2007-03-22 10:30:00 -07:00
|
|
|
/* ***** BEGIN LICENSE BLOCK *****
|
|
|
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
|
|
*
|
|
|
|
* The contents of this file are subject to the Mozilla Public License Version
|
|
|
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
|
|
* the License. You may obtain a copy of the License at
|
|
|
|
* http://www.mozilla.org/MPL/
|
|
|
|
*
|
|
|
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
|
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
|
|
* for the specific language governing rights and limitations under the
|
|
|
|
* License.
|
|
|
|
*
|
|
|
|
* The Original Code is Mozilla XULRunner bootstrap.
|
|
|
|
*
|
|
|
|
* The Initial Developer of the Original Code is
|
|
|
|
* Benjamin Smedberg <benjamin@smedbergs.us>.
|
|
|
|
*
|
|
|
|
* Portions created by the Initial Developer are Copyright (C) 2005
|
|
|
|
* the Mozilla Foundation. All Rights Reserved.
|
|
|
|
*
|
|
|
|
* Contributor(s):
|
|
|
|
*
|
|
|
|
* Alternatively, the contents of this file may be used under the terms of
|
|
|
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
|
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
|
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
|
|
|
* of those above. If you wish to allow use of your version of this file only
|
|
|
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
|
|
|
* use your version of this file under the terms of the MPL, indicate your
|
|
|
|
* decision by deleting the provisions above and replace them with the notice
|
|
|
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
|
|
|
* the provisions above, a recipient may use your version of this file under
|
|
|
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
|
|
|
*
|
|
|
|
* ***** END LICENSE BLOCK ***** */
|
|
|
|
|
|
|
|
// This file is not build directly. Instead, it is included in multiple
|
|
|
|
// shared objects.
|
|
|
|
|
|
|
|
#ifdef nsWindowsRestart_cpp
|
|
|
|
#error "nsWindowsRestart.cpp is not a header file, and must only be included once."
|
|
|
|
#else
|
|
|
|
#define nsWindowsRestart_cpp
|
|
|
|
#endif
|
|
|
|
|
2007-12-31 07:15:43 -08:00
|
|
|
#include "nsUTF8Utils.h"
|
|
|
|
|
2007-03-22 10:30:00 -07:00
|
|
|
#include <shellapi.h>
|
|
|
|
|
|
|
|
#ifndef ERROR_ELEVATION_REQUIRED
|
|
|
|
#define ERROR_ELEVATION_REQUIRED 740L
|
|
|
|
#endif
|
|
|
|
|
|
|
|
BOOL (WINAPI *pCreateProcessWithTokenW)(HANDLE,
|
|
|
|
DWORD,
|
|
|
|
LPCWSTR,
|
|
|
|
LPWSTR,
|
|
|
|
DWORD,
|
|
|
|
LPVOID,
|
|
|
|
LPCWSTR,
|
|
|
|
LPSTARTUPINFOW,
|
|
|
|
LPPROCESS_INFORMATION);
|
|
|
|
|
|
|
|
BOOL (WINAPI *pIsUserAnAdmin)(VOID);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the length that the string will take when it is quoted.
|
|
|
|
*/
|
2007-12-31 07:15:43 -08:00
|
|
|
static int QuotedStrLen(const PRUnichar *s)
|
2007-03-22 10:30:00 -07:00
|
|
|
{
|
|
|
|
int i = 2; // initial and final quote
|
|
|
|
while (*s) {
|
|
|
|
if (*s == '"') {
|
|
|
|
++i;
|
|
|
|
}
|
|
|
|
|
2007-12-31 07:15:43 -08:00
|
|
|
++i, ++s;
|
2007-03-22 10:30:00 -07:00
|
|
|
}
|
|
|
|
return i;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Copy string "s" to string "d", quoting and escaping all double quotes.
|
|
|
|
* The CRT parses this to retrieve the original argc/argv that we meant,
|
|
|
|
* see STDARGV.C in the MSVC6 CRT sources.
