The Tor Browser: toolkit/components/maintenanceservice/serviceinstall.cpp@b8a032363ba2 (annotated)

toolkit/components/maintenanceservice/serviceinstall.cpp@b8a032363ba2 (annotated)

toolkit/components/maintenanceservice/serviceinstall.cpp

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include <windows.h>
 #include <aclapi.h>
 #include <stdlib.h>
 #include <shlwapi.h>
 // Used for DNLEN and UNLEN
 #include <lm.h>
 #include <nsWindowsHelpers.h>
 #include "mozilla/Scoped.h"
 #include "serviceinstall.h"
 #include "servicebase.h"
 #include "updatehelper.h"
 #include "shellapi.h"
 #include "readstrings.h"
 #include "errors.h"
 #pragma comment(lib, "version.lib")
 /**
  * A wrapper function to read strings for the maintenance service.
  *
  * @param path    The path of the ini file to read from
  * @param results The maintenance service strings that were read
  * @return OK on success
 */
 static int
 ReadMaintenanceServiceStrings(LPCWSTR path,
                               MaintenanceServiceStringTable *results)
 {
   // Read in the maintenance service description string if specified.
   const unsigned int kNumStrings = 1;
   const char *kServiceKeys = "MozillaMaintenanceDescription\0";
   char serviceStrings[kNumStrings][MAX_TEXT_LEN];
   int result = ReadStrings(path, kServiceKeys,
                            kNumStrings, serviceStrings);
   if (result != OK) {
     serviceStrings[0][0] = '\0';
   }
   strncpy(results->serviceDescription,
           serviceStrings[0], MAX_TEXT_LEN - 1);
   results->serviceDescription[MAX_TEXT_LEN - 1] = '\0';
   return result;
 }
 /**
  * Obtains the version number from the specified PE file's version information
  * Version Format: A.B.C.D (Example 10.0.0.300)
  *
  * @param  path The path of the file to check the version on
  * @param  A    The first part of the version number
  * @param  B    The second part of the version number
  * @param  C    The third part of the version number
  * @param  D    The fourth part of the version number
  * @return TRUE if successful
  */
 static BOOL
 GetVersionNumberFromPath(LPWSTR path, DWORD &A, DWORD &B,
                          DWORD &C, DWORD &D)
 {
   DWORD fileVersionInfoSize = GetFileVersionInfoSizeW(path, 0);
   mozilla::ScopedDeleteArray<char> fileVersionInfo(new char[fileVersionInfoSize]);
   if (!GetFileVersionInfoW(path, 0, fileVersionInfoSize,
                            fileVersionInfo.get())) {
       LOG_WARN(("Could not obtain file info of old service.  (%d)",
                 GetLastError()));
       return FALSE;
   }
   VS_FIXEDFILEINFO *fixedFileInfo =
     reinterpret_cast<VS_FIXEDFILEINFO *>(fileVersionInfo.get());
   UINT size;
   if (!VerQueryValueW(fileVersionInfo.get(), L"\\",
     reinterpret_cast<LPVOID*>(&fixedFileInfo), &size)) {
       LOG_WARN(("Could not query file version info of old service.  (%d)",
                 GetLastError()));
       return FALSE;
   }
   A = HIWORD(fixedFileInfo->dwFileVersionMS);
   B = LOWORD(fixedFileInfo->dwFileVersionMS);
   C = HIWORD(fixedFileInfo->dwFileVersionLS);
   D = LOWORD(fixedFileInfo->dwFileVersionLS);
   return TRUE;
 }
 /**
  * Updates the service description with what is stored in updater.ini
  * at the same path as the currently executing module binary.
  *
  * @param serviceHandle A handle to an opened service with
  *                      SERVICE_CHANGE_CONFIG access right
  * @param TRUE on succcess.
