summaryrefslogtreecommitdiffstats
path: root/toolkit/mozapps/update/updater/updater.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'toolkit/mozapps/update/updater/updater.cpp')
-rw-r--r--toolkit/mozapps/update/updater/updater.cpp219
1 files changed, 21 insertions, 198 deletions
diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp
index 2af973868..c0b01bfbc 100644
--- a/toolkit/mozapps/update/updater/updater.cpp
+++ b/toolkit/mozapps/update/updater/updater.cpp
@@ -287,7 +287,6 @@ static ArchiveReader gArchiveReader;
static bool gSucceeded = false;
static bool sStagedUpdate = false;
static bool sReplaceRequest = false;
-static bool sUsingService = false;
static bool sIsOSUpdate = false;
#ifdef XP_WIN
@@ -1951,8 +1950,7 @@ PatchIfFile::Finish(int status)
/**
* Launch the post update application (helper.exe). It takes in the path of the
- * callback application to calculate the path of helper.exe. For service updates
- * this is called from both the system account and the current user account.
+ * callback application to calculate the path of helper.exe.
*
* @param installationDir The path to the callback application binary.
* @param updateInfoDir The directory where update info is stored.
@@ -2044,12 +2042,6 @@ LaunchWinPostProcess(const WCHAR *installationDir,
wcsncpy(cmdline, dummyArg, len);
wcscat(cmdline, exearg);
- if (sUsingService ||
- !_wcsnicmp(exeasync, L"false", 6) ||
- !_wcsnicmp(exeasync, L"0", 2)) {
- async = false;
- }
-
// We want to launch the post update helper app to update the Windows
// registry even if there is a failure with removing the uninstall.update
// file or copying the update.log file.
@@ -2085,8 +2077,7 @@ LaunchWinPostProcess(const WCHAR *installationDir,
static void
LaunchCallbackApp(const NS_tchar *workingDir,
int argc,
- NS_tchar **argv,
- bool usingService)
+ NS_tchar **argv)
{
putenv(const_cast<char*>("NO_EM_RESTART="));
putenv(const_cast<char*>("MOZ_LAUNCHED_CHILD=1"));
@@ -2103,11 +2094,7 @@ LaunchCallbackApp(const NS_tchar *workingDir,
#elif defined(XP_MACOSX)
LaunchChild(argc, (const char**)argv);
#elif defined(XP_WIN)
- // Do not allow the callback to run when running an update through the
- // service as session 0. The unelevated updater.exe will do the launching.
- if (!usingService) {
- WinLaunchChild(argv[0], argc, argv, nullptr);
- }
+ WinLaunchChild(argv[0], argc, argv, nullptr);
#else
# warning "Need implementaton of LaunchCallbackApp"
#endif
@@ -2557,7 +2544,7 @@ UpdateThreadFunc(void *param)
// updater application again in order to apply the update without
// staging.
if (sReplaceRequest) {
- WriteStatusFile(sUsingService ? "pending-service" : "pending");
+ WriteStatusFile("pending");
} else {
WriteStatusFile(rv);
}
@@ -2624,17 +2611,6 @@ int LaunchCallbackAndPostProcessApps(int argc, NS_tchar** argv,
if (!LaunchWinPostProcess(gInstallDirPath, gPatchDirPath)) {
fprintf(stderr, "The post update process was not launched");
}
-
- // The service update will only be executed if it is already installed.
- // For first time installs of the service, the install will happen from
- // the PostUpdate process. We do the service update process here
- // because it's possible we are updating with updater.exe without the
- // service if the service failed to apply the update. We want to update
- // the service to a newer version in that case. If we are not running
- // through the service, then MOZ_USING_SERVICE will not exist.
- if (!sUsingService) {
- StartServiceUpdate(gInstallDirPath);
- }
}
EXIT_WHEN_ELEVATED(elevatedLockFilePath, updateLockFileHandle, 0);
#elif XP_MACOSX
@@ -2646,8 +2622,7 @@ int LaunchCallbackAndPostProcessApps(int argc, NS_tchar** argv,
LaunchCallbackApp(argv[5],
argc - callbackIndex,
- argv + callbackIndex,
- sUsingService);
+ argv + callbackIndex);
#ifdef XP_MACOSX
} // if (!isElevated)
#endif /* XP_MACOSX */
@@ -2721,8 +2696,6 @@ int NS_main(int argc, NS_tchar **argv)
return 1;
}
- // This check is also performed in workmonitor.cpp since the maintenance
- // service can be called directly.
if (!IsValidFullPath(argv[1])) {
// Since the status file is written to the patch directory and the patch
// directory is invalid don't write the status file.
