2 This file is part of GNUnet.
3 (C) 2001, 2002, 2003, 2004, 2005, 2006 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 2, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
23 * @brief Helper functions for MS Windows in C++
32 #include "gnunet_common.h"
33 #include "gnunet_connection_lib.h"
38 #define INHERITED_ACE 0x10
41 int plibc_conv_to_win_path(const char *pszUnix, char *pszWindows);
43 #define _IP_ADAPTER_UNICAST_ADDRESS_HEAD \
51 #define _IP_ADAPTER_UNICAST_ADDRESS_BASE \
52 SOCKET_ADDRESS Address; \
53 IP_PREFIX_ORIGIN PrefixOrigin; \
54 IP_SUFFIX_ORIGIN SuffixOrigin; \
55 IP_DAD_STATE DadState; \
56 ULONG ValidLifetime; \
57 ULONG PreferredLifetime; \
60 #define _IP_ADAPTER_UNICAST_ADDRESS_ADD_VISTA \
61 UINT8 OnLinkPrefixLength;
64 #define _IP_ADAPTER_UNICAST_ADDRESS_DEFINE(suffix,addition) \
65 typedef struct _IP_ADAPTER_UNICAST_ADDRESS##suffix { \
66 _IP_ADAPTER_UNICAST_ADDRESS_HEAD \
67 struct _IP_ADAPTER_UNICAST_ADDRESS##suffix *Next; \
68 _IP_ADAPTER_UNICAST_ADDRESS_BASE \
70 } IP_ADAPTER_UNICAST_ADDRESS##suffix, *PIP_ADAPTER_UNICAST_ADDRESS##suffix;
72 /* _IP_ADAPTER_UNICAST_ADDRESS_DEFINE(,) defined in w32api headers */
73 _IP_ADAPTER_UNICAST_ADDRESS_DEFINE(_VISTA,_IP_ADAPTER_UNICAST_ADDRESS_ADD_VISTA)
76 typedef struct _IP_ADAPTER_WINS_SERVER_ADDRESS {
84 struct _IP_ADAPTER_WINS_SERVER_ADDRESS *Next;
85 SOCKET_ADDRESS Address;
86 } IP_ADAPTER_WINS_SERVER_ADDRESS, *PIP_ADAPTER_WINS_SERVER_ADDRESS, *PIP_ADAPTER_WINS_SERVER_ADDRESS_LH;
88 typedef struct _IP_ADAPTER_GATEWAY_ADDRESS {
96 struct _IP_ADAPTER_GATEWAY_ADDRESS *Next;
97 SOCKET_ADDRESS Address;
98 } IP_ADAPTER_GATEWAY_ADDRESS, *PIP_ADAPTER_GATEWAY_ADDRESS, *PIP_ADAPTER_GATEWAY_ADDRESS_LH;
100 typedef UINT32 NET_IF_COMPARTMENT_ID;
101 typedef GUID NET_IF_NETWORK_GUID;
103 typedef enum _NET_IF_CONNECTION_TYPE {
104 NET_IF_CONNECTION_DEDICATED = 1,
105 NET_IF_CONNECTION_PASSIVE,
106 NET_IF_CONNECTION_DEMAND,
107 NET_IF_CONNECTION_MAXIMUM
108 } NET_IF_CONNECTION_TYPE, *PNET_IF_CONNECTION_TYPE;
111 TUNNEL_TYPE_NONE = 0,
118 } TUNNEL_TYPE, *PTUNNEL_TYPE;
121 A DUID consists of a two-octet type code represented in network byte
122 order, followed by a variable number of octets that make up the
123 actual identifier. A DUID can be no more than 128 octets long (not
124 including the type code).
