trustbridge: common/util.c annotate

annotate common/util.c @ 1070:f110a3f6e387

(issue114) Fine tune ACL propagation using mkdir_p the ACL of the parent directories would propagate to all subdirectories and objects in the directory. Now we only use ACL propagation in the last directory to make sure that files we might create in that directory inherit the correct (resitricted) ACL

author	Andre Heinecke <andre.heinecke@intevation.de>
date	Wed, 10 Sep 2014 16:41:36 +0200
parents	1f23803e1f83
children	fd85a02d771d

rev	line source
404 17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 338 diff changeset	1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 338 diff changeset	2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 338 diff changeset	3 *
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 338 diff changeset	4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 338 diff changeset	5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 338 diff changeset	6 * See LICENSE.txt for details.
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 338 diff changeset	7 */
321 824ef90a6721 Move is_elevated into common/util.c file for better reuse Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	8 #include "util.h"
505 78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	9 #include "logging.h"
644 c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	10 #include "strhelp.h"
505 78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	11
323 31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	12 #ifndef _WIN32
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	13 #include <unistd.h>
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	14 #include <sys/types.h>
644 c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	15 #include <pwd.h>
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	16 #include <grp.h>
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	17 #include <string.h>
323 31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	18 #else
321 824ef90a6721 Move is_elevated into common/util.c file for better reuse Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	19 #include <windows.h>
983 427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	20 #include <accctrl.h>
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	21 #include <aclapi.h>
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	22 #include <shlobj.h>
321 824ef90a6721 Move is_elevated into common/util.c file for better reuse Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	23 #endif
824ef90a6721 Move is_elevated into common/util.c file for better reuse Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	24
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	25 #ifndef APPNAME
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	26 #define APPNAME "TrustBridge"
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	27 #endif
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	28
671 d4766b4922c9 Fix linux build Andre Heinecke <andre.heinecke@intevation.de> parents: 670 diff changeset	29 #ifdef WIN32
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	30 char*
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	31 read_registry_string (const HKEY root, const wchar_t *key,
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	32 const wchar_t *name)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	33 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	34 HKEY key_handle = NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	35 DWORD size = 0,
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	36 type = 0,
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	37 ex_size = 0,
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	38 dwRet = 0;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	39 LONG ret = 0;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	40 char *retval = NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	41 wchar_t *buf = NULL,
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	42 *ex_buf = NULL;
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	43 if (root == NULL \|\| key == NULL \|\| name == NULL)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	44 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	45 ERRORPRINTF ("Invalid call to read_registry_string");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	46 return NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	47 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	48
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	49 ret = RegOpenKeyExW (root, key, 0, KEY_READ, &key_handle);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	50 if (ret != ERROR_SUCCESS)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	51 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	52 ERRORPRINTF ("Failed to open key.");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	53 return NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	54 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	55
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	56 /* Get the size */
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	57 ret = RegQueryValueExW (key_handle, name, 0, NULL, NULL, &size);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	58 if (ret != ERROR_MORE_DATA && !(ret == ERROR_SUCCESS && size != 0))
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	59 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	60 ERRORPRINTF ("Failed to get required registry size.");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	61 return retval;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	62 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	63
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	64 /* Size is size in bytes not in characters */
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	65 buf = xmalloc (size + sizeof(wchar_t));
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	66
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	67 /* If the stored value is not zero terminated the returned value also
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	68 is not zero terminated. That's why we reserve more and ensure it's
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	69 initialized. */
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	70 memset (buf, 0, size + sizeof(wchar_t));
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	71
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	72 ret = RegQueryValueExW (key_handle, name, 0, &type, (LPBYTE) buf, &size);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	73 if (ret != ERROR_SUCCESS)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	74 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	75 ERRORPRINTF ("Failed get registry value.");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	76 return retval;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	77 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	78
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	79 if (type == REG_SZ \|\| (type == REG_EXPAND_SZ && wcschr (buf, '%') == NULL))
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	80 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	81 /* Nothing to expand, we are done */
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	82 retval = wchar_to_utf8 (buf, wcslen (buf));
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	83 goto done;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	84 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	85
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	86 if (type != REG_EXPAND_SZ)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	87 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	88 ERRORPRINTF ("Unhandled registry type %i", type);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	89 goto done;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	90 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	91
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	92 /* Expand the registry string */
