diff options
Diffstat (limited to 'src/inc/securitywrapper.h')
-rw-r--r-- | src/inc/securitywrapper.h | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/src/inc/securitywrapper.h b/src/inc/securitywrapper.h new file mode 100644 index 0000000000..a14d90a922 --- /dev/null +++ b/src/inc/securitywrapper.h @@ -0,0 +1,111 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. +//***************************************************************************** +// File: SecurityWrapper.h +// +// Wrapper around Win32 Security functions +// +//***************************************************************************** + + +#ifndef _SECURITY_WRAPPER_H +#define _SECURITY_WRAPPER_H + +// This file should not even be included on Rotor. + +//----------------------------------------------------------------------------- +// Wrapper around a PSID. +// This class does not own the memory. +//----------------------------------------------------------------------------- +class Sid +{ +public: + // Initial the Sid wrapper around an existing SID. + Sid(PSID pSid); + static bool Equals(const Sid & a, const Sid & b) { return Equals(a.m_pSid, b.m_pSid); } + static bool Equals(const Sid & a, PSID b) { return Equals(a.m_pSid, b); } + static bool Equals(PSID a, const Sid & b) { return Equals(a, b.m_pSid); } + static bool Equals(PSID a, PSID b); + + PSID RawSid() { return m_pSid; } +protected: + // Pointer to Sid buffer. We don't owner the data. + PSID m_pSid; +}; + +//----------------------------------------------------------------------------- +// Wrapper around a PSID with buffer. +//----------------------------------------------------------------------------- +class SidBuffer +{ +public: + SidBuffer(); + ~SidBuffer(); + + // Get the underlying sid + Sid GetSid(); + + // Do we not have a sid? This will be true if init fails. + bool IsNull() { return m_pBuffer == NULL; } + + // Go to definitions to see detailed comments + HRESULT InitFromProcessNoThrow(DWORD pid); + void InitFromProcess(DWORD pid); // throws + HRESULT InitFromProcessUserNoThrow(DWORD pid); + void InitFromProcessUser(DWORD pid); // throws + HRESULT InitFromProcessAppContainerSidNoThrow(DWORD pid); + +protected: + BYTE * m_pBuffer; +}; + +#ifndef FEATURE_PAL + +//----------------------------------------------------------------------------- +// Access Control List. +//----------------------------------------------------------------------------- +class Dacl +{ +public: + Dacl(PACL pAcl); + + SIZE_T GetAceCount(); + ACE_HEADER * GetAce(SIZE_T dwAceIndex); +protected: + PACL m_acl; +}; + +//----------------------------------------------------------------------------- +// Represent a win32 SECURITY_DESCRIPTOR object. +// (Note there's a "SecurityDescriptor" class in the VM for managed goo, +// so we prefix this with "Win32" to avoid a naming collision.) +//----------------------------------------------------------------------------- +class Win32SecurityDescriptor +{ +public: + Win32SecurityDescriptor(); + ~Win32SecurityDescriptor(); + + HRESULT InitFromHandleNoThrow(HANDLE h); + void InitFromHandle(HANDLE h); // throws + + // Gets the owner SID from this SecurityDescriptor. + HRESULT GetOwnerNoThrow( PSID* ppSid ); + Sid GetOwner(); // throws + Dacl GetDacl(); // throws + +protected: + PSECURITY_DESCRIPTOR m_pDesc; +}; + +#endif // FEATURE_PAL + +//----------------------------------------------------------------------------- +// Check if the handle owner belongs to either the process specified by the pid +// or the current process. This lets us know if the handle is spoofed. +//----------------------------------------------------------------------------- +bool IsHandleSpoofed(HANDLE handle, DWORD pid); + + +#endif // _SECURITY_WRAPPER_H |