search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[Mono.Runtime.Tests] Exclude simd tests
[mono-project.git] / mono / metadata / mono-security-windows.c
blob4c01c2d7b64d7daf0bce99614d8ea8584ff36823
1 /**
2 * \file
3 * Windows security support.
4 *
5 * Copyright 2016 Microsoft
6 * Licensed under the MIT license. See LICENSE file in the project root for full license information.
7 */
8 #include <config.h>
9 #include <glib.h>
10
11 #if defined(HOST_WIN32)
12 #include <winsock2.h>
13 #include <windows.h>
14 #include "mono/metadata/mono-security-windows-internals.h"
15
16 #if G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT)
17 #include <aclapi.h>
18 #include <accctrl.h>
19 #endif
20
21 #ifndef PROTECTED_DACL_SECURITY_INFORMATION
22 #define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000L
23 #endif
24
25 #if G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT)
26
27 static gunichar2*
28 GetSidName (gunichar2 *server, PSID sid, gint32 *size)
29 {
30 gunichar2 *uniname = NULL;
31 DWORD cchName = 0;
32 DWORD cchDomain = 0;
33 SID_NAME_USE peUse; /* out */
34
35 LookupAccountSid (server, sid, NULL, &cchName, NULL,
36 &cchDomain, &peUse);
37
38 if ((cchName > 0) && (cchDomain > 0)) {
39 gunichar2 *user = g_malloc0 ((cchName + 1) * 2);
40 gunichar2 *domain = g_malloc0 ((cchDomain + 1) * 2);
41
42 LookupAccountSid (server, sid, user, &cchName, domain,
43 &cchDomain, &peUse);
44
45 if (cchName > 0) {
46 if (cchDomain > 0) {
47 /* domain/machine name included (+ sepearator) */
48 *size = cchName + cchDomain + 1;
49 uniname = g_malloc0 ((*size + 1) * 2);
50 memcpy (uniname, domain, cchDomain * 2);
51 *(uniname + cchDomain) = '\\';
52 memcpy (uniname + cchDomain + 1, user, cchName * 2);
53 g_free (user);
54 }
55 else {
56 /* no domain / machine */
57 *size = cchName;
58 uniname = user;
59 }
60 }
61 else {
62 /* nothing -> return NULL */
63 g_free (user);
64 }
65
66 g_free (domain);
67 }
68
69 return uniname;
70 }
71
72 gpointer
73 mono_security_principal_windows_identity_get_current_token (MonoError *error)
74 {
75 gpointer token = NULL;
76
77 /* Note: This isn't a copy of the Token - we must not close it!!!
78 * http://www.develop.com/kbrown/book/html/whatis_windowsprincipal.html
79 */
80
81 /* thread may be impersonating somebody */
82 if (OpenThreadToken (GetCurrentThread (), MAXIMUM_ALLOWED, 1, &token) == 0) {
83 /* if not take the process identity */
84 OpenProcessToken (GetCurrentProcess (), MAXIMUM_ALLOWED, &token);
85 }
86
87 return token;
88 }
89
90 gpointer
91 ves_icall_System_Security_Principal_WindowsIdentity_GetCurrentToken (MonoError *error)
92 {
93 return mono_security_principal_windows_identity_get_current_token (error);
94 }
95
96 gint32
97 mono_security_win_get_token_name (gpointer token, gunichar2 ** uniname, MonoError *error)
98 {
99 gint32 size = 0;
100
101 GetTokenInformation (token, TokenUser, NULL, size, (PDWORD)&size);
102 if (size > 0) {
103 TOKEN_USER *tu = g_malloc0 (size);
104 if (GetTokenInformation (token, TokenUser, tu, size, (PDWORD)&size)) {
105 *uniname = GetSidName (NULL, tu->User.Sid, &size);
106 }
107 g_free (tu);
108 }
109
110 return size;
111 }
112 #endif /* G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT) */
113
114 MonoStringHandle
115 ves_icall_System_Security_Principal_WindowsIdentity_GetTokenName (gpointer token, MonoError *error)
116 {
117 MonoStringHandle result;
118 gunichar2 *uniname = NULL;
119 gint32 size = 0;
120
121 error_init (error);
122
123 size = mono_security_win_get_token_name (token, &uniname, error);
124
125 if (size > 0) {
126 result = mono_string_new_utf16_handle (mono_domain_get (), uniname, size, error);
127 }
128 else
129 result = mono_string_new_handle (mono_domain_get (), "", error);
130
131 if (uniname)
132 g_free (uniname);
133
134 return result;
135 }
136
137 gpointer
138 ves_icall_System_Security_Principal_WindowsIdentity_GetUserToken (MonoStringHandle username, MonoError *error)
139 {
140 error_init (error);
141 gpointer token = NULL;
142
143 /* TODO: MS has something like this working in Windows 2003 (client and
144 * server) but works only for domain accounts (so it's quite limiting).
