static
DWORD WINAPI
ThreadFunc(LPVOID Context)
{
CComPtr<IBindStatusCallback> dl;
WCHAR path[MAX_PATH];
PWSTR p, q;
HWND Dlg = (HWND) Context;
ULONG dwContentLen, dwBytesWritten, dwBytesRead, dwStatus;
ULONG dwCurrentBytesRead = 0;
ULONG dwStatusLen = sizeof(dwStatus);
BOOL bCancelled = FALSE;
BOOL bTempfile = FALSE;
BOOL bCab = FALSE;
HINTERNET hOpen = NULL;
HINTERNET hFile = NULL;
HANDLE hOut = INVALID_HANDLE_VALUE;
unsigned char lpBuffer[4096];
PCWSTR lpszAgent = L"RApps/1.0";
URL_COMPONENTS urlComponents;
size_t urlLength, filenameLength;
/* build the path for the download */
p = wcsrchr(AppInfo->szUrlDownload, L'/');
q = wcsrchr(AppInfo->szUrlDownload, L'?');
/* do we have a final slash separator? */
if (!p)
goto end;
/* prepare the tentative length of the filename, maybe we've to remove part of it later on */
filenameLength = wcslen(p) * sizeof(WCHAR);
/* do we have query arguments in the target URL after the filename? account for them
(e.g. https://example.org/myfile.exe?no_adware_plz) */
if (q && q > p && (q - p) > 0)
filenameLength -= wcslen(q - 1) * sizeof(WCHAR);
/* is this URL an update package for RAPPS? if so store it in a different place */
if (wcscmp(AppInfo->szUrlDownload, APPLICATION_DATABASE_URL) == 0)
{
bCab = TRUE;
if (!GetStorageDirectory(path, _countof(path)))
goto end;
}
else
{
if (FAILED(StringCbCopyW(path, sizeof(path), SettingsInfo.szDownloadDir)))
goto end;
}
/* is the path valid? can we access it? */
if (GetFileAttributesW(path) == INVALID_FILE_ATTRIBUTES)
{
if (!CreateDirectoryW(path, NULL))
goto end;
}
/* append a \ to the provided file system path, and the filename portion from the URL after that */
if (FAILED(StringCbCatW(path, sizeof(path), L"\\")))
goto end;
if (FAILED(StringCbCatNW(path, sizeof(path), p + 1, filenameLength)))
goto end;
if (!bCab && AppInfo->szSHA1[0] != 0 && GetFileAttributesW(path) != INVALID_FILE_ATTRIBUTES)
{
/* only open it in case of total correctness */
if (VerifyInteg(AppInfo->szSHA1, path))
goto run;
}
/* download it */
bTempfile = TRUE;
CDownloadDialog_Constructor(Dlg, &bCancelled, IID_PPV_ARG(IBindStatusCallback, &dl));
if (dl == NULL)
goto end;
/* FIXME: this should just be using the system-wide proxy settings */
switch(SettingsInfo.Proxy)
{
case 0: /* preconfig */
hOpen = InternetOpenW(lpszAgent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
break;
case 1: /* direct (no proxy) */
hOpen = InternetOpenW(lpszAgent, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
break;
case 2: /* use proxy */
hOpen = InternetOpenW(lpszAgent, INTERNET_OPEN_TYPE_PROXY, SettingsInfo.szProxyServer, SettingsInfo.szNoProxyFor, 0);
break;
default: /* preconfig */
hOpen = InternetOpenW(lpszAgent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
break;
}
if (!hOpen)
goto end;
hFile = InternetOpenUrlW(hOpen, AppInfo->szUrlDownload, NULL, 0, INTERNET_FLAG_PRAGMA_NOCACHE|INTERNET_FLAG_KEEP_CONNECTION, 0);
if (!hFile)
goto end;
if (!HttpQueryInfoW(hFile, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwStatus, &dwStatusLen, NULL))
goto end;
if(dwStatus != HTTP_STATUS_OK)
{
WCHAR szMsgText[MAX_STR_LEN];
if (!LoadStringW(hInst, IDS_UNABLE_TO_DOWNLOAD, szMsgText, sizeof(szMsgText) / sizeof(WCHAR)))
goto end;
MessageBoxW(hMainWnd, szMsgText, NULL, MB_OK | MB_ICONERROR);
goto end;
}
dwStatusLen = sizeof(dwStatus);
memset(&urlComponents, 0, sizeof(urlComponents));
urlComponents.dwStructSize = sizeof(urlComponents);
if(FAILED(StringCbLengthW(AppInfo->szUrlDownload, sizeof(AppInfo->szUrlDownload), &urlLength)))
goto end;
urlLength /= sizeof(WCHAR);
urlComponents.dwSchemeLength = urlLength + 1;
