[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r19350: {torvm} Checkpoint the 0.0.2 restricted user setup changes for bundl (in torvm/trunk/build: kamikaze/patches win32 win32/files win32/patches win32/src/torvm-w32)



Author: coderman
Date: 2009-04-19 22:43:01 -0400 (Sun, 19 Apr 2009)
New Revision: 19350

Added:
   torvm/trunk/build/win32/src/torvm-w32/torvmuser.bmp
Modified:
   torvm/trunk/build/kamikaze/patches/001-kamikaze-tor-package.patch
   torvm/trunk/build/win32/Makefile
   torvm/trunk/build/win32/files/buildall.sh
   torvm/trunk/build/win32/patches/openssl-0.9.8-mingw-shared.patch
   torvm/trunk/build/win32/src/torvm-w32/Makefile
   torvm/trunk/build/win32/src/torvm-w32/apicommon.c
   torvm/trunk/build/win32/src/torvm-w32/apicommon.h
   torvm/trunk/build/win32/src/torvm-w32/creds.c
   torvm/trunk/build/win32/src/torvm-w32/creds.h
   torvm/trunk/build/win32/src/torvm-w32/torvm.c
Log:
Checkpoint the 0.0.2 restricted user setup changes for bundle mode. Merge user cleanup and uninstaller work in subsequent patches.

Modified: torvm/trunk/build/kamikaze/patches/001-kamikaze-tor-package.patch
===================================================================
--- torvm/trunk/build/kamikaze/patches/001-kamikaze-tor-package.patch	2009-04-19 04:34:34 UTC (rev 19349)
+++ torvm/trunk/build/kamikaze/patches/001-kamikaze-tor-package.patch	2009-04-20 02:43:01 UTC (rev 19350)
@@ -456,8 +456,8 @@
 +exit 0
 diff -Naur a/package/tor/files/torrc b/package/tor/files/torrc
 --- a/package/tor/files/torrc	1970-01-01 00:00:00.000000000 +0000
-+++ b/package/tor/files/torrc	2009-03-26 06:18:45.619258728 +0000
-@@ -0,0 +1,19 @@
++++ b/package/tor/files/torrc	2009-04-04 19:53:45.195224832 +0000
+@@ -0,0 +1,21 @@
 +# Configuration for Tor VM
 +User tor
 +Group tor
@@ -476,4 +476,6 @@
 +# options appended from command line placed below:
 +SocksPort 9050
 +DNSPort 9093
++DNSListenAddress 0.0.0.0
 +TransPort 9095
++TransListenAddress 0.0.0.0

Modified: torvm/trunk/build/win32/Makefile
===================================================================
--- torvm/trunk/build/win32/Makefile	2009-04-19 04:34:34 UTC (rev 19349)
+++ torvm/trunk/build/win32/Makefile	2009-04-20 02:43:01 UTC (rev 19350)
@@ -17,27 +17,27 @@
 # with an autorun.inf that launches a build of all the win32 parts.
 # 
 ZLIB_F=zlib-1.2.3-bin.zip
-ZLIB_URL=http://downloads.sourceforge.net/gnuwin32/zlib-1.2.3-bin.zip?big_mirror=1
+ZLIB_URL=http://downloads.sourceforge.net/gnuwin32/$(ZLIB_F)?big_mirror=1
 ZLIB_SUM=becbcaf5076e307e743b1edc6a5645849eba9ebc
 
 GZIP_F=gzip-1.3.12-1-bin.zip
-GZIP_URL=http://downloads.sourceforge.net/gnuwin32/gzip-1.3.12-1-bin.zip?big_mirror=1
+GZIP_URL=http://downloads.sourceforge.net/gnuwin32/$(GZIP_F)?big_mirror=1
 GZIP_SUM=69901b7a58e324e39653d4282deaf5ab5bb5c07f
 
 BZIP2_F=bzip2-1.0.5-bin.zip
-BZIP2_URL=http://downloads.sourceforge.net/gnuwin32/bzip2-1.0.5-bin.zip?big_mirror=1
+BZIP2_URL=http://downloads.sourceforge.net/gnuwin32/$(BZIP2_F)?big_mirror=1
 BZIP2_SUM=618ba51d3d6838e71a922febf717471b7d5f54e2
 
 LIBARCH_F=libarchive-2.4.12-1-bin.zip
-LIBARCH_URL=http://downloads.sourceforge.net/gnuwin32/libarchive-2.4.12-1-bin.zip?big_mirror=1
+LIBARCH_URL=http://downloads.sourceforge.net/gnuwin32/$(LIBARCH_F)?big_mirror=1
 LIBARCH_SUM=02eb2fe2200705d0067f03780c6d65f51ae69e42
 
 BINUTILS_F=binutils-2.18.50-20080109-2.tar.gz
-BINUTILS_URL=http://downloads.sourceforge.net/mingw/binutils-2.18.50-20080109-2.tar.gz?big_mirror=1
+BINUTILS_URL=http://downloads.sourceforge.net/mingw/$(BINUTILS_F)?big_mirror=1
 BINUTILS_SUM=4a47e75604765f671ca233bb503f1ca67fd93af0
 
 GCCORE_F=gcc-core-3.4.5-20060117-3.tar.gz
-GCCORE_URL=http://downloads.sourceforge.net/mingw/gcc-core-3.4.5-20060117-3.tar.gz?big_mirror=1
+GCCORE_URL=http://downloads.sourceforge.net/mingw/$(GCCORE_F)?big_mirror=1
 GCCORE_SUM=1ba77819f5749954fda080c0137af359a09760fc
 
 GPP_F=gcc-g++-3.4.5-20060117-3.tar.gz
@@ -45,100 +45,100 @@
 GPP_SUM=1d31f990d4027f171ab8c55374bec815a46c16dd
 
 MINGWRUN_F=mingw-runtime-3.14.tar.gz
-MINGWRUN_URL=http://downloads.sourceforge.net/mingw/mingw-runtime-3.14.tar.gz?big_mirror=1
+MINGWRUN_URL=http://downloads.sourceforge.net/mingw/$(MINGWRUN_F)?big_mirror=1
 MINGWRUN_SUM=ebd523dff5cb5bc476124a283b3ba9781f907fea
 
 MINGWUTIL_F=mingw-utils-0.3.tar.gz
-MINGWUTIL_URL=http://downloads.sourceforge.net/mingw/mingw-utils-0.3.tar.gz?big_mirror=1
+MINGWUTIL_URL=http://downloads.sourceforge.net/mingw/$(MINGWUTIL_F)?big_mirror=1
 MINGWUTIL_SUM=7ae32742ece1e89978784634aed824775cf47336
 
 MAKE_F=mingw32-make-3.81-20080326-3.tar.gz
-MAKE_URL=http://downloads.sourceforge.net/mingw/mingw32-make-3.81-20080326-3.tar.gz?big_mirror=1
+MAKE_URL=http://downloads.sourceforge.net/mingw/$(MAKE_F)?big_mirror=1
 MAKE_SUM=86ab2ddffdd2df6245856bb0dd50fbd8ba372767
 
 W32API_F=w32api-3.11.tar.gz
-W32API_URL=http://downloads.sourceforge.net/mingw/w32api-3.11.tar.gz?big_mirror=1
+W32API_URL=http://downloads.sourceforge.net/mingw/$(W32API_F)?big_mirror=1
 W32API_SUM=0969cde19c3a85012b4924cb49cf2e9ef3d1b6df
 
 MSYS_F=MSYS-1.0.11-20071204.tar.bz2
-MSYS_URL=http://downloads.sourceforge.net/mingw/MSYS-1.0.11-20071204.tar.bz2?big_mirror=1
+MSYS_URL=http://downloads.sourceforge.net/mingw/$(MSYS_F)?big_mirror=1
 MSYS_SUM=9a1207b04ffaf8880c58de643609e4deed3e1563
 
 MSYSCORE_F=msysCORE-1.0.11-2007.01.19-1.tar.bz2
-MSYSCORE_URL=http://downloads.sourceforge.net/mingw/msysCORE-1.0.11-2007.01.19-1.tar.bz2?big_mirror=1
+MSYSCORE_URL=http://downloads.sourceforge.net/mingw/$(MSYSCORE_F)?big_mirror=1
 MSYSCORE_SUM=65870650914925dfd8451a9452bff3cdb8320221
 
 BASH_F=bash-3.1-MSYS-1.0.11-1.tar.bz2
-BASH_URL=http://downloads.sourceforge.net/mingw/bash-3.1-MSYS-1.0.11-1.tar.bz2?big_mirror=1
+BASH_URL=http://downloads.sourceforge.net/mingw/$(BASH_F)?big_mirror=1
 BASH_SUM=a440bb5a6e2edfe703b67877c7e7e48504aad6dc
 
 DIFFUTIL_F=diffutils-2.8.7-MSYS-1.0.11-1.tar.bz2
-DIFFUTIL_URL=http://downloads.sourceforge.net/mingw/diffutils-2.8.7-MSYS-1.0.11-1.tar.bz2?big_mirror=1
+DIFFUTIL_URL=http://downloads.sourceforge.net/mingw/$(DIFFUTIL_F)?big_mirror=1
 DIFFUTIL_SUM=a34f0470674b6bb807e505839a477f9b9c70facf
 
 LIBTOOL_F=libtool1.5-1.5.25a-1-bin.tar.bz2
-LIBTOOL_URL=http://downloads.sourceforge.net/mingw/libtool1.5-1.5.25a-1-bin.tar.bz2?big_mirror=1
+LIBTOOL_URL=http://downloads.sourceforge.net/mingw/$(LIBTOOL_F)?big_mirror=1
 LIBTOOL_SUM=7e7206011471dbe79f5298d76ea9530288b2a6dd
 
 MINIRES_F=minires-1.01-1-MSYS-1.0.11-1.tar.bz2
-MINIRES_URL=http://downloads.sourceforge.net/mingw/minires-1.01-1-MSYS-1.0.11-1.tar.bz2?big_mirror=1
+MINIRES_URL=http://downloads.sourceforge.net/mingw/$(MINIRES_F)?big_mirror=1
 MINIRES_SUM=c077e08cce446656ff0c0b3f30a327652f9c9986
 
 MSYSZLIB_F=zlib-1.2.3-MSYS-1.0.11-1.tar.bz2
-MSYSZLIB_URL=http://downloads.sourceforge.net/mingw/zlib-1.2.3-MSYS-1.0.11-1.tar.bz2?big_mirror=1
+MSYSZLIB_URL=http://downloads.sourceforge.net/mingw/$(MSYSZLIB_F)?big_mirror=1
 MSYSZLIB_SUM=dff1a110b165d7ba4d7804b1c2f4a023823eec90
 
 MSYSCRYPT_F=crypt-1.1-1-MSYS-1.0.11-1.tar.bz2
-MSYSCRYPT_URL=http://downloads.sourceforge.net/mingw/crypt-1.1-1-MSYS-1.0.11-1.tar.bz2?big_mirror=1
+MSYSCRYPT_URL=http://downloads.sourceforge.net/mingw/$(MSYSCRYPT_F)?big_mirror=1
 MSYSCRYPT_SUM=072e9a158d41e73aa5a766df016494dab74085e4
 
 M4_F=m4-1.4.7-MSYS.tar.bz2
-M4_URL=http://prdownloads.sourceforge.net/mingw/m4-1.4.7-MSYS.tar.bz2?download
+M4_URL=http://prdownloads.sourceforge.net/mingw/$(M4_F)?download
 M4_SUM=a00ed987824456946777d92f600612f344211dcc
 
-SSL_F=openssl-0.9.8g-1-MSYS-1.0.11-2-dll098.tar.gz
-SSL_URL=http://downloads.sourceforge.net/mingw/openssl-0.9.8g-1-MSYS-1.0.11-2-dll098.tar.gz?big_mirror=1
-SSL_SUM=eba5f37fdec2982727556a3dbb5ea6fd04296b76
+MSYSSSL_F=openssl-0.9.8g-1-MSYS-1.0.11-2-dll098.tar.gz
+MSYSSSL_URL=http://downloads.sourceforge.net/mingw/$(SSL_F)?big_mirror=1
+MSYSSSL_SUM=eba5f37fdec2982727556a3dbb5ea6fd04296b76
 
-SSH_F=openssh-4.7p1-MSYS-1.0.11-1-bin.tar.gz
-SSH_URL=http://downloads.sourceforge.net/mingw/openssh-4.7p1-MSYS-1.0.11-1-bin.tar.gz?big_mirror=1
-SSH_SUM=bf1617bf43de198cea7c197621494baec9520bcb
+MSYSSSH_F=openssh-4.7p1-MSYS-1.0.11-1-bin.tar.gz
+MSYSSSH_URL=http://downloads.sourceforge.net/mingw/$(SSH_F)?big_mirror=1
+MSYSSSH_SUM=bf1617bf43de198cea7c197621494baec9520bcb
 
 ZLIBSRC_F=zlib-1.2.3.tar.gz
 ZLIBSRC_URL=http://www.zlib.net/zlib-1.2.3.tar.gz
 ZLIBSRC_SUM=60faeaaf250642db5c0ea36cd6dcc9f99c8f3902
 
 PTHREADS_F=pthreads-w32-2-8-0-release.tar.gz
-PTHREADS_URL=ftp://sourceware.org/pub/pthreads-win32/pthreads-w32-2-8-0-release.tar.gz
+PTHREADS_URL=ftp://sourceware.org/pub/pthreads-win32/$(PTHREADS_F)
 PTHREADS_SUM=da8371cb20e8e238f96a1d0651212f154d84a9ac
 
