view common/util.h @ 1395:a2574a029322

Fix Base 64 signature size calculation. If the signature byte size is not equally dividable by three the base 64 encoding needs three additional bytes. The value is now fixed to avoid such errors in the future.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 26 Jan 2015 13:17:32 +0100
parents 8362e30f7b55
children
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#ifndef COMMON_UTIL_H
#define COMMON_UTIL_H
/* @file util.h
 * @brief The usual useful stuff that fit nowhere else
 */
#include <stdbool.h>

#ifdef WIN32
#include <windows.h>
#include <psapi.h>
#endif

#ifdef __cplusplus
extern "C" {
#endif

#ifndef WIN32
/**@def Some value to use as equivalent as MAX_PATH on windows */
#define MAX_PATH_LINUX 4000
#endif

/**@brief Check if the current process is running with elevated privileges.
 *
 * Elevates the current process token to check if it is marked as elevated.
 * Uses TokenElevation on windows and checks effective UID on Linux.
 *
 * @returns true if the current process is elevated.*/
bool is_elevated();

/**@brief Check if the Software is installed system wide
 *
 * On Windows this checks if a registry key under HKLM exists for
 * trustbridge and that the installation path mentioned there matches
 * the current module path.
 *
 * On linux this looks for the installation configuration in /etc
 * and checks if the current process is inside the installation prefix.
 *
 * The checked path is limited to MAX_PATH on Windows and \@MAX_PATH_LINUX on
 * Linux.
 */
bool is_system_install();

/**@brief Check if the user is in the administrators group.
 *
 * The function checks if the account that startet this process
 * belongs to a user that is a member of the Administrators group.
 *
 * @returns True if the user is in the admin group. False otherwise or on error.
 */
bool is_admin();

/**@brief Get the directory in which the current process resides in
 *
 * Look up the directory in which the current process is placed.
 * If the path is longer then MAX_PATH NULL is returned.
 *
 * Returns a utf-8 encoded string that has to be freed by the caller
 * on linux the path is returned as is including the last /.
 *
 * @returns The directory of the current process
 */
char * get_install_dir();

#ifndef WIN32
/**@brief Get the directory in which the process proc resides in
 *
 * Look up the directory in which the process proc is placed.
 * If the path is longer then MAX_PATH NULL is returned.
 *
 * Returns a utf-8 encoded string that has to be freed by the caller
 * on linux the path is returned as is including the last /.
 *
 * @param[in] A process id or special name from the proc file system.
 *
 * @returns The directory of the process
 */
char * get_proc_install_dir(const char *proc);
#endif

#ifdef WIN32
/**@brief Get a copy of the processes owner sid
 *
 * Copy the SID of the owner of the process hProcess.
 *
 * The returned sid structure has to be freed with free by the caller
 *
 * @param[in] hProcess A handle to the process whose user should be obtained.
 * The process must have the PROCESS_QUERY_INFORMATION access permission.
 *
 * @returns A copy of the process owners sid or NULL on error.
 */
PSID get_process_owner(HANDLE hProcess);

/**@brief Read (and expand if necessary) a registry string.
 *
 * Reads a registry string and calls ExpandEnvironmentString
 * if necessary on it. Returns a newly allocated string array
 * with the expanded registry value converted to UTF-8
 *
 * Caller has to free return value with free.
 *
 * @param [in] root the root key (e.g. HKEY_LOCAL_MACHINE)
 * @param [in] key the key
 * @param [in] name the name of the value to read.
 *
 * @returns the expanded, null terminated utf-8 string of the value.
 *          or NULL on error.
 */
char * read_registry_string (const HKEY root, const wchar_t *key,
                             const wchar_t *name);

/**@brief Get the utf-8 encoded path to the program files folder.
 *
 * Uses SHGetKnownFolderPath to look up the ProgramFiles folder.
 * @returns a newly allocated string containing the value or NULL on
 * error.
 */
char * get_program_files_folder ();

/**@brief Get the path to the program data folder.
 *
 * Uses SHGetKnownFolderPath to look up the ProgramData folder.
 * The return value should be freed with CoTaskMemFree
 * @returns a reference containing the value or NULL on error.
 */
wchar_t * get_program_data_folder ();

/**@brief Create a directory with restricted access rights
  *
  * This creates a security attributes structure that restricts
  * write access to the Administrators group but allows everyone to read files
  * in that directory.
  * Basically a very complicated version of mkdir path -m 644
  *
  * If the directory exists and propagate_acl is set the permissions
  * of that directory are overwritten with the DACL that would have
  * been used to create the directory.
  *
  * Code based on msdn example:
  * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx
  *
  * @param[in] path Path of the directory to create
  * @param[in] propagate_acl weather or not objects should inherit
  * the ACL of this directory.
  * @param[out] rACL optional pointer to an PACL pointer that should be
  * the returned value. If rACL is not NULL the caller needs to free the
  * returned pointer with LocalFree.
  *
  * @returns true on success of if the directory exists, false on error
  */
bool create_restricted_directory (LPWSTR path, bool propagate_acl, PACL *rACL);

/**@brief Check the integrity level of the token
  *
  * Returns true if the token has at least SECURITY_MANADTORY_HIGH_RID or
  * higher.
  *
  * @param[in] hToken the Token to check
  *
  * @returns true if the token has at least high integrity. False on error
  * or otherwise.
  */
bool has_high_integrity(HANDLE hToken);

/** @brief get a restricted access token to execute nss process
  *
  * This function uses the Software Restriction API to obtain the
  * access token for a process run als normal user.
  *
  * @returns A restricted handle or NULL on error.
  */
HANDLE get_restricted_token();

/** @brief get a normal user access token
  *
  * The trusted acces token is not elevated but has the normal user rights.
  *
  * @returns A normal user handle or NULL on error.
  */
HANDLE get_normal_token();

#endif

#ifdef __cplusplus
}
#endif

#endif // COMMON_UTIL_H

http://wald.intevation.org/projects/trustbridge/