OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/acl.h" | 5 #include "sandbox/win/src/acl.h" |
6 | 6 |
7 #include <aclapi.h> | 7 #include <aclapi.h> |
8 #include <sddl.h> | 8 #include <sddl.h> |
9 | 9 |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
11 #include "base/memory/free_deleter.h" | 11 #include "base/memory/free_deleter.h" |
12 | 12 |
13 namespace sandbox { | 13 namespace sandbox { |
14 | 14 |
15 bool GetDefaultDacl( | 15 bool GetDefaultDacl( |
16 HANDLE token, | 16 HANDLE token, |
17 scoped_ptr<TOKEN_DEFAULT_DACL, base::FreeDeleter>* default_dacl) { | 17 std::unique_ptr<TOKEN_DEFAULT_DACL, base::FreeDeleter>* default_dacl) { |
18 if (token == NULL) | 18 if (token == NULL) |
19 return false; | 19 return false; |
20 | 20 |
21 DCHECK(default_dacl != NULL); | 21 DCHECK(default_dacl != NULL); |
22 | 22 |
23 unsigned long length = 0; | 23 unsigned long length = 0; |
24 ::GetTokenInformation(token, TokenDefaultDacl, NULL, 0, &length); | 24 ::GetTokenInformation(token, TokenDefaultDacl, NULL, 0, &length); |
25 if (length == 0) { | 25 if (length == 0) { |
26 NOTREACHED(); | 26 NOTREACHED(); |
27 return false; | 27 return false; |
(...skipping 29 matching lines...) Expand all Loading... |
57 return true; | 57 return true; |
58 } | 58 } |
59 | 59 |
60 bool AddSidToDefaultDacl(HANDLE token, | 60 bool AddSidToDefaultDacl(HANDLE token, |
61 const Sid& sid, | 61 const Sid& sid, |
62 ACCESS_MODE access_mode, | 62 ACCESS_MODE access_mode, |
63 ACCESS_MASK access) { | 63 ACCESS_MASK access) { |
64 if (token == NULL) | 64 if (token == NULL) |
65 return false; | 65 return false; |
66 | 66 |
67 scoped_ptr<TOKEN_DEFAULT_DACL, base::FreeDeleter> default_dacl; | 67 std::unique_ptr<TOKEN_DEFAULT_DACL, base::FreeDeleter> default_dacl; |
68 if (!GetDefaultDacl(token, &default_dacl)) | 68 if (!GetDefaultDacl(token, &default_dacl)) |
69 return false; | 69 return false; |
70 | 70 |
71 ACL* new_dacl = NULL; | 71 ACL* new_dacl = NULL; |
72 if (!AddSidToDacl(sid, default_dacl->DefaultDacl, access_mode, access, | 72 if (!AddSidToDacl(sid, default_dacl->DefaultDacl, access_mode, access, |
73 &new_dacl)) | 73 &new_dacl)) |
74 return false; | 74 return false; |
75 | 75 |
76 TOKEN_DEFAULT_DACL new_token_dacl = {0}; | 76 TOKEN_DEFAULT_DACL new_token_dacl = {0}; |
77 new_token_dacl.DefaultDacl = new_dacl; | 77 new_token_dacl.DefaultDacl = new_dacl; |
78 | 78 |
79 BOOL ret = ::SetTokenInformation(token, TokenDefaultDacl, &new_token_dacl, | 79 BOOL ret = ::SetTokenInformation(token, TokenDefaultDacl, &new_token_dacl, |
80 sizeof(new_token_dacl)); | 80 sizeof(new_token_dacl)); |
81 ::LocalFree(new_dacl); | 81 ::LocalFree(new_dacl); |
82 return (TRUE == ret); | 82 return (TRUE == ret); |
83 } | 83 } |
84 | 84 |
85 bool RevokeLogonSidFromDefaultDacl(HANDLE token) { | 85 bool RevokeLogonSidFromDefaultDacl(HANDLE token) { |