 */
 BOOL
 UpdateServiceDescription(SC_HANDLE serviceHandle)
 {
   WCHAR updaterINIPath[MAX_PATH + 1];
   if (!GetModuleFileNameW(nullptr, updaterINIPath,
                           sizeof(updaterINIPath) /
                           sizeof(updaterINIPath[0]))) {
     LOG_WARN(("Could not obtain module filename when attempting to "
               "modify service description.  (%d)", GetLastError()));
     return FALSE;
   }
   if (!PathRemoveFileSpecW(updaterINIPath)) {
     LOG_WARN(("Could not remove file spec when attempting to "
               "modify service description.  (%d)", GetLastError()));
     return FALSE;
   }
   if (!PathAppendSafe(updaterINIPath, L"updater.ini")) {
     LOG_WARN(("Could not append updater.ini filename when attempting to "
               "modify service description.  (%d)", GetLastError()));
     return FALSE;
   }
   if (GetFileAttributesW(updaterINIPath) == INVALID_FILE_ATTRIBUTES) {
     LOG_WARN(("updater.ini file does not exist, will not modify "
               "service description.  (%d)", GetLastError()));
     return FALSE;
   }
   MaintenanceServiceStringTable serviceStrings;
   int rv = ReadMaintenanceServiceStrings(updaterINIPath, &serviceStrings);
   if (rv != OK || !strlen(serviceStrings.serviceDescription)) {
     LOG_WARN(("updater.ini file does not contain a maintenance "
               "service description."));
     return FALSE;
   }
   WCHAR serviceDescription[MAX_TEXT_LEN];
   if (!MultiByteToWideChar(CP_UTF8, 0,
                            serviceStrings.serviceDescription, -1,
                            serviceDescription,
                            sizeof(serviceDescription) /
                            sizeof(serviceDescription[0]))) {
     LOG_WARN(("Could not convert description to wide string format.  (%d)",
               GetLastError()));
     return FALSE;
   }
   SERVICE_DESCRIPTIONW descriptionConfig;
   descriptionConfig.lpDescription = serviceDescription;
   if (!ChangeServiceConfig2W(serviceHandle,
                              SERVICE_CONFIG_DESCRIPTION,
                              &descriptionConfig)) {
     LOG_WARN(("Could not change service config.  (%d)", GetLastError()));
     return FALSE;
   }
   LOG(("The service description was updated successfully."));
   return TRUE;
 }
 /**
  * Determines if the MozillaMaintenance service path needs to be updated
  * and fixes it if it is wrong.
  *
  * @param service             A handle to the service to fix.
  * @param currentServicePath  The current (possibly wrong) path that is used.
  * @param servicePathWasWrong Out parameter set to TRUE if a fix was needed.
  * @return TRUE if the service path is now correct.
 */
 BOOL
 FixServicePath(SC_HANDLE service,
                LPCWSTR currentServicePath,
                BOOL &servicePathWasWrong)
 {
   // When we originally upgraded the MozillaMaintenance service we
   // would uninstall the service on each upgrade.  This had an
   // intermittent error which could cause the service to use the file
   // maintenanceservice_tmp.exe as the install path.  Only a small number
   // of Nightly users would be affected by this, but we check for this
   // state here and fix the user if they are affected.
   //
   // We also fix the path in the case of the path not being quoted.
   size_t currentServicePathLen = wcslen(currentServicePath);
   bool doesServiceHaveCorrectPath =
     currentServicePathLen > 2 &&
     !wcsstr(currentServicePath, L"maintenanceservice_tmp.exe") &&
     currentServicePath[0] == L'\"' &&
     currentServicePath[currentServicePathLen - 1] == L'\"';
   if (doesServiceHaveCorrectPath) {
     LOG(("The MozillaMaintenance service path is correct."));
     servicePathWasWrong = FALSE;
     return TRUE;
   }
   // This is a recoverable situation so not logging as a warning
   LOG(("The MozillaMaintenance path is NOT correct. It was: %ls",
        currentServicePath));
   servicePathWasWrong = TRUE;
   WCHAR fixedPath[MAX_PATH + 1] = { L'\0' };
   wcsncpy(fixedPath, currentServicePath, MAX_PATH);
   PathUnquoteSpacesW(fixedPath);
   if (!PathRemoveFileSpecW(fixedPath)) {
     LOG_WARN(("Couldn't remove file spec.  (%d)", GetLastError()));
     return FALSE;
   }
   if (!PathAppendSafe(fixedPath, L"maintenanceservice.exe")) {
     LOG_WARN(("Couldn't append file spec.  (%d)", GetLastError()));
     return FALSE;
   }
   PathQuoteSpacesW(fixedPath);
   if (!ChangeServiceConfigW(service, SERVICE_NO_CHANGE, SERVICE_NO_CHANGE,
                             SERVICE_NO_CHANGE, fixedPath, nullptr, nullptr,
                             nullptr, nullptr, nullptr, nullptr)) {
     LOG_WARN(("Could not fix service path.  (%d)", GetLastError()));
     return FALSE;
   }
   LOG(("Fixed service path to: %ls.", fixedPath));
   return TRUE;
 }
 /**
  * Installs or upgrades the SVC_NAME service.
