Mercurial > trustbridge
view common/util.c @ 571:6c4fff146999
Implement codesigning in the administrator tool
author | Andre Heinecke <aheinecke@intevation.de> |
---|---|
date | Fri, 23 May 2014 16:17:18 +0000 |
parents | 78959fd970b0 |
children | c7a35fa302ec |
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=2) * and comes with ABSOLUTELY NO WARRANTY! * See LICENSE.txt for details. */ #include "util.h" #include "logging.h" #ifndef _WIN32 #include <unistd.h> #include <sys/types.h> #else #include <windows.h> #endif bool is_elevated() { bool ret = false; #ifndef _WIN32 ret = (geteuid() == 0); #else HANDLE hToken = NULL; if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken)) { DWORD elevation; DWORD cbSize = sizeof (DWORD); if (GetTokenInformation (hToken, TokenElevation, &elevation, sizeof (TokenElevation), &cbSize)) { ret = elevation; } } if (hToken) CloseHandle (hToken); #endif return ret; } bool is_admin() { #ifndef _WIN32 /* TODO implement */ return false; #else bool retval = false; BOOL in_admin_group = FALSE; HANDLE hToken = NULL; HANDLE hTokenToCheck = NULL; DWORD cbSize = 0; TOKEN_ELEVATION_TYPE elevation; BYTE admin_id[SECURITY_MAX_SID_SIZE]; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_DUPLICATE, &hToken)) { PRINTLASTERROR ("Failed to duplicate process token.\n"); return false; } if (!GetTokenInformation(hToken, TokenElevationType, &elevation, sizeof(elevation), &cbSize)) { PRINTLASTERROR ("Failed to get token information.\n"); goto done; } /* If limited check the the linked token instead */ if (TokenElevationTypeLimited == elevation) { if (!GetTokenInformation(hToken, TokenLinkedToken, &hTokenToCheck, sizeof(hTokenToCheck), &cbSize)) { PRINTLASTERROR ("Failed to get the linked token.\n"); goto done; } } if (!hTokenToCheck) /* The linked token is already of the correct type */ { if (!DuplicateToken(hToken, SecurityIdentification, &hTokenToCheck)) { PRINTLASTERROR ("Failed to duplicate token for identification.\n"); goto done; } } /* Do the sid dance for the adminSID */ cbSize = sizeof(admin_id); if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, &admin_id, &cbSize)) { PRINTLASTERROR ("Failed to get admin sid.\n"); goto done; } /* The actual check */ if (!CheckTokenMembership(hTokenToCheck, &admin_id, &in_admin_group)) { PRINTLASTERROR ("Failed to check token membership.\n"); goto done; } if (in_admin_group) { /* Winbool to standard bool */ retval = true; } done: if (hToken) CloseHandle(hToken); if (hTokenToCheck) CloseHandle(hTokenToCheck); return retval; #endif }