From 1de0d99736b8ef11041e7f07bcc02b5de38298ca Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Thu, 6 Aug 2020 14:00:21 +0200 Subject: [PATCH 1/2] Improve EXE installer NSIS script generation The temporary VB script and output file for getting the admin group name are now created with random filenames. Also, the user is now created and added to the group directly in the installer instead of generating and running a batch script and the command containing the password is hidden. Temporary files are also written and read by the installer instead of using echo commands for better readability. --- src/lsc_user.c | 50 +++++++++++++++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 17 deletions(-) diff --git a/src/lsc_user.c b/src/lsc_user.c index 6389afb9b..c48a0e344 100644 --- a/src/lsc_user.c +++ b/src/lsc_user.c @@ -594,6 +594,12 @@ create_nsis_script (const gchar *script_name, const gchar *package_name, fprintf (fd, "#\n# Default (installer) section.\n#\n"); fprintf (fd, "section\n\n"); + fprintf (fd, "# Declare variables\n"); + fprintf (fd, "Var /GLOBAL TEMPVBSFILE\n"); + fprintf (fd, "Var /GLOBAL TEMPADMINGROUPFILE\n"); + fprintf (fd, "Var /GLOBAL FH\n"); + fprintf (fd, "Var /GLOBAL ADMINGROUPNAME\n"); + fprintf (fd, "# Define output path\n"); fprintf (fd, "setOutPath $INSTDIR\n\n"); @@ -603,31 +609,41 @@ create_nsis_script (const gchar *script_name, const gchar *package_name, // Need to find localized Administrators group name, create a // GetAdminGroupName - vb script (Thanks to Thomas Rotter) - fprintf (fd, "# Create Thomas Rotters GetAdminGroupName.vb script\n"); - fprintf (fd, "ExecWait \"cmd /C Echo Set objWMIService = GetObject($\\\"winmgmts:\\\\.\\root\\cimv2$\\\") > $\\\"%%temp%%\\GetAdminGroupName.vbs$\\\" \"\n"); - fprintf (fd, "ExecWait \"cmd /C Echo Set colAccounts = objWMIService.ExecQuery ($\\\"Select * From Win32_Group Where SID = 'S-1-5-32-544'$\\\") >> $\\\"%%temp%%\\GetAdminGroupName.vbs$\\\"\"\n"); - fprintf (fd, "ExecWait \"cmd /C Echo For Each objAccount in colAccounts >> $\\\"%%temp%%\\GetAdminGroupName.vbs$\\\"\"\n"); - fprintf (fd, "ExecWait \"cmd /C Echo Wscript.Echo objAccount.Name >> $\\\"%%temp%%\\GetAdminGroupName.vbs$\\\"\"\n"); - fprintf (fd, "ExecWait \"cmd /C Echo Next >> $\\\"%%temp%%\\GetAdminGroupName.vbs$\\\"\"\n"); - fprintf (fd, "ExecWait \"cmd /C cscript //nologo $\\\"%%temp%%\\GetAdminGroupName.vbs$\\\" > $\\\"%%temp%%\\AdminGroupName.txt$\\\"\"\n\n"); + fprintf (fd, "# Create and run Thomas Rotter's GetAdminGroupName VB script\n"); + fprintf (fd, "GetTempFileName $TEMPVBSFILE\n"); + fprintf (fd, "GetTempFileName $TEMPADMINGROUPFILE\n"); + fprintf (fd, "DetailPrint `Creating GetAdminGroupName script $TEMPVBSFILE`\n"); + fprintf (fd, "FileOpen $FH $TEMPVBSFILE w\n"); + fprintf (fd, "FileWrite $FH `Set objWMIService = GetObject(\"winmgmts:\\\\.