 LIBEVENT_F=libevent-1.4.8-stable.tar.gz
-LIBEVENT_URL=http://www.monkey.org/~provos/libevent-1.4.8-stable.tar.gz
+LIBEVENT_URL=http://www.monkey.org/~provos/$(LIBEVENT_F)
 LIBEVENT_SUM=82c05a893688810aafc2b372b567a837eb115732
 
 ACONF_F=autoconf2.5-2.61-1-bin.tar.bz2
-ACONF_URL=http://downloads.sourceforge.net/mingw/autoconf2.5-2.61-1-bin.tar.bz2?big_mirror=1
+ACONF_URL=http://downloads.sourceforge.net/mingw/$(ACONF_F)?big_mirror=1
 ACONF_SUM=7f05699dfeb0fea12b490da7204eeb89644a3bf7
 
 AMAKE_F=automake1.9-1.9.6-2-bin.tar.bz2
-AMAKE_URL=http://downloads.sourceforge.net/mingw/automake1.9-1.9.6-2-bin.tar.bz2?big_mirror=1
+AMAKE_URL=http://downloads.sourceforge.net/mingw/$(AMAKE_F)?big_mirror=1
 AMAKE_SUM=685dd354868ebb6fca148a300f20b55e1c036fca
 
 PERL_F=perl-5.6.1-MSYS-1.0.11-1.tar.bz2
-PERL_URL=http://downloads.sourceforge.net/mingw/perl-5.6.1-MSYS-1.0.11-1.tar.bz2?big_mirror=1
+PERL_URL=http://downloads.sourceforge.net/mingw/$(PERL_F)?big_mirror=1
 PERL_SUM=ff1f07a061c7958bc9043f0085a55ff0101b1be4
 
 GROFF_F=groff-1.19.2.tar.gz
-GROFF_URL=http://ftp.gnu.org/gnu/groff/groff-1.19.2.tar.gz
+GROFF_URL=http://ftp.gnu.org/gnu/groff/$(GROFF_F)
 GROFF_SUM=cfad99a5c52933a6a9180e394bd94fbaec0ac956
 
 CMAKE_F=cmake-2.6.2.tar.gz
-CMAKE_URL=http://www.cmake.org/files/v2.6/cmake-2.6.2.tar.gz
+CMAKE_URL=http://www.cmake.org/files/v2.6/$(CMAKE_F)
 CMAKE_SUM=48d33afaf23d40f2ea9aa2f5018c7213983222c2
 
-SSLSRC_F=openssl-0.9.8j.tar.gz
-SSLSRC_URL=http://www.openssl.org/source/openssl-0.9.8j.tar.gz
-SSLSRC_SUM=f70f7127a26e951e8a0d854c0c9e6b4c24df78e4
+SSLSRC_F=openssl-0.9.8k.tar.gz
+SSLSRC_URL=http://www.openssl.org/source/$(SSLSRC_F)
+SSLSRC_SUM=3ba079f91d3c1ec90a36dcd1d43857165035703f
 
 PYTHON_F=Python-3.0.1.tar.bz2
 PYTHON_URL=http://www.python.org/ftp/python/3.0.1/$(PYTHON_F)
@@ -146,26 +146,26 @@
 
 PY2EXE_F=py2exe-0.6.9.zip
 PY2EXE_TGZ=py2exe.tar.gz
-PY2EXE_URL=http://downloads.sourceforge.net/py2exe/py2exe-0.6.9.zip?big_mirror=1
+PY2EXE_URL=http://downloads.sourceforge.net/py2exe/$(PY2EXE_F)?big_mirror=1
 PY2EXE_SUM=f1a2cdfbf6d142f6ff54edfcf9d127e2d07169d5
 
 WIX_F=wix3.0.4805.0-binaries.zip
 WIX_TGZ=wix.tar.gz
-WIX_URL=http://downloads.sourceforge.net/wix/wix3.0.4805.0-binaries.zip?big_mirror=1
+WIX_URL=http://downloads.sourceforge.net/wix/$(WIX_F)?big_mirror=1
 WIX_SUM=58dcedd89efcf9b80f7d6f1c0c5f9ee44a800892
 
 WIXSRC_F=wix3.0.4805.0-sources.zip
 WIXSRC_TGZ=wixsrc.tar.gz
-WIXSRC_URL=http://downloads.sourceforge.net/wix/wix3.0.4805.0-sources.zip?big_mirror=1
+WIXSRC_URL=http://downloads.sourceforge.net/wix/$(WIXSRC_F)?big_mirror=1
 WIXSRC_SUM=60d5bfa98fcf8f902586067393eb3ac7e4b12f82
 
 GNURX_F=mingw-libgnurx-2.5.1-src.tar.gz
-GNURX_URL=http://downloads.sourceforge.net/mingw/mingw-libgnurx-2.5.1-src.tar.gz?big_mirror=1
+GNURX_URL=http://downloads.sourceforge.net/mingw/$(GNURX_F)?big_mirror=1
 GNURX_SUM=f1e4af2541645dac82362b618aaa849658cd4988
 
 NSIS_VER=2.42
 NSIS_F=nsis-$(NSIS_VER).zip
-NSIS_URL=http://downloads.sourceforge.net/nsis/nsis-2.42.zip?big_mirror=1
+NSIS_URL=http://downloads.sourceforge.net/nsis/$(NSIS_F)?big_mirror=1
 NSIS_SUM=a1aef12a33f16273ac9109fde28713399f6a8016
 NSIS_TGZ=nsis-2.42.tar.gz
 
@@ -174,11 +174,11 @@
 SEVNZIP_INST=true
 SEVNZIP_VER=464
 SEVNZIP_F=7z464.msi
-SEVNZIP_URL=http://downloads.sourceforge.net/sevenzip/7z464.msi?big_mirror=1
+SEVNZIP_URL=http://downloads.sourceforge.net/sevenzip/$(SEVNZIP_F)?big_mirror=1
 SEVNZIP_SUM=19a06e188a83452dc9273290dbef71220686c4c1
 
 SDL_F=SDL-1.2.13.tar.gz
-SDL_URL=http://www.libsdl.org/release/SDL-1.2.13.tar.gz
+SDL_URL=http://www.libsdl.org/release/$(SDL_F)
 SDL_SUM=51fcaa3e1d5c01fd813ea08688780f86b19cf539
 
 WPCAPSRC_VER=4_1_beta5
@@ -247,7 +247,7 @@
 # buildscripts need some dire clean up...
 OK:=echo -n
 
-ALLFILES=$(ZLIB_F) $(GZIP_F) $(BZIP2_F) $(LIBARCH_F) $(BINUTILS_F) $(GCCORE_F) $(GPP_F) $(MINGWRUN_F) $(MINGWUTIL_F) $(MAKE_F) $(W32API_F) $(MSYS_F) $(MSYSCORE_F) $(BASH_F) $(DIFFUTIL_F) $(LIBTOOL_F) $(MINIRES_F) $(MSYSZLIB_F) $(MSYSCRYPT_F) $(M4_F) $(SSL_F) $(SSH_F) $(ZLIBSRC_F) $(PTHREADS_F) $(LIBEVENT_F) $(AMAKE_F) $(ACONF_F) $(PERL_F) $(GROFF_F) $(CMAKE_F) $(QT_F) $(NSIS_F) $(SSLSRC_F) $(PYTHON_F) $(PY2EXE_F) $(WIX_F) $(WIXSRC_F) $(GNURX_F) $(POLIPO_F) $(SDL_F) $(WPCAPSRC_F) $(QEMU_F) $(OVPN_F)
+ALLFILES=$(ZLIB_F) $(GZIP_F) $(BZIP2_F) $(LIBARCH_F) $(BINUTILS_F) $(GCCORE_F) $(GPP_F) $(MINGWRUN_F) $(MINGWUTIL_F) $(MAKE_F) $(W32API_F) $(MSYS_F) $(MSYSCORE_F) $(BASH_F) $(DIFFUTIL_F) $(LIBTOOL_F) $(MINIRES_F) $(MSYSZLIB_F) $(MSYSCRYPT_F) $(M4_F) $(MSYSSSL_F) $(MSYSSSH_F) $(ZLIBSRC_F) $(PTHREADS_F) $(LIBEVENT_F) $(AMAKE_F) $(ACONF_F) $(PERL_F) $(GROFF_F) $(CMAKE_F) $(QT_F) $(NSIS_F) $(SSLSRC_F) $(PYTHON_F) $(PY2EXE_F) $(WIX_F) $(WIXSRC_F) $(GNURX_F) $(POLIPO_F) $(SDL_F) $(WPCAPSRC_F) $(QEMU_F) $(OVPN_F)
 
 # adjust if we're dealing with non source, zip or tar archives for a package
 SEVNZIP_OPT_DL=
@@ -284,8 +284,8 @@
 	@if [ ! -e $(WDLDIR)/$(MSYSZLIB_F) ]; then $(DLCMD) "$(MSYSZLIB_URL)" $(MSYSZLIB_SUM) "$(WDLDIR)/$(MSYSZLIB_F)"; fi
 	@if [ ! -e $(WDLDIR)/$(MSYSCRYPT_F) ]; then $(DLCMD) "$(MSYSCRYPT_URL)" $(MSYSCRYPT_SUM) "$(WDLDIR)/$(MSYSCRYPT_F)"; fi
 	@if [ ! -e $(WDLDIR)/$(M4_F) ]; then $(DLCMD) "$(M4_URL)" $(M4_SUM) "$(WDLDIR)/$(M4_F)"; fi
-	@if [ ! -e $(WDLDIR)/$(SSL_F) ]; then $(DLCMD) "$(SSL_URL)" $(SSL_SUM) "$(WDLDIR)/$(SSL_F)"; fi
-	@if [ ! -e $(WDLDIR)/$(SSH_F) ]; then $(DLCMD) "$(SSH_URL)" $(SSH_SUM) "$(WDLDIR)/$(SSH_F)"; fi
+	@if [ ! -e $(WDLDIR)/$(MSYSSSL_F) ]; then $(DLCMD) "$(MSYSSSL_URL)" $(MSYSSSL_SUM) "$(WDLDIR)/$(MSYSSSL_F)"; fi
+	@if [ ! -e $(WDLDIR)/$(MSYSSSH_F) ]; then $(DLCMD) "$(MSYSSSH_URL)" $(MSYSSSH_SUM) "$(WDLDIR)/$(MSYSSSH_F)"; fi
 	@if [ ! -e $(WDLDIR)/$(ZLIBSRC_F) ]; then $(DLCMD) "$(ZLIBSRC_URL)" $(ZLIBSRC_SUM) "$(WDLDIR)/$(ZLIBSRC_F)"; fi
 	@if [ ! -e $(WDLDIR)/$(PTHREADS_F) ]; then $(DLCMD) "$(PTHREADS_URL)" $(PTHREADS_SUM) "$(WDLDIR)/$(PTHREADS_F)"; fi
 	@if [ ! -e $(WDLDIR)/$(LIBEVENT_F) ]; then $(DLCMD) "$(LIBEVENT_URL)" $(LIBEVENT_SUM) "$(WDLDIR)/$(LIBEVENT_F)"; fi

Modified: torvm/trunk/build/win32/files/buildall.sh
===================================================================
--- torvm/trunk/build/win32/files/buildall.sh	2009-04-19 04:34:34 UTC (rev 19349)
+++ torvm/trunk/build/win32/files/buildall.sh	2009-04-20 02:43:01 UTC (rev 19350)
@@ -89,7 +89,7 @@
   export PTHREAD_DIR="pthreads-w32-${PTHREAD_VER}-release"
   export PTHREAD_FILE="${PTHREAD_DIR}.tar.gz"
   
-  export OPENSSL_VER="0.9.8j"
+  export OPENSSL_VER="0.9.8k"
   export OPENSSL_DIR="openssl-${OPENSSL_VER}"
   export OPENSSL_FILE="openssl-${OPENSSL_VER}.tar.gz"
   
