win,msi: use localized "Authenticated Users" name

Well known user account names are localized on Windows. Look up the
"Authenticated Users" user by its security identifier to get the
localized name.

PR-URL: #39241
Fixes: #39224
Refs: e817ba7
Refs: https://hackerone.com/reports/1211160
Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: Beth Griggs <[email protected]>

Author: richardlau

tools/msvs/msi/custom_actions.cc

@@ -3,6 +3,8 @@
 #include <windows.h>
 #include <msiquery.h>
 #include <wcautil.h>
+#include <sddl.h>
+#include <Lmcons.h>
 
 #define GUID_BUFFER_SIZE 39 // {8-4-4-4-12}\0
 
@@ -96,6 +98,35 @@ extern "C" UINT WINAPI BroadcastEnvironmentUpdate(MSIHANDLE hInstall) {
   return WcaFinalize(er);
 }
 
+#define AUTHENTICATED_USERS_SID L"S-1-5-11"
+
+extern "C" UINT WINAPI GetLocalizedUserNames(MSIHANDLE hInstall) {
+  HRESULT hr = S_OK;
+  UINT er = ERROR_SUCCESS;
+  TCHAR userName[UNLEN + 1] = {0};
+  DWORD userNameSize = UNLEN + 1;
+  TCHAR domain[DNLEN + 1] = {0};
+  DWORD domainSize = DNLEN + 1;
+  PSID sid;
+  SID_NAME_USE nameUse;
+
+  hr = WcaInitialize(hInstall, "GetLocalizedUserNames");
+  ExitOnFailure(hr, "Failed to initialize");
+  
+  er = ConvertStringSidToSidW(AUTHENTICATED_USERS_SID, &sid);
+  ExitOnLastError(er, "Failed to convert security identifier");
+
+  er = LookupAccountSidW(NULL, sid, userName, &userNameSize, domain, &domainSize, &nameUse);
+  ExitOnLastError(er, "Failed to lookup security identifier");
+
+  MsiSetProperty(hInstall, L"AUTHENTICATED_USERS", userName);
+  ExitOnWin32Error(er, hr, "Failed to set localized Authenticated User name");
+
+LExit:
+  er = SUCCEEDED(hr) ? ERROR_SUCCESS : ERROR_INSTALL_FAILURE;
+  LocalFree(sid);
+  return WcaFinalize(er);
+}
 
 extern "C" BOOL WINAPI DllMain(HINSTANCE hInst, ULONG ulReason, VOID* dummy) {
   switch (ulReason) {

tools/msvs/msi/custom_actions.def

@@ -3,3 +3,4 @@ LIBRARY "custom_actions"
 EXPORTS
 SetInstallScope
 BroadcastEnvironmentUpdate
+GetLocalizedUserNames

tools/msvs/msi/product.wxs

@@ -47,8 +47,6 @@
     <Property Id="WIXUI_INSTALLDIR" Value="INSTALLDIR"/>
 
     <!-- PropertyRef of the account users for setting InstallDir permission explicitly -->
-    <Property Id="AUTHENTICATED_USERS" Value="Authenticated Users"/>
-
     <PropertyRef Id="WIX_ACCOUNT_LOCALSYSTEM" />
     <PropertyRef Id="WIX_ACCOUNT_USERS" />
     <PropertyRef Id="WIX_ACCOUNT_ADMINISTRATORS" />
@@ -329,6 +327,12 @@
                   Execute="immediate"
                   Return="check" />
 
+    <CustomAction Id="GetLocalizedUserNames"
+                  BinaryKey="CustomActionsDLL"
+                  DllEntry="GetLocalizedUserNames"
+                  Execute="immediate"
+                  Return="check" />
+
     <Property Id="WixShellExecTarget" Value="[#InstallToolsBat]" />
     <CustomAction Id="LaunchApplication" BinaryKey="WixCA" DllEntry="WixShellExec" />
 
@@ -338,6 +342,7 @@
 
     <InstallExecuteSequence>
       <Custom Action='SetInstallScope' Before='FindRelatedProducts'/>
+      <Custom Action='GetLocalizedUserNames' After='SetInstallScope'/>
       <Custom Action='BroadcastEnvironmentUpdate' After='InstallFinalize'/>
     </InstallExecuteSequence>