CONFIG_SSL_SNI_KEY, * PHTTP_SERVICE_CONFIG_SSL_SNI_KEY; + +typedef struct _HTTP_SERVICE_CONFIG_SSL_SNI_SET +{ + HTTP_SERVICE_CONFIG_SSL_SNI_KEY KeyDesc; + HTTP_SERVICE_CONFIG_SSL_PARAM ParamDesc; +} HTTP_SERVICE_CONFIG_SSL_SNI_SET, * PHTTP_SERVICE_CONFIG_SSL_SNI_SET; + +typedef struct _HTTP_SERVICE_CONFIG_SSL_SNI_QUERY +{ + HTTP_SERVICE_CONFIG_QUERY_TYPE QueryDesc; + HTTP_SERVICE_CONFIG_SSL_SNI_KEY KeyDesc; + DWORD dwToken; +} HTTP_SERVICE_CONFIG_SSL_SNI_QUERY, * PHTTP_SERVICE_CONFIG_SSL_SNI_QUERY; + +#define HttpServiceConfigSslSniCertInfo static_cast(HttpServiceConfigCache + 1) + +#endif + +static UINT SchedHttpSniSslCerts( + __in WCA_TODO todoSched +); +static HRESULT WriteExistingSniSslCert( + __in WCA_TODO action, + __in_z LPCWSTR wzId, + __in_z LPCWSTR wzHost, + __in int iPort, + __in int iHandleExisting, + __in HTTP_SERVICE_CONFIG_SSL_SNI_SET* pSniSslSet, + __inout_z LPWSTR* psczCustomActionData +); +static HRESULT WriteSniSslCert( + __in WCA_TODO action, + __in_z LPCWSTR wzId, + __in_z LPCWSTR wzHost, + __in int iPort, + __in int iHandleExisting, + __in_z LPCWSTR wzCertificateThumbprint, + __in_z LPCWSTR wzAppId, + __in_z_opt LPCWSTR wzCertificateStore, + __inout_z LPWSTR* psczCustomActionData +); +static HRESULT EnsureAppId( + __inout_z LPWSTR* psczAppId, + __in_opt HTTP_SERVICE_CONFIG_SSL_SNI_SET* pExistingSniSslSet +); +static HRESULT StringFromGuid( + __in REFGUID rguid, + __inout_z LPWSTR* psczGuid +); +static HRESULT AddSniSslCert( + __in_z LPCWSTR wzId, + __in_z LPWSTR wzHost, + __in int iPort, + __in BYTE rgbCertificateThumbprint[], + __in DWORD cbCertificateThumbprint, + __in GUID* pAppId, + __in_z LPWSTR wzSslCertStore +); +static HRESULT GetSniSslCert( + __in_z LPWSTR wzHost, + __in int nPort, + __out HTTP_SERVICE_CONFIG_SSL_SNI_SET** ppSet +); +static HRESULT RemoveSniSslCert( + __in_z LPCWSTR wzId, + __in_z LPWSTR wzHost, + __in int iPort +); +static void SetSniSslCertSetKey( + __in HTTP_SERVICE_CONFIG_SSL_SNI_KEY* pKey, + __in_z LPWSTR wzHost, + __in int iPort +); + + +LPCWSTR vcsWixHttpSniSslCertQuery = +L"SELECT `Wix4HttpSniSslCert`.`Wix4HttpSniSslCert`, `Wix4HttpSniSslCert`.`Host`, `Wix4HttpSniSslCert`.`Port`, `Wix4HttpSniSslCert`.`Thumbprint`, `Wix4HttpSniSslCert`.`AppId`, `Wix4HttpSniSslCert`.`Store`, `Wix4HttpSniSslCert`.`HandleExisting`, `Wix4HttpSniSslCert`.`Component_` " +L"FROM `Wix4HttpSniSslCert`"; +enum eWixHttpSniSslCertQuery { hurqId = 1, hurqHost, hurqPort, hurqCertificateThumbprint, hurqAppId, hurqCertificateStore, hurqHandleExisting, hurqComponent }; + +/****************************************************************** + SchedWixHttpSniSslCertsInstall - immediate custom action entry + point to prepare adding URL reservations. + +********************************************************************/ +extern "C" UINT __stdcall SchedHttpSniSslCertsInstall( + __in MSIHANDLE hInstall +) +{ + HRESULT hr = S_OK; + + hr = WcaInitialize(hInstall, "SchedHttpSniSslCertsInstall"); + ExitOnFailure(hr, "Failed to initialize"); + + hr = SchedHttpSniSslCerts(WCA_TODO_INSTALL); + +LExit: + return WcaFinalize(FAILED(hr) ? ERROR_INSTALL_FAILURE : ERROR_SUCCESS); +} + +/****************************************************************** + SchedWixHttpSniSslCertsUninstall - immediate custom action entry + point to prepare removing URL reservations. + +********************************************************************/ +extern "C" UINT __stdcall SchedHttpSniSslCertsUninstall( + __in MSIHANDLE hInstall +) +{ + HRESULT hr = S_OK; + + hr = WcaInitialize(hInstall, "SchedHttpSniSslCertsUninstall"); + ExitOnFailure(hr, "Failed to initialize"); + + hr = SchedHttpSniSslCerts(WCA_TODO_UNINSTALL); + +LExit: + return WcaFinalize(FAILED(hr) ? ERROR_INSTALL_FAILURE : ERROR_SUCCESS); +} + +/****************************************************************** + ExecHttpSniSslCerts - deferred custom action entry point to + register and remove URL reservations. + +********************************************************************/ +extern "C" UINT __stdcall ExecHttpSniSslCerts( + __in MSIHANDLE hInstall +) +{ + HRESULT hr = S_OK; + BOOL fHttpInitialized = FALSE; + LPWSTR sczCustomActionData = NULL; + LPWSTR wz = NULL; + int iTodo = WCA_TODO_UNKNOWN; + LPWSTR sczId = NULL; + LPWSTR sczHost = NULL; + int iPort = 0; + eHandleExisting handleExisting = heIgnore; + LPWSTR sczCertificateThumbprint = NULL; + LPWSTR sczAppId = NULL; + LPWSTR sczCertificateStore = NULL; + + BOOL fRollback = ::MsiGetMode(hInstall, MSIRUNMODE_ROLLBACK); + BOOL fRemove = FALSE; + BOOL fAdd = FALSE; + BOOL fFailOnExisting = FALSE; + + GUID guidAppId = { }; + BYTE* pbCertificateThumbprint = NULL; + DWORD cbCertificateThumbprint = 0; + + // Initialize. + hr = WcaInitialize(hInstall, "ExecHttpSniSslCerts"); + ExitOnFailure(hr, "Failed to initialize"); + + hr = HRESULT_FROM_WIN32(::HttpInitialize(HTTPAPI_VERSION_1, HTTP_INITIALIZE_CONFIG, NULL)); + ExitOnFailure(hr, "Failed