126 #define MAX_DHCPV6_DUID_LENGTH 130
128 typedef union _NET_LUID {
131 ULONG64 Reserved :24;
132 ULONG64 NetLuidIndex :24;
135 } NET_LUID, *PNET_LUID, IF_LUID;
137 #define MAX_DNS_SUFFIX_STRING_LENGTH 246
139 typedef struct _IP_ADAPTER_DNS_SUFFIX {
140 struct _IP_ADAPTER_DNS_SUFFIX *Next;
141 WCHAR String[MAX_DNS_SUFFIX_STRING_LENGTH];
142 } IP_ADAPTER_DNS_SUFFIX, *PIP_ADAPTER_DNS_SUFFIX;
146 #define _IP_ADAPTER_ADDRESSES_HEAD \
148 ULONGLONG Alignment; \
155 #define _IP_ADAPTER_ADDRESSES_BASE \
157 PIP_ADAPTER_UNICAST_ADDRESS FirstUnicastAddress; \
158 PIP_ADAPTER_ANYCAST_ADDRESS FirstAnycastAddress; \
159 PIP_ADAPTER_MULTICAST_ADDRESS FirstMulticastAddress; \
160 PIP_ADAPTER_DNS_SERVER_ADDRESS FirstDnsServerAddress; \
162 PWCHAR Description; \
163 PWCHAR FriendlyName; \
164 BYTE PhysicalAddress[MAX_ADAPTER_ADDRESS_LENGTH]; \
165 DWORD PhysicalAddressLength; \
169 IF_OPER_STATUS OperStatus;
171 #define _IP_ADAPTER_ADDRESSES_ADD_XPSP1 \
173 DWORD ZoneIndices[16]; \
174 PIP_ADAPTER_PREFIX FirstPrefix; \
177 #define _IP_ADAPTER_ADDRESSES_ADD_VISTA \
178 _IP_ADAPTER_ADDRESSES_ADD_XPSP1 \
179 ULONG64 TransmitLinkSpeed; \
180 ULONG64 ReceiveLinkSpeed; \
181 PIP_ADAPTER_WINS_SERVER_ADDRESS_LH FirstWinsServerAddress; \
182 PIP_ADAPTER_GATEWAY_ADDRESS_LH FirstGatewayAddress; \
186 SOCKET_ADDRESS Dhcpv4Server; \
187 NET_IF_COMPARTMENT_ID CompartmentId; \
188 NET_IF_NETWORK_GUID NetworkGuid; \
189 NET_IF_CONNECTION_TYPE ConnectionType; \
190 TUNNEL_TYPE TunnelType; \
191 SOCKET_ADDRESS Dhcpv6Server; \
192 BYTE Dhcpv6ClientDuid[MAX_DHCPV6_DUID_LENGTH]; \
193 ULONG Dhcpv6ClientDuidLength; \
196 #define _IP_ADAPTER_ADDRESSES_ADD_2008_OR_VISTASP1 \
197 _IP_ADAPTER_ADDRESSES_ADD_VISTA \
198 PIP_ADAPTER_DNS_SUFFIX FirstDnsSuffix;
200 #define _IP_ADAPTER_ADDRESSES_DEFINE(suffix,addition) \
201 typedef struct _IP_ADAPTER_ADDRESSES##suffix { \
202 _IP_ADAPTER_ADDRESSES_HEAD \
203 struct _IP_ADAPTER_ADDRESSES##suffix *Next; \
204 _IP_ADAPTER_ADDRESSES_BASE \
206 } IP_ADAPTER_ADDRESSES##suffix, *PIP_ADAPTER_ADDRESSES##suffix;
209 /* _IP_ADAPTER_ADDRESSES_DEFINE(,) defined in w32api headers */
210 _IP_ADAPTER_ADDRESSES_DEFINE(_XPSP1,_IP_ADAPTER_ADDRESSES_ADD_XPSP1)
211 _IP_ADAPTER_ADDRESSES_DEFINE(_VISTA,_IP_ADAPTER_ADDRESSES_ADD_VISTA)
212 _IP_ADAPTER_ADDRESSES_DEFINE(_2008_OR_VISTASP1,_IP_ADAPTER_ADDRESSES_ADD_2008_OR_VISTASP1)
215 EnumNICs_IPv6_get_ifs_count (SOCKET s)
217 DWORD dwret = 0, err;
219 iret = WSAIoctl (s, SIO_ADDRESS_LIST_QUERY, NULL, 0, NULL, 0,
221 err = GetLastError ();
222 if (iret == SOCKET_ERROR && err == WSAEFAULT)
226 return GNUNET_SYSERR;
230 EnumNICs_IPv6_get_ifs (SOCKET s, SOCKET_ADDRESS_LIST *inf, int size)
234 iret = WSAIoctl (s, SIO_ADDRESS_LIST_QUERY, NULL, 0, inf, size,
237 if (iret != 0 || dwret != size)
239 /* It's supposed to succeed! And size should be the same */
240 return GNUNET_SYSERR;
246 #define GNUNET_malloc(a) HeapAlloc(GetProcessHeap (), HEAP_ZERO_MEMORY | \
247 HEAP_GENERATE_EXCEPTIONS, a)
250 #define GNUNET_free(a) HeapFree(GetProcessHeap (), 0, a)
252 #undef GNUNET_free_non_null
253 #define GNUNET_free_non_null(a) do { if ((a) != NULL) GNUNET_free(a); } while (0)
256 EnumNICs_IPv4_get_ifs (SOCKET s, INTERFACE_INFO **inf, int *size)
261 INTERFACE_INFO *ii = NULL;
262 DWORD ii_size = sizeof (INTERFACE_INFO) * 15;
265 if (ii_size >= sizeof (INTERFACE_INFO) * 1000)
266 return GNUNET_SYSERR;
267 ii = (INTERFACE_INFO *) GNUNET_malloc (ii_size);
269 iret = WSAIoctl (s, SIO_GET_INTERFACE_LIST, NULL, 0, ii, ii_size,
271 error = GetLastError ();
272 if (iret == SOCKET_ERROR)
274 if (error == WSAEFAULT)
281 return GNUNET_SYSERR;
290 return GNUNET_SYSERR;
294 EnumNICs2 (INTERFACE_INFO **ifs4, int *ifs4_len, SOCKET_ADDRESS_LIST **ifs6)
297 SOCKET s4 = INVALID_SOCKET, s6 = INVALID_SOCKET;
298 DWORD dwret1 = 0, dwret2;
300 int ifs4len = 0, ifs6len = 0;
301 INTERFACE_INFO *interfaces4 = NULL;
302 SOCKET_ADDRESS_LIST *interfaces6 = NULL;
304 s4 = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
305 err1 = GetLastError ();
307 s6 = socket (AF_INET6, SOCK_STREAM, IPPROTO_TCP);
308 err2 = GetLastError ();
309 if (s6 != INVALID_SOCKET)
311 ifs6len = EnumNICs_IPv6_get_ifs_count (s6);
314 interfaces6 = (SOCKET_ADDRESS_LIST *) GNUNET_malloc (ifs6len);
315 result = EnumNICs_IPv6_get_ifs (s6, interfaces6, ifs6len) || result;
321 if (s4 != INVALID_SOCKET)