|
|
|
|
*
|
|
|
|
* @return the end of the string
|
|
|
|
*/
|
2007-12-31 07:15:43 -08:00
|
|
|
static PRUnichar* QuoteString(PRUnichar *d, const PRUnichar *s)
|
2007-03-22 10:30:00 -07:00
|
|
|
{
|
|
|
|
*d = '"';
|
|
|
|
++d;
|
|
|
|
|
|
|
|
while (*s) {
|
|
|
|
*d = *s;
|
|
|
|
if (*s == '"') {
|
|
|
|
++d;
|
|
|
|
*d = '"';
|
|
|
|
}
|
|
|
|
|
|
|
|
++d; ++s;
|
|
|
|
}
|
|
|
|
|
|
|
|
*d = '"';
|
|
|
|
++d;
|
|
|
|
|
|
|
|
return d;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a quoted command from a list of arguments. The returned string
|
|
|
|
* is allocated with "malloc" and should be "free"d.
|
2007-12-31 07:15:43 -08:00
|
|
|
*
|
|
|
|
* argv is UTF8
|
2007-03-22 10:30:00 -07:00
|
|
|
*/
|
2007-12-31 07:15:43 -08:00
|
|
|
static PRUnichar*
|
|
|
|
MakeCommandLine(int argc, PRUnichar **argv)
|
2007-03-22 10:30:00 -07:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
int len = 1; // null-termination
|
|
|
|
|
|
|
|
for (i = 0; i < argc; ++i)
|
|
|
|
len += QuotedStrLen(argv[i]) + 1;
|
|
|
|
|
2007-12-31 07:15:43 -08:00
|
|
|
PRUnichar *s = (PRUnichar*) malloc(len * sizeof(PRUnichar));
|
2007-03-22 10:30:00 -07:00
|
|
|
if (!s)
|
|
|
|
return NULL;
|
|
|
|
|
2007-12-31 07:15:43 -08:00
|
|
|
PRUnichar *c = s;
|
2007-03-22 10:30:00 -07:00
|
|
|
for (i = 0; i < argc; ++i) {
|
|
|
|
c = QuoteString(c, argv[i]);
|
|
|
|
*c = ' ';
|
|
|
|
++c;
|
|
|
|
}
|
|
|
|
|
|
|
|
*c = '\0';
|
|
|
|
|
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Launch a child process without elevated privilege.
|
|
|
|
*/
|
|
|
|
static BOOL
|
2007-12-31 07:15:43 -08:00
|
|
|
LaunchAsNormalUser(const PRUnichar *exePath, PRUnichar *cl)
|
2007-03-22 10:30:00 -07:00
|
|
|
{
|
2008-03-05 11:23:44 -08:00
|
|
|
#ifdef WINCE
|
|
|
|
return PR_FALSE;
|
|
|
|
#else
|
2007-03-22 10:30:00 -07:00
|
|
|
if (!pCreateProcessWithTokenW) {
|
|
|
|
// IsUserAnAdmin is not present on Win9x and not exported by name on Win2k
|
|
|
|
*(FARPROC *)&pIsUserAnAdmin =
|
2007-12-31 07:15:43 -08:00
|
|
|
GetProcAddress(GetModuleHandleA("shell32.dll"), "IsUserAnAdmin");
|
2007-03-22 10:30:00 -07:00
|
|
|
|
|
|
|
// CreateProcessWithTokenW is not present on WinXP or earlier
|
|
|
|
*(FARPROC *)&pCreateProcessWithTokenW =
|
2007-12-31 07:15:43 -08:00
|
|
|
GetProcAddress(GetModuleHandleA("advapi32.dll"),
|
2007-03-22 10:30:00 -07:00
|
|
|
"CreateProcessWithTokenW");
|
|
|
|
|
|
|
|
if (!pCreateProcessWithTokenW)
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
// do nothing here if we are not elevated or IsUserAnAdmin is not present.
