annotate common/util.h @ 1323:c582b935c120

(issue166) Disable multiple selection for certificates.
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 14 Oct 2014 18:10:17 +0200
parents 0a803c3fb5a6
children 8362e30f7b55
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 323
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 323
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 323
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 323
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 323
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 323
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 323
diff changeset
7 */
321
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #ifndef COMMON_UTIL_H
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9 #define COMMON_UTIL_H
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
10 /* @file util.h
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
11 * @brief The usual useful stuff that fit nowhere else
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
12 */
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
13 #include <stdbool.h>
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
14
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
15 #ifdef WIN32
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
16 #include <windows.h>
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
17 #include <psapi.h>
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
18 #endif
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
19
505
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
20 #ifdef __cplusplus
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
21 extern "C" {
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
22 #endif
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
23
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
24 #ifndef WIN32
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
25 /**@def Some value to use as equivalent as MAX_PATH on windows */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
26 #define MAX_PATH_LINUX 4000
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
27 #endif
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
28
321
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
29 /**@brief Check if the current process is running with elevated privileges.
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
30 *
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
31 * Elevates the current process token to check if it is marked as elevated.
323
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
32 * Uses TokenElevation on windows and checks effective UID on Linux.
321
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
33 *
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
34 * @returns true if the current process is elevated.*/
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
35 bool is_elevated();
323
31ba7ed4d50f Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents: 321
diff changeset
36
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
37 /**@brief Check if the Software is installed system wide
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
38 *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
39 * On Windows this checks if a registry key under HKLM exists for
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
40 * trustbridge and that the installation path mentioned there matches
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
41 * the current module path.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
42 *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
43 * On linux this looks for the installation configuration in /etc
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
44 * and checks if the current process is inside the installation prefix.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
45 *
1053
78798d3af8f0 Fixed doxygen build warnings.
Emanuel Schuetze <emanuel@intevation.de>
parents: 1030
diff changeset
46 * The checked path is limited to MAX_PATH on Windows and \@MAX_PATH_LINUX on
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
47 * Linux.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
48 */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
49 bool is_system_install();
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
50
505
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
51 /**@brief Check if the user is in the administrators group.
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
52 *
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
53 * The function checks if the account that startet this process
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
54 * belongs to a user that is a member of the Administrators group.
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
55 *
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
56 * @returns True if the user is in the admin group. False otherwise or on error.
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
57 */
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
58 bool is_admin();
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
59
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
60 /**@brief Get the directory in which the current process resides in
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
61 *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
62 * Look up the directory in which the current process is placed.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
63 * If the path is longer then MAX_PATH NULL is returned.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
64 *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
65 * Returns a utf-8 encoded string that has to be freed by the caller
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
66 * on linux the path is returned as is including the last /.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
67 *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
68 * @returns The directory of the current process
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
69 */
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
70 char * get_install_dir();
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
71
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
72 #ifdef WIN32
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
73 /**@brief Get a copy of the processes owner sid
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
74 *
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
75 * Copy the SID of the owner of the process hProcess.
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
76 *
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
77 * The returned sid structure has to be freed with free by the caller
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
78 *
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
79 * @param[in] hProcess A handle to the process whose user should be obtained.
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
80 * The process must have the PROCESS_QUERY_INFORMATION access permission.
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
81 *
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
82 * @returns A copy of the process owners sid or NULL on error.
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
83 */
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
84 PSID get_process_owner(HANDLE hProcess);
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 670
diff changeset
85
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
86 /**@brief Read (and expand if necessary) a registry string.
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 670
diff changeset
87 *
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
88 * Reads a registry string and calls ExpandEnvironmentString
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
89 * if necessary on it. Returns a newly allocated string array
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
90 * with the expanded registry value converted to UTF-8
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 670
diff changeset
91 *
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
92 * Caller has to free return value with free.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
93 *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
94 * @param [in] root the root key (e.g. HKEY_LOCAL_MACHINE)
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
95 * @param [in] key the key
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
96 * @param [in] name the name of the value to read.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
97 *
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
98 * @returns the expanded, null terminated utf-8 string of the value.
