New Windows updater code

We don't support XP anymore to simplify the logic with regards to UAC shenanigans.
2024-03-22 14:00:36 +08:00 · 2015-12-10 18:44:45 +01:00 · 2015-12-10 18:44:45 +01:00 · 6606688bf3
commit 6606688bf3
parent f13eba1a9c
8 changed files with 251 additions and 107 deletions
--- a/updater/main.cpp
+++ b/updater/main.cpp
@ -20,10 +20,83 @@
 #include "widget.h"
 #include <QApplication>
 #include <QDebug>
 #include <QFile>
 #include <QMutex>
 #include <QDateTime>
 #include <QDir>
 #include <QStandardPaths>
 #include <memory>
 #include <windows.h>
 static std::unique_ptr<QTextStream> logFileStream {nullptr};
 static std::unique_ptr<QFile> logFileFile {nullptr};
 static QMutex mutex;
 void logMessageHandler(QtMsgType type, const QMessageLogContext& ctxt, const QString& msg)
 {
    // Silence qWarning spam due to bug in QTextBrowser (trying to open a file for base64 images)
    if (ctxt.function == QString("virtual bool QFSFileEngine::open(QIODevice::OpenMode)")
            && msg == QString("QFSFileEngine::open: No file name specified"))
        return;
    QString LogMsg = QString("[%1] %2:%3 : ")
            .arg(QTime::currentTime().toString("HH:mm:ss.zzz")).arg(ctxt.file).arg(ctxt.line);
    switch (type)
    {
        case QtDebugMsg:
            LogMsg += "Debug";
            break;
        case QtWarningMsg:
            LogMsg += "Warning";
            break;
        case QtCriticalMsg:
            LogMsg += "Critical";
            break;
        case QtFatalMsg:
            LogMsg += "Fatal";
            break;
        default:
            break;
    }
    LogMsg += ": " + msg + "\n";
    QTextStream out(stderr, QIODevice::WriteOnly);
    out << LogMsg;
    if (!logFileStream)
        return;
    QMutexLocker locker(&mutex);
    *logFileStream << LogMsg;
    logFileStream->flush();
 }
 int main(int argc, char *argv[])
 {
    qInstallMessageHandler(logMessageHandler);
    QApplication a(argc, argv);
    logFileStream.reset(new QTextStream);
    logFileFile.reset(new QFile(QDir::cleanPath(QStandardPaths::writableLocation(QStandardPaths::HomeLocation) + QDir::separator()
                                                + "AppData" + QDir::separator() + "Roaming" + QDir::separator() + "tox")+QDir::separator()+"qtox.log"));
    if (logFileFile->open(QIODevice::Append))
    {
        logFileStream->setDevice(logFileFile.get());
        *logFileStream << QDateTime::currentDateTime().toString("\nyyyy-MM-dd HH:mm:ss' Updater file logger starting\n'");
    }
    else
    {
        qWarning() << "Couldn't open log file!\n";
        logFileStream.release();
    }
    long unsigned int bufsize=100;
    char buf[100];
    GetUserNameA(buf, &bufsize);
    qDebug() << "Updater running as user" << buf;
    Widget w;
    w.show();
--- a/updater/settingsDir.cpp
+++ b/updater/settingsDir.cpp
@ -1,55 +0,0 @@
 /*
    Copyright © 2014 by The qTox Project
    This file is part of qTox, a Qt-based graphical interface for Tox.
    qTox is libre software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    qTox is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with qTox.  If not, see <http://www.gnu.org/licenses/>
 */
 #include "settingsDir.h"
 #include <QFile>
 #include <QSettings>
 #include <QDir>
 #include <QStandardPaths>
 const QString FILENAME = "settings.ini";
 QString getSettingsDirPath()
 {
    if (isToxPortableEnabled())
        return ".";
 #ifdef Q_OS_WIN
    return QDir::cleanPath(QStandardPaths::writableLocation(QStandardPaths::HomeLocation)
                           + QDir::separator() + "AppData" + QDir::separator() + "Roaming" + QDir::separator() + "tox");
 #else
    return QDir::cleanPath(QStandardPaths::writableLocation(QStandardPaths::ConfigLocation) + QDir::separator() + "tox");
 #endif
 }
 bool isToxPortableEnabled()
 {
    QFile portableSettings(FILENAME);
    if (portableSettings.exists())
    {
        QSettings ps(FILENAME, QSettings::IniFormat);
        ps.beginGroup("General");
        return ps.value("makeToxPortable", false).toBool();
    }
    else
    {
        return false;
    }
 }
--- a/updater/settingsDir.h
+++ b/updater/settingsDir.h
@ -1,30 +0,0 @@
 /*
    Copyright © 2014 by The qTox Project
    This file is part of qTox, a Qt-based graphical interface for Tox.