urlComponents.lpszScheme = (LPWSTR)malloc(urlComponents.dwSchemeLength * sizeof(WCHAR));
urlComponents.dwHostNameLength = urlLength + 1;
urlComponents.lpszHostName = (LPWSTR)malloc(urlComponents.dwHostNameLength * sizeof(WCHAR));
if(!InternetCrackUrlW(AppInfo->szUrlDownload, urlLength+1, ICU_DECODE | ICU_ESCAPE, &urlComponents))
goto end;
if(urlComponents.nScheme == INTERNET_SCHEME_HTTP || urlComponents.nScheme == INTERNET_SCHEME_HTTPS)
HttpQueryInfo(hFile, HTTP_QUERY_CONTENT_LENGTH | HTTP_QUERY_FLAG_NUMBER, &dwContentLen, &dwStatus, 0);
if(urlComponents.nScheme == INTERNET_SCHEME_FTP)
dwContentLen = FtpGetFileSize(hFile, &dwStatus);
#ifdef USE_CERT_PINNING
/* are we using HTTPS to download the RAPPS update package? check if the certificate is original */
if ((urlComponents.nScheme == INTERNET_SCHEME_HTTPS) &&
(wcscmp(AppInfo->szUrlDownload, APPLICATION_DATABASE_URL) == 0) &&
(!CertIsValid(hOpen, urlComponents.lpszHostName)))
{
WCHAR szMsgText[MAX_STR_LEN];
if (!LoadStringW(hInst, IDS_CERT_DOES_NOT_MATCH, szMsgText, sizeof(szMsgText) / sizeof(WCHAR)))
goto end;
MessageBoxW(Dlg, szMsgText, NULL, MB_OK | MB_ICONERROR);
goto end;
}
#endif
free(urlComponents.lpszScheme);
free(urlComponents.lpszHostName);
hOut = CreateFileW(path, GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, 0, NULL);
if (hOut == INVALID_HANDLE_VALUE)
goto end;
do
{
if (!InternetReadFile(hFile, lpBuffer, _countof(lpBuffer), &dwBytesRead))
{
WCHAR szMsgText[MAX_STR_LEN];
if (!LoadStringW(hInst, IDS_INTERRUPTED_DOWNLOAD, szMsgText, _countof(szMsgText)))
goto end;
MessageBoxW(hMainWnd, szMsgText, NULL, MB_OK | MB_ICONERROR);
goto end;
}
if (!WriteFile(hOut, &lpBuffer[0], dwBytesRead, &dwBytesWritten, NULL))
{
WCHAR szMsgText[MAX_STR_LEN];
if (!LoadStringW(hInst, IDS_UNABLE_TO_WRITE, szMsgText, _countof(szMsgText)))
goto end;
MessageBoxW(hMainWnd, szMsgText, NULL, MB_OK | MB_ICONERROR);
goto end;
}
dwCurrentBytesRead += dwBytesRead;
dl->OnProgress(dwCurrentBytesRead, dwContentLen, 0, AppInfo->szUrlDownload);
}
while (dwBytesRead && !bCancelled);
CloseHandle(hOut);
hOut = INVALID_HANDLE_VALUE;
if (bCancelled)
goto end;
/* if this thing isn't a RAPPS update and it has a SHA-1 checksum
verify its integrity by using the native advapi32.A_SHA1 functions */
if (!bCab && AppInfo->szSHA1[0] != 0)
{
WCHAR szMsgText[MAX_STR_LEN];
/* change a few strings in the download dialog to reflect the verification process */
LoadStringW(hInst, IDS_INTEG_CHECK_TITLE, szMsgText, _countof(szMsgText));
SetWindowText(Dlg, szMsgText);
SendMessageW(GetDlgItem(Dlg, IDC_DOWNLOAD_STATUS), WM_SETTEXT, 0, (LPARAM)path);
/* this may take a while, depending on the file size */
if (!VerifyInteg(AppInfo->szSHA1, path))
{
if (!LoadStringW(hInst, IDS_INTEG_CHECK_FAIL, szMsgText, _countof(szMsgText)))
goto end;
MessageBoxW(Dlg, szMsgText, NULL, MB_OK | MB_ICONERROR);
goto end;
}
}
ShowWindow(Dlg, SW_HIDE);
run:
/* run it */
if (!bCab)
ShellExecuteW( NULL, L"open", path, NULL, NULL, SW_SHOWNORMAL );
end:
if (hOut != INVALID_HANDLE_VALUE)
CloseHandle(hOut);
InternetCloseHandle(hFile);
InternetCloseHandle(hOpen);
if (bTempfile)
{
if (bCancelled || (SettingsInfo.bDelInstaller && !bCab))
DeleteFileW(path);
}
EndDialog(Dlg, 0);
return 0;
}
static BOOL
GetLSAPrincipalName(char * pszUser, DWORD dwUserSize)
{
KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
ULONG ResponseSize;
PKERB_EXTERNAL_NAME pClientName = NULL;
PUNICODE_STRING pDomainName = NULL;
LSA_STRING Name;
HANDLE hLogon = INVALID_HANDLE_VALUE;
ULONG PackageId;
NTSTATUS ntStatus;
NTSTATUS ntSubStatus = 0;
WCHAR * wchUser = NULL;
DWORD dwSize;
SHORT sCount;
BOOL bRet = FALSE;
ntStatus = LsaConnectUntrusted( &hLogon);
if (FAILED(ntStatus))
