Mercurial > trustbridge
view common/util.c @ 1328:18211dce3106
Do not free cert context after deletion
CertDeleteCertificateFromStore already frees the context.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Wed, 15 Oct 2014 13:17:02 +0200 |
parents | 2bacaec6e101 |
children | 8362e30f7b55 |
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=2) * and comes with ABSOLUTELY NO WARRANTY! * See LICENSE.txt for details. */ #include "util.h" #include "logging.h" #include "strhelp.h" #ifndef _WIN32 #include <unistd.h> #include <sys/types.h> #include <pwd.h> #include <grp.h> #include <string.h> #else #include <winsafer.h> #include <windows.h> #include <accctrl.h> #include <aclapi.h> #include <shlobj.h> #endif #ifndef APPNAME #define APPNAME "TrustBridge" #endif #ifdef WIN32 char* read_registry_string (const HKEY root, const wchar_t *key, const wchar_t *name) { HKEY key_handle = NULL; DWORD size = 0, type = 0, ex_size = 0, dwRet = 0; LONG ret = 0; char *retval = NULL; wchar_t *buf = NULL, *ex_buf = NULL; if (root == NULL || key == NULL || name == NULL) { ERRORPRINTF ("Invalid call to read_registry_string"); return NULL; } ret = RegOpenKeyExW (root, key, 0, KEY_READ, &key_handle); if (ret != ERROR_SUCCESS) { ERRORPRINTF ("Failed to open key."); return NULL; } /* Get the size */ ret = RegQueryValueExW (key_handle, name, 0, NULL, NULL, &size); if (ret != ERROR_MORE_DATA && !(ret == ERROR_SUCCESS && size != 0)) { ERRORPRINTF ("Failed to get required registry size."); return retval; } /* Size is size in bytes not in characters */ buf = xmalloc (size + sizeof(wchar_t)); /* If the stored value is not zero terminated the returned value also is not zero terminated. That's why we reserve more and ensure it's initialized. */ memset (buf, 0, size + sizeof(wchar_t)); ret = RegQueryValueExW (key_handle, name, 0, &type, (LPBYTE) buf, &size); if (ret != ERROR_SUCCESS) { ERRORPRINTF ("Failed get registry value."); return retval; } if (type == REG_SZ || (type == REG_EXPAND_SZ && wcschr (buf, '%') == NULL)) { /* Nothing to expand, we are done */ retval = wchar_to_utf8 (buf, wcslen (buf)); goto done; } if (type != REG_EXPAND_SZ) { ERRORPRINTF ("Unhandled registry type %i", type); goto done; } /* Expand the registry string */ ex_size = ExpandEnvironmentStringsW (buf, NULL, 0); if (ex_size == 0) { PRINTLASTERROR ("Failed to determine expanded environment size."); goto done; } ex_buf = xmalloc ((ex_size + 1) * sizeof(wchar_t)); dwRet = ExpandEnvironmentStringsW (buf, ex_buf, ex_size); ex_buf[ex_size] = '\0'; /* Make sure it's a string */ if (dwRet == 0 || dwRet != ex_size) { PRINTLASTERROR ("Failed to expand environment variables."); goto done; } retval = wchar_to_utf8 (ex_buf, ex_size); done: xfree (ex_buf); xfree (buf); RegCloseKey (key_handle); return retval; } /** @brief Compare two paths for equality based on the filename. * * Expand the paths by using GetFullPathName and do a string * comparison on the result to check for equality. * * To be sure if it is really the same file it would be better * to open the files and compare the serial number but this * suffices for checks that only impact on the options presented * to the user (try a system wide installation or not) * * If one file does not exist the function returns false. If * The path is longer then MAX_PATH this function also returns * false. * * @param [in] path1 first path to