    qTox is libre software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    qTox is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with qTox.  If not, see <http://www.gnu.org/licenses/>
 */
 #ifndef SETTINGSDIR_H
 #define SETTINGSDIR_H
 #include <QString>
 QString getSettingsDirPath();
 bool isToxPortableEnabled();
 #endif // SETTINGSDIR_H
--- a/updater/update.cpp
+++ b/updater/update.cpp
@ -20,9 +20,12 @@
 #include "update.h"
 #include "serialize.h"
 #include "widget.h"
 #include <QFile>
 #include <QDebug>
 #include <QMessageBox>
 #include <QDir>
 #include <QCoreApplication>
 unsigned char key[crypto_sign_PUBLICKEYBYTES] =
 {
@ -47,14 +50,35 @@ QByteArray getLocalFlist()
    return flist;
 }
-QList<UpdateFileMeta> genUpdateDiff(QList<UpdateFileMeta> updateFlist)
+bool isUpToDate(UpdateFileMeta fileMeta)
 {
    QString appDir = qApp->applicationDirPath();
    QFile file(appDir+QDir::separator()+fileMeta.installpath);
    if (!file.open(QIODevice::ReadOnly))
        return false;
    // If the data we have is corrupted or old, mark it for update
    QByteArray data = file.readAll();
    if (crypto_sign_verify_detached(fileMeta.sig, (unsigned char*)data.data(), data.size(), key) != 0)
        return false;
    return true;
 }
 QList<UpdateFileMeta> genUpdateDiff(QList<UpdateFileMeta> updateFlist, Widget* w)
 {
    QList<UpdateFileMeta> diff;
-    QList<UpdateFileMeta> localFlist = parseFlist(getLocalFlist());
+
    float progressDiff = 45;
    float progress = 5;
    for (UpdateFileMeta file : updateFlist)
-        if (!localFlist.contains(file))
+    {
        if (!isUpToDate(file))
            diff += file;
        progress += progressDiff / updateFlist.size();
        w->setProgress(progress);
    }
    return diff;
 }
--- a/updater/update.h
+++ b/updater/update.h
@ -25,6 +25,8 @@
 #include <QString>
 #include <sodium.h>
 class Widget;
 struct UpdateFileMeta
 {
    unsigned char sig[crypto_sign_BYTES]; ///< Signature of the file (ed25519)
@ -51,7 +53,7 @@ QByteArray getLocalFlist();
 /// Parses and validates a flist file. Returns an empty list on error
 QList<UpdateFileMeta> parseFlist(QByteArray flistData);
 /// Generates a list of files we need to update
-QList<UpdateFileMeta> genUpdateDiff(QList<UpdateFileMeta> updateFlist);
+QList<UpdateFileMeta> genUpdateDiff(QList<UpdateFileMeta> updateFlist, Widget *w);
 extern unsigned char key[crypto_sign_PUBLICKEYBYTES];
--- a/updater/updater.pro
+++ b/updater/updater.pro
@ -17,12 +17,10 @@ QMAKE_CXXFLAGS += -fno-exceptions
 SOURCES += main.cpp\
        widget.cpp \
    settingsDir.cpp \
    update.cpp \
    serialize.cpp
 HEADERS  += widget.h \
    settingsDir.h \
    update.h \
    serialize.h
@ -36,3 +34,7 @@ INCLUDEPATH += libs/include
 RC_FILE = windows/updater.rc
 LIBS += -L$$PWD/libs/lib/ -lsodium
 win32 {
    LIBS += -lshell32 -luuid
 }
--- a/updater/widget.cpp
+++ b/updater/widget.cpp
@ -26,17 +26,28 @@
 #include <QProcess>
 #include <QMessageBox>
 #include <QMetaObject>
 #include <QDebug>
 #include <QSettings>
 #include "settingsDir.h"
 #include "update.h"
 #ifdef Q_OS_WIN
 #ifdef _WIN32_WINNT
 #undef _WIN32_WINNT
 #endif
 #define _WIN32_WINNT 0x0600 // Vista for SHGetKnownFolderPath
 #include <windows.h>
 #include <shldisp.h>
 #include <shlobj.h>
 #include <exdisp.h>
 const bool supported = true;
 const QString QTOX_PATH = "qtox.exe";
 #else
 const bool supported = false;
 const QString QTOX_PATH;
 #endif
 const QString SETTINGS_FILE = "settings.ini";
 Widget::Widget(QWidget *parent) :
    QWidget(parent),
@ -48,11 +59,66 @@ Widget::Widget(QWidget *parent) :