323 result = EnumNICs_IPv4_get_ifs (s4, &interfaces4, &ifs4len) || result;
327 if (ifs6len + ifs4len == 0)
338 if (interfaces4 != NULL)
339 GNUNET_free (interfaces4);
340 if (interfaces6 != NULL)
341 GNUNET_free (interfaces6);
342 if (s4 != INVALID_SOCKET)
344 if (s6 != INVALID_SOCKET)
346 return GNUNET_SYSERR;
350 * Returns GNUNET_OK on OK, GNUNET_SYSERR on error
353 EnumNICs3 (struct EnumNICs3_results **results, int *results_count)
357 ULONG flags = /*GAA_FLAG_INCLUDE_PREFIX |*/ GAA_FLAG_SKIP_ANYCAST |
358 GAA_FLAG_SKIP_MULTICAST | GAA_FLAG_SKIP_DNS_SERVER;
359 struct sockaddr_in6 examplecom6;
361 DWORD best_interface = 0;
362 DWORD best_interface6 = 0;
365 INTERFACE_INFO *interfaces4 = NULL;
366 int interfaces4_len = 0;
367 SOCKET_ADDRESS_LIST *interfaces6 = NULL;
369 unsigned long outBufLen = sizeof (IP_ADAPTER_ADDRESSES);
370 IP_ADAPTER_ADDRESSES *pCurrentAddress = NULL;
371 IP_ADAPTER_ADDRESSES *pAddresses = (IP_ADAPTER_ADDRESSES *) GNUNET_malloc (outBufLen);
373 if (GetAdaptersAddresses (AF_UNSPEC, flags, NULL, pAddresses, &outBufLen)
374 == ERROR_BUFFER_OVERFLOW)
376 GNUNET_free (pAddresses);
377 pAddresses = (IP_ADAPTER_ADDRESSES *) GNUNET_malloc (outBufLen);
380 dwRetVal = GetAdaptersAddresses (AF_UNSPEC, flags, NULL, pAddresses, &outBufLen);
382 if (dwRetVal != NO_ERROR)
384 GNUNET_free (pAddresses);
385 return GNUNET_SYSERR;
388 if (pAddresses->Length < sizeof (IP_ADAPTER_ADDRESSES_VISTA))
392 /* Enumerate NICs using WSAIoctl() */
393 if (GNUNET_OK != EnumNICs2 (&interfaces4, &interfaces4_len, &interfaces6))
395 GNUNET_free (pAddresses);
396 return GNUNET_SYSERR;
400 examplecom = inet_addr("192.0.34.166"); /* www.example.com */
401 if (GetBestInterface (examplecom, &best_interface) != NO_ERROR)
404 if (GNGetBestInterfaceEx != NULL)
406 examplecom6.sin6_family = AF_INET6;
407 examplecom6.sin6_port = 0;
408 examplecom6.sin6_flowinfo = 0;
409 examplecom6.sin6_scope_id = 0;
410 inet_pton (AF_INET6, "2001:500:88:200:0:0:0:10",
411 (struct sockaddr *) &examplecom6.sin6_addr);
412 dwRetVal = GNGetBestInterfaceEx ((struct sockaddr *) &examplecom6,
414 if (dwRetVal != NO_ERROR)
418 /* Give IPv6 a priority */
419 if (best_interface6 != 0)
420 best_interface = best_interface6;
423 for (pCurrentAddress = pAddresses;
424 pCurrentAddress != NULL; pCurrentAddress = pCurrentAddress->Next)
426 if (pCurrentAddress->OperStatus == IfOperStatusUp)
428 IP_ADAPTER_UNICAST_ADDRESS *unicast = NULL;
429 for (unicast = pCurrentAddress->FirstUnicastAddress; unicast != NULL;
430 unicast = unicast->Next)
432 if ((unicast->Address.lpSockaddr->sa_family == AF_INET ||
433 unicast->Address.lpSockaddr->sa_family == AF_INET6) &&
434 (unicast->DadState == IpDadStateDeprecated ||
435 unicast->DadState == IpDadStatePreferred))
445 GNUNET_free (pAddresses);
446 GNUNET_free_non_null (interfaces4);
447 GNUNET_free_non_null (interfaces6);
451 *results = (struct EnumNICs3_results *) GNUNET_malloc (
452 sizeof (struct EnumNICs3_results) * count);
453 *results_count = count;
456 for (pCurrentAddress = pAddresses;
457 pCurrentAddress != NULL; pCurrentAddress = pCurrentAddress->Next)
459 struct EnumNICs3_results *r;
460 IP_ADAPTER_UNICAST_ADDRESS *unicast = NULL;
461 if (pCurrentAddress->OperStatus != IfOperStatusUp)
463 for (unicast = pCurrentAddress->FirstUnicastAddress; unicast != NULL;
464 unicast = unicast->Next)
467 int mask_length = -1;
468 char dst[INET6_ADDRSTRLEN + 1];
470 if ((unicast->Address.lpSockaddr->sa_family != AF_INET &&
471 unicast->Address.lpSockaddr->sa_family != AF_INET6) ||
472 (unicast->DadState != IpDadStateDeprecated &&
473 unicast->DadState != IpDadStatePreferred))
476 r = &(*results)[count];
478 if (pCurrentAddress->IfIndex > 0 &&
479 pCurrentAddress->IfIndex == best_interface &&
480 unicast->Address.lpSockaddr->sa_family == AF_INET)
482 else if (pCurrentAddress->Ipv6IfIndex > 0 &&
483 pCurrentAddress->Ipv6IfIndex == best_interface6 &&
484 unicast->Address.lpSockaddr->sa_family == AF_INET6)
489 /* Don't choose default interface twice */
491 best_interface = best_interface6 = 0;
495 memcpy (&r->address, unicast->Address.lpSockaddr,
496 unicast->Address.iSockaddrLength);
497 memset (&r->mask, 0, sizeof (struct sockaddr));
498 mask_length = ((IP_ADAPTER_UNICAST_ADDRESS_VISTA *) unicast)->
500 /* OnLinkPrefixLength is the number of leading 1s in the mask.