to initialize HTTP Server configuration"); + + fHttpInitialized = TRUE; + + hr = WcaGetProperty(L"CustomActionData", &sczCustomActionData); + ExitOnFailure(hr, "Failed to get CustomActionData"); + WcaLog(LOGMSG_TRACEONLY, "CustomActionData: %ls", sczCustomActionData); + + wz = sczCustomActionData; + while (wz && *wz) + { + // Extract the custom action data and if rolling back, swap INSTALL and UNINSTALL. + hr = WcaReadIntegerFromCaData(&wz, &iTodo); + ExitOnFailure(hr, "Failed to read todo from custom action data"); + + hr = WcaReadStringFromCaData(&wz, &sczId); + ExitOnFailure(hr, "Failed to read Id from custom action data"); + + hr = WcaReadStringFromCaData(&wz, &sczHost); + ExitOnFailure(hr, "Failed to read Host from custom action data"); + + hr = WcaReadIntegerFromCaData(&wz, &iPort); + ExitOnFailure(hr, "Failed to read Port from custom action data"); + + hr = WcaReadIntegerFromCaData(&wz, reinterpret_cast(&handleExisting)); + ExitOnFailure(hr, "Failed to read HandleExisting from custom action data"); + + hr = WcaReadStringFromCaData(&wz, &sczCertificateThumbprint); + ExitOnFailure(hr, "Failed to read CertificateThumbprint from custom action data"); + + hr = WcaReadStringFromCaData(&wz, &sczAppId); + ExitOnFailure(hr, "Failed to read AppId from custom action data"); + + hr = WcaReadStringFromCaData(&wz, &sczCertificateStore); + ExitOnFailure(hr, "Failed to read CertificateStore from custom action data"); + + switch (iTodo) + { + case WCA_TODO_INSTALL: + case WCA_TODO_REINSTALL: + fRemove = heReplace == handleExisting || fRollback; + fAdd = !fRollback || *sczCertificateThumbprint; + fFailOnExisting = heFail == handleExisting && !fRollback; + break; + + case WCA_TODO_UNINSTALL: + fRemove = !fRollback; + fAdd = fRollback && *sczCertificateThumbprint; + fFailOnExisting = FALSE; + break; + } + + if (fRemove) + { + hr = RemoveSniSslCert(sczId, sczHost, iPort); + if (S_OK == hr) + { + WcaLog(LOGMSG_STANDARD, "Removed SNI SSL certificate '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + } + else if (FAILED(hr)) + { + if (fRollback) + { + WcaLogError(hr, "Failed to remove SNI SSL certificate to rollback '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + } + else + { + ExitOnFailure(hr, "Failed to remove SNI SSL certificate '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + } + } + } + + if (fAdd) + { + WcaLog(LOGMSG_STANDARD, "Adding SNI SSL certificate '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + + hr = StrAllocHexDecode(sczCertificateThumbprint, &pbCertificateThumbprint, &cbCertificateThumbprint); + ExitOnFailure(hr, "Failed to convert thumbprint to bytes for SNI SSL certificate '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + + hr = ::IIDFromString(sczAppId, &guidAppId); + ExitOnFailure(hr, "Failed to convert AppId '%ls' back to GUID for SNI SSL certificate '%ls' for hostname: %ls:%d", sczAppId, sczId, sczHost, iPort); + + hr = AddSniSslCert(sczId, sczHost, iPort, pbCertificateThumbprint, cbCertificateThumbprint, &guidAppId, sczCertificateStore && *sczCertificateStore ? sczCertificateStore : L"MY"); + if (S_FALSE == hr && fFailOnExisting) + { + hr = HRESULT_FROM_WIN32(ERROR_ALREADY_EXISTS); + } + + if (S_OK == hr) + { + WcaLog(LOGMSG_STANDARD, "Added SNI SSL certificate '%ls' for hostname: %ls:%d with thumbprint: %ls", sczId, sczHost, iPort, sczCertificateThumbprint); + } + else if (FAILED(hr)) + { + if (fRollback) + { + WcaLogError(hr, "Failed to add SNI SSL certificate to rollback '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + } + else + { + ExitOnFailure(hr, "Failed to add SNI SSL certificate '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + } + } + + ReleaseNullMem(pbCertificateThumbprint); + } + } + +LExit: + ReleaseMem(pbCertificateThumbprint); + ReleaseStr(sczCertificateStore); + ReleaseStr(sczAppId); + ReleaseStr(sczCertificateThumbprint); + ReleaseStr(sczHost); + ReleaseStr(sczId); + ReleaseStr(sczCustomActionData); + + if (fHttpInitialized) + { + ::HttpTerminate(HTTP_INITIALIZE_CONFIG, NULL); + } + + return WcaFinalize(FAILED(hr) ? ERROR_INSTALL_FAILURE : ERROR_SUCCESS); +} + +static UINT SchedHttpSniSslCerts( + __in WCA_TODO todoSched +) +{ + HRESULT hr = S_OK; + UINT er = ERROR_SUCCESS; + BOOL fHttpInitialized = FALSE; + DWORD cCertificates = 0; + + PMSIHANDLE hView = NULL; + PMSIHANDLE hRec = NULL; + PMSIHANDLE hQueryReq = NULL; + PMSIHANDLE hAceView = NULL; + + LPWSTR sczCustomActionData = NULL; + LPWSTR sczRollbackCustomActionData = NULL; + + LPWSTR sczId = NULL; + LPWSTR sczComponent = NULL; + WCA_TODO todoComponent = WCA_TODO_UNKNOWN; + LPWSTR sczHost = NULL; + int iPort = 0; + LPWSTR sczCertificateThumbprint = NULL; + LPWSTR sczAppId = NULL; + LPWSTR sczCertificateStore = NULL; + int iHandleExisting = 0; + + HTTP_SERVICE_CONFIG_SSL_SNI_SET* pExistingSniSslSet = NULL; + + // Anything to