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	93 ex_size = ExpandEnvironmentStringsW (buf, NULL, 0);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	94
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	95 if (ex_size == 0)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	96 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	97 PRINTLASTERROR ("Failed to determine expanded environment size.");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	98 goto done;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	99 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	100
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	101 ex_buf = xmalloc ((ex_size + 1) * sizeof(wchar_t));
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	102
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	103 dwRet = ExpandEnvironmentStringsW (buf, ex_buf, ex_size);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	104
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	105 ex_buf[ex_size] = '\0'; /* Make sure it's a string */
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	106
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	107 if (dwRet == 0 \|\| dwRet != ex_size)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	108 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	109 PRINTLASTERROR ("Failed to expand environment variables.");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	110 goto done;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	111 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	112
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	113 retval = wchar_to_utf8 (ex_buf, ex_size);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	114
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	115 done:
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	116 xfree (ex_buf);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	117 xfree (buf);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	118
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	119 RegCloseKey (key_handle);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	120 return retval;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	121 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	122
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	123
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	124 /** @brief Compare two paths for equality based on the filename.
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	125 *
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	126 * Expand the paths by using GetFullPathName and do a string
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	127 * comparison on the result to check for equality.
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	128 *
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	129 * To be sure if it is really the same file it would be better
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	130 * to open the files and compare the serial number but this
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	131 * suffices for checks that only impact on the options presented
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	132 * to the user (try a system wide installation or not)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	133 *
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	134 * If one file does not exist the function returns false. If
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	135 * The path is longer then MAX_PATH this function also returns
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	136 * false.
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	137 *
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	138 * @param [in] path1 first path to compare
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	139 * @paran [in] path2 first path to compare
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	140 * @returns true if the paths are the same.
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	141 */
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	142 bool
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	143 paths_equal (const char path1, const char path2)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	144 {
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	145 bool ret = false;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	146 wchar_t buf1[MAX_PATH],
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	147 buf2[MAX_PATH];
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	148 wchar_t *wpath1 = NULL,
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	149 *wpath2 = NULL;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	150 DWORD retval = 0;
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	151
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	152 if (!path1 \|\| !path2)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	153 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	154 return false;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	155 }
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	156
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	157 wpath1 = utf8_to_wchar(path1, strnlen(path1, MAX_PATH));
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	158 wpath2 = utf8_to_wchar(path2, strnlen(path2, MAX_PATH));
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	159
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	160 if (wpath1 == NULL \|\| wpath2 == NULL)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	161 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	162 ERRORPRINTF ("Failed to convert paths to wchar.");
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	163 goto done;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	164 }
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	165
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	166 retval = GetFullPathNameW (wpath1, MAX_PATH, buf1, NULL);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	167 if (retval >= MAX_PATH \|\| retval != wcsnlen (buf1, MAX_PATH))
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	168 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	169 ERRORPRINTF ("Path1 too long.");
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	170 goto done;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	171 }
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	172 if (retval == 0)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	173 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	174 PRINTLASTERROR ("Failed to get Full Path name.");
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	175 goto done;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	176 }
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	177
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	178 retval = GetFullPathNameW (wpath2, MAX_PATH, buf2, NULL);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	179 if (retval >= MAX_PATH \|\| retval != wcsnlen (buf2, MAX_PATH))
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	180 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	181 ERRORPRINTF ("Path2 too long.");
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	182 goto done;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	183 }
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	184 if (retval == 0)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	185 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	186 PRINTLASTERROR ("Failed to get Full Path name.");
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	187 goto done;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	188 }
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	189
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	190 ret = wcscmp (buf1, buf2) == 0;
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	191 done:
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	192 xfree (wpath1);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	193 xfree (wpath2);
