Mercurial > trustbridge
annotate common/util.h @ 1323:c582b935c120
(issue166) Disable multiple selection for certificates.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 14 Oct 2014 18:10:17 +0200 |
parents | 0a803c3fb5a6 |
children | 8362e30f7b55 |
rev | line source |
---|---|
404 | 1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
2 * Software engineering by Intevation GmbH | |
3 * | |
4 * This file is Free Software under the GNU GPL (v>=2) | |
5 * and comes with ABSOLUTELY NO WARRANTY! | |
6 * See LICENSE.txt for details. | |
7 */ | |
321
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 #ifndef COMMON_UTIL_H |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 #define COMMON_UTIL_H |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 /* @file util.h |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
11 * @brief The usual useful stuff that fit nowhere else |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 */ |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
13 #include <stdbool.h> |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 |
670
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
15 #ifdef WIN32 |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
16 #include <windows.h> |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
17 #include <psapi.h> |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
18 #endif |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
19 |
505
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
20 #ifdef __cplusplus |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
21 extern "C" { |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
22 #endif |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
23 |
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
24 #ifndef WIN32 |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
25 /**@def Some value to use as equivalent as MAX_PATH on windows */ |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
26 #define MAX_PATH_LINUX 4000 |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
27 #endif |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
28 |
321
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
29 /**@brief Check if the current process is running with elevated privileges. |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
30 * |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
31 * Elevates the current process token to check if it is marked as elevated. |
323
31ba7ed4d50f
Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents:
321
diff
changeset
|
32 * Uses TokenElevation on windows and checks effective UID on Linux. |
321
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
33 * |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
34 * @returns true if the current process is elevated.*/ |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
35 bool is_elevated(); |
323
31ba7ed4d50f
Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents:
321
diff
changeset
|
36 |
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
37 /**@brief Check if the Software is installed system wide |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
38 * |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
39 * On Windows this checks if a registry key under HKLM exists for |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
40 * trustbridge and that the installation path mentioned there matches |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
41 * the current module path. |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
42 * |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
43 * On linux this looks for the installation configuration in /etc |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
44 * and checks if the current process is inside the installation prefix. |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
45 * |
1053
78798d3af8f0
Fixed doxygen build warnings.
Emanuel Schuetze <emanuel@intevation.de>
parents:
1030
diff
changeset
|
46 * The checked path is limited to MAX_PATH on Windows and \@MAX_PATH_LINUX on |
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
47 * Linux. |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
48 */ |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
49 bool is_system_install(); |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
50 |
505
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
51 /**@brief Check if the user is in the administrators group. |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
52 * |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
53 * The function checks if the account that startet this process |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
54 * belongs to a user that is a member of the Administrators group. |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
55 * |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
56 * @returns True if the user is in the admin group. False otherwise or on error. |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
57 */ |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
58 bool is_admin(); |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
59 |
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
60 /**@brief Get the directory in which the current process resides in |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
61 * |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
62 * Look up the directory in which the current process is placed. |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
63 * If the path is longer then MAX_PATH NULL is returned. |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
64 * |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
65 * Returns a utf-8 encoded string that has to be freed by the caller |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
66 * on linux the path is returned as is including the last /. |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
67 * |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
68 * @returns The directory of the current process |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
69 */ |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
70 char * get_install_dir(); |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
71 |
670
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
72 #ifdef WIN32 |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
73 /**@brief Get a copy of the processes owner sid |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
74 * |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
75 * Copy the SID of the owner of the process hProcess. |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
76 * |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
77 * The returned sid structure has to be freed with free by the caller |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
78 * |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
79 * @param[in] hProcess A handle to the process whose user should be obtained. |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
80 * The process must have the PROCESS_QUERY_INFORMATION access permission. |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
81 * |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
82 * @returns A copy of the process owners sid or NULL on error. |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
83 */ |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
84 PSID get_process_owner(HANDLE hProcess); |
675
4ad764bfb39c
Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents:
670
diff
changeset
|
85 |
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
86 /**@brief Read (and expand if necessary) a registry string. |
675
4ad764bfb39c
Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents:
670
diff
changeset
|
87 * |
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
88 * Reads a registry string and calls ExpandEnvironmentString |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
89 * if necessary on it. Returns a newly allocated string array |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
90 * with the expanded registry value converted to UTF-8 |
675
4ad764bfb39c
Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents:
670
diff
changeset
|
91 * |
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
92 * Caller has to free return value with free. |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