do? + hr = WcaTableExists(L"Wix4HttpSniSslCert"); + ExitOnFailure(hr, "Failed to check if the Wix4HttpSniSslCert table exists"); + if (S_FALSE == hr) + { + WcaLog(LOGMSG_STANDARD, "Wix4HttpSniSslCert table doesn't exist, so there are no URL reservations to configure"); + ExitFunction(); + } + + // Query and loop through all the SNI SSL certificates. + hr = WcaOpenExecuteView(vcsWixHttpSniSslCertQuery, &hView); + ExitOnFailure(hr, "Failed to open view on the Wix4HttpSniSslCert table"); + + hr = HRESULT_FROM_WIN32(::HttpInitialize(HTTPAPI_VERSION_1, HTTP_INITIALIZE_CONFIG, NULL)); + ExitOnFailure(hr, "Failed to initialize HTTP Server configuration"); + + fHttpInitialized = TRUE; + + while (S_OK == (hr = WcaFetchRecord(hView, &hRec))) + { + hr = WcaGetRecordString(hRec, hurqId, &sczId); + ExitOnFailure(hr, "Failed to get Wix4HttpSniSslCert.Wix4HttpSniSslCert"); + + hr = WcaGetRecordString(hRec, hurqComponent, &sczComponent); + ExitOnFailure(hr, "Failed to get Wix4HttpSniSslCert.Component_"); + + // Figure out what we're doing for this reservation, treating reinstall the same as install. + todoComponent = WcaGetComponentToDo(sczComponent); + if ((WCA_TODO_REINSTALL == todoComponent ? WCA_TODO_INSTALL : todoComponent) != todoSched) + { + WcaLog(LOGMSG_STANDARD, "Component '%ls' action state (%d) doesn't match request (%d) for Wix4HttpSniSslCert '%ls'", sczComponent, todoComponent, todoSched, sczId); + continue; + } + + hr = WcaGetRecordFormattedString(hRec, hurqHost, &sczHost); + ExitOnFailure(hr, "Failed to get Wix4HttpSniSslCert.Host"); + + hr = WcaGetRecordFormattedInteger(hRec, hurqPort, &iPort); + ExitOnFailure(hr, "Failed to get Wix4HttpSniSslCert.Port"); + + hr = WcaGetRecordFormattedString(hRec, hurqCertificateThumbprint, &sczCertificateThumbprint); + ExitOnFailure(hr, "Failed to get Wix4HttpSniSslCert.CertificateThumbprint"); + + if (!sczHost || !*sczHost) + { + hr = E_INVALIDARG; + ExitOnFailure(hr, "Require a Host value for Wix4HttpSniSslCert '%ls'", sczId); + } + + if (!iPort) + { + hr = E_INVALIDARG; + ExitOnFailure(hr, "Require a Port value for Wix4HttpSniSslCert '%ls'", sczId); + } + + if (!sczCertificateThumbprint || !*sczCertificateThumbprint) + { + hr = E_INVALIDARG; + ExitOnFailure(hr, "Require a CertificateThumbprint value for Wix4HttpSniSslCert '%ls'", sczId); + } + + hr = WcaGetRecordFormattedString(hRec, hurqAppId, &sczAppId); + ExitOnFailure(hr, "Failed to get AppId for Wix4HttpSniSslCert '%ls'", sczId); + + hr = WcaGetRecordFormattedString(hRec, hurqCertificateStore, &sczCertificateStore); + ExitOnFailure(hr, "Failed to get CertificateStore for Wix4HttpSniSslCert '%ls'", sczId); + + hr = WcaGetRecordInteger(hRec, hurqHandleExisting, &iHandleExisting); + ExitOnFailure(hr, "Failed to get HandleExisting for Wix4HttpSniSslCert '%ls'", sczId); + + hr = GetSniSslCert(sczHost, iPort, &pExistingSniSslSet); + ExitOnFailure(hr, "Failed to get the existing SNI SSL certificate for Wix4HttpSniSslCert '%ls'", sczId); + + hr = EnsureAppId(&sczAppId, pExistingSniSslSet); + ExitOnFailure(hr, "Failed to ensure AppId for Wix4HttpSniSslCert '%ls'", sczId); + + hr = WriteExistingSniSslCert(todoComponent, sczId, sczHost, iPort, iHandleExisting, pExistingSniSslSet, &sczRollbackCustomActionData); + ExitOnFailure(hr, "Failed to write rollback custom action data for Wix4HttpSniSslCert '%ls'", sczId); + + hr = WriteSniSslCert(todoComponent, sczId, sczHost, iPort, iHandleExisting, sczCertificateThumbprint, sczAppId, sczCertificateStore, &sczCustomActionData); + ExitOnFailure(hr, "Failed to write custom action data for Wix4HttpSniSslCert '%ls'", sczId); + ++cCertificates; + + ReleaseNullMem(pExistingSniSslSet); + } + + // Reaching the end of the list is not an error. + if (E_NOMOREITEMS == hr) + { + hr = S_OK; + } + ExitOnFailure(hr, "Failure occurred while processing Wix4HttpSniSslCert table"); + + // Schedule ExecHttpSniSslCerts if there's anything to do. + if (cCertificates) + { + WcaLog(LOGMSG_STANDARD, "Scheduling SNI SSL certificate (%ls)", sczCustomActionData); + WcaLog(LOGMSG_STANDARD, "Scheduling rollback SNI SSL certificate (%ls)", sczRollbackCustomActionData); + + if (WCA_TODO_INSTALL == todoSched) + { + hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"WixRollbackHttpSniSslCertsInstall"), sczRollbackCustomActionData, cCertificates * COST_HTTP_SNI_SSL); + ExitOnFailure(hr, "Failed to schedule install SNI SSL certificate rollback"); + hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"WixExecHttpSniSslCertsInstall"), sczCustomActionData, cCertificates * COST_HTTP_SNI_SSL); + ExitOnFailure(hr, "Failed to schedule install SNI SSL certificate execution"); + } + else + { + hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"WixRollbackHttpSniSslCertsUninstall"), sczRollbackCustomActionData, cCertificates * COST_HTTP_SNI_SSL); + ExitOnFailure(hr, "Failed to schedule uninstall SNI SSL