libc/winsup/cygwin/security.h

/* security.h: security declarations

   Copyright 2000, 2001 Red Hat, Inc.

This file is part of Cygwin.

This software is a copyrighted work licensed under the terms of the
Cygwin license.  Please consult the file "CYGWIN_LICENSE" for
details. */

#define DONT_INHERIT (0)
#define INHERIT_ALL  (CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE)
#define INHERIT_ONLY (INHERIT_ONLY_ACE|CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE)

#define MAX_SID_LEN 40

#define DEFAULT_UID DOMAIN_USER_RID_ADMIN
#define DEFAULT_GID DOMAIN_ALIAS_RID_ADMINS

class cygsid {
  PSID psid;
  char sbuf[MAX_SID_LEN];
public:
  inline cygsid () : psid ((PSID) sbuf) {}
  inline cygsid (PSID nsid) { *this = nsid; }

  inline PSID set () { return psid = (PSID) sbuf; }

  inline const PSID operator= (PSID nsid)
    {
      if (!nsid)
        psid = NULL;
      else
        {
	  psid = (PSID) sbuf;
	  CopySid (MAX_SID_LEN, psid, nsid);
	}
      return psid;
    }
  inline BOOL operator== (PSID nsid)
    {
      if (!psid || !nsid)
        return nsid == psid;
      return EqualSid (psid, nsid);
    }
  inline operator const PSID () { return psid; }
};

extern BOOL allow_ntsec;
extern BOOL allow_smbntsec;

/* These both functions are needed to allow walking through the passwd
   and group lists so they are somehow security related. Besides that
   I didn't find a better place to declare them. */
extern struct passwd *internal_getpwent (int);
extern struct group *internal_getgrent (int);

/* File manipulation */
int __stdcall set_process_privileges ();
int __stdcall get_file_attribute (int, const char *, int *,
				  uid_t * = NULL, gid_t * = NULL);
int __stdcall set_file_attribute (int, const char *, int);
int __stdcall set_file_attribute (int, const char *, uid_t, gid_t, int, const char *);
LONG __stdcall read_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, LPDWORD sd_size);
LONG __stdcall write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size);
BOOL __stdcall add_access_allowed_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit);
BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit);

/* Try a subauthentication. */
HANDLE subauth (struct passwd *pw);

/* sec_helper.cc: Security helper functions. */
char *__stdcall convert_sid_to_string_sid (PSID psid, char *sid_str);
PSID __stdcall convert_string_sid_to_sid (PSID psid, const char *sid_str);
PSID __stdcall get_sid (PSID psid, DWORD s, DWORD cnt, DWORD *r);
BOOL __stdcall get_pw_sid (PSID sid, struct passwd *pw);
BOOL __stdcall get_gr_sid (PSID sid, struct group *gr);
PSID __stdcall get_admin_sid ();
PSID __stdcall get_system_sid ();
PSID __stdcall get_creator_owner_sid ();
PSID __stdcall get_world_sid ();
int get_id_from_sid (PSID psid, BOOL search_grp, int *type);
int __stdcall get_id_from_sid (PSID psid, BOOL search_grp);
BOOL __stdcall legal_sid_type (SID_NAME_USE type);
BOOL __stdcall is_grp_member (uid_t uid, gid_t gid);
/* `lookup_name' should be called instead of LookupAccountName.
 * logsrv may be NULL, in this case only the local system is used for lookup.
 * The buffer for ret_sid (40 Bytes) has to be allocated by the caller! */
BOOL __stdcall lookup_name (const char *, const char *, PSID);
int set_process_privilege (const char *privilege, BOOL enable = TRUE);

extern inline int get_uid_from_sid (PSID psid) { return get_id_from_sid (psid, FALSE);}
extern inline int get_gid_from_sid (PSID psid) { return get_id_from_sid (psid, TRUE); }

/* shared.cc: */
/* Retrieve a security descriptor that allows all access */
SECURITY_DESCRIPTOR *__stdcall get_null_sd (void);

/* Various types of security attributes for use in Create* functions. */
extern SECURITY_ATTRIBUTES sec_none, sec_none_nih, sec_all, sec_all_nih;
extern SECURITY_ATTRIBUTES *__stdcall sec_user (PVOID sa_buf, PSID sid2 = NULL, BOOL inherit = TRUE);
extern SECURITY_ATTRIBUTES *__stdcall sec_user_nih (PVOID sa_buf, PSID sid2 = NULL);

int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int len);
BOOL __stdcall NTWriteEA (const char *file, const char *attrname, char *buf, int len);
Break out more header info into separate files. Use appropriate header files throughout. * shared.h: Remove. * cygwin_version.h: New file. * delqueue.h: New file. * environ.h: New file. * host_dependent.h: New file. * perprocess.h: New file. * registry.h: New file. * security.h: New file. 2000-09-08 04:56:55 +02:00			`/* security.h: security declarations`

