| blob | 0316b753d40173c70ad9f9beb2842901d0d6572f |
1 /* security.h: security declarations
3 This file is part of Cygwin.
5 This software is a copyrighted work licensed under the terms of the
6 Cygwin license. Please consult the file "CYGWIN_LICENSE" for
7 details. */
9 #pragma once
11 #include <accctrl.h>
12 #include <dsgetdc.h>
14 /* Special file attribute set in set_created_file_access to flag that a file
15 has just been created. Used in get_posix_access. */
16 #define S_JUSTCREATED 0x80000000
18 /* UID/GID */
22 #define ILLEGAL_UID ((uid_t)-1)
23 #define ILLEGAL_GID ((gid_t)-1)
25 /* Offset for accounts in the primary domain of the machine. */
26 #define PRIMARY_POSIX_OFFSET (0x00100000)
28 /* Fake POSIX offsets used in scenarios in which the account has no permission
29 to fetch the POSIX offset, or when the admins have set the offset to an
30 unreasonable low value. The values are chosen in the hope that they won't
31 collide with "real" offsets. */
32 #define NOACCESS_POSIX_OFFSET (0xfe500000)
33 #define UNUSABLE_POSIX_OFFSET (0xfea00000)
35 /* For UNIX accounts not mapped to Windows accounts via winbind, Samba returns
36 SIDs of the form S-1-22-x-y, with x == 1 for users and x == 2 for groups,
37 and y == UNIX uid/gid. NFS returns no SIDs at all, but the plain UNIX
38 uid/gid values.
40 UNIX uid/gid values are mapped to Cygwin uid/gid values 0xff000000 +
41 unix uid/gid. This *might* collide with a posix_offset of some trusted
42 domain, but it's *very* unlikely. Define the mapping as macro. */
43 #define UNIX_POSIX_OFFSET (0xff000000)
44 #define UNIX_POSIX_MASK (0x00ffffff)
45 #define MAP_UNIX_TO_CYGWIN_ID(id) (UNIX_POSIX_OFFSET \
46 | ((id) & UNIX_POSIX_MASK))
48 #define MAX_DACL_LEN(n) (sizeof (ACL) \
49 + (n) * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) \
50 + SECURITY_MAX_SID_SIZE))
51 #define SD_MIN_SIZE (sizeof (SECURITY_DESCRIPTOR) + MAX_DACL_LEN (1))
53 #define SD_MAXIMUM_SIZE 65536
54 #define NO_SID ((PSID)NULL)
56 #ifndef SE_CREATE_TOKEN_PRIVILEGE
57 #define SE_CREATE_TOKEN_PRIVILEGE 2U
58 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3U
59 #define SE_LOCK_MEMORY_PRIVILEGE 4U
60 #define SE_INCREASE_QUOTA_PRIVILEGE 5U
61 #define SE_MACHINE_ACCOUNT_PRIVILEGE 6U
62 #define SE_TCB_PRIVILEGE 7U
63 #define SE_SECURITY_PRIVILEGE 8U
64 #define SE_TAKE_OWNERSHIP_PRIVILEGE 9U
65 #define SE_LOAD_DRIVER_PRIVILEGE 10U
66 #define SE_SYSTEM_PROFILE_PRIVILEGE 11U
67 #define SE_SYSTEMTIME_PRIVILEGE 12U
68 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13U
69 #define SE_INC_BASE_PRIORITY_PRIVILEGE 14U
70 #define SE_CREATE_PAGEFILE_PRIVILEGE 15U
71 #define SE_CREATE_PERMANENT_PRIVILEGE 16U
72 #define SE_BACKUP_PRIVILEGE 17U
73 #define SE_RESTORE_PRIVILEGE 18U
74 #define SE_SHUTDOWN_PRIVILEGE 19U
75 #define SE_DEBUG_PRIVILEGE 20U
76 #define SE_AUDIT_PRIVILEGE 21U
77 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22U
78 #define SE_CHANGE_NOTIFY_PRIVILEGE 23U
79 #define SE_REMOTE_SHUTDOWN_PRIVILEGE 24U
80 #define SE_UNDOCK_PRIVILEGE 25U
81 #define SE_SYNC_AGENT_PRIVILEGE 26U
82 #define SE_ENABLE_DELEGATION_PRIVILEGE 27U
83 #define SE_MANAGE_VOLUME_PRIVILEGE 28U
84 #define SE_IMPERSONATE_PRIVILEGE 29U
85 #define SE_CREATE_GLOBAL_PRIVILEGE 30U
86 #define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE 31U
87 #define SE_RELABEL_PRIVILEGE 32U
88 #define SE_INCREASE_WORKING_SET_PRIVILEGE 33U
89 #define SE_TIME_ZONE_PRIVILEGE 34U
90 #define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE 35U
92 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
96 /* Added for debugging purposes. */
98 BYTE Revision;
99 BYTE SubAuthorityCount;
100 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
104 /* Macro to define variable length SID structures */
105 #define MKSID(name, comment, authority, count, rid...) \
106 static NO_COPY struct { \
107 BYTE Revision; \
108 BYTE SubAuthorityCount; \
109 SID_IDENTIFIER_AUTHORITY IdentifierAuthority; \
110 DWORD SubAuthority[count]; \
111 } name##_struct = { SID_REVISION, count, {authority}, {rid}}; \
