Mercurial > trustbridge
annotate common/util.h @ 1367:e7a8ec3185f2
Add nosign option to linux-createpackage and use it in create-dist-package
This should prevent doubled signatures in distributed packages which
were first signed on the development system with the test key and
then from the administrator application.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 24 Nov 2014 14:03:47 +0100 |
| parents | 8362e30f7b55 |
| children |
| rev | line source |
|---|---|
| 404 | 1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
| 2 * Software engineering by Intevation GmbH | |
| 3 * | |
| 4 * This file is Free Software under the GNU GPL (v>=2) | |
| 5 * and comes with ABSOLUTELY NO WARRANTY! | |
| 6 * See LICENSE.txt for details. | |
| 7 */ | |
|
321
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 #ifndef COMMON_UTIL_H |
|
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 #define COMMON_UTIL_H |
|
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 /* @file util.h |
|
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
11 * @brief The usual useful stuff that fit nowhere else |
|
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 */ |
|
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
13 #include <stdbool.h> |
|
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 |
|
670
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
15 #ifdef WIN32 |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
16 #include <windows.h> |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
17 #include <psapi.h> |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
18 #endif |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
19 |
|
505
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
20 #ifdef __cplusplus |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
21 extern "C" { |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
22 #endif |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
23 |
|
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
24 #ifndef WIN32 |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
25 /**@def Some value to use as equivalent as MAX_PATH on windows */ |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
26 #define MAX_PATH_LINUX 4000 |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
27 #endif |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
28 |
|
321
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
29 /**@brief Check if the current process is running with elevated privileges. |
|
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
30 * |
|
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
31 * Elevates the current process token to check if it is marked as elevated. |
|
323
31ba7ed4d50f
Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents:
321
diff
changeset
|
32 * Uses TokenElevation on windows and checks effective UID on Linux. |
|
321
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
33 * |
|
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
34 * @returns true if the current process is elevated.*/ |
|
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
35 bool is_elevated(); |
|
323
31ba7ed4d50f
Made is_elevated portable.
Sascha Wilde <wilde@intevation.de>
parents:
321
diff
changeset
|
36 |
|
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
37 /**@brief Check if the Software is installed system wide |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
38 * |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
39 * On Windows this checks if a registry key under HKLM exists for |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
40 * trustbridge and that the installation path mentioned there matches |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
41 * the current module path. |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
42 * |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
43 * On linux this looks for the installation configuration in /etc |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
44 * and checks if the current process is inside the installation prefix. |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
45 * |
|
1053
78798d3af8f0
Fixed doxygen build warnings.
Emanuel Schuetze <emanuel@intevation.de>
parents:
1030
diff
changeset
|
46 * The checked path is limited to MAX_PATH on Windows and \@MAX_PATH_LINUX on |
|
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
47 * Linux. |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
48 */ |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
49 bool is_system_install(); |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
50 |
|
505
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
51 /**@brief Check if the user is in the administrators group. |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
52 * |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
53 * The function checks if the account that startet this process |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
54 * belongs to a user that is a member of the Administrators group. |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
55 * |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
56 * @returns True if the user is in the admin group. False otherwise or on error. |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
57 */ |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
58 bool is_admin(); |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
59 |
|
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
60 /**@brief Get the directory in which the current process resides in |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
61 * |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
62 * Look up the directory in which the current process is placed. |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
63 * If the path is longer then MAX_PATH NULL is returned. |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
64 * |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
65 * Returns a utf-8 encoded string that has to be freed by the caller |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
66 * on linux the path is returned as is including the last /. |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
67 * |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
68 * @returns The directory of the current process |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
69 */ |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
70 char * get_install_dir(); |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
71 |
|
1332
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
72 #ifndef WIN32 |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
73 /**@brief Get the directory in which the process proc resides in |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
74 * |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
75 * Look up the directory in which the process proc is placed. |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
76 * If the path is longer then MAX_PATH NULL is returned. |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
77 * |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
78 * Returns a utf-8 encoded string that has to be freed by the caller |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
79 * on linux the path is returned as is including the last /. |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
80 * |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
81 * @param[in] A process id or special name from the proc file system. |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
82 * |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
83 * @returns The directory of the process |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
84 */ |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
85 char * get_proc_install_dir(const char *proc); |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
86 #endif |
|
8362e30f7b55
(issue139) Check that pid is not running if the lock can be aquired
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1208
diff
changeset
|
87 |
|
670
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
88 #ifdef WIN32 |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
89 /**@brief Get a copy of the processes owner sid |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
90 * |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
91 * Copy the SID of the owner of the process hProcess. |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
92 * |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
93 * The returned sid structure has to be freed with free by the caller |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
94 * |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
95 * @param[in] hProcess A handle to the process whose user should be obtained. |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
96 * The process must have the PROCESS_QUERY_INFORMATION access permission. |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
97 * |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
98 * @returns A copy of the process owners sid or NULL on error. |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
99 */ |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
100 PSID get_process_owner(HANDLE hProcess); |
|
675
4ad764bfb39c
Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents:
670
diff
changeset
|
101 |
|
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
102 /**@brief Read (and expand if necessary) a registry string. |
|
675
4ad764bfb39c
Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents:
670
diff
changeset
|
103 * |