* Makefile.in: Add object files `sec_helper.cc' and `sec_acl.cc'. * security.cc: Swap out several functions. * sec_acl.cc: New file. Move Sun compatibel ACL functions from `security.cc' to here. * sec_helper.cc: New file. Move security helper functions from `security.cc' to here. * security.h: Changed to accomodate the above changes. * grp.cc: Replace `group_in_memory_p' by `group_state'. Eliminate group_sem throughout. (enum grp_state): New enumeration type. (read_etc_group): Make race safe. * security.cc: Eliminate group_sem throughout. 2001-04-20 15:02:32 +02:00			`Copyright 2000, 2001 Red Hat, Inc.`
Break out more header info into separate files. Use appropriate header files throughout. * shared.h: Remove. * cygwin_version.h: New file. * delqueue.h: New file. * environ.h: New file. * host_dependent.h: New file. * perprocess.h: New file. * registry.h: New file. * security.h: New file. 2000-09-08 04:56:55 +02:00
			`This file is part of Cygwin.`

			`This software is a copyrighted work licensed under the terms of the`
			`Cygwin license. Please consult the file "CYGWIN_LICENSE" for`
			`details. */`

* Makefile.in: Add object files `sec_helper.cc' and `sec_acl.cc'. * security.cc: Swap out several functions. * sec_acl.cc: New file. Move Sun compatibel ACL functions from `security.cc' to here. * sec_helper.cc: New file. Move security helper functions from `security.cc' to here. * security.h: Changed to accomodate the above changes. * grp.cc: Replace `group_in_memory_p' by `group_state'. Eliminate group_sem throughout. (enum grp_state): New enumeration type. (read_etc_group): Make race safe. * security.cc: Eliminate group_sem throughout. 2001-04-20 15:02:32 +02:00			`#define DONT_INHERIT (0)`
			`#define INHERIT_ALL (CONTAINER_INHERIT_ACE\|OBJECT_INHERIT_ACE)`
			`#define INHERIT_ONLY (INHERIT_ONLY_ACE\|CONTAINER_INHERIT_ACE\|OBJECT_INHERIT_ACE)`

* autoload.cc: Add LoadDLLfunc statements for SetTokenInformation@16. * cygheap.cc: Include security.h. * grp.cc (internal_getgrent): New function. (getgroups): Rearranged using `internal_getgrent' and the new `cygsid' class. * passwd.cc (internal_getpwent): New function. * sec_acl.cc: Use new `cygsid' class throughout. (acl_access): Use `internal_getgrent' instead of `getgrent'. * sec_helper.cc: Use new `cygsid' class throughout. (get_id_from_sid): Use `internal_getgrent' instead of `getgrent'. Use `internal_getpwent' instead of `getpwent'. * security.cc: Use new `cygsid' class throughout. * security.h: Move `MAX_SID_LEN' from winsup.h to here. Add extern declarations for `internal_getgrent' and `internal_getpwent'. (class cygsid): New class. * shared.cc (sec_user): Use new `cygsid' class. * syscalls.cc (seteuid): Try to set owner to user and primary group to current group in impersonation token before performing impersonation. (setegid): Try to set primary group in process token to the new group if ntsec is on. * uinfo.cc (internal_getlogin): Use new `cygsid' class. Try to set owner to user and primary group to current group in process token if the process has been started from a non cygwin process. (uinfo_init): Set primary group only if the process has been started from a non cygwin process. * winsup.h: Move define for `MAX_SID_LEN' to security.h. 2001-04-25 11:43:25 +02:00			`#define MAX_SID_LEN 40`

