Record MTU discovery packets in net-internals log.
[chromium-blink-merge.git] / sandbox / win / src / restricted_token.h
blob565880e7787d680b0e75880dc07713ec2a344de2
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_H_
6 #define SANDBOX_SRC_RESTRICTED_TOKEN_H_
8 #include <windows.h>
9 #include <vector>
11 #include "base/basictypes.h"
12 #include "base/strings/string16.h"
13 #include "sandbox/win/src/restricted_token_utils.h"
14 #include "sandbox/win/src/security_level.h"
15 #include "sandbox/win/src/sid.h"
17 // Flags present in the Group SID list. These 2 flags are new in Windows Vista
18 #ifndef SE_GROUP_INTEGRITY
19 #define SE_GROUP_INTEGRITY (0x00000020L)
20 #endif
21 #ifndef SE_GROUP_INTEGRITY_ENABLED
22 #define SE_GROUP_INTEGRITY_ENABLED (0x00000040L)
23 #endif
25 namespace sandbox {
27 // Handles the creation of a restricted token using the effective token or
28 // any token handle.
29 // Sample usage:
30 // RestrictedToken restricted_token;
31 // unsigned err_code = restricted_token.Init(NULL); // Use the current
32 // // effective token
33 // if (ERROR_SUCCESS != err_code) {
34 // // handle error.
35 // }
37 // restricted_token.AddRestrictingSid(ATL::Sids::Users().GetPSID());
38 // HANDLE token_handle;
39 // err_code = restricted_token.GetRestrictedTokenHandle(&token_handle);
40 // if (ERROR_SUCCESS != err_code) {
41 // // handle error.
42 // }
43 // [...]
44 // CloseHandle(token_handle);
45 class RestrictedToken {
46 public:
47 // Init() has to be called before calling any other method in the class.
48 RestrictedToken();
49 ~RestrictedToken();
51 // Initializes the RestrictedToken object with effective_token.
52 // If effective_token is NULL, it initializes the RestrictedToken object with
53 // the effective token of the current process.
54 unsigned Init(HANDLE effective_token);
56 // Creates a restricted token and returns its handle using the token_handle
57 // output parameter. This handle has to be closed by the caller.
58 // If the function succeeds, the return value is ERROR_SUCCESS. If the
59 // function fails, the return value is the win32 error code corresponding to
60 // the error.
61 unsigned GetRestrictedTokenHandle(HANDLE *token_handle) const;
63 // Creates a restricted token and uses this new token to create a new token
64 // for impersonation. Returns the handle of this impersonation token using
65 // the token_handle output parameter. This handle has to be closed by
66 // the caller.
68 // If the function succeeds, the return value is ERROR_SUCCESS. If the
69 // function fails, the return value is the win32 error code corresponding to
70 // the error.
72 // The sample usage is the same as the GetRestrictedTokenHandle function.
73 unsigned GetRestrictedTokenHandleForImpersonation(HANDLE *token_handle) const;
75 // Lists all sids in the token and mark them as Deny Only except for those
76 // present in the exceptions parameter. If there is no exception needed,
77 // the caller can pass an empty list or NULL for the exceptions
78 // parameter.
80 // If the function succeeds, the return value is ERROR_SUCCESS. If the
81 // function fails, the return value is the win32 error code corresponding to
82 // the error.
84 // Sample usage:
85 // std::vector<Sid> sid_exceptions;
86 // sid_exceptions.push_back(ATL::Sids::Users().GetPSID());
87 // sid_exceptions.push_back(ATL::Sids::World().GetPSID());
88 // restricted_token.AddAllSidsForDenyOnly(&sid_exceptions);
89 // Note: A Sid marked for Deny Only in a token cannot be used to grant
90 // access to any resource. It can only be used to deny access.
91 unsigned AddAllSidsForDenyOnly(std::vector<Sid> *exceptions);
93 // Adds a user or group SID for Deny Only in the restricted token.
94 // Parameter: sid is the SID to add in the Deny Only list.
95 // The return value is always ERROR_SUCCESS.
