Mercurial > trustbridge
comparison common/util.c @ 1118:fd85a02d771d
(issue54) Implement a privilege drop to execute the program after installation.
This commit is extremly ugly as I accidentally worked in a
working tree that was partially merged with default.
To review the real change please check the commit that will
merge this branch into default.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 16 Sep 2014 19:45:19 +0200 |
| parents | 1c1964c27b39 f110a3f6e387 |
| children | 2a1206932f53 |
comparison
equal
deleted
inserted
replaced
| 1117:5b6203f78b4e | 1118:fd85a02d771d |
|---|---|
| 14 #include <sys/types.h> | 14 #include <sys/types.h> |
| 15 #include <pwd.h> | 15 #include <pwd.h> |
| 16 #include <grp.h> | 16 #include <grp.h> |
| 17 #include <string.h> | 17 #include <string.h> |
| 18 #else | 18 #else |
| 19 #include <winsafer.h> | |
| 19 #include <windows.h> | 20 #include <windows.h> |
| 20 #include <accctrl.h> | 21 #include <accctrl.h> |
| 21 #include <aclapi.h> | 22 #include <aclapi.h> |
| 22 #include <shlobj.h> | 23 #include <shlobj.h> |
| 23 #endif | 24 #endif |
| 780 LocalFree(descriptor); | 781 LocalFree(descriptor); |
| 781 | 782 |
| 782 return retval; | 783 return retval; |
| 783 } | 784 } |
| 784 #endif | 785 #endif |
| 786 | |
| 787 #ifdef WIN32 | |
| 788 /** @brief get a restricted access token | |
| 789 * | |
| 790 * This function uses the Software Restriction API to obtain the | |
| 791 * access token for a process run als normal user. | |
| 792 * | |
| 793 * @returns A restricted handle or NULL on error. | |
| 794 */ | |
| 795 HANDLE | |
| 796 get_restricted_token() | |
| 797 { | |
| 798 SAFER_LEVEL_HANDLE user_level = NULL; | |
| 799 HANDLE retval = NULL; | |
| 800 SID_IDENTIFIER_AUTHORITY medium_identifier = {SECURITY_MANDATORY_LABEL_AUTHORITY}; | |
| 801 PSID medium_sid = NULL; | |
| 802 TOKEN_MANDATORY_LABEL integrity_label; | |
| 803 | |
| 804 memset (&integrity_label, 0, sizeof (integrity_label)); | |
| 805 | |
| 806 if (!SaferCreateLevel(SAFER_SCOPEID_USER, | |
| 807 SAFER_LEVELID_NORMALUSER, | |
| 808 SAFER_LEVEL_OPEN, &user_level, NULL)) | |
| 809 { | |
| 810 PRINTLASTERROR ("Failed to create user level.\n"); | |
| 811 return NULL; | |
| 812 } | |
| 813 | |
| 814 if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL)) | |
| 815 { | |
| 816 SaferCloseLevel(user_level); | |
| 817 return NULL; | |
| 818 } | |
| 819 | |
| 820 SaferCloseLevel(user_level); | |
| 821 | |
| 822 /* Set the SID to medium it will still be high otherwise. Even if | |
| 823 there is no high access allowed. */ | |
| 824 if (!AllocateAndInitializeSid(&medium_identifier, | |
| 825 1, | |
| 826 SECURITY_MANDATORY_MEDIUM_RID, | |
| 827 0, | |
| 828 0, | |
| 829 0, | |
| 830 0, | |
| 831 0, | |
| 832 0, | |
| 833 0, | |
| 834 &medium_sid)) | |
| 835 { | |
| 836 PRINTLASTERROR ("Failed to initialize sid.\n"); | |
| 837 return NULL; | |
| 838 } | |
| 839 | |
| 840 integrity_label.Label.Attributes = SE_GROUP_INTEGRITY; | |
| 841 integrity_label.Label.Sid = medium_sid; | |
| 842 | |
| 843 if (!SetTokenInformation(retval, | |
| 844 TokenIntegrityLevel, | |
| 845 &integrity_label, | |
| 846 sizeof(TOKEN_MANDATORY_LABEL))) | |
| 847 { | |
| 848 PRINTLASTERROR ("Failed to set token integrity.\n"); | |
| 849 return NULL; | |
| 850 } | |
| 851 | |
| 852 return retval; | |
| 853 } | |
| 854 #endif |