summaryrefslogtreecommitdiffstats
path: root/toolkit/mozapps/update/updater/updater.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'toolkit/mozapps/update/updater/updater.cpp')
-rw-r--r--toolkit/mozapps/update/updater/updater.cpp281
1 files changed, 21 insertions, 260 deletions
diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp
index dbf50329c..c0b01bfbc 100644
--- a/toolkit/mozapps/update/updater/updater.cpp
+++ b/toolkit/mozapps/update/updater/updater.cpp
@@ -119,9 +119,6 @@ struct UpdateServerThreadArgs
#endif
#ifdef XP_WIN
-#ifdef MOZ_MAINTENANCE_SERVICE
-#include "registrycertificates.h"
-#endif
BOOL PathAppendSafe(LPWSTR base, LPCWSTR extra);
BOOL PathGetSiblingFilePath(LPWSTR destinationBuffer,
LPCWSTR siblingFilePath,
@@ -290,7 +287,6 @@ static ArchiveReader gArchiveReader;
static bool gSucceeded = false;
static bool sStagedUpdate = false;
static bool sReplaceRequest = false;
-static bool sUsingService = false;
static bool sIsOSUpdate = false;
#ifdef XP_WIN
@@ -1954,8 +1950,7 @@ PatchIfFile::Finish(int status)
/**
* Launch the post update application (helper.exe). It takes in the path of the
- * callback application to calculate the path of helper.exe. For service updates
- * this is called from both the system account and the current user account.
+ * callback application to calculate the path of helper.exe.
*
* @param installationDir The path to the callback application binary.
* @param updateInfoDir The directory where update info is stored.
@@ -2024,13 +2019,6 @@ LaunchWinPostProcess(const WCHAR *installationDir,
return false;
}
-#if !defined(TEST_UPDATER) && defined(MOZ_MAINTENANCE_SERVICE)
- if (sUsingService &&
- !DoesBinaryMatchAllowedCertificates(installationDir, exefullpath)) {
- return false;
- }
-#endif
-
WCHAR dlogFile[MAX_PATH + 1];
if (!PathGetSiblingFilePath(dlogFile, exefullpath, L"uninstall.update")) {
return false;
@@ -2054,12 +2042,6 @@ LaunchWinPostProcess(const WCHAR *installationDir,
wcsncpy(cmdline, dummyArg, len);
wcscat(cmdline, exearg);
- if (sUsingService ||
- !_wcsnicmp(exeasync, L"false", 6) ||
- !_wcsnicmp(exeasync, L"0", 2)) {
- async = false;
- }
-
// We want to launch the post update helper app to update the Windows
// registry even if there is a failure with removing the uninstall.update
// file or copying the update.log file.
@@ -2095,8 +2077,7 @@ LaunchWinPostProcess(const WCHAR *installationDir,
static void
LaunchCallbackApp(const NS_tchar *workingDir,
int argc,
- NS_tchar **argv,
- bool usingService)
+ NS_tchar **argv)
{
putenv(const_cast<char*>("NO_EM_RESTART="));
putenv(const_cast<char*>("MOZ_LAUNCHED_CHILD=1"));
@@ -2113,11 +2094,7 @@ LaunchCallbackApp(const NS_tchar *workingDir,
#elif defined(XP_MACOSX)
LaunchChild(argc, (const char**)argv);
#elif defined(XP_WIN)
- // Do not allow the callback to run when running an update through the
- // service as session 0. The unelevated updater.exe will do the launching.
- if (!usingService) {
- WinLaunchChild(argv[0], argc, argv, nullptr);
- }
+ WinLaunchChild(argv[0], argc, argv, nullptr);
#else
# warning "Need implementaton of LaunchCallbackApp"
#endif
@@ -2188,40 +2165,6 @@ WriteStatusFile(int status)
WriteStatusFile(text);
}
-#ifdef MOZ_MAINTENANCE_SERVICE
-/*
- * Read the update.status file and sets isPendingService to true if
- * the status is set to pending-service.
- *
- * @param isPendingService Out parameter for specifying if the status
- * is set to pending-service or not.
- * @return true if the information was retrieved and it is pending
- * or pending-service.
