Mercurial > trustbridge
view common/util.h @ 1070:f110a3f6e387
(issue114) Fine tune ACL propagation
using mkdir_p the ACL of the parent directories would
propagate to all subdirectories and objects in the directory.
Now we only use ACL propagation in the last directory to make
sure that files we might create in that directory inherit the
correct (resitricted) ACL
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Wed, 10 Sep 2014 16:41:36 +0200 |
parents | 78798d3af8f0 |
children | fd85a02d771d |
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=2) * and comes with ABSOLUTELY NO WARRANTY! * See LICENSE.txt for details. */ #ifndef COMMON_UTIL_H #define COMMON_UTIL_H /* @file util.h * @brief The usual useful stuff that fit nowhere else */ #include <stdbool.h> #ifdef WIN32 #include <windows.h> #include <psapi.h> #endif #ifdef __cplusplus extern "C" { #endif #ifndef WIN32 /**@def Some value to use as equivalent as MAX_PATH on windows */ #define MAX_PATH_LINUX 4000 #endif /**@brief Check if the current process is running with elevated privileges. * * Elevates the current process token to check if it is marked as elevated. * Uses TokenElevation on windows and checks effective UID on Linux. * * @returns true if the current process is elevated.*/ bool is_elevated(); /**@brief Check if the Software is installed system wide * * On Windows this checks if a registry key under HKLM exists for * trustbridge and that the installation path mentioned there matches * the current module path. * * On linux this looks for the installation configuration in /etc * and checks if the current process is inside the installation prefix. * * The checked path is limited to MAX_PATH on Windows and \@MAX_PATH_LINUX on * Linux. */ bool is_system_install(); /**@brief Check if the user is in the administrators group. * * The function checks if the account that startet this process * belongs to a user that is a member of the Administrators group. * * @returns True if the user is in the admin group. False otherwise or on error. */ bool is_admin(); /**@brief Get the directory in which the current process resides in * * Look up the directory in which the current process is placed. * If the path is longer then MAX_PATH NULL is returned. * * Returns a utf-8 encoded string that has to be freed by the caller * on linux the path is returned as is including the last /. * * @returns The directory of the current process */ char * get_install_dir(); #ifdef WIN32 /**@brief Get a copy of the processes owner sid * * Copy the SID of the owner of the process hProcess. * * The returned sid structure has to be freed with free by the caller * * @param[in] hProcess A handle to the process whose user should be obtained. * The process must have the PROCESS_QUERY_INFORMATION access permission. * * @returns A copy of the process owners sid or NULL on error. */ PSID get_process_owner(HANDLE hProcess); /**@brief Read (and expand if necessary) a registry string. * * Reads a registry string and calls ExpandEnvironmentString * if necessary on it. Returns a newly allocated string array * with the expanded registry value converted to UTF-8 * * Caller has to free return value with free. * * @param [in] root the root key (e.g. HKEY_LOCAL_MACHINE) * @param [in] key the key * @param [in] name the name of the value to read. * * @returns the expanded, null terminated utf-8 string of the value. * or NULL on error. */ char * read_registry_string (const HKEY root, const wchar_t *key, const wchar_t *name); /**@brief Get the utf-8 encoded path to the program files folder. * * Uses SHGetKnownFolderPath to look up the ProgramFiles folder. * @returns a newly allocated string containing the value or NULL on * error. */ char * get_program_files_folder (); /**@brief Get the path to the program data folder. * * Uses SHGetKnownFolderPath to look up the ProgramData folder. * The return value should be freed with CoTaskMemFree * @returns a reference containing the value or NULL on error. */ wchar_t * get_program_data_folder (); /**@brief Create a directory with restricted access rights * * This creates a security attributes structure that restricts * write access to the Administrators group but allows everyone to read files * in that directory. * Basically a very complicated version of mkdir path -m 644 * * If the directory exists the permissions of that directory are checked if * they are acceptable and true or false is returned accordingly. * * Code based on msdn example: * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx * * @param[in] path Path of the directory to create * @param[in] propagate_acl weather or not objects should inherit * the ACL of this directory. * * @returns true on success of if the directory exists, false on error */ bool create_restricted_directory (LPWSTR path, bool propagate_acl); /**@briefu Check the integrity level of the token * * Returns true if the token has at least SECURITY_MANADTORY_HIGH_RID or * higher. * * @param[in] hToken the Token to check * * @returns true if the token has at least high integrity. False on error * or otherwise. */ bool has_high_integrity(HANDLE hToken); #endif #ifdef __cplusplus } #endif #endif // COMMON_UTIL_H