  * If an existing service is already installed, we replace it with the
  * currently running process.
  *
  * @param  action The action to perform.
  * @return TRUE if the service was installed/upgraded
  */
 BOOL
 SvcInstall(SvcInstallAction action)
 {
   // Get a handle to the local computer SCM database with full access rights.
   nsAutoServiceHandle schSCManager(OpenSCManager(nullptr, nullptr,
                                                  SC_MANAGER_ALL_ACCESS));
   if (!schSCManager) {
     LOG_WARN(("Could not open service manager.  (%d)", GetLastError()));
     return FALSE;
   }
   WCHAR newServiceBinaryPath[MAX_PATH + 1];
   if (!GetModuleFileNameW(nullptr, newServiceBinaryPath,
                           sizeof(newServiceBinaryPath) /
                           sizeof(newServiceBinaryPath[0]))) {
     LOG_WARN(("Could not obtain module filename when attempting to "
               "install service.  (%d)",
               GetLastError()));
     return FALSE;
   }
   // Check if we already have the service installed.
   nsAutoServiceHandle schService(OpenServiceW(schSCManager,
                                               SVC_NAME,
                                               SERVICE_ALL_ACCESS));
   DWORD lastError = GetLastError();
   if (!schService && ERROR_SERVICE_DOES_NOT_EXIST != lastError) {
     // The service exists but we couldn't open it
     LOG_WARN(("Could not open service.  (%d)", GetLastError()));
     return FALSE;
   }
   if (schService) {
     // The service exists but it may not have the correct permissions.
     // This could happen if the permissions were not set correctly originally
     // or have been changed after the installation.  This will reset the
     // permissions back to allow limited user accounts.
     if (!SetUserAccessServiceDACL(schService)) {
       LOG_WARN(("Could not reset security ACE on service handle. It might not be "
                 "possible to start the service. This error should never "
                 "happen.  (%d)", GetLastError()));
     }
     // The service exists and we opened it
     DWORD bytesNeeded;
     if (!QueryServiceConfigW(schService, nullptr, 0, &bytesNeeded) &&
         GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
       LOG_WARN(("Could not determine buffer size for query service config.  (%d)",
                 GetLastError()));
       return FALSE;
     }
     // Get the service config information, in particular we want the binary
     // path of the service.
     mozilla::ScopedDeleteArray<char> serviceConfigBuffer(new char[bytesNeeded]);
     if (!QueryServiceConfigW(schService,
         reinterpret_cast<QUERY_SERVICE_CONFIGW*>(serviceConfigBuffer.get()),
         bytesNeeded, &bytesNeeded)) {
       LOG_WARN(("Could open service but could not query service config.  (%d)",
                 GetLastError()));
       return FALSE;
     }
     QUERY_SERVICE_CONFIGW &serviceConfig =
       *reinterpret_cast<QUERY_SERVICE_CONFIGW*>(serviceConfigBuffer.get());
     // Check if we need to fix the service path
     BOOL servicePathWasWrong;
     static BOOL alreadyCheckedFixServicePath = FALSE;
     if (!alreadyCheckedFixServicePath) {
       if (!FixServicePath(schService, serviceConfig.lpBinaryPathName,
                           servicePathWasWrong)) {
         LOG_WARN(("Could not fix service path. This should never happen.  (%d)",
                   GetLastError()));
         // True is returned because the service is pointing to
         // maintenanceservice_tmp.exe so it actually was upgraded to the
         // newest installed service.
         return TRUE;
       } else if (servicePathWasWrong) {
         // Now that the path is fixed we should re-attempt the install.
