1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4//
5// A library to manage RLZ information for access-points shared
6// across different client applications.
7
8#include "rlz/win/lib/rlz_lib.h"
9
10#include <windows.h>
11#include <aclapi.h>
12#include <winerror.h>
13
14#include "base/basictypes.h"
15#include "base/win/registry.h"
16#include "base/win/windows_version.h"
17#include "rlz/lib/assert.h"
18#include "rlz/lib/rlz_value_store.h"
19#include "rlz/win/lib/machine_deal.h"
20#include "rlz/win/lib/rlz_value_store_registry.h"
21
22namespace {
23
24// Path to recursively copy into the replacemment hives.  These are needed
25// to make sure certain win32 APIs continue to run correctly once the real
26// hives are replaced.
27const wchar_t* kHKLMAccessProviders =
28    L"System\\CurrentControlSet\\Control\\Lsa\\AccessProviders";
29
30// Helper functions
31
32void CopyRegistryTree(const base::win::RegKey& src, base::win::RegKey* dest) {
33  // First copy values.
34  for (base::win::RegistryValueIterator i(src.Handle(), L"");
35       i.Valid(); ++i) {
36    dest->WriteValue(i.Name(), reinterpret_cast<const void*>(i.Value()),
37                     i.ValueSize(), i.Type());
38  }
39
40  // Next copy subkeys recursively.
41  for (base::win::RegistryKeyIterator i(src.Handle(), L"");
42       i.Valid(); ++i) {
43    base::win::RegKey subkey(dest->Handle(), i.Name(), KEY_ALL_ACCESS);
44    CopyRegistryTree(base::win::RegKey(src.Handle(), i.Name(), KEY_READ),
45                     &subkey);
46  }
47}
48
49}  // namespace anonymous
50
51
52namespace rlz_lib {
53
54// OEM Deal confirmation storage functions.
55
56template<class T>
57class typed_buffer_ptr {
58  scoped_ptr<char[]> buffer_;
59
60 public:
61  typed_buffer_ptr() {
62  }
63
64  explicit typed_buffer_ptr(size_t size) : buffer_(new char[size]) {
65  }
66
67  void reset(size_t size) {
68    buffer_.reset(new char[size]);
69  }
70
71  operator T*() {
72    return reinterpret_cast<T*>(buffer_.get());
73  }
74};
75
76// Check if this SID has the desired access by scanning the ACEs in the DACL.
77// This function is part of the rlz_lib namespace so that it can be called from
78// unit tests.  Non-unit test code should not call this function.
79bool HasAccess(PSID sid, ACCESS_MASK access_mask, ACL* dacl) {
80  if (dacl == NULL)
81    return false;
82
83  ACL_SIZE_INFORMATION info;
84  if (!GetAclInformation(dacl, &info, sizeof(info), AclSizeInformation))
85    return false;
86
87  GENERIC_MAPPING generic_mapping = {KEY_READ, KEY_WRITE, KEY_EXECUTE,
88                                     KEY_ALL_ACCESS};
89  MapGenericMask(&access_mask, &generic_mapping);
90
91  for (DWORD i = 0; i < info.AceCount; ++i) {
92    ACCESS_ALLOWED_ACE* ace;
93    if (GetAce(dacl, i, reinterpret_cast<void**>(&ace))) {
94      if ((ace->Header.AceFlags & INHERIT_ONLY_ACE) == INHERIT_ONLY_ACE)
95        continue;
96
97      PSID existing_sid = reinterpret_cast<PSID>(&ace->SidStart);
98      DWORD mask = ace->Mask;
99      MapGenericMask(&mask, &generic_mapping);
100
101      if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE &&
102         (mask & access_mask) == access_mask && EqualSid(existing_sid, sid))
103        return true;
104
105      if (ace->Header.AceType == ACCESS_DENIED_ACE_TYPE &&
106         (mask & access_mask) != 0 && EqualSid(existing_sid, sid))
107        return false;
108    }
109  }
110
111  return false;
112}
113
114bool CreateMachineState() {
115  LibMutex lock;
116  if (lock.failed())
117    return false;
118
119  base::win::RegKey hklm_key;
120  if (hklm_key.Create(HKEY_LOCAL_MACHINE,
121                      RlzValueStoreRegistry::GetWideLibKeyName().c_str(),
122                      KEY_ALL_ACCESS | KEY_WOW64_32KEY) != ERROR_SUCCESS) {
123    ASSERT_STRING("rlz_lib::CreateMachineState: "
124                  "Unable to create / open machine key.");
125    return false;
126  }
127
128  // Create a SID that represents ALL USERS.
129  DWORD users_sid_size = SECURITY_MAX_SID_SIZE;
130  typed_buffer_ptr<SID> users_sid(users_sid_size);
131  CreateWellKnownSid(WinBuiltinUsersSid, NULL, users_sid, &users_sid_size);
132
133  // Get the security descriptor for the registry key.