-*/
-static bool
-IsUpdateStatusPendingService()
-{
- NS_tchar filename[MAXPATHLEN];
- NS_tsnprintf(filename, sizeof(filename)/sizeof(filename[0]),
- NS_T("%s/update.status"), gPatchDirPath);
-
- AutoFile file(NS_tfopen(filename, NS_T("rb")));
- if (file == nullptr)
- return false;
-
- char buf[32] = { 0 };
- fread(buf, sizeof(buf), 1, file);
-
- const char kPendingService[] = "pending-service";
- const char kAppliedService[] = "applied-service";
-
- return (strncmp(buf, kPendingService,
- sizeof(kPendingService) - 1) == 0) ||
- (strncmp(buf, kAppliedService,
- sizeof(kAppliedService) - 1) == 0);
-}
-#endif
-
#ifdef XP_WIN
/*
* Read the update.status file and sets isSuccess to true if
@@ -2601,7 +2544,7 @@ UpdateThreadFunc(void *param)
// updater application again in order to apply the update without
// staging.
if (sReplaceRequest) {
- WriteStatusFile(sUsingService ? "pending-service" : "pending");
+ WriteStatusFile("pending");
} else {
WriteStatusFile(rv);
}
@@ -2668,17 +2611,6 @@ int LaunchCallbackAndPostProcessApps(int argc, NS_tchar** argv,
if (!LaunchWinPostProcess(gInstallDirPath, gPatchDirPath)) {
fprintf(stderr, "The post update process was not launched");
}
-
- // The service update will only be executed if it is already installed.
- // For first time installs of the service, the install will happen from
- // the PostUpdate process. We do the service update process here
- // because it's possible we are updating with updater.exe without the
- // service if the service failed to apply the update. We want to update
- // the service to a newer version in that case. If we are not running
- // through the service, then MOZ_USING_SERVICE will not exist.
- if (!sUsingService) {
- StartServiceUpdate(gInstallDirPath);
- }
}
EXIT_WHEN_ELEVATED(elevatedLockFilePath, updateLockFileHandle, 0);
#elif XP_MACOSX
@@ -2690,8 +2622,7 @@ int LaunchCallbackAndPostProcessApps(int argc, NS_tchar** argv,
LaunchCallbackApp(argv[5],
argc - callbackIndex,
- argv + callbackIndex,
- sUsingService);
+ argv + callbackIndex);
#ifdef XP_MACOSX
} // if (!isElevated)
#endif /* XP_MACOSX */
@@ -2765,8 +2696,6 @@ int NS_main(int argc, NS_tchar **argv)
return 1;
}
- // This check is also performed in workmonitor.cpp since the maintenance
- // service can be called directly.
if (!IsValidFullPath(argv[1])) {
// Since the status file is written to the patch directory and the patch
// directory is invalid don't write the status file.
@@ -2783,8 +2712,6 @@ int NS_main(int argc, NS_tchar **argv)
// The directory containing the update information.
NS_tstrncpy(gPatchDirPath, argv[1], MAXPATHLEN);
- // This check is also performed in workmonitor.cpp since the maintenance
- // service can be called directly.
if (!IsValidFullPath(argv[2])) {
WriteStatusFile(INVALID_INSTALL_DIR_PATH_ERROR);
fprintf(stderr, "The install directory path is not valid for this " \
@@ -2809,23 +2736,7 @@ int NS_main(int argc, NS_tchar **argv)
}
#ifdef XP_WIN
- bool useService = false;
bool testOnlyFallbackKeyExists = false;
- bool noServiceFallback = false;
-
- // We never want the service to be used unless we build with
- // the maintenance service.
-#ifdef MOZ_MAINTENANCE_SERVICE
- useService = IsUpdateStatusPendingService();
-#ifdef TEST_UPDATER
- noServiceFallback = EnvHasValue("MOZ_NO_SERVICE_FALLBACK");
- putenv(const_cast<char*>("MOZ_NO_SERVICE_FALLBACK="));
- // Our tests run with a different apply directory for each test.
- // We use this registry key on our test slaves to store the
- // allowed name/issuers.
