diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-03-06 12:30:20 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-03-06 12:30:20 +0100 |
commit | e25ad543952b5afc13181aaebef9c5951fc27be0 (patch) | |
tree | 456a1359b3e5f810319edd423dd5cc5a1e22ada5 /toolkit/mozapps/update/updater/updater.cpp | |
parent | 74533a843277c3687c749989ed1522354d1054d2 (diff) | |
parent | 5dba1ebe8498286762873fff0016f35f3e14d2d5 (diff) | |
download | UXP-2019.03.08.tar UXP-2019.03.08.tar.gz UXP-2019.03.08.tar.lz UXP-2019.03.08.tar.xz UXP-2019.03.08.zip |
Merge branch 'master' into Basilisk-releasev2019.03.08
Diffstat (limited to 'toolkit/mozapps/update/updater/updater.cpp')
-rw-r--r-- | toolkit/mozapps/update/updater/updater.cpp | 281 |
1 files changed, 21 insertions, 260 deletions
diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp index dbf50329c..c0b01bfbc 100644 --- a/toolkit/mozapps/update/updater/updater.cpp +++ b/toolkit/mozapps/update/updater/updater.cpp @@ -119,9 +119,6 @@ struct UpdateServerThreadArgs #endif #ifdef XP_WIN -#ifdef MOZ_MAINTENANCE_SERVICE -#include "registrycertificates.h" -#endif BOOL PathAppendSafe(LPWSTR base, LPCWSTR extra); BOOL PathGetSiblingFilePath(LPWSTR destinationBuffer, LPCWSTR siblingFilePath, @@ -290,7 +287,6 @@ static ArchiveReader gArchiveReader; static bool gSucceeded = false; static bool sStagedUpdate = false; static bool sReplaceRequest = false; -static bool sUsingService = false; static bool sIsOSUpdate = false; #ifdef XP_WIN @@ -1954,8 +1950,7 @@ PatchIfFile::Finish(int status) /** * Launch the post update application (helper.exe). It takes in the path of the - * callback application to calculate the path of helper.exe. For service updates - * this is called from both the system account and the current user account. + * callback application to calculate the path of helper.exe. * * @param installationDir The path to the callback application binary. * @param updateInfoDir The directory where update info is stored. @@ -2024,13 +2019,6 @@ LaunchWinPostProcess(const WCHAR *installationDir, return false; } -#if !defined(TEST_UPDATER) && defined(MOZ_MAINTENANCE_SERVICE) - if (sUsingService && - !DoesBinaryMatchAllowedCertificates(installationDir, exefullpath)) { - return false; - } -#endif - WCHAR dlogFile[MAX_PATH + 1]; if (!PathGetSiblingFilePath(dlogFile, exefullpath, L"uninstall.update")) { return false; @@ -2054,12 +2042,6 @@ LaunchWinPostProcess(const WCHAR *installationDir, wcsncpy(cmdline, dummyArg, len); wcscat(cmdline, exearg); - if (sUsingService || - !_wcsnicmp(exeasync, L"false", 6) || - !_wcsnicmp(exeasync, L"0", 2)) { - async = false; - } - // We want to launch the post update helper app to update the Windows // registry even if there is a failure with removing the uninstall.update // file or copying the update.log file. @@ -2095,8 +2077,7 @@ LaunchWinPostProcess(const WCHAR *installationDir, static void LaunchCallbackApp(const NS_tchar *workingDir, int argc, - NS_tchar **argv, - bool usingService) + NS_tchar **argv) { putenv(const_cast<char*>("NO_EM_RESTART=")); putenv(const_cast<char*>("MOZ_LAUNCHED_CHILD=1")); @@ -2113,11 +2094,7 @@ LaunchCallbackApp(const NS_tchar *workingDir, #elif defined(XP_MACOSX) LaunchChild(argc, (const char**)argv); #elif defined(XP_WIN) - // Do not allow the callback to run when running an update through the - // service as session 0. The unelevated updater.exe will do the launching. - if (!usingService) { - WinLaunchChild(argv[0], argc, argv, nullptr); - } + WinLaunchChild(argv[0], argc, argv, nullptr); #else # warning "Need implementaton of LaunchCallbackApp" #endif @@ -2188,40 +2165,6 @@ WriteStatusFile(int status) WriteStatusFile(text); } -#ifdef MOZ_MAINTENANCE_SERVICE -/* - * Read