134  DWORD original_sd_size = 0;
135  ::RegGetKeySecurity(hklm_key.Handle(), DACL_SECURITY_INFORMATION, NULL,
136      &original_sd_size);
137  typed_buffer_ptr<SECURITY_DESCRIPTOR> original_sd(original_sd_size);
138
139  LONG result = ::RegGetKeySecurity(hklm_key.Handle(),
140      DACL_SECURITY_INFORMATION, original_sd, &original_sd_size);
141  if (result != ERROR_SUCCESS) {
142    ASSERT_STRING("rlz_lib::CreateMachineState: "
143                  "Unable to create / open machine key.");
144    return false;
145  }
146
147  // Make a copy of the security descriptor so we can modify it.  The one
148  // returned by RegGetKeySecurity() is self-relative, so we need to make it
149  // absolute.
150  DWORD new_sd_size = 0;
151  DWORD dacl_size = 0;
152  DWORD sacl_size = 0;
153  DWORD owner_size = 0;
154  DWORD group_size = 0;
155  ::MakeAbsoluteSD(original_sd, NULL, &new_sd_size, NULL, &dacl_size,
156                        NULL, &sacl_size, NULL, &owner_size,
157                        NULL, &group_size);
158
159  typed_buffer_ptr<SECURITY_DESCRIPTOR> new_sd(new_sd_size);
160  // Make sure the DACL is big enough to add one more ACE.
161  typed_buffer_ptr<ACL> dacl(dacl_size + SECURITY_MAX_SID_SIZE);
162  typed_buffer_ptr<ACL> sacl(sacl_size);
163  typed_buffer_ptr<SID> owner(owner_size);
164  typed_buffer_ptr<SID> group(group_size);
165
166  if (!::MakeAbsoluteSD(original_sd, new_sd, &new_sd_size, dacl, &dacl_size,
167                        sacl, &sacl_size, owner, &owner_size,
168                        group, &group_size)) {
169    ASSERT_STRING("rlz_lib::CreateMachineState: MakeAbsoluteSD failed");
170    return false;
171  }
172
173  // If all users already have read/write access to the registry key, then
174  // nothing to do.  Otherwise change the security descriptor of the key to
175  // give everyone access.
176  if (HasAccess(users_sid, KEY_ALL_ACCESS, dacl)) {
177    return false;
178  }
179
180  // Add ALL-USERS ALL-ACCESS ACL.
181  EXPLICIT_ACCESS ea;
182  ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
183  ea.grfAccessPermissions = GENERIC_ALL | KEY_ALL_ACCESS;
184  ea.grfAccessMode = GRANT_ACCESS;
185  ea.grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
186  ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
187  ea.Trustee.ptstrName = L"Everyone";
188
189  ACL* new_dacl = NULL;
190  result = SetEntriesInAcl(1, &ea, dacl, &new_dacl);
191  if (result != ERROR_SUCCESS) {
192    ASSERT_STRING("rlz_lib::CreateMachineState: SetEntriesInAcl failed");
193    return false;
194  }
195
196  BOOL ok = SetSecurityDescriptorDacl(new_sd, TRUE, new_dacl, FALSE);
197  if (!ok) {
198    ASSERT_STRING("rlz_lib::CreateMachineState: "
199                  "SetSecurityDescriptorOwner failed");
200    LocalFree(new_dacl);
201    return false;
202  }
203
204  result = ::RegSetKeySecurity(hklm_key.Handle(),
205                               DACL_SECURITY_INFORMATION,
206                               new_sd);
207  // Note that the new DACL cannot be freed until after the call to
208  // RegSetKeySecurity().
209  LocalFree(new_dacl);
210
211  bool success = true;
212  if (result != ERROR_SUCCESS) {
213    ASSERT_STRING("rlz_lib::CreateMachineState: "
214                  "Unable to create / open machine key.");
215    success = false;
216  }
217
218
219  return success;
220}
221
222bool SetMachineDealCode(const char* dcc) {
223  return MachineDealCode::Set(dcc);
224}
225
226bool GetMachineDealCodeAsCgi(char* cgi, size_t cgi_size) {
227  return MachineDealCode::GetAsCgi(cgi, cgi_size);
228}
229
230bool GetMachineDealCode(char* dcc, size_t dcc_size) {
231  return MachineDealCode::Get(dcc, dcc_size);
232}
233
234// Combined functions.
235
236bool SetMachineDealCodeFromPingResponse(const char* response) {
237  return MachineDealCode::SetFromPingResponse(response);
238}
239
240void InitializeTempHivesForTesting(const base::win::RegKey& temp_hklm_key,
241                                   const base::win::RegKey& temp_hkcu_key) {
242  // For the moment, the HKCU hive requires no initialization.
243
244  if (base::win::GetVersion() >= base::win::VERSION_WIN7) {
245    // Copy the following HKLM subtrees to the temporary location so that the
246    // win32 APIs used by the tests continue to work:
247    //
248    //    HKLM\System\CurrentControlSet\Control\Lsa\AccessProviders
249    //
250    // This seems to be required since Win7.
251    base::win::RegKey dest(temp_hklm_key.Handle(), kHKLMAccessProviders,
252                           KEY_ALL_ACCESS);
253    CopyRegistryTree(base::win::RegKey(HKEY_LOCAL_MACHINE,
254                                       kHKLMAccessProviders,
255                                       KEY_READ),
256                     &dest);
257  }
258}
259
260}  // namespace rlz_lib
261