|
|
#include <windows.h>
#include <shlwapi.h>
#include <tchar.h>
#include <winhttp.h>
#include "iucommon.h"
#include "logging.h"
#include "download.h"
#include "dlutil.h"
#include "malloc.h"
#include "wusafefn.h"
///////////////////////////////////////////////////////////////////////////////
//
typedef BOOL (WINAPI *pfn_OpenProcessToken)(HANDLE, DWORD, PHANDLE);typedef BOOL (WINAPI *pfn_OpenThreadToken)(HANDLE, DWORD, BOOL, PHANDLE);typedef BOOL (WINAPI *pfn_SetThreadToken)(PHANDLE, HANDLE);typedef BOOL (WINAPI *pfn_GetTokenInformation)(HANDLE, TOKEN_INFORMATION_CLASS, LPVOID, DWORD, PDWORD);typedef BOOL (WINAPI *pfn_IsValidSid)(PSID);typedef BOOL (WINAPI *pfn_AllocateAndInitializeSid)(PSID_IDENTIFIER_AUTHORITY, BYTE, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD, PSID);typedef BOOL (WINAPI *pfn_EqualSid)(PSID, PSID);typedef PVOID (WINAPI *pfn_FreeSid)(PSID);
const TCHAR c_szRPWU[] = _T("Software\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate");const TCHAR c_szRVTransport[] = _T("DownloadTransport");const TCHAR c_szAdvapi32[] = _T("advapi32.dll");
// ***************************************************************************
staticBOOL AmIPrivileged(void){ LOG_Block("AmINotPrivileged()");
pfn_AllocateAndInitializeSid pfnAllocateAndInitializeSid = NULL; pfn_GetTokenInformation pfnGetTokenInformation = NULL; pfn_OpenProcessToken pfnOpenProcessToken = NULL; pfn_OpenThreadToken pfnOpenThreadToken = NULL; pfn_SetThreadToken pfnSetThreadToken = NULL; pfn_IsValidSid pfnIsValidSid = NULL; pfn_EqualSid pfnEqualSid = NULL; pfn_FreeSid pfnFreeSid = NULL; HMODULE hmod = NULL; SID_IDENTIFIER_AUTHORITY siaNT = SECURITY_NT_AUTHORITY; TOKEN_USER *ptu = NULL; HANDLE hToken = NULL, hTokenImp = NULL; DWORD cb, cbGot, i; PSID psid = NULL; BOOL fRet = FALSE;
DWORD rgRIDs[3] = { SECURITY_LOCAL_SYSTEM_RID, SECURITY_LOCAL_SERVICE_RID, SECURITY_NETWORK_SERVICE_RID };
hmod = LoadLibraryFromSystemDir(c_szAdvapi32); if (hmod == NULL) goto done;
pfnAllocateAndInitializeSid = (pfn_AllocateAndInitializeSid)GetProcAddress(hmod, "AllocateAndInitializeSid"); pfnGetTokenInformation = (pfn_GetTokenInformation)GetProcAddress(hmod, "GetTokenInformation"); pfnOpenProcessToken = (pfn_OpenProcessToken)GetProcAddress(hmod, "OpenProcessToken"); pfnOpenThreadToken = (pfn_OpenThreadToken)GetProcAddress(hmod, "OpenThreadToken"); pfnSetThreadToken = (pfn_SetThreadToken)GetProcAddress(hmod, "SetThreadToken"); pfnIsValidSid = (pfn_IsValidSid)GetProcAddress(hmod, "IsValidSid"); pfnEqualSid = (pfn_EqualSid)GetProcAddress(hmod, "EqualSid"); pfnFreeSid = (pfn_FreeSid)GetProcAddress(hmod, "FreeSid"); if (pfnAllocateAndInitializeSid == NULL || pfnGetTokenInformation == NULL || pfnOpenProcessToken == NULL || pfnOpenThreadToken == NULL || pfnSetThreadToken == NULL || pfnIsValidSid == NULL || pfnEqualSid == NULL || pfnFreeSid == NULL) { SetLastError(ERROR_PROC_NOT_FOUND); goto done; }
// need the process token
fRet = (*pfnOpenProcessToken)(GetCurrentProcess(), TOKEN_READ, &hToken); if (fRet == FALSE) { if (GetLastError() == ERROR_ACCESS_DENIED) { fRet = (*pfnOpenThreadToken)(GetCurrentThread(), TOKEN_READ | TOKEN_IMPERSONATE, TRUE, &hTokenImp); if (fRet == FALSE) goto done;