@@ -554,8 +554,8 @@
   ./configure --prefix=/usr --interp-prefix=qemu-%M \
     --enable-uname-release="Tor VM 2.6-alpha i386" \
     --disable-werror \
+    --disable-system \
     --disable-kqemu \
-    --disable-system \
     --disable-vnc-tls \
     --extra-cflags="-DHAVE_INTSZ_TYPES -I. -I.. -I/src/$ZLIB_DIR -I/usr/include -I/usr/local/include $WPCAP_INCLUDE -I/src/pthreads-w32 -I/usr/include/SDL" \
     --extra-ldflags="-L/src/$ZLIB_DIR -L/usr/lib -L/usr/local/lib $WPCAP_LDFLAGS -L/src/pthreads-w32" \
@@ -1094,7 +1094,7 @@
         tail +4c fulldata-dir.wxs > fulldata-dir.wxs.tmp; dos2unix fulldata-dir.wxs.tmp; cat fulldata-dir.wxs.tmp > fulldata-dir.wxs; rm -f fulldata-dir.wxs.tmp
         wixtool.exe splice -i pkg/win32/vidalia.wxs -o fulldata-tmpdir.wxs Directory:LocalPluginsDataDir=fulldata-dir.wxs:Directory:data
         wixtool.exe splice -i fulldata-tmpdir.wxs -o fulldata-tmpall.wxs Feature:MainApplication=fulldata-dir.wxs:Feature:ProductFeature
-        wixtool.exe userlocal -i fulldata-tmpall.wxs -o fulldata-all.wxs "Software/Vidalia:MainApplication"
+        wixtool.exe userlocal -i fulldata-tmpall.wxs -o fulldata-all.wxs "Software\\Vidalia:MainApplication"
         rm -f fulldata-tmpdir.wxs fulldata-tmpall.wxs
         candle.exe $CANDLE_OPTS fulldata-all.wxs
         WIX_CAB_CACHE=_vidmrbl.cabcache
@@ -1127,7 +1127,7 @@
         tail +4c mindata-dir.wxs > mindata-dir.wxs.tmp; dos2unix mindata-dir.wxs.tmp; cat mindata-dir.wxs.tmp > mindata-dir.wxs; rm -f mindata-dir.wxs.tmp
         wixtool.exe splice -i pkg/win32/vidalia.wxs -o mindata-tmpdir.wxs Directory:LocalPluginsDataDir=mindata-dir.wxs:Directory:data
         wixtool.exe splice -i mindata-tmpdir.wxs -o mindata-tmpall.wxs Feature:MainApplication=mindata-dir.wxs:Feature:ProductFeature
-        wixtool.exe userlocal -i mindata-tmpall.wxs -o mindata-all.wxs "Software/Vidalia:MainApplication"
+        wixtool.exe userlocal -i mindata-tmpall.wxs -o mindata-all.wxs "Software\\Vidalia:MainApplication"
         rm -f mindata-tmpdir.wxs mindata-tmpall.wxs
         candle.exe $CANDLE_OPTS mindata-all.wxs
         rm -rf $WIX_CAB_CACHE
@@ -1243,7 +1243,7 @@
     tail +4c license-dir.wxs > license-dir.wxs.tmp; dos2unix license-dir.wxs.tmp; cat license-dir.wxs.tmp > license-dir.wxs; rm -f license-dir.wxs.tmp
     wixtool.exe splice -i license.wxs -o license-tmpdir.wxs Directory:ProgramsInstDir=license-dir.wxs:Directory:LicenseDocs
     wixtool.exe splice -i license-tmpdir.wxs -o license-tmpall.wxs Feature:MainApplication=license-dir.wxs:Feature:ProductFeature
-    wixtool.exe userlocal -i license-tmpall.wxs -o license-all.wxs "Software/Tor License:MainApplication"
+    wixtool.exe userlocal -i license-tmpall.wxs -o license-all.wxs "Software\\Tor License:MainApplication"
     rm -f license-tmpdir.wxs license-tmpall.wxs
     candle.exe $CANDLE_OPTS license-all.wxs
     echo "Linking Tor Vidalia bundle license docs package ..."
@@ -1274,7 +1274,7 @@
   wixtool.exe splice -i torvm-tmpdir.wxs -o torvm-tmpall.wxs Feature:MainApplication=torvm-lib.wxs:Feature:ProductFeature
   wixtool.exe splice -i torvm-tmpall.wxs -o torvm-tmpdir.wxs Directory:ProgramsInstDir=torvm-state.wxs:Directory:TARGETDIR
   wixtool.exe splice -i torvm-tmpdir.wxs -o torvm-tmpall.wxs Feature:MainApplication=torvm-state.wxs:Feature:ProductFeature
-  wixtool.exe userlocal -i torvm-tmpall.wxs -o torvm-all.wxs "Software/Tor VM:MainApplication"
+  wixtool.exe userlocal -i torvm-tmpall.wxs -o torvm-all.wxs "Software\\Tor VM:MainApplication"
   rm -f torvm-tmpdir.wxs torvm-tmpall.wxs
   candle.exe $CANDLE_OPTS torvm-all.wxs
   WIX_CAB_CACHE=_torvm.cabcache

Modified: torvm/trunk/build/win32/patches/openssl-0.9.8-mingw-shared.patch
===================================================================
--- torvm/trunk/build/win32/patches/openssl-0.9.8-mingw-shared.patch	2009-04-19 04:34:34 UTC (rev 19349)
+++ torvm/trunk/build/win32/patches/openssl-0.9.8-mingw-shared.patch	2009-04-20 02:43:01 UTC (rev 19350)
@@ -1,7 +1,7 @@
 diff -Naur a/Configure b/Configure
---- a/Configure	2008-12-29 00:18:23.000000000 +0000
-+++ b/Configure	2009-01-31 10:43:44.940555920 +0000
-@@ -475,7 +475,7 @@
+--- a/Configure	2009-02-16 08:44:22.000000000 +0000
++++ b/Configure	2009-04-05 02:24:48.927195384 +0000
+@@ -480,7 +480,7 @@
  "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
  
  # MinGW
@@ -10,7 +10,7 @@
  
  # UWIN 
  "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
-@@ -1051,7 +1051,7 @@
+@@ -1059,7 +1059,7 @@
  
  my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
  
@@ -20,8 +20,8 @@
  $no_shared = 0 if ($fipsdso && !$IsMK1MF);
  
 diff -Naur a/Makefile.org b/Makefile.org
---- a/Makefile.org	2008-12-30 13:26:26.000000000 +0000
-+++ b/Makefile.org	2009-01-31 10:46:23.025523352 +0000
+--- a/Makefile.org	2009-03-03 22:40:29.000000000 +0000
++++ b/Makefile.org	2009-04-05 02:24:48.928195232 +0000
 @@ -131,7 +131,7 @@
  
  BASEADDR=

Modified: torvm/trunk/build/win32/src/torvm-w32/Makefile
===================================================================
--- torvm/trunk/build/win32/src/torvm-w32/Makefile	2009-04-19 04:34:34 UTC (rev 19349)
+++ torvm/trunk/build/win32/src/torvm-w32/Makefile	2009-04-20 02:43:01 UTC (rev 19350)
@@ -5,8 +5,8 @@
 BINDIR=C:\Tor_VM
 CPPFLAGS += -I. -I/usr/include -I/usr/local/include -MMD -MP
 CPPFLAGS += -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-#LDFLAGS += -L/usr/lib -L/usr/local/lib -lws2_32 -liphlpapi
-LDFLAGS += -lws2_32 -liphlpapi
+#LDFLAGS += -L/usr/lib -L/usr/local/lib
+LIBS += -lws2_32 -liphlpapi
 
 all: torvm$(EXESUF)
 

Modified: torvm/trunk/build/win32/src/torvm-w32/apicommon.c
===================================================================
--- torvm/trunk/build/win32/src/torvm-w32/apicommon.c	2009-04-19 04:34:34 UTC (rev 19349)
+++ torvm/trunk/build/win32/src/torvm-w32/apicommon.c	2009-04-20 02:43:01 UTC (rev 19350)
@@ -4,6 +4,35 @@
 
 #include "apicommon.h"
 
+/* Depending on _WIN32_WINNT version and mingw32 api we may
+ * have all of the socket structures defined. Needed by default.
+ */
+#ifndef __HAVE_IN_ADDR
+typedef struct _in_addr {
+  union {
+    struct {
+      unsigned char s_b1,
+                    s_b2,
+                    s_b3,
+                    s_b4;
+    } S_un_b;
+    struct {
+      unsigned short s_w1,
+                     s_w2;
+    } S_un_w;
+    unsigned long S_addr;
+  } S_un;
+} in_addr;
+#endif
+#ifndef __HAVE_SOCKADDR_IN
+typedef struct _sockaddr_in{
+   short sin_family;
+   unsigned short sin_port;
+   struct in_addr sin_addr;
+   char sin_zero[8];
+} sockaddr_in;
+#endif
+
 /* jump hoops to read ethernet adapter MAC address.
  */
 #define _NDIS_CONTROL_CODE(request,method) \
@@ -32,13 +61,160 @@
 #define OID_WW_GEN_PERMANENT_ADDRESS            0x0901010B
 #define OID_WW_GEN_CURRENT_ADDRESS              0x0901010C
 
+BOOL buildsyspath (DWORD  syspathtype,
+                   LPTSTR append,
+                   LPTSTR *fpath)
+{
+  DWORD   retval;
+  DWORD   errnum;
+  LPTSTR  defval = NULL;
+  LPTSTR  envvar;
+  LPTSTR  dsep = "\\";
+  *fpath = malloc(CMDMAX * sizeof(TCHAR));
+  if(*fpath == NULL) {
+    lerror ("buildsyspath: out of memory.");
+    free(envvar);
+    return FALSE;
+  }
+  if (syspathtype == SYSDIR_WINROOT) {
+    envvar = getenv("SYSTEMROOT");
+    defval = DEFAULT_WINDIR;
+  }
+  else if (syspathtype == SYSDIR_ALLPROFILE)
+    envvar = getenv("ALLUSERSPROFILE");
+  else if (syspathtype == SYSDIR_PROFILE)
+    envvar = getenv("USERPROFILE");
+  else if (syspathtype == SYSDIR_PROGRAMS)
+    envvar = getenv("PROGRAMFILES");
+  else if (syspathtype == SYSDIR_LCLDATA)
+    envvar = getenv("USERPROFILE");
+  else if (syspathtype == SYSDIR_LCLPROGRAMS)
+    envvar = getenv("USERPROFILE");
+  if(!envvar) {
+    if (defval) {
+      strncpy(*fpath, defval, (CMDMAX -1));
+      return TRUE;
+    }
+    free(*fpath);
+    *fpath = 0;
+    return FALSE;
+  }
+  if ( (syspathtype == SYSDIR_LCLPROGRAMS) || (syspathtype == SYSDIR_LCLDATA) ) {
+    LPTSTR lclpost = 0;
+    if (syspathtype == SYSDIR_LCLPROGRAMS)
+      lclpost = "Programs";
+    /* local appdata and programs is built against the user profile root */
+    snprintf (*fpath, (CMDMAX -1),
+              "%s%s%s%s%s%s%s",
+              envvar,
+              dsep,
+              "Local Settings\\Application Data",
+              lclpost ? dsep : "",
+              lclpost ? lclpost : "",
+              append ? dsep : "",
+              append ? append : "");
+  }
+  else {
+    snprintf (*fpath, (CMDMAX -1),
+              "%s%s%s",
+              envvar,
+              append ? dsep : "",
+              append ? append : "");
+  }
+  ldebug ("Returning system path %s for path type %d and append %s", *fpath, syspathtype, append ? append : "");
+  return TRUE;
+}
+
+BOOL buildfpath (DWORD   pathtype,
+                 DWORD   subdirtype,
+                 LPTSTR  wdpath,
+                 LPTSTR  append,
+                 LPTSTR *fpath)
+{
+  LPTSTR basepath;
+  DWORD  buflen;
+  *fpath = NULL;
+  LPTSTR dsep = "\\";
+  if (pathtype == PATH_RELATIVE) {
+    if (!wdpath) {
+      basepath = strdup(".");
+    }
+    else {
+      /* TODO: for now, we check if we're in one of the bin/lib/state subdirs
+       * and adjust accordingly.  what we really need to do is is build a full
+       * relative path based on cwd for situations when we might be executing
+       * in a location other than the usual subdirs above.
+       */
+      if ( (strstr(wdpath, "\\" TOR_VM_BIN)) ||
+           (strstr(wdpath, "\\" TOR_VM_LIB)) || 
+           (strstr(wdpath, "\\" TOR_VM_STATE))   ) {
+	basepath = (pathtype == PATH_MSYS) ? strdup("../") : strdup("..\\");
+      }
+    }
+  }
+  else {
+    if (!getmypath(&basepath)) {
+      lerror ("Unable to get current process working directory.");
+      /* TODO: what fallbacks should be used? check common locations? */
+      return FALSE;
+    }
+    if (pathtype == PATH_MSYS) {
+      /* TODO: split drive and path, then sub dir separator */
+      dsep = "/";
+    }
+    /* truncate off our program name from the basepath */
+    if (strlen(basepath) > 1) {
+      LPTSTR cp = basepath + strlen(basepath) - 1;
+      while (cp > basepath && *cp) {
+        if (*cp == '\\')
+	  *cp = 0;
+	else
+	  cp--;
+      }
+    }
+  }
+  buflen = strlen(basepath) + 32; /* leave plenty of room for subdir */
+  if (append)
+    buflen += strlen(append);
+  *fpath = malloc(buflen);
+  **fpath = 0;
+  if (subdirtype == VMDIR_BASE) {
+    snprintf (*fpath, buflen-1,
+              "%s%s%s",
+	      basepath,
+	      append ? dsep : "",
+	      append ? append : "");
+  }
+  else {
+    LPTSTR csd = "";
+    if (subdirtype == VMDIR_BIN)
+      csd = TOR_VM_BIN;
+    else if (subdirtype == VMDIR_LIB)
+      csd = TOR_VM_LIB;
+    else if (subdirtype == VMDIR_STATE)
+      csd = TOR_VM_STATE;
+
+    snprintf (*fpath, buflen-1,
+              "%s%s%s%s%s",
+	      basepath,
+	      dsep,
+	      csd,
+	      append ? dsep : "",
+	      append ? append : "");
+  }
+  ldebug ("Returning build file path %s for path type %d subdir type %d working path %s and append %s", *fpath, pathtype, subdirtype, wdpath ? wdpath : "", append ? append : "");
+
+  free (basepath);
+  return TRUE;
+}
+
 BOOL getmypath (TCHAR **path)
 {
-  TCHAR  mypath[MAX_PATH];
+  CHAR  mypath[MAX_PATH];
   memset (mypath, 0, sizeof(mypath));
-  if (! GetModuleFileName(NULL,
-                          &mypath,
-                          sizeof(mypath)-1)) {
+  if (! GetModuleFileNameA(NULL,
+                           mypath,
+                           sizeof(mypath)-1)) {
     lerror ("Unable to obtain current program path.");
     return FALSE;
   }
@@ -46,6 +222,63 @@
   return TRUE;
 }
 