501 * OnLinkPrefixLength is available on Vista and later (hence use_enum2).
503 if (unicast->Address.lpSockaddr->sa_family == AF_INET)
505 struct sockaddr_in *m = (struct sockaddr_in *) &r->mask;
506 for (i = 0; i < mask_length; i++)
507 ((unsigned char *) &m->sin_addr)[i / 8] |= 0x80 >> (i % 8);
509 else if (unicast->Address.lpSockaddr->sa_family == AF_INET6)
511 struct sockaddr_in6 *m = (struct sockaddr_in6 *) &r->mask;
512 struct sockaddr_in6 *b = (struct sockaddr_in6 *) &r->broadcast;
513 for (i = 0; i < mask_length; i++)
514 ((unsigned char *) &m->sin6_addr)[i / 8] |= 0x80 >> (i % 8);
515 memcpy (&r->broadcast, &r->address, unicast->Address.iSockaddrLength);
516 for (i = mask_length; i < 128; i++)
517 ((unsigned char *) &b->sin6_addr)[i / 8] |= 0x80 >> (i % 8);
519 r->flags |= ENUMNICS3_MASK_OK;
524 if (unicast->Address.lpSockaddr->sa_family == AF_INET)
526 for (i = 0; !found && i < interfaces4_len / sizeof (INTERFACE_INFO); i++)
528 struct sockaddr_in *m = (struct sockaddr_in *) &r->mask;
529 if (memcpy (&interfaces4[i].iiAddress.Address,
530 unicast->Address.lpSockaddr,
531 unicast->Address.iSockaddrLength) != 0)
534 memcpy (&r->address, &interfaces4[i].iiAddress.Address,
535 sizeof (struct sockaddr_in));
536 memcpy (&r->mask, &interfaces4[i].iiNetmask.Address,
537 sizeof (struct sockaddr_in));
538 for (mask_length = 0;
539 ((unsigned char *) &m->sin_addr)[mask_length / 8] &
540 0x80 >> (mask_length % 8); mask_length++)
543 r->flags |= ENUMNICS3_MASK_OK;
546 else if (unicast->Address.lpSockaddr->sa_family == AF_INET6)
549 interfaces6 != NULL && !found && i < interfaces6->iAddressCount;
552 if (memcpy (interfaces6->Address[i].lpSockaddr,
553 unicast->Address.lpSockaddr,
554 unicast->Address.iSockaddrLength) != 0)
557 memcpy (&r->address, interfaces6->Address[i].lpSockaddr,
558 sizeof (struct sockaddr_in6));
559 /* TODO: Find a way to reliably get network mask for IPv6 on XP */
560 memset (&r->mask, 0, sizeof (struct sockaddr));
561 r->flags &= ~ENUMNICS3_MASK_OK;
569 if (unicast->Address.lpSockaddr->sa_family == AF_INET)
571 struct sockaddr_in *m = (struct sockaddr_in *) &r->mask;
572 struct sockaddr_in *a = (struct sockaddr_in *) &r->address;
573 /* copy address to broadcast, then flip all the trailing bits not
574 * falling under netmask to 1,
575 * so we get, 192.168.0.255 from, say, 192.168.0.43 with mask == 24.