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
99 * or NULL on error.
675
4ad764bfb39c Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents: 670
diff changeset
100 */
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
101 char * read_registry_string (const HKEY root, const wchar_t *key,
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 675
diff changeset
102 const wchar_t *name);
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
103
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
104 /**@brief Get the utf-8 encoded path to the program files folder.
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
105 *
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
106 * Uses SHGetKnownFolderPath to look up the ProgramFiles folder.
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
107 * @returns a newly allocated string containing the value or NULL on
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
108 * error.
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
109 */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
110 char * get_program_files_folder ();
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
111
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
112 /**@brief Get the path to the program data folder.
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
113 *
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
114 * Uses SHGetKnownFolderPath to look up the ProgramData folder.
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
115 * The return value should be freed with CoTaskMemFree
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
116 * @returns a reference containing the value or NULL on error.
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
117 */
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
118 wchar_t * get_program_data_folder ();
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
119
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
120 /**@brief Create a directory with restricted access rights
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
121 *
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
122 * This creates a security attributes structure that restricts
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
123 * write access to the Administrators group but allows everyone to read files
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
124 * in that directory.
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
125 * Basically a very complicated version of mkdir path -m 644
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
126 *
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
127 * If the directory exists and propagate_acl is set the permissions
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
128 * of that directory are overwritten with the DACL that would have
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
129 * been used to create the directory.
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
130 *
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
131 * Code based on msdn example:
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
132 * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
133 *
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
134 * @param[in] path Path of the directory to create
1070
f110a3f6e387 (issue114) Fine tune ACL propagation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1053
diff changeset
135 * @param[in] propagate_acl weather or not objects should inherit
f110a3f6e387 (issue114) Fine tune ACL propagation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1053
diff changeset
136 * the ACL of this directory.
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
137 * @param[out] rACL optional pointer to an PACL pointer that should be
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
138 * the returned value. If rACL is not NULL the caller needs to free the
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
139 * returned pointer with LocalFree.
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
140 *
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
141 * @returns true on success of if the directory exists, false on error
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
142 */
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
143 bool create_restricted_directory (LPWSTR path, bool propagate_acl, PACL *rACL);
983
427e2e18b8c8 Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
144
1208
0a803c3fb5a6 (issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1118
diff changeset
145 /**@brief Check the integrity level of the token
1029
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
146 *
1030
76cae27b5d83 Clarify doc of has_high_integrity
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
147 * Returns true if the token has at least SECURITY_MANADTORY_HIGH_RID or
76cae27b5d83 Clarify doc of has_high_integrity
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
148 * higher.
1029
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
149 *
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
150 * @param[in] hToken the Token to check
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
151 *
1030
76cae27b5d83 Clarify doc of has_high_integrity
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
152 * @returns true if the token has at least high integrity. False on error
76cae27b5d83 Clarify doc of has_high_integrity
Andre Heinecke <andre.heinecke@intevation.de>
parents: 1029
diff changeset
153 * or otherwise.
1029
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
154 */
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
155 bool has_high_integrity(HANDLE hToken);
6684e5012b7a (issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
156
1010
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
157 /** @brief get a restricted access token to execute nss process
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
158 *
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
159 * This function uses the Software Restriction API to obtain the
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
160 * access token for a process run als normal user.
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
161 *
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
162 * @returns A restricted handle or NULL on error.
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
163 */
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
164 HANDLE get_restricted_token();
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
165
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
166 /** @brief get a normal user access token
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
167 *
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
168 * The trusted acces token is not elevated but has the normal user rights.
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
169 *
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
170 * @returns A normal user handle or NULL on error.
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
171 */
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
172 HANDLE get_normal_token();
1c1964c27b39 (issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 983
diff changeset
173
670
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
174 #endif
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents: 505
diff changeset
175
505
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
176 #ifdef __cplusplus
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
177 }
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
178 #endif
78959fd970b0 Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
179
321
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
180 #endif // COMMON_UTIL_H

http://wald.intevation.org/projects/trustbridge/