|
|
|
|
if (!pIsUserAnAdmin || pIsUserAnAdmin && !pIsUserAnAdmin())
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
// borrow the shell token to drop the privilege
|
2007-12-31 07:15:43 -08:00
|
|
|
HWND hwndShell = FindWindowA("Progman", NULL);
|
2007-03-22 10:30:00 -07:00
|
|
|
DWORD dwProcessId;
|
|
|
|
GetWindowThreadProcessId(hwndShell, &dwProcessId);
|
|
|
|
|
|
|
|
HANDLE hProcessShell = OpenProcess(MAXIMUM_ALLOWED, FALSE, dwProcessId);
|
|
|
|
if (!hProcessShell)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
HANDLE hTokenShell;
|
|
|
|
BOOL ok = OpenProcessToken(hProcessShell, MAXIMUM_ALLOWED, &hTokenShell);
|
|
|
|
CloseHandle(hProcessShell);
|
|
|
|
if (!ok)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
HANDLE hNewToken;
|
|
|
|
ok = DuplicateTokenEx(hTokenShell,
|
|
|
|
MAXIMUM_ALLOWED,
|
|
|
|
NULL,
|
|
|
|
SecurityDelegation,
|
|
|
|
TokenPrimary,
|
|
|
|
&hNewToken);
|
|
|
|
CloseHandle(hTokenShell);
|
|
|
|
if (!ok)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
STARTUPINFOW si = {sizeof(si), 0};
|
|
|
|
PROCESS_INFORMATION pi = {0};
|
|
|
|
|
2007-12-31 07:15:43 -08:00
|
|
|
// When launching with reduced privileges, environment inheritance
|
|
|
|
// (passing NULL as lpEnvironment) doesn't work correctly. Pass our
|
|
|
|
// current environment block explicitly
|
|
|
|
WCHAR* myenv = GetEnvironmentStringsW();
|
|
|
|
|
|
|
|
ok = pCreateProcessWithTokenW(hNewToken,
|
|
|
|
0, // profile is already loaded
|
|
|
|
exePath,
|
|
|
|
cl,
|
|
|
|
CREATE_UNICODE_ENVIRONMENT,
|
|
|
|
myenv, // inherit my environment
|
|
|
|
NULL, // use my current directory
|
|
|
|
&si,
|
|
|
|
&pi);
|
|
|
|
|
|
|
|
if (myenv)
|
|
|
|
FreeEnvironmentStringsW(myenv);
|
|
|
|
|
2007-03-22 10:30:00 -07:00
|
|
|
CloseHandle(hNewToken);
|
|
|
|
if (!ok)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
CloseHandle(pi.hProcess);
|
|
|
|
CloseHandle(pi.hThread);
|
|
|
|
|
|
|
|
return TRUE;
|
2008-03-05 11:23:44 -08:00
|
|
|
#endif
|
2007-03-22 10:30:00 -07:00
|
|
|
}
|
2007-12-31 07:15:43 -08:00
|
|
|
/**
|
|
|
|
* Convert UTF8 to UTF16 without using the normal XPCOM goop, which we
|
|
|
|
* can't link to updater.exe.
|
|
|
|
*/
|
|
|
|
static PRUnichar*
|
|
|
|
AllocConvertUTF8toUTF16(const char *arg)
|
|
|
|
{
|
|
|
|
// UTF16 can't be longer in units than UTF8
|
|
|
|
int len = strlen(arg);
|
|
|
|
PRUnichar *s = new PRUnichar[(len + 1) * sizeof(PRUnichar)];
|
|
|
|
if (!s)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
ConvertUTF8toUTF16 convert(s);
|
2008-01-03 16:07:06 -08:00
|
|
|
convert.write(arg, len);
|
2008-01-07 08:38:12 -08:00
|
|
|
convert.write_terminator();
|
2007-12-31 07:15:43 -08:00
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
FreeAllocStrings(int argc, PRUnichar **argv)
|
|
|
|
{
|
|
|
|
while (argc) {
|
|
|
|
--argc;
|
|
|
|
delete [] argv[argc];
|
|
|
|
}
|
|
|
|
|
|
|
|
delete [] argv;
|
|
|
|
}
|
|
|
|
|
2007-03-22 10:30:00 -07:00
|
|
|
/**
|
|
|
|
* Launch a child process with the specified arguments.