fRet = (*pfnSetThreadToken)(NULL, NULL);
fRet = (*pfnOpenProcessToken)(GetCurrentProcess(), TOKEN_READ, &hToken); if ((*pfnSetThreadToken)(NULL, hTokenImp) == FALSE) fRet = FALSE; }
if (fRet == FALSE) goto done; }
// need the SID from the token
fRet = (*pfnGetTokenInformation)(hToken, TokenUser, NULL, 0, &cb); if (fRet != FALSE && GetLastError() != ERROR_INSUFFICIENT_BUFFER) { fRet = FALSE; goto done; }
ptu = (TOKEN_USER *)HeapAlloc(GetProcessHeap(), 0, cb); if (ptu == NULL) { SetLastError(ERROR_OUTOFMEMORY); fRet = FALSE; goto done; }
fRet = (*pfnGetTokenInformation)(hToken, TokenUser, (LPVOID)ptu, cb, &cbGot); if (fRet == FALSE) goto done;
fRet = (*pfnIsValidSid)(ptu->User.Sid); if (fRet == FALSE) goto done;
// loop thru & check against the SIDs we are interested in
for (i = 0; i < 3; i++) { fRet = (*pfnAllocateAndInitializeSid)(&siaNT, 1, rgRIDs[i], 0, 0, 0, 0, 0, 0, 0, &psid); if (fRet == FALSE) goto done;
fRet = (*pfnIsValidSid)(psid); if (fRet == FALSE) goto done;
// if we get a SID match, then return TRUE
fRet = (*pfnEqualSid)(psid, ptu->User.Sid); (*pfnFreeSid)(psid); psid = NULL; if (fRet) { fRet = TRUE; goto done; } }
// only way to get here is to fail all the SID checks above. So we ain't
// privileged. Yeehaw.
fRet = FALSE; done: // if we had an impersonation token on the thread, put it back in place.
if (ptu != NULL) HeapFree(GetProcessHeap(), 0, ptu); if (hToken != NULL) CloseHandle(hToken); if (hTokenImp != NULL) CloseHandle(hTokenImp); if (psid != NULL && pfnFreeSid != NULL) (*pfnFreeSid)(psid); if (hmod != NULL) FreeLibrary(hmod);
return fRet;}
#if defined(DEBUG) || defined(DBG)
// **************************************************************************
staticBOOL CheckDebugRegKey(DWORD *pdwAllowed){ LOG_Block("CheckDebugRegKey()");
DWORD dw, dwType, dwValue, cb; HKEY hkey = NULL; BOOL fRet = FALSE;
// explictly do not initialize *pdwAllowed. We only want it overwritten
// if the reg key is properly set
dw = RegOpenKeyEx(HKEY_LOCAL_MACHINE, c_szRPWU, 0, KEY_READ, &hkey); if (dw != ERROR_SUCCESS) goto done;
cb = sizeof(dwValue); dw = RegQueryValueEx(hkey, c_szRVTransport, 0, &dwType, (LPBYTE)&dwValue, &cb); if (dw != ERROR_SUCCESS) goto done;
// set this to 3 so we'll fall down into the error case below
if (dwType != REG_DWORD) dwValue = 3; fRet = TRUE;
switch(dwValue) { case 0: *pdwAllowed = 0; break;
case 1: *pdwAllowed = WUDF_ALLOWWINHTTPONLY; break;
case 2: *pdwAllowed = WUDF_ALLOWWININETONLY; break;
default: LOG_Internet(_T("Bad reg value in DownloadTransport. Ignoring.")); fRet = FALSE; break; }
done: if (hkey != NULL) RegCloseKey(hkey);
return fRet;}
#endif
// **************************************************************************
DWORD GetAllowedDownloadTransport(DWORD dwFlagsInitial){ DWORD dwFlags = (dwFlagsInitial & WUDF_TRANSPORTMASK);
#if defined(UNICODE)
// don't bother checking if we're local system if we're already using
// wininet
