annotate common/util.c @ 1306:845048d4a69f

(issue159) Use user specific appdata directory for nss list with simple rights. Using the ProgramData folder with resticted access rights failed in case the process was not elevated.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 13 Oct 2014 12:31:37 +0200
parents 0a803c3fb5a6
children 2bacaec6e101
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 338
diff changeset
7 */
321
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #include "util.h"
505
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
9 #include "logging.h"
644
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
10 #include "strhelp.h"
505
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
11
323
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
12 #ifndef _WIN32
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
13 #include <unistd.h>
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
14 #include <sys/types.h>
644
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
15 #include <pwd.h>
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
16 #include <grp.h>
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
17 #include <string.h>
323
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
18 #else
1010
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
19 #include <winsafer.h>
321
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
20 #include <windows.h>
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
21 #include <accctrl.h>
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
22 #include <aclapi.h>
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
23 #include <shlobj.h>
321
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
24 #endif
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
25
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
26 #ifndef APPNAME
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
27 #define APPNAME "TrustBridge"
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
28 #endif
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
29
671
d4766b4922c9 Fix linux build
Andre Heinecke <andre.heinecke@intevation.de>
parents: 670
diff changeset
30 #ifdef WIN32
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
31 char*
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
32 read_registry_string (const HKEY root, const wchar_t *key,
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
33 const wchar_t *name)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
34 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
35 HKEY key_handle = NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
36 DWORD size = 0,
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
37 type = 0,
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
38 ex_size = 0,
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
39 dwRet = 0;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
40 LONG ret = 0;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
41 char *retval = NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
42 wchar_t *buf = NULL,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
43 *ex_buf = NULL;
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
44 if (root == NULL || key == NULL || name == NULL)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
45 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
46 ERRORPRINTF ("Invalid call to read_registry_string");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
47 return NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
48 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
49
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
50 ret = RegOpenKeyExW (root, key, 0, KEY_READ, &key_handle);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
51 if (ret != ERROR_SUCCESS)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
52 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
53 ERRORPRINTF ("Failed to open key.");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
54 return NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
55 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
56
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
57 /* Get the size */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
58 ret = RegQueryValueExW (key_handle, name, 0, NULL, NULL, &size);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
59 if (ret != ERROR_MORE_DATA && !(ret == ERROR_SUCCESS && size != 0))
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
60 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
61 ERRORPRINTF ("Failed to get required registry size.");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
62 return retval;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
63 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
64
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
65 /* Size is size in bytes not in characters */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
66 buf = xmalloc (size + sizeof(wchar_t));
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
67
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
68 /* If the stored value is not zero terminated the returned value also
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
69 is not zero terminated. That's why we reserve more and ensure it's
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
70 initialized. */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
71 memset (buf, 0, size + sizeof(wchar_t));
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
72
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
73 ret = RegQueryValueExW (key_handle, name, 0, &type, (LPBYTE) buf, &size);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
74 if (ret != ERROR_SUCCESS)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
75 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
76 ERRORPRINTF ("Failed get registry value.");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
77 return retval;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
78 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
79
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
80 if (type == REG_SZ || (type == REG_EXPAND_SZ && wcschr (buf, '%') == NULL))
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
81 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
82 /* Nothing to expand, we are done */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
83 retval = wchar_to_utf8 (buf, wcslen (buf));
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
84 goto done;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
85 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
86
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
87 if (type != REG_EXPAND_SZ)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
88 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
89 ERRORPRINTF ("Unhandled registry type %i", type);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
90 goto done;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
91 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
92
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
93 /* Expand the registry string */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
94 ex_size = ExpandEnvironmentStringsW (buf, NULL, 0);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
95
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
96 if (ex_size == 0)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
97 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
98 PRINTLASTERROR ("Failed to determine expanded environment size.");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
99 goto done;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
100 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
101
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
102 ex_buf = xmalloc ((ex_size + 1) * sizeof(wchar_t));
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
103
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
104 dwRet = ExpandEnvironmentStringsW (buf, ex_buf, ex_size);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
105
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
106 ex_buf[ex_size] = '\0'; /* Make sure it's a string */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
107
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
108 if (dwRet == 0 || dwRet != ex_size)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
109 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
110 PRINTLASTERROR ("Failed to expand environment variables.");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
111 goto done;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
112 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
113
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
114 retval = wchar_to_utf8 (ex_buf, ex_size);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
115
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
116 done:
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
117 xfree (ex_buf);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
118 xfree (buf);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
119
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