@@ -2739,8 +2712,6 @@ int NS_main(int argc, NS_tchar **argv)
// The directory containing the update information.
NS_tstrncpy(gPatchDirPath, argv[1], MAXPATHLEN);
- // This check is also performed in workmonitor.cpp since the maintenance
- // service can be called directly.
if (!IsValidFullPath(argv[2])) {
WriteStatusFile(INVALID_INSTALL_DIR_PATH_ERROR);
fprintf(stderr, "The install directory path is not valid for this " \
@@ -2765,9 +2736,7 @@ int NS_main(int argc, NS_tchar **argv)
}
#ifdef XP_WIN
- bool useService = false;
bool testOnlyFallbackKeyExists = false;
- bool noServiceFallback = false;
// Remove everything except close window from the context menu
{
@@ -2811,8 +2780,6 @@ int NS_main(int argc, NS_tchar **argv)
}
}
- // This check is also performed in workmonitor.cpp since the maintenance
- // service can be called directly.
if (!IsValidFullPath(argv[3])) {
WriteStatusFile(INVALID_WORKING_DIR_PATH_ERROR);
fprintf(stderr, "The working directory path is not valid for this " \
@@ -2836,8 +2803,6 @@ int NS_main(int argc, NS_tchar **argv)
*slash = NS_T('\0');
}
- // These checks are also performed in workmonitor.cpp since the maintenance
- // service can be called directly.
if (argc > callbackIndex) {
if (!IsValidFullPath(argv[callbackIndex])) {
WriteStatusFile(INVALID_CALLBACK_PATH_ERROR);
@@ -2919,8 +2884,6 @@ int NS_main(int argc, NS_tchar **argv)
LOG(("WORKING DIRECTORY " LOG_S, gWorkingDirPath));
#if defined(XP_WIN)
- // These checks are also performed in workmonitor.cpp since the maintenance
- // service can be called directly.
if (_wcsnicmp(gWorkingDirPath, gInstallDirPath, MAX_PATH) != 0) {
if (!sStagedUpdate && !sReplaceRequest) {
WriteStatusFile(INVALID_APPLYTO_DIR_ERROR);
@@ -2972,19 +2935,11 @@ int NS_main(int argc, NS_tchar **argv)
#endif
#ifdef XP_WIN
- // lastFallbackError keeps track of the last error for the service not being
- // used, in case of an error when fallback is not enabled we write the
- // error to the update.status file.
- // When fallback is disabled (MOZ_NO_SERVICE_FALLBACK does not exist) then
- // we will instead fallback to not using the service and display a UAC prompt.
- int lastFallbackError = FALLBACKKEY_UNKNOWN_ERROR;
-
// Launch a second instance of the updater with the runas verb on Windows
// when write access is denied to the installation directory.
HANDLE updateLockFileHandle = INVALID_HANDLE_VALUE;
NS_tchar elevatedLockFilePath[MAXPATHLEN] = {NS_T('\0')};
- if (!sUsingService &&
- (argc > callbackIndex || sStagedUpdate || sReplaceRequest)) {
+ if (argc > callbackIndex || sStagedUpdate || sReplaceRequest) {
NS_tchar updateLockFilePath[MAXPATHLEN];
if (sStagedUpdate) {
// When staging an update, the lock file is:
@@ -3042,8 +2997,7 @@ int NS_main(int argc, NS_tchar **argv)
bool startedFromUnelevatedUpdater =
GetFileAttributesW(elevatedLockFilePath) != INVALID_FILE_ATTRIBUTES;
- // If we're running from the service, then we were started with the same
- // token as the service so the permissions are already dropped. If we're
+ // If we're
// running from an elevated updater that was started from an unelevated
// updater, then we drop the permissions here. We do not drop the
// permissions on the originally called updater because we use its token
@@ -3054,8 +3008,7 @@ int NS_main(int argc, NS_tchar **argv)
UACHelper::DisablePrivileges(nullptr);
}
- if (updateLockFileHandle == INVALID_HANDLE_VALUE ||
- (useService && testOnlyFallbackKeyExists && noServiceFallback)) {
+ if (updateLockFileHandle == INVALID_HANDLE_VALUE) {
if (!_waccess(elevatedLockFilePath, F_OK) &&
NS_tremove(elevatedLockFilePath) != 0) {
fprintf(stderr, "Unable to create elevated lock file! Exiting\n");
@@ -3082,105 +3035,11 @@ int NS_main(int argc, NS_tchar **argv)
return 1;
}
- // Make sure the path to the updater to use for the update is on local.