         // This current process' image path is maintenanceservice_tmp.exe.
         // The service used to point to maintenanceservice_tmp.exe.
         // The service was just fixed to point to maintenanceservice.exe.
         // Re-attempting an install from scratch will work as normal.
         alreadyCheckedFixServicePath = TRUE;
         LOG(("Restarting install action: %d", action));
         return SvcInstall(action);
       }
     }
     // Ensure the service path is not quoted. We own this memory and know it to
     // be large enough for the quoted path, so it is large enough for the
     // unquoted path.  This function cannot fail.
     PathUnquoteSpacesW(serviceConfig.lpBinaryPathName);
     // Obtain the existing maintenanceservice file's version number and
     // the new file's version number.  Versions are in the format of
     // A.B.C.D.
     DWORD existingA, existingB, existingC, existingD;
     DWORD newA, newB, newC, newD;
     BOOL obtainedExistingVersionInfo =
       GetVersionNumberFromPath(serviceConfig.lpBinaryPathName,
                                existingA, existingB,
                                existingC, existingD);
     if (!GetVersionNumberFromPath(newServiceBinaryPath, newA,
                                  newB, newC, newD)) {
       LOG_WARN(("Could not obtain version number from new path"));
       return FALSE;
     }
     // Check if we need to replace the old binary with the new one
     // If we couldn't get the old version info then we assume we should
     // replace it.
     if (ForceInstallSvc == action ||
         !obtainedExistingVersionInfo ||
         (existingA < newA) ||
         (existingA == newA && existingB < newB) ||
         (existingA == newA && existingB == newB &&
          existingC < newC) ||
         (existingA == newA && existingB == newB &&
          existingC == newC && existingD < newD)) {
       // We have a newer updater, so update the description from the INI file.
       UpdateServiceDescription(schService);
       schService.reset();
       if (!StopService()) {
         return FALSE;
       }
       if (!wcscmp(newServiceBinaryPath, serviceConfig.lpBinaryPathName)) {
         LOG(("File is already in the correct location, no action needed for "
              "upgrade.  The path is: \"%ls\"", newServiceBinaryPath));
         return TRUE;
       }
       BOOL result = TRUE;
       // Attempt to copy the new binary over top the existing binary.
       // If there is an error we try to move it out of the way and then
       // copy it in.  First try the safest / easiest way to overwrite the file.
       if (!CopyFileW(newServiceBinaryPath,
                      serviceConfig.lpBinaryPathName, FALSE)) {
         LOG_WARN(("Could not overwrite old service binary file. "
                   "This should never happen, but if it does the next "
                   "upgrade will fix it, the service is not a critical "
                   "component that needs to be installed for upgrades "
                   "to work.  (%d)", GetLastError()));
         // We rename the last 3 filename chars in an unsafe way.  Manually
         // verify there are more than 3 chars for safe failure in MoveFileExW.
         const size_t len = wcslen(serviceConfig.lpBinaryPathName);
         if (len > 3) {
           // Calculate the temp file path that we're moving the file to. This
           // is the same as the proper service path but with a .old extension.
           LPWSTR oldServiceBinaryTempPath =
             new WCHAR[len + 1];
           memset(oldServiceBinaryTempPath, 0, (len + 1) * sizeof (WCHAR));
           wcsncpy(oldServiceBinaryTempPath, serviceConfig.lpBinaryPathName, len);
           // Rename the last 3 chars to 'old'
           wcsncpy(oldServiceBinaryTempPath + len - 3, L"old", 3);
           // Move the current (old) service file to the temp path.
           if (MoveFileExW(serviceConfig.lpBinaryPathName,
                           oldServiceBinaryTempPath,
                           MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH)) {
             // The old binary is moved out of the way, copy in the new one.
             if (!CopyFileW(newServiceBinaryPath,
                            serviceConfig.lpBinaryPathName, FALSE)) {
               // It is best to leave the old service binary in this condition.