- testOnlyFallbackKeyExists = DoesFallbackKeyExist();
-#endif
-#endif
// Remove everything except close window from the context menu
{
@@ -2869,8 +2780,6 @@ int NS_main(int argc, NS_tchar **argv)
}
}
- // This check is also performed in workmonitor.cpp since the maintenance
- // service can be called directly.
if (!IsValidFullPath(argv[3])) {
WriteStatusFile(INVALID_WORKING_DIR_PATH_ERROR);
fprintf(stderr, "The working directory path is not valid for this " \
@@ -2894,8 +2803,6 @@ int NS_main(int argc, NS_tchar **argv)
*slash = NS_T('\0');
}
- // These checks are also performed in workmonitor.cpp since the maintenance
- // service can be called directly.
if (argc > callbackIndex) {
if (!IsValidFullPath(argv[callbackIndex])) {
WriteStatusFile(INVALID_CALLBACK_PATH_ERROR);
@@ -2977,8 +2884,6 @@ int NS_main(int argc, NS_tchar **argv)
LOG(("WORKING DIRECTORY " LOG_S, gWorkingDirPath));
#if defined(XP_WIN)
- // These checks are also performed in workmonitor.cpp since the maintenance
- // service can be called directly.
if (_wcsnicmp(gWorkingDirPath, gInstallDirPath, MAX_PATH) != 0) {
if (!sStagedUpdate && !sReplaceRequest) {
WriteStatusFile(INVALID_APPLYTO_DIR_ERROR);
@@ -3030,23 +2935,11 @@ int NS_main(int argc, NS_tchar **argv)
#endif
#ifdef XP_WIN
-#ifdef MOZ_MAINTENANCE_SERVICE
- sUsingService = EnvHasValue("MOZ_USING_SERVICE");
- putenv(const_cast<char*>("MOZ_USING_SERVICE="));
-#endif
- // lastFallbackError keeps track of the last error for the service not being
- // used, in case of an error when fallback is not enabled we write the
- // error to the update.status file.
- // When fallback is disabled (MOZ_NO_SERVICE_FALLBACK does not exist) then
- // we will instead fallback to not using the service and display a UAC prompt.
- int lastFallbackError = FALLBACKKEY_UNKNOWN_ERROR;
-
// Launch a second instance of the updater with the runas verb on Windows
// when write access is denied to the installation directory.
HANDLE updateLockFileHandle = INVALID_HANDLE_VALUE;
NS_tchar elevatedLockFilePath[MAXPATHLEN] = {NS_T('\0')};
- if (!sUsingService &&
- (argc > callbackIndex || sStagedUpdate || sReplaceRequest)) {
+ if (argc > callbackIndex || sStagedUpdate || sReplaceRequest) {
NS_tchar updateLockFilePath[MAXPATHLEN];
if (sStagedUpdate) {
// When staging an update, the lock file is:
@@ -3104,8 +2997,7 @@ int NS_main(int argc, NS_tchar **argv)
bool startedFromUnelevatedUpdater =
GetFileAttributesW(elevatedLockFilePath) != INVALID_FILE_ATTRIBUTES;
- // If we're running from the service, then we were started with the same
- // token as the service so the permissions are already dropped. If we're
+ // If we're
// running from an elevated updater that was started from an unelevated
// updater, then we drop the permissions here. We do not drop the
// permissions on the originally called updater because we use its token
@@ -3116,8 +3008,7 @@ int NS_main(int argc, NS_tchar **argv)
UACHelper::DisablePrivileges(nullptr);
}
- if (updateLockFileHandle == INVALID_HANDLE_VALUE ||
- (useService && testOnlyFallbackKeyExists && noServiceFallback)) {
+ if (updateLockFileHandle == INVALID_HANDLE_VALUE) {
if (!_waccess(elevatedLockFilePath, F_OK) &&
NS_tremove(elevatedLockFilePath) != 0) {
fprintf(stderr, "Unable to create elevated lock file! Exiting\n");
@@ -3144,105 +3035,11 @@ int NS_main(int argc, NS_tchar **argv)
return 1;
}
- // Make sure the path to the updater to use for the update is on local.
- // We do this check to make sure that file locking is available for
- // race condition security checks.