145 * http://www.develop.com/kbrown/book/html/howto_logonuser.html
146 */
147 g_warning ("Unsupported on Win32 (anyway requires W2K3 minimum)");
148 return token;
149 }
150
151 #if G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT)
152 MonoArray*
153 ves_icall_System_Security_Principal_WindowsIdentity_GetRoles (gpointer token)
154 {
155 ERROR_DECL (error);
156 MonoArray *array = NULL;
157 MonoDomain *domain = mono_domain_get ();
158
159 gint32 size = 0;
160
161 GetTokenInformation (token, TokenGroups, NULL, size, (PDWORD)&size);
162 if (size > 0) {
163 TOKEN_GROUPS *tg = g_malloc0 (size);
164 if (GetTokenInformation (token, TokenGroups, tg, size, (PDWORD)&size)) {
165 int i=0;
166 int num = tg->GroupCount;
167
168 array = mono_array_new_checked (domain, mono_get_string_class (), num, error);
169 if (mono_error_set_pending_exception (error)) {
170 g_free (tg);
171 return NULL;
172 }
173
174 for (i=0; i < num; i++) {
175 gint32 size = 0;
176 gunichar2 *uniname = GetSidName (NULL, tg->Groups [i].Sid, &size);
177
178 if (uniname) {
179 MonoString *str = mono_string_new_utf16_checked (domain, uniname, size, error);
180 if (!is_ok (error)) {
181 g_free (uniname);
182 g_free (tg);
183 mono_error_set_pending_exception (error);
184 return NULL;
185 }
186 mono_array_setref_internal (array, i, str);
187 g_free (uniname);
188 }
189 }
190 }
191 g_free (tg);
192 }
193
194 if (!array) {
195 /* return empty array of string, i.e. string [0] */
196 array = mono_array_new_checked (domain, mono_get_string_class (), 0, error);
197 mono_error_set_pending_exception (error);
198 }
199 return array;
200 }
201 #endif /* G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT) */
202
203 MonoBoolean
204 ves_icall_System_Security_Principal_WindowsImpersonationContext_CloseToken (gpointer token, MonoError *error)
205 {
206 return !!CloseHandle (token);
207 }
208
209 #if G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT)
210 gpointer
211 ves_icall_System_Security_Principal_WindowsImpersonationContext_DuplicateToken (gpointer token, MonoError *error)
212 {
213 gpointer dupe = NULL;
214 return DuplicateToken (token, SecurityImpersonation, &dupe) ? dupe : NULL;
215 }
216 #endif /* G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT) */
217
218 MonoBoolean
219 ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupId (gpointer user, gpointer group, MonoError *error)
220 {
221 /* The convertion from an ID to a string is done in managed code for Windows */
222 g_warning ("IsMemberOfGroupId should never be called on Win32");
223 return FALSE;
224 }
225
226 MonoBoolean
227 ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupName (gpointer user, const gchar *group, MonoError *error)
228 {
229 /* Windows version use a cache built using WindowsIdentity._GetRoles */
230 g_warning ("IsMemberOfGroupName should never be called on Win32");
231 return FALSE;
232 }
233
234 #if G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT)
235
236 static PSID
237 GetSidHelper (const SID_IDENTIFIER_AUTHORITY *authority, BYTE subAuthorityCount, DWORD subAuthority0, DWORD subAuthority1)
238 {
239 PSID pSid = NULL;
240 // This SID must be freed with FreeSid ().
241 return AllocateAndInitializeSid ((PSID_IDENTIFIER_AUTHORITY)authority, subAuthorityCount,
242 subAuthority0, subAuthority1, 0/*2*/, 0/*3*/, 0/*4*/, 0/*5*/, 0/*6*/, 0/*7*/, &pSid) ? pSid : NULL;
243 }
244
245 static PSID
246 GetAdministratorsSid (void)
247 {
248 const static SID_IDENTIFIER_AUTHORITY admins = { SECURITY_NT_AUTHORITY };
249 // This SID must be freed with FreeSid ().