if ((dwFlags & WUDF_ALLOWWININETONLY) == 0) { if (AmIPrivileged() == FALSE) dwFlags = WUDF_ALLOWWININETONLY; }
#if defined(DEBUG) || defined(DBG)
CheckDebugRegKey(&dwFlags);#endif // defined(DEBUG) || defined(DBG)
#else // defined(UNICODE)
// only allow wininet on ANSI
dwFlags = WUDF_ALLOWWININETONLY;
#endif // defined(UNICODE)
return (dwFlags | (dwFlagsInitial & ~WUDF_TRANSPORTMASK));}
///////////////////////////////////////////////////////////////////////////////
//
// **************************************************************************
static inlineBOOL IsServerFileDifferentWorker(FILETIME &ftServerTime, DWORD dwServerFileSize, HANDLE hFile){ LOG_Block("IsServerFileNewerWorker()");
FILETIME ftCreateTime; DWORD cbLocalFile;
// By default, always return TRUE so we can download a new file..
BOOL fRet = TRUE;
// if we don't have a valid file handle, just return TRUE to download a
// new copy
if (hFile == INVALID_HANDLE_VALUE) goto done;
cbLocalFile = GetFileSize(hFile, NULL);
LOG_Internet(_T("IsServerFileNewer: Local size: %d. Remote size: %d"), cbLocalFile, dwServerFileSize);
// if the sizes are not equal, then return TRUE
if (cbLocalFile != dwServerFileSize) goto done;
if (GetFileTime(hFile, &ftCreateTime, NULL, NULL)) { LOG_Internet(_T("IsServerFileNewer: Local time: %x%0x. Remote time: %x%0x."), ftCreateTime.dwHighDateTime, ftCreateTime.dwLowDateTime, ftServerTime.dwHighDateTime, ftServerTime.dwLowDateTime);
// if the local file has a different timestamp, then return TRUE.
fRet = (CompareFileTime(&ftCreateTime, &ftServerTime) != 0); }
done: return fRet;}
// **************************************************************************
BOOL IsServerFileDifferentW(FILETIME &ftServerTime, DWORD dwServerFileSize, LPCWSTR wszLocalFile){ LOG_Block("IsServerFileDifferentW()");
HANDLE hFile = INVALID_HANDLE_VALUE; BOOL fRet = TRUE;
// if we have an error opening the file, just return TRUE to download a
// new copy
hFile = CreateFileW(wszLocalFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile == INVALID_HANDLE_VALUE) { LOG_Internet(_T("IsServerFileDifferent: %ls does not exist."), wszLocalFile); return TRUE; } else { fRet = IsServerFileDifferentWorker(ftServerTime, dwServerFileSize, hFile); CloseHandle(hFile); return fRet; }}
// **************************************************************************
BOOL IsServerFileDifferentA(FILETIME &ftServerTime, DWORD dwServerFileSize, LPCSTR szLocalFile){ LOG_Block("IsServerFileDifferentA()");
HANDLE hFile = INVALID_HANDLE_VALUE;
// if we have an error opening the file, just return TRUE to download a
// new copy
hFile = CreateFileA(szLocalFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile == INVALID_HANDLE_VALUE) { LOG_Internet(_T("IsServerFileDifferent: %s does not exist."), szLocalFile); return TRUE; } else { BOOL fRet; fRet = IsServerFileDifferentWorker(ftServerTime, dwServerFileSize, hFile); CloseHandle(hFile); return fRet; }}
// **************************************************************************
// helper function to handle quit events
//
// return TRUE if okay to continue
// return FALSE if we should quit now!