577 memcpy (&r->broadcast, &r->address, unicast->Address.iSockaddrLength);
578 for (i = mask_length; i < 32; i++)
579 ((unsigned char *) &m->sin_addr)[i / 8] |= 0x80 >> (i % 8);
580 r->flags |= ENUMNICS3_BCAST_OK;
581 r->addr_size = sizeof (struct sockaddr_in);
582 inet_ntop (AF_INET, &a->sin_addr, dst, INET_ADDRSTRLEN);
584 else if (unicast->Address.lpSockaddr->sa_family == AF_INET6)
586 struct sockaddr_in6 *a = (struct sockaddr_in6 *) &r->address;
587 /* for IPv6 broadcast is not defined, zero it down */
588 memset (&r->broadcast, 0, sizeof (struct sockaddr));
589 r->flags &= ~ENUMNICS3_BCAST_OK;
590 r->addr_size = sizeof (struct sockaddr_in6);
591 inet_ntop (AF_INET6, &a->sin6_addr, dst, INET6_ADDRSTRLEN);
595 i += snprintf (&r->pretty_name[i], 1000 - i > 0 ? 1000 - i : 0,
596 "%S (%s", pCurrentAddress->FriendlyName, dst);
597 for (j = 0; j < pCurrentAddress->PhysicalAddressLength; j++)
598 i += snprintf (&r->pretty_name[i], 1000 - i > 0 ? 1000 - i : 0,
599 "%s%02X",j > 0 ? ":" : " - ", pCurrentAddress->PhysicalAddress[j]);
600 i += snprintf (&r->pretty_name[i], 1000 - i > 0 ? 1000 - i : 0, ")");
601 r->pretty_name[1000] = '\0';
608 GNUNET_free_non_null (interfaces4);
609 GNUNET_free_non_null (interfaces6);
612 GNUNET_free (pAddresses);
617 EnumNICs3_free (struct EnumNICs3_results *r)
619 GNUNET_free_non_null (r);
624 * Lists all network interfaces in a combo box
625 * Used by the basic GTK configurator
627 * @param callback function to call for each NIC
628 * @param callback_cls closure for callback
631 ListNICs (void (*callback) (void *, const char *, int), void * callback_cls)
635 struct EnumNICs3_results *results = NULL;
638 r = EnumNICs3 (&results, &results_count);
642 for (i = 0; i < results_count; i++)
643 callback (callback_cls, results[i].pretty_name, results[i].is_default);
644 GNUNET_free_non_null (results);
649 * @brief Installs the Windows service
650 * @param servicename name of the service as diplayed by the SCM
651 * @param application path to the application binary
652 * @param username the name of the service's user account
653 * @returns 0 on success
654 * 1 if the Windows version doesn't support services
655 * 2 if the SCM could not be opened
656 * 3 if the service could not be created
658 int InstallAsService(char *servicename, char *application, char *username)
660 SC_HANDLE hManager, hService;
661 char szEXE[_MAX_PATH + 17] = "\"";
664 if (! GNOpenSCManager)
667 plibc_conv_to_win_path(application, szEXE + 1);
668 strcat(szEXE, "\" --win-service");
669 hManager = GNOpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
675 user = (char *) malloc(strlen(username) + 3);
676 sprintf(user, ".\\%s", username);
679 hService = GNCreateService(hManager, (LPCTSTR) servicename, (LPCTSTR) servicename, 0,
680 SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, (LPCTSTR) szEXE,
681 NULL, NULL, NULL, (LPCTSTR) user, (LPCTSTR) username);
689 GNCloseServiceHandle(hService);
695 * @brief Uninstall Windows service
696 * @param servicename name of the service to delete
697 * @returns 0 on success
698 * 1 if the Windows version doesn't support services
699 * 2 if the SCM could not be openend
700 * 3 if the service cannot be accessed
701 * 4 if the service cannot be deleted
703 int UninstallService(char *servicename)
705 SC_HANDLE hManager, hService;
707 if (! GNOpenSCManager)
710 hManager = GNOpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
714 if (! (hService = GNOpenService(hManager, (LPCTSTR) servicename, DELETE)))
715 if (GetLastError() != ERROR_SERVICE_DOES_NOT_EXIST)
720 if (! GNDeleteService(hService))
721 if (GetLastError() != ERROR_SERVICE_MARKED_FOR_DELETE)
725 GNCloseServiceHandle(hService);
731 * @author Scott Field, Microsoft
732 * @see http://support.microsoft.com/?scid=kb;en-us;132958
735 void _InitLsaString(PLSA_UNICODE_STRING LsaString, LPWSTR String)
741 LsaString->Buffer = NULL;
742 LsaString->Length = 0;
743 LsaString->MaximumLength = 0;
747 StringLength = wcslen(String);
748 LsaString->Buffer = String;
749 LsaString->Length = (USHORT) StringLength *sizeof(WCHAR);
750 LsaString->MaximumLength = (USHORT) (StringLength + 1) * sizeof(WCHAR);
755 * @author Scott Field, Microsoft
756 * @see http://support.microsoft.com/?scid=kb;en-us;132958
759 NTSTATUS _OpenPolicy(LPWSTR ServerName, DWORD DesiredAccess, PLSA_HANDLE PolicyHandle)
761 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
762 LSA_UNICODE_STRING ServerString;
763 PLSA_UNICODE_STRING Server = NULL;
765 /* Always initialize the object attributes to all zeroes. */
766 ZeroMemory(&ObjectAttributes, sizeof(ObjectAttributes));
768 if(ServerName != NULL)
770 /* Make a LSA_UNICODE_STRING out of the LPWSTR passed in */
771 _InitLsaString(&ServerString, ServerName);
772 Server = &ServerString;
775 /* Attempt to open the policy. */
776 return GNLsaOpenPolicy(Server,
777 &ObjectAttributes, DesiredAccess, PolicyHandle);
781 * @brief Obtain a SID representing the supplied account on the supplied system
782 * @return TRUE on success, FALSE on failure
783 * @author Scott Field, Microsoft
785 * @remarks A buffer is allocated which contains the SID representing the
786 * supplied account. This buffer should be freed when it is no longer
787 * needed by calling\n
788 * HeapFree(GetProcessHeap(), 0, buffer)
789 * @remarks Call GetLastError() to obtain extended error information.