* grp.cc: Eliminate MAX_DOMAIN_NAME define. (read_etc_group): Substitute MAX_DOMAIN_NAME by INTERNET_MAX_HOST_NAME_LENGTH. * passwd.cc (parse_pwd): Don't force pw_name to be lower case. * sec_helper.cc: Substitute MAX_USER_NAME by UNLEN, MAX_COMPUTERNAME_LENGTH by INTERNET_MAX_HOST_NAME_LENGTH throughout. (lookup_name): Slight cleanup. * security.cc (alloc_sd): Substitute MAX_USER_NAME by UNLEN. * security.h: Define DEFAULT_UID as DOMAIN_USER_RID_ADMIN and DEFAULT_GID as DOMAIN_ALIAS_RID_ADMINS. * shared.cc (memory_init): Substitute MAX_USER_NAME by UNLEN. * thread.h: Ditto. * uinfo.cc (internal_getlogin): Substitute MAX_USER_NAME by UNLEN. Substitute MAX_COMPUTERNAME_LENGTH and MAX_HOST_NAME by INTERNET_MAX_HOST_NAME_LENGTH. * winsup.h: Include lmcons.h. Eliminate MAX_USER_NAME and MAX_HOST_NAME. Move DEFAULT_UID and DEFAULT_GID to security.h. 2001-04-30 20:21:48 +02:00			`#define DEFAULT_UID DOMAIN_USER_RID_ADMIN`
			`#define DEFAULT_GID DOMAIN_ALIAS_RID_ADMINS`

* autoload.cc: Add LoadDLLfunc statements for SetTokenInformation@16. * cygheap.cc: Include security.h. * grp.cc (internal_getgrent): New function. (getgroups): Rearranged using `internal_getgrent' and the new `cygsid' class. * passwd.cc (internal_getpwent): New function. * sec_acl.cc: Use new `cygsid' class throughout. (acl_access): Use `internal_getgrent' instead of `getgrent'. * sec_helper.cc: Use new `cygsid' class throughout. (get_id_from_sid): Use `internal_getgrent' instead of `getgrent'. Use `internal_getpwent' instead of `getpwent'. * security.cc: Use new `cygsid' class throughout. * security.h: Move `MAX_SID_LEN' from winsup.h to here. Add extern declarations for `internal_getgrent' and `internal_getpwent'. (class cygsid): New class. * shared.cc (sec_user): Use new `cygsid' class. * syscalls.cc (seteuid): Try to set owner to user and primary group to current group in impersonation token before performing impersonation. (setegid): Try to set primary group in process token to the new group if ntsec is on. * uinfo.cc (internal_getlogin): Use new `cygsid' class. Try to set owner to user and primary group to current group in process token if the process has been started from a non cygwin process. (uinfo_init): Set primary group only if the process has been started from a non cygwin process. * winsup.h: Move define for `MAX_SID_LEN' to security.h. 2001-04-25 11:43:25 +02:00			`class cygsid {`
			`PSID psid;`
			`char sbuf[MAX_SID_LEN];`
			`public:`
			`inline cygsid () : psid ((PSID) sbuf) {}`
			`inline cygsid (PSID nsid) { *this = nsid; }`

			`inline PSID set () { return psid = (PSID) sbuf; }`

			`inline const PSID operator= (PSID nsid)`
			`{`
			`if (!nsid)`
			`psid = NULL;`
			`else`
			`{`
			`psid = (PSID) sbuf;`
			`CopySid (MAX_SID_LEN, psid, nsid);`
			`}`
			`return psid;`
			`}`
			`inline BOOL operator== (PSID nsid)`
			`{`
			`if (!psid \|\| !nsid)`
			`return nsid == psid;`
			`return EqualSid (psid, nsid);`
			`}`
			`inline operator const PSID () { return psid; }`
			`};`

* Makefile.in: Add object files `sec_helper.cc' and `sec_acl.cc'. * security.cc: Swap out several functions. * sec_acl.cc: New file. Move Sun compatibel ACL functions from `security.cc' to here. * sec_helper.cc: New file. Move security helper functions from `security.cc' to here. * security.h: Changed to accomodate the above changes. * grp.cc: Replace `group_in_memory_p' by `group_state'. Eliminate group_sem throughout. (enum grp_state): New enumeration type. (read_etc_group): Make race safe. * security.cc: Eliminate group_sem throughout. 2001-04-20 15:02:32 +02:00			`extern BOOL allow_ntsec;`
			`extern BOOL allow_smbntsec;`