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	194
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	195 return ret;
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	196 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	197
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	198 char *
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	199 get_install_dir()
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	200 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	201 wchar_t wPath[MAX_PATH];
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	202 char *utf8path = NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	203 char *dirsep = NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	204
904 f89b41fa7048 Fix whitespace errors Andre Heinecke <andre.heinecke@intevation.de> parents: 841 diff changeset	205 if (!GetModuleFileNameW (NULL, wPath, MAX_PATH - 1))
675 4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	206 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	207 PRINTLASTERROR ("Failed to obtain module file name. Path too long?");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	208 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	209 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	210
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	211 /* wPath might not be 0 terminated */
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	212 wPath[MAX_PATH - 1] = '\0';
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	213
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	214 utf8path = wchar_to_utf8 (wPath, wcsnlen(wPath, MAX_PATH));
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	215
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	216 if (utf8path == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	217 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	218 ERRORPRINTF ("Failed to convert module path to utf-8");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	219 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	220 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	221
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	222 /* Cut away the executable name */
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	223 dirsep = strrchr(utf8path, '\\');
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	224 if (dirsep == NULL)
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	225 {
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	226 ERRORPRINTF ("Failed to find directory seperator.");
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	227 return NULL;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	228 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	229 *dirsep = '\0';
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	230 return utf8path;
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	231 }
4ad764bfb39c Add writing of the NSS line into the registry Andre Heinecke <andre.heinecke@intevation.de> parents: 671 diff changeset	232
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	233 static PSID
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	234 copy_sid(PSID from)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	235 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	236 if (!from)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	237 {
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	238 return 0;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	239 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	240
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	241 DWORD sidLength = GetLengthSid(from);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	242 PSID to = (PSID) xmalloc(sidLength);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	243 CopySid(sidLength, to, from);
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	244 return to;
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	245 }
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	246
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	247 PSID
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	248 get_process_owner(HANDLE hProcess)
175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	249 {
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	250 HANDLE hToken = NULL;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	251 PSID sid;
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	252
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	253 if (hProcess == NULL)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	254 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	255 ERRORPRINTF ("invalid call to get_process_owner");
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	256 return NULL;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	257 }
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	258
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	259 OpenProcessToken(hProcess, TOKEN_READ, &hToken);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	260 if (hToken)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	261 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	262 DWORD size = 0;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	263 PTOKEN_USER userStruct;
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	264
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	265 // check how much space is needed
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	266 GetTokenInformation(hToken, TokenUser, NULL, 0, &size);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	267 if (ERROR_INSUFFICIENT_BUFFER == GetLastError())
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	268 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	269 userStruct = (PTOKEN_USER) xmalloc (size);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	270 GetTokenInformation(hToken, TokenUser, userStruct, size, &size);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	271
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	272 sid = copy_sid(userStruct->User.Sid);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	273 CloseHandle(hToken);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	274 xfree (userStruct);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	275 return sid;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	276 }
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	277 }
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	278 return NULL;
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	279 }
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	280
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	281 bool
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	282 is_system_install()
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	283 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	284 char *reg_inst_dir = NULL,
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	285 *real_prefix = NULL;
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	286 bool ret = false;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	287
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	288 reg_inst_dir = read_registry_string (HKEY_LOCAL_MACHINE,
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	289 L"Software\\"APPNAME, L"");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	290
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	291 if (reg_inst_dir == NULL)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	292 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	293 return false;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	294 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	295 DEBUGPRINTF ("Registered installation directory: %s\n", reg_inst_dir);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	296
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	297 real_prefix = get_install_dir();
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	298
