summaryrefslogtreecommitdiff
path: root/src/inc/securitywrapper.h
diff options
context:
space:
mode:
authorJiyoung Yun <jy910.yun@samsung.com>2016-11-23 10:09:09 (GMT)
committerJiyoung Yun <jy910.yun@samsung.com>2016-11-23 10:09:09 (GMT)
commit4b4aad7217d3292650e77eec2cf4c198ea9c3b4b (patch)
tree98110734c91668dfdbb126fcc0e15ddbd93738ca /src/inc/securitywrapper.h
parentfa45f57ed55137c75ac870356a1b8f76c84b229c (diff)
downloadcoreclr-4b4aad7217d3292650e77eec2cf4c198ea9c3b4b.zip
coreclr-4b4aad7217d3292650e77eec2cf4c198ea9c3b4b.tar.gz
coreclr-4b4aad7217d3292650e77eec2cf4c198ea9c3b4b.tar.bz2
Imported Upstream version 1.1.0upstream/1.1.0
Diffstat (limited to 'src/inc/securitywrapper.h')
-rw-r--r--src/inc/securitywrapper.h111
1 files changed, 111 insertions, 0 deletions
diff --git a/src/inc/securitywrapper.h b/src/inc/securitywrapper.h
new file mode 100644
index 0000000..a14d90a
--- /dev/null
+++ b/src/inc/securitywrapper.h
@@ -0,0 +1,111 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+//*****************************************************************************
+// File: SecurityWrapper.h
+//
+// Wrapper around Win32 Security functions
+//
+//*****************************************************************************
+
+
+#ifndef _SECURITY_WRAPPER_H
+#define _SECURITY_WRAPPER_H
+
+// This file should not even be included on Rotor.
+
+//-----------------------------------------------------------------------------
+// Wrapper around a PSID.
+// This class does not own the memory.
+//-----------------------------------------------------------------------------
+class Sid
+{
+public:
+ // Initial the Sid wrapper around an existing SID.
+ Sid(PSID pSid);
+ static bool Equals(const Sid & a, const Sid & b) { return Equals(a.m_pSid, b.m_pSid); }
+ static bool Equals(const Sid & a, PSID b) { return Equals(a.m_pSid, b); }
+ static bool Equals(PSID a, const Sid & b) { return Equals(a, b.m_pSid); }
+ static bool Equals(PSID a, PSID b);
+
+ PSID RawSid() { return m_pSid; }
+protected:
+ // Pointer to Sid buffer. We don't owner the data.
+ PSID m_pSid;
+};
+
+//-----------------------------------------------------------------------------
+// Wrapper around a PSID with buffer.
+//-----------------------------------------------------------------------------
+class SidBuffer
+{
+public:
+ SidBuffer();
+ ~SidBuffer();
+
+ // Get the underlying sid
+ Sid GetSid();
+
+ // Do we not have a sid? This will be true if init fails.
+ bool IsNull() { return m_pBuffer == NULL; }
+
+ // Go to definitions to see detailed comments
+ HRESULT InitFromProcessNoThrow(DWORD pid);
+ void InitFromProcess(DWORD pid); // throws
+ HRESULT InitFromProcessUserNoThrow(DWORD pid);
+ void InitFromProcessUser(DWORD pid); // throws
+ HRESULT InitFromProcessAppContainerSidNoThrow(DWORD pid);
+
+protected:
+ BYTE * m_pBuffer;
+};
+
+#ifndef FEATURE_PAL
+
+//-----------------------------------------------------------------------------
+// Access Control List.
+//-----------------------------------------------------------------------------
+class Dacl
+{
+public:
+ Dacl(PACL pAcl);
+
+ SIZE_T GetAceCount();
+ ACE_HEADER * GetAce(SIZE_T dwAceIndex);
+protected:
+ PACL m_acl;
+};
+
+//-----------------------------------------------------------------------------
+// Represent a win32 SECURITY_DESCRIPTOR object.
+// (Note there's a "SecurityDescriptor" class in the VM for managed goo,
+// so we prefix this with "Win32" to avoid a naming collision.)
+//-----------------------------------------------------------------------------
+class Win32SecurityDescriptor
+{
+public:
+ Win32SecurityDescriptor();
+ ~Win32SecurityDescriptor();
+
+ HRESULT InitFromHandleNoThrow(HANDLE h);
+ void InitFromHandle(HANDLE h); // throws
+
+ // Gets the owner SID from this SecurityDescriptor.
+ HRESULT GetOwnerNoThrow( PSID* ppSid );
+ Sid GetOwner(); // throws
+ Dacl GetDacl(); // throws
+
+protected:
+ PSECURITY_DESCRIPTOR m_pDesc;
+};
+
+#endif // FEATURE_PAL
+
+//-----------------------------------------------------------------------------
+// Check if the handle owner belongs to either the process specified by the pid
+// or the current process. This lets us know if the handle is spoofed.
+//-----------------------------------------------------------------------------
+bool IsHandleSpoofed(HANDLE handle, DWORD pid);
+
+
+#endif // _SECURITY_WRAPPER_H