the update.status file and sets isPendingService to true if - * the status is set to pending-service. - * - * @param isPendingService Out parameter for specifying if the status - * is set to pending-service or not. - * @return true if the information was retrieved and it is pending - * or pending-service. -*/ -static bool -IsUpdateStatusPendingService() -{ - NS_tchar filename[MAXPATHLEN]; - NS_tsnprintf(filename, sizeof(filename)/sizeof(filename[0]), - NS_T("%s/update.status"), gPatchDirPath); - - AutoFile file(NS_tfopen(filename, NS_T("rb"))); - if (file == nullptr) - return false; - - char buf[32] = { 0 }; - fread(buf, sizeof(buf), 1, file); - - const char kPendingService[] = "pending-service"; - const char kAppliedService[] = "applied-service"; - - return (strncmp(buf, kPendingService, - sizeof(kPendingService) - 1) == 0) || - (strncmp(buf, kAppliedService, - sizeof(kAppliedService) - 1) == 0); -} -#endif - #ifdef XP_WIN /* * Read the update.status file and sets isSuccess to true if @@ -2601,7 +2544,7 @@ UpdateThreadFunc(void *param) // updater application again in order to apply the update without // staging. if (sReplaceRequest) { - WriteStatusFile(sUsingService ? "pending-service" : "pending"); + WriteStatusFile("pending"); } else { WriteStatusFile(rv); } @@ -2668,17 +2611,6 @@ int LaunchCallbackAndPostProcessApps(int argc, NS_tchar** argv, if (!LaunchWinPostProcess(gInstallDirPath, gPatchDirPath)) { fprintf(stderr, "The post update process was not launched"); } - - // The service update will only be executed if it is already installed. - // For first time installs of the service, the install will happen from - // the PostUpdate process. We do the service update process here - // because it's possible we are updating with updater.exe without the - // service if the service failed to apply the update. We want to update - // the service to a newer version in that case. If we are not running - // through the service, then MOZ_USING_SERVICE will not exist. - if (!sUsingService) { - StartServiceUpdate(gInstallDirPath); - } } EXIT_WHEN_ELEVATED(elevatedLockFilePath, updateLockFileHandle, 0); #elif XP_MACOSX @@ -2690,8 +2622,7 @@ int LaunchCallbackAndPostProcessApps(int argc, NS_tchar** argv, LaunchCallbackApp(argv[5], argc - callbackIndex, - argv + callbackIndex, - sUsingService); + argv + callbackIndex); #ifdef XP_MACOSX } // if (!isElevated) #endif /* XP_MACOSX */ @@ -2765,8 +2696,6 @@ int NS_main(int argc, NS_tchar **argv) return 1; } - // This check is also performed in workmonitor.cpp since the maintenance - // service can be called directly. if (!IsValidFullPath(argv[1])) { // Since the status file is written to the patch directory and the patch // directory is invalid don't write the status file. @@ -2783,8 +2712,6 @@ int NS_main(int argc, NS_tchar **argv) // The directory containing the update information. NS_tstrncpy(gPatchDirPath, argv[1], MAXPATHLEN); - // This check is also performed in workmonitor.cpp since the maintenance - // service can be called directly. if (!IsValidFullPath(argv[2])) { WriteStatusFile(INVALID_INSTALL_DIR_PATH_ERROR); fprintf(stderr, "The install directory path is not valid for this " \ @@ -2809,23 +2736,7 @@ int NS_main(int argc, NS_tchar **argv) } #ifdef XP_WIN - bool useService = false; bool testOnlyFallbackKeyExists = false; - bool noServiceFallback = false; - - // We never want the service to be used unless we build with - // the maintenance service. -#ifdef MOZ_MAINTENANCE_SERVICE - useService = IsUpdateStatusPendingService(); -#ifdef TEST_UPDATER - noServiceFallback = EnvHasValue("MOZ_NO_SERVICE_FALLBACK"); - putenv(const_cast<char*>("MOZ_NO_SERVICE_FALLBACK=")); - // Our tests run with a different apply directory for