790 * @see http://support.microsoft.com/?scid=kb;en-us;132958
792 BOOL _GetAccountSid(LPCTSTR SystemName, LPCTSTR AccountName, PSID * Sid)
794 LPTSTR ReferencedDomain = NULL;
795 DWORD cbSid = 128; /* initial allocation attempt */
796 DWORD cchReferencedDomain = 16; /* initial allocation size */
798 BOOL bSuccess = FALSE; /* assume this function will fail */
800 /* initial memory allocations */
801 if ((*Sid = HeapAlloc (GetProcessHeap (), 0, cbSid)) == NULL)
804 if ((ReferencedDomain = (LPTSTR) HeapAlloc (GetProcessHeap (),
806 cchReferencedDomain *
807 sizeof (TCHAR))) == NULL)
810 /* Obtain the SID of the specified account on the specified system. */
811 while (!GNLookupAccountName(SystemName, /* machine to lookup account on */
812 AccountName, /* account to lookup */
813 *Sid, /* SID of interest */
814 &cbSid, /* size of SID */
815 ReferencedDomain, /* domain account was found on */
816 &cchReferencedDomain, &peUse))
818 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
820 /* reallocate memory */
821 if ((*Sid = HeapReAlloc (GetProcessHeap (), 0, *Sid, cbSid)) == NULL)
824 if ((ReferencedDomain = (LPTSTR) HeapReAlloc (GetProcessHeap (),
828 * sizeof (TCHAR))) == NULL)
835 /* Indicate success. */
839 /* Cleanup and indicate failure, if appropriate. */
840 HeapFree (GetProcessHeap (), 0, ReferencedDomain);
846 HeapFree (GetProcessHeap (), 0, *Sid);
855 * @author Scott Field, Microsoft
856 * @see http://support.microsoft.com/?scid=kb;en-us;132958
859 NTSTATUS _SetPrivilegeOnAccount(LSA_HANDLE PolicyHandle,/* open policy handle */
860 PSID AccountSid, /* SID to grant privilege to */
861 LPWSTR PrivilegeName, /* privilege to grant (Unicode) */
862 BOOL bEnable /* enable or disable */
865 LSA_UNICODE_STRING PrivilegeString;
867 /* Create a LSA_UNICODE_STRING for the privilege name. */
868 _InitLsaString(&PrivilegeString, PrivilegeName);
870 /* grant or revoke the privilege, accordingly */
875 i = GNLsaAddAccountRights(PolicyHandle, /* open policy handle */
876 AccountSid, /* target SID */
877 &PrivilegeString, /* privileges */
878 1 /* privilege count */
883 return GNLsaRemoveAccountRights(PolicyHandle, /* open policy handle */
884 AccountSid, /* target SID */
885 FALSE, /* do not disable all rights */
886 &PrivilegeString, /* privileges */
887 1 /* privilege count */
893 * @brief Create a Windows service account
894 * @return 0 on success, > 0 otherwise
895 * @param pszName the name of the account
896 * @param pszDesc description of the account
898 int CreateServiceAccount(const char *pszName, const char *pszDesc)
902 NET_API_STATUS nStatus;
903 wchar_t wszName[MAX_NAME_LENGTH], wszDesc[MAX_NAME_LENGTH];
910 mbstowcs(wszName, pszName, strlen(pszName) + 1);
911 mbstowcs(wszDesc, pszDesc, strlen(pszDesc) + 1);
913 memset(&ui, 0, sizeof(ui));
914 ui.usri1_name = wszName;
915 ui.usri1_password = wszName; /* account is locked anyway */
916 ui.usri1_priv = USER_PRIV_USER;
917 ui.usri1_comment = wszDesc;
918 ui.usri1_flags = UF_SCRIPT;
920 nStatus = GNNetUserAdd(NULL, 1, (LPBYTE)&ui, NULL);
922 if (nStatus != NERR_Success && nStatus != NERR_UserExists)
925 ui2.usri1008_flags = UF_PASSWD_CANT_CHANGE | UF_DONT_EXPIRE_PASSWD;
926 GNNetUserSetInfo(NULL, wszName, 1008, (LPBYTE)&ui2, NULL);
928 if (_OpenPolicy(NULL, POLICY_ALL_ACCESS, &hPolicy) !=
932 _GetAccountSid(NULL, (LPCTSTR) pszName, &pSID);
934 if (_SetPrivilegeOnAccount(hPolicy, pSID, (LPWSTR) L"SeServiceLogonRight", TRUE) != STATUS_SUCCESS)
937 _SetPrivilegeOnAccount(hPolicy, pSID, (LPWSTR) L"SeDenyInteractiveLogonRight", TRUE);
938 _SetPrivilegeOnAccount(hPolicy, pSID, (LPWSTR) L"SeDenyBatchLogonRight", TRUE);
939 _SetPrivilegeOnAccount(hPolicy, pSID, (LPWSTR) L"SeDenyNetworkLogonRight", TRUE);
947 * @brief Grant permission to a file