+BOOL exists (LPTSTR path)
+{
+  HANDLE  hnd;
+  hnd = CreateFile (path,
+                    GENERIC_READ,
+                    0,
+                    NULL,
+                    OPEN_EXISTING,
+                    FILE_ATTRIBUTE_NORMAL,
+                    NULL);
+  if (hnd == INVALID_HANDLE_VALUE) {
+    return FALSE;
+  } 
+  CloseHandle(hnd);
+  return TRUE;
+} 
+
+BOOL copyfile (LPTSTR srcpath,
+               LPTSTR destpath)
+{ 
+  HANDLE src, dest;
+  DWORD buffsz = CMDMAX;   
+  DWORD len, written;
+  LPTSTR buff;
+  src = CreateFile (srcpath,
+                    GENERIC_READ,
+                    0,
+                    NULL,
+                    OPEN_EXISTING,
+                    FILE_ATTRIBUTE_NORMAL,
+                    NULL);
+  if (src == INVALID_HANDLE_VALUE) {
+    return FALSE;
+  }                 
+  DeleteFile (destpath);
+  dest = CreateFile (destpath,
+                     GENERIC_WRITE,
+                     0,
+                     NULL,
+                     CREATE_NEW,
+                     FILE_ATTRIBUTE_NORMAL,
+                     NULL);
+  if (dest == INVALID_HANDLE_VALUE) {
+    return FALSE;
+  }
+  buff = malloc(buffsz);
+  if (!buff)
+    return FALSE;
+  while (ReadFile(src, buff, buffsz, &len, NULL) && (len > 0))
+    WriteFile(dest, buff, len, &written, NULL);
+  free (buff);
+  CloseHandle (src);
+  CloseHandle (dest);
+
+  return TRUE;
+}
+
 void bgstartupinfo (STARTUPINFO *si)
 {
   si->dwXCountChars = 48;
@@ -57,6 +290,42 @@
   return;
 }
 
+BOOL runcommand(LPSTR cmd,
+                LPSTR dir)
+{ 
+  STARTUPINFO si;
+  PROCESS_INFORMATION pi;
+  DWORD exitcode;
+  DWORD opts = CREATE_NEW_PROCESS_GROUP;
+   
+  ZeroMemory( &pi, sizeof(pi) );
+  ZeroMemory( &si, sizeof(si) );
+  si.cb = sizeof(si);
+         
+  if( !CreateProcess(NULL,
+                     cmd,
+                     NULL,   // process handle no inherit
+                     NULL,   // thread handle no inherit
+                     FALSE,  // default handle inheritance false
+                     opts,
+                     NULL,   // environment block
+                     dir,
+                     &si,
+                     &pi) ) {
+    lerror ("Failed to launch process.  Error code: %d", GetLastError());
+    return FALSE;
+  }
+
+  while ( GetExitCodeProcess(pi.hProcess, &exitcode) && (exitcode == STILL_ACTIVE) ) {
+    Sleep (500);
+  }
+  ldebug ("runcommand process %s exited with status: %d", cmd, exitcode);
+  CloseHandle(pi.hThread); 
+  CloseHandle(pi.hProcess);
+  
+  return TRUE;
+}
+
 BOOL localhnd (HANDLE  *hnd)
 {
   HANDLE  orighnd = *hnd;
@@ -144,9 +413,9 @@
     }
   }
   else if (info.dwMajorVersion == 6) {
-    OSVERSIONINFOEX exinfo;
-    ZeroMemory(&exinfo, sizeof(OSVERSIONINFOEX));
-    exinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
+    OSVERSIONINFOEXA exinfo;
+    ZeroMemory(&exinfo, sizeof(OSVERSIONINFOEXA));
+    exinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEXA);
     GetVersionEx(&exinfo);
     if (exinfo.wProductType != VER_NT_WORKSTATION) {
       ldebug ("Operating system version is Windows Vista");
@@ -284,6 +553,33 @@
   return retval;
 }
 
+BOOL tryconnect(const char * addr,
+                DWORD port)
+{
+  WSADATA wsadata;
+  SOCKET csocket;
+  int result = WSAStartup(MAKEWORD(2,2), &wsadata);
+  csocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+  if (csocket == INVALID_SOCKET) {
+    ldebug("Error at socket(): %ld\n", WSAGetLastError());
+    WSACleanup();
+    return FALSE;
+  }
+  sockaddr_in dest;
+  dest.sin_family = AF_INET;
+  dest.sin_addr.s_addr = inet_addr(addr);
+  dest.sin_port = htons(port);
+  if (connect(csocket,
+              (SOCKADDR*)&dest,
+              sizeof(dest)) == SOCKET_ERROR) {
+    WSACleanup();
+    return FALSE;
+  }
+  closesocket(csocket);
+  WSACleanup();
+  return TRUE;
+}
+
 BOOL base16encode(LPBYTE   data,
                   DWORD    len,
                   char **  hexstr)
@@ -305,9 +601,9 @@
     return FALSE;
   }
   for (i = 0; i < len; i++) {
-    snprintf(*hexstr[i * 2], 3, "%02hhx", data[i]);
+    snprintf(*hexstr+(i*2), 3, "%02hhx", (short)data[i]);
   }
-  *hexstr[i] = NULL;
+  (*hexstr)[olen-1] = NULL;
   return retval;
 }
 

Modified: torvm/trunk/build/win32/src/torvm-w32/apicommon.h
===================================================================
--- torvm/trunk/build/win32/src/torvm-w32/apicommon.h	2009-04-19 04:34:34 UTC (rev 19349)
+++ torvm/trunk/build/win32/src/torvm-w32/apicommon.h	2009-04-20 02:43:01 UTC (rev 19350)
@@ -20,6 +20,7 @@
 #include <winioctl.h>
 #include <winerror.h>
 #include <wincrypt.h>
+#include <winsock2.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <stdarg.h>
@@ -35,7 +36,40 @@
 
 /* misc win32 api utility functions
  */
+#define CMDMAX         4096
+#define DEFAULT_WINDIR "C:\\WINDOWS"
+#define TOR_VM_BASE    "Tor_VM"
+#define W_TOR_VM_BASE  L"Tor_VM"
+#define TOR_VM_BIN     "bin"
+#define TOR_VM_LIB     "lib"
+#define TOR_VM_STATE   "state"
+BOOL buildpath (const TCHAR *dirname,
+                TCHAR **fullpath);
+#define PATH_FQ        1
+#define PATH_RELATIVE  2
+#define PATH_MSYS      3
+#define VMDIR_BASE     1
+#define VMDIR_BIN      2
+#define VMDIR_LIB      3
+#define VMDIR_STATE    4
+BOOL buildfpath (DWORD   pathtype,
+                 DWORD   subdirtype,
+                 LPTSTR  wdpath,
+                 LPTSTR  append,
+                 LPTSTR *fpath);
+#define SYSDIR_WINROOT     1
+#define SYSDIR_PROFILE     2
+#define SYSDIR_ALLPROFILE  3
+#define SYSDIR_PROGRAMS    4
+#define SYSDIR_LCLDATA     5
+#define SYSDIR_LCLPROGRAMS 6
+BOOL buildsyspath (DWORD   syspathtype,
+                   LPTSTR  append,
+                   LPTSTR *fpath);
 BOOL getmypath (TCHAR **path);
+BOOL exists (LPTSTR path);
+BOOL copyfile (LPTSTR srcpath,
+               LPTSTR destpath);
 BOOL getprocwd (TCHAR **cwd);
 BOOL setprocwd (const TCHAR *cwd);
 
@@ -83,11 +117,16 @@
 
 BOOL getcompguid (TCHAR **guid);
 void bgstartupinfo (STARTUPINFO *si);
+BOOL runcommand(LPSTR cmd,
+                LPSTR dir);
 
 BOOL getmacaddr(const char *  devguid,
                 char **       mac);
 BOOL isconnected(const char *  devguid);
 
+BOOL tryconnect(const char * addr,
+                DWORD port);
+
 /* Caller is responsible for free'ing hexstr.  Note that it will be exactly
  * twice as long plus 1 (null terminated) as the input buffer.
  */

Modified: torvm/trunk/build/win32/src/torvm-w32/creds.c
===================================================================
--- torvm/trunk/build/win32/src/torvm-w32/creds.c	2009-04-19 04:34:34 UTC (rev 19349)
+++ torvm/trunk/build/win32/src/torvm-w32/creds.c	2009-04-20 02:43:01 UTC (rev 19350)
@@ -1,7 +1,9 @@
-/* Copyright (C) 2008  The Tor Project, Inc.
+/* Copyright (C) 2008-2009  The Tor Project, Inc.
  * See LICENSE file for rights and terms.
  */
 #include "creds.h"
+#include <userenv.h>
+#include <accctrl.h>
 
 BOOL setdriversigning (BOOL sigcheck)
 {
@@ -135,14 +137,20 @@
   return TRUE;
 }
 
-/* keep linkage to these dynamic, in case the requisite Dll's don't exist. */
+/* keep linkage to advapi32 and shell32 dynamic
+ * in case the requisite Dll's don't exist on this OS version.
+ */
 #define NTSTATUS ULONG
+#define ACCOUNT_VIEW 1
+#define ACCOUNT_ADJUST_PRIVILEGES 2
+#define ACCOUNT_ADJUST_SYSTEM_ACCESS 8
+typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
 
 typedef struct _LSA_TRANSLATED_SID2 {
-  SID_NAME_USE Use;
-  PSID Sid;
-  LONG DomainIndex;
-  ULONG Flags;
+  SID_NAME_USE  Use;
+  PSID          Sid;
+  LONG          DomainIndex;
+  ULONG         Flags;
 } LSA_TRANSLATED_SID2, *PLSA_TRANSLATED_SID2;
 
 typedef BOOL (__stdcall *PFnIsUserAnAdmin)(void);
@@ -171,6 +179,14 @@
                                                  PLSA_UNICODE_STRING Names,
                                                  PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
                                                  PLSA_TRANSLATED_SID2 *Sids);
+typedef NTSTATUS (__stdcall *PFnLsaCreateAccount)(LSA_HANDLE PolicyHandle,
+                                                  PSID AccountSid,
+                                                  ULONG Flags,
+                                                  PLSA_HANDLE AccountHandle);
+typedef NTSTATUS (__stdcall *PFnLsaOpenAccount)(LSA_HANDLE PolicyHandle,
+                                                PSID AccountSid,
+                                                ULONG Flags,
+                                                PLSA_HANDLE AccountHandle);
 typedef NTSTATUS (__stdcall *PFnLsaAddAccountRights)(LSA_HANDLE PolicyHandle,
                                                      PSID AccountSid,
                                                      PLSA_UNICODE_STRING UserRights,
@@ -184,6 +200,26 @@
                                                            PSID AccountSid,
                                                            PLSA_UNICODE_STRING *UserRights,
                                                            PULONG CountOfRights);
+typedef NTSTATUS (__stdcall *PFnLsaLookupPrivilegeValue)(LSA_HANDLE PolicyHandle,
+                                                         PLSA_UNICODE_STRING PrivilegeString,
+                                                         PLUID Luid);
+typedef NTSTATUS (__stdcall *PFnLsaAddPrivilegesToAccount)(LSA_HANDLE AccountHandle,
+                                                           PRIVILEGE_SET * ps);
+typedef BOOL (__stdcall *PFnImpersonateLoggedOnUser)(HANDLE Token);
+typedef BOOL (__stdcall *PFnImpersonateAnonymousToken)(HANDLE ThreadHandle);
+typedef BOOL (__stdcall *PFnCreateRestrictedToken)(HANDLE ExistingTokenHandle,
+                                                   DWORD Flags,
+                                                   DWORD DisableSidCount,
+                                                   PSID_AND_ATTRIBUTES SidsToDisable,
+                                                   DWORD DeletePrivilegeCount,
+                                                   PLUID_AND_ATTRIBUTES PrivilegesToDelete,
+                                                   DWORD RestrictedSidCount,
+                                                   PSID_AND_ATTRIBUTES SidsToRestrict,
+                                                   PHANDLE NewTokenHandle);
+typedef BOOL (__stdcall *PFnRevertToSelf)(void);
+typedef BOOL (__stdcall *PFnLookupPrivilegeValue)(LPTSTR SystemName,
+                                                  LPTSTR Name,
+                                                  PLUID Luid);
 typedef BOOL (__stdcall *PFnAdjustTokenPrivileges)(HANDLE TokenHandle,
                                                    BOOL DisableAllPrivileges,
                                                    PTOKEN_PRIVILEGES NewState,
@@ -191,6 +227,69 @@
                                                    PTOKEN_PRIVILEGES PreviousState,
                                                    PDWORD ReturnLength);
 typedef ULONG (__stdcall *PFnLsaNtStatusToWinError)(NTSTATUS Status);
+typedef BOOL (__stdcall *PFnLookupAccountName)(LPTSTR SystemName,
+                                               LPTSTR AccountName,
+                                               PSID Sid,
+                                               LPDWORD cbSid,
+                                               LPTSTR ReferencedDomainName,
+                                               LPDWORD cchReferencedDomainName,
+                                               PSID_NAME_USE peUse);
+typedef BOOL (__stdcall *PFnLogonUser)(LPTSTR Username,
+                                       LPTSTR Domain,
+                                       LPTSTR Password,
+                                       DWORD LogonType,
+                                       DWORD LogonProvider,
+                                       HANDLE * Token);
+typedef BOOL (__stdcall *PFnLogonUserEx)(LPTSTR Username,
+                                         LPTSTR Domain,
+                                         LPTSTR Password,
+                                         DWORD LogonType,
+                                         DWORD LogonProvider,
+                                         HANDLE * Token,
+                                         PSID *LogonSid,
+                                         PVOID *ProfileBuffer,
+                                         LPDWORD ProfileLength,
+                                         PQUOTA_LIMITS QuotaLimits);
+typedef BOOL (__stdcall *PFnGetFileSecurity)(LPCTSTR Filename,
+                                             SECURITY_INFORMATION Request,
+                                             PSECURITY_DESCRIPTOR SecurityDescriptor,
+                                             DWORD Length,
+                                             LPDWORD LengthNeeded);
+typedef BOOL (__stdcall *PFnSetFileSecurity)(LPCTSTR Filename,
+                                             SECURITY_INFORMATION Request,
+                                             PSECURITY_DESCRIPTOR SecurityDescriptor);
+typedef NTSTATUS (__stdcall *PFnGetSecurityInfo)(HANDLE ObjHandle,
+                                                 SE_OBJECT_TYPE ObjectType,
+                                                 SECURITY_INFORMATION SecurityInfo,
+                                                 PSID *Owner,
+                                                 PSID *Group,
+                                                 PACL *Dacl,
+                                                 PACL *Sacl,
+                                                 PSECURITY_DESCRIPTOR *SecurityDescriptor);
+typedef NTSTATUS (__stdcall *PFnSetSecurityInfo)(HANDLE ObjHandle,
+                                                 SE_OBJECT_TYPE ObjectType,
+                                                 SECURITY_INFORMATION SecurityInfo,
+                                                 PSID *Owner,
+                                                 PSID *Group,
+                                                 PACL *Dacl,
+                                                 PACL *Sacl);
+typedef NTSTATUS (__stdcall *PFnGetNamedSecurityInfo)(LPTSTR ObjectName,
+                                                      SE_OBJECT_TYPE ObjectType,
+                                                      SECURITY_INFORMATION SecurityInfo,
+                                                      PSID *Owner,
+                                                      PSID *Group,
+                                                      PACL *Dacl,
+                                                      PACL *Sacl,
+                                                      PSECURITY_DESCRIPTOR *SecurityDescriptor);
+typedef NTSTATUS (__stdcall *PFnSetNamedSecurityInfo)(LPTSTR ObjectName,
+                                                      SE_OBJECT_TYPE ObjectType,
+                                                      SECURITY_INFORMATION SecurityInfo,
+                                                      PSID *Owner,
+                                                      PSID *Group,
+                                                      PACL *Dacl,
+                                                      PACL *Sacl);
+typedef BOOL (__stdcall *PFnLoadUserProfile)(HANDLE Token,
+                                             LPPROFILEINFO ProfileInfo);
 
