diff options
| author | David Lönnhager <david.l@mullvad.net> | 2023-02-27 19:04:09 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2023-02-27 19:04:09 +0100 |
| commit | ace5f82b50c6165f0c7f0023a0f4d5aab030d0bd (patch) | |
| tree | df0a742004cbcd15ad5af450d24c52c83cb616da /windows/nsis-plugins/src/cleanup/cleaningops.cpp | |
| parent | 2c14ce3f460459541b9b1fb5bc51cf80027765f4 (diff) | |
| parent | 57c9fe44166b97fab015e5ce1e668a6a9b053714 (diff) | |
| download | mullvadvpn-ace5f82b50c6165f0c7f0023a0f4d5aab030d0bd.tar.xz mullvadvpn-ace5f82b50c6165f0c7f0023a0f4d5aab030d0bd.zip | |
Merge branch 'win-skip-lsass-privs' into main
Diffstat (limited to 'windows/nsis-plugins/src/cleanup/cleaningops.cpp')
| -rw-r--r-- | windows/nsis-plugins/src/cleanup/cleaningops.cpp | 39 |
1 files changed, 11 insertions, 28 deletions
diff --git a/windows/nsis-plugins/src/cleanup/cleaningops.cpp b/windows/nsis-plugins/src/cleanup/cleaningops.cpp index 2a29e8dd1c..831cf96bf3 100644 --- a/windows/nsis-plugins/src/cleanup/cleaningops.cpp +++ b/windows/nsis-plugins/src/cleanup/cleaningops.cpp @@ -12,6 +12,7 @@ #include <utility> #include <functional> #include <processthreadsapi.h> +#include <mullvad-nsis.h> namespace { @@ -66,43 +67,25 @@ std::wstring ConstructUserPath(const std::wstring &users, const std::wstring &us std::wstring GetSystemUserLocalAppData() { - common::security::AdjustCurrentProcessTokenPrivilege(L"SeDebugPrivilege"); + std::vector<uint16_t> buffer(256); + size_t bufferSize = buffer.size(); - common::memory::ScopeDestructor sd; +GET_LOCAL_APPDATA: - sd += [] - { - common::security::AdjustCurrentProcessTokenPrivilege(L"SeDebugPrivilege", false); - }; - - auto systemDir = common::fs::GetKnownFolderPath(FOLDERID_System); - auto lsassPath = std::filesystem::path(systemDir).append(L"lsass.exe"); - auto lsassPid = common::process::GetProcessIdFromName(lsassPath); + auto result = get_system_local_appdata(buffer.data(), &bufferSize); - auto processHandle = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, lsassPid); - - if (nullptr == processHandle) + if (Status::InsufficientBufferSize == result) { - THROW_ERROR("Failed to access the \"LSASS\" process"); + buffer.resize(bufferSize); + goto GET_LOCAL_APPDATA; } - HANDLE processToken; - - auto status = OpenProcessToken(processHandle, TOKEN_READ | TOKEN_IMPERSONATE | TOKEN_DUPLICATE, &processToken); - - CloseHandle(processHandle); - - if (FALSE == status) + if (Status::Ok != result) { - THROW_ERROR("Failed to acquire process token for the \"LSASS\" process"); + THROW_ERROR("Failed to acquire system app data path"); } - sd += [&]() - { - CloseHandle(processToken); - }; - - return common::fs::GetKnownFolderPath(FOLDERID_LocalAppData, KF_FLAG_DEFAULT, processToken); + return std::wstring(reinterpret_cast<wchar_t *>(buffer.data())); } std::filesystem::path GetSystemCacheDirectory() |