1 // Copyright 2021 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef BASE_WIN_SID_H_ 6 #define BASE_WIN_SID_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/base_export.h" 12 #include "base/win/windows_types.h" 13 #include "third_party/abseil-cpp/absl/types/optional.h" 14 15 namespace base::win { 16 17 // Known capabilities defined in Windows 8. 18 enum class WellKnownCapability { 19 kInternetClient, 20 kInternetClientServer, 21 kPrivateNetworkClientServer, 22 kPicturesLibrary, 23 kVideosLibrary, 24 kMusicLibrary, 25 kDocumentsLibrary, 26 kEnterpriseAuthentication, 27 kSharedUserCertificates, 28 kRemovableStorage, 29 kAppointments, 30 kContacts 31 }; 32 33 // A subset of well known SIDs to create. 34 enum class WellKnownSid { 35 kNull, 36 kWorld, 37 kCreatorOwner, 38 kNetwork, 39 kBatch, 40 kInteractive, 41 kService, 42 kAnonymous, 43 kSelf, 44 kAuthenticatedUser, 45 kRestricted, 46 kLocalSystem, 47 kLocalService, 48 kNetworkService, 49 kBuiltinAdministrators, 50 kBuiltinUsers, 51 kBuiltinGuests, 52 kUntrustedLabel, 53 kLowLabel, 54 kMediumLabel, 55 kHighLabel, 56 kSystemLabel, 57 kWriteRestricted, 58 kCreatorOwnerRights, 59 kAllApplicationPackages, 60 kAllRestrictedApplicationPackages 61 }; 62 63 // This class is used to hold and generate SIDs. 64 class BASE_EXPORT Sid { 65 public: 66 // Create a Sid from an AppContainer capability name. The name can be 67 // completely arbitrary. 68 static Sid FromNamedCapability(const std::wstring& capability_name); 69 70 // Create a Sid from a known capability enumeration value. The Sids 71 // match with the list defined in Windows 8. 72 static Sid FromKnownCapability(WellKnownCapability capability); 73 74 // Create a SID from a well-known type. 75 static Sid FromKnownSid(WellKnownSid type); 76 77 // Create a Sid from a SDDL format string, such as S-1-1-0. 78 static absl::optional<Sid> FromSddlString(const std::wstring& sddl_sid); 79 80 // Create a Sid from a PSID pointer. 81 static absl::optional<Sid> FromPSID(const PSID sid); 82 83 // Generate a random SID value. 84 static Sid GenerateRandomSid(); 85 86 // Create a SID for an integrity level RID. 87 static Sid FromIntegrityLevel(DWORD integrity_level); 88 89 // Create a vector of SIDs from a vector of SDDL format strings. 90 static absl::optional<std::vector<Sid>> FromSddlStringVector( 91 const std::vector<std::wstring>& sddl_sids); 92 93 // Create a vector of SIDs from a vector of capability names. 94 static std::vector<Sid> FromNamedCapabilityVector( 95 const std::vector<std::wstring>& capability_names); 96 97 // Create a vector of SIDs from a vector of well-known capability. 98 static std::vector<Sid> FromKnownCapabilityVector( 99 const std::vector<WellKnownCapability>& capabilities); 100 101 // Create a vector of SIDs from a vector of well-known sids. 102 static std::vector<Sid> FromKnownSidVector( 103 const std::vector<WellKnownSid>& known_sids); 104 105 // Create a known SID. 106 explicit Sid(WellKnownSid known_sid); 107 // Create a known capability SID. 108 explicit Sid(WellKnownCapability known_capability); 109 Sid(const Sid&) = delete; 110 Sid& operator=(const Sid&) = delete; 111 Sid(Sid&& sid); 112 Sid& operator=(Sid&&); 113 ~Sid(); 114 115 // Returns sid as a PSID. This should only be used temporarily while the Sid 116 // is still within scope. 117 PSID GetPSID() const; 118 119 // Converts the SID to a SDDL format string. 120 absl::optional<std::wstring> ToSddlString() const; 121 122 // Make a clone of the current Sid object. 123 Sid Clone() const; 124 125 // Is this Sid equal to another raw PSID? 126 bool Equal(PSID sid) const; 127 128 // Is this Sid equal to another Sid? 129 bool operator==(const Sid& sid) const; 130 131 // Is this Sid not equal to another Sid? 132 bool operator!=(const Sid& sid) const; 133 134 private: 135 Sid(const void* sid, size_t length); 136 std::vector<char> sid_; 137 }; 138 139 } // namespace base::win 140 141 #endif // BASE_WIN_SID_H_ 142