diff options
| author | David Lönnhager <david.l@mullvad.net> | 2023-02-27 19:04:09 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2023-02-27 19:04:09 +0100 |
| commit | ace5f82b50c6165f0c7f0023a0f4d5aab030d0bd (patch) | |
| tree | df0a742004cbcd15ad5af450d24c52c83cb616da /windows | |
| parent | 2c14ce3f460459541b9b1fb5bc51cf80027765f4 (diff) | |
| parent | 57c9fe44166b97fab015e5ce1e668a6a9b053714 (diff) | |
| download | mullvadvpn-ace5f82b50c6165f0c7f0023a0f4d5aab030d0bd.tar.xz mullvadvpn-ace5f82b50c6165f0c7f0023a0f4d5aab030d0bd.zip | |
Merge branch 'win-skip-lsass-privs' into main
Diffstat (limited to 'windows')
| -rw-r--r-- | windows/nsis-plugins/src/cleanup/cleaningops.cpp | 39 | ||||
| -rw-r--r-- | windows/nsis-plugins/src/cleanup/cleanup.vcxproj | 20 |
2 files changed, 25 insertions, 34 deletions
diff --git a/windows/nsis-plugins/src/cleanup/cleaningops.cpp b/windows/nsis-plugins/src/cleanup/cleaningops.cpp index 2a29e8dd1c..831cf96bf3 100644 --- a/windows/nsis-plugins/src/cleanup/cleaningops.cpp +++ b/windows/nsis-plugins/src/cleanup/cleaningops.cpp @@ -12,6 +12,7 @@ #include <utility> #include <functional> #include <processthreadsapi.h> +#include <mullvad-nsis.h> namespace { @@ -66,43 +67,25 @@ std::wstring ConstructUserPath(const std::wstring &users, const std::wstring &us std::wstring GetSystemUserLocalAppData() { - common::security::AdjustCurrentProcessTokenPrivilege(L"SeDebugPrivilege"); + std::vector<uint16_t> buffer(256); + size_t bufferSize = buffer.size(); - common::memory::ScopeDestructor sd; +GET_LOCAL_APPDATA: - sd += [] - { - common::security::AdjustCurrentProcessTokenPrivilege(L"SeDebugPrivilege", false); - }; - - auto systemDir = common::fs::GetKnownFolderPath(FOLDERID_System); - auto lsassPath = std::filesystem::path(systemDir).append(L"lsass.exe"); - auto lsassPid = common::process::GetProcessIdFromName(lsassPath); + auto result = get_system_local_appdata(buffer.data(), &bufferSize); - auto processHandle = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, lsassPid); - - if (nullptr == processHandle) + if (Status::InsufficientBufferSize == result) { - THROW_ERROR("Failed to access the \"LSASS\" process"); + buffer.resize(bufferSize); + goto GET_LOCAL_APPDATA; } - HANDLE processToken; - - auto status = OpenProcessToken(processHandle, TOKEN_READ | TOKEN_IMPERSONATE | TOKEN_DUPLICATE, &processToken); - - CloseHandle(processHandle); - - if (FALSE == status) + if (Status::Ok != result) { - THROW_ERROR("Failed to acquire process token for the \"LSASS\" process"); + THROW_ERROR("Failed to acquire system app data path"); } - sd += [&]() - { - CloseHandle(processToken); - }; - - return common::fs::GetKnownFolderPath(FOLDERID_LocalAppData, KF_FLAG_DEFAULT, processToken); + return std::wstring(reinterpret_cast<wchar_t *>(buffer.data())); } std::filesystem::path GetSystemCacheDirectory() diff --git a/windows/nsis-plugins/src/cleanup/cleanup.vcxproj b/windows/nsis-plugins/src/cleanup/cleanup.vcxproj index 879866e530..287c7ab418 100644 --- a/windows/nsis-plugins/src/cleanup/cleanup.vcxproj +++ b/windows/nsis-plugins/src/cleanup/cleanup.vcxproj @@ -61,7 +61,7 @@ <SDLCheck>true</SDLCheck> <PreprocessorDefinitions>WIN32;_DEBUG;CLEANUP_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions> <ConformanceMode>true</ConformanceMode> - <AdditionalIncludeDirectories>$(ProjectDir)../../../../dist-assets/binaries/x86_64-pc-windows-msvc/;$(ProjectDir)../../../windows-libraries/src/</AdditionalIncludeDirectories> + <AdditionalIncludeDirectories>$(ProjectDir)../../../../mullvad-nsis/include;$(ProjectDir)../../../../dist-assets/binaries/x86_64-pc-windows-msvc/;$(ProjectDir)../../../windows-libraries/src/</AdditionalIncludeDirectories> <LanguageStandard>stdcpplatest</LanguageStandard> <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> </ClCompile> @@ -69,11 +69,15 @@ <SubSystem>Windows</SubSystem> <GenerateDebugInformation>true</GenerateDebugInformation> <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers> - <AdditionalLibraryDirectories>$(ProjectDir)../../../../dist-assets/binaries/x86_64-pc-windows-msvc/nsis/;$(SolutionDir)bin\$(Platform)-$(Configuration)\</AdditionalLibraryDirectories> - <AdditionalDependencies>libcommon.lib;pluginapi-x86-unicode.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalLibraryDirectories>$(ProjectDir)../../../../target/i686-pc-windows-msvc/release;$(ProjectDir)../../../../dist-assets/binaries/x86_64-pc-windows-msvc/nsis/;$(SolutionDir)bin\$(Platform)-$(Configuration)\</AdditionalLibraryDirectories> + <AdditionalDependencies>mullvad_nsis.lib;libcommon.lib;pluginapi-x86-unicode.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies> <IgnoreSpecificDefaultLibraries>libc.lib</IgnoreSpecificDefaultLibraries> <ModuleDefinitionFile>cleanup.def</ModuleDefinitionFile> </Link> + <PreBuildEvent> + <Command>cargo build --target i686-pc-windows-msvc --release -p mullvad-nsis</Command> + <Message>Build mullvad-nsis library</Message> + </PreBuildEvent> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <ClCompile> @@ -85,7 +89,7 @@ <SDLCheck>true</SDLCheck> <PreprocessorDefinitions>WIN32;NDEBUG;CLEANUP_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions> <ConformanceMode>true</ConformanceMode> - <AdditionalIncludeDirectories>$(ProjectDir)../../../../dist-assets/binaries/x86_64-pc-windows-msvc/;$(ProjectDir)../../../windows-libraries/src/</AdditionalIncludeDirectories> + <AdditionalIncludeDirectories>$(ProjectDir)../../../../mullvad-nsis/include;$(ProjectDir)../../../../dist-assets/binaries/x86_64-pc-windows-msvc/;$(ProjectDir)../../../windows-libraries/src/</AdditionalIncludeDirectories> <RuntimeLibrary>MultiThreaded</RuntimeLibrary> <LanguageStandard>stdcpplatest</LanguageStandard> </ClCompile> @@ -95,11 +99,15 @@ <OptimizeReferences>true</OptimizeReferences> <GenerateDebugInformation>true</GenerateDebugInformation> <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers> - <AdditionalLibraryDirectories>$(ProjectDir)../../../../dist-assets/binaries/x86_64-pc-windows-msvc/nsis/;$(SolutionDir)bin\$(Platform)-$(Configuration)\</AdditionalLibraryDirectories> - <AdditionalDependencies>libcommon.lib;pluginapi-x86-unicode.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalLibraryDirectories>$(ProjectDir)../../../../target/i686-pc-windows-msvc/release;$(ProjectDir)../../../../dist-assets/binaries/x86_64-pc-windows-msvc/nsis/;$(SolutionDir)bin\$(Platform)-$(Configuration)\</AdditionalLibraryDirectories> + <AdditionalDependencies>mullvad_nsis.lib;libcommon.lib;pluginapi-x86-unicode.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies> <IgnoreSpecificDefaultLibraries>libc.lib</IgnoreSpecificDefaultLibraries> <ModuleDefinitionFile>cleanup.def</ModuleDefinitionFile> </Link> + <PreBuildEvent> + <Command>cargo build --target i686-pc-windows-msvc --release -p mullvad-nsis</Command> + <Message>Build mullvad-nsis library</Message> + </PreBuildEvent> </ItemDefinitionGroup> <ItemGroup> <ClInclude Include="cleaningops.h" /> |