Merge pull request #110 from obsti8383/rework-cli

Rework cli
hardentools · Feb 20, 2022 · 44b58b8 · 44b58b8
2 parents 9301f8e + 9f48572
commit 44b58b8
Show file tree

Hide file tree

Showing 9 changed files with 507 additions and 345 deletions.
diff --git a/Makefile b/Makefile
@@ -22,7 +22,7 @@ endif
 	$(GOPATH)/bin/rsrc -arch 386 -manifest harden.manifest -ico harden.ico -o rsrc.syso
 	$(FLAGS_WINDOWS) go build --ldflags '-s -w -extldflags "-static" -H windowsgui' -o $(BUILD_FOLDER)/hardentools.exe
 	@echo "[builder] Building Windows commandline executable"
-	$(FLAGS_WINDOWS) go build --ldflags '-s -w -extldflags "-static"' -o $(BUILD_FOLDER)/hardentools-cli.exe
+	$(FLAGS_WINDOWS) go build -tags cli --ldflags '-s -w -extldflags "-static"' -o $(BUILD_FOLDER)/hardentools-cli.exe
 	@echo "[builder] Done!"
 
 

diff --git a/global_vars.go b/global_vars.go
@@ -0,0 +1,54 @@
+// Hardentools
+// Copyright (C) 2017-2021 Security Without Borders
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package main
+
+import "log"
+
+// allHardenSubjects contains all top level harden subjects that should
+// be considered.
+var allHardenSubjects = []HardenInterface{}
+var hardenSubjectsForUnprivilegedUsers = []HardenInterface{
+	WSH,
+	OfficeOLE,
+	OfficeMacros,
+	OfficeActiveX,
+	OfficeDDE,
+	AdobePDFJS,
+	AdobePDFObjects,
+	AdobePDFProtectedMode,
+	AdobePDFProtectedView,
+	AdobePDFEnhancedSecurity,
+	ShowFileExt,
+}
+var hardenSubjectsForPrivilegedUsers = append(hardenSubjectsForUnprivilegedUsers, []HardenInterface{
+	Autorun,
+	PowerShell,
+	Cmd,
+	UAC,
+	FileAssociations,
+	WindowsASR,
+	LSA,
+}...)
+
+var expertConfig map[string]bool
+
+// Loggers for log output (we only need info and trace, errors have to be
+// displayed in the GUI).
+var (
+	Trace *log.Logger // set this logger to get trace level verbosity logging output
+	Info  *log.Logger // set this logger to get standard logging output
+)
diff --git a/gui.go b/gui.go
@@ -14,63 +14,12 @@
 // You should have received a copy of the GNU General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package main
-
-/*
-// some C code for managing elevated privileges
-#include <windows.h>
-#include <shellapi.h>
-
-// Checks if we are running with elevated privileges (admin rights).
-int IsElevated( ) {
-    boolean fRet = FALSE;
-    HANDLE hToken = NULL;
-    if( OpenProcessToken( GetCurrentProcess( ),TOKEN_QUERY,&hToken ) ) {
-        TOKEN_ELEVATION Elevation;
-        DWORD cbSize = sizeof( TOKEN_ELEVATION );
-        if( GetTokenInformation( hToken, TokenElevation, &Elevation, sizeof( Elevation ), &cbSize ) ) {
-            fRet = Elevation.TokenIsElevated;
-        }
-    }
-    if( hToken ) {
-        CloseHandle( hToken );
-    }
-    if( fRet ){
-		return 1;
-	}
-	else {
-		return 0;
-	}
-}
+//go:build !cli
 
-// Executes the executable in the current directory (or in path) with "runas"
-// to aquire admin privileges.
-int ExecuteWithRunas(char execName[]){
-	SHELLEXECUTEINFO shExecInfo;
-
-	shExecInfo.cbSize = sizeof(SHELLEXECUTEINFO);
-
-	shExecInfo.fMask = 0x00008000;
-	shExecInfo.hwnd = NULL;
-	shExecInfo.lpVerb = "runas";
-	shExecInfo.lpFile = execName;
-	shExecInfo.lpParameters = NULL;
-	shExecInfo.lpDirectory = NULL;
-	shExecInfo.nShow = SW_NORMAL;
-	shExecInfo.hInstApp = NULL;
-
-	boolean success = ShellExecuteEx(&shExecInfo);
-	if (success)
-		return 1;
-	else
-		return 0;
-}
-*/
-import "C"
+package main
 
 import (
 	"errors"
-	"fmt"
 	"os"
 
 	"fyne.io/fyne/v2"
@@ -88,14 +37,11 @@ var inProgressLabel *widget.Label
 func mainGUI() {
 	// Check if hardentools has been started with elevated rights. If not
 	// ask user if she wants to elevate.
-	if C.IsElevated() == 0 {
+	elevationStatus := isElevated()
+	if elevationStatus == false {
 		// Main window must already be open for this dialog to work.
 		askElevationDialog()
 	}
-	elevationStatus := false
-	if C.IsElevated() == 1 {
-		elevationStatus = true
-	}
 