 struct ft_advapi {
   PFnAllocateAndInitializeSid   AllocateAndInitializeSid;
@@ -198,16 +297,112 @@
   PFnCheckTokenMembership       CheckTokenMembership;
   PFnLsaOpenPolicy              LsaOpenPolicy;
   PFnLsaLookupNames2            LsaLookupNames2;
+  PFnLsaCreateAccount           LsaCreateAccount;
+  PFnLsaOpenAccount             LsaOpenAccount;
   PFnLsaAddAccountRights        LsaAddAccountRights;
   PFnLsaRemoveAccountRights     LsaRemoveAccountRights;
   PFnLsaEnumerateAccountRights  LsaEnumerateAccountRights;
+  PFnLsaLookupPrivilegeValue    LsaLookupPrivilegeValue;
+  PFnLsaAddPrivilegesToAccount  LsaAddPrivilegesToAccount;
+  PFnImpersonateLoggedOnUser    ImpersonateLoggedOnUser;
+  PFnImpersonateAnonymousToken  ImpersonateAnonymousToken;
+  PFnCreateRestrictedToken      CreateRestrictedToken;
+  PFnRevertToSelf               RevertToSelf;
+  PFnLookupPrivilegeValue       LookupPrivilegeValue;
   PFnAdjustTokenPrivileges      AdjustTokenPrivileges;
   PFnLsaNtStatusToWinError      LsaNtStatusToWinError;
+  PFnLookupAccountName          LookupAccountName;
+  PFnLogonUser                  LogonUser;
+  PFnLogonUserEx                LogonUserEx;
+  PFnGetFileSecurity            GetFileSecurity;
+  PFnSetFileSecurity            SetFileSecurity;
+  PFnGetSecurityInfo            GetSecurityInfo;
+  PFnSetSecurityInfo            SetSecurityInfo;
+  PFnGetNamedSecurityInfo       GetNamedSecurityInfo;
+  PFnSetNamedSecurityInfo       SetNamedSecurityInfo;
+  PFnLoadUserProfile            LoadUserProfile;
 };
 
-static struct ft_advapi *s_advapi = NULL;
-static HMODULE           s_advapi_hnd = INVALID_HANDLE_VALUE;
+static struct ft_advapi *s_advapi      = NULL;
+static HMODULE           s_advapi_hnd  = INVALID_HANDLE_VALUE;
+static HMODULE           s_userenv_hnd = INVALID_HANDLE_VALUE;
 
+static void lsastr(PLSA_UNICODE_STRING lsastring,
+                   LPWSTR cstring)
+{
+  DWORD len;
+  lsastring->Buffer = NULL;
+  lsastring->Length = 0;
+  lsastring->MaximumLength = 0;
+  if (cstring) {
+    len = wcslen(cstring);
+    lsastring->Buffer = cstring;
+    lsastring->Length = (USHORT)len * sizeof(WCHAR);
+    lsastring->MaximumLength = (USHORT)(len + 1) * sizeof(WCHAR);
+  }
+}
+
+static void lsacstr(PLSA_UNICODE_STRING lsastring,
+                    LPCSTR srcstring)
+{
+  DWORD len;
+  lsastring->Buffer = NULL;
+  lsastring->Length = 0;
+  lsastring->MaximumLength = 0;
+  if (srcstring) {
+    len = strlen(srcstring);
+    lsastring->Length = (USHORT)len * sizeof(WCHAR);
+    lsastring->MaximumLength = (USHORT)(len + 1) * sizeof(WCHAR);
+    lsastring->Buffer = malloc(lsastring->MaximumLength);
+    wsprintfW(lsastring->Buffer, L"%hS", srcstring);
+  }
+}
+
+BOOL dispntstatus(NTSTATUS  ntstatusval,
+                  LPSTR *   dispstatus)
+{
+  BOOL  retval = FALSE;
+  LPSTR strfmtstatus;
+  DWORD winerrno;
+  *dispstatus = NULL;
+  if (s_advapi->LsaNtStatusToWinError) {
+    winerrno = s_advapi->LsaNtStatusToWinError(ntstatusval);
+    DWORD buffsz = 0;
+    buffsz = FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
+                            NULL,
+                            winerrno,
+                            GetUserDefaultLangID(),
+                            (LPSTR) &strfmtstatus,
+                            0,
+                            NULL);
+    *dispstatus = malloc(buffsz + 1);
+    memcpy(*dispstatus, strfmtstatus, buffsz);
+    (*dispstatus)[buffsz] = 0;
+    free(strfmtstatus);
+    retval = TRUE;
+  }
+  return (retval);
+}
+
+BOOL dispwinstatus(LPSTR *dispstatus)
+{
+  LPSTR strfmtstatus;
+  DWORD buffsz = 0;
+  *dispstatus = NULL;
+  buffsz = FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
+                          NULL,
+                          GetLastError(),
+                          GetUserDefaultLangID(),
+                          (LPSTR) &strfmtstatus,
+                          0,
+                          NULL);
+  *dispstatus = malloc(buffsz + 1); 
+  memcpy(*dispstatus, strfmtstatus, buffsz); 
+  (*dispstatus)[buffsz] = 0;
+  free(strfmtstatus);
+  return TRUE;
+}
+
 static void  loadadvapifuncs (void)
 {
   if (s_advapi != NULL)
@@ -218,20 +413,83 @@
   s_advapi_hnd = LoadLibrary("advapi32.dll");
   if (s_advapi_hnd) {
     ldebug ("Loading advapi functions from library.");
+
+    /* XXX: Note that we don't even attempt to handle non-ascii charsets yet.
+     * Refactoring for wide charsets must be done cautiously as these API calls
+     * have known inconsistent and potentially vulnernable semantic differences
+     * between the single byte ascii and wide character type of invocation.
+     * (for example, LogonUserW fails without a Domain passed, etc.)
+     */
     s_advapi->AllocateAndInitializeSid = (PFnAllocateAndInitializeSid) GetProcAddress(s_advapi_hnd, "AllocateAndInitializeSid");
     s_advapi->FreeSid = (PFnFreeSid) GetProcAddress(s_advapi_hnd, "FreeSid");
     s_advapi->CheckTokenMembership = (PFnCheckTokenMembership) GetProcAddress(s_advapi_hnd, "CheckTokenMembership");
     s_advapi->LsaOpenPolicy = (PFnLsaOpenPolicy) GetProcAddress(s_advapi_hnd, "LsaOpenPolicy");
     s_advapi->LsaLookupNames2 = (PFnLsaLookupNames2) GetProcAddress(s_advapi_hnd, "LsaLookupNames2");
+    s_advapi->LsaCreateAccount = (PFnLsaCreateAccount) GetProcAddress(s_advapi_hnd, "LsaCreateAccount");
+    s_advapi->LsaOpenAccount = (PFnLsaOpenAccount) GetProcAddress(s_advapi_hnd, "LsaOpenAccount");
     s_advapi->LsaAddAccountRights = (PFnLsaAddAccountRights) GetProcAddress(s_advapi_hnd, "LsaAddAccountRights");
     s_advapi->LsaRemoveAccountRights = (PFnLsaRemoveAccountRights) GetProcAddress(s_advapi_hnd, "LsaRemoveAccountRights");
     s_advapi->LsaEnumerateAccountRights = (PFnLsaEnumerateAccountRights) GetProcAddress(s_advapi_hnd, "LsaEnumerateAccountRights");
+    s_advapi->LsaLookupPrivilegeValue = (PFnLsaLookupPrivilegeValue) GetProcAddress(s_advapi_hnd, "LsaLookupPrivilegeValue");
+    s_advapi->LsaAddPrivilegesToAccount = (PFnLsaAddPrivilegesToAccount) GetProcAddress(s_advapi_hnd, "LsaAddPrivilegesToAccount");
+    s_advapi->ImpersonateLoggedOnUser = (PFnImpersonateLoggedOnUser) GetProcAddress(s_advapi_hnd, "ImpersonateLoggedOnUser");
+    s_advapi->ImpersonateAnonymousToken = (PFnImpersonateAnonymousToken) GetProcAddress(s_advapi_hnd, "ImpersonateAnonymousToken");
+    s_advapi->CreateRestrictedToken = (PFnCreateRestrictedToken) GetProcAddress(s_advapi_hnd, "CreateRestrictedToken");
+    s_advapi->RevertToSelf = (PFnRevertToSelf) GetProcAddress(s_advapi_hnd, "RevertToSelf");
+    s_advapi->LookupPrivilegeValue = (PFnLookupPrivilegeValue) GetProcAddress(s_advapi_hnd, "LookupPrivilegeValueA");
     s_advapi->AdjustTokenPrivileges = (PFnAdjustTokenPrivileges) GetProcAddress(s_advapi_hnd, "AdjustTokenPrivileges");
     s_advapi->LsaNtStatusToWinError = (PFnLsaNtStatusToWinError) GetProcAddress(s_advapi_hnd, "LsaNtStatusToWinError");
+    s_advapi->LookupAccountName = (PFnLookupAccountName) GetProcAddress(s_advapi_hnd, "LookupAccountNameA");
+    s_advapi->LogonUser = (PFnLogonUser) GetProcAddress(s_advapi_hnd, "LogonUserA");
+    s_advapi->LogonUserEx = (PFnLogonUserEx) GetProcAddress(s_advapi_hnd, "LogonUserExA");
+    s_advapi->GetFileSecurity = (PFnGetFileSecurity) GetProcAddress(s_advapi_hnd, "GetFileSecurityA");
+    s_advapi->SetFileSecurity = (PFnSetFileSecurity) GetProcAddress(s_advapi_hnd, "SetFileSecurityA");
+    s_advapi->GetSecurityInfo = (PFnGetSecurityInfo) GetProcAddress(s_advapi_hnd, "GetSecurityInfo");
+    s_advapi->SetSecurityInfo = (PFnSetSecurityInfo) GetProcAddress(s_advapi_hnd, "SetSecurityInfo");
+    s_advapi->GetNamedSecurityInfo = (PFnGetNamedSecurityInfo) GetProcAddress(s_advapi_hnd, "GetNamedSecurityInfoA");
+    s_advapi->SetNamedSecurityInfo = (PFnSetNamedSecurityInfo) GetProcAddress(s_advapi_hnd, "SetNamedSecurityInfoA");
+
+    s_advapi->AllocateAndInitializeSid ? ldebug ("Loaded symbol AllocateAndInitializeSid") : ldebug ("DID NOT find symbol AllocateAndInitializeSid");
+    s_advapi->FreeSid ? ldebug ("Loaded symbol FreeSid") : ldebug ("DID NOT find symbol FreeSid");
+    s_advapi->CheckTokenMembership ? ldebug ("Loaded symbol CheckTokenMembership") : ldebug ("DID NOT find symbol CheckTokenMembership");
+    s_advapi->LsaOpenPolicy ? ldebug ("Loaded symbol LsaOpenPolicy") : ldebug ("DID NOT find symbol LsaOpenPolicy");
+    s_advapi->LsaLookupNames2 ? ldebug ("Loaded symbol LsaLookupNames2") : ldebug ("DID NOT find symbol LsaLookupNames2");
+    s_advapi->LsaCreateAccount ? ldebug ("Loaded symbol LsaCreateAccount") : ldebug ("DID NOT find symbol LsaCreateAccount");
+    s_advapi->LsaOpenAccount ? ldebug ("Loaded symbol LsaOpenAccount") : ldebug ("DID NOT find symbol LsaOpenAccount");
+    s_advapi->LsaAddAccountRights ? ldebug ("Loaded symbol LsaAddAccountRights") : ldebug ("DID NOT find symbol LsaAddAccountRights");
+    s_advapi->LsaRemoveAccountRights ? ldebug ("Loaded symbol LsaRemoveAccountRights") : ldebug ("DID NOT find symbol LsaRemoveAccountRights");
+    s_advapi->LsaEnumerateAccountRights ? ldebug ("Loaded symbol LsaEnumerateAccountRights") : ldebug ("DID NOT find symbol LsaEnumerateAccountRights");
+    s_advapi->LsaLookupPrivilegeValue ? ldebug ("Loaded symbol LsaLookupPrivilegeValue") : ldebug ("DID NOT find symbol LsaLookupPrivilegeValue");
+    s_advapi->LsaAddPrivilegesToAccount ? ldebug ("Loaded symbol LsaAddPrivilegesToAccount") : ldebug ("DID NOT find symbol LsaAddPrivilegesToAccount");
+    s_advapi->ImpersonateLoggedOnUser ? ldebug ("Loaded symbol ImpersonateLoggedOnUser") : ldebug ("DID NOT find symbol ImpersonateLoggedOnUser");
+    s_advapi->ImpersonateAnonymousToken ? ldebug ("Loaded symbol ImpersonateAnonymousToken") : ldebug ("DID NOT find symbol ImpersonateAnonymousToken");
+    s_advapi->CreateRestrictedToken ? ldebug ("Loaded symbol CreateRestrictedToken") : ldebug ("DID NOT find symbol CreateRestrictedToken");
+    s_advapi->RevertToSelf ? ldebug ("Loaded symbol RevertToSelf") : ldebug ("DID NOT find symbol RevertToSelf");
+    s_advapi->LookupPrivilegeValue ? ldebug ("Loaded symbol LookupPrivilegeValue") : ldebug ("DID NOT find symbol LookupPrivilegeValue");
+    s_advapi->AdjustTokenPrivileges ? ldebug ("Loaded symbol AdjustTokenPrivileges") : ldebug ("DID NOT find symbol AdjustTokenPrivileges");
+    s_advapi->LsaNtStatusToWinError ? ldebug ("Loaded symbol LsaNtStatusToWinError") : ldebug ("DID NOT find symbol LsaNtStatusToWinError");
+    s_advapi->LogonUser ? ldebug ("Loaded symbol LogonUser") : ldebug ("DID NOT find symbol LogonUser");
+    s_advapi->LogonUserEx ? ldebug ("Loaded symbol LogonUserEx") : ldebug ("DID NOT find symbol LogonUserEx");
+    s_advapi->GetFileSecurity ? ldebug ("Loaded symbol GetFileSecurity") : ldebug ("DID NOT find symbol GetFileSecurity");
+    s_advapi->SetFileSecurity ? ldebug ("Loaded symbol SetFileSecurity") : ldebug ("DID NOT find symbol SetFileSecurity");
+    s_advapi->GetSecurityInfo ? ldebug ("Loaded symbol GetSecurityInfo") : ldebug ("DID NOT find symbol GetSecurityInfo");
+    s_advapi->SetSecurityInfo ? ldebug ("Loaded symbol SetSecurityInfo") : ldebug ("DID NOT find symbol SetSecurityInfo");
+    s_advapi->GetNamedSecurityInfo ? ldebug ("Loaded symbol GetNamedSecurityInfo") : ldebug ("DID NOT find symbol GetNamedSecurityInfo");
+    s_advapi->SetNamedSecurityInfo ? ldebug ("Loaded symbol SetNamedSecurityInfo") : ldebug ("DID NOT find symbol SetNamedSecurityInfo");
   }
   else {
     ldebug ("No advapi library located; unable to map API functions.");
   }
+  s_userenv_hnd = LoadLibrary("userenv.dll");
+  if (s_userenv_hnd) {
+    ldebug ("Loading userenv functions from library.");
+    s_advapi->LoadUserProfile = (PFnLoadUserProfile) GetProcAddress(s_userenv_hnd, "LoadUserProfileA");
+    s_advapi->LoadUserProfile ? ldebug ("Loaded symbol LoadUserProfile") : ldebug ("DID NOT find symbol LoadUserProfile");
+  }
+  else {
+    ldebug ("No userenv library located; unable to map API functions.");
+  }
+
   return;
 }
 