certificate rollback"); + hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"WixExecHttpSniSslCertsUninstall"), sczCustomActionData, cCertificates * COST_HTTP_SNI_SSL); + ExitOnFailure(hr, "Failed to schedule uninstall SNI SSL certificate execution"); + } + } + else + { + WcaLog(LOGMSG_STANDARD, "No SNI SSL certificates scheduled"); + } + +LExit: + ReleaseMem(pExistingSniSslSet); + ReleaseStr(sczCertificateStore); + ReleaseStr(sczAppId); + ReleaseStr(sczCertificateThumbprint); + ReleaseStr(sczHost); + ReleaseStr(sczComponent); + ReleaseStr(sczId); + ReleaseStr(sczRollbackCustomActionData); + ReleaseStr(sczCustomActionData); + + if (fHttpInitialized) + { + ::HttpTerminate(HTTP_INITIALIZE_CONFIG, NULL); + } + + return WcaFinalize(er = FAILED(hr) ? ERROR_INSTALL_FAILURE : er); +} + +static HRESULT WriteExistingSniSslCert( + __in WCA_TODO action, + __in_z LPCWSTR wzId, + __in_z LPCWSTR wzHost, + __in int iPort, + __in int iHandleExisting, + __in HTTP_SERVICE_CONFIG_SSL_SNI_SET* pSniSslSet, + __inout_z LPWSTR* psczCustomActionData +) +{ + HRESULT hr = S_OK; + LPWSTR sczCertificateThumbprint = NULL; + LPWSTR sczAppId = NULL; + LPCWSTR wzCertificateStore = NULL; + + if (pSniSslSet) + { + hr = StrAllocHexEncode(reinterpret_cast(pSniSslSet->ParamDesc.pSslHash), pSniSslSet->ParamDesc.SslHashLength, &sczCertificateThumbprint); + ExitOnFailure(hr, "Failed to convert existing certificate thumbprint to hex for Wix4HttpSniSslCert '%ls'", wzId); + + hr = StringFromGuid(pSniSslSet->ParamDesc.AppId, &sczAppId); + ExitOnFailure(hr, "Failed to copy existing AppId for Wix4HttpSniSslCert '%ls'", wzId); + + wzCertificateStore = pSniSslSet->ParamDesc.pSslCertStoreName; + } + + hr = WriteSniSslCert(action, wzId, wzHost, iPort, iHandleExisting, sczCertificateThumbprint ? sczCertificateThumbprint : L"", sczAppId ? sczAppId : L"", wzCertificateStore ? wzCertificateStore : L"", psczCustomActionData); + ExitOnFailure(hr, "Failed to write custom action data for Wix4HttpSniSslCert '%ls'", wzId); + +LExit: + ReleaseStr(sczAppId); + ReleaseStr(sczCertificateThumbprint); + + return hr; +} + +static HRESULT WriteSniSslCert( + __in WCA_TODO action, + __in_z LPCWSTR wzId, + __in_z LPCWSTR wzHost, + __in int iPort, + __in int iHandleExisting, + __in_z LPCWSTR wzCertificateThumbprint, + __in_z LPCWSTR wzAppId, + __in_z_opt LPCWSTR wzCertificateStore, + __inout_z LPWSTR* psczCustomActionData +) +{ + HRESULT hr = S_OK; + + hr = WcaWriteIntegerToCaData(action, psczCustomActionData); + ExitOnFailure(hr, "Failed to write action to custom action data"); + + hr = WcaWriteStringToCaData(wzId, psczCustomActionData); + ExitOnFailure(hr, "Failed to write id to custom action data"); + + hr = WcaWriteStringToCaData(wzHost, psczCustomActionData); + ExitOnFailure(hr, "Failed to write Host to custom action data"); + + hr = WcaWriteIntegerToCaData(iPort, psczCustomActionData); + ExitOnFailure(hr, "Failed to write Port to custom action data"); + + hr = WcaWriteIntegerToCaData(iHandleExisting, psczCustomActionData); + ExitOnFailure(hr, "Failed to write HandleExisting to custom action data"); + + hr = WcaWriteStringToCaData(wzCertificateThumbprint, psczCustomActionData); + ExitOnFailure(hr, "Failed to write CertificateThumbprint to custom action data"); + + hr = WcaWriteStringToCaData(wzAppId, psczCustomActionData); + ExitOnFailure(hr, "Failed to write AppId to custom action data"); + + hr = WcaWriteStringToCaData(wzCertificateStore ? wzCertificateStore : L"", psczCustomActionData); + ExitOnFailure(hr, "Failed to write CertificateStore to custom action data"); + +LExit: + return hr; +} + +static HRESULT EnsureAppId( + __inout_z LPWSTR* psczAppId, + __in_opt HTTP_SERVICE_CONFIG_SSL_SNI_SET* pExistingSniSslSet +) +{ + HRESULT hr = S_OK; + RPC_STATUS rs = RPC_S_OK; + GUID guid = { }; + + if (!psczAppId || !*psczAppId || !**psczAppId) + { + if (pExistingSniSslSet) + { + hr = StringFromGuid(pExistingSniSslSet->ParamDesc.AppId, psczAppId); + ExitOnFailure(hr, "Failed to ensure AppId guid"); + } + else + { + rs = ::UuidCreate(&guid); + hr = HRESULT_FROM_RPC(rs); + ExitOnRootFailure(hr, "Failed to create guid for AppId"); + + hr = StringFromGuid(guid, psczAppId); + ExitOnFailure(hr, "Failed to ensure AppId guid"); + } + } + +LExit: + return hr; +} + +static HRESULT StringFromGuid( + __in REFGUID rguid, + __inout_z LPWSTR* psczGuid +) +{ + HRESULT hr = S_OK; + WCHAR wzGuid[39]; + + if (!::StringFromGUID2(rguid, wzGuid, countof(wzGuid))) + { + hr = E_OUTOFMEMORY; + ExitOnRootFailure(hr, "Failed to convert guid into string"); + } + + hr = StrAllocString(psczGuid, wzGuid, 0); + ExitOnFailure(hr, "Failed to copy guid"); + +LExit: + return hr; +} + +static HRESULT AddSniSslCert( + __in_z LPCWSTR /*wzId*/, + __in_z LPWSTR wzHost, + __in int iPort, + __in BYTE rgbCertificateThumbprint[], + __in DWORD cbCertificateThumbprint, + __in GUID* pAppId, + __in_z LPWSTR wzSslCertStore +) +{ + HRESULT hr = S_OK; + DWORD er = ERROR_SUCCESS; + HTTP_SERVICE_CONFIG_SSL_SNI_SET set = { }; + + SetSniSslCertSetKey(&set.KeyDesc, wzHost, iPort); + set.ParamDesc.SslHashLength = cbCertificateThumbprint; + set.ParamDesc.pSslHash = rgbCertificateThumbprint; + set.ParamDesc.AppId = *pAppId; + set.ParamDesc.pSslCertStoreName = wzSslCertStore; + + er = ::HttpSetServiceConfiguration(NULL, HttpServiceConfigSslSniCertInfo, &set, sizeof(set), NULL); + if (ERROR_ALREADY_EXISTS == er) + { + hr = S_FALSE; + } + else + { + hr = HRESULT_FROM_WIN32(er); + } + + return hr; +} + +static HRESULT GetSniSslCert( + __in_z LPWSTR wzHost, + __in int nPort, + __out HTTP_SERVICE_CONFIG_SSL_SNI_SET** ppSet +) +{ + HRESULT hr = S_OK; + DWORD er = ERROR_SUCCESS; + HTTP_SERVICE_CONFIG_SSL_SNI_QUERY query = { }; + HTTP_SERVICE_CONFIG_SSL_SNI_SET* pSet = NULL; + ULONG cbSet = 0; + + *ppSet = NULL; + + query.QueryDesc = HttpServiceConfigQueryExact; + SetSniSslCertSetKey(&query.KeyDesc, wzHost, nPort); + + er = ::HttpQueryServiceConfiguration(NULL, HttpServiceConfigSslSniCertInfo, &query, sizeof(query), pSet, cbSet, &cbSet, NULL); + if (ERROR_INSUFFICIENT_BUFFER == er) + { + pSet = reinterpret_cast(MemAlloc(cbSet, TRUE)); + ExitOnNull(pSet, hr, E_OUTOFMEMORY, "Failed to allocate query SN SSL certificate buffer"); + + er = ::HttpQueryServiceConfiguration(NULL, HttpServiceConfigSslSniCertInfo, &query, sizeof(query), pSet, cbSet, &cbSet, NULL); + } + + if (ERROR_SUCCESS == er) + { + *ppSet = pSet; + pSet = NULL; + } + else if (ERROR_FILE_NOT_FOUND == er) + { + hr = S_FALSE; + } + else + { + hr = HRESULT_FROM_WIN32(er); + } + +LExit: + ReleaseMem(pSet); + + return hr; +} + +static HRESULT RemoveSniSslCert( + __in_z LPCWSTR /*wzId*/, + __in_z LPWSTR wzHost, + __in int iPort +) +{ + HRESULT hr = S_OK; + DWORD er = ERROR_SUCCESS; + HTTP_SERVICE_CONFIG_SSL_SNI_SET set = { }; + + SetSniSslCertSetKey(&set.KeyDesc, wzHost, iPort); + + er = ::HttpDeleteServiceConfiguration(NULL, HttpServiceConfigSslSniCertInfo, &set, sizeof(set), NULL); + if (ERROR_FILE_NOT_FOUND == er) + { + hr = S_FALSE; + } + else + { + hr = HRESULT_FROM_WIN32(er); + } + + return hr; +} + +static void SetSniSslCertSetKey( + __in HTTP_SERVICE_CONFIG_SSL_SNI_KEY* pKey, + __in_z LPWSTR wzHost, + __in int iPort +) +{ + pKey->Host = wzHost; + SOCKADDR_IN* pss = reinterpret_cast(&pKey->IpPort); + pss->sin_family = AF_INET; + pss->sin_port = htons(static_cast(iPort)); +} diff --git a/src/ext/Http/ca/wixhttpca.cpp b/src/ext/Http/ca/wixhttpca.cpp new file mode 100644 index 00000000..8c846ffc --- /dev/null +++ b/src/ext/Http/ca/wixhttpca.cpp @@ -0,0 +1,530 @@ +// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. + +#include "precomp.h" + +static HRESULT AppendUrlAce( + __in LPWSTR wzSecurityPrincipal, + __in int iRights, + __in LPWSTR* psczSDDL + ); +static HRESULT WriteHttpUrlReservation( + __in WCA_TODO action, + __in LPWSTR wzUrl, + __in LPWSTR wzSDDL, + __in int iHandleExisting, + __in LPWSTR* psczCustomActionData + ); +static HRESULT AddUrlReservation( + __in LPWSTR wzUrl, + __in LPWSTR wzSddl + ); +static HRESULT GetUrlReservation( + __in LPWSTR wzUrl, + __deref_out_z LPWSTR* psczSddl + ); +static HRESULT RemoveUrlReservation( + __in LPWSTR wzUrl + ); + +HTTPAPI_VERSION vcHttpVersion = HTTPAPI_VERSION_1; +ULONG vcHttpFlags = HTTP_INITIALIZE_CONFIG; + +LPCWSTR vcsHttpUrlReservationQuery = + L"SELECT `Wix4HttpUrlReservation`.`Wix4HttpUrlReservation`, `Wix4HttpUrlReservation`.`HandleExisting`, `Wix4HttpUrlReservation`.`Sddl`, `Wix4HttpUrlReservation`.`Url`, `Wix4HttpUrlReservation`.`Component_` " + L"FROM `Wix4HttpUrlReservation`"; +enum eHttpUrlReservationQuery { hurqId = 1, hurqHandleExisting, hurqSDDL, hurqUrl, hurqComponent }; + +LPCWSTR vcsHttpUrlAceQuery = + L"SELECT `Wix4HttpUrlAce`.`SecurityPrincipal`, `Wix4HttpUrlAce`.`Rights` " + L"FROM `Wix4HttpUrlAce` " + L"WHERE `Wix4HttpUrlAce`.`Wix4HttpUrlReservation_`=?"; +enum eHttpUrlAceQuery { huaqSecurityPrincipal = 1, huaqRights }; + +/****************************************************************** + SchedHttpUrlReservations - immediate custom action worker to + prepare configuring URL reservations. + +********************************************************************/ +static UINT SchedHttpUrlReservations( + __in MSIHANDLE hInstall, + __in WCA_TODO todoSched + ) +{ + HRESULT hr = S_OK; + UINT er = ERROR_SUCCESS; + BOOL fAceTableExists = FALSE; + BOOL fHttpInitialized = FALSE; + DWORD cUrlReservations = 0; + + PMSIHANDLE hView = NULL; + PMSIHANDLE hRec = NULL; + PMSIHANDLE hQueryReq = NULL; + PMSIHANDLE hAceView = NULL; + + LPWSTR sczCustomActionData = NULL; + LPWSTR sczRollbackCustomActionData = NULL; + + LPWSTR sczId = NULL; + LPWSTR sczComponent = NULL; + WCA_TODO todoComponent = WCA_TODO_UNKNOWN; + LPWSTR sczUrl = NULL; + LPWSTR sczSecurityPrincipal = NULL; + int iRights = 0; + int iHandleExisting = 0; + + LPWSTR sczExistingSDDL = NULL; + LPWSTR sczSDDL = NULL; + + // Initialize. + hr = WcaInitialize(hInstall, "SchedHttpUrlReservations"); + ExitOnFailure(hr, "Failed to initialize."); + + // Anything to do? + hr = WcaTableExists(L"Wix4HttpUrlReservation"); + ExitOnFailure(hr, "Failed to check if the Wix4HttpUrlReservation table exists."); + if (S_FALSE == hr) + { + WcaLog(LOGMSG_STANDARD, "Wix4HttpUrlReservation table doesn't exist, so there are no URL reservations to configure."); + ExitFunction(); + } + + hr = WcaTableExists(L"Wix4HttpUrlAce"); + ExitOnFailure(hr, "Failed to check if the Wix4HttpUrlAce table exists."); + fAceTableExists = S_OK == hr; + + // Query and loop through all the URL reservations. + hr = WcaOpenExecuteView(vcsHttpUrlReservationQuery, &hView); + ExitOnFailure(hr, "Failed to open view on the Wix4HttpUrlReservation table."); + + hr = HRESULT_FROM_WIN32(::HttpInitialize(vcHttpVersion, vcHttpFlags, NULL)); + ExitOnFailure(hr, "Failed to initialize HTTP Server configuration."); + + fHttpInitialized = TRUE; + + while (S_OK == (hr = WcaFetchRecord(hView, &hRec))) + { + hr = WcaGetRecordString(hRec, hurqId, &sczId); + ExitOnFailure(hr, "Failed to get Wix4HttpUrlReservation.Wix4HttpUrlReservation"); + + hr = WcaGetRecordString(hRec, hurqComponent, &sczComponent); + ExitOnFailure(hr, "Failed to get Wix4HttpUrlReservation.Component_"); + + // Figure out what we're doing for this reservation, treating reinstall the same as install. + todoComponent = WcaGetComponentToDo(sczComponent); + if ((WCA_TODO_REINSTALL == todoComponent ? WCA_TODO_INSTALL : todoComponent) != todoSched) + { + WcaLog(LOGMSG_STANDARD, "Component '%ls' action state (%d) doesn't match request (%d) for UrlReservation '%ls'.", sczComponent, todoComponent, todoSched, sczId); + continue; + } + + hr = WcaGetRecordFormattedString(hRec, hurqUrl, &sczUrl); + ExitOnFailure(hr, "Failed to get Wix4HttpUrlReservation.Url"); + + hr = WcaGetRecordInteger(hRec, hurqHandleExisting, &iHandleExisting); + ExitOnFailure(hr, "Failed to get Wix4HttpUrlReservation.HandleExisting"); + + if (::MsiRecordIsNull(hRec, hurqSDDL)) + { + hr = StrAllocString(&sczSDDL, L"D:", 2); + ExitOnFailure(hr, "Failed to allocate SDDL string."); + + // Skip creating the SDDL on uninstall, since it's never used and the lookup(s) could fail. + if (fAceTableExists && WCA_TODO_UNINSTALL != todoComponent) + { + hQueryReq = ::MsiCreateRecord(1); + hr = WcaSetRecordString(hQueryReq, 1, sczId); + ExitOnFailure(hr, "Failed to create record for querying Wix4HttpUrlAce table for reservation %ls", sczId); + + hr = WcaOpenView(vcsHttpUrlAceQuery, &hAceView); + ExitOnFailure(hr, "Failed to open view on Wix4HttpUrlAce table for reservation %ls", sczId); + hr = WcaExecuteView(hAceView, hQueryReq); + ExitOnFailure(hr, "Failed to execute view on Wix4HttpUrlAce table for reservation %ls", sczId); + + while (S_OK == (hr = WcaFetchRecord(hAceView, &hRec))) + { + hr = WcaGetRecordFormattedString(hRec, huaqSecurityPrincipal, &sczSecurityPrincipal); + ExitOnFailure(hr, "Failed to get Wix4HttpUrlAce.SecurityPrincipal"); + + hr = WcaGetRecordInteger(hRec, huaqRights, &iRights); + ExitOnFailure(hr, "Failed to get Wix4HttpUrlAce.Rights"); + + hr = AppendUrlAce(sczSecurityPrincipal, iRights, &sczSDDL); + ExitOnFailure(hr, "Failed to append URL ACE."); + } + + if (E_NOMOREITEMS == hr) + { + hr = S_OK; + } + ExitOnFailure(hr, "Failed to enumerate selected rows from Wix4HttpUrlAce table."); + } + } + else + { + hr = WcaGetRecordFormattedString(hRec, hurqSDDL, &sczSDDL); + ExitOnFailure(hr, "Failed to get Wix4HttpUrlReservation.SDDL"); + } + + hr = GetUrlReservation(sczUrl, &sczExistingSDDL); + ExitOnFailure(hr, "Failed to get the existing SDDL for %ls", sczUrl); + + hr = WriteHttpUrlReservation(todoComponent, sczUrl, sczExistingSDDL ? sczExistingSDDL : L"", iHandleExisting, &sczRollbackCustomActionData); + ExitOnFailure(hr, "Failed to write URL Reservation to rollback custom action data."); + + hr = WriteHttpUrlReservation(todoComponent, sczUrl, sczSDDL, iHandleExisting, &sczCustomActionData); + ExitOnFailure(hr, "Failed to write URL reservation to custom action data."); + ++cUrlReservations; + } + + // Reaching the end of the list is not an error. + if (E_NOMOREITEMS == hr) + { + hr = S_OK; + } + ExitOnFailure(hr, "Failure occurred while processing Wix4HttpUrlReservation table."); + + // Schedule ExecHttpUrlReservations if there's anything to do. + if (cUrlReservations) + { + WcaLog(LOGMSG_STANDARD, "Scheduling URL reservations (%ls)", sczCustomActionData); + WcaLog(LOGMSG_STANDARD, "Scheduling rollback URL reservations (%ls)", sczRollbackCustomActionData); + + if (WCA_TODO_INSTALL == todoSched) + { + hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"WixRollbackHttpUrlReservationsInstall"), sczRollbackCustomActionData, cUrlReservations * COST_HTTP_URL_ACL); + ExitOnFailure(hr, "Failed