120 RegCloseKey (key_handle);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
121 return retval;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
122 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
123
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
124
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
125 /** @brief Compare two paths for equality based on the filename.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
126 *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
127 * Expand the paths by using GetFullPathName and do a string
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
128 * comparison on the result to check for equality.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
129 *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
130 * To be sure if it is really the same file it would be better
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
131 * to open the files and compare the serial number but this
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
132 * suffices for checks that only impact on the options presented
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
133 * to the user (try a system wide installation or not)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
134 *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
135 * If one file does not exist the function returns false. If
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
136 * The path is longer then MAX_PATH this function also returns
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
137 * false.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
138 *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
139 * @param [in] path1 first path to compare
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
140 * @paran [in] path2 first path to compare
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
141 * @returns true if the paths are the same.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
142 */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
143 bool
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
144 paths_equal (const char *path1, const char *path2)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
145 {
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
146 bool ret = false;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
147 wchar_t buf1[MAX_PATH],
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
148 buf2[MAX_PATH];
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
149 wchar_t *wpath1 = NULL,
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
150 *wpath2 = NULL;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
151 DWORD retval = 0;
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
152
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
153 if (!path1 || !path2)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
154 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
155 return false;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
156 }
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
157
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
158 wpath1 = utf8_to_wchar(path1, strnlen(path1, MAX_PATH));
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
159 wpath2 = utf8_to_wchar(path2, strnlen(path2, MAX_PATH));
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
160
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
161 if (wpath1 == NULL || wpath2 == NULL)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
162 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
163 ERRORPRINTF ("Failed to convert paths to wchar.");
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
164 goto done;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
165 }
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
166
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
167 retval = GetFullPathNameW (wpath1, MAX_PATH, buf1, NULL);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
168 if (retval >= MAX_PATH || retval != wcsnlen (buf1, MAX_PATH))
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
169 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
170 ERRORPRINTF ("Path1 too long.");
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
171 goto done;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
172 }
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
173 if (retval == 0)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
174 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
175 PRINTLASTERROR ("Failed to get Full Path name.");
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
176 goto done;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
177 }
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
178
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
179 retval = GetFullPathNameW (wpath2, MAX_PATH, buf2, NULL);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
180 if (retval >= MAX_PATH || retval != wcsnlen (buf2, MAX_PATH))
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
181 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
182 ERRORPRINTF ("Path2 too long.");
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
183 goto done;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
184 }
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
185 if (retval == 0)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
186 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
187 PRINTLASTERROR ("Failed to get Full Path name.");
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
188 goto done;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
189 }
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
190
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
191 ret = wcscmp (buf1, buf2) == 0;
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
192 done:
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
193 xfree (wpath1);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
194 xfree (wpath2);
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
195
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
196 return ret;
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
197 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
198
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
199 char *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
200 get_install_dir()
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
201 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
202 wchar_t wPath[MAX_PATH];
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
203 char *utf8path = NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
204 char *dirsep = NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
205
904
f89b41fa7048 Fix whitespace errors
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
206 if (!GetModuleFileNameW (NULL, wPath, MAX_PATH - 1))
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
207 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
208 PRINTLASTERROR ("Failed to obtain module file name. Path too long?");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
209 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
210 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
211
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
212 /* wPath might not be 0 terminated */
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
213 wPath[MAX_PATH - 1] = '\0';
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
214
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
215 utf8path = wchar_to_utf8 (wPath, wcsnlen(wPath, MAX_PATH));
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
216
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
217 if (utf8path == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
218 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
219 ERRORPRINTF ("Failed to convert module path to utf-8");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
220 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
221 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
222
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
223 /* Cut away the executable name */
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
224 dirsep = strrchr(utf8path, '\\');
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
225 if (dirsep == NULL)
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
226 {
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
227 ERRORPRINTF ("Failed to find directory seperator.");
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
228 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
229 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
230 *dirsep = '\0';
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
231 return utf8path;
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
232 }
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 671
diff changeset
233
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
234 static PSID
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
235 copy_sid(PSID from)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
236 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
237 if (!from)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