               LOG_WARN(("The new service binary could not be copied in."
                         " The service will not be upgraded."));
               result = FALSE;
             } else {
               LOG(("The new service binary was copied in by first moving the"
                    " old one out of the way."));
             }
             // Attempt to get rid of the old service temp path.
             if (DeleteFileW(oldServiceBinaryTempPath)) {
               LOG(("The old temp service path was deleted: %ls.",
                    oldServiceBinaryTempPath));
             } else {
               // The old temp path could not be removed.  It will be removed
               // the next time the user can't copy the binary in or on uninstall.
               LOG_WARN(("The old temp service path was not deleted."));
             }
           } else {
             // It is best to leave the old service binary in this condition.
             LOG_WARN(("Could not move old service file out of the way from:"
                       " \"%ls\" to \"%ls\". Service will not be upgraded.  (%d)",
                       serviceConfig.lpBinaryPathName,
                       oldServiceBinaryTempPath, GetLastError()));
             result = FALSE;
           }
           delete[] oldServiceBinaryTempPath;
         } else {
             // It is best to leave the old service binary in this condition.
             LOG_WARN(("Service binary path was less than 3, service will"
                       " not be updated.  This should never happen."));
             result = FALSE;
         }
       } else {
         LOG(("The new service binary was copied in."));
       }
       // We made a copy of ourselves to the existing location.
       // The tmp file (the process of which we are executing right now) will be
       // left over.  Attempt to delete the file on the next reboot.
       if (MoveFileExW(newServiceBinaryPath, nullptr,
                       MOVEFILE_DELAY_UNTIL_REBOOT)) {
         LOG(("Deleting the old file path on the next reboot: %ls.",
              newServiceBinaryPath));
       } else {
         LOG_WARN(("Call to delete the old file path failed: %ls.",
                   newServiceBinaryPath));
       }
       return result;
     }
     // We don't need to copy ourselves to the existing location.
     // The tmp file (the process of which we are executing right now) will be
     // left over.  Attempt to delete the file on the next reboot.
     MoveFileExW(newServiceBinaryPath, nullptr, MOVEFILE_DELAY_UNTIL_REBOOT);
     // nothing to do, we already have a newer service installed
     return TRUE;
   }
   // If the service does not exist and we are upgrading, don't install it.
   if (UpgradeSvc == action) {
     // The service does not exist and we are upgrading, so don't install it
     return TRUE;
   }
   // Quote the path only if it contains spaces.
   PathQuoteSpacesW(newServiceBinaryPath);
   // The service does not already exist so create the service as on demand
   schService.own(CreateServiceW(schSCManager, SVC_NAME, SVC_DISPLAY_NAME,
                                 SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
                                 SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL,
                                 newServiceBinaryPath, nullptr, nullptr,
                                 nullptr, nullptr, nullptr));
   if (!schService) {
     LOG_WARN(("Could not create Windows service. "
               "This error should never happen since a service install "
               "should only be called when elevated.  (%d)", GetLastError()));
     return FALSE;
   }
   if (!SetUserAccessServiceDACL(schService)) {
     LOG_WARN(("Could not set security ACE on service handle, the service will not "
               "be able to be started from unelevated processes. "
               "This error should never happen.  (%d)",
               GetLastError()));
   }
   UpdateServiceDescription(schService);
   return TRUE;
 }
 /**
  * Stops the Maintenance service.
  *
  * @return TRUE if successful.
  */
 BOOL
 StopService()
 {
   // Get a handle to the local computer SCM database with full access rights.