each test. - // We use this registry key on our test slaves to store the - // allowed name/issuers. - testOnlyFallbackKeyExists = DoesFallbackKeyExist(); -#endif -#endif // Remove everything except close window from the context menu { @@ -2869,8 +2780,6 @@ int NS_main(int argc, NS_tchar **argv) } } - // This check is also performed in workmonitor.cpp since the maintenance - // service can be called directly. if (!IsValidFullPath(argv[3])) { WriteStatusFile(INVALID_WORKING_DIR_PATH_ERROR); fprintf(stderr, "The working directory path is not valid for this " \ @@ -2894,8 +2803,6 @@ int NS_main(int argc, NS_tchar **argv) *slash = NS_T('\0'); } - // These checks are also performed in workmonitor.cpp since the maintenance - // service can be called directly. if (argc > callbackIndex) { if (!IsValidFullPath(argv[callbackIndex])) { WriteStatusFile(INVALID_CALLBACK_PATH_ERROR); @@ -2977,8 +2884,6 @@ int NS_main(int argc, NS_tchar **argv) LOG(("WORKING DIRECTORY " LOG_S, gWorkingDirPath)); #if defined(XP_WIN) - // These checks are also performed in workmonitor.cpp since the maintenance - // service can be called directly. if (_wcsnicmp(gWorkingDirPath, gInstallDirPath, MAX_PATH) != 0) { if (!sStagedUpdate && !sReplaceRequest) { WriteStatusFile(INVALID_APPLYTO_DIR_ERROR); @@ -3030,23 +2935,11 @@ int NS_main(int argc, NS_tchar **argv) #endif #ifdef XP_WIN -#ifdef MOZ_MAINTENANCE_SERVICE - sUsingService = EnvHasValue("MOZ_USING_SERVICE"); - putenv(const_cast<char*>("MOZ_USING_SERVICE=")); -#endif - // lastFallbackError keeps track of the last error for the service not being - // used, in case of an error when fallback is not enabled we write the - // error to the update.status file. - // When fallback is disabled (MOZ_NO_SERVICE_FALLBACK does not exist) then - // we will instead fallback to not using the service and display a UAC prompt. - int lastFallbackError = FALLBACKKEY_UNKNOWN_ERROR; - // Launch a second instance of the updater with the runas verb on Windows // when write access is denied to the installation directory. HANDLE updateLockFileHandle = INVALID_HANDLE_VALUE; NS_tchar elevatedLockFilePath[MAXPATHLEN] = {NS_T('\0')}; - if (!sUsingService && - (argc > callbackIndex || sStagedUpdate || sReplaceRequest)) { + if (argc > callbackIndex || sStagedUpdate || sReplaceRequest) { NS_tchar updateLockFilePath[MAXPATHLEN]; if (sStagedUpdate) { // When staging an update, the lock file is: @@ -3104,8 +2997,7 @@ int NS_main(int argc, NS_tchar **argv) bool startedFromUnelevatedUpdater = GetFileAttributesW(elevatedLockFilePath) != INVALID_FILE_ATTRIBUTES; - // If we're running from the service, then we were started with the same - // token as the service so the permissions are already dropped. If we're + // If we're // running from an elevated updater that was started from an unelevated // updater, then we drop the permissions here. We do not drop the // permissions on the originally called updater because we use its token @@ -3116,8 +3008,7 @@ int NS_main(int argc, NS_tchar **argv) UACHelper::DisablePrivileges(nullptr); } - if (updateLockFileHandle == INVALID_HANDLE_VALUE || - (useService && testOnlyFallbackKeyExists && noServiceFallback)) { + if (updateLockFileHandle == INVALID_HANDLE_VALUE) { if (!