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	299 if (!real_prefix)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	300 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	301 DEBUGPRINTF ("Failed to obtain installation prefix.");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	302 xfree (reg_inst_dir);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	303 return false;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	304 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	305
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	306 ret = paths_equal (real_prefix, reg_inst_dir);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	307
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	308 xfree (real_prefix);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	309 xfree (reg_inst_dir);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	310 DEBUGPRINTF ("Is system install? %s\n", ret ? "true" : "false");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	311 return ret;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	312 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	313 #else /* WIN32 */
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	314
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	315 char *
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	316 get_install_dir()
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	317 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	318 char *retval = NULL,
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	319 *p = NULL,
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 904 diff changeset	320 buf[MAX_PATH_LINUX];
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	321 ssize_t ret;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	322 size_t path_len = 0;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	323
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	324 ret = readlink ("/proc/self/exe", buf, MAX_PATH_LINUX);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	325 if (ret <= 0)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	326 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	327 ERRORPRINTF ("readlink failed\n");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	328 return NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	329 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	330
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	331 buf[ret] = '\0';
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	332
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	333 /* cut off the filename */
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	334 p = strrchr (buf, '/');
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	335 if (p == NULL)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	336 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	337 ERRORPRINTF ("No filename found.\n");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	338 return NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	339 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	340 *(p + 1) = '\0';
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	341
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	342 path_len = strlen (buf);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	343 retval = xmalloc (path_len + 1);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	344 strncpy (retval, buf, path_len);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	345 retval[path_len] = '\0';
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	346
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	347 return retval;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	348 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	349
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	350 bool
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	351 is_system_install()
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	352 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	353 FILE *system_config;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	354 int read_lines = 0;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	355 char linebuf[MAX_PATH_LINUX + 7],
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	356 * inst_dir = NULL;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	357 bool retval = false;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	358 size_t inst_dir_len = 0;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	359
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	360 system_config = fopen ("/etc/"APPNAME"/"APPNAME"-inst.cfg", "r");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	361 if (system_config == NULL)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	362 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	363 DEBUGPRINTF ("No system wide install configuration found.\n");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	364 return false;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	365 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	366 inst_dir = get_install_dir ();
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	367
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	368 if (inst_dir == NULL)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	369 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	370 ERRORPRINTF ("Failed to find installation directory.\n");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	371 fclose(system_config);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	372 return false;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	373 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	374
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	375 inst_dir_len = strnlen (inst_dir, MAX_PATH_LINUX);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	376
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	377 if (inst_dir_len == 0 \|\| inst_dir_len >= MAX_PATH_LINUX)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	378 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	379 ERRORPRINTF ("Installation directory invalid.\n");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	380 fclose(system_config);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	381 return false;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	382 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	383
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	384 /* Read the first 10 lines and look for PREFIX. if it is not found
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	385 we return false. */
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	386 while (read_lines < 10 && fgets (linebuf, MAX_PATH_LINUX + 7,
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	387 system_config) != NULL)
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	388 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	389 if (str_starts_with (linebuf, "PREFIX="))
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	390 {
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	391 /* The last character is always a linebreak in a valid system_config
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	392 file so we can strip it. If this is not true the file is invalid.
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	393 linebuf is > 7 atm otherwise prefix= would not have been matched. */
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	394 linebuf[strlen(linebuf) - 1] = '\0';
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	395 retval = str_starts_with (inst_dir, linebuf + 7);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	396 break;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	397 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	398 read_lines++;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	399 }
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	400
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	401 fclose (system_config);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	402 xfree (inst_dir);
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	403 DEBUGPRINTF ("Is system install? %s\n", retval ? "true" : "false");