948 * @param lpszFileName the name of the file or directory
949 * @param lpszAccountName the user account
950 * @param dwAccessMask the desired access (e.g. GENERIC_ALL)
951 * @return TRUE on success
952 * @remark based on http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q102102&
954 BOOL AddPathAccessRights(char *lpszFileName, char *lpszAccountName,
958 SID_NAME_USE snuType;
959 TCHAR * szDomain = NULL;
961 LPVOID pUserSID = NULL;
964 /* File SD variables. */
965 PSECURITY_DESCRIPTOR pFileSD = NULL;
968 /* New SD variables. */
969 SECURITY_DESCRIPTOR newSD;
975 ACL_SIZE_INFORMATION AclInfo;
977 /* New ACL variables. */
982 LPVOID pTempAce = NULL;
983 UINT CurrentAceIndex = 0;
985 UINT newAceIndex = 0;
987 /* Assume function will fail. */
988 BOOL fResult = FALSE;
991 SECURITY_INFORMATION secInfo = DACL_SECURITY_INFORMATION;
994 * STEP 1: Get SID of the account name specified.
996 fAPISuccess = GNLookupAccountName(NULL, (LPCTSTR) lpszAccountName,
997 pUserSID, &cbUserSID, (LPTSTR) szDomain, &cbDomain, &snuType);
999 /* API should have failed with insufficient buffer. */
1002 else if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
1006 pUserSID = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbUserSID);
1011 szDomain = (TCHAR *) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbDomain * sizeof(TCHAR));
1016 fAPISuccess = GNLookupAccountName(NULL, (LPCTSTR) lpszAccountName,
1017 pUserSID, &cbUserSID, (LPTSTR) szDomain, &cbDomain, &snuType);
1023 * STEP 2: Get security descriptor (SD) of the file specified.
1025 fAPISuccess = GNGetFileSecurity((LPCTSTR) lpszFileName,
1026 secInfo, pFileSD, 0, &cbFileSD);
1028 /* API should have failed with insufficient buffer. */
1031 else if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
1035 pFileSD = (PSECURITY_DESCRIPTOR) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
1041 fAPISuccess = GNGetFileSecurity((LPCTSTR) lpszFileName,
1042 secInfo, pFileSD, cbFileSD, &cbFileSD);
1048 * STEP 3: Initialize new SD.
1050 if (!GNInitializeSecurityDescriptor(&newSD,
1051 SECURITY_DESCRIPTOR_REVISION)) {
1056 * STEP 4: Get DACL from the old SD.
1058 if (!GNGetSecurityDescriptorDacl(pFileSD, &fDaclPresent, &pACL,
1064 * STEP 5: Get size information for DACL.
1066 AclInfo.AceCount = 0; // Assume NULL DACL.
1067 AclInfo.AclBytesFree = 0;
1068 AclInfo.AclBytesInUse = sizeof(ACL);
1071 fDaclPresent = FALSE;
1073 /* If not NULL DACL, gather size information from DACL. */
1076 if (!GNGetAclInformation(pACL, &AclInfo,
1077 sizeof(ACL_SIZE_INFORMATION), AclSizeInformation)) {
1083 * STEP 6: Compute size needed for the new ACL.
1085 cbNewACL = AclInfo.AclBytesInUse + sizeof(ACCESS_ALLOWED_ACE)
1086 + GetLengthSid(pUserSID) - sizeof(DWORD);
1089 * STEP 7: Allocate memory for new ACL.
1091 pNewACL = (PACL) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbNewACL);
1097 * STEP 8: Initialize the new ACL.
1099 if (!GNInitializeAcl(pNewACL, cbNewACL, ACL_REVISION2)) {
1104 * STEP 9 If DACL is present, copy all the ACEs from the old DACL
1107 * The following code assumes that the old DACL is
1108 * already in Windows 2000 preferred order. To conform
1109 * to the new Windows 2000 preferred order, first we will
1110 * copy all non-inherited ACEs from the old DACL to the
1111 * new DACL, irrespective of the ACE type.
1116 if (fDaclPresent && AclInfo.AceCount) {
1118 for (CurrentAceIndex = 0;
1119 CurrentAceIndex < AclInfo.AceCount;
1120 CurrentAceIndex++) {
1123 * TEP 10: Get an ACE.
1125 if (!GNGetAce(pACL, CurrentAceIndex, &pTempAce)) {
1130 * STEP 11: Check if it is a non-inherited ACE.
1131 * If it is an inherited ACE, break from the loop so
1132 * that the new access allowed non-inherited ACE can
1133 * be added in the correct position, immediately after
1134 * all non-inherited ACEs.