   nsAutoServiceHandle schSCManager(OpenSCManager(nullptr, nullptr,
                                                  SC_MANAGER_ALL_ACCESS));
   if (!schSCManager) {
     LOG_WARN(("Could not open service manager.  (%d)", GetLastError()));
     return FALSE;
   }
   // Open the service
   nsAutoServiceHandle schService(OpenServiceW(schSCManager, SVC_NAME,
                                               SERVICE_ALL_ACCESS));
   if (!schService) {
     LOG_WARN(("Could not open service.  (%d)", GetLastError()));
     return FALSE;
   }
   LOG(("Sending stop request..."));
   SERVICE_STATUS status;
   SetLastError(ERROR_SUCCESS);
   if (!ControlService(schService, SERVICE_CONTROL_STOP, &status) &&
       GetLastError() != ERROR_SERVICE_NOT_ACTIVE) {
     LOG_WARN(("Error sending stop request.  (%d)", GetLastError()));
   }
   schSCManager.reset();
   schService.reset();
   LOG(("Waiting for service stop..."));
   DWORD lastState = WaitForServiceStop(SVC_NAME, 30);
   // The service can be in a stopped state but the exe still in use
   // so make sure the process is really gone before proceeding
   WaitForProcessExit(L"maintenanceservice.exe", 30);
   LOG(("Done waiting for service stop, last service state: %d", lastState));
   return lastState == SERVICE_STOPPED;
 }
 /**
  * Uninstalls the Maintenance service.
  *
  * @return TRUE if successful.
  */
 BOOL
 SvcUninstall()
 {
   // Get a handle to the local computer SCM database with full access rights.
   nsAutoServiceHandle schSCManager(OpenSCManager(nullptr, nullptr,
                                                  SC_MANAGER_ALL_ACCESS));
   if (!schSCManager) {
     LOG_WARN(("Could not open service manager.  (%d)", GetLastError()));
     return FALSE;
   }
   // Open the service
   nsAutoServiceHandle schService(OpenServiceW(schSCManager, SVC_NAME,
                                               SERVICE_ALL_ACCESS));
   if (!schService) {
     LOG_WARN(("Could not open service.  (%d)", GetLastError()));
     return FALSE;
   }
   //Stop the service so it deletes faster and so the uninstaller
   // can actually delete its EXE.
   DWORD totalWaitTime = 0;
   SERVICE_STATUS status;
   static const int maxWaitTime = 1000 * 60; // Never wait more than a minute
   if (ControlService(schService, SERVICE_CONTROL_STOP, &status)) {
     do {
       Sleep(status.dwWaitHint);
       totalWaitTime += (status.dwWaitHint + 10);
       if (status.dwCurrentState == SERVICE_STOPPED) {
         break;
       } else if (totalWaitTime > maxWaitTime) {
         break;
       }
     } while (QueryServiceStatus(schService, &status));
   }
   // Delete the service or mark it for deletion
   BOOL deleted = DeleteService(schService);
   if (!deleted) {
     deleted = (GetLastError() == ERROR_SERVICE_MARKED_FOR_DELETE);
   }
   return deleted;
 }
 /**
  * Sets the access control list for user access for the specified service.
  *
  * @param  hService The service to set the access control list on
  * @return TRUE if successful
  */
 BOOL
 SetUserAccessServiceDACL(SC_HANDLE hService)
 {
   PACL pNewAcl = nullptr;
   PSECURITY_DESCRIPTOR psd = nullptr;
   DWORD lastError = SetUserAccessServiceDACL(hService, pNewAcl, psd);
   if (pNewAcl) {
     LocalFree((HLOCAL)pNewAcl);
   }
   if (psd) {
     LocalFree((LPVOID)psd);
   }
   return ERROR_SUCCESS == lastError;
 }
 /**
  * Sets the access control list for user access for the specified service.
  *
  * @param  hService  The service to set the access control list on
  * @param  pNewAcl   The out param ACL which should be freed by caller
  * @param  psd       out param security descriptor, should be freed by caller
  * @return ERROR_SUCCESS if successful
  */
 DWORD
 SetUserAccessServiceDACL(SC_HANDLE hService, PACL &pNewAcl,
                          PSECURITY_DESCRIPTOR psd)
 {
   // Get the current security descriptor needed size
   DWORD needed = 0;
   if (!QueryServiceObjectSecurity(hService, DACL_SECURITY_INFORMATION,
                                   &psd, 0, &needed)) {
     if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
       LOG_WARN(("Could not query service object security size.  (%d)",
                 GetLastError()));
       return GetLastError();
     }
     DWORD size = needed;
     psd = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, size);
     if (!psd) {
       LOG_WARN(("Could not allocate security descriptor.  (%d)",
                 GetLastError()));
       return ERROR_INSUFFICIENT_BUFFER;
     }
     // Get the actual security descriptor now
     if (!QueryServiceObjectSecurity(hService, DACL_SECURITY_INFORMATION,
                                     psd, size, &needed)) {
       LOG_WARN(("Could not allocate security descriptor.  (%d)",
                 GetLastError()));
       return GetLastError();
     }
   }
   // Get the current DACL from the security descriptor.