_waccess(elevatedLockFilePath, F_OK) && NS_tremove(elevatedLockFilePath) != 0) { fprintf(stderr, "Unable to create elevated lock file! Exiting\n"); @@ -3144,105 +3035,11 @@ int NS_main(int argc, NS_tchar **argv) return 1; } - // Make sure the path to the updater to use for the update is on local. - // We do this check to make sure that file locking is available for - // race condition security checks. - if (useService) { - BOOL isLocal = FALSE; - useService = IsLocalFile(argv[0], isLocal) && isLocal; - } - - // If we have unprompted elevation we should NOT use the service - // for the update. Service updates happen with the SYSTEM account - // which has more privs than we need to update with. - // Windows 8 provides a user interface so users can configure this - // behavior and it can be configured in the registry in all Windows - // versions that support UAC. - if (useService) { - BOOL unpromptedElevation; - if (IsUnpromptedElevation(unpromptedElevation)) { - useService = !unpromptedElevation; - } - } - - // Make sure the service registry entries for the instsallation path - // are available. If not don't use the service. - if (useService) { - WCHAR maintenanceServiceKey[MAX_PATH + 1]; - if (CalculateRegistryPathFromFilePath(gInstallDirPath, - maintenanceServiceKey)) { - HKEY baseKey = nullptr; - if (RegOpenKeyExW(HKEY_LOCAL_MACHINE, - maintenanceServiceKey, 0, - KEY_READ | KEY_WOW64_64KEY, - &baseKey) == ERROR_SUCCESS) { - RegCloseKey(baseKey); - } else { -#ifdef TEST_UPDATER - useService = testOnlyFallbackKeyExists; -#endif - if (!useService) { - lastFallbackError = FALLBACKKEY_NOKEY_ERROR; - } - } - } else { - useService = false; - lastFallbackError = FALLBACKKEY_REGPATH_ERROR; - } - } - - // Originally we used to write "pending" to update.status before - // launching the service command. This is no longer needed now - // since the service command is launched from updater.exe. If anything - // fails in between, we can fall back to using the normal update process - // on our own. - - // If we still want to use the service try to launch the service - // comamnd for the update. - if (useService) { - // If the update couldn't be started, then set useService to false so - // we do the update the old way. - DWORD ret = LaunchServiceSoftwareUpdateCommand(argc, (LPCWSTR *)argv); - useService = (ret == ERROR_SUCCESS); - // If the command was launched then wait for the service to be done. - if (useService) { - bool showProgressUI = false; - // Never show the progress UI when staging updates. - if (!sStagedUpdate) { - // We need to call this separately instead of allowing ShowProgressUI - // to initialize the strings because the service will move the - // ini file out of the way when running updater. - showProgressUI = !InitProgressUIStrings(); - } - // Wait for the service to stop for 5 seconds. If the service - // has still not stopped then show an indeterminate progress bar. - DWORD lastState = WaitForServiceStop(SVC_NAME, 5); - if (lastState != SERVICE_STOPPED) { - Thread t1; - if (t1.Run(WaitForServiceFinishThread, nullptr) == 0 && - showProgressUI) { - ShowProgressUI(true, false); - } - t1.Join(); - } - - lastState = WaitForServiceStop(SVC_NAME, 1); - if (lastState != SERVICE_STOPPED) { - // If the service doesn't stop after 10 minutes there is - // something seriously wrong. - lastFallbackError = FALLBACKKEY_SERVICE_NO_STOP_ERROR; - useService = false; - } - } else { - lastFallbackError = FALLBACKKEY_LAUNCH_ERROR; - } - } - - // If the service can't be used when staging an update, make sure that + // When staging an update, make sure that // the UAC prompt is not shown! In this case, just set the status to // pending and the update will be applied during the next startup. - if (!useService && sStagedUpdate) { + if (sStagedUpdate) { if (updateLockFileHandle != INVALID_HANDLE_VALUE) { CloseHandle(updateLockFileHandle); } @@ -3250,32 +3047,10 @@ int NS_main(int argc, NS_tchar **argv) return 0; } - // If we started the service command, and it finished, check the - // update.status file to make sure it succeeded, and if it did - // we need to manually start the PostUpdate process from the - // current user's session of this unelevated