112 cygpsid NO_COPY name = (PSID) &name##_struct;
114 #define FILE_READ_BITS (FILE_READ_DATA | GENERIC_READ | GENERIC_ALL)
115 #define FILE_WRITE_BITS (FILE_WRITE_DATA | GENERIC_WRITE | GENERIC_ALL)
116 #define FILE_EXEC_BITS (FILE_EXECUTE | GENERIC_EXECUTE | GENERIC_ALL)
118 /* Convenience macros. The Windows SID access functions are crude. */
119 #define sid_id_auth(s) \
120 (RtlIdentifierAuthoritySid (s)->Value[5])
121 #define sid_sub_auth_count(s) \
122 (*RtlSubAuthorityCountSid ((s)))
123 #define sid_sub_auth(s,i) \
124 (*RtlSubAuthoritySid ((s),(i)))
125 #define sid_sub_auth_rid(s) \
126 (*RtlSubAuthoritySid ((s), (*RtlSubAuthorityCountSid ((s)) - 1)))
128 #ifdef __cplusplus
130 {
131 #endif
132 /* We need these declarations, otherwise g++ complains that the below
133 inline methods use an undefined function, if ntdll.h isn't included. */
136 #ifdef __cplusplus
137 }
138 #endif
144 PSID psid;
160 {
164 }
172 {
175 }
176 };
187 {
190 else
191 {
195 }
197 }
203 /* Both, = and *= are assignment operators. = creates a "normal" SID,
204 *= marks the SID as being a well-known SID. This difference is
205 important when creating a SID list for LSA authentication. */
231 {
234 }
236 {
239 }
244 /* Implemented in pwdgrp.h. */
249 {
251 debug_printf ("%s %s%s", prefix ?: "", string (buf) ?: "NULL", well_known_sid ? " (*)" : " (+)");
252 }
253 };
264 cygsidlist_type type;
268 {
271 else
273 }
279 /* += adds a "normal" SID, *= adds a well-known SID. See comment in class
280 cygsid above. */
286 }
297 {
302 }
308 {
315 }
316 };
318 /* Wrapper class to allow simple deleting of buffer space allocated
319 by read_sd() */
322 PSECURITY_DESCRIPTOR psd;
323 DWORD sd_size;
338 }
342 };
346 cygsid pgsid;
347 cygsidlist sgsids;
348 BOOL ischanged;
352 {
356 }
358 {
360 {
363 }
364 }
366 {
369 }
370 };
399 extern inline BOOL
401 {
403 }
405 extern inline BOOL
407 {
410 }
413 /* File manipulation */
421 security_descriptor &);
433 PSECURITY_ATTRIBUTES psa,
437 PSID user_sid);
439 /* sec_acl.cc */
449 /* Set impersonation or restricted token. */
451 /* LSA private key storage authentication, same as when using service logons. */
453 /* Kerberos or MsV1 S4U logon. */
455 /* Verify an existing token */
457 /* Get groups of a user */
461 };
464 acct_disabled_chk_t check_account_disabled);
466 /* Extract U-domain\user field from passwd entry. */
468 /* Get default logonserver for a domain. */
471 /* Fetch user profile path from registry, if it already exists. */
474 /* Load user profile if it's not already loaded. */
480 /* sec_helper.cc: Security helper functions. */
484 #define _push_thread_privilege(_priv, _val, _check) { \
485 HANDLE _dup_token = NULL; \
486 HANDLE _token = (cygheap->user.issetuid () && (_check)) \
487 ? cygheap->user.primary_token () : hProcToken; \
488 if (!DuplicateTokenEx (_token, MAXIMUM_ALLOWED, NULL, \
489 SecurityImpersonation, TokenImpersonation, \
490 &_dup_token)) \
492 else if (!ImpersonateLoggedOnUser (_dup_token)) \
494 else \
495 set_privilege (_dup_token, (_priv), (_val));
497 #define push_thread_privilege(_priv, _val) _push_thread_privilege(_priv,_val,1)
498 #define push_self_privilege(_priv, _val) _push_thread_privilege(_priv,_val,0)
500 #define pop_thread_privilege() \
501 if (_dup_token) \
502 { \
503 if (!cygheap->user.issetuid ()) \
504 RevertToSelf (); \
505 else \
506 cygheap->user.reimpersonate (); \
507 CloseHandle (_dup_token); \
508 } \
509 }
511 #define pop_self_privilege() pop_thread_privilege()
513 /* shared.cc: */
515 /* Various types of security attributes for use in Create* functions. */
521 #define recycler_sd(users,dir) \
522 (_recycler_sd (alloca (sizeof (SECURITY_DESCRIPTOR) + MAX_DACL_LEN (3)), \
523 (users), \
524 (dir)))
527 #define everyone_sd(access) (_everyone_sd (alloca (SD_MIN_SIZE), (access)))
529 #define sec_none_cloexec(f) (((f) & O_CLOEXEC ? &sec_none_nih : &sec_none))
539 /* Note: sid1 is usually (read: currently always) the current user's
540 effective sid (cygheap->user.sid ()). */
544 {
546 }
551 {
553 }