|
|
|
|
* @param needElevation 1:need elevation, -1:want to drop priv, 0:don't care
|
|
|
|
* @note argv[0] is ignored
|
2007-12-31 07:15:43 -08:00
|
|
|
* @note The form of this function that takes char **argv expects UTF-8
|
2007-03-22 10:30:00 -07:00
|
|
|
*/
|
2007-12-31 07:15:43 -08:00
|
|
|
|
2007-03-22 10:30:00 -07:00
|
|
|
BOOL
|
2007-12-31 07:15:43 -08:00
|
|
|
WinLaunchChild(const PRUnichar *exePath, int argc, PRUnichar **argv, int needElevation);
|
|
|
|
|
|
|
|
BOOL
|
|
|
|
WinLaunchChild(const PRUnichar *exePath, int argc, char **argv, int needElevation)
|
2007-03-22 10:30:00 -07:00
|
|
|
{
|
2007-12-31 07:15:43 -08:00
|
|
|
PRUnichar** argvConverted = new PRUnichar*[argc];
|
|
|
|
if (!argvConverted)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
for (int i = 0; i < argc; ++i) {
|
|
|
|
argvConverted[i] = AllocConvertUTF8toUTF16(argv[i]);
|
|
|
|
if (!argvConverted[i]) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
BOOL ok = WinLaunchChild(exePath, argc, argvConverted, needElevation);
|
|
|
|
FreeAllocStrings(argc, argvConverted);
|
|
|
|
return ok;
|
|
|
|
}
|
|
|
|
|
|
|
|
BOOL
|
|
|
|
WinLaunchChild(const PRUnichar *exePath, int argc, PRUnichar **argv, int needElevation)
|
|
|
|
{
|
|
|
|
PRUnichar *cl;
|
2007-03-22 10:30:00 -07:00
|
|
|
BOOL ok;
|
|
|
|
if (needElevation > 0) {
|
|
|
|
cl = MakeCommandLine(argc - 1, argv + 1);
|
|
|
|
if (!cl)
|
|
|
|
return FALSE;
|
2007-12-31 07:15:43 -08:00
|
|
|
ok = ShellExecuteW(NULL, // no special UI window
|
|
|
|
NULL, // use default verb
|
|
|
|
exePath,
|
|
|
|
cl,
|
|
|
|
NULL, // use my current directory
|
|
|
|
SW_SHOWDEFAULT) > (HINSTANCE)32;
|
2007-03-22 10:30:00 -07:00
|
|
|
free(cl);
|
|
|
|
return ok;
|
|
|
|
}
|
|
|
|
|
|
|
|
cl = MakeCommandLine(argc, argv);
|
|
|
|
if (!cl)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
if (needElevation < 0) {
|
|
|
|
// try to launch as a normal user first
|
|
|
|
ok = LaunchAsNormalUser(exePath, cl);
|
|
|
|
// if it fails, fallback to normal launching
|
|
|
|
if (!ok)
|
|
|
|
needElevation = 0;
|
|
|
|
}
|
|
|
|
if (needElevation == 0) {
|
2007-12-31 07:15:43 -08:00
|
|
|
STARTUPINFOW si = {sizeof(si), 0};
|
2007-03-22 10:30:00 -07:00
|
|
|
PROCESS_INFORMATION pi = {0};
|
|
|
|
|
2007-12-31 07:15:43 -08:00
|
|
|
ok = CreateProcessW(exePath,
|
|
|
|
cl,
|
|
|
|
NULL, // no special security attributes
|
|
|
|
NULL, // no special thread attributes
|
|
|
|
FALSE, // don't inherit filehandles
|
|
|
|
0, // No special process creation flags
|
|
|
|
NULL, // inherit my environment
|
|
|
|
NULL, // use my current directory
|
|
|
|
&si,
|
|
|
|
&pi);
|
2007-03-22 10:30:00 -07:00
|
|
|
|
|
|
|
if (ok) {
|
|
|
|
CloseHandle(pi.hProcess);
|
|
|
|
CloseHandle(pi.hThread);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
free(cl);
|
|
|
|
|
|
|
|
return ok;
|
|
|
|
}
|