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	404 return retval;
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	405 }
671 d4766b4922c9 Fix linux build Andre Heinecke <andre.heinecke@intevation.de> parents: 670 diff changeset	406 #endif
670 175370634226 Move getProcessOwner to util and use it to skip the current user in locate other hives Andre Heinecke <andre.heinecke@intevation.de> parents: 644 diff changeset	407
1031 1f23803e1f83 Fix linux build. Has_high_integrity is only implemented for windows. Andre Heinecke <andre.heinecke@intevation.de> parents: 1029 diff changeset	408 #ifdef WIN32
321 824ef90a6721 Move is_elevated into common/util.c file for better reuse Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	409 bool
1029 6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	410 has_high_integrity(HANDLE hToken)
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	411 {
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	412 PTOKEN_MANDATORY_LABEL integrity_label = NULL;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	413 DWORD integrity_level = 0,
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	414 size = 0;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	415
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	416 if (hToken == NULL \|\| hToken == INVALID_HANDLE_VALUE)
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	417 {
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	418 DEBUGPRINTF ("Invalid parameters.");
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	419 return false;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	420 }
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	421
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	422 /* Get the required size */
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	423 if (!GetTokenInformation(hToken, TokenIntegrityLevel,
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	424 NULL, 0, &size) == ERROR_INSUFFICIENT_BUFFER)
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	425 {
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	426 PRINTLASTERROR ("Failed to get required size.\n");
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	427 return false;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	428 }
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	429 integrity_label = (PTOKEN_MANDATORY_LABEL) LocalAlloc(0, size);
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	430 if (integrity_label == NULL)
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	431 {
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	432 ERRORPRINTF ("Failed to allocate label. \n");
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	433 return false;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	434 }
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	435
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	436 if (!GetTokenInformation(hToken, TokenIntegrityLevel,
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	437 integrity_label, size, &size))
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	438 {
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	439 PRINTLASTERROR ("Failed to get integrity level.\n");
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	440 LocalFree(integrity_label);
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	441 return false;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	442 }
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	443
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	444 /* Get the last integrity level */
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	445 integrity_level = *GetSidSubAuthority(integrity_label->Label.Sid,
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	446 (DWORD)(UCHAR)(*GetSidSubAuthorityCount(
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	447 integrity_label->Label.Sid) - 1));
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	448
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	449 LocalFree (integrity_label);
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	450
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	451 return integrity_level >= SECURITY_MANDATORY_HIGH_RID;
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	452 }
1031 1f23803e1f83 Fix linux build. Has_high_integrity is only implemented for windows. Andre Heinecke <andre.heinecke@intevation.de> parents: 1029 diff changeset	453 #endif
1029 6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	454
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	455 bool
323 31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	456 is_elevated()
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	457 {
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	458 bool ret = false;
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	459 #ifndef _WIN32
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	460 ret = (geteuid() == 0);
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	461 #else
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	462 HANDLE hToken = NULL;
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	463 if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken))
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	464 {
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	465 DWORD elevation;
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	466 DWORD cbSize = sizeof (DWORD);
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	467 if (GetTokenInformation (hToken, TokenElevation, &elevation,
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	468 sizeof (TokenElevation), &cbSize))
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	469 {
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	470 ret = elevation;
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	471 }
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	472 }
1029 6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	473 /* Elevation will be true and ElevationType TokenElevationTypeFull even
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	474 if the token is a user token created by SAFER so we additionally
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	475 check the integrity level of the token which will only be high in
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	476 the real elevated process and medium otherwise. */
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	477
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	478 ret = ret && has_high_integrity (hToken);
6684e5012b7a (issue98) Set integrity level to medium on restricted token and Andre Heinecke <andre.heinecke@intevation.de> parents: 983 diff changeset	479
323 31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	480 if (hToken)
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	481 CloseHandle (hToken);
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	482 #endif
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	483 return ret;
31ba7ed4d50f Made is_elevated portable. Sascha Wilde <wilde@intevation.de> parents: 321 diff changeset	484 }
505 78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	485
983 427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	486 #ifdef _WIN32
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	487 char *
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	488 get_program_files_folder ()
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	489 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	490 wchar_t *folder_name = NULL;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	491 char *retval = NULL;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	492 if (SHGetKnownFolderPath (&FOLDERID_ProgramFiles, /* Get program data dir */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	493 KF_FLAG_NO_ALIAS,
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	494 INVALID_HANDLE_VALUE, /* Get it for the default user */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	495 &folder_name) != S_OK)