compare * @paran [in] path2 first path to compare * @returns true if the paths are the same. */ bool paths_equal (const char *path1, const char *path2) { bool ret = false; wchar_t buf1[MAX_PATH], buf2[MAX_PATH]; wchar_t *wpath1 = NULL, *wpath2 = NULL; DWORD retval = 0; if (!path1 || !path2) { return false; } wpath1 = utf8_to_wchar(path1, strnlen(path1, MAX_PATH)); wpath2 = utf8_to_wchar(path2, strnlen(path2, MAX_PATH)); if (wpath1 == NULL || wpath2 == NULL) { ERRORPRINTF ("Failed to convert paths to wchar."); goto done; } retval = GetFullPathNameW (wpath1, MAX_PATH, buf1, NULL); if (retval >= MAX_PATH || retval != wcsnlen (buf1, MAX_PATH)) { ERRORPRINTF ("Path1 too long."); goto done; } if (retval == 0) { PRINTLASTERROR ("Failed to get Full Path name."); goto done; } retval = GetFullPathNameW (wpath2, MAX_PATH, buf2, NULL); if (retval >= MAX_PATH || retval != wcsnlen (buf2, MAX_PATH)) { ERRORPRINTF ("Path2 too long."); goto done; } if (retval == 0) { PRINTLASTERROR ("Failed to get Full Path name."); goto done; } ret = wcscmp (buf1, buf2) == 0; done: xfree (wpath1); xfree (wpath2); return ret; } char * get_install_dir() { wchar_t wPath[MAX_PATH]; char *utf8path = NULL; char *dirsep = NULL; if (!GetModuleFileNameW (NULL, wPath, MAX_PATH - 1)) { PRINTLASTERROR ("Failed to obtain module file name. Path too long?"); return NULL; } /* wPath might not be 0 terminated */ wPath[MAX_PATH - 1] = '\0'; utf8path = wchar_to_utf8 (wPath, wcsnlen(wPath, MAX_PATH)); if (utf8path == NULL) { ERRORPRINTF ("Failed to convert module path to utf-8"); return NULL; } /* Cut away the executable name */ dirsep = strrchr(utf8path, '\\'); if (dirsep == NULL) { ERRORPRINTF ("Failed to find directory seperator."); return NULL; } *dirsep = '\0'; return utf8path; } static PSID copy_sid(PSID from) { if (!from) { return 0; } DWORD sidLength = GetLengthSid(from); PSID to = (PSID) xmalloc(sidLength); CopySid(sidLength, to, from); return to; } PSID get_process_owner(HANDLE hProcess) { HANDLE hToken = NULL; PSID sid; if (hProcess == NULL) { ERRORPRINTF ("invalid call to get_process_owner"); return NULL; } OpenProcessToken(hProcess, TOKEN_READ, &hToken); if (hToken) { DWORD size = 0; PTOKEN_USER userStruct; // check how much space is needed GetTokenInformation(hToken, TokenUser, NULL, 0, &size); if (ERROR_INSUFFICIENT_BUFFER == GetLastError()) { userStruct = (PTOKEN_USER) xmalloc (size); GetTokenInformation(hToken, TokenUser, userStruct, size, &size); sid = copy_sid(userStruct->User.Sid); CloseHandle(hToken); xfree (userStruct); return sid; } } return NULL; } bool is_system_install() { char *reg_inst_dir = NULL, *real_prefix = NULL; bool ret = false; reg_inst_dir = read_registry_string (HKEY_LOCAL_MACHINE, L"Software\\"APPNAME, L""); if (reg_inst_dir == NULL) { return false; } DEBUGPRINTF ("Registered installation directory: %s\n", reg_inst_dir); real_prefix = get_install_dir(); if (!real_prefix) { DEBUGPRINTF ("Failed to obtain installation prefix."); xfree (reg_inst_dir); return false; } ret = paths_equal (real_prefix, reg_inst_dir); xfree (real_prefix); xfree (reg_inst_dir); DEBUGPRINTF ("Is system install? %s\n", ret ? "true" : "false"); return ret; } #else /* WIN32 */ char * get_install_dir() { char *retval = NULL, *p = NULL, buf[MAX_PATH_LINUX]; ssize_t ret; size_t path_len = 0; ret = readlink ("/proc/self/exe", buf, MAX_PATH_LINUX); if (ret <= 0) { ERRORPRINTF ("readlink failed\n"); return NULL; } buf[ret] = '\0'; /* cut off the filename */ p = strrchr (buf, '/'); if (p == NULL) { ERRORPRINTF ("No filename found.