to schedule install URL reservations rollback."); + hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"WixExecHttpUrlReservationsInstall"), sczCustomActionData, cUrlReservations * COST_HTTP_URL_ACL); + ExitOnFailure(hr, "Failed to schedule install URL reservations execution."); + } + else + { + hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"WixRollbackHttpUrlReservationsUninstall"), sczRollbackCustomActionData, cUrlReservations * COST_HTTP_URL_ACL); + ExitOnFailure(hr, "Failed to schedule uninstall URL reservations rollback."); + hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"WixExecHttpUrlReservationsUninstall"), sczCustomActionData, cUrlReservations * COST_HTTP_URL_ACL); + ExitOnFailure(hr, "Failed to schedule uninstall URL reservations execution."); + } + } + else + { + WcaLog(LOGMSG_STANDARD, "No URL reservations scheduled."); + } + +LExit: + ReleaseStr(sczSDDL); + ReleaseStr(sczExistingSDDL); + ReleaseStr(sczSecurityPrincipal); + ReleaseStr(sczUrl) + ReleaseStr(sczComponent); + ReleaseStr(sczId); + ReleaseStr(sczRollbackCustomActionData); + ReleaseStr(sczCustomActionData); + + if (fHttpInitialized) + { + ::HttpTerminate(vcHttpFlags, NULL); + } + + return WcaFinalize(er = FAILED(hr) ? ERROR_INSTALL_FAILURE : er); +} + +static HRESULT AppendUrlAce( + __in LPWSTR wzSecurityPrincipal, + __in int iRights, + __in LPWSTR* psczSDDL + ) +{ + HRESULT hr = S_OK; + LPCWSTR wzSid = NULL; + LPWSTR sczSid = NULL; + + Assert(wzSecurityPrincipal && *wzSecurityPrincipal); + Assert(psczSDDL && *psczSDDL); + + // As documented in the xsd, if the first char is '*', then the rest of the string is a SID string, e.g. *S-1-5-18. + if (L'*' == wzSecurityPrincipal[0]) + { + wzSid = &wzSecurityPrincipal[1]; + } + else + { + hr = AclGetAccountSidStringEx(NULL, wzSecurityPrincipal, &sczSid); + ExitOnFailure(hr, "Failed to lookup the SID for account %ls", wzSecurityPrincipal); + + wzSid = sczSid; + } + + hr = StrAllocFormatted(psczSDDL, L"%ls(A;;%#x;;;%ls)", *psczSDDL, iRights, wzSid); + +LExit: + ReleaseStr(sczSid); + + return hr; +} + +static HRESULT WriteHttpUrlReservation( + __in WCA_TODO action, + __in LPWSTR wzUrl, + __in LPWSTR wzSDDL, + __in int iHandleExisting, + __in LPWSTR* psczCustomActionData + ) +{ + HRESULT hr = S_OK; + + hr = WcaWriteIntegerToCaData(action, psczCustomActionData); + ExitOnFailure(hr, "Failed to write action to custom action data."); + + hr = WcaWriteStringToCaData(wzUrl, psczCustomActionData); + ExitOnFailure(hr, "Failed to write URL to custom action data."); + + hr = WcaWriteStringToCaData(wzSDDL, psczCustomActionData); + ExitOnFailure(hr, "Failed to write SDDL to custom action data."); + + hr = WcaWriteIntegerToCaData(iHandleExisting, psczCustomActionData); + ExitOnFailure(hr, "Failed to write HandleExisting to custom action data.") + +LExit: + return hr; +} + +/****************************************************************** + SchedHttpUrlReservationsInstall - immediate custom action entry + point to prepare adding URL reservations. + +********************************************************************/ +extern "C" UINT __stdcall SchedHttpUrlReservationsInstall( + __in MSIHANDLE hInstall + ) +{ + return SchedHttpUrlReservations(hInstall, WCA_TODO_INSTALL); +} + +/****************************************************************** + SchedHttpUrlReservationsUninstall - immediate custom action entry + point to prepare removing URL reservations. + +********************************************************************/ +extern "C" UINT __stdcall SchedHttpUrlReservationsUninstall( + __in MSIHANDLE hInstall + ) +{ + return SchedHttpUrlReservations(hInstall, WCA_TODO_UNINSTALL); +} + +/****************************************************************** + ExecHttpUrlReservations - deferred custom action entry point to + register and remove URL reservations. + +********************************************************************/ +extern "C" UINT __stdcall ExecHttpUrlReservations( + __in MSIHANDLE hInstall + ) +{ + HRESULT hr = S_OK; + BOOL fHttpInitialized = FALSE; + LPWSTR sczCustomActionData = NULL; + LPWSTR wz = NULL; + int iTodo = WCA_TODO_UNKNOWN; + LPWSTR sczUrl = NULL; + LPWSTR sczSDDL = NULL; + eHandleExisting handleExisting = heIgnore; + BOOL fRollback = ::MsiGetMode(hInstall, MSIRUNMODE_ROLLBACK); + BOOL fRemove = FALSE; + BOOL fAdd = FALSE; + BOOL fFailOnExisting = FALSE; + + // Initialize. + hr = WcaInitialize(hInstall, "ExecHttpUrlReservations"); + ExitOnFailure(hr, "Failed to initialize."); + + hr = HRESULT_FROM_WIN32(::HttpInitialize(vcHttpVersion, vcHttpFlags, NULL)); + ExitOnFailure(hr, "Failed to initialize HTTP Server configuration."); + + fHttpInitialized = TRUE; + + hr = WcaGetProperty(L"CustomActionData", &sczCustomActionData); + ExitOnFailure(hr, "Failed to get CustomActionData."); + WcaLog(LOGMSG_TRACEONLY, "CustomActionData: %ls", sczCustomActionData); + + if (!sczCustomActionData || !