updater.exe the - // current process is running as. - // Note that we don't need to do this if we're just staging the update, - // as the PostUpdate step runs when performing the replacing in that case. - if (useService && !sStagedUpdate) { - bool updateStatusSucceeded = false; - if (IsUpdateStatusSucceeded(updateStatusSucceeded) && - updateStatusSucceeded) { - if (!LaunchWinPostProcess(gInstallDirPath, gPatchDirPath)) { - fprintf(stderr, "The post update process which runs as the user" - " for service update could not be launched."); - } - } - } - - // If we didn't want to use the service at all, or if an update was - // already happening, or launching the service command failed, then - // launch the elevated updater.exe as we do without the service. + // If an update was already happening, launch the elevated updater.exe. // We don't launch the elevated updater in the case that we did have - // write access all along because in that case the only reason we're - // using the service is because we are testing. - if (!useService && !noServiceFallback && - updateLockFileHandle == INVALID_HANDLE_VALUE) { + // write access all along because in that case we are testing. + if (updateLockFileHandle == INVALID_HANDLE_VALUE) { SHELLEXECUTEINFO sinfo; memset(&sinfo, 0, sizeof(SHELLEXECUTEINFO)); sinfo.cbSize = sizeof(SHELLEXECUTEINFO); @@ -3301,32 +3076,21 @@ int NS_main(int argc, NS_tchar **argv) if (argc > callbackIndex) { LaunchCallbackApp(argv[5], argc - callbackIndex, - argv + callbackIndex, sUsingService); + argv + callbackIndex); } CloseHandle(elevatedFileHandle); - if (!useService && !noServiceFallback && - INVALID_HANDLE_VALUE == updateLockFileHandle) { - // We didn't use the service and we did run the elevated updater.exe. + if (INVALID_HANDLE_VALUE == updateLockFileHandle) { + // We ran the elevated updater.exe. // The elevated updater.exe is responsible for writing out the // update.status file. return 0; - } else if (useService) { - // The service command was launched. The service is responsible for - // writing out the update.status file. - if (updateLockFileHandle != INVALID_HANDLE_VALUE) { - CloseHandle(updateLockFileHandle); - } - return 0; } else { - // Otherwise the service command was not launched at all. // We are only reaching this code path because we had write access // all along to the directory and a fallback key existed, and we - // have fallback disabled (MOZ_NO_SERVICE_FALLBACK env var exists). - // We only currently use this env var from XPCShell tests. + // have fallback disabled. CloseHandle(updateLockFileHandle); - WriteStatusFile(lastFallbackError); return 0; } } @@ -3386,7 +3150,7 @@ int NS_main(int argc, NS_tchar **argv) EXIT_WHEN_ELEVATED(elevatedLockFilePath, updateLockFileHandle, 1); if (argc > callbackIndex) { LaunchCallbackApp(argv[5], argc - callbackIndex, - argv + callbackIndex, sUsingService); + argv + callbackIndex); } return 1; } @@ -3440,8 +3204,7 @@ int NS_main(int argc, NS_tchar **argv) if (argc > callbackIndex) { LaunchCallbackApp(argv[5], argc - callbackIndex, - argv + callbackIndex, - sUsingService); + argv + callbackIndex); } return 1; } @@ -3504,8 +3267,7 @@ int NS_main(int argc, NS_tchar **argv) EXIT_WHEN_ELEVATED(elevatedLockFilePath, updateLockFileHandle, 1); LaunchCallbackApp(argv[callbackIndex], argc - callbackIndex, - argv + callbackIndex, - sUsingService); + argv + callbackIndex); return 1; } @@ -3553,8 +3315,7 @@ int NS_main(int argc, NS_tchar **argv) EXIT_WHEN_ELEVATED(elevatedLockFilePath, updateLockFileHandle, 1); LaunchCallbackApp(argv[5], argc - callbackIndex, - argv + callbackIndex, - sUsingService); + argv + callbackIndex); return 1; } LOG(("NS_main: callback app file in use, continuing without " \ |