\n"); return NULL; } *(p + 1) = '\0'; path_len = strlen (buf); retval = xmalloc (path_len + 1); strncpy (retval, buf, path_len); retval[path_len] = '\0'; return retval; } bool is_system_install() { FILE *system_config; int read_lines = 0; char linebuf[MAX_PATH_LINUX + 7], * inst_dir = NULL; bool retval = false; size_t inst_dir_len = 0; system_config = fopen ("/etc/"APPNAME"/"APPNAME"-inst.cfg", "r"); if (system_config == NULL) { DEBUGPRINTF ("No system wide install configuration found.\n"); return false; } inst_dir = get_install_dir (); if (inst_dir == NULL) { ERRORPRINTF ("Failed to find installation directory.\n"); fclose(system_config); return false; } inst_dir_len = strnlen (inst_dir, MAX_PATH_LINUX); if (inst_dir_len == 0 || inst_dir_len >= MAX_PATH_LINUX) { ERRORPRINTF ("Installation directory invalid.\n"); fclose(system_config); return false; } /* Read the first 10 lines and look for PREFIX. if it is not found we return false. */ while (read_lines < 10 && fgets (linebuf, MAX_PATH_LINUX + 7, system_config) != NULL) { if (str_starts_with (linebuf, "PREFIX=")) { /* The last character is always a linebreak in a valid system_config file so we can strip it. If this is not true the file is invalid. linebuf is > 7 atm otherwise prefix= would not have been matched. */ linebuf[strlen(linebuf) - 1] = '\0'; retval = str_starts_with (inst_dir, linebuf + 7); break; } read_lines++; } fclose (system_config); xfree (inst_dir); DEBUGPRINTF ("Is system install? %s\n", retval ? "true" : "false"); return retval; } #endif #ifdef WIN32 bool has_high_integrity(HANDLE hToken) { PTOKEN_MANDATORY_LABEL integrity_label = NULL; DWORD integrity_level = 0, size = 0; if (hToken == NULL || hToken == INVALID_HANDLE_VALUE) { DEBUGPRINTF ("Invalid parameters."); return false; } /* Get the required size */ if (!GetTokenInformation(hToken, TokenIntegrityLevel, NULL, 0, &size) == ERROR_INSUFFICIENT_BUFFER) { PRINTLASTERROR ("Failed to get required size.\n"); return false; } integrity_label = (PTOKEN_MANDATORY_LABEL) LocalAlloc(0, size); if (integrity_label == NULL) { ERRORPRINTF ("Failed to allocate label. \n"); return false; } if (!GetTokenInformation(hToken, TokenIntegrityLevel, integrity_label, size, &size)) { PRINTLASTERROR ("Failed to get integrity level.\n"); LocalFree(integrity_label); return false; } /* Get the last integrity level */ integrity_level = *GetSidSubAuthority(integrity_label->Label.Sid, (DWORD)(UCHAR)(*GetSidSubAuthorityCount( integrity_label->Label.Sid) - 1)); LocalFree (integrity_label); return integrity_level >= SECURITY_MANDATORY_HIGH_RID; } #endif static bool g_is_elevated = false; static bool g_elevated_initalized = false; bool is_elevated() { bool ret = false; if (g_elevated_initalized) { return g_is_elevated; } #ifndef _WIN32 ret = (geteuid() == 0); #else HANDLE hToken = NULL; if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken)) { DWORD elevation; DWORD cbSize = sizeof (DWORD); if (GetTokenInformation (hToken, TokenElevation, &elevation, sizeof (TokenElevation), &cbSize)) { ret = elevation; } } /* Elevation will be true and ElevationType TokenElevationTypeFull even if the token is a user token created by SAFER so we additionally check the integrity