*sczCustomActionData) + { + WcaLog(LOGMSG_STANDARD, "No URL reservations to be executed."); + } + + wz = sczCustomActionData; + while (wz && *wz) + { + // Extract the custom action data and if rolling back, swap INSTALL and UNINSTALL. + hr = WcaReadIntegerFromCaData(&wz, &iTodo); + ExitOnFailure(hr, "Failed to read todo from custom action data."); + + hr = WcaReadStringFromCaData(&wz, &sczUrl); + ExitOnFailure(hr, "Failed to read Url from custom action data."); + + hr = WcaReadStringFromCaData(&wz, &sczSDDL); + ExitOnFailure(hr, "Failed to read SDDL from custom action data."); + + hr = WcaReadIntegerFromCaData(&wz, reinterpret_cast(&handleExisting)); + ExitOnFailure(hr, "Failed to read HandleExisting from custom action data."); + + switch (iTodo) + { + case WCA_TODO_INSTALL: + case WCA_TODO_REINSTALL: + fRemove = heReplace == handleExisting || fRollback; + fAdd = !fRollback || *sczSDDL; + fFailOnExisting = heFail == handleExisting && !fRollback; + break; + + case WCA_TODO_UNINSTALL: + fRemove = !fRollback; + fAdd = fRollback && *sczSDDL; + fFailOnExisting = FALSE; + break; + } + + if (fRemove) + { + WcaLog(LOGMSG_STANDARD, "Removing reservation for URL '%ls'", sczUrl); + hr = RemoveUrlReservation(sczUrl); + if (FAILED(hr)) + { + if (fRollback) + { + WcaLogError(hr, "Failed to remove reservation for rollback for URL '%ls'", sczUrl); + } + else + { + ExitOnFailure(hr, "Failed to remove reservation for URL '%ls'", sczUrl); + } + } + } + + if (fAdd) + { + WcaLog(LOGMSG_STANDARD, "Adding reservation for URL '%ls' with SDDL '%ls'", sczUrl, sczSDDL); + hr = AddUrlReservation(sczUrl, sczSDDL); + if (S_FALSE == hr && fFailOnExisting) + { + hr = HRESULT_FROM_WIN32(ERROR_ALREADY_EXISTS); + } + if (FAILED(hr)) + { + if (fRollback) + { + WcaLogError(hr, "Failed to add reservation for rollback for URL '%ls' with SDDL '%ls'", sczUrl, sczSDDL); + } + else + { + ExitOnFailure(hr, "Failed to add reservation for URL '%ls' with SDDL '%ls'", sczUrl, sczSDDL); + } + } + } + } + +LExit: + ReleaseStr(sczSDDL); + ReleaseStr(sczUrl); + ReleaseStr(sczCustomActionData); + + if (fHttpInitialized) + { + ::HttpTerminate(vcHttpFlags, NULL); + } + + return WcaFinalize(FAILED(hr) ? ERROR_INSTALL_FAILURE : ERROR_SUCCESS); +} + +static HRESULT AddUrlReservation( + __in LPWSTR wzUrl, + __in LPWSTR wzSddl + ) +{ + HRESULT hr = S_OK; + DWORD er = ERROR_SUCCESS; + HTTP_SERVICE_CONFIG_URLACL_SET set = { }; + + set.KeyDesc.pUrlPrefix = wzUrl; + set.ParamDesc.pStringSecurityDescriptor = wzSddl; + + er = ::HttpSetServiceConfiguration(NULL, HttpServiceConfigUrlAclInfo, &set, sizeof(set), NULL); + if (ERROR_ALREADY_EXISTS == er) + { + hr = S_FALSE; + } + else + { + hr = HRESULT_FROM_WIN32(er); + } + ExitOnFailure(hr, "Failed to add URL reservation: %ls, ACL: %ls", wzUrl, wzSddl); + +LExit: + return hr; +} + +static HRESULT GetUrlReservation( + __in LPWSTR wzUrl, + __deref_out_z LPWSTR* psczSddl + ) +{ + HRESULT hr = S_OK; + DWORD er = ERROR_SUCCESS; + HTTP_SERVICE_CONFIG_URLACL_QUERY query = { }; + HTTP_SERVICE_CONFIG_URLACL_SET* pSet = NULL; + ULONG cbSet = 0; + + query.QueryDesc = HttpServiceConfigQueryExact; + query.KeyDesc.pUrlPrefix = wzUrl; + + er = ::HttpQueryServiceConfiguration(NULL, HttpServiceConfigUrlAclInfo, &query, sizeof(query), pSet, cbSet, &cbSet, NULL); + if (ERROR_INSUFFICIENT_BUFFER == er) + { + pSet = reinterpret_cast(MemAlloc(cbSet, TRUE)); + ExitOnNull(pSet, hr, E_OUTOFMEMORY, "Failed to allocate query URLACL buffer."); + + er = ::HttpQueryServiceConfiguration(NULL, HttpServiceConfigUrlAclInfo, &query, sizeof(query), pSet, cbSet, &cbSet, NULL); + } + + if (ERROR_SUCCESS == er) + { + hr = StrAllocString(psczSddl, pSet->ParamDesc.pStringSecurityDescriptor, 0); + } + else if (ERROR_FILE_NOT_FOUND == er) + { + hr = S_FALSE; + } + else + { + hr = HRESULT_FROM_WIN32(er); + } + +LExit: + ReleaseMem(pSet); + + return hr; +} + +static HRESULT RemoveUrlReservation( + __in LPWSTR wzUrl + ) +{ + HRESULT hr = S_OK; + DWORD er = ERROR_SUCCESS; + HTTP_SERVICE_CONFIG_URLACL_SET set = { }; + + set.KeyDesc.pUrlPrefix = wzUrl; + + er = ::HttpDeleteServiceConfiguration(NULL, HttpServiceConfigUrlAclInfo, &set, sizeof(set), NULL); + if (ERROR_FILE_NOT_FOUND == er) + { + hr = S_FALSE; + } + else + { + hr = HRESULT_FROM_WIN32(er); + } + ExitOnFailure(hr, "Failed to remove URL reservation: %ls", wzUrl); + +LExit: + return hr; +} diff --git a/src/ext/Http/ca/wixhttpca.def b/src/ext/Http/ca/wixhttpca.def new file mode 100644 index 00000000..281c5631 --- /dev/null +++ b/src/ext/Http/ca/wixhttpca.def @@ -0,0 +1,12 @@ +; Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. + + +LIBRARY "httpca" + +EXPORTS + SchedHttpUrlReservationsInstall + SchedHttpUrlReservationsUninstall + ExecHttpUrlReservations + SchedHttpSniSslCertsInstall + SchedHttpSniSslCertsUninstall + ExecHttpSniSslCerts -- cgit v1.2.3-55-g6feb