 	// Show splash screen since loading takes some time (at least with admin
 	// privileges) due to sequential reading of all the settings.
@@ -322,7 +268,7 @@ func restartWithElevatedPrivileges() {
 	progName := os.Args[0]
 
 	// Start us again, this time with elevated privileges.
-	if C.ExecuteWithRunas(C.CString(progName)) == 1 {
+	if startWithElevatedPrivs(progName) {
 		// Exit this instance (the unprivileged one).
 		os.Exit(0)
 	} else {
@@ -434,52 +380,62 @@ func cmdRestore() {
 	os.Exit(0)
 }
 
-func cmdHardenRestore(harden bool) {
-	// check if hardentools has been started with elevated rights.
-	elevationStatus := false
-	if C.IsElevated() == 1 {
-		elevationStatus = true
-		Info.Println("Started with elevated rights")
-	} else {
-		Info.Println("Started without elevated rights")
-	}
+// hardenAll starts harden procedure.
+func hardenAll() {
+	showEventsTextArea()
 
-	// check if we are running with elevated rights
-	if elevationStatus == false {
-		allHardenSubjects = hardenSubjectsForUnprivilegedUsers
-	} else {
-		allHardenSubjects = hardenSubjectsForPrivilegedUsers
-	}
+	// Use goroutine to allow gui to update window.
+	go func() {
+		triggerAll(true)
+		markStatus(true)
+		showStatus()
 
-	// check hardening status
-	status := checkStatus()
-	if status == false && harden == false {
-		fmt.Println("Not hardened. Please harden before restoring.")
-		os.Exit(-1)
-	} else if status == true && harden == true {
-		fmt.Println("Already hardened. Please restore before hardening again.")
-		os.Exit(-1)
-	}
+		showEndDialog("Done! Risky features have been hardened!\nFor all changes to take effect please restart Windows.")
+		os.Exit(0)
+	}()
+}
 
-	// build up expert settings checkboxes and map
-	expertConfig = make(map[string]bool)
-	for _, hardenSubject := range allHardenSubjects {
-		var subjectIsHardened = hardenSubject.IsHardened()
-		//var enableField bool
+// RestoreAll starts restore procedure.
+func restoreAll() {
+	showEventsTextArea()
 
-		if status == false {
-			// harden only settings which are not hardened yet
-			expertConfig[hardenSubject.Name()] = !subjectIsHardened && hardenSubject.HardenByDefault()
-		} else {
-			// restore only hardened settings
-			expertConfig[hardenSubject.Name()] = subjectIsHardened
-		}
-	}
+	// Use goroutine to allow gui to update window.
+	go func() {
+		triggerAll(false)
+		restoreSavedRegistryKeys() // TODO: add error handling/visibility to user
+		markStatus(false)
+		showStatus()
+
+		showEndDialog("Done! Restored settings to their original state.\nFor all changes to take effect please restart Windows.")
+		os.Exit(0)
+	}()
+}
+
+// hardenDefaultsAgain restores the original settings and
+// hardens using the default settings (no custom settings apply).
+func hardenDefaultsAgain() {
+	showEventsTextArea()
 
-	triggerAll(harden)
-	if !harden {
+	// Use goroutine to allow gui to update window.
+	go func() {
+		// Restore hardened settings.
+		triggerAll(false)
 		restoreSavedRegistryKeys()
-	}
-	markStatus(harden)
-	showStatus(true)
+		markStatus(false)
+
+		// Reset expertConfig (is set to currently already hardened settings
+		// in case of restore).
+		expertConfig = make(map[string]bool)
+		for _, hardenSubject := range allHardenSubjects {
+			expertConfig[hardenSubject.Name()] = hardenSubject.HardenByDefault()
+		}
+
+		// Harden all settings.
+		triggerAll(true)
+		markStatus(true)
+		showStatus()
+
+		showEndDialog("Done!\nRisky features have been hardened!\nFor all changes to take effect please restart Windows.")
+		os.Exit(0)
+	}()
 }
diff --git a/gui_cli.go b/gui_cli.go
@@ -0,0 +1,57 @@
+// Hardentools
+// Copyright (C) 2017-2021 Security Without Borders
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+//go:build cli
+
+package main
+
+import (
+	"os"
+)
+
+// showErrorDialog shows an error message.
+func showErrorDialog(errorMessage string) {
+	Info.Println("Error: " + errorMessage)
+}
+
+// showInfoDialog shows an info message.
+func showInfoDialog(infoMessage string) {
+	Info.Println("Information: " + infoMessage)
+}
+
+// ShowSuccess sets GUI status of name field to success
+func ShowSuccess(name string) {
+	Info.Println(name + ": Success")
+}
+
+// ShowFailure sets GUI status of name field to failureText
+func ShowFailure(name, failureText string) {
+	Info.Println(name + " failed with error: " + failureText)
+}
+
+func cmdHarden() {
+	cmdHardenRestore(true)
+
+	Info.Println("Done! Risky features have been hardened!\nFor all changes to take effect please restart Windows.")
+	os.Exit(0)
+}
+
+func cmdRestore() {
+	cmdHardenRestore(false)
+
+	Info.Println("Done! Restored settings to their original state.\nFor all changes to take effect please restart Windows.")
+	os.Exit(0)
+}