level of the token which will only be high in the real elevated process and medium otherwise. */ ret = ret && has_high_integrity (hToken); if (hToken) CloseHandle (hToken); #endif g_is_elevated = ret; g_elevated_initalized = true; return ret; } #ifdef _WIN32 char * get_program_files_folder () { wchar_t *folder_name = NULL; char *retval = NULL; if (SHGetKnownFolderPath (&FOLDERID_ProgramFiles, /* Get program data dir */ KF_FLAG_NO_ALIAS, INVALID_HANDLE_VALUE, /* Get it for the default user */ &folder_name) != S_OK) { PRINTLASTERROR ("Failed to get program files folder."); return NULL; } retval = wchar_to_utf8 (folder_name, wcslen(folder_name)); CoTaskMemFree (folder_name); return retval; } /* This is a bit ridicoulous but necessary as shlobj.h contains an inline definition. So only one C file may include it and thus we have to put all our shlobj calls into one file... */ wchar_t * get_program_data_folder () { wchar_t *folder_name = NULL; if (is_elevated()) { if (SHGetKnownFolderPath (&FOLDERID_ProgramData, /* Get program data dir */ KF_FLAG_CREATE | /* Create if it does not exist */ KF_FLAG_INIT, /* Initialize it if created */ INVALID_HANDLE_VALUE, /* Get it for the default user */ &folder_name) != S_OK) { PRINTLASTERROR ("Failed to get folder path"); return NULL; } } else { if (SHGetKnownFolderPath (&FOLDERID_LocalAppData, /* Get program data dir */ KF_FLAG_CREATE | /* Create if it does not exist */ KF_FLAG_INIT, /* Initialize it if created */ NULL, /* Get it for the default user */ &folder_name) != S_OK) { PRINTLASTERROR ("Failed to get folder path"); return NULL; } } return folder_name; } #endif bool is_admin() { #ifndef _WIN32 struct passwd *current_user = getpwuid (geteuid()); int ngroups = 0, ret = 0, i = 0; gid_t * groups = NULL; if (current_user == NULL) { ERRORPRINTF ("Failed to obtain user information."); return false; } ret = getgrouplist (current_user->pw_name, current_user->pw_gid, NULL, &ngroups); if (ret != -1 || ngroups <= 0) { ERRORPRINTF ("Unknown error in getgrouplist call"); return false; } groups = xmalloc (((unsigned int)ngroups) * sizeof (gid_t)); ret = getgrouplist (current_user->pw_name, current_user->pw_gid, groups, &ngroups); if (ret != ngroups) { ERRORPRINTF ("Group length mismatch."); xfree (groups); return false; } for (i = 0; i < ngroups; i++) { struct group *gr = getgrgid (groups[i]); if (gr == NULL) { ERRORPRINTF ("Error in group enumeration"); xfree (groups); return false; } if (strcmp("sudo", gr->gr_name) == 0) { DEBUGPRINTF ("User is in sudo group \n"); xfree (groups); return true; } } DEBUGPRINTF ("User is not in sudo group"); return false; #else bool retval = false; BOOL in_admin_group = FALSE; HANDLE hToken = NULL; HANDLE hTokenToCheck = NULL; DWORD cbSize = 0; TOKEN_ELEVATION_TYPE elevation; BYTE admin_id[SECURITY_MAX_SID_SIZE]; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_DUPLICATE, &hToken)) { PRINTLASTERROR ("Failed to duplicate process token.\n"); return false; } if (!GetTokenInformation(hToken, TokenElevationType, &elevation, sizeof(elevation), &cbSize)) { PRINTLASTERROR ("Failed to get token information.\n"); goto done; } /* If limited check the the linked token instead */ if (TokenElevationTypeLimited == elevation) { if (!GetTokenInformation(hToken, TokenLinkedToken, &hTokenToCheck, sizeof(hTokenToCheck), &cbSize)) { PRINTLASTERROR ("Failed to get the linked token.