238 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
239 return 0;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
240 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
241
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
242 DWORD sidLength = GetLengthSid(from);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
243 PSID to = (PSID) xmalloc(sidLength);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
244 CopySid(sidLength, to, from);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
245 return to;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
246 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
247
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
248 PSID
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
249 get_process_owner(HANDLE hProcess)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
250 {
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
251 HANDLE hToken = NULL;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
252 PSID sid;
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
253
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
254 if (hProcess == NULL)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
255 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
256 ERRORPRINTF ("invalid call to get_process_owner");
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
257 return NULL;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
258 }
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
259
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
260 OpenProcessToken(hProcess, TOKEN_READ, &hToken);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
261 if (hToken)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
262 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
263 DWORD size = 0;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
264 PTOKEN_USER userStruct;
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
265
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
266 // check how much space is needed
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
267 GetTokenInformation(hToken, TokenUser, NULL, 0, &size);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
268 if (ERROR_INSUFFICIENT_BUFFER == GetLastError())
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
269 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
270 userStruct = (PTOKEN_USER) xmalloc (size);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
271 GetTokenInformation(hToken, TokenUser, userStruct, size, &size);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
272
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
273 sid = copy_sid(userStruct->User.Sid);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
274 CloseHandle(hToken);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
275 xfree (userStruct);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
276 return sid;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
277 }
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
278 }
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
279 return NULL;
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
280 }
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
281
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
282 bool
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
283 is_system_install()
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
284 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
285 char *reg_inst_dir = NULL,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
286 *real_prefix = NULL;
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
287 bool ret = false;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
288
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
289 reg_inst_dir = read_registry_string (HKEY_LOCAL_MACHINE,
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
290 L"Software\\"APPNAME, L"");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
291
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
292 if (reg_inst_dir == NULL)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
293 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
294 return false;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
295 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
296 DEBUGPRINTF ("Registered installation directory: %s\n", reg_inst_dir);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
297
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
298 real_prefix = get_install_dir();
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
299
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
300 if (!real_prefix)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
301 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
302 DEBUGPRINTF ("Failed to obtain installation prefix.");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
303 xfree (reg_inst_dir);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
304 return false;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
305 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
306
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
307 ret = paths_equal (real_prefix, reg_inst_dir);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
308
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
309 xfree (real_prefix);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
310 xfree (reg_inst_dir);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
311 DEBUGPRINTF ("Is system install? %s\n", ret ? "true" : "false");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
312 return ret;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
313 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
314 #else /* WIN32 */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
315
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
316 char *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
317 get_install_dir()
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
318 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
319 char *retval = NULL,
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
320 *p = NULL,
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 904
diff changeset
321 buf[MAX_PATH_LINUX];
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
322 ssize_t ret;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
323 size_t path_len = 0;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
324
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
325 ret = readlink ("/proc/self/exe", buf, MAX_PATH_LINUX);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
326 if (ret <= 0)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
327 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
328 ERRORPRINTF ("readlink failed\n");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
329 return NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
330 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
331
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
332 buf[ret] = '\0';
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
333
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
334 /* cut off the filename */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
335 p = strrchr (buf, '/');
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
336 if (p == NULL)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
337 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
338 ERRORPRINTF ("No filename found.\n");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
339 return NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
340 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
341 *(p + 1) = '\0';
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
342
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
343 path_len = strlen (buf);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
344 retval = xmalloc (path_len + 1);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
345 strncpy (retval, buf, path_len);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
346 retval[path_len] = '\0';
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
347
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
348 return retval;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
349 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
350
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
351 bool
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
352 is_system_install()
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
353 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
354 FILE *system_config;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
355 int read_lines = 0;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
356 char linebuf[MAX_PATH_LINUX + 7],
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
357 * inst_dir = NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
358 bool retval = false;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
359 size_t inst_dir_len = 0;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
360
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
361 system_config = fopen ("/etc/"APPNAME"/"APPNAME"-inst.cfg", "r");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
