win,msi: use localized "Authenticated Users" name

Well known user account names are localized on Windows. Look up the "Authenticated Users" user by its security identifier to get the localized name. PR-URL: https://github.com/nodejs/node/pull/39241 Fixes: https://github.com/nodejs/node/issues/39224 Refs: e817ba70f5 Refs: https://hackerone.com/reports/1211160 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com>
2026-01-15 12:15:26 +00:00 · 2021-07-02 18:22:20 +01:00
parent 64e4837011
commit e9cf12057d
3 changed files with 39 additions and 2 deletions
--- a/tools/msvs/msi/custom_actions.cc
+++ b/tools/msvs/msi/custom_actions.cc
@@ -3,6 +3,8 @@
 #include <windows.h>
 #include <msiquery.h>
 #include <wcautil.h>
+#include <sddl.h>
+#include <Lmcons.h>

 #define GUID_BUFFER_SIZE 39 // {8-4-4-4-12}\0

@@ -96,6 +98,35 @@ LExit:
  return WcaFinalize(er);
 }

+#define AUTHENTICATED_USERS_SID L"S-1-5-11"
+
+extern "C" UINT WINAPI GetLocalizedUserNames(MSIHANDLE hInstall) {
+  HRESULT hr = S_OK;
+  UINT er = ERROR_SUCCESS;
+  TCHAR userName[UNLEN + 1] = {0};
+  DWORD userNameSize = UNLEN + 1;
+  TCHAR domain[DNLEN + 1] = {0};
+  DWORD domainSize = DNLEN + 1;
+  PSID sid;
+  SID_NAME_USE nameUse;
+
+  hr = WcaInitialize(hInstall, "GetLocalizedUserNames");
+  ExitOnFailure(hr, "Failed to initialize");
+  
+  er = ConvertStringSidToSidW(AUTHENTICATED_USERS_SID, &sid);
+  ExitOnLastError(er, "Failed to convert security identifier");
+
+  er = LookupAccountSidW(NULL, sid, userName, &userNameSize, domain, &domainSize, &nameUse);
+  ExitOnLastError(er, "Failed to lookup security identifier");
+
+  MsiSetProperty(hInstall, L"AUTHENTICATED_USERS", userName);
+  ExitOnWin32Error(er, hr, "Failed to set localized Authenticated User name");
+
+LExit:
+  er = SUCCEEDED(hr) ? ERROR_SUCCESS : ERROR_INSTALL_FAILURE;
+  LocalFree(sid);
+  return WcaFinalize(er);
+}

 extern "C" BOOL WINAPI DllMain(HINSTANCE hInst, ULONG ulReason, VOID* dummy) {
  switch (ulReason) {
--- a/tools/msvs/msi/custom_actions.def
+++ b/tools/msvs/msi/custom_actions.def
@@ -3,3 +3,4 @@ LIBRARY "custom_actions"
 EXPORTS
 SetInstallScope
 BroadcastEnvironmentUpdate
+GetLocalizedUserNames
--- a/tools/msvs/msi/product.wxs
+++ b/tools/msvs/msi/product.wxs
@@ -47,8 +47,6 @@
    <Property Id="WIXUI_INSTALLDIR" Value="INSTALLDIR"/>

    <!-- PropertyRef of the account users for setting InstallDir permission explicitly -->
-    <Property Id="AUTHENTICATED_USERS" Value="Authenticated Users"/>
-
    <PropertyRef Id="WIX_ACCOUNT_LOCALSYSTEM" />
    <PropertyRef Id="WIX_ACCOUNT_USERS" />
    <PropertyRef Id="WIX_ACCOUNT_ADMINISTRATORS" />
@@ -329,6 +327,12 @@
                  Execute="immediate"
                  Return="check" />

+    <CustomAction Id="GetLocalizedUserNames"
+                  BinaryKey="CustomActionsDLL"
+                  DllEntry="GetLocalizedUserNames"
+                  Execute="immediate"
+                  Return="check" />
+
    <Property Id="WixShellExecTarget" Value="[#InstallToolsBat]" />
    <CustomAction Id="LaunchApplication" BinaryKey="WixCA" DllEntry="WixShellExec" />

@@ -338,6 +342,7 @@

    <InstallExecuteSequence>
      <Custom Action='SetInstallScope' Before='FindRelatedProducts'/>
+      <Custom Action='GetLocalizedUserNames' After='SetInstallScope'/>
      <Custom Action='BroadcastEnvironmentUpdate' After='InstallFinalize'/>
    </InstallExecuteSequence>