Mercurial > trustbridge
comparison common/util.c @ 1119:5349e2354c48
(issue54) Merge branch runafterinstall
There is now an NSIS Plugin that executes the Software after
installation using COM in the shell of the current user.
With the way over the shell there is no inheritance /
token management required. As it is impossible to
drop all privileges of a token granted by UAC and
still be able to reelevate the Token again with another
RunAs call later this round trip over the Shell was
necessary.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 16 Sep 2014 19:48:22 +0200 |
| parents | fd85a02d771d |
| children | 2a1206932f53 |
comparison
equal
deleted
inserted
replaced
| 1117:5b6203f78b4e | 1119:5349e2354c48 |
|---|---|
| 14 #include <sys/types.h> | 14 #include <sys/types.h> |
| 15 #include <pwd.h> | 15 #include <pwd.h> |
| 16 #include <grp.h> | 16 #include <grp.h> |
| 17 #include <string.h> | 17 #include <string.h> |
| 18 #else | 18 #else |
| 19 #include <winsafer.h> | |
| 19 #include <windows.h> | 20 #include <windows.h> |
| 20 #include <accctrl.h> | 21 #include <accctrl.h> |
| 21 #include <aclapi.h> | 22 #include <aclapi.h> |
| 22 #include <shlobj.h> | 23 #include <shlobj.h> |
| 23 #endif | 24 #endif |
| 780 LocalFree(descriptor); | 781 LocalFree(descriptor); |
| 781 | 782 |
| 782 return retval; | 783 return retval; |
| 783 } | 784 } |
| 784 #endif | 785 #endif |
| 786 | |
| 787 #ifdef WIN32 | |
| 788 /** @brief get a restricted access token | |
| 789 * | |
| 790 * This function uses the Software Restriction API to obtain the | |
| 791 * access token for a process run als normal user. | |
| 792 * | |
| 793 * @returns A restricted handle or NULL on error. | |
| 794 */ | |
| 795 HANDLE | |
| 796 get_restricted_token() | |
| 797 { | |
| 798 SAFER_LEVEL_HANDLE user_level = NULL; | |
| 799 HANDLE retval = NULL; | |
| 800 SID_IDENTIFIER_AUTHORITY medium_identifier = {SECURITY_MANDATORY_LABEL_AUTHORITY}; | |
| 801 PSID medium_sid = NULL; | |
| 802 TOKEN_MANDATORY_LABEL integrity_label; | |
| 803 | |
| 804 memset (&integrity_label, 0, sizeof (integrity_label)); | |
| 805 | |
| 806 if (!SaferCreateLevel(SAFER_SCOPEID_USER, | |
| 807 SAFER_LEVELID_NORMALUSER, | |
| 808 SAFER_LEVEL_OPEN, &user_level, NULL)) | |
| 809 { | |
| 810 PRINTLASTERROR ("Failed to create user level.\n"); | |
| 811 return NULL; | |
| 812 } | |
| 813 | |
| 814 if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL)) | |
| 815 { | |
| 816 SaferCloseLevel(user_level); | |
| 817 return NULL; | |
| 818 } | |
| 819 | |
| 820 SaferCloseLevel(user_level); | |
| 821 | |
| 822 /* Set the SID to medium it will still be high otherwise. Even if | |
| 823 there is no high access allowed. */ | |
| 824 if (!AllocateAndInitializeSid(&medium_identifier, | |
| 825 1, | |
| 826 SECURITY_MANDATORY_MEDIUM_RID, | |
| 827 0, | |
| 828 0, | |
| 829 0, | |
| 830 0, | |
| 831 0, | |
| 832 0, | |
| 833 0, | |
| 834 &medium_sid)) | |
| 835 { | |
| 836 PRINTLASTERROR ("Failed to initialize sid.\n"); | |
| 837 return NULL; | |
| 838 } | |
| 839 | |
| 840 integrity_label.Label.Attributes = SE_GROUP_INTEGRITY; | |
| 841 integrity_label.Label.Sid = medium_sid; | |
| 842 | |
| 843 if (!SetTokenInformation(retval, | |
| 844 TokenIntegrityLevel, | |
| 845 &integrity_label, | |
| 846 sizeof(TOKEN_MANDATORY_LABEL))) | |
| 847 { | |
| 848 PRINTLASTERROR ("Failed to set token integrity.\n"); | |
| 849 return NULL; | |
| 850 } | |
| 851 | |
| 852 return retval; | |
| 853 } | |
| 854 #endif |