- // We do this check to make sure that file locking is available for
- // race condition security checks.
- if (useService) {
- BOOL isLocal = FALSE;
- useService = IsLocalFile(argv[0], isLocal) && isLocal;
- }
-
- // If we have unprompted elevation we should NOT use the service
- // for the update. Service updates happen with the SYSTEM account
- // which has more privs than we need to update with.
- // Windows 8 provides a user interface so users can configure this
- // behavior and it can be configured in the registry in all Windows
- // versions that support UAC.
- if (useService) {
- BOOL unpromptedElevation;
- if (IsUnpromptedElevation(unpromptedElevation)) {
- useService = !unpromptedElevation;
- }
- }
-
- // Make sure the service registry entries for the instsallation path
- // are available. If not don't use the service.
- if (useService) {
- WCHAR maintenanceServiceKey[MAX_PATH + 1];
- if (CalculateRegistryPathFromFilePath(gInstallDirPath,
- maintenanceServiceKey)) {
- HKEY baseKey = nullptr;
- if (RegOpenKeyExW(HKEY_LOCAL_MACHINE,
- maintenanceServiceKey, 0,
- KEY_READ | KEY_WOW64_64KEY,
- &baseKey) == ERROR_SUCCESS) {
- RegCloseKey(baseKey);
- } else {
-#ifdef TEST_UPDATER
- useService = testOnlyFallbackKeyExists;
-#endif
- if (!useService) {
- lastFallbackError = FALLBACKKEY_NOKEY_ERROR;
- }
- }
- } else {
- useService = false;
- lastFallbackError = FALLBACKKEY_REGPATH_ERROR;
- }
- }
- // Originally we used to write "pending" to update.status before
- // launching the service command. This is no longer needed now
- // since the service command is launched from updater.exe. If anything
- // fails in between, we can fall back to using the normal update process
- // on our own.
-
- // If we still want to use the service try to launch the service
- // comamnd for the update.
- if (useService) {
- // If the update couldn't be started, then set useService to false so
- // we do the update the old way.
- DWORD ret = LaunchServiceSoftwareUpdateCommand(argc, (LPCWSTR *)argv);
- useService = (ret == ERROR_SUCCESS);
- // If the command was launched then wait for the service to be done.
- if (useService) {
- bool showProgressUI = false;
- // Never show the progress UI when staging updates.
- if (!sStagedUpdate) {
- // We need to call this separately instead of allowing ShowProgressUI
- // to initialize the strings because the service will move the
- // ini file out of the way when running updater.
- showProgressUI = !InitProgressUIStrings();
- }
-
- // Wait for the service to stop for 5 seconds. If the service
- // has still not stopped then show an indeterminate progress bar.
- DWORD lastState = WaitForServiceStop(SVC_NAME, 5);
- if (lastState != SERVICE_STOPPED) {
- Thread t1;
- if (t1.Run(WaitForServiceFinishThread, nullptr) == 0 &&
- showProgressUI) {
- ShowProgressUI(true, false);
- }
- t1.Join();
- }
-
- lastState = WaitForServiceStop(SVC_NAME, 1);
- if (lastState != SERVICE_STOPPED) {
- // If the service doesn't stop after 10 minutes there is
- // something seriously wrong.
- lastFallbackError = FALLBACKKEY_SERVICE_NO_STOP_ERROR;
- useService = false;
- }
- } else {
- lastFallbackError = FALLBACKKEY_LAUNCH_ERROR;
- }
- }
-
- // If the service can't be used when staging an update, make sure that
+ // When staging an update, make sure that
// the UAC prompt is not shown! In this case, just set the status to
// pending and the update will be applied during the next startup.
- if (!useService && sStagedUpdate) {
+ if (sStagedUpdate) {
if (updateLockFileHandle != INVALID_HANDLE_VALUE) {
CloseHandle(updateLockFileHandle);
}
@@ -3188,32 +3047,10 @@ int NS_main(int argc, NS_tchar **argv)
return 0;
}
- // If we started the service command, and it finished, check the
- // update.status file to make sure it succeeded, and if it did
- // we need to manually start the PostUpdate process from the
- // current user's session of this unelevated updater.exe the
- // current process is running as.