362 if (system_config == NULL)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
363 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
364 DEBUGPRINTF ("No system wide install configuration found.\n");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
365 return false;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
366 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
367 inst_dir = get_install_dir ();
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
368
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
369 if (inst_dir == NULL)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
370 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
371 ERRORPRINTF ("Failed to find installation directory.\n");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
372 fclose(system_config);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
373 return false;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
374 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
375
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
376 inst_dir_len = strnlen (inst_dir, MAX_PATH_LINUX);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
377
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
378 if (inst_dir_len == 0 || inst_dir_len >= MAX_PATH_LINUX)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
379 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
380 ERRORPRINTF ("Installation directory invalid.\n");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
381 fclose(system_config);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
382 return false;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
383 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
384
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
385 /* Read the first 10 lines and look for PREFIX. if it is not found
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
386 we return false. */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
387 while (read_lines < 10 && fgets (linebuf, MAX_PATH_LINUX + 7,
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
388 system_config) != NULL)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
389 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
390 if (str_starts_with (linebuf, "PREFIX="))
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
391 {
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
392 /* The last character is always a linebreak in a valid system_config
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
393 file so we can strip it. If this is not true the file is invalid.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
394 linebuf is > 7 atm otherwise prefix= would not have been matched. */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
395 linebuf[strlen(linebuf) - 1] = '\0';
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
396 retval = str_starts_with (inst_dir, linebuf + 7);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
397 break;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
398 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
399 read_lines++;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
400 }
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
401
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
402 fclose (system_config);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
403 xfree (inst_dir);
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
404 DEBUGPRINTF ("Is system install? %s\n", retval ? "true" : "false");
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
405 return retval;
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
406 }
671
d4766b4922c9 Fix linux build
Andre Heinecke <andre.heinecke@intevation.de>
parents: 670
diff changeset
407 #endif
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 644
diff changeset
408
1031
1f23803e1f83 Fix linux build. Has_high_integrity is only implemented for windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
409 #ifdef WIN32
321
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
410 bool
1029
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
411 has_high_integrity(HANDLE hToken)
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
412 {
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
413 PTOKEN_MANDATORY_LABEL integrity_label = NULL;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
414 DWORD integrity_level = 0,
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
415 size = 0;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
416
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
417 if (hToken == NULL || hToken == INVALID_HANDLE_VALUE)
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
418 {
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
419 DEBUGPRINTF ("Invalid parameters.");
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
420 return false;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
421 }
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
422
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
423 /* Get the required size */
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
424 if (!GetTokenInformation(hToken, TokenIntegrityLevel,
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
425 NULL, 0, &size) == ERROR_INSUFFICIENT_BUFFER)
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
426 {
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
427 PRINTLASTERROR ("Failed to get required size.\n");
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
428 return false;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
429 }
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
430 integrity_label = (PTOKEN_MANDATORY_LABEL) LocalAlloc(0, size);
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
431 if (integrity_label == NULL)
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
432 {
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
433 ERRORPRINTF ("Failed to allocate label. \n");
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
434 return false;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
435 }
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
436
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
437 if (!GetTokenInformation(hToken, TokenIntegrityLevel,
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
438 integrity_label, size, &size))
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
439 {
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
440 PRINTLASTERROR ("Failed to get integrity level.\n");
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
441 LocalFree(integrity_label);
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
442 return false;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
443 }
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
444
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
445 /* Get the last integrity level */
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
446 integrity_level = *GetSidSubAuthority(integrity_label->Label.Sid,
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
447 (DWORD)(UCHAR)(*GetSidSubAuthorityCount(
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
448 integrity_label->Label.Sid) - 1));
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
449
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
450 LocalFree (integrity_label);
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
451
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
452 return integrity_level >= SECURITY_MANDATORY_HIGH_RID;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
453 }
1031
1f23803e1f83 Fix linux build. Has_high_integrity is only implemented for windows.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
454 #endif
1029
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
455
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
456 bool
323
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
457 is_elevated()
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
458 {
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
459 bool ret = false;
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
460 #ifndef _WIN32
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
461 ret = (geteuid() == 0);
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
462 #else
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
463 HANDLE hToken = NULL;
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
464 if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken))
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
465 {
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
466 DWORD elevation;
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
467 DWORD cbSize = sizeof (DWORD);
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
468 if (GetTokenInformation (hToken, TokenElevation, &elevation,
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
469 sizeof (TokenElevation), &cbSize))
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
470 {
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
471 ret = elevation;
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
472 }
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
473 }
1029
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