97 // Sample Usage:
98 // restricted_token.AddSidForDenyOnly(ATL::Sids::Admins().GetPSID());
99 unsigned AddSidForDenyOnly(const Sid &sid);
101 // Adds the user sid of the token for Deny Only in the restricted token.
102 // If the function succeeds, the return value is ERROR_SUCCESS. If the
103 // function fails, the return value is the win32 error code corresponding to
104 // the error.
105 unsigned AddUserSidForDenyOnly();
107 // Lists all privileges in the token and add them to the list of privileges
108 // to remove except for those present in the exceptions parameter. If
109 // there is no exception needed, the caller can pass an empty list or NULL
110 // for the exceptions parameter.
112 // If the function succeeds, the return value is ERROR_SUCCESS. If the
113 // function fails, the return value is the win32 error code corresponding to
114 // the error.
116 // Sample usage:
117 // std::vector<base::string16> privilege_exceptions;
118 // privilege_exceptions.push_back(SE_CHANGE_NOTIFY_NAME);
119 // restricted_token.DeleteAllPrivileges(&privilege_exceptions);
120 unsigned DeleteAllPrivileges(
121 const std::vector<base::string16> *exceptions);
123 // Adds a privilege to the list of privileges to remove in the restricted
124 // token.
125 // Parameter: privilege is the privilege name to remove. This is the string
126 // representing the privilege. (e.g. "SeChangeNotifyPrivilege").
127 // If the function succeeds, the return value is ERROR_SUCCESS. If the
128 // function fails, the return value is the win32 error code corresponding to
129 // the error.
131 // Sample usage:
132 // restricted_token.DeletePrivilege(SE_LOAD_DRIVER_NAME);
133 unsigned DeletePrivilege(const wchar_t *privilege);
135 // Adds a SID to the list of restricting sids in the restricted token.
136 // Parameter: sid is the sid to add to the list restricting sids.
137 // The return value is always ERROR_SUCCESS.
139 // Sample usage:
140 // restricted_token.AddRestrictingSid(ATL::Sids::Users().GetPSID());
141 // Note: The list of restricting is used to force Windows to perform all
142 // access checks twice. The first time using your user SID and your groups,
143 // and the second time using your list of restricting sids. The access has
144 // to be granted in both places to get access to the resource requested.
145 unsigned AddRestrictingSid(const Sid &sid);
147 // Adds the logon sid of the token in the list of restricting sids for the
148 // restricted token.
150 // If the function succeeds, the return value is ERROR_SUCCESS. If the
151 // function fails, the return value is the win32 error code corresponding to
152 // the error.
153 unsigned AddRestrictingSidLogonSession();
155 // Adds the owner sid of the token in the list of restricting sids for the
156 // restricted token.
158 // If the function succeeds, the return value is ERROR_SUCCESS. If the
159 // function fails, the return value is the win32 error code corresponding to
160 // the error.
161 unsigned AddRestrictingSidCurrentUser();
163 // Adds all group sids and the user sid to the restricting sids list.
165 // If the function succeeds, the return value is ERROR_SUCCESS. If the
166 // function fails, the return value is the win32 error code corresponding to
167 // the error.
168 unsigned AddRestrictingSidAllSids();
170 // Sets the token integrity level. This is only valid on Vista. The integrity
171 // level cannot be higher than your current integrity level.
172 unsigned SetIntegrityLevel(IntegrityLevel integrity_level);
174 private:
175 // The list of restricting sids in the restricted token.
176 std::vector<Sid> sids_to_restrict_;
177 // The list of privileges to remove in the restricted token.
178 std::vector<LUID> privileges_to_disable_;
179 // The list of sids to mark as Deny Only in the restricted token.
180 std::vector<Sid> sids_for_deny_only_;
181 // The token to restrict. Can only be set in a constructor.
182 HANDLE effective_token_;
183 // The token integrity level. Only valid on Vista.
184 IntegrityLevel integrity_level_;
185 // Tells if the object is initialized or not (if Init() has been called)
186 bool init_;
188 DISALLOW_COPY_AND_ASSIGN(RestrictedToken);
191 } // namespace sandbox
193 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_H_