* autoload.cc: Add LoadDLLfunc statements for SetTokenInformation@16. * cygheap.cc: Include security.h. * grp.cc (internal_getgrent): New function. (getgroups): Rearranged using `internal_getgrent' and the new `cygsid' class. * passwd.cc (internal_getpwent): New function. * sec_acl.cc: Use new `cygsid' class throughout. (acl_access): Use `internal_getgrent' instead of `getgrent'. * sec_helper.cc: Use new `cygsid' class throughout. (get_id_from_sid): Use `internal_getgrent' instead of `getgrent'. Use `internal_getpwent' instead of `getpwent'. * security.cc: Use new `cygsid' class throughout. * security.h: Move `MAX_SID_LEN' from winsup.h to here. Add extern declarations for `internal_getgrent' and `internal_getpwent'. (class cygsid): New class. * shared.cc (sec_user): Use new `cygsid' class. * syscalls.cc (seteuid): Try to set owner to user and primary group to current group in impersonation token before performing impersonation. (setegid): Try to set primary group in process token to the new group if ntsec is on. * uinfo.cc (internal_getlogin): Use new `cygsid' class. Try to set owner to user and primary group to current group in process token if the process has been started from a non cygwin process. (uinfo_init): Set primary group only if the process has been started from a non cygwin process. * winsup.h: Move define for `MAX_SID_LEN' to security.h. 2001-04-25 11:43:25 +02:00			`/* These both functions are needed to allow walking through the passwd`
			`and group lists so they are somehow security related. Besides that`
			`I didn't find a better place to declare them. */`
			`extern struct passwd *internal_getpwent (int);`
			`extern struct group *internal_getgrent (int);`

Break out more header info into separate files. Use appropriate header files throughout. * shared.h: Remove. * cygwin_version.h: New file. * delqueue.h: New file. * environ.h: New file. * host_dependent.h: New file. * perprocess.h: New file. * registry.h: New file. * security.h: New file. 2000-09-08 04:56:55 +02:00			`/* File manipulation */`
			`int __stdcall set_process_privileges ();`
			`int __stdcall get_file_attribute (int, const char , int ,`
			`uid_t * = NULL, gid_t * = NULL);`
			`int __stdcall set_file_attribute (int, const char *, int);`
			`int __stdcall set_file_attribute (int, const char , uid_t, gid_t, int, const char );`
* Makefile.in: Add object files `sec_helper.cc' and `sec_acl.cc'. * security.cc: Swap out several functions. * sec_acl.cc: New file. Move Sun compatibel ACL functions from `security.cc' to here. * sec_helper.cc: New file. Move security helper functions from `security.cc' to here. * security.h: Changed to accomodate the above changes. * grp.cc: Replace `group_in_memory_p' by `group_state'. Eliminate group_sem throughout. (enum grp_state): New enumeration type. (read_etc_group): Make race safe. * security.cc: Eliminate group_sem throughout. 2001-04-20 15:02:32 +02:00			`LONG __stdcall read_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, LPDWORD sd_size);`
			`LONG __stdcall write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size);`
			`BOOL __stdcall add_access_allowed_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit);`
			`BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PSID sid, size_t &len_add, DWORD inherit);`

