widl: Always check the runtimeclass interfaces presence.
[wine/zf.git] / server / security.h
blob416e1b6902dc05b130b484806eaf9b340b88ddc3
1 /*
2 * Security Management
4 * Copyright (C) 2005 Robert Shearman
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 #ifndef __WINE_SERVER_SECURITY_H
22 #define __WINE_SERVER_SECURITY_H
24 extern const LUID SeIncreaseQuotaPrivilege;
25 extern const LUID SeSecurityPrivilege;
26 extern const LUID SeTakeOwnershipPrivilege;
27 extern const LUID SeLoadDriverPrivilege;
28 extern const LUID SeSystemProfilePrivilege;
29 extern const LUID SeSystemtimePrivilege;
30 extern const LUID SeProfileSingleProcessPrivilege;
31 extern const LUID SeIncreaseBasePriorityPrivilege;
32 extern const LUID SeCreatePagefilePrivilege;
33 extern const LUID SeBackupPrivilege;
34 extern const LUID SeRestorePrivilege;
35 extern const LUID SeShutdownPrivilege;
36 extern const LUID SeDebugPrivilege;
37 extern const LUID SeSystemEnvironmentPrivilege;
38 extern const LUID SeChangeNotifyPrivilege;
39 extern const LUID SeRemoteShutdownPrivilege;
40 extern const LUID SeUndockPrivilege;
41 extern const LUID SeManageVolumePrivilege;
42 extern const LUID SeImpersonatePrivilege;
43 extern const LUID SeCreateGlobalPrivilege;
45 extern const PSID security_world_sid;
46 extern const PSID security_local_user_sid;
47 extern const PSID security_local_system_sid;
48 extern const PSID security_builtin_users_sid;
49 extern const PSID security_builtin_admins_sid;
50 extern const PSID security_domain_users_sid;
51 extern const PSID security_high_label_sid;
54 /* token functions */
56 extern struct token *get_token_obj( struct process *process, obj_handle_t handle, unsigned int access );
57 extern struct token *token_create_admin( int elevation );
58 extern int token_assign_label( struct token *token, PSID label );
59 extern struct token *token_duplicate( struct token *src_token, unsigned primary,
60 int impersonation_level, const struct security_descriptor *sd,
61 const LUID_AND_ATTRIBUTES *remove_privs, unsigned int remove_priv_count,
62 const SID *remove_groups, unsigned int remove_group_count );
63 extern int token_check_privileges( struct token *token, int all_required,
64 const LUID_AND_ATTRIBUTES *reqprivs,
65 unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
66 extern const ACL *token_get_default_dacl( struct token *token );
67 extern const SID *token_get_user( struct token *token );
68 extern const SID *token_get_primary_group( struct token *token );
69 extern int token_sid_present( struct token *token, const SID *sid, int deny);
71 static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace )
73 return (const ACE_HEADER *)((const char *)ace + ace->AceSize);
76 static inline size_t security_sid_len( const SID *sid )
78 return offsetof( SID, SubAuthority[sid->SubAuthorityCount] );
81 static inline int security_equal_sid( const SID *sid1, const SID *sid2 )
83 return ((sid1->SubAuthorityCount == sid2->SubAuthorityCount) &&
84 !memcmp( sid1, sid2, security_sid_len( sid1 )));
87 extern void security_set_thread_token( struct thread *thread, obj_handle_t handle );
88 extern const SID *security_unix_uid_to_sid( uid_t uid );
89 extern int check_object_access( struct token *token, struct object *obj, unsigned int *access );
91 static inline int thread_single_check_privilege( struct thread *thread, const LUID *priv)
93 struct token *token = thread_get_impersonation_token( thread );
94 const LUID_AND_ATTRIBUTES privs = { *priv, 0 };
96 if (!token) return FALSE;
98 return token_check_privileges( token, TRUE, &privs, 1, NULL );
102 /* security descriptor helper functions */
104 extern int sd_is_valid( const struct security_descriptor *sd, data_size_t size );
105 extern ACL *extract_security_labels( const ACL *sacl );
106 extern ACL *replace_security_labels( const ACL *old_sacl, const ACL *new_sacl );
108 /* gets the discretionary access control list from a security descriptor */
109 static inline const ACL *sd_get_dacl( const struct security_descriptor *sd, int *present )
111 *present = (sd->control & SE_DACL_PRESENT) != 0;
113 if (sd->dacl_len)
114 return (const ACL *)((const char *)(sd + 1) +
115 sd->owner_len + sd->group_len + sd->sacl_len);
116 else
117 return NULL;
120 /* gets the system access control list from a security descriptor */
121 static inline const ACL *sd_get_sacl( const struct security_descriptor *sd, int *present )
123 *present = (sd->control & SE_SACL_PRESENT) != 0;
125 if (sd->sacl_len)
126 return (const ACL *)((const char *)(sd + 1) +
127 sd->owner_len + sd->group_len);
128 else
129 return NULL;
132 /* gets the owner from a security descriptor */
133 static inline const SID *sd_get_owner( const struct security_descriptor *sd )
135 if (sd->owner_len)
136 return (const SID *)(sd + 1);
137 else
138 return NULL;
141 /* gets the primary group from a security descriptor */
142 static inline const SID *sd_get_group( const struct security_descriptor *sd )
144 if (sd->group_len)
145 return (const SID *)((const char *)(sd + 1) + sd->owner_len);
146 else
147 return NULL;
150 #endif /* __WINE_SERVER_SECURITY_H */