|
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
104 * Reads a registry string and calls ExpandEnvironmentString |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
105 * if necessary on it. Returns a newly allocated string array |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
106 * with the expanded registry value converted to UTF-8 |
|
675
4ad764bfb39c
Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents:
670
diff
changeset
|
107 * |
|
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
108 * Caller has to free return value with free. |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
109 * |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
110 * @param [in] root the root key (e.g. HKEY_LOCAL_MACHINE) |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
111 * @param [in] key the key |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
112 * @param [in] name the name of the value to read. |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
113 * |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
114 * @returns the expanded, null terminated utf-8 string of the value. |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
115 * or NULL on error. |
|
675
4ad764bfb39c
Add writing of the NSS line into the registry
Andre Heinecke <andre.heinecke@intevation.de>
parents:
670
diff
changeset
|
116 */ |
|
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
117 char * read_registry_string (const HKEY root, const wchar_t *key, |
|
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
675
diff
changeset
|
118 const wchar_t *name); |
|
983
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
119 |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
120 /**@brief Get the utf-8 encoded path to the program files folder. |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
121 * |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
122 * Uses SHGetKnownFolderPath to look up the ProgramFiles folder. |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
123 * @returns a newly allocated string containing the value or NULL on |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
124 * error. |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
125 */ |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
126 char * get_program_files_folder (); |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
127 |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
128 /**@brief Get the path to the program data folder. |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
129 * |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
130 * Uses SHGetKnownFolderPath to look up the ProgramData folder. |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
131 * The return value should be freed with CoTaskMemFree |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
132 * @returns a reference containing the value or NULL on error. |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
133 */ |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
134 wchar_t * get_program_data_folder (); |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
135 |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
136 /**@brief Create a directory with restricted access rights |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
137 * |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
138 * This creates a security attributes structure that restricts |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
139 * write access to the Administrators group but allows everyone to read files |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
140 * in that directory. |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
141 * Basically a very complicated version of mkdir path -m 644 |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
142 * |
|
1208
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
143 * If the directory exists and propagate_acl is set the permissions |
|
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
144 * of that directory are overwritten with the DACL that would have |
|
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
145 * been used to create the directory. |
|
983
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
146 * |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
147 * Code based on msdn example: |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
148 * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
149 * |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
150 * @param[in] path Path of the directory to create |
|
1070
f110a3f6e387
(issue114) Fine tune ACL propagation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1053
diff
changeset
|
151 * @param[in] propagate_acl weather or not objects should inherit |
|
f110a3f6e387
(issue114) Fine tune ACL propagation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1053
diff
changeset
|
152 * the ACL of this directory. |
|
1208
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
153 * @param[out] rACL optional pointer to an PACL pointer that should be |
|
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
154 * the returned value. If rACL is not NULL the caller needs to free the |
|
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
155 * returned pointer with LocalFree. |
|
983
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
156 * |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
157 * @returns true on success of if the directory exists, false on error |
|
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
158 */ |
|
1208
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
159 bool create_restricted_directory (LPWSTR path, bool propagate_acl, PACL *rACL); |
|
983
427e2e18b8c8
Move Shell functions into util
Andre Heinecke <andre.heinecke@intevation.de>
parents:
841
diff
changeset
|
160 |
|
1208
0a803c3fb5a6
(issue138) Set the ACL explictly on existing files or directories
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1118
diff
changeset
|
161 /**@brief Check the integrity level of the token |
|
1029
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
162 * |
|
1030
76cae27b5d83
Clarify doc of has_high_integrity
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1029
diff
changeset
|
163 * Returns true if the token has at least SECURITY_MANADTORY_HIGH_RID or |
|
76cae27b5d83
Clarify doc of has_high_integrity
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1029
diff
changeset
|
164 * higher. |
|
1029
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
165 * |
|
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
166 * @param[in] hToken the Token to check |
|
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
167 * |
|
1030
76cae27b5d83
Clarify doc of has_high_integrity
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1029
diff
changeset
|
168 * @returns true if the token has at least high integrity. False on error |
|
76cae27b5d83
Clarify doc of has_high_integrity
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1029
diff
changeset
|
169 * or otherwise. |
|
1029
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
170 */ |
|
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
171 bool has_high_integrity(HANDLE hToken); |
|
6684e5012b7a
(issue98) Set integrity level to medium on restricted token and
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
172 |
|
1010
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
173 /** @brief get a restricted access token to execute nss process |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
174 * |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
175 * This function uses the Software Restriction API to obtain the |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
176 * access token for a process run als normal user. |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
177 * |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
178 * @returns A restricted handle or NULL on error. |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
179 */ |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
180 HANDLE get_restricted_token(); |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
181 |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
182 /** @brief get a normal user access token |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
183 * |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
184 * The trusted acces token is not elevated but has the normal user rights. |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
185 * |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
186 * @returns A normal user handle or NULL on error. |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
187 */ |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
188 HANDLE get_normal_token(); |
|
1c1964c27b39
(issue54) commit work in progress on start after installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
983
diff
changeset
|
189 |
|
670
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
190 #endif |
|
175370634226
Move getProcessOwner to util and use it to skip the current user in locate other hives
Andre Heinecke <andre.heinecke@intevation.de>
parents:
505
diff
changeset
|
191 |
|
505
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
192 #ifdef __cplusplus |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
193 } |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
194 #endif |
|
78959fd970b0
Add is_admin and implement it for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
195 |
|
321
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
196 #endif // COMMON_UTIL_H |