93 * |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
94 * @param [in] root the root key (e.g. HKEY_LOCAL_MACHINE) |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
95 * @param [in] key the key |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
96 * @param [in] name the name of the value to read. |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
97 * |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
98 * @returns the expanded, null terminated utf-8 string of the value. |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
99 * or NULL on error. |
675
4ad764bfb39c
Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents:
670
diff
changeset
|
100 */ |
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
101 char * read_registry_string (const HKEY root, const wchar_t *key, |
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
102 const wchar_t *name); |
983
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
103 |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
104 /**@brief Get the utf-8 encoded path to the program files folder. |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
105 * |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
106 * Uses SHGetKnownFolderPath to look up the ProgramFiles folder. |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
107 * @returns a newly allocated string containing the value or NULL on |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
108 * error. |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
109 */ |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
110 char * get_program_files_folder (); |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
111 |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
112 /**@brief Get the path to the program data folder. |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
113 * |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
114 * Uses SHGetKnownFolderPath to look up the ProgramData folder. |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
115 * The return value should be freed with CoTaskMemFree |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
116 * @returns a reference containing the value or NULL on error. |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
117 */ |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
118 wchar_t * get_program_data_folder (); |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
119 |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
120 /**@brief Create a directory with restricted access rights |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
121 * |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
122 * This creates a security attributes structure that restricts |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
123 * write access to the Administrators group but allows everyone to read files |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
124 * in that directory. |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
125 * Basically a very complicated version of mkdir path -m 644 |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
126 * |
1208
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
127 * If the directory exists and propagate_acl is set the permissions |
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
128 * of that directory are overwritten with the DACL that would have |
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
129 * been used to create the directory. |
983
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
130 * |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
131 * Code based on msdn example: |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
132 * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
133 * |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
134 * @param[in] path Path of the directory to create |
1070
f110a3f6e387
(issue114) Fine tune ACL propagation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1053
diff
changeset
|
135 * @param[in] propagate_acl weather or not objects should inherit |
f110a3f6e387
(issue114) Fine tune ACL propagation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1053
diff
changeset
|
136 * the ACL of this directory. |
1208
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
137 * @param[out] rACL optional pointer to an PACL pointer that should be |
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
138 * the returned value. If rACL is not NULL the caller needs to free the |
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
139 * returned pointer with LocalFree. |
983
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
140 * |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
141 * @returns true on success of if the directory exists, false on error |
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
142 */ |
1208
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
143 bool create_restricted_directory (LPWSTR path, bool propagate_acl, PACL *rACL); |
983
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
144 |
1208
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
145 /**@brief Check the integrity level of the token |
1029
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
146 * |
1030
76cae27b5d83
Clarify doc of has_high_integrity
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1029
diff
changeset
|
147 * Returns true if the token has at least SECURITY_MANADTORY_HIGH_RID or |
76cae27b5d83
Clarify doc of has_high_integrity
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1029
diff
changeset
|
148 * higher. |
1029
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
149 * |
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
150 * @param[in] hToken the Token to check |
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
151 * |
1030
76cae27b5d83
Clarify doc of has_high_integrity
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1029
diff
changeset
|
152 * @returns true if the token has at least high integrity. False on error |
76cae27b5d83
Clarify doc of has_high_integrity
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1029
diff
changeset
|
153 * or otherwise. |
1029
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
154 */ |
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
155 bool has_high_integrity(HANDLE hToken); |
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
156 |
1010
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
157 /** @brief get a restricted access token to execute nss process |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
158 * |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
159 * This function uses the Software Restriction API to obtain the |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
160 * access token for a process run als normal user. |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
161 * |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
162 * @returns A restricted handle or NULL on error. |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
163 */ |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
164 HANDLE get_restricted_token(); |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
165 |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
166 /** @brief get a normal user access token |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
167 * |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
168 * The trusted acces token is not elevated but has the normal user rights. |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
169 * |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
170 * @returns A normal user handle or NULL on error. |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
171 */ |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
172 HANDLE get_normal_token(); |
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
173 |
670
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
174 #endif |
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
175 |
505
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
176 #ifdef __cplusplus |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
177 } |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
178 #endif |
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
179 |
321
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
180 #endif // COMMON_UTIL_H |