@@ -243,6 +501,9 @@
   HMODULE   module;
   PFnIsUserAnAdmin  pfnIsUserAnAdmin;
   
+  if (s_advapi == NULL)
+    loadadvapifuncs();
+
   /* use IsUserAnAdmin when possible (Vista or greater).  otherwise we fall back to checking
    * token membership manually.  For Vista and greater we want to know if we are currently running
    * with Administrator rights, not only that user is a member of Administrator group.
@@ -251,6 +512,7 @@
   if (module) {
     pfnIsUserAnAdmin = (PFnIsUserAnAdmin) GetProcAddress(module, "IsUserAnAdmin");
     if (pfnIsUserAnAdmin) {
+      ldebug ("Using shell32.dll API to check for admin rights.");
       isadmin = pfnIsUserAnAdmin();
       FreeLibrary(module);
       return isadmin;
@@ -258,12 +520,10 @@
     FreeLibrary(module);
   }
 
-  if (s_advapi == NULL)
-    loadadvapifuncs();
-
   if (s_advapi->AllocateAndInitializeSid && 
       s_advapi->CheckTokenMembership &&
       s_advapi->FreeSid) {
+    ldebug ("Using advapi32 to check for admin rights.");
     if(s_advapi->AllocateAndInitializeSid(&ntauth,
                                             2,
                                             SECURITY_BUILTIN_DOMAIN_RID,
@@ -279,9 +539,317 @@
       s_advapi->FreeSid(admgroup);
     }
   }
+  else {
+    ldebug ("Unable to check for admin rights; no suitable library found.");
+  }
   return isadmin;
 }
 
+/* XXX not used yet... vista, svr2008, win7 ex api.
+ * when as service with SYSTEM can launch to active desktop
+ * and enforce admin / resitricted user rights for Tor apps.
+ */
+static BOOL setupexuser(userinfo  *info)
+{
+  HWINSTA savesta;
+  HWINSTA newsta;
+  HDESK  hdesk;
+  DWORD  deskopts = 0;
+  SECURITY_ATTRIBUTES  dsa;
+  LPSTR errmsg;
+
+#if 0  /* XXX no station or desktop enumeration callbacks yet. */
+  if (!EnumWindowStations(&_enumscb,
+                          NULL)) {
+    dispwinstatus(&errmsg);
+    ldebug("EnumWindowStations failed.  Error code: %s", errmsg);
+  }
+  else {
+    ldebug("EnumWindowStations finished.");
+  }
+#endif /* no enum */
+
+  savesta = GetProcessWindowStation();
+  /* XXX test config, only defaults supported. note rights are too permissive. */
+  newsta = OpenWindowStation("WinSta0",
+                             TRUE,
+                             READ_CONTROL | WRITE_DAC | WINSTA_ALL_ACCESS);
+  if (newsta) {
+    ldebug("OpenWindowStation passed.");
+    SetProcessWindowStation(newsta);
+    /* default, screen-saver, and Winlogon desktops expected at primary station.
+     * you don't get to mess with Winlogon unless you re-write GINA. patches welcome. :)
+     */
+#if 0  /* XXX no station or desktop enumeration callbacks yet. */
+    if (!EnumDesktopsA(newsta,
+                       &_enumdcb,
+                       NULL)) {
+      dispwinstatus(&errmsg);
+      ldebug("EnumDesktops failed.  Error code: %s", errmsg);
+    }
+    else {
+      ldebug("EnumDesktops finished.");
+    }
+#endif /* no enum */
+
+    deskopts = READ_CONTROL | WRITE_DAC | WRITE_OWNER |
+               DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE |
+               DESKTOP_HOOKCONTROL | DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD |
+               DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS;
+    hdesk = OpenDesktop(info->name,
+                        0,
+                        TRUE,
+                        deskopts);
+    if (hdesk) {
+      ldebug("OpenDesktop \"%s\" passed.", info->name);
+    }
+    else { 
+      dispwinstatus(&errmsg);
+      ldebug("OpenDesktop failed.  Error code: %s", errmsg);
+      ZeroMemory( &dsa, sizeof(dsa) );
+      dsa.nLength = sizeof(SECURITY_ATTRIBUTES);
+      dsa.bInheritHandle = TRUE; 
+      dsa.lpSecurityDescriptor = NULL;
+      hdesk = CreateDesktop(info->name,
+                            NULL,
+                            NULL,
+                            0,
+                            deskopts,
+                            &dsa);
+      if (!hdesk) {
+        dispwinstatus(&errmsg);
+        ldebug("CreateDesktop \"%s\" failed.  Error code: %s", info->name, errmsg);
+      }
+      else {
+        ldebug("CreateDesktop \"%s\" passed.", info->name);
+      }
+    }
+    if (hdesk) {
+      if (!SwitchDesktop(hdesk)) {
+        dispwinstatus(&errmsg);
+        ldebug("SwitchDesktop failed.  Error code: %s", errmsg);
+      }
+      else {
+        ldebug("SwitchDesktop passed.");
+      }
+    }
+  }
+  else {
+    dispwinstatus(&errmsg);
+    ldebug("OpenWindowStation failed.  Error code: %s", errmsg);
+  }
+
+  if (!s_advapi->ImpersonateLoggedOnUser(info->hnd)) {
+    dispwinstatus(&errmsg);
+    ldebug("ImpersonateLoggedOnUser failed.  Error code: %s", errmsg);
+  }
+  else {
+    ldebug("ImpersonateLoggedOnUser passed.");
+  }
+
+  return TRUE;
+}
+
+BOOL createruser (LPTSTR  hostname,
+                  LPTSTR  username,
+                  userinfo  **info)
+{
+  BOOL  retval = FALSE;
+  LSA_HANDLE accthnd;
+  LSA_HANDLE policyhnd;
+  ULONG prevaccess;
+  NTSTATUS  ntstatus;
+  SID *acctsid = NULL;
+  DWORD sidsz = 1024;
+  DWORD domainsz = 0;
+  PROFILEINFO pi;
+  LSA_OBJECT_ATTRIBUTES  policyattrs;
+  LSA_UNICODE_STRING lsahostname;
+  SID_NAME_USE acctuse;
+  PRIVILEGE_SET ps;
+  LUID_AND_ATTRIBUTES luidattr;
+  LSA_UNICODE_STRING lsaprivname;
+  LPSTR errmsg;
+
+  *info = NULL;
+  *info = malloc(sizeof(userinfo));
+  (*info)->name = strdup(username);
+  (*info)->host = strdup(hostname);
+
+  memset(&policyattrs, 0, sizeof(policyattrs));
+  memset(&pi, 0, sizeof(pi));
+  lsacstr(&lsahostname, hostname);
+  acctsid = malloc(sidsz);
+
+  if (s_advapi == NULL)
+    loadadvapifuncs();
+
+  if (s_advapi->LsaOpenPolicy &&
+      s_advapi->LookupAccountName &&
+      s_advapi->LsaAddAccountRights) {
+    ldebug("Creating restricted user account: %s\\%s", hostname, username);
+    runcommand("net.exe user Tor  \"\" /add",NULL);
+    runcommand("net.exe localgroup Users Tor /add",NULL);
+    /* just to be sure in case someone did something stupid with local or domain policy ... */
+    runcommand("net.exe localgroup Administrators Tor /delete",NULL);
+    /* this may need to be removed... */
+    runcommand("net.exe accounts /maxpwage:unlimited",NULL);
+
+    ntstatus = s_advapi->LsaOpenPolicy(&lsahostname,
+                                       &policyattrs,
+                                       POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES,
+                                       &policyhnd);
+    if (ntstatus) {
+      dispntstatus(ntstatus, &errmsg);
+      ldebug("LsaOpenPolicy failed.  Error code: %s", errmsg);
+    }
+    ldebug("LsaOpenPolicy passed.");
+    /* XXX: should check for insufficient buffer in sidsz fail */
+    ntstatus = s_advapi->LookupAccountName(hostname,
+                                           username,
+                                           acctsid,
+                                           &sidsz,
+                                           0,
+                                           &domainsz,
+                                           &acctuse);
+    if (ntstatus) {
+      dispntstatus(ntstatus, &errmsg);
+      ldebug("LookupAccountName failed.  Error code: %s", errmsg);
+    }
+    else {
+      ldebug("LookupAccountName passed.");
+      retval = TRUE;
+    }
+
+#if 0
+/* XXX: more not-yet support service / vista+ api ... */
+    lsacstr(&lsaprivname, "SeInteractiveLogonRight");
+    ntstatus = s_advapi->LsaLookupPrivilegeValue(policyhnd,
+                                                 &lsaprivname,
+                                                 &luidattr.Luid);
+    if (ntstatus) {
+      dispntstatus(ntstatus, &errmsg);
+      ldebug("LsaLookupPrivilegeValue failed.  Error code: %s", errmsg);
+      if (! s_advapi->LookupPrivilegeValue(0,
+                                           "SeInteractiveLogonRight",
+                                           &luidattr.Luid)) {
+        dispwinstatus(&errmsg);
+        ldebug("LookupPrivilegeValue failed.  Error code: %s", errmsg);
+      }
+    }
+    ldebug("LsaLookupPrivilegeValue passed.");
+
+    luidattr.Attributes=0;
+    ps.PrivilegeCount=1;
+    ps.Control=0;
+    ps.Privilege[0]=luidattr;
+    ntstatus = s_advapi->LsaOpenAccount(policyhnd,
+                                        acctsid,
+                                        ACCOUNT_ADJUST_PRIVILEGES,
+                                        &accthnd);
+    if (ntstatus) {
+      dispntstatus(ntstatus, &errmsg);
+      ldebug("LsaOpenAccount failed with error: %s , trying CreateAccount ...", errmsg);
+      ntstatus = s_advapi->LsaCreateAccount(policyhnd,
+                                            acctsid,
+                                            ACCOUNT_ADJUST_PRIVILEGES,
+                                            &accthnd);
+      if (ntstatus) {
+        dispntstatus(ntstatus, &errmsg);
+        ldebug("LsaCreateAccount failed.  Error code: %s", errmsg);
+      }
+    }
+    ldebug("LsaOpenAccount/LsaCreateAccount passed.");
+
+    ntstatus = s_advapi->LsaAddPrivilegesToAccount(accthnd,
+                                                   &ps);
+    if (ntstatus) {
+      dispntstatus(ntstatus, &errmsg);
+      ldebug("LsaAddPrivilegesToAccount failed.  Error code: %s", errmsg);
+    }
+
+    if (!LogonUser(username,
+                   hostname,
+                   "",
+                   LOGON32_LOGON_INTERACTIVE,
+                   LOGON32_PROVIDER_DEFAULT,
+                   &((*info)->hnd))) {
+      dispwinstatus(&errmsg);
+      ldebug("LogonUser failed.  Error code: %s", errmsg);
+    }
+    else {
+      ldebug("LogonUser passed.");
+    }
+
+    if (!SetHandleInformation ((*info)->hnd,
+                               HANDLE_FLAG_INHERIT,
+                               HANDLE_FLAG_INHERIT)) {
+      dispwinstatus(&errmsg);
+      ldebug("SetHandleInformation failed for user login handle.  Error code: %s", errmsg);
+    }
+    else {
+      ldebug("SetHandleInformation inheritable passed.");
+    }
+
+    pi.dwSize = sizeof(pi);
+    pi.lpUserName = username;
+    pi.dwFlags = PI_NOUI;
+    // pi.hProfile is registry hive ref
+    if (!s_advapi->LoadUserProfile((*info)->hnd,
+                                   &pi)) {
+      dispwinstatus(&errmsg);
+      ldebug("LoadUserProfile failed.  Error code: %s", errmsg);
+    }
+    ldebug("LoadUserProfile passed.");
+#endif /* XXX vista api */
+
+  }
+  else {
+    ldebug("Failed to load all required advapi32 symbols in create restricted user.");
+  }
+
+  return (retval);
+}
+
+BOOL userswitcher(void)
+{
+  LPTSTR  errmsg;
+  if (!LockWorkStation()) {
+    dispwinstatus(&errmsg);
+    ldebug("LockWorkStation failed.  Error code: %s", errmsg);
+    free(errmsg);
+    return FALSE;
+  }
+  ldebug("LockWorkStation for user switch passed.");
+  return TRUE;
+}
+
+BOOL initruserprofile(userinfo * info)
+{
+  LPTSTR relpath;
+  LPTSTR imgsrc;
+  LPTSTR imgdest;
+  ldebug ("Initializing user profile %s on host %s.", info->name, info->host);
+  if (!buildfpath(PATH_FQ, VMDIR_LIB, NULL, "torvmuser.bmp", &imgsrc)) {
+    lerror ("Unable to build path for profile image in lib dir.");
+    return FALSE;
+  }
+  relpath = malloc(1024);
+  snprintf(relpath, 1023, "Application Data\\Microsoft\\User Account Pictures\\%s.bmp", info->name);
+  if (!buildsyspath(SYSDIR_ALLPROFILE, relpath, &imgdest)) {
+    lerror ("Unable to build path for all users profile destination.");
+    free(imgsrc);
+    return FALSE;
+  } 
+  if (!copyfile(imgsrc, imgdest)) {
+    ldebug ("Failed to copy user profile image from %s to %s.", imgsrc, imgdest);
+  }
+  free(relpath);
+  free(imgsrc);
+  free(imgdest);
+  return TRUE;
+}
+
 BOOL entropy (LPBYTE buf,
               DWORD  len)
 {

