annotate common/util.c @ 571:6c4fff146999

Implement codesigning in the administrator tool
author Andre Heinecke <aheinecke@intevation.de>
date Fri, 23 May 2014 16:17:18 +0000
parents 78959fd970b0
children c7a35fa302ec
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
7 */
321
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #include "util.h"
505
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
9 #include "logging.h"
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
10
323
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
11 #ifndef _WIN32
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
12 #include <unistd.h>
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
13 #include <sys/types.h>
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
14 #else
321
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
15 #include <windows.h>
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
16 #endif
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
17
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
18 bool
323
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
19 is_elevated()
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
20 {
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
21 bool ret = false;
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
22 #ifndef _WIN32
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
23 ret = (geteuid() == 0);
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
24 #else
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
25 HANDLE hToken = NULL;
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
26 if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken))
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
27 {
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
28 DWORD elevation;
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
29 DWORD cbSize = sizeof (DWORD);
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
30 if (GetTokenInformation (hToken, TokenElevation, &elevation,
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
31 sizeof (TokenElevation), &cbSize))
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
32 {
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
33 ret = elevation;
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
34 }
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
35 }
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
36 if (hToken)
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
37 CloseHandle (hToken);
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
38 #endif
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
39 return ret;
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
40 }
505
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
41
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
42 bool is_admin()
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
43 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
44 #ifndef _WIN32
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
45 /* TODO implement */
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
46 return false;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
47 #else
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
48 bool retval = false;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
49 BOOL in_admin_group = FALSE;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
50 HANDLE hToken = NULL;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
51 HANDLE hTokenToCheck = NULL;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
52 DWORD cbSize = 0;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
53 TOKEN_ELEVATION_TYPE elevation;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
54 BYTE admin_id[SECURITY_MAX_SID_SIZE];
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
55
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
56 if (!OpenProcessToken(GetCurrentProcess(),
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
57 TOKEN_QUERY | TOKEN_DUPLICATE, &hToken))
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
58 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
59 PRINTLASTERROR ("Failed to duplicate process token.\n");
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
60 return false;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
61 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
62
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
63 if (!GetTokenInformation(hToken, TokenElevationType, &elevation,
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
64 sizeof(elevation), &cbSize))
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
65 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
66 PRINTLASTERROR ("Failed to get token information.\n");
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
67 goto done;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
68 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
69
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
70 /* If limited check the the linked token instead */
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
71 if (TokenElevationTypeLimited == elevation)
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
72 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
73 if (!GetTokenInformation(hToken, TokenLinkedToken, &hTokenToCheck,
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
74 sizeof(hTokenToCheck), &cbSize))
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
75 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
76 PRINTLASTERROR ("Failed to get the linked token.\n");
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
77 goto done;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
78 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
79 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
80
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
81 if (!hTokenToCheck) /* The linked token is already of the correct type */
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
82 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
83 if (!DuplicateToken(hToken, SecurityIdentification, &hTokenToCheck))
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
84 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
85 PRINTLASTERROR ("Failed to duplicate token for identification.\n");
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
86 goto done;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
87 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
88 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
89
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
90 /* Do the sid dance for the adminSID */
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
91 cbSize = sizeof(admin_id);
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
92 if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, &admin_id,
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
93 &cbSize))
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
94 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
95 PRINTLASTERROR ("Failed to get admin sid.\n");
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
96 goto done;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
97 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
98
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
99 /* The actual check */
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
100 if (!CheckTokenMembership(hTokenToCheck, &admin_id, &in_admin_group))
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
101 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
102 PRINTLASTERROR ("Failed to check token membership.\n");
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
103 goto done;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
104 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
105
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
106 if (in_admin_group)
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
107 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
108 /* Winbool to standard bool */
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
109 retval = true;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
110 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
111
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
112 done:
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
113 if (hToken) CloseHandle(hToken);
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
114 if (hTokenToCheck) CloseHandle(hTokenToCheck);
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
115
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
116 return retval;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
117 #endif
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
118 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
119

http://wald.intevation.org/projects/trustbridge/