    if (!supported)
        fatalError(tr("The qTox updater is not supported on this platform."));
 #ifdef Q_OS_WIN
    // Get a primary unelevated token of the actual user
    hPrimaryToken = nullptr;
    HANDLE hShellProcess = nullptr, hShellProcessToken = nullptr;
    const DWORD dwTokenRights = TOKEN_QUERY | TOKEN_IMPERSONATE | TOKEN_ASSIGN_PRIMARY
                                | TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID;
    DWORD dwPID = 0;
    HWND hwnd = nullptr;
    DWORD dwLastErr = 0;
    // Enable SeIncreaseQuotaPrivilege
    HANDLE hProcessToken = NULL;
    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hProcessToken))
        goto unelevateFail;
    TOKEN_PRIVILEGES tkp;
    tkp.PrivilegeCount = 1;
    LookupPrivilegeValueW(NULL, SE_INCREASE_QUOTA_NAME, &tkp.Privileges[0].Luid);
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    AdjustTokenPrivileges(hProcessToken, FALSE, &tkp, 0, NULL, NULL);
    dwLastErr = GetLastError();
    CloseHandle(hProcessToken);
    if (ERROR_SUCCESS != dwLastErr)
        goto unelevateFail;
    // Get a primary copy of the desktop shell's token,
    // we're assuming the shell is running as the actual user
    hwnd = GetShellWindow();
    if (!hwnd)
        goto unelevateFail;
    GetWindowThreadProcessId(hwnd, &dwPID);
    if (!dwPID)
        goto unelevateFail;
    hShellProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwPID);
    if (!hShellProcess)
        goto unelevateFail;
    if (!OpenProcessToken(hShellProcess, TOKEN_DUPLICATE, &hShellProcessToken))
        goto unelevateFail;
    // Duplicate the shell's process token to get a primary token.
    // Based on experimentation, this is the minimal set of rights required for CreateProcessWithTokenW (contrary to current documentation).
    if (!DuplicateTokenEx(hShellProcessToken, dwTokenRights, NULL, SecurityImpersonation, TokenPrimary, &hPrimaryToken))
        goto unelevateFail;
    qDebug() << "Unelevated primary access token acquired";
    goto unelevateCleanup;
 unelevateFail:
    qWarning() << "Unelevate failed, couldn't get access token";
 unelevateCleanup:
    CloseHandle(hShellProcessToken);
    CloseHandle(hShellProcess);
 #endif
    QMetaObject::invokeMethod(this, "update", Qt::QueuedConnection);
 }
 Widget::~Widget()
 {
 #ifdef Q_OS_WIN
    CloseHandle(hPrimaryToken);
 #endif
    delete ui;
 }
@ -65,6 +131,7 @@ void Widget::setProgress(int value)
 void Widget::fatalError(QString message)
 {
    qCritical() << "Update aborted with error:"<<message;
    QMessageBox::critical(this,tr("Error"), message+'\n'+tr("qTox will restart now."));
    deleteUpdate();
    restoreBackups();
@ -79,7 +146,25 @@ void Widget::deleteUpdate()
 void Widget::startQToxAndExit()
 {
 #ifdef Q_OS_WIN
    // Try to restart qTox as the actual user with our unelevated token
    STARTUPINFOW si;
    PROCESS_INFORMATION pi;
    SecureZeroMemory(&si, sizeof(si));
    SecureZeroMemory(&pi, sizeof(pi));
    si.cb = sizeof(si);
    if (!CreateProcessWithTokenW(hPrimaryToken, 0, QTOX_PATH.toStdWString().c_str(), 0, 0, 0, 0, &si, &pi))
    {
        qWarning() << "Failed to start unelevated qTox";
        QProcess::startDetached(QTOX_PATH);
    }
    CloseHandle(pi.hProcess);
    CloseHandle(pi.hThread);
 #else
    QProcess::startDetached(QTOX_PATH);
 #endif
    exit(0);
 }
@ -95,6 +180,37 @@ void Widget::restoreBackups()
        QFile(file+".bak").rename(file);
 }
 QString Widget::getSettingsDirPath()
 {
    if (isToxPortableEnabled())
        return ".";
 #ifdef Q_OS_WIN