   PACL pacl = nullptr;
   BOOL bDaclPresent = FALSE;
   BOOL bDaclDefaulted = FALSE;
   if ( !GetSecurityDescriptorDacl(psd, &bDaclPresent, &pacl,
                                   &bDaclDefaulted)) {
     LOG_WARN(("Could not obtain DACL.  (%d)", GetLastError()));
     return GetLastError();
   }
   PSID sid;
   DWORD SIDSize = SECURITY_MAX_SID_SIZE;
   sid = LocalAlloc(LMEM_FIXED, SIDSize);
   if (!sid) {
     LOG_WARN(("Could not allocate SID memory.  (%d)", GetLastError()));
     return GetLastError();
   }
   if (!CreateWellKnownSid(WinBuiltinUsersSid, nullptr, sid, &SIDSize)) {
     DWORD lastError = GetLastError();
     LOG_WARN(("Could not create well known SID.  (%d)", lastError));
     LocalFree(sid);
     return lastError;
   }
   // Lookup the account name, the function fails if you don't pass in
   // a buffer for the domain name but it's not used since we're using
   // the built in account Sid.
   SID_NAME_USE accountType;
   WCHAR accountName[UNLEN + 1] = { L'\0' };
   WCHAR domainName[DNLEN + 1] = { L'\0' };
   DWORD accountNameSize = UNLEN + 1;
   DWORD domainNameSize = DNLEN + 1;
   if (!LookupAccountSidW(nullptr, sid, accountName,
                          &accountNameSize,
                          domainName, &domainNameSize, &accountType)) {
     LOG_WARN(("Could not lookup account Sid, will try Users.  (%d)",
               GetLastError()));
     wcsncpy(accountName, L"Users", UNLEN);
   }
   // We already have the group name so we can get rid of the SID
   FreeSid(sid);
   sid = nullptr;
   // Build the ACE, BuildExplicitAccessWithName cannot fail so it is not logged.
   EXPLICIT_ACCESS ea;
   BuildExplicitAccessWithNameW(&ea, accountName,
                               SERVICE_START | SERVICE_STOP | GENERIC_READ,
                               SET_ACCESS, NO_INHERITANCE);
   DWORD lastError = SetEntriesInAclW(1, (PEXPLICIT_ACCESS)&ea, pacl, &pNewAcl);
   if (ERROR_SUCCESS != lastError) {
     LOG_WARN(("Could not set entries in ACL.  (%d)", lastError));
     return lastError;
   }
   // Initialize a new security descriptor.
   SECURITY_DESCRIPTOR sd;
   if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) {
     LOG_WARN(("Could not initialize security descriptor.  (%d)",
               GetLastError()));
     return GetLastError();
   }
   // Set the new DACL in the security descriptor.
   if (!SetSecurityDescriptorDacl(&sd, TRUE, pNewAcl, FALSE)) {
     LOG_WARN(("Could not set security descriptor DACL.  (%d)",
               GetLastError()));
     return GetLastError();
   }
   // Set the new security descriptor for the service object.
   if (!SetServiceObjectSecurity(hService, DACL_SECURITY_INFORMATION, &sd)) {
     LOG_WARN(("Could not set object security.  (%d)",
               GetLastError()));
     return GetLastError();
   }
   // Woohoo, raise the roof
   LOG(("User access was set successfully on the service."));
   return ERROR_SUCCESS;
 }

The Tor Browser / annotate

toolkit/components/maintenanceservice/serviceinstall.cpp@b8a032363ba2 (annotated)

toolkit/components/maintenanceservice/serviceinstall.cpp