\n"); goto done; } } if (!hTokenToCheck) /* The linked token is already of the correct type */ { if (!DuplicateToken(hToken, SecurityIdentification, &hTokenToCheck)) { PRINTLASTERROR ("Failed to duplicate token for identification.\n"); goto done; } } /* Do the sid dance for the adminSID */ cbSize = sizeof(admin_id); if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, &admin_id, &cbSize)) { PRINTLASTERROR ("Failed to get admin sid.\n"); goto done; } /* The actual check */ if (!CheckTokenMembership(hTokenToCheck, &admin_id, &in_admin_group)) { PRINTLASTERROR ("Failed to check token membership.\n"); goto done; } if (in_admin_group) { /* Winbool to standard bool */ retval = true; } done: if (hToken) CloseHandle(hToken); if (hTokenToCheck) CloseHandle(hTokenToCheck); return retval; #endif } #ifdef WIN32 bool create_restricted_directory (LPWSTR path, bool objects_should_inherit, PACL *rACL) { bool retval = false; PSID everyone_SID = NULL, admin_SID = NULL; PACL access_control_list = NULL; PSECURITY_DESCRIPTOR descriptor = NULL; EXPLICIT_ACCESS explicit_access[2]; SID_IDENTIFIER_AUTHORITY world_identifier = {SECURITY_WORLD_SID_AUTHORITY}, admin_identifier = {SECURITY_NT_AUTHORITY}; SECURITY_ATTRIBUTES security_attributes; ZeroMemory(&security_attributes, sizeof(security_attributes)); ZeroMemory(&explicit_access, 2 * sizeof(EXPLICIT_ACCESS)); /* Create a well-known SID for the Everyone group. */ if(!AllocateAndInitializeSid(&world_identifier, /* top-level identifier */ 1, /* subauthorties count */ SECURITY_WORLD_RID, /* Only one authority */ 0, 0, 0, 0, 0, 0, 0, /* No other authorities*/ &everyone_SID)) { PRINTLASTERROR ("Failed to allocate world sid.\n"); return false; } /* Initialize the first EXPLICIT_ACCESS structure for an ACE. to allow everyone read access */ explicit_access[0].grfAccessPermissions = GENERIC_READ; /* Give read access */ explicit_access[0].grfAccessMode = SET_ACCESS; /* Overwrite other access for all users */ explicit_access[0].grfInheritance = objects_should_inherit ? SUB_CONTAINERS_AND_OBJECTS_INHERIT : /* make it stick */ NO_PROPAGATE_INHERIT_ACE; /* Don't inherit */ explicit_access[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; explicit_access[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; explicit_access[0].Trustee.ptstrName = (LPTSTR) everyone_SID; /* Create the SID for the BUILTIN\Administrators group. */ if(!AllocateAndInitializeSid(&admin_identifier, 2, SECURITY_BUILTIN_DOMAIN_RID, /*BUILTIN\ */ DOMAIN_ALIAS_RID_ADMINS, /*\Administrators */ 0, 0, 0, 0, 0, 0, /* No other */ &admin_SID)) { PRINTLASTERROR ("Failed to allocate admin sid."); goto done; } /* explicit_access[1] grants admins full rights for this object and inherits it to the children */ explicit_access[1].grfAccessPermissions = GENERIC_ALL; explicit_access[1].grfAccessMode = SET_ACCESS; explicit_access[1].grfInheritance = objects_should_inherit ? SUB_CONTAINERS_AND_OBJECTS_INHERIT : /* make it stick */ NO_PROPAGATE_INHERIT_ACE; /* Don't inherit */ explicit_access[1].Trustee.TrusteeForm = TRUSTEE_IS_SID; explicit_access[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP; explicit_access[1].Trustee.ptstrName = (LPTSTR) admin_SID; /* Set up the ACL structure. */ if (ERROR_SUCCESS != SetEntriesInAcl(2, explicit_access, NULL, &access_control_list)) { PRINTLASTERROR ("Failed to set up Acl."); goto done; } /* Initialize