• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "remoting/host/win/security_descriptor.h"
6 
7 #include <sddl.h>
8 
9 #include "base/strings/string16.h"
10 #include "base/strings/utf_string_conversions.h"
11 
12 namespace remoting {
13 
ConvertSddlToSd(const std::string & sddl)14 ScopedSd ConvertSddlToSd(const std::string& sddl) {
15   PSECURITY_DESCRIPTOR raw_sd = NULL;
16   ULONG length = 0;
17   if (!ConvertStringSecurityDescriptorToSecurityDescriptor(
18           UTF8ToUTF16(sddl).c_str(), SDDL_REVISION_1, &raw_sd, &length)) {
19     return ScopedSd();
20   }
21 
22   ScopedSd sd(length);
23   memcpy(sd.get(), raw_sd, length);
24 
25   LocalFree(raw_sd);
26   return sd.Pass();
27 }
28 
29 // Converts a SID into a text string.
ConvertSidToString(SID * sid)30 std::string ConvertSidToString(SID* sid) {
31   char16* c_sid_string = NULL;
32   if (!ConvertSidToStringSid(sid, &c_sid_string))
33     return std::string();
34 
35   base::string16 sid_string(c_sid_string);
36   LocalFree(c_sid_string);
37   return UTF16ToUTF8(sid_string);
38 }
39 
40 // Returns the logon SID of a token. Returns NULL if the token does not specify
41 // a logon SID or in case of an error.
GetLogonSid(HANDLE token)42 ScopedSid GetLogonSid(HANDLE token) {
43   DWORD length = 0;
44   if (GetTokenInformation(token, TokenGroups, NULL, 0, &length) ||
45       GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
46     return ScopedSid();
47   }
48 
49   TypedBuffer<TOKEN_GROUPS> groups(length);
50   if (!GetTokenInformation(token, TokenGroups, groups.get(), length, &length))
51     return ScopedSid();
52 
53   for (uint32 i = 0; i < groups->GroupCount; ++i) {
54     if ((groups->Groups[i].Attributes & SE_GROUP_LOGON_ID) ==
55         SE_GROUP_LOGON_ID) {
56       length = GetLengthSid(groups->Groups[i].Sid);
57       ScopedSid logon_sid(length);
58       if (!CopySid(length, logon_sid.get(), groups->Groups[i].Sid))
59         return ScopedSid();
60 
61       return logon_sid.Pass();
62     }
63   }
64 
65   return ScopedSid();
66 }
67 
MakeScopedAbsoluteSd(const ScopedSd & relative_sd,ScopedSd * absolute_sd,ScopedAcl * dacl,ScopedSid * group,ScopedSid * owner,ScopedAcl * sacl)68 bool MakeScopedAbsoluteSd(const ScopedSd& relative_sd,
69                           ScopedSd* absolute_sd,
70                           ScopedAcl* dacl,
71                           ScopedSid* group,
72                           ScopedSid* owner,
73                           ScopedAcl* sacl) {
74   // Get buffer sizes.
75   DWORD absolute_sd_size = 0;
76   DWORD dacl_size = 0;
77   DWORD group_size = 0;
78   DWORD owner_size = 0;
79   DWORD sacl_size = 0;
80   if (MakeAbsoluteSD(relative_sd.get(),
81                      NULL,
82                      &absolute_sd_size,
83                      NULL,
84                      &dacl_size,
85                      NULL,
86                      &sacl_size,
87                      NULL,
88                      &owner_size,
89                      NULL,
90                      &group_size) ||
91       GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
92     return false;
93   }
94 
95   // Allocate buffers.
96   ScopedSd local_absolute_sd(absolute_sd_size);
97   ScopedAcl local_dacl(dacl_size);
98   ScopedSid local_group(group_size);
99   ScopedSid local_owner(owner_size);
100   ScopedAcl local_sacl(sacl_size);
101 
102   // Do the conversion.
103   if (!MakeAbsoluteSD(relative_sd.get(),
104                       local_absolute_sd.get(),
105                       &absolute_sd_size,
106                       local_dacl.get(),
107                       &dacl_size,
108                       local_sacl.get(),
109                       &sacl_size,
110                       local_owner.get(),
111                       &owner_size,
112                       local_group.get(),
113                       &group_size)) {
114     return false;
115   }
116 
117   absolute_sd->Swap(local_absolute_sd);
118   dacl->Swap(local_dacl);
119   group->Swap(local_group);
120   owner->Swap(local_owner);
121   sacl->Swap(local_sacl);
122   return true;
123 }
124 
125 }  // namespace remoting
126