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	496 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	497 PRINTLASTERROR ("Failed to get program files folder.");
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	498 return NULL;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	499 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	500
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	501 retval = wchar_to_utf8 (folder_name, wcslen(folder_name));
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	502 CoTaskMemFree (folder_name);
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	503 return retval;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	504 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	505
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	506 /* This is a bit ridicoulous but necessary as shlobj.h contains an inline
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	507 definition. So only one C file may include it and thus we have to put
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	508 all our shlobj calls into one file... */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	509 wchar_t *
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	510 get_program_data_folder ()
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	511 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	512 wchar_t *folder_name = NULL;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	513 if (SHGetKnownFolderPath (&FOLDERID_ProgramData, /* Get program data dir */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	514 KF_FLAG_CREATE \| /* Create if it does not exist */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	515 KF_FLAG_INIT, /* Initialize it if created */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	516 INVALID_HANDLE_VALUE, /* Get it for the default user */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	517 &folder_name) != S_OK)
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	518 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	519 PRINTLASTERROR ("Failed to get folder path");
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	520 return NULL;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	521 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	522 return folder_name;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	523 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	524 #endif
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	525
841 216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	526 bool
216a65d7fc4b (issue66) Implement is_system_install and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 675 diff changeset	527 is_admin()
505 78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	528 {
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	529 #ifndef _WIN32
644 c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	530 struct passwd *current_user = getpwuid (geteuid());
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	531 int ngroups = 0,
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	532 ret = 0,
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	533 i = 0;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	534 gid_t * groups = NULL;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	535
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	536 if (current_user == NULL)
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	537 {
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	538 ERRORPRINTF ("Failed to obtain user information.");
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	539 return false;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	540 }
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	541
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	542 ret = getgrouplist (current_user->pw_name, current_user->pw_gid, NULL,
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	543 &ngroups);
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	544
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	545 if (ret != -1 \|\| ngroups <= 0)
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	546 {
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	547 ERRORPRINTF ("Unknown error in getgrouplist call");
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	548 return false;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	549 }
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	550
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	551 groups = xmalloc (((unsigned int)ngroups) * sizeof (gid_t));
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	552
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	553 ret = getgrouplist (current_user->pw_name, current_user->pw_gid, groups,
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	554 &ngroups);
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	555
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	556 if (ret != ngroups)
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	557 {
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	558 ERRORPRINTF ("Group length mismatch.");
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	559 xfree (groups);
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	560 return false;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	561 }
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	562
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	563 for (i = 0; i < ngroups; i++)
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	564 {
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	565 struct group *gr = getgrgid (groups[i]);
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	566 if (gr == NULL)
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	567 {
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	568 ERRORPRINTF ("Error in group enumeration");
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	569 xfree (groups);
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	570 return false;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	571 }
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	572 if (strcmp("sudo", gr->gr_name) == 0)
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	573 {
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	574 DEBUGPRINTF ("User is in sudo group \n");
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	575 xfree (groups);
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	576 return true;
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	577 }
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	578 }
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	579
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	580 DEBUGPRINTF ("User is not in sudo group");
c7a35fa302ec Check sudo group membership if user to determine if he can elevate privileges Andre Heinecke <andre.heinecke@intevation.de> parents: 505 diff changeset	581
505 78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	582 return false;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	583 #else
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	584 bool retval = false;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	585 BOOL in_admin_group = FALSE;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	586 HANDLE hToken = NULL;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	587 HANDLE hTokenToCheck = NULL;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	588 DWORD cbSize = 0;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	589 TOKEN_ELEVATION_TYPE elevation;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	590 BYTE admin_id[SECURITY_MAX_SID_SIZE];
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	591
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	592 if (!OpenProcessToken(GetCurrentProcess(),
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	593 TOKEN_QUERY \| TOKEN_DUPLICATE, &hToken))
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	594 {
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	595 PRINTLASTERROR ("Failed to duplicate process token.\n");