* autoload.cc: Add LoadDLLinitfunc for secur32.dll. Add LoadDLLfuncEx statements for AllocateLocallyUniqueId@4, DuplicateTokenEx@24, LsaNtStatusToWinError@4, LsaDeregisterLogonProcess@4, LsaFreeReturnBuffer@4, LsaLogonUser@56, LsaLookupAuthenticationPackage@12, LsaRegisterLogonProcess@12, * environ.cc: Add extern declaration for `subauth_id'. (subauth_id_init): New function for setting `subauth_id'. (struct parse_thing): Add entry for `subauth_id'. * fork.cc (fork_parent): Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'. * security.cc: Define global variable `subauth_id'. (extract_nt_dom_user): New function. (cygwin_logon_user): Call `extract_nt_dom_user' now. (str2lsa): New static function. (str2buf2lsa): Ditto. (str2buf2uni): Ditto. (subauth): Ditto. * security.h: Add prototype for `subauth'. * spawn.cc (spawn_guts): Use cygheap->user.token only if impersonated. Use `cygsid' type. Remove impersonation before allowing access to workstation/desktop to everyone. Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'. * syscalls.cc (seteuid): Rearranged to allow using subauthentication to retrieve user tokens when needed. 2001-04-30 23:19:42 +02:00			`/* Try a subauthentication. */`
			`HANDLE subauth (struct passwd *pw);`
* Makefile.in: Add object files `sec_helper.cc' and `sec_acl.cc'. * security.cc: Swap out several functions. * sec_acl.cc: New file. Move Sun compatibel ACL functions from `security.cc' to here. * sec_helper.cc: New file. Move security helper functions from `security.cc' to here. * security.h: Changed to accomodate the above changes. * grp.cc: Replace `group_in_memory_p' by `group_state'. Eliminate group_sem throughout. (enum grp_state): New enumeration type. (read_etc_group): Make race safe. * security.cc: Eliminate group_sem throughout. 2001-04-20 15:02:32 +02:00
			`/* sec_helper.cc: Security helper functions. */`
			`char __stdcall convert_sid_to_string_sid (PSID psid, char sid_str);`
			`PSID __stdcall convert_string_sid_to_sid (PSID psid, const char *sid_str);`
			`PSID __stdcall get_sid (PSID psid, DWORD s, DWORD cnt, DWORD *r);`
			`BOOL __stdcall get_pw_sid (PSID sid, struct passwd *pw);`
			`BOOL __stdcall get_gr_sid (PSID sid, struct group *gr);`
			`PSID __stdcall get_admin_sid ();`
			`PSID __stdcall get_system_sid ();`
			`PSID __stdcall get_creator_owner_sid ();`
			`PSID __stdcall get_world_sid ();`
			`int get_id_from_sid (PSID psid, BOOL search_grp, int *type);`
			`int __stdcall get_id_from_sid (PSID psid, BOOL search_grp);`
			`BOOL __stdcall legal_sid_type (SID_NAME_USE type);`
			`BOOL __stdcall is_grp_member (uid_t uid, gid_t gid);`
Break out more header info into separate files. Use appropriate header files throughout. * shared.h: Remove. * cygwin_version.h: New file. * delqueue.h: New file. * environ.h: New file. * host_dependent.h: New file. * perprocess.h: New file. * registry.h: New file. * security.h: New file. 2000-09-08 04:56:55 +02:00			/* `lookup_name' should be called instead of LookupAccountName.
			`* logsrv may be NULL, in this case only the local system is used for lookup.`
			`* The buffer for ret_sid (40 Bytes) has to be allocated by the caller! */`
			`BOOL __stdcall lookup_name (const char , const char , PSID);`
* security.cc (set_process_privileges): Swap out. * sec_helper.cc (set_process_privilege): Rename from `set_process_privileges'. Takes the privilege to enable or disable as parameter now. * security.h: Add prototype for `set_process_privileges'. 2001-04-20 22:36:13 +02:00			`int set_process_privilege (const char *privilege, BOOL enable = TRUE);`
Break out more header info into separate files. Use appropriate header files throughout. * shared.h: Remove. * cygwin_version.h: New file. * delqueue.h: New file. * environ.h: New file. * host_dependent.h: New file. * perprocess.h: New file. * registry.h: New file. * security.h: New file. 2000-09-08 04:56:55 +02:00
			`extern inline int get_uid_from_sid (PSID psid) { return get_id_from_sid (psid, FALSE);}`
			`extern inline int get_gid_from_sid (PSID psid) { return get_id_from_sid (psid, TRUE); }`

* Makefile.in: Add object files `sec_helper.cc' and `sec_acl.cc'. * security.cc: Swap out several functions. * sec_acl.cc: New file. Move Sun compatibel ACL functions from `security.cc' to here. * sec_helper.cc: New file. Move security helper functions from `security.cc' to here. * security.h: Changed to accomodate the above changes. * grp.cc: Replace `group_in_memory_p' by `group_state'. Eliminate group_sem throughout. (enum grp_state): New enumeration type. (read_etc_group): Make race safe. * security.cc: Eliminate group_sem throughout. 2001-04-20 15:02:32 +02:00			`/* shared.cc: */`
			`/* Retrieve a security descriptor that allows all access */`
			`SECURITY_DESCRIPTOR *__stdcall get_null_sd (void);`

Break out more header info into separate files. Use appropriate header files throughout. * shared.h: Remove. * cygwin_version.h: New file. * delqueue.h: New file. * environ.h: New file. * host_dependent.h: New file. * perprocess.h: New file. * registry.h: New file. * security.h: New file. 2000-09-08 04:56:55 +02:00			`/* Various types of security attributes for use in Create* functions. */`
			`extern SECURITY_ATTRIBUTES sec_none, sec_none_nih, sec_all, sec_all_nih;`
			`extern SECURITY_ATTRIBUTES *__stdcall sec_user (PVOID sa_buf, PSID sid2 = NULL, BOOL inherit = TRUE);`
			`extern SECURITY_ATTRIBUTES *__stdcall sec_user_nih (PVOID sa_buf, PSID sid2 = NULL);`

			`int __stdcall NTReadEA (const char file, const char attrname, char *buf, int len);`
			`BOOL __stdcall NTWriteEA (const char file, const char attrname, char *buf, int len);`