474 /* Elevation will be true and ElevationType TokenElevationTypeFull even
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
475 if the token is a user token created by SAFER so we additionally
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
476 check the integrity level of the token which will only be high in
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
477 the real elevated process and medium otherwise. */
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
478
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
479 ret = ret && has_high_integrity (hToken);
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
480
323
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
481 if (hToken)
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
482 CloseHandle (hToken);
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
483 #endif
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
484 return ret;
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
485 }
505
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
486
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
487 #ifdef _WIN32
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
488 char *
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
489 get_program_files_folder ()
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
490 {
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
491 wchar_t *folder_name = NULL;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
492 char *retval = NULL;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
493 if (SHGetKnownFolderPath (&FOLDERID_ProgramFiles, /* Get program data dir */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
494 KF_FLAG_NO_ALIAS,
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
495 INVALID_HANDLE_VALUE, /* Get it for the default user */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
496 &folder_name) != S_OK)
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
497 {
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
498 PRINTLASTERROR ("Failed to get program files folder.");
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
499 return NULL;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
500 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
501
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
502 retval = wchar_to_utf8 (folder_name, wcslen(folder_name));
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
503 CoTaskMemFree (folder_name);
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
504 return retval;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
505 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
506
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
507 /* This is a bit ridicoulous but necessary as shlobj.h contains an inline
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
508 definition. So only one C file may include it and thus we have to put
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
509 all our shlobj calls into one file... */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
510 wchar_t *
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
511 get_program_data_folder ()
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
512 {
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
513 wchar_t *folder_name = NULL;
1306
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
514 if (is_elevated())
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
515 {
1306
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
516 if (SHGetKnownFolderPath (&FOLDERID_ProgramData, /* Get program data dir */
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
517 KF_FLAG_CREATE | /* Create if it does not exist */
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
518 KF_FLAG_INIT, /* Initialize it if created */
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
519 INVALID_HANDLE_VALUE, /* Get it for the default user */
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
520 &folder_name) != S_OK)
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
521 {
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
522 PRINTLASTERROR ("Failed to get folder path");
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
523 return NULL;
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
524 }
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
525 }
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
526 else
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
527 {
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
528 if (SHGetKnownFolderPath (&FOLDERID_LocalAppData, /* Get program data dir */
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
529 KF_FLAG_CREATE | /* Create if it does not exist */
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
530 KF_FLAG_INIT, /* Initialize it if created */
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
531 NULL, /* Get it for the default user */
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
532 &folder_name) != S_OK)
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
533 {
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
534 PRINTLASTERROR ("Failed to get folder path");
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
535 return NULL;
845048d4a69f (issue159) Use user specific appdata directory for nss list with simple rights.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1208
diff changeset
536 }
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
537 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
538 return folder_name;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
539 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
540 #endif
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
541
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
542 bool
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
543 is_admin()
505
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
544 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
545 #ifndef _WIN32
644
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
546 struct passwd *current_user = getpwuid (geteuid());
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
547 int ngroups = 0,
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
548 ret = 0,
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
549 i = 0;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
550 gid_t * groups = NULL;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
551
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
552 if (current_user == NULL)
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
553 {
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
554 ERRORPRINTF ("Failed to obtain user information.");
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
555 return false;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
556 }
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
557
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
558 ret = getgrouplist (current_user->pw_name, current_user->pw_gid, NULL,
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
559 &ngroups);
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
560
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
561 if (ret != -1 || ngroups <= 0)
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
562 {
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
563 ERRORPRINTF ("Unknown error in getgrouplist call");
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
564 return false;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
565 }
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
566
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
567 groups = xmalloc (((unsigned int)ngroups) * sizeof (gid_t));
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
568
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
569 ret = getgrouplist (current_user->pw_name, current_user->pw_gid, groups,
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
570 &ngroups);
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
571
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
572 if (ret != ngroups)
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
573 {
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
574 ERRORPRINTF ("Group length mismatch.");
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
575 xfree (groups);
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
576 return false;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
577 }
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
578
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
579 for (i = 0; i < ngroups; i++)
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
580 {
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
581 struct group *gr = getgrgid (groups[i]);
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
582 if (gr == NULL)
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
583 {
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
584 ERRORPRINTF ("Error in group enumeration");
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
585 xfree (groups);
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
586 return false;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