    wchar_t* path;
    SHGetKnownFolderPath(FOLDERID_RoamingAppData, 0, hPrimaryToken, &path);
    QString pathStr = QString::fromStdWString(path);
    pathStr.replace("\\", "/");
    return pathStr + "/tox";
 #else
    return QDir::cleanPath(QStandardPaths::writableLocation(QStandardPaths::ConfigLocation) + QDir::separator() + "tox");
 #endif
 }
 bool Widget::isToxPortableEnabled()
 {
    QFile portableSettings(SETTINGS_FILE);
    if (portableSettings.exists())
    {
        QSettings ps(SETTINGS_FILE, QSettings::IniFormat);
        ps.beginGroup("General");
        return ps.value("makeToxPortable", false).toBool();
    }
    else
    {
        return false;
    }
 }
 void Widget::update()
 {
    /// 1. Find and parse the update (0-5%)
@ -104,6 +220,8 @@ void Widget::update()
    if (!updateDir.exists())
        fatalError(tr("No update found."));
    setProgress(2);
    // Check that we have a flist and that every file on the diff exists
    QFile updateFlistFile(updateDirStr+"flist");
    if (!updateFlistFile.open(QIODevice::ReadOnly))
@ -112,25 +230,23 @@ void Widget::update()
    QByteArray updateFlistData = updateFlistFile.readAll();
    updateFlistFile.close();
    setProgress(1);
    QList<UpdateFileMeta> updateFlist = parseFlist(updateFlistData);
    setProgress(5);
-    setProgress(2);
+    /// 2. Generate a diff (5-50%)
-    QList<UpdateFileMeta> diff = genUpdateDiff(updateFlist);
+    QList<UpdateFileMeta> diff = genUpdateDiff(updateFlist, this);
    setProgress(4);
    for (UpdateFileMeta fileMeta : diff)
        if (!QFile::exists(updateDirStr+fileMeta.installpath))
            fatalError(tr("The update is incomplete."));
    if (diff.size() == 0)
-       fatalError(tr("The diff list is empty."));
+       fatalError(tr("The update is empty!"));
    setProgress(50);
    qDebug() << "Diff generated,"<<diff.size()<<"files to update";
-    setProgress(5);
+    /// 2. Check the update (50-75%)
-
+    float checkProgressStep = 25.0/(float)diff.size();
-    /// 2. Check the update (5-50%)
+    float checkProgress = 50;
    float checkProgressStep = 45.0/(float)diff.size();
    float checkProgress = 5;
    for (UpdateFileMeta fileMeta : diff)
    {
        UpdateFile file;
@ -153,11 +269,12 @@ void Widget::update()
        checkProgress += checkProgressStep;
        setProgress(checkProgress);
    }
-    setProgress(50);
+    setProgress(75);
    qDebug() << "Update files signature verified, installing";
-    /// 3. Install the update (50-95%)
+    /// 3. Install the update (75-95%)
-    float installProgressStep = 45.0/(float)diff.size();
+    float installProgressStep = 20.0/(float)diff.size();
-    float installProgress = 50;
+    float installProgress = 75;
    for (UpdateFileMeta fileMeta : diff)
    {
        // Backup old files
@ -185,5 +302,6 @@ void Widget::update()
    setProgress(100);
    /// 5. Start qTox and exit
    qDebug() << "Update applied, restarting qTox!";
    startQToxAndExit();
 }
--- a/updater/widget.h
+++ b/updater/widget.h
@ -23,6 +23,10 @@
 #include <QWidget>
 #ifdef Q_OS_WIN
 #include <windows.h>
 #endif
 namespace Ui {
 class Widget;
 }
@ -39,6 +43,8 @@ public:
    void deleteBackups();
    void restoreBackups();
    void setProgress(int value);
    QString getSettingsDirPath();
    bool isToxPortableEnabled();
    // Noreturn
    void fatalError(QString message); ///< Calls deleteUpdate and startQToxAndExit
@ -52,6 +58,10 @@ public slots:
 private:
    Ui::Widget *ui;
    QStringList backups;
 #ifdef Q_OS_WIN
    HANDLE hPrimaryToken;
 #endif
 };
 #endif // WIDGET_H