250 return GetSidHelper (&admins, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS);
251 }
252
253 static PSID
254 GetEveryoneSid (void)
255 {
256 const static SID_IDENTIFIER_AUTHORITY everyone = { SECURITY_WORLD_SID_AUTHORITY };
257 // This SID must be freed with FreeSid ().
258 return GetSidHelper (&everyone, 1, SECURITY_WORLD_RID, 0);
259 }
260
261 static PSID
262 GetCurrentUserSid (MonoError *error)
263 {
264 PSID sid = NULL;
265 DWORD size = 0;
266 gpointer token = mono_security_principal_windows_identity_get_current_token (error);
267
268 GetTokenInformation (token, TokenUser, NULL, size, &size);
269 if (size > 0) {
270 TOKEN_USER *tu = g_malloc0 (size);
271 if (GetTokenInformation (token, TokenUser, tu, size, &size)) {
272 DWORD length = GetLengthSid (tu->User.Sid);
273 sid = (PSID) g_malloc0 (length);
274 if (!CopySid (length, sid, tu->User.Sid)) {
275 g_free (sid);
276 sid = NULL;
277 }
278 }
279 g_free (tu);
280 }
281 /* Note: this SID must be freed with g_free () */
282 return sid;
283 }
284
285 static ACCESS_MASK
286 GetRightsFromSid (PSID sid, PACL acl)
287 {
288 ACCESS_MASK rights = 0;
289 TRUSTEE trustee;
290
291 BuildTrusteeWithSidW (&trustee, sid);
292 if (GetEffectiveRightsFromAcl (acl, &trustee, &rights) != ERROR_SUCCESS)
293 return 0;
294
295 return rights;
296 }
297
298 gboolean
299 mono_security_win_is_machine_protected (const gunichar2 *path, MonoError *error)
300 {
301 gboolean success = FALSE;
302 PACL pDACL = NULL;
303 PSECURITY_DESCRIPTOR pSD = NULL;
304
305 DWORD dwRes = GetNamedSecurityInfoW ((PWSTR)path, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pDACL, NULL, &pSD);
306 if (dwRes != ERROR_SUCCESS)
307 return FALSE;
308
309 /* We check that Everyone is still limited to READ-ONLY -
310 but not if new entries have been added by an Administrator */
311
312 PSID const pEveryoneSid = GetEveryoneSid ();
313 if (pEveryoneSid) {
314 ACCESS_MASK rights = GetRightsFromSid (pEveryoneSid, pDACL);
315 /* http://msdn.microsoft.com/library/en-us/security/security/generic_access_rights.asp?frame=true */
316 success = (rights == (READ_CONTROL | SYNCHRONIZE | FILE_READ_DATA | FILE_READ_EA | FILE_READ_ATTRIBUTES));
317 FreeSid (pEveryoneSid);
318 }
319 /* Note: we don't need to check our own access -
320 we'll know soon enough when reading the file */
321
322 LocalFree (pSD);
323
324 return success;
325 }
326
327 gboolean
328 mono_security_win_is_user_protected (const gunichar2 *path, MonoError *error)
329 {
330 gboolean success = FALSE;
331 PACL pDACL = NULL;
332 PSECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
333
334 DWORD dwRes = GetNamedSecurityInfoW ((PWSTR)path, SE_FILE_OBJECT,
335 DACL_SECURITY_INFORMATION, NULL, NULL, &pDACL, NULL, &pSecurityDescriptor);
336 if (dwRes != ERROR_SUCCESS)
337 return FALSE;
338
339 /* We check that our original entries in the ACL are in place -
340 but not if new entries have been added by the user */
341
342 /* Everyone should be denied */
343 PSID const pEveryoneSid = GetEveryoneSid ();
344 if (pEveryoneSid) {
345 ACCESS_MASK rights = GetRightsFromSid (pEveryoneSid, pDACL);
346 success = (rights == 0);
347 FreeSid (pEveryoneSid);
348 }
349 /* Note: we don't need to check our own access -
350 we'll know soon enough when reading the file */
351
352 LocalFree (pSecurityDescriptor);
353
354 return success;
355 }
356
357 gboolean
358 mono_security_win_protect_machine (const gunichar2 *path, MonoError *error)
359 {
360 PSID pEveryoneSid = GetEveryoneSid ();
361 PSID pAdminsSid = GetAdministratorsSid ();
362 DWORD retval = -1;
363
364 if (pEveryoneSid && pAdminsSid) {
365 PACL pDACL = NULL;
366 EXPLICIT_ACCESS ea [2];
367 ZeroMemory (&ea, sizeof (ea));
368
369 /* grant all access to the BUILTIN\Administrators group */
370 BuildTrusteeWithSidW (&ea [0].Trustee, pAdminsSid);
371 ea [0].grfAccessPermissions = GENERIC_ALL;
372 ea [0].grfAccessMode = SET_ACCESS;