587 }
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
588 if (strcmp("sudo", gr->gr_name) == 0)
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
589 {
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
590 DEBUGPRINTF ("User is in sudo group \n");
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
591 xfree (groups);
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
592 return true;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
593 }
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
594 }
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
595
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
596 DEBUGPRINTF ("User is not in sudo group");
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
597
505
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
598 return false;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
599 #else
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
600 bool retval = false;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
601 BOOL in_admin_group = FALSE;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
602 HANDLE hToken = NULL;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
603 HANDLE hTokenToCheck = NULL;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
604 DWORD cbSize = 0;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
605 TOKEN_ELEVATION_TYPE elevation;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
606 BYTE admin_id[SECURITY_MAX_SID_SIZE];
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
607
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
608 if (!OpenProcessToken(GetCurrentProcess(),
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
609 TOKEN_QUERY | TOKEN_DUPLICATE, &hToken))
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
610 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
611 PRINTLASTERROR ("Failed to duplicate process token.\n");
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
612 return false;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
613 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
614
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
615 if (!GetTokenInformation(hToken, TokenElevationType, &elevation,
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
616 sizeof(elevation), &cbSize))
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
617 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
618 PRINTLASTERROR ("Failed to get token information.\n");
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
619 goto done;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
620 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
621
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
622 /* If limited check the the linked token instead */
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
623 if (TokenElevationTypeLimited == elevation)
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
624 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
625 if (!GetTokenInformation(hToken, TokenLinkedToken, &hTokenToCheck,
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
626 sizeof(hTokenToCheck), &cbSize))
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
627 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
628 PRINTLASTERROR ("Failed to get the linked token.\n");
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
629 goto done;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
630 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
631 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
632
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
633 if (!hTokenToCheck) /* The linked token is already of the correct type */
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
634 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
635 if (!DuplicateToken(hToken, SecurityIdentification, &hTokenToCheck))
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
636 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
637 PRINTLASTERROR ("Failed to duplicate token for identification.\n");
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
638 goto done;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
639 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
640 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
641
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
642 /* Do the sid dance for the adminSID */
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
643 cbSize = sizeof(admin_id);
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
644 if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, &admin_id,
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
645 &cbSize))
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
646 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
647 PRINTLASTERROR ("Failed to get admin sid.\n");
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
648 goto done;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
649 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
650
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
651 /* The actual check */
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
652 if (!CheckTokenMembership(hTokenToCheck, &admin_id, &in_admin_group))
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
653 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
654 PRINTLASTERROR ("Failed to check token membership.\n");
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
655 goto done;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
656 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
657
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
658 if (in_admin_group)
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
659 {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
660 /* Winbool to standard bool */
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
661 retval = true;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
662 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
663
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
664 done:
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
665 if (hToken) CloseHandle(hToken);
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
666 if (hTokenToCheck) CloseHandle(hTokenToCheck);
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
667
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
668 return retval;
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
669 #endif
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
670 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
671
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
672 #ifdef WIN32
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
673 bool
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
674 create_restricted_directory (LPWSTR path, bool objects_should_inherit, PACL *rACL)
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
675 {
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
676 bool retval = false;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
677 PSID everyone_SID = NULL,
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
678 admin_SID = NULL;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
679 PACL access_control_list = NULL;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
680 PSECURITY_DESCRIPTOR descriptor = NULL;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
681 EXPLICIT_ACCESS explicit_access[2];
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
682 SID_IDENTIFIER_AUTHORITY world_identifier = {SECURITY_WORLD_SID_AUTHORITY},
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
683 admin_identifier = {SECURITY_NT_AUTHORITY};
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
684 SECURITY_ATTRIBUTES security_attributes;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
685
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
686 ZeroMemory(&security_attributes, sizeof(security_attributes));
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
687 ZeroMemory(&explicit_access, 2 * sizeof(EXPLICIT_ACCESS));
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
688
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
689 /* Create a well-known SID for the Everyone group. */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
690 if(!AllocateAndInitializeSid(&world_identifier, /* top-level identifier */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
691 1, /* subauthorties count */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
692 SECURITY_WORLD_RID, /* Only one authority */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
693 0, 0, 0, 0, 0, 0, 0, /* No other authorities*/
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
694 &everyone_SID))
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
695 {
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
696 PRINTLASTERROR ("Failed to allocate world sid.\n");
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
697 return false;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
698 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
699
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
700 /* Initialize the first EXPLICIT_ACCESS structure for an ACE.