Modified: torvm/trunk/build/win32/src/torvm-w32/creds.h
===================================================================
--- torvm/trunk/build/win32/src/torvm-w32/creds.h	2009-04-19 04:34:34 UTC (rev 19349)
+++ torvm/trunk/build/win32/src/torvm-w32/creds.h	2009-04-20 02:43:01 UTC (rev 19350)
@@ -8,6 +8,18 @@
 #include <ntsecpkg.h>
 #include <ntsecapi.h>
 
+typedef struct s_userinfo {
+  BOOL    isrestricted;
+  BOOL    isadmin;
+  BOOL    isinteractive;
+  LPTSTR  name;
+  LPTSTR  host;
+  HANDLE  hnd;
+  struct s_rconnelem * next;
+} userinfo;
+
+BOOL userswitcher (void);
+
 /* We gotta have 'em! */
 BOOL haveadminrights (void);
 
@@ -18,6 +30,14 @@
  */
 BOOL setdriversigning (BOOL sigcheck);
 
+/* Create or open restricted user account. */
+BOOL createruser (LPTSTR  hostname,
+                  LPTSTR  username,
+                  userinfo **info);
+
+BOOL initruserprofile(userinfo *info);
+                      
+
 /* Obtain entropy from Crypto API */
 BOOL entropy (LPBYTE buf,
               DWORD  len);

Modified: torvm/trunk/build/win32/src/torvm-w32/torvm.c
===================================================================
--- torvm/trunk/build/win32/src/torvm-w32/torvm.c	2009-04-19 04:34:34 UTC (rev 19349)
+++ torvm/trunk/build/win32/src/torvm-w32/torvm.c	2009-04-20 02:43:01 UTC (rev 19350)
@@ -4,12 +4,6 @@
 #include "torvm.h"
 #include <getopt.h>
 
-#define DEFAULT_WINDIR "C:\\WINDOWS"
-#define TOR_VM_BASE    "Tor_VM"
-#define W_TOR_VM_BASE  L"Tor_VM"
-#define TOR_VM_BIN     "bin"
-#define TOR_VM_LIB     "lib"
-#define TOR_VM_STATE   "state"
 #define WIN_DRV_DIR    "system32\\drivers"
 #define TOR_TAP_NAME   "Tor VM Tap32"
 #define TOR_TAP_SVC    "tortap91"
@@ -23,33 +17,7 @@
 #define TOR_HDD_FILE   "hdd.img"
 #define QEMU_DEF_MEM   32
 #define CAP_MTU        1480
-#define CMDMAX         4096
 
-BOOL buildpath (const TCHAR *dirname,
-                TCHAR **fullpath);
-
-#define PATH_FQ        1
-#define PATH_RELATIVE  2
-#define PATH_MSYS      3
-#define VMDIR_BASE     1
-#define VMDIR_BIN      2
-#define VMDIR_LIB      3
-#define VMDIR_STATE    4
-static BOOL buildfpath (DWORD   pathtype,
-                        DWORD   subdirtype,
-                        LPTSTR  wdpath,
-                        LPTSTR  append,
-			LPTSTR *fpath);
-
-#define SYSDIR_WINROOT     1
-#define SYSDIR_PROFILE     2
-#define SYSDIR_PROGRAMS    3
-#define SYSDIR_LCLDATA     4
-#define SYSDIR_LCLPROGRAMS 5
-static BOOL buildsyspath (DWORD   syspathtype,
-                          LPTSTR  append,
-                          LPTSTR *fpath);
-
 struct s_rconnelem {
   BOOL    isactive;
   BOOL    isdefgw;
@@ -236,67 +204,6 @@
   return;
 }
 
-static BOOL buildsyspath (DWORD  syspathtype,
-                          LPTSTR append,
-                          LPTSTR *fpath)
-{
-  DWORD   retval;
-  DWORD   errnum;
-  LPTSTR  defval = NULL;
-  LPTSTR  envvar;
-  LPTSTR  dsep = "\\";
-  *fpath = malloc(CMDMAX * sizeof(TCHAR));
-  if(*fpath == NULL) {
-    lerror ("buildsyspath: out of memory.");
-    free(envvar);
-    return FALSE;
-  }
-  if (syspathtype == SYSDIR_WINROOT) {
-    envvar = getenv("SYSTEMROOT");
-    defval = DEFAULT_WINDIR;
-  }
-  else if (syspathtype == SYSDIR_PROFILE)
-    envvar = getenv("USERPROFILE");
-  else if (syspathtype == SYSDIR_PROGRAMS)
-    envvar = getenv("PROGRAMFILES");
-  else if (syspathtype == SYSDIR_LCLDATA)
-    envvar = getenv("USERPROFILE");
-  else if (syspathtype == SYSDIR_LCLPROGRAMS)
-    envvar = getenv("USERPROFILE");
-  if(!envvar) {
-    if (defval) {
-      strncpy(*fpath, defval, (CMDMAX -1));
-      return TRUE;
-    }
-    free(*fpath);
-    *fpath = 0;
-    return FALSE;
-  }
-  if ( (syspathtype == SYSDIR_LCLPROGRAMS) || (syspathtype == SYSDIR_LCLDATA) ) {
-    LPTSTR lclpost = 0;
-    if (syspathtype == SYSDIR_LCLPROGRAMS)
-      lclpost = "Programs";
-    /* local appdata and programs is built against the user profile root */
-    snprintf (*fpath, (CMDMAX -1),
-              "%s%s%s%s%s%s%s",
-              envvar,
-              dsep,
-              "Local Settings\\Application Data",
-              lclpost ? dsep : "",
-              lclpost ? lclpost : "",
-              append ? dsep : "",
-              append ? append : "");
-  }
-  else {
-    snprintf (*fpath, (CMDMAX -1),
-              "%s%s%s",
-              envvar,
-              append ? dsep : "",
-              append ? append : "");
-  }
-  return TRUE;
-}
-
 static BOOL escquote(LPTSTR  path,
                      LPTSTR *epath)
 {
@@ -325,148 +232,6 @@
   return TRUE;
 }
 
-/* initial attempt to keep file locations dynamic and configurable.
- */
-static BOOL buildfpath (DWORD   pathtype,
-                        DWORD   subdirtype,
-                        LPTSTR  wdpath,
-                        LPTSTR  append,
-			LPTSTR *fpath)
-{
-  LPTSTR basepath;
-  DWORD  buflen;
-  *fpath = NULL;
-  LPTSTR dsep = "\\";
-  if (pathtype == PATH_RELATIVE) {
-    if (!wdpath) {
-      basepath = strdup(".");
-    }
-    else {
-      /* TODO: for now, we check if we're in one of the bin/lib/state subdirs
-       * and adjust accordingly.  what we really need to do is is build a full
-       * relative path based on cwd for situations when we might be executing
-       * in a location other than the usual subdirs above.
-       */
-      if ( (strstr(wdpath, "\\" TOR_VM_BIN)) ||
-           (strstr(wdpath, "\\" TOR_VM_LIB)) || 
-           (strstr(wdpath, "\\" TOR_VM_STATE))   ) {
-	basepath = (pathtype == PATH_MSYS) ? strdup("../") : strdup("..\\");
-      }
-    }
-  }
-  else {
-    if (!getmypath(&basepath)) {
-      lerror ("Unable to get current process working directory.");
-      /* TODO: what fallbacks should be used? check common locations? */
-      return FALSE;
-    }
-    if (pathtype == PATH_MSYS) {
-      /* TODO: split drive and path, then sub dir separator */
-      dsep = "/";
-    }
-    /* truncate off our program name from the basepath */
-    if (strlen(basepath) > 1) {
-      LPTSTR cp = basepath + strlen(basepath) - 1;
-      while (cp > basepath && *cp) {
-        if (*cp == '\\')
-	  *cp = 0;
-	else
-	  cp--;
-      }
-    }
-  }
-  buflen = strlen(basepath) + 32; /* leave plenty of room for subdir */
-  if (append)
-    buflen += strlen(append);
-  *fpath = malloc(buflen);
-  **fpath = 0;
-  if (subdirtype == VMDIR_BASE) {
-    snprintf (*fpath, buflen-1,
-              "%s%s%s",
-	      basepath,
-	      append ? dsep : "",
-	      append ? append : "");
-  }
-  else {
-    LPTSTR csd = "";
-    if (subdirtype == VMDIR_BIN)
-      csd = TOR_VM_BIN;
-    else if (subdirtype == VMDIR_LIB)
-      csd = TOR_VM_LIB;
-    else if (subdirtype == VMDIR_STATE)
-      csd = TOR_VM_STATE;
-
-    snprintf (*fpath, buflen-1,
-              "%s%s%s%s%s",
-	      basepath,
-	      dsep,
-	      csd,
-	      append ? dsep : "",
-	      append ? append : "");
-  }
-  ldebug ("Returning build file path %s for path type %d subdir type %d working path %s and append %s", *fpath, pathtype, subdirtype, wdpath ? wdpath : "", append ? append : "");
-
-  free (basepath);
-  return TRUE;
-}
-
-BOOL exists(LPTSTR path)
-{
-  HANDLE  hnd;
-  hnd = CreateFile (path,
-                    GENERIC_READ,
-                    0,
-                    NULL,
-                    OPEN_EXISTING,
-                    FILE_ATTRIBUTE_NORMAL,
-                    NULL);
-  if (hnd == INVALID_HANDLE_VALUE) {
-    return FALSE;
-  }
-  CloseHandle(hnd);
-  return TRUE;
-}
-
-BOOL copyfile (LPTSTR srcpath,
-               LPTSTR destpath)
-{
-  HANDLE src, dest;
-  DWORD buffsz = CMDMAX;
-  DWORD len, written;
-  LPTSTR buff;
-  src = CreateFile (srcpath,
-                    GENERIC_READ,
-                    0,
-                    NULL,
-                    OPEN_EXISTING,
-                    FILE_ATTRIBUTE_NORMAL,
-                    NULL);
-  if (src == INVALID_HANDLE_VALUE) {
-    return FALSE;
-  }
-  DeleteFile (destpath);
-  dest = CreateFile (destpath,
-                     GENERIC_WRITE,
-                     0,
-                     NULL,
-                     CREATE_NEW,
-                     FILE_ATTRIBUTE_NORMAL,
-                     NULL);
-  if (dest == INVALID_HANDLE_VALUE) {
-    return FALSE;
-  }
-  buff = malloc(buffsz);
-  if (!buff) 
-    return FALSE;
-  while (ReadFile(src, buff, buffsz, &len, NULL) && (len > 0)) 
-    WriteFile(dest, buff, len, &written, NULL);
-  free (buff);
-  CloseHandle (src);
-  CloseHandle (dest);
-
-  return TRUE;
-}
-
 BOOL copyvidaliacfg (LPTSTR srcpath,
                      LPTSTR destpath,
                      LPTSTR datadir,
@@ -633,7 +398,7 @@
   free (cmd);
 