- if (useService) {
- BOOL isLocal = FALSE;
- useService = IsLocalFile(argv[0], isLocal) && isLocal;
- }
-
- // If we have unprompted elevation we should NOT use the service
- // for the update. Service updates happen with the SYSTEM account
- // which has more privs than we need to update with.
- // Windows 8 provides a user interface so users can configure this
- // behavior and it can be configured in the registry in all Windows
- // versions that support UAC.
- if (useService) {
- BOOL unpromptedElevation;
- if (IsUnpromptedElevation(unpromptedElevation)) {
- useService = !unpromptedElevation;
- }
- }
-
- // Make sure the service registry entries for the instsallation path
- // are available. If not don't use the service.
- if (useService) {
- WCHAR maintenanceServiceKey[MAX_PATH + 1];
- if (CalculateRegistryPathFromFilePath(gInstallDirPath,
- maintenanceServiceKey)) {
- HKEY baseKey = nullptr;
- if (RegOpenKeyExW(HKEY_LOCAL_MACHINE,
- maintenanceServiceKey, 0,
- KEY_READ | KEY_WOW64_64KEY,
- &baseKey) == ERROR_SUCCESS) {
- RegCloseKey(baseKey);
- } else {
-#ifdef TEST_UPDATER
- useService = testOnlyFallbackKeyExists;
-#endif
- if (!useService) {
- lastFallbackError = FALLBACKKEY_NOKEY_ERROR;
- }
- }
- } else {
- useService = false;
- lastFallbackError = FALLBACKKEY_REGPATH_ERROR;
- }
- }
-
- // Originally we used to write "pending" to update.status before
- // launching the service command. This is no longer needed now
- // since the service command is launched from updater.exe. If anything
- // fails in between, we can fall back to using the normal update process
- // on our own.
-
- // If we still want to use the service try to launch the service
- // comamnd for the update.
- if (useService) {
- // If the update couldn't be started, then set useService to false so
- // we do the update the old way.
- DWORD ret = LaunchServiceSoftwareUpdateCommand(argc, (LPCWSTR *)argv);
- useService = (ret == ERROR_SUCCESS);
- // If the command was launched then wait for the service to be done.
- if (useService) {
- bool showProgressUI = false;
- // Never show the progress UI when staging updates.
- if (!sStagedUpdate) {
- // We need to call this separately instead of allowing ShowProgressUI
- // to initialize the strings because the service will move the
- // ini file out of the way when running updater.
- showProgressUI = !InitProgressUIStrings();
- }
- // Wait for the service to stop for 5 seconds. If the service
- // has still not stopped then show an indeterminate progress bar.
- DWORD lastState = WaitForServiceStop(SVC_NAME, 5);
- if (lastState != SERVICE_STOPPED) {
- Thread t1;
- if (t1.Run(WaitForServiceFinishThread, nullptr) == 0 &&
- showProgressUI) {
- ShowProgressUI(true, false);
- }
- t1.Join();
- }
-
- lastState = WaitForServiceStop(SVC_NAME, 1);
- if (lastState != SERVICE_STOPPED) {
- // If the service doesn't stop after 10 minutes there is
- // something seriously wrong.
- lastFallbackError = FALLBACKKEY_SERVICE_NO_STOP_ERROR;
- useService = false;
- }
- } else {
- lastFallbackError = FALLBACKKEY_LAUNCH_ERROR;
- }
- }
-
- // If the service can't be used when staging an update, make sure that
+ // When staging an update, make sure that
// the UAC prompt is not shown! In this case, just set the status to
// pending and the update will be applied during the next startup.
- if (!useService && sStagedUpdate) {
+ if (sStagedUpdate) {
if (updateLockFileHandle != INVALID_HANDLE_VALUE) {
CloseHandle(updateLockFileHandle);
}
@@ -3250,32 +3047,10 @@ int NS_main(int argc, NS_tchar **argv)
return 0;
}
- // If we started the service command, and it finished, check the
- // update.status file to make sure it succeeded, and if it did
- // we need to manually start the PostUpdate process from the
- // current user's session of this unelevated updater.exe the
- // current process is running as.
- // Note that we don't need to do this if we're just staging the update,
- // as the PostUpdate step runs when performing the replacing in that case.