- // Note that we don't need to do this if we're just staging the update,
- // as the PostUpdate step runs when performing the replacing in that case.
- if (useService && !sStagedUpdate) {
- bool updateStatusSucceeded = false;
- if (IsUpdateStatusSucceeded(updateStatusSucceeded) &&
- updateStatusSucceeded) {
- if (!LaunchWinPostProcess(gInstallDirPath, gPatchDirPath)) {
- fprintf(stderr, "The post update process which runs as the user"
- " for service update could not be launched.");
- }
- }
- }
-
- // If we didn't want to use the service at all, or if an update was
- // already happening, or launching the service command failed, then
- // launch the elevated updater.exe as we do without the service.
+ // If an update was already happening, launch the elevated updater.exe.
// We don't launch the elevated updater in the case that we did have
- // write access all along because in that case the only reason we're
- // using the service is because we are testing.
- if (!useService && !noServiceFallback &&
- updateLockFileHandle == INVALID_HANDLE_VALUE) {
+ // write access all along because in that case we are testing.
+ if (updateLockFileHandle == INVALID_HANDLE_VALUE) {
SHELLEXECUTEINFO sinfo;
memset(&sinfo, 0, sizeof(SHELLEXECUTEINFO));
sinfo.cbSize = sizeof(SHELLEXECUTEINFO);
@@ -3239,32 +3076,21 @@ int NS_main(int argc, NS_tchar **argv)
if (argc > callbackIndex) {
LaunchCallbackApp(argv[5], argc - callbackIndex,
- argv + callbackIndex, sUsingService);
+ argv + callbackIndex);
}
CloseHandle(elevatedFileHandle);
- if (!useService && !noServiceFallback &&
- INVALID_HANDLE_VALUE == updateLockFileHandle) {
- // We didn't use the service and we did run the elevated updater.exe.
+ if (INVALID_HANDLE_VALUE == updateLockFileHandle) {
+ // We ran the elevated updater.exe.
// The elevated updater.exe is responsible for writing out the
// update.status file.
return 0;
- } else if (useService) {
- // The service command was launched. The service is responsible for
- // writing out the update.status file.
- if (updateLockFileHandle != INVALID_HANDLE_VALUE) {
- CloseHandle(updateLockFileHandle);
- }
- return 0;
} else {
- // Otherwise the service command was not launched at all.
// We are only reaching this code path because we had write access
// all along to the directory and a fallback key existed, and we
- // have fallback disabled (MOZ_NO_SERVICE_FALLBACK env var exists).
- // We only currently use this env var from XPCShell tests.
+ // have fallback disabled.
CloseHandle(updateLockFileHandle);
- WriteStatusFile(lastFallbackError);
return 0;
}
}
@@ -3324,7 +3150,7 @@ int NS_main(int argc, NS_tchar **argv)
EXIT_WHEN_ELEVATED(elevatedLockFilePath, updateLockFileHandle, 1);
if (argc > callbackIndex) {
LaunchCallbackApp(argv[5], argc - callbackIndex,
- argv + callbackIndex, sUsingService);
+ argv + callbackIndex);
}
return 1;
}
@@ -3378,8 +3204,7 @@ int NS_main(int argc, NS_tchar **argv)
if (argc > callbackIndex) {
LaunchCallbackApp(argv[5],
argc - callbackIndex,
- argv + callbackIndex,
- sUsingService);
+ argv + callbackIndex);
}
return 1;
}
@@ -3442,8 +3267,7 @@ int NS_main(int argc, NS_tchar **argv)
EXIT_WHEN_ELEVATED(elevatedLockFilePath, updateLockFileHandle, 1);
LaunchCallbackApp(argv[callbackIndex],
argc - callbackIndex,
- argv + callbackIndex,
- sUsingService);
+ argv + callbackIndex);
return 1;
}
@@ -3491,8 +3315,7 @@ int NS_main(int argc, NS_tchar **argv)
EXIT_WHEN_ELEVATED(elevatedLockFilePath, updateLockFileHandle, 1);
LaunchCallbackApp(argv[5],
argc - callbackIndex,
- argv + callbackIndex,
- sUsingService);
+ argv + callbackIndex);
return 1;
}
LOG(("NS_main: callback app file in use, continuing without " \