1136 if (((ACCESS_ALLOWED_ACE *)pTempAce)->Header.AceFlags
1141 * STEP 12: Skip adding the ACE, if the SID matches
1142 * with the account specified, as we are going to
1143 * add an access allowed ACE with a different access
1146 if (GNEqualSid(pUserSID,
1147 &(((ACCESS_ALLOWED_ACE *)pTempAce)->SidStart)))
1151 * STEP 13: Add the ACE to the new ACL.
1153 if (!GNAddAce(pNewACL, ACL_REVISION, MAXDWORD, pTempAce,
1154 ((PACE_HEADER) pTempAce)->AceSize)) {
1163 * STEP 14: Add the access-allowed ACE to the new DACL.
1164 * The new ACE added here will be in the correct position,
1165 * immediately after all existing non-inherited ACEs.
1167 if (!GNAddAccessAllowedAce(pNewACL, ACL_REVISION2, dwAccessMask,
1173 * STEP 14.5: Make new ACE inheritable
1175 if (!GetAce(pNewACL, newAceIndex, &pTempAce))
1177 ((ACCESS_ALLOWED_ACE *)pTempAce)->Header.AceFlags |=
1178 (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE);
1181 * STEP 15: To conform to the new Windows 2000 preferred order,
1182 * we will now copy the rest of inherited ACEs from the
1183 * old DACL to the new DACL.
1185 if (fDaclPresent && AclInfo.AceCount) {
1188 CurrentAceIndex < AclInfo.AceCount;
1189 CurrentAceIndex++) {
1192 * STEP 16: Get an ACE.
1194 if (!GNGetAce(pACL, CurrentAceIndex, &pTempAce)) {
1199 * STEP 17: Add the ACE to the new ACL.
1201 if (!GNAddAce(pNewACL, ACL_REVISION, MAXDWORD, pTempAce,
1202 ((PACE_HEADER) pTempAce)->AceSize)) {
1209 * STEP 18: Set permissions
1211 if (GNSetNamedSecurityInfo((LPTSTR) lpszFileName, SE_FILE_OBJECT,
1212 DACL_SECURITY_INFORMATION, NULL, NULL, pNewACL, NULL) != ERROR_SUCCESS) {
1221 * STEP 19: Free allocated memory
1224 HeapFree(GetProcessHeap(), 0, pUserSID);
1227 HeapFree(GetProcessHeap(), 0, szDomain);
1230 HeapFree(GetProcessHeap(), 0, pFileSD);
1233 HeapFree(GetProcessHeap(), 0, pNewACL);
1238 char *winErrorStr(const char *prefix, int dwErr)
1243 if (! FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
1244 NULL, (DWORD) dwErr, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &err,
1247 err = (char *) LocalAlloc (LMEM_FIXED | LMEM_ZEROINIT, 1);
1250 mem = strlen(err) + strlen(prefix) + 20;
1251 ret = (char *) malloc(mem);
1253 snprintf(ret, mem, "%s: %s (#%u)", prefix, err, dwErr);
1261 * Terminate a process by creating a remote thread within it,
1262 * which proceeds to call ExitProcess() inside that process.
1263 * Safer than TerminateProcess ().
1265 * Code is from From http://private-storm.de/2009/08/11/case-terminateprocess/
1267 * @param hProcess handle of a process to terminate
1268 * @param uExitCode exit code to use for ExitProcess()
1269 * @param dwTimeout number of ms to wait for the process to terminate
1270 * @return TRUE on success, FALSE on failure (check last error for the code)
1273 SafeTerminateProcess (HANDLE hProcess, UINT uExitCode, DWORD dwTimeout)
1275 DWORD dwTID, dwCode, dwErr = 0;
1276 HANDLE hProcessDup = INVALID_HANDLE_VALUE;
1278 HINSTANCE hKernel = GetModuleHandle ("Kernel32");
1279 BOOL bSuccess = FALSE;
1281 BOOL bDup = DuplicateHandle (GetCurrentProcess (), hProcess,
1282 GetCurrentProcess (), &hProcessDup, PROCESS_ALL_ACCESS,
1285 /* Detect the special case where the process is
1288 if (GetExitCodeProcess (bDup ? hProcessDup : hProcess, &dwCode) &&
1289 (STILL_ACTIVE == dwCode))
1291 FARPROC pfnExitProc;
1293 pfnExitProc = GetProcAddress (hKernel, "ExitProcess");
1295 hRT = CreateRemoteThread ((bDup) ? hProcessDup : hProcess, NULL, 0,
1296 (LPTHREAD_START_ROUTINE) pfnExitProc, (PVOID) uExitCode, 0, &dwTID);
1298 dwErr = GetLastError ();
1302 dwErr = ERROR_PROCESS_ABORTED;
1307 /* Must wait process to terminate to
1308 * guarantee that it has exited...
1310 DWORD dwWaitResult = WaitForSingleObject ((bDup) ? hProcessDup : hProcess,
1312 if (dwWaitResult == WAIT_TIMEOUT)
1313 dwErr = WAIT_TIMEOUT;
1315 dwErr = GetLastError ();
1318 bSuccess = dwErr == NO_ERROR;
1322 CloseHandle (hProcessDup);
1324 SetLastError (dwErr);
projects / oweals / gnunet.git / blob