Mercurial > trustbridge
view common/util.h @ 1323:c582b935c120
(issue166) Disable multiple selection for certificates.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 14 Oct 2014 18:10:17 +0200 |
parents | 0a803c3fb5a6 |
children | 8362e30f7b55 |
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=2) * and comes with ABSOLUTELY NO WARRANTY! * See LICENSE.txt for details. */ #ifndef COMMON_UTIL_H #define COMMON_UTIL_H /* @file util.h * @brief The usual useful stuff that fit nowhere else */ #include <stdbool.h> #ifdef WIN32 #include <windows.h> #include <psapi.h> #endif #ifdef __cplusplus extern "C" { #endif #ifndef WIN32 /**@def Some value to use as equivalent as MAX_PATH on windows */ #define MAX_PATH_LINUX 4000 #endif /**@brief Check if the current process is running with elevated privileges. * * Elevates the current process token to check if it is marked as elevated. * Uses TokenElevation on windows and checks effective UID on Linux. * * @returns true if the current process is elevated.*/ bool is_elevated(); /**@brief Check if the Software is installed system wide * * On Windows this checks if a registry key under HKLM exists for * trustbridge and that the installation path mentioned there matches * the current module path. * * On linux this looks for the installation configuration in /etc * and checks if the current process is inside the installation prefix. * * The checked path is limited to MAX_PATH on Windows and \@MAX_PATH_LINUX on * Linux. */ bool is_system_install(); /**@brief Check if the user is in the administrators group. * * The function checks if the account that startet this process * belongs to a user that is a member of the Administrators group. * * @returns True if the user is in the admin group. False otherwise or on error. */ bool is_admin(); /**@brief Get the directory in which the current process resides in * * Look up the directory in which the current process is placed. * If the path is longer then MAX_PATH NULL is returned. * * Returns a utf-8 encoded string that has to be freed by the caller * on linux the path is returned as is including the last /. * * @returns The directory of the current process */ char * get_install_dir(); #ifdef WIN32 /**@brief Get a copy of the processes owner sid * * Copy the SID of the owner of the process hProcess. * * The returned sid structure has to be freed with free by the caller * * @param[in] hProcess A handle to the process whose user should be obtained. * The process must have the PROCESS_QUERY_INFORMATION access permission. * * @returns A copy of the process owners sid or NULL on error. */ PSID get_process_owner(HANDLE hProcess); /**@brief Read (and expand if necessary) a registry string. * * Reads a registry string and calls ExpandEnvironmentString * if necessary on it. Returns a newly allocated string array * with the expanded registry value converted to UTF-8 * * Caller has to free return value with free. * * @param [in] root the root key (e.g. HKEY_LOCAL_MACHINE) * @param [in] key the key * @param [in] name the name of the value to read. * * @returns the expanded, null terminated utf-8 string of the value. * or NULL on error. */ char * read_registry_string (const HKEY root, const wchar_t *key, const wchar_t *name); /**@brief Get the utf-8 encoded path to the program files folder. * * Uses SHGetKnownFolderPath to look up the ProgramFiles folder. * @returns a newly allocated string containing the value or NULL on * error. */ char * get_program_files_folder (); /**@brief Get the path to the program data folder. * * Uses SHGetKnownFolderPath to look up the ProgramData folder. * The return value should be freed with CoTaskMemFree * @returns a reference containing the value or NULL on error. */ wchar_t * get_program_data_folder (); /**@brief Create a directory with restricted access rights * * This creates a security attributes structure that restricts * write access to the Administrators group but allows everyone to read files * in that directory. * Basically a very complicated version of mkdir path -m 644 * * If the directory exists and propagate_acl is set the permissions * of that directory are overwritten with the DACL that would have * been used to create the directory. * * Code based on msdn example: * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx * * @param[in] path Path of the directory to create * @param[in] propagate_acl weather or not objects should inherit * the ACL of this directory. * @param[out] rACL optional pointer to an PACL pointer that should be * the returned value. If rACL is not NULL the caller needs to free the * returned pointer with LocalFree. * * @returns true on success of if the directory exists, false on error */ bool create_restricted_directory (LPWSTR path, bool propagate_acl, PACL *rACL); /**@brief Check the integrity level of the token * * Returns true if the token has at least SECURITY_MANADTORY_HIGH_RID or * higher. * * @param[in] hToken the Token to check * * @returns true if the token has at least high integrity. False on error * or otherwise. */ bool has_high_integrity(HANDLE hToken); /** @brief get a restricted access token to execute nss process * * This function uses the Software Restriction API to obtain the * access token for a process run als normal user. * * @returns A restricted handle or NULL on error. */ HANDLE get_restricted_token(); /** @brief get a normal user access token * * The trusted acces token is not elevated but has the normal user rights. * * @returns A normal user handle or NULL on error. */ HANDLE get_normal_token(); #endif #ifdef __cplusplus } #endif #endif // COMMON_UTIL_H