- if (useService && !sStagedUpdate) {
- bool updateStatusSucceeded = false;
- if (IsUpdateStatusSucceeded(updateStatusSucceeded) &&
- updateStatusSucceeded) {
- if (!LaunchWinPostProcess(gInstallDirPath, gPatchDirPath)) {
- fprintf(stderr, "The post update process which runs as the user"
- " for service update could not be launched.");
- }
- }
- }
-
- // If we didn't want to use the service at all, or if an update was
- // already happening, or launching the service command failed, then
- // launch the elevated updater.exe as we do without the service.
+ // If an update was already happening, launch the elevated updater.exe.
// We don't launch the elevated updater in the case that we did have
- // write access all along because in that case the only reason we're
- // using the service is because we are testing.
- if (!useService && !noServiceFallback &&
- updateLockFileHandle == INVALID_HANDLE_VALUE) {
+ // write access all along because in that case we are testing.
+ if (updateLockFileHandle == INVALID_HANDLE_VALUE) {
SHELLEXECUTEINFO sinfo;
memset(&sinfo, 0, sizeof(SHELLEXECUTEINFO));
sinfo.cbSize = sizeof(SHELLEXECUTEINFO);
@@ -3301,32 +3076,21 @@ int NS_main(int argc, NS_tchar **argv)
if (argc > callbackIndex) {
LaunchCallbackApp(argv[5], argc - callbackIndex,
- argv + callbackIndex, sUsingService);
+ argv + callbackIndex);
}
CloseHandle(elevatedFileHandle);
- if (!useService && !noServiceFallback &&
- INVALID_HANDLE_VALUE == updateLockFileHandle) {
- // We didn't use the service and we did run the elevated updater.exe.
+ if (INVALID_HANDLE_VALUE == updateLockFileHandle) {
+ // We ran the elevated updater.exe.
// The elevated updater.exe is responsible for writing out the
// update.status file.
return 0;
- } else if (useService) {
- // The service command was launched. The service is responsible for
- // writing out the update.status file.
- if (updateLockFileHandle != INVALID_HANDLE_VALUE) {
- CloseHandle(updateLockFileHandle);
- }
- return 0;
} else {
- // Otherwise the service command was not launched at all.
// We are only reaching this code path because we had write access
// all along to the directory and a fallback key existed, and we
- // have fallback disabled (MOZ_NO_SERVICE_FALLBACK env var exists).
- // We only currently use this env var from XPCShell tests.
+ // have fallback disabled.
CloseHandle(updateLockFileHandle);
- WriteStatusFile(lastFallbackError);
return 0;
}
}
@@ -3386,7 +3150,7 @@ int NS_main(int argc, NS_tchar **argv)
EXIT_WHEN_ELEVATED(elevatedLockFilePath, updateLockFileHandle, 1);
if (argc > callbackIndex) {
LaunchCallbackApp(argv[5], argc - callbackIndex,
- argv + callbackIndex, sUsingService);
+ argv + callbackIndex);
}
return 1;
}
@@ -3440,8 +3204,7 @@ int NS_main(int argc, NS_tchar **argv)
if (argc > callbackIndex) {
LaunchCallbackApp(argv[5],
argc - callbackIndex,
- argv + callbackIndex,
- sUsingService);
+ argv + callbackIndex);
}
return 1;
}
@@ -3504,8 +3267,7 @@ int NS_main(int argc, NS_tchar **argv)
EXIT_WHEN_ELEVATED(elevatedLockFilePath, updateLockFileHandle, 1);
LaunchCallbackApp(argv[callbackIndex],
argc - callbackIndex,
- argv + callbackIndex,
- sUsingService);
+ argv + callbackIndex);
return 1;
}
@@ -3553,8 +3315,7 @@ int NS_main(int argc, NS_tchar **argv)
EXIT_WHEN_ELEVATED(elevatedLockFilePath, updateLockFileHandle, 1);
LaunchCallbackApp(argv[5],
argc - callbackIndex,
- argv + callbackIndex,
- sUsingService);
+ argv + callbackIndex);
return 1;
}
LOG(("NS_main: callback app file in use, continuing without " \