goto cleanup;
Name.Buffer = MICROSOFT_KERBEROS_NAME_A;
Name.Length = (USHORT)(sizeof(MICROSOFT_KERBEROS_NAME_A) - sizeof(char));
Name.MaximumLength = Name.Length;
ntStatus = LsaLookupAuthenticationPackage( hLogon, &Name, &PackageId);
if (FAILED(ntStatus))
goto cleanup;
memset(&CacheRequest, 0, sizeof(KERB_QUERY_TKT_CACHE_REQUEST));
CacheRequest.MessageType = KerbRetrieveTicketMessage;
CacheRequest.LogonId.LowPart = 0;
CacheRequest.LogonId.HighPart = 0;
ntStatus = LsaCallAuthenticationPackage( hLogon,
PackageId,
&CacheRequest,
sizeof(CacheRequest),
&pTicketResponse,
&ResponseSize,
&ntSubStatus);
if (FAILED(ntStatus) || FAILED(ntSubStatus))
goto cleanup;
/* We have a ticket in the response */
pClientName = pTicketResponse->Ticket.ClientName;
pDomainName = &pTicketResponse->Ticket.DomainName;
/* We want to return ClientName @ DomainName */
dwSize = 0;
for ( sCount = 0; sCount < pClientName->NameCount; sCount++)
{
dwSize += pClientName->Names[sCount].Length;
}
dwSize += pDomainName->Length + sizeof(WCHAR);
if ( dwSize / sizeof(WCHAR) > dwUserSize )
goto cleanup;
wchUser = malloc(dwSize);
if (wchUser == NULL)
goto cleanup;
for ( sCount = 0, wchUser[0] = L'\0'; sCount < pClientName->NameCount; sCount++)
{
StringCbCatNW( wchUser, dwSize,
pClientName->Names[sCount].Buffer,
pClientName->Names[sCount].Length);
}
StringCbCatNW( wchUser, dwSize,
pDomainName->Buffer,
pDomainName->Length);
if ( !UnicodeToANSI( wchUser, pszUser, dwUserSize) )
goto cleanup;
bRet = TRUE;
cleanup:
if (wchUser)
free(wchUser);
if ( hLogon != INVALID_HANDLE_VALUE)
LsaDeregisterLogonProcess(hLogon);
if ( pTicketResponse ) {
SecureZeroMemory(pTicketResponse,ResponseSize);
LsaFreeReturnBuffer(pTicketResponse);
}
return bRet;
}
int main(void){
wchar_t dest[11] = L"test";
wchar_t dest2[11] = L"TEST";
wchar_t empty[10] = L"";
plan(16);
ok(SUCCEEDED(StringCbCatNW(dest, 11 * sizeof(wchar_t), L"test", 4 * sizeof(wchar_t))),
"Concatenate entire strings.");
is_wstring(L"testtest", dest,
"Result of concatenating entire strings.");
dest[4] = '\0'; /* Reset dest to "test". */
ok(SUCCEEDED(StringCbCatNW(dest, 11 * sizeof(wchar_t),
L"", 1 * sizeof(wchar_t))),
"Concatenate with empty source.");
is_wstring(L"test", dest,
"Result of concatenating with empty source.");
ok(SUCCEEDED(StringCbCatNW(empty, 10 * sizeof(wchar_t),
L"test", 4 * sizeof(wchar_t))),
"Concatenate with empty destination.");
is_wstring(L"test", empty,
"Result of concatenating with empty destination.");
ok(SUCCEEDED(StringCbCatNW(dest2, 11 * sizeof(wchar_t),
dest, 11 * sizeof(wchar_t))),
"Concatenate two buffers with additional capacity.");
is_wstring(L"TESTtest", dest2,
"Result of concatenating buffers with additional capacity.");
ok(StringCbCatNW(dest, 11 * sizeof(wchar_t),
L"longer string", 12 * sizeof(wchar_t)) ==
STRSAFE_E_INSUFFICIENT_BUFFER,
"Concatenate a string that is too long.");
is_wstring(L"testlonger", dest,
"Result of concatenating two strings that are too long.");
ok(SUCCEEDED(StringCbCatNW(dest2, 11 * sizeof(wchar_t),
dest, 2 * sizeof(wchar_t))),
"Concatenate a few characters from a longer string.");
is_wstring(L"TESTtestte", dest2,
"Result of concatenating a few characters.");
ok(StringCbCatNW(dest, 11 * sizeof(wchar_t),
L"test", 4 * sizeof(wchar_t)) ==
STRSAFE_E_INSUFFICIENT_BUFFER,
"Concatenate to already full destination.");
is_wstring(L"testlonger", dest,
"Make sure destination was not modified.");
ok(StringCbCatNW(dest, 0 * sizeof(wchar_t),
L"test", 4 * sizeof(wchar_t)) ==
STRSAFE_E_INVALID_PARAMETER,
"Make sure error is thrown if cchDest is zero.");
is_wstring(L"testlonger", dest,
"Make sure destination was not modified.");
return 0;
}