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	596 return false;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	597 }
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	598
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	599 if (!GetTokenInformation(hToken, TokenElevationType, &elevation,
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	600 sizeof(elevation), &cbSize))
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	601 {
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	602 PRINTLASTERROR ("Failed to get token information.\n");
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	603 goto done;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	604 }
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	605
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	606 /* If limited check the the linked token instead */
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	607 if (TokenElevationTypeLimited == elevation)
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	608 {
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	609 if (!GetTokenInformation(hToken, TokenLinkedToken, &hTokenToCheck,
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	610 sizeof(hTokenToCheck), &cbSize))
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	611 {
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	612 PRINTLASTERROR ("Failed to get the linked token.\n");
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	613 goto done;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	614 }
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	615 }
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	616
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	617 if (!hTokenToCheck) /* The linked token is already of the correct type */
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	618 {
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	619 if (!DuplicateToken(hToken, SecurityIdentification, &hTokenToCheck))
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	620 {
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	621 PRINTLASTERROR ("Failed to duplicate token for identification.\n");
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	622 goto done;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	623 }
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	624 }
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	625
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	626 /* Do the sid dance for the adminSID */
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	627 cbSize = sizeof(admin_id);
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	628 if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, &admin_id,
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	629 &cbSize))
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	630 {
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	631 PRINTLASTERROR ("Failed to get admin sid.\n");
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	632 goto done;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	633 }
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	634
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	635 /* The actual check */
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	636 if (!CheckTokenMembership(hTokenToCheck, &admin_id, &in_admin_group))
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	637 {
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	638 PRINTLASTERROR ("Failed to check token membership.\n");
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	639 goto done;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	640 }
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	641
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	642 if (in_admin_group)
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	643 {
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	644 /* Winbool to standard bool */
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	645 retval = true;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	646 }
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	647
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	648 done:
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	649 if (hToken) CloseHandle(hToken);
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	650 if (hTokenToCheck) CloseHandle(hTokenToCheck);
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	651
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	652 return retval;
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	653 #endif
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	654 }
78959fd970b0 Add is_admin and implement it for windows Andre Heinecke <aheinecke@intevation.de> parents: 404 diff changeset	655
983 427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	656 #ifdef WIN32
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	657 bool
1070 f110a3f6e387 (issue114) Fine tune ACL propagation Andre Heinecke <andre.heinecke@intevation.de> parents: 1031 diff changeset	658 create_restricted_directory (LPWSTR path, bool objects_should_inherit)
983 427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	659 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	660 bool retval = false;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	661 PSID everyone_SID = NULL,
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	662 admin_SID = NULL;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	663 PACL access_control_list = NULL;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	664 PSECURITY_DESCRIPTOR descriptor = NULL;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	665 EXPLICIT_ACCESS explicit_access[2];
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	666 SID_IDENTIFIER_AUTHORITY world_identifier = {SECURITY_WORLD_SID_AUTHORITY},
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	667 admin_identifier = {SECURITY_NT_AUTHORITY};
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	668 SECURITY_ATTRIBUTES security_attributes;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	669
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	670 ZeroMemory(&security_attributes, sizeof(security_attributes));
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	671 ZeroMemory(&explicit_access, 2 * sizeof(EXPLICIT_ACCESS));
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	672
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	673 /* Create a well-known SID for the Everyone group. */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	674 if(!AllocateAndInitializeSid(&world_identifier, /* top-level identifier */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	675 1, /* subauthorties count */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	676 SECURITY_WORLD_RID, /* Only one authority */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	677 0, 0, 0, 0, 0, 0, 0, /* No other authorities*/
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	678 &everyone_SID))
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	679 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	680 PRINTLASTERROR ("Failed to allocate world sid.\n");
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	681 return false;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	682 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	683
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	684 /* Initialize the first EXPLICIT_ACCESS structure for an ACE.
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	685 to allow everyone read access */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	686 explicit_access[0].grfAccessPermissions = GENERIC_READ; /* Give read access */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	687 explicit_access[0].grfAccessMode = SET_ACCESS; /* Overwrite other access for all users */
1070 f110a3f6e387 (issue114) Fine tune ACL propagation Andre Heinecke <andre.heinecke@intevation.de> parents: 1031 diff changeset	688 explicit_access[0].grfInheritance = objects_should_inherit ?