BOOL HandleEvents(HANDLE *phEvents, UINT nEventCount){ LOG_Block("HandleEvents()");
DWORD dwWait;
// is there any events to handle?
if (phEvents == NULL || nEventCount == 0) return TRUE;
// we only want to check the signaled status, so don't bother waiting
dwWait = WaitForMultipleObjects(nEventCount, phEvents, FALSE, 0);
if (dwWait == WAIT_TIMEOUT) { return TRUE; } else { LOG_Internet(_T("HandleEvents: A quit event was signaled. Aborting...")); return FALSE; }}
///////////////////////////////////////////////////////////////////////////////
//
// **************************************************************************
HRESULT PerformDownloadToFile(pfn_ReadDataFromSite pfnRead, HINTERNET hRequest, HANDLE hFile, DWORD cbFile, DWORD cbBuffer, HANDLE *rghEvents, DWORD cEvents, PFNDownloadCallback fpnCallback, LPVOID pCallbackData, DWORD *pcbDownloaded){ LOG_Block("PerformDownloadToFile()");
HRESULT hr = S_OK; PBYTE pbBuffer = NULL; DWORD cbDownloaded = 0, cbRead, cbWritten; LONG lCallbackRequest = 0;
pbBuffer = (PBYTE)HeapAlloc(GetProcessHeap(), 0, cbBuffer); if (pbBuffer == NULL) { hr = E_OUTOFMEMORY; LOG_ErrorMsg(hr); goto done; }
// Download the File
for(;;) { if ((*pfnRead)(hRequest, pbBuffer, cbBuffer, &cbRead) == FALSE) { hr = HRESULT_FROM_WIN32(GetLastError()); if (FAILED(hr)) { LOG_ErrorMsg(hr); goto done; } } if (cbRead == 0) { BYTE bTemp[32]; // Make one final call to WinHttpReadData to commit the file to
// Cache. (the download is not complete otherwise)
(*pfnRead)(hRequest, bTemp, ARRAYSIZE(bTemp), &cbRead); break; } cbDownloaded += cbRead;
if (fpnCallback != NULL) { fpnCallback(pCallbackData, DOWNLOAD_STATUS_OK, cbFile, cbRead, NULL, &lCallbackRequest); if (lCallbackRequest == 4) { // QuitEvent was Signaled.. abort requested. We will do
// another callback and pass the Abort State back
fpnCallback(pCallbackData, DOWNLOAD_STATUS_ABORTED, cbFile, cbRead, NULL, NULL); hr = E_ABORT; // set return result to abort.
goto done; } }
if (WriteFile(hFile, pbBuffer, cbRead, &cbWritten, NULL) == FALSE) { hr = HRESULT_FROM_WIN32(GetLastError()); LOG_ErrorMsg(hr); goto done; }
if (HandleEvents(rghEvents, cEvents) == FALSE) { // we need to quit the download clean up, send abort event and clean up what we've downloaded
if (fpnCallback != NULL) fpnCallback(pCallbackData, DOWNLOAD_STATUS_ABORTED, cbFile, cbRead, NULL, NULL);
hr = E_ABORT; // set return result to abort.
goto done; } }
if (pcbDownloaded != NULL) *pcbDownloaded = cbDownloaded;
done: SafeHeapFree(pbBuffer);
return hr;
}
///////////////////////////////////////////////////////////////////////////////
//
struct MY_OSVERSIONINFOEX{ OSVERSIONINFOEX osvi; LCID lcidCompare;};static MY_OSVERSIONINFOEX g_myosvi;static BOOL g_fInit = FALSE;
// **************************************************************************
// Loads the current OS version info if needed, and returns a pointer to
// a cached copy of it.
const OSVERSIONINFOEX* GetOSVersionInfo(void){ if (g_fInit == FALSE) { OSVERSIONINFOEX* pOSVI = &g_myosvi.osvi; g_myosvi.osvi.dwOSVersionInfoSize = sizeof(g_myosvi.osvi); GetVersionEx((OSVERSIONINFO*)&g_myosvi.osvi);
// WinXP-specific stuff
if ((pOSVI->dwMajorVersion > 5) || (pOSVI->dwMajorVersion == 5 && pOSVI->dwMinorVersion >= 1)) g_myosvi.lcidCompare = LOCALE_INVARIANT; else g_myosvi.lcidCompare = MAKELCID(MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US), SORT_DEFAULT);
g_fInit = TRUE; } return &g_myosvi.osvi;}
// **************************************************************************
// String lengths can be -1 if the strings are null-terminated.