\\root\\cimv2\")$\\n`\n"); + fprintf (fd, "FileWrite $FH `Set colAccounts = objWMIService.ExecQuery (\"Select * From Win32_Group Where SID = 'S-1-5-32-544'\")$\\n`\n"); + fprintf (fd, "FileWrite $FH `For Each objAccount in colAccounts$\\n`\n"); + fprintf (fd, "FileWrite $FH ` Wscript.Echo objAccount.Name$\\n`\n"); + fprintf (fd, "FileWrite $FH `Next$\\n`\n"); + fprintf (fd, "FileClose $FH\n"); + fprintf (fd, "ExecWait `cmd /C cscript /e:vbscript /nologo $TEMPVBSFILE > $TEMPADMINGROUPFILE`\n"); + fprintf (fd, "# Read admin group name, remove trailing line break\n"); + fprintf (fd, "FileOpen $FH $TEMPADMINGROUPFILE r\n"); + fprintf (fd, "FileRead $FH $ADMINGROUPNAME\n"); + fprintf (fd, "FileClose $FH\n"); + fprintf (fd, "StrCpy $ADMINGROUPNAME `$ADMINGROUPNAME` -2\n"); + fprintf (fd, "\n"); /** @todo provide /comment:"GVM User" /fullname:"GVM Testuser" */ - fprintf (fd, "# Create batch script that installs the user\n"); - fprintf (fd, "ExecWait \"cmd /C Echo Set /P AdminGroupName= ^<$\\\"%%temp%%\\AdminGroupName.txt$\\\" > $\\\"%%temp%%\\AddUser.bat$\\\"\" \n"); - fprintf (fd, "ExecWait \"cmd /C Echo net user %s %s /add /active:yes >> $\\\"%%temp%%\\AddUser.bat$\\\"\"\n", + fprintf (fd, "# Create the user and add it to the admin group\n"); + fprintf (fd, "DetailPrint `Creating user %s`\n", + user_name); + fprintf (fd, "SetDetailsPrint none\n"); + fprintf (fd, "ExecWait `cmd /C net user %s \"%s\" /add /active:yes`\n", user_name, password); - fprintf (fd, "ExecWait \"cmd /C Echo net localgroup %%AdminGroupName%% %%COMPUTERNAME%%\\%s /add >> $\\\"%%temp%%\\AddUser.bat$\\\"\"\n\n", + fprintf (fd, "SetDetailsPrint both\n"); + fprintf (fd, "ExecWait `cmd /C net localgroup $ADMINGROUPNAME %%COMPUTERNAME%%\\%s /add`", user_name); - fprintf (fd, "# Execute AddUser script\n"); - fprintf (fd, "ExecWait \"cmd /C $\\\"%%temp%%\\AddUser.bat$\\\"\"\n\n"); - // Remove up temporary files for localized Administrators group names fprintf (fd, "# Remove temporary files for localized admin group names\n"); - fprintf (fd, "ExecWait \"del $\\\"%%temp%%\\AdminGroupName.txt$\\\"\"\n"); - fprintf (fd, "ExecWait \"del $\\\"%%temp%%\\GetAdminGroupName.vbs$\\\"\"\n\n"); - fprintf (fd, "ExecWait \"del $\\\"%%temp%%\\AddUser.bat$\\\"\"\n\n"); + fprintf (fd, "Delete $TEMPVBSFILE\n"); + fprintf (fd, "Delete $TEMPADMINGROUPFILE\n"); /** @todo Display note about NTLM and SMB signing and encryption, 'Easy Filesharing' in WIN XP */ fprintf (fd, "# Display message that everything seems to be fine\n"); From 3440a80b6002562808dd05bf4a15d0b423b89a72 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Fri, 14 Aug 2020 10:39:27 +0200 Subject: [PATCH 2/2] Add CHANGELOG entry for EXE installer fix --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e2377135..310573b63 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Quote identifiers in SQL functions using EXECUTE [#1193](https://github.com/greenbone/gvmd/pull/1193) - Improve handling of removed NVT prefs [#1204](https://github.com/greenbone/gvmd/pull/1204) - Set ignore_pagination in stop_active_tasks [#1208](https://github.com/greenbone/gvmd/pull/1208) +- Improve EXE installer NSIS script generation [#1253](https://github.com/greenbone/gvmd/pull/1253) [9.0.2]: https://github.com/greenbone/gvmd/compare/v9.0.1...gvmd-9.0