a security descriptor */ descriptor = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); if (descriptor == NULL) { PRINTLASTERROR("Failed to allocate descriptor."); goto done; } if (!InitializeSecurityDescriptor(descriptor, SECURITY_DESCRIPTOR_REVISION)) { PRINTLASTERROR("Failed to initialize descriptor."); goto done; } /* Now we add the ACL to the the descriptor */ if (!SetSecurityDescriptorDacl(descriptor, TRUE, /* bDaclPresent flag */ access_control_list, FALSE)) /* not a default DACL */ { PRINTLASTERROR("Failed to set security descriptor."); goto done; } /* Finally set up the security attributes structure */ security_attributes.nLength = sizeof (SECURITY_ATTRIBUTES); security_attributes.lpSecurityDescriptor = descriptor; security_attributes.bInheritHandle = FALSE; /* Use the security attributes to create the directory */ if (!CreateDirectoryW(path, &security_attributes)) { DWORD err = GetLastError(); if (err == ERROR_ALREADY_EXISTS) { if (!objects_should_inherit) { /* This means it is a parent directory of something and we should not touch the DACL. */ retval = true; goto done; } /* Set our ACL on the directory */ err = SetNamedSecurityInfoW (path, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, admin_SID, /* owner */ admin_SID, /* group */ access_control_list, /* the dacl */ NULL); if (err != ERROR_SUCCESS) { ERRORPRINTF ("Failed to set security info on folder. Err: %lu", err); goto done; } } else { ERRORPRINTF ("Failed to create directory. Err: %lu", err); goto done; } } retval = true; done: if (retval != true) { ERRORPRINTF ("Failed to create directory for NSS installer instructions."); syslog_error_printf ("Failed to create directory for NSS installer instructions."); } else if (rACL) { *rACL = access_control_list; } if (everyone_SID) FreeSid(everyone_SID); if (admin_SID) FreeSid(admin_SID); if (!rACL && access_control_list) LocalFree(access_control_list); if (descriptor) LocalFree(descriptor); return retval; } #endif #ifdef WIN32 /** @brief get a restricted access token * * This function uses the Software Restriction API to obtain the * access token for a process run als normal user. * * @returns A restricted handle or NULL on error. */ HANDLE get_restricted_token() { SAFER_LEVEL_HANDLE user_level = NULL; HANDLE retval = NULL; SID_IDENTIFIER_AUTHORITY medium_identifier = {SECURITY_MANDATORY_LABEL_AUTHORITY}; PSID medium_sid = NULL; TOKEN_MANDATORY_LABEL integrity_label; memset (&integrity_label, 0, sizeof (integrity_label)); if (!SaferCreateLevel(SAFER_SCOPEID_USER, SAFER_LEVELID_NORMALUSER, SAFER_LEVEL_OPEN, &user_level, NULL)) { PRINTLASTERROR ("Failed to create user level.\n"); return NULL; } if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL)) { SaferCloseLevel(user_level); return NULL; } SaferCloseLevel(user_level); /* Set the SID to medium it will still be high otherwise. Even if there is no high access allowed. */ if (!AllocateAndInitializeSid(&medium_identifier, 1, SECURITY_MANDATORY_MEDIUM_RID, 0, 0, 0, 0, 0, 0, 0, &medium_sid)) { PRINTLASTERROR ("Failed to initialize sid.\n"); return NULL; } integrity_label.Label.Attributes = SE_GROUP_INTEGRITY; integrity_label.Label.Sid = medium_sid; if (!SetTokenInformation(retval, TokenIntegrityLevel, &integrity_label, sizeof(TOKEN_MANDATORY_LABEL))) { PRINTLASTERROR ("Failed to set token integrity.\n"); return NULL; } return retval; } #endif