Strona główna Odkrywaj Pomoc
Zaloguj się
pascal
/
innosetup
kopia lustrzana https://github.com/jrsoftware/issrc.git
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

Log a protected temporary directory as such.

Martijn Laan 1 rok temu
rodzic
19689005fc
commit
6ff2b967f0
2 zmienionych plików z 31 dodań i 15 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 23 5
      Projects/Src/InstFunc.pas
  2. 8 10
      Projects/Src/Main.pas

+ 23 - 5
Projects/Src/InstFunc.pas
Wyświetl plik 

@@ -49,7 +49,9 @@ type
 
 

 function CheckForMutexes(const Mutexes: String): Boolean;

 procedure CreateMutexes(const Mutexes: String);

-function CreateTempDir(const LimitCurrentUserSidAccess: Boolean): String;

+function CreateTempDir(const LimitCurrentUserSidAccess: Boolean;

+  var Protected: Boolean): String; overload;

+function CreateTempDir(const LimitCurrentUserSidAccess: Boolean): String; overload;

 function DecrementSharedCount(const RegView: TRegView; const Filename: String): Boolean;

 procedure DelayDeleteFile(const DisableFsRedir: Boolean; const Filename: String;

   const MaxTries, FirstRetryDelayMS, SubsequentRetryDelayMS: Integer);

@@ -175,7 +177,7 @@ function ConvertStringSecurityDescriptorToSecurityDescriptorW(
 
   dummy: Pointer): BOOL; stdcall; external advapi32;

 

 function CreateSafeDirectory(const LimitCurrentUserSidAccess: Boolean; Path: String;

-  var ErrorCode: DWORD): Boolean;

+  var ErrorCode: DWORD; var Protected: Boolean): Boolean; overload;

 { Creates a protected directory if

   -it's a subdirectory of c:\WINDOWS\TEMP, or

   -it's on a local drive and LimitCurrentUserSidAccess is True (latter is true atm if elevated and not debugging)

@@ -192,7 +194,9 @@ begin
 
     not PathCharIsSlash(Drive[1]) and

     (GetDriveType(PChar(AddBackslash(Drive))) <> DRIVE_REMOTE);

 

-  if IsUnderWindowsTemp or IsLocalTempToProtect then begin

+  Protected := IsUnderWindowsTemp or IsLocalTempToProtect;

+

+  if Protected then begin

     var StringSecurityDescriptor :=

       // D: adds a Discretionary ACL ("DACL", i.e. access control via SIDs)

       // P: prevents DACL from being modified by inheritable ACEs

@@ -245,6 +249,13 @@ begin
 
   end;

 end;

 

+function CreateSafeDirectory(const LimitCurrentUserSidAccess: Boolean; Path: String;

+  var ErrorCode: DWORD): Boolean; overload;

+begin

+  var Protected: Boolean;

+  Result := CreateSafeDirectory(LimitCurrentUserSidAccess, Path, ErrorCode, Protected);

+end;

+

 function IntToBase32(Number: Longint): String;

 const

   Table: array[0..31] of Char = '0123456789ABCDEFGHIJKLMNOPQRSTUV';

@@ -319,7 +330,8 @@ begin
 
   until False; // continue until a new directory was created

 end;

 

-function CreateTempDir(const LimitCurrentUserSidAccess: Boolean): String;

+function CreateTempDir(const LimitCurrentUserSidAccess: Boolean;

+  var Protected: Boolean): String;

 { This is called by SetupLdr, Setup, and Uninstall. }

 var

   Dir: String;

@@ -327,7 +339,7 @@ var
 
 begin

   while True do begin

     Dir := GenerateUniqueName(False, GetTempDir, '.tmp');

-    if CreateSafeDirectory(LimitCurrentUserSidAccess, Dir, ErrorCode) then

+    if CreateSafeDirectory(LimitCurrentUserSidAccess, Dir, ErrorCode, Protected) then

       Break;

     if ErrorCode <> ERROR_ALREADY_EXISTS then

       raise Exception.Create(FmtSetupMessage(msgLastErrorMessage,

@@ -337,6 +349,12 @@ begin
 
   Result := Dir;

 end;

 

+function CreateTempDir(const LimitCurrentUserSidAccess: Boolean): String;

+begin

+  var Protected: Boolean;

+  Result := CreateTempDir(LimitCurrentUserSidAccess, Protected);

+end;

+

 function ReplaceSystemDirWithSysWow64(const Path: String): String;

 { If the user is running 64-bit Windows and Path begins with

   'x:\windows\system32' it replaces it with 'x:\windows\syswow64', like the

+ 8 - 10
Projects/Src/Main.pas
Wyświetl plik 

@@ -266,7 +266,7 @@ function IsWindows11: Boolean;
 
 implementation

 

 uses

-  ShellAPI, ShlObj,

+  ShellAPI, ShlObj, StrUtils,

   Msgs, MsgIDs, Install, InstFunc, InstFnc2, RedirFunc, PathFunc,

   Compress, CompressZlib, bzlib, LZMADecomp, ArcFour, SetupEnt, SelLangForm,

   Wizard, DebugClient, VerInfo, Extract, FileClass, Logging, MD5, SHA1, ActiveX,

@@ -1450,21 +1450,19 @@ end;
 
 procedure CreateTempInstallDirAndExtract64BitHelper;

 { Initializes TempInstallDir and extracts the 64-bit helper into it if needed.

   This is called by Setup, Uninstall, and RegSvr. }

-var

-  Subdir, ResName, Filename: String;

-  ErrorCode: DWORD;

 begin

-  TempInstallDir := CreateTempDir(IsAdmin and not Debugging);

-  Log('Created temporary directory: ' + TempInstallDir);

+  var Protected: Boolean;

+  TempInstallDir := CreateTempDir(IsAdmin and not Debugging, Protected);

+  LogFmt('Created %stemporary directory: %s', [IfThen(Protected, 'protected ', ''), TempInstallDir]);

   if Debugging then

     DebugNotifyTempDir(TempInstallDir);

 

   { Create _isetup subdirectory to hold our internally-used files to ensure

     they won't use any DLLs the install creator might've dumped into

     TempInstallDir }

-  Subdir := AddBackslash(TempInstallDir) + '_isetup';

+  var Subdir := AddBackslash(TempInstallDir) + '_isetup';

   if not CreateDirectory(PChar(Subdir), nil) then begin

-    ErrorCode := GetLastError;

+    var ErrorCode := GetLastError;

     raise Exception.Create(FmtSetupMessage(msgLastErrorMessage,

       [FmtSetupMessage1(msgErrorCreatingDir, Subdir), IntToStr(ErrorCode),

        Win32ErrorString(ErrorCode)]));

@@ -1472,9 +1470,9 @@ begin
 
 

   { Extract 64-bit helper EXE, if one is available for the current processor

     architecture }

-  ResName := GetHelperResourceName;

+  var ResName := GetHelperResourceName;

   if ResName <> '' then begin

-    Filename := Subdir + '\_setup64.tmp';

+    var Filename := Subdir + '\_setup64.tmp';

     SaveResourceToTempFile(ResName, Filename);

     SetHelperExeFilename(Filename);

   end;