373 ea [0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
374 ea [0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
375 ea [0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
376
377 /* read-only access everyone */
378 BuildTrusteeWithSidW (&ea [1].Trustee, pEveryoneSid);
379 ea [1].grfAccessPermissions = GENERIC_READ;
380 ea [1].grfAccessMode = SET_ACCESS;
381 ea [1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
382 ea [1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
383 ea [1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
384
385 retval = SetEntriesInAcl (2, ea, NULL, &pDACL);
386 if (retval == ERROR_SUCCESS) {
387 /* with PROTECTED_DACL_SECURITY_INFORMATION we */
388 /* remove any existing ACL (like inherited ones) */
389 retval = SetNamedSecurityInfoW ((PWSTR)path, SE_FILE_OBJECT,
390 DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
391 NULL, NULL, pDACL, NULL);
392 }
393 LocalFree (pDACL);
394 }
395
396 if (pEveryoneSid)
397 FreeSid (pEveryoneSid);
398 if (pAdminsSid)
399 FreeSid (pAdminsSid);
400 return retval == ERROR_SUCCESS;
401 }
402
403 gboolean
404 mono_security_win_protect_user (const gunichar2 *path, MonoError *error)
405 {
406 DWORD retval = -1;
407
408 PSID const pCurrentSid = GetCurrentUserSid (error);
409 if (pCurrentSid) {
410 PACL pDACL = NULL;
411 EXPLICIT_ACCESS ea;
412 ZeroMemory (&ea, sizeof (EXPLICIT_ACCESS));
413
414 /* grant exclusive access to the current user */
415 BuildTrusteeWithSidW (&ea.Trustee, pCurrentSid);
416 ea.grfAccessPermissions = GENERIC_ALL;
417 ea.grfAccessMode = SET_ACCESS;
418 ea.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
419 ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
420 ea.Trustee.TrusteeType = TRUSTEE_IS_USER;
421
422 retval = SetEntriesInAcl (1, &ea, NULL, &pDACL);
423 if (retval == ERROR_SUCCESS) {
424 /* with PROTECTED_DACL_SECURITY_INFORMATION we
425 remove any existing ACL (like inherited ones) */
426 retval = SetNamedSecurityInfoW ((PWSTR)path, SE_FILE_OBJECT,
427 DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
428 NULL, NULL, pDACL, NULL);
429 }
430
431 LocalFree (pDACL);
432 g_free (pCurrentSid); /* g_malloc0 */
433 }
434
435 return retval == ERROR_SUCCESS;
436 }
437
438 #endif /* G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT) */
439
440 MonoBoolean
441 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_CanSecure (const gunichar2 *root, MonoError *error)
442 {
443 DWORD flags = 0;
444
445 /* ACL are nice... unless you have FAT or other uncivilized filesystem */
446 if (!GetVolumeInformationW (root, NULL, 0, NULL, NULL, &flags, NULL, 0))
447 return FALSE;
448 return (flags & FS_PERSISTENT_ACLS) == FS_PERSISTENT_ACLS;
449 }
450
451 MonoBoolean
452 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_IsMachineProtected (const gunichar2 *path, MonoError *error)
453 {
454 /* no one, but the owner, should have write access to the directory */
455 return (MonoBoolean)mono_security_win_is_machine_protected (path, error);
456 }
457
458 MonoBoolean
459 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_IsUserProtected (const gunichar2 *path, MonoError *error)
460 {
461 /* no one, but the user, should have access to the directory */
462 return (MonoBoolean)mono_security_win_is_user_protected (path, error);
463 }
464
465 MonoBoolean
466 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_ProtectMachine (const gunichar2 *path, MonoError *error)
467 {
468 /* read/write to owner, read to everyone else */
469 return (MonoBoolean)mono_security_win_protect_machine (path, error);
470 }
471
472 MonoBoolean
473 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_ProtectUser (const gunichar2 *path, MonoError *error)
474 {
475 /* read/write to user, no access to everyone else */
476 return (MonoBoolean)mono_security_win_protect_user (path, error);
477 }
478
479 #endif /* HOST_WIN32 */
Mirror of the official Mono project git repository