   while ( GetExitCodeProcess(pi.hProcess, &exitcode) && (exitcode == STILL_ACTIVE) ) {
-    Sleep (200);
+    Sleep (500);
   }
   CloseHandle(pi.hThread);
   CloseHandle(pi.hProcess);
@@ -854,7 +619,7 @@
 {
   LPTSTR fname = NULL;
   LPTSTR cmd = "\"net.exe\" stop tornpf";
-  if (! runcommand(cmd)) {
+  if (! runcommand(cmd,NULL)) {
     lerror ("Unable to run net stop for tornpf service.");
   }
   if (0) { /* XXX: for now we don't ever delete the npf device file. */
@@ -893,7 +658,7 @@
    */
   if (getosversion() >= OS_VISTA) {
     cmd = "\"netsh.exe\" advfirewall export \"" TOR_VM_STATE "\\firewall.wfw\"";
-    runcommand(cmd);
+    runcommand(cmd,NULL);
     linfo ("Saved current firewall configuration state.");
   }
 
@@ -988,7 +753,7 @@
 
   if (getosversion() >= OS_VISTA) {
     cmd = "\"netsh.exe\" advfirewall import \"" TOR_VM_STATE "\\firewall.wfw\"";
-    runcommand(cmd);
+    runcommand(cmd,NULL);
     linfo ("Imported saved firewall configuration.");
   }
 
@@ -1020,7 +785,7 @@
   }
 
   while ( GetExitCodeProcess(pi.hProcess, &exitcode) && (exitcode == STILL_ACTIVE) ) {
-    Sleep (200);
+    Sleep (500);
   }
 
   CloseHandle(pi.hThread);
@@ -1033,48 +798,6 @@
   return TRUE;  
 }
 
-BOOL runcommand(LPSTR cmd)
-{
-  STARTUPINFO si;
-  PROCESS_INFORMATION pi;
-  LPTSTR dir = NULL;
-  DWORD exitcode;
-  DWORD opts = 0;
-
-  opts = CREATE_NEW_PROCESS_GROUP;
-
-  if (!buildfpath(PATH_FQ, VMDIR_BIN, NULL, NULL, &dir)) {
-    lerror ("Unable to build path for bin dir.");
-    return FALSE;
-  }
-
-  ZeroMemory( &pi, sizeof(pi) );
-  ZeroMemory( &si, sizeof(si) );
-  si.cb = sizeof(si);
-
-  if( !CreateProcess(NULL,
-                     cmd,
-                     NULL,   // process handle no inherit
-                     NULL,   // thread handle no inherit
-                     FALSE,  // default handle inheritance false
-                     opts,
-                     NULL,   // environment block
-                     dir,
-                     &si,
-                     &pi) ) {
-    lerror ("Failed to launch process.  Error code: %d", GetLastError());
-    return FALSE;
-  }
-
-  while ( GetExitCodeProcess(pi.hProcess, &exitcode) && (exitcode == STILL_ACTIVE) ) {
-    Sleep (200);
-  }
-  CloseHandle(pi.hThread);
-  CloseHandle(pi.hProcess);
-
-  return TRUE;  
-}
-
 BOOL disableservices(void)
 {
   /* TODO: check which of the following are running and stop them.
@@ -1088,7 +811,7 @@
 {
   LPTSTR cmd = "\"netsh.exe\" firewall set opmode disable";
   ldebug ("Disable firewall cmd: %s", cmd);
-  if (! runcommand(cmd)) {
+  if (! runcommand(cmd,NULL)) {
     return FALSE;
   }
   return TRUE;
@@ -1098,8 +821,13 @@
 {
   /* TODO: we need to check if exceptions are disabled, and set opmode enable disable accordingly. */
   LPTSTR cmd = "\"netsh.exe\" firewall set opmode enable";
+  LPTSTR dir = NULL;
+  if (!buildfpath(PATH_FQ, VMDIR_BIN, NULL, NULL, &dir)) {
+    lerror ("Unable to build path for bin dir.");
+    return FALSE;
+  }
   ldebug ("Re-enable firewall cmd: %s", cmd);
-  if (! runcommand(cmd)) {
+  if (! runcommand(cmd,NULL)) {
     return FALSE;
   }
   return TRUE;
@@ -1110,7 +838,7 @@
   LPSTR cmd;
   cmd = "\"netsh.exe\" interface ip delete arpcache";
   ldebug ("Clear ARP cache cmd: %s", cmd);
-  if (! runcommand(cmd)) {
+  if (! runcommand(cmd,NULL)) {
     return FALSE;
   }
   return TRUE;
@@ -1118,10 +846,9 @@
 
 BOOL flushdns(void)
 { 
-  LPSTR cmd;
-  cmd = "\"ipconfig.exe\" /flushdns";
+  LPSTR cmd = "\"ipconfig.exe\" /flushdns";
   ldebug ("Flush DNS cmd: %s", cmd);
-  if (! runcommand(cmd)) {
+  if (! runcommand(cmd,NULL)) {
     return FALSE;
   }
   return TRUE;
@@ -1129,10 +856,9 @@
 
 BOOL configtap(void)
 {
-  const DWORD  cmdlen = 1024;
+  const DWORD cmdlen = 1024;
   LPTSTR cmd;
   LPTSTR netsh = "netsh.exe";
-
   cmd = malloc(cmdlen);
 
   snprintf (cmd, cmdlen,
@@ -1143,7 +869,7 @@
             TOR_TAP_NET,
             TOR_TAP_VMIP);
   ldebug ("Tap config cmd: %s", cmd);
-  if (! runcommand(cmd)) {
+  if (! runcommand(cmd,NULL)) {
     free (cmd);
     return FALSE;
   }
@@ -1153,7 +879,7 @@
             TOR_TAP_NAME,
             TOR_TAP_DNS1);
   ldebug ("Tap dns config cmd: %s", cmd);
-  if (! runcommand(cmd)) {
+  if (! runcommand(cmd,NULL)) {
     free (cmd);
     return FALSE;
   }
@@ -1163,7 +889,7 @@
             TOR_TAP_NAME,
             TOR_TAP_DNS2);
   ldebug ("Tap dns2 config cmd: %s", cmd);
-  if (! runcommand(cmd)) {
+  if (! runcommand(cmd,NULL)) {
     free (cmd);
     return FALSE;
   }
@@ -1177,7 +903,7 @@
   LPSTR cmd;
   cmd = "\"netsh.exe\" interface ip set address \"Local Area Connection\" static 10.231.254.1 255.255.255.254";
   ldebug ("Bridge interface null route cmd: %s", cmd);
-  if (! runcommand(cmd)) {
+  if (! runcommand(cmd,NULL)) {
     return FALSE;
   }
   return TRUE;
@@ -1967,7 +1693,7 @@
   DWORD exitcode;
   while ( GetExitCodeProcess(pi->hProcess, &exitcode) && (exitcode == STILL_ACTIVE) ) {
     ldebug ("waiting for process to exit ...");
-    Sleep (2000);
+    Sleep (1000);
   }
   ldebug ("Done.");
   CloseHandle(pi->hThread);
@@ -2069,6 +1795,26 @@
   return TRUE;
 }
 
+BOOL setupuser (void)
+{
+  BOOL retval = FALSE;
+  userinfo * ui;
+  char * myhostname = getenv("COMPUTERNAME");
+  if (!myhostname)
+    myhostname = getenv("HOSTNAME");
+  if (createruser (myhostname,
+                   "Tor",
+                   &ui)) {
+    if (!initruserprofile(ui)) {
+      ldebug ("Failed to initialize user profile data in setupuser.");
+    }
+    else {
+      retval = TRUE;
+    }
+  }
+  return retval;
+}
+
 BOOL setupenv (void)
 {
 #define EBUFSZ 4096
@@ -2158,6 +1904,7 @@
    * int* flag | NULL,
    * 'x' (char)  OR  flag && lval
    */
+  { "accel" , no_argument , NULL, 'a' },
   { "verbose" , no_argument , NULL, 'v' },
   { "update" , no_argument , NULL, 'u' },
   { "bundle" , no_argument , NULL, 'b' },
@@ -2175,6 +1922,7 @@
   fprintf(stderr, "Usage:\t"
     "torvm.exe [options]\n\n"
     "Valid options are:\n"
+    "  --accel\n"
     "  --verbose\n"
     "  --update\n"
     "  --bundle\n"
@@ -2194,6 +1942,7 @@
   struct s_rconnelem *connlist = NULL;
   struct s_rconnelem *ce = NULL;
   struct s_rconnelem *tapconn = NULL;
+  BOOL  vmaccel = FALSE;
   BOOL  bundle = FALSE;
   BOOL  indebug = FALSE;
   BOOL  vmnop = FALSE;
@@ -2205,11 +1954,16 @@
   int c, optidx = 0;
 
   while (1) {
-    c = getopt_long(argc, argv, "vubshrcXZ", torvm_options, &optidx);
+    c = getopt_long(argc, argv, "avubshrcXZ", torvm_options, &optidx);
     if (c == -1)
       break;
 
     switch (c) {
+        case 'a':
+          ldebug ("Set option %s.", torvm_options[optidx].name);
+          vmaccel = TRUE;
+          break;
+
         case 'v':
           ldebug ("Set option %s.", torvm_options[optidx].name);
           indebug = TRUE;
@@ -2269,6 +2023,17 @@
     }
   }
   
+  if (buildfpath(PATH_FQ, VMDIR_STATE, NULL, "vmlog.txt", &logfile)) {
+    logto (logfile);
+    free (logfile);
+    logfile = NULL;
+  }
+  if (buildfpath(PATH_FQ, VMDIR_STATE, NULL, "debug.txt", &logfile)) {
+    debugto (logfile);
+    free (logfile);
+    logfile = NULL;
+  }
+
   if (getosbits() > 32) {
     lerror ("Error: only 32bit operating systems are currently supported.");
     MessageBox(NULL,
@@ -2278,10 +2043,6 @@
     exit (1);
   }
 
-  if (!setupenv()) {
-    fatal ("Unable to prepare process environment.");
-  }
-
   if (!haveadminrights()) {
     if (promptrunasadmin()) {
       if (respawnasadmin() == TRUE) {
@@ -2291,22 +2052,19 @@
     return 1;
   }
 
-  if (buildfpath(PATH_FQ, VMDIR_STATE, NULL, "vmlog.txt", &logfile)) {
-    logto (logfile);
-    free (logfile);
-    logfile = NULL;
+  if (!setupenv()) {
+    fatal ("Unable to prepare process environment.");
   }
-  if (buildfpath(PATH_FQ, VMDIR_STATE, NULL, "debug.txt", &logfile)) {
-    debugto (logfile);
-    free (logfile);
-    logfile = NULL;
-  }
 
   if (!vmnop) {
     if (!savenetconfig()) {
       fatal ("Unable to save current network configuration.");
     }
 
+    if (!setupuser()) {
+      lerror ("Unable to setup restricted user.");
+    }
+
     ce = NULL;
     numintf = loadnetinfo(&connlist);
     if (numintf > 0) {
@@ -2439,7 +2197,17 @@
    * for the 10. tap control port and externally managed Tor instance.
    */
   if (bundle) {
-    runvidalia(indebug);
+    /* try to confirm control port is up before launching vidalia... */
+    int i = 10;
+    while ( (!tryconnect(TOR_TAP_VMIP, 9051)) && (i > 0) ) {
+      ldebug("Control port connect attempt failed, trying again... [%d left]", i);
+      Sleep(1000);
+    }
+    if (i > 0) {
+      ldebug("Control port connected. Starting controller ...");
+      runvidalia(indebug);
+      userswitcher();
+    }
   }
 
   /* TODO: once the pcap bridge is up we can re-enable the firewall IF we

Added: torvm/trunk/build/win32/src/torvm-w32/torvmuser.bmp
===================================================================
(Binary files differ)


Property changes on: torvm/trunk/build/win32/src/torvm-w32/torvmuser.bmp
___________________________________________________________________
Added: svn:mime-type
   + image/x-ms-bmp