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
701 to allow everyone read access */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
702 explicit_access[0].grfAccessPermissions = GENERIC_READ; /* Give read access */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
703 explicit_access[0].grfAccessMode = SET_ACCESS; /* Overwrite other access for all users */
1070
f110a3f6e387 (issue114) Fine tune ACL propagation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1031
diff changeset
704 explicit_access[0].grfInheritance = objects_should_inherit ?
f110a3f6e387 (issue114) Fine tune ACL propagation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1031
diff changeset
705 SUB_CONTAINERS_AND_OBJECTS_INHERIT : /* make it stick */
f110a3f6e387 (issue114) Fine tune ACL propagation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1031
diff changeset
706 NO_PROPAGATE_INHERIT_ACE; /* Don't inherit */
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
707 explicit_access[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
708 explicit_access[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
709 explicit_access[0].Trustee.ptstrName = (LPTSTR) everyone_SID;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
710
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
711 /* Create the SID for the BUILTIN\Administrators group. */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
712 if(!AllocateAndInitializeSid(&admin_identifier,
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
713 2,
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
714 SECURITY_BUILTIN_DOMAIN_RID, /*BUILTIN\ */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
715 DOMAIN_ALIAS_RID_ADMINS, /*\Administrators */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
716 0, 0, 0, 0, 0, 0, /* No other */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
717 &admin_SID))
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
718 {
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
719 PRINTLASTERROR ("Failed to allocate admin sid.");
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
720 goto done;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
721 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
722
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
723 /* explicit_access[1] grants admins full rights for this object and inherits
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
724 it to the children */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
725 explicit_access[1].grfAccessPermissions = GENERIC_ALL;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
726 explicit_access[1].grfAccessMode = SET_ACCESS;
1070
f110a3f6e387 (issue114) Fine tune ACL propagation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1031
diff changeset
727 explicit_access[1].grfInheritance = objects_should_inherit ?
f110a3f6e387 (issue114) Fine tune ACL propagation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1031
diff changeset
728 SUB_CONTAINERS_AND_OBJECTS_INHERIT : /* make it stick */
f110a3f6e387 (issue114) Fine tune ACL propagation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1031
diff changeset
729 NO_PROPAGATE_INHERIT_ACE; /* Don't inherit */
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
730 explicit_access[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
731 explicit_access[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
732 explicit_access[1].Trustee.ptstrName = (LPTSTR) admin_SID;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
733
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
734 /* Set up the ACL structure. */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
735 if (ERROR_SUCCESS != SetEntriesInAcl(2, explicit_access, NULL, &access_control_list))
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
736 {
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
737 PRINTLASTERROR ("Failed to set up Acl.");
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
738 goto done;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
739 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
740
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
741 /* Initialize a security descriptor */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
742 descriptor = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
743 SECURITY_DESCRIPTOR_MIN_LENGTH);
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
744 if (descriptor == NULL)
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
745 {
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
746 PRINTLASTERROR("Failed to allocate descriptor.");
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
747 goto done;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
748 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
749
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
750 if (!InitializeSecurityDescriptor(descriptor,
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
751 SECURITY_DESCRIPTOR_REVISION))
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
752 {
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
753 PRINTLASTERROR("Failed to initialize descriptor.");
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
754 goto done;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
755 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
756
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
757 /* Now we add the ACL to the the descriptor */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
758 if (!SetSecurityDescriptorDacl(descriptor,
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
759 TRUE, /* bDaclPresent flag */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
760 access_control_list,
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
761 FALSE)) /* not a default DACL */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
762 {
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
763 PRINTLASTERROR("Failed to set security descriptor.");
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
764 goto done;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
765 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
766
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
767 /* Finally set up the security attributes structure */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
768 security_attributes.nLength = sizeof (SECURITY_ATTRIBUTES);
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
769 security_attributes.lpSecurityDescriptor = descriptor;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
770 security_attributes.bInheritHandle = FALSE;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
771
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
772 /* Use the security attributes to create the directory */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
773 if (!CreateDirectoryW(path, &security_attributes))
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
774 {
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
775 DWORD err = GetLastError();
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
776 if (err == ERROR_ALREADY_EXISTS)
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
777 {
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
778 if (!objects_should_inherit)
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
779 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
780 /* This means it is a parent directory of something and
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
781 we should not touch the DACL. */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
782 retval = true;
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
783 goto done;
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
784 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
785
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
786 /* Set our ACL on the directory */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
787 err = SetNamedSecurityInfoW (path,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
788 SE_FILE_OBJECT,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
789 DACL_SECURITY_INFORMATION |
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
790 OWNER_SECURITY_INFORMATION |
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
791 GROUP_SECURITY_INFORMATION,
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
792 admin_SID, /* owner */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
793 admin_SID, /* group */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
794 access_control_list, /* the dacl */