86 DWORD size = sizeof(TOKEN_GROUPS) + SECURITY_MAX_SID_SIZE; | 86 DWORD size = sizeof(TOKEN_GROUPS) + SECURITY_MAX_SID_SIZE; |
87 TOKEN_GROUPS* logon_sid = reinterpret_cast<TOKEN_GROUPS*>(malloc(size)); | 87 TOKEN_GROUPS* logon_sid = reinterpret_cast<TOKEN_GROUPS*>(malloc(size)); |
88 | 88 |
89 scoped_ptr<TOKEN_GROUPS, base::FreeDeleter> logon_sid_ptr(logon_sid); | 89 std::unique_ptr<TOKEN_GROUPS, base::FreeDeleter> logon_sid_ptr(logon_sid); |
90 | 90 |
91 if (!::GetTokenInformation(token, TokenLogonSid, logon_sid, size, &size)) | 91 if (!::GetTokenInformation(token, TokenLogonSid, logon_sid, size, &size)) |
92 return false; | 92 return false; |
93 if (logon_sid->GroupCount < 1) { | 93 if (logon_sid->GroupCount < 1) { |
94 ::SetLastError(ERROR_INVALID_TOKEN); | 94 ::SetLastError(ERROR_INVALID_TOKEN); |
95 return false; | 95 return false; |
96 } | 96 } |
97 return AddSidToDefaultDacl(token, | 97 return AddSidToDefaultDacl(token, |
98 reinterpret_cast<SID*>(logon_sid->Groups[0].Sid), | 98 reinterpret_cast<SID*>(logon_sid->Groups[0].Sid), |
99 REVOKE_ACCESS, 0); | 99 REVOKE_ACCESS, 0); |
100 } | 100 } |
101 | 101 |
102 bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access) { | 102 bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access) { |
103 DWORD size = sizeof(TOKEN_USER) + SECURITY_MAX_SID_SIZE; | 103 DWORD size = sizeof(TOKEN_USER) + SECURITY_MAX_SID_SIZE; |
104 TOKEN_USER* token_user = reinterpret_cast<TOKEN_USER*>(malloc(size)); | 104 TOKEN_USER* token_user = reinterpret_cast<TOKEN_USER*>(malloc(size)); |
105 | 105 |
106 scoped_ptr<TOKEN_USER, base::FreeDeleter> token_user_ptr(token_user); | 106 std::unique_ptr<TOKEN_USER, base::FreeDeleter> token_user_ptr(token_user); |
107 | 107 |
108 if (!::GetTokenInformation(token, TokenUser, token_user, size, &size)) | 108 if (!::GetTokenInformation(token, TokenUser, token_user, size, &size)) |
109 return false; | 109 return false; |
110 | 110 |
111 return AddSidToDefaultDacl(token, | 111 return AddSidToDefaultDacl(token, |
112 reinterpret_cast<SID*>(token_user->User.Sid), | 112 reinterpret_cast<SID*>(token_user->User.Sid), |
113 GRANT_ACCESS, access); | 113 GRANT_ACCESS, access); |
114 } | 114 } |
115 | 115 |
116 bool AddKnownSidToObject(HANDLE object, SE_OBJECT_TYPE object_type, | 116 bool AddKnownSidToObject(HANDLE object, SE_OBJECT_TYPE object_type, |
(...skipping 20 matching lines...) Expand all Loading... |
137 ::LocalFree(new_dacl); | 137 ::LocalFree(new_dacl); |
138 ::LocalFree(descriptor); | 138 ::LocalFree(descriptor); |
139 | 139 |
140 if (ERROR_SUCCESS != result) | 140 if (ERROR_SUCCESS != result) |
141 return false; | 141 return false; |
142 | 142 |
143 return true; | 143 return true; |
144 } | 144 } |
145 | 145 |
146 } // namespace sandbox | 146 } // namespace sandbox |
OLD | NEW |