int LangNeutralStrCmpNIA(LPCSTR psz1, int cch1, LPCSTR psz2, int cch2){ if (g_fInit == FALSE) GetOSVersionInfo();
int nCompare = CompareStringA(g_myosvi.lcidCompare, NORM_IGNORECASE, psz1, cch1, psz2, cch2);
return (nCompare - 2); // convert from (1, 2, 3) to (-1, 0, 1)
}
// **************************************************************************
// Finds the first instance of pszSearchFor in pszSearchIn, case-insensitive.
// Returns an index into pszSearchIn if found, or -1 if not.
// You can pass -1 for either or both of the lengths.
int LangNeutralStrStrNIA(LPCSTR pszSearchIn, int cchSearchIn, LPCSTR pszSearchFor, int cchSearchFor){ char chLower, chUpper; if (cchSearchIn == -1) cchSearchIn = lstrlenA(pszSearchIn); if (cchSearchFor == -1) cchSearchFor = lstrlenA(pszSearchFor);
// Note: since this is lang-neutral, we can assume no DBCS search chars
chLower = (char)CharLowerA(MAKEINTRESOURCEA(*pszSearchFor)); chUpper = (char)CharUpperA(MAKEINTRESOURCEA(*pszSearchFor));
// Note: since search-for is lang-neutral, we can ignore any DBCS chars
// in search-in
for (int ichIn = 0; ichIn <= cchSearchIn - cchSearchFor; ichIn++) { if (pszSearchIn[ichIn] == chLower || pszSearchIn[ichIn] == chUpper) { if (LangNeutralStrCmpNIA(pszSearchIn + ichIn + 1, cchSearchFor - 1, pszSearchFor + 1, cchSearchFor - 1) == 0) { return ichIn; } } }
return -1;}
// **************************************************************************
// Opens the given file and looks for "<html" (case-insensitive) within the
// first 200 characters. If there are any binary chars before "<html", the
// file is assumed to *not* be HTML.
// Returns S_OK if so, S_FALSE if not, or an error if file couldn't be opened.
HRESULT IsFileHtml(LPCTSTR pszFileName){ LOG_Block("IsFileHtml()");
HRESULT hr = S_FALSE; LPCSTR pszFile; HANDLE hFile = INVALID_HANDLE_VALUE; HANDLE hMapping = NULL; LPVOID pvMem = NULL; DWORD cbFile;
hFile = CreateFile(pszFileName, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, NULL); if (hFile == INVALID_HANDLE_VALUE) { hr = HRESULT_FROM_WIN32(GetLastError()); LOG_ErrorMsg(hr); goto done; }
cbFile = GetFileSize(hFile, NULL); if (cbFile == 0) goto done;
// Only examine the 1st 200 bytes
if (cbFile > 200) cbFile = 200;
hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, cbFile, NULL); if (hMapping == NULL) { hr = HRESULT_FROM_WIN32(GetLastError()); LOG_ErrorMsg(hr); goto done; }
pvMem = MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, cbFile); if (pvMem == NULL) { hr = HRESULT_FROM_WIN32(GetLastError()); LOG_ErrorMsg(hr); goto done; }
pszFile = (LPCSTR)pvMem; int ichHtml = LangNeutralStrStrNIA(pszFile, cbFile, "<html", 5); if (ichHtml != -1) { // Looks like html...
hr = S_OK;
// Just make sure there aren't any binary chars before the <HTML> tag
for (int ich = 0; ich < ichHtml; ich++) { char ch = pszFile[ich]; if (ch < 32 && ch != '\t' && ch != '\r' && ch != '\n') { // Found a binary character (before <HTML>)
hr = S_FALSE; break; } } }
done: if (pvMem != NULL) UnmapViewOfFile(pvMem); if (hMapping != NULL) CloseHandle(hMapping); if (hFile != INVALID_HANDLE_VALUE) CloseHandle(hFile);
return hr;}
|