f110a3f6e387 (issue114) Fine tune ACL propagation Andre Heinecke <andre.heinecke@intevation.de> parents: 1031 diff changeset	689 SUB_CONTAINERS_AND_OBJECTS_INHERIT : /* make it stick */
f110a3f6e387 (issue114) Fine tune ACL propagation Andre Heinecke <andre.heinecke@intevation.de> parents: 1031 diff changeset	690 NO_PROPAGATE_INHERIT_ACE; /* Don't inherit */
983 427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	691 explicit_access[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	692 explicit_access[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	693 explicit_access[0].Trustee.ptstrName = (LPTSTR) everyone_SID;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	694
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	695 /* Create the SID for the BUILTIN\Administrators group. */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	696 if(!AllocateAndInitializeSid(&admin_identifier,
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	697 2,
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	698 SECURITY_BUILTIN_DOMAIN_RID, /BUILTIN\ /
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	699 DOMAIN_ALIAS_RID_ADMINS, /\Administrators /
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	700 0, 0, 0, 0, 0, 0, /* No other */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	701 &admin_SID))
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	702 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	703 PRINTLASTERROR ("Failed to allocate admin sid.");
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	704 goto done;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	705 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	706
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	707 /* explicit_access[1] grants admins full rights for this object and inherits
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	708 it to the children */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	709 explicit_access[1].grfAccessPermissions = GENERIC_ALL;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	710 explicit_access[1].grfAccessMode = SET_ACCESS;
1070 f110a3f6e387 (issue114) Fine tune ACL propagation Andre Heinecke <andre.heinecke@intevation.de> parents: 1031 diff changeset	711 explicit_access[1].grfInheritance = objects_should_inherit ?
f110a3f6e387 (issue114) Fine tune ACL propagation Andre Heinecke <andre.heinecke@intevation.de> parents: 1031 diff changeset	712 SUB_CONTAINERS_AND_OBJECTS_INHERIT : /* make it stick */
f110a3f6e387 (issue114) Fine tune ACL propagation Andre Heinecke <andre.heinecke@intevation.de> parents: 1031 diff changeset	713 NO_PROPAGATE_INHERIT_ACE; /* Don't inherit */
983 427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	714 explicit_access[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	715 explicit_access[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	716 explicit_access[1].Trustee.ptstrName = (LPTSTR) admin_SID;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	717
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	718 /* Set up the ACL structure. */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	719 if (ERROR_SUCCESS != SetEntriesInAcl(2, explicit_access, NULL, &access_control_list))
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	720 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	721 PRINTLASTERROR ("Failed to set up Acl.");
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	722 goto done;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	723 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	724
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	725 /* Initialize a security descriptor */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	726 descriptor = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	727 SECURITY_DESCRIPTOR_MIN_LENGTH);
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	728 if (descriptor == NULL)
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	729 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	730 PRINTLASTERROR("Failed to allocate descriptor.");
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	731 goto done;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	732 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	733
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	734 if (!InitializeSecurityDescriptor(descriptor,
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	735 SECURITY_DESCRIPTOR_REVISION))
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	736 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	737 PRINTLASTERROR("Failed to initialize descriptor.");
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	738 goto done;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	739 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	740
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	741 /* Now we add the ACL to the the descriptor */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	742 if (!SetSecurityDescriptorDacl(descriptor,
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	743 TRUE, /* bDaclPresent flag */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	744 access_control_list,
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	745 FALSE)) /* not a default DACL */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	746 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	747 PRINTLASTERROR("Failed to set security descriptor.");
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	748 goto done;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	749 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	750
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	751 /* Finally set up the security attributes structure */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	752 security_attributes.nLength = sizeof (SECURITY_ATTRIBUTES);
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	753 security_attributes.lpSecurityDescriptor = descriptor;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	754 security_attributes.bInheritHandle = FALSE;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	755
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	756 /* Use the security attributes to create the directory */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	757 if (!CreateDirectoryW(path, &security_attributes))
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	758 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	759 DWORD err = GetLastError();
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	760 if (err == ERROR_ALREADY_EXISTS)
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	761 {
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	762 /* Verify that the directory has the correct rights */
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	763 // TODO
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	764 retval = true;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	765 goto done;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	766 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	767 ERRORPRINTF ("Failed to create directory. Err: %lu", err);
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	768 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	769 retval = true;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	770
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	771 done:
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	772
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	773 if (everyone_SID)
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	774 FreeSid(everyone_SID);
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	775 if (admin_SID)
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	776 FreeSid(admin_SID);
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	777 if (access_control_list)
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	778 LocalFree(access_control_list);
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	779 if (descriptor)
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	780 LocalFree(descriptor);
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	781
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	782 return retval;
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	783 }
427e2e18b8c8 Move Shell functions into util Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	784 #endif

Mercurial > trustbridge

annotate common/util.c @ 1070:f110a3f6e387