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
795 NULL);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
796 if (err != ERROR_SUCCESS)
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
797 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
798 ERRORPRINTF ("Failed to set security info on folder. Err: %lu", err);
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
799 goto done;
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
800 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
801 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
802 else
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
803 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
804 ERRORPRINTF ("Failed to create directory. Err: %lu", err);
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
805 goto done;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
806 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
807 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
808 retval = true;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
809
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
810 done:
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
811
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
812 if (retval != true)
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
813 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
814 ERRORPRINTF ("Failed to create directory for NSS installer instructions.");
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
815 syslog_error_printf ("Failed to create directory for NSS installer instructions.");
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
816 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
817 else if (rACL)
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
818 {
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
819 *rACL = access_control_list;
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
820 }
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
821
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
822
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
823 if (everyone_SID)
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
824 FreeSid(everyone_SID);
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
825 if (admin_SID)
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
826 FreeSid(admin_SID);
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1162
diff changeset
827 if (!rACL && access_control_list)
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
828 LocalFree(access_control_list);
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
829 if (descriptor)
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
830 LocalFree(descriptor);
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
831
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
832 return retval;
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
833 }
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
834 #endif
1010
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
835
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
836 #ifdef WIN32
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
837 /** @brief get a restricted access token
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
838 *
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
839 * This function uses the Software Restriction API to obtain the
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
840 * access token for a process run als normal user.
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
841 *
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
842 * @returns A restricted handle or NULL on error.
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
843 */
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
844 HANDLE
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
845 get_restricted_token()
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
846 {
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
847 SAFER_LEVEL_HANDLE user_level = NULL;
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
848 HANDLE retval = NULL;
1118
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
849 SID_IDENTIFIER_AUTHORITY medium_identifier = {SECURITY_MANDATORY_LABEL_AUTHORITY};
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
850 PSID medium_sid = NULL;
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
851 TOKEN_MANDATORY_LABEL integrity_label;
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
852
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
853 memset (&integrity_label, 0, sizeof (integrity_label));
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
854
1010
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
855 if (!SaferCreateLevel(SAFER_SCOPEID_USER,
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
856 SAFER_LEVELID_NORMALUSER,
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
857 SAFER_LEVEL_OPEN, &user_level, NULL))
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
858 {
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
859 PRINTLASTERROR ("Failed to create user level.\n");
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
860 return NULL;
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
861 }
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
862
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
863 if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL))
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
864 {
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
865 SaferCloseLevel(user_level);
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
866 return NULL;
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
867 }
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
868
1118
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
869 SaferCloseLevel(user_level);
1010
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
870
1118
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
871 /* Set the SID to medium it will still be high otherwise. Even if
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
872 there is no high access allowed. */
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
873 if (!AllocateAndInitializeSid(&medium_identifier,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
874 1,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
875 SECURITY_MANDATORY_MEDIUM_RID,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
876 0,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
877 0,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
878 0,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
879 0,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
880 0,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
881 0,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
882 0,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
883 &medium_sid))
1010
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
884 {
1118
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
885 PRINTLASTERROR ("Failed to initialize sid.\n");
1010
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
886 return NULL;
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
887 }
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
888
1118
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
889 integrity_label.Label.Attributes = SE_GROUP_INTEGRITY;
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
890 integrity_label.Label.Sid = medium_sid;
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
891
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
892 if (!SetTokenInformation(retval,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
893 TokenIntegrityLevel,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
894 &integrity_label,
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
895 sizeof(TOKEN_MANDATORY_LABEL)))
1010
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
896 {
1118
fd85a02d771d (issue54) Implement a privilege drop to execute the program after installation.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1010 1070
diff changeset
897 PRINTLASTERROR ("Failed to set token integrity.\n");
1010
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
898 return NULL;
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
899 }
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
900
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
901 return retval;
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
902 }
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
903 #endif

http://wald.intevation.org/projects/trustbridge/