2 * security.c: Security internal calls
5 * Sebastien Pouliot <sebastien@ximian.com>
7 * Copyright 2004-2009 Novell, Inc (http://www.novell.com)
8 * Licensed under the MIT license. See LICENSE file in the project root for full license information.
15 #include <mono/metadata/assembly.h>
16 #include <mono/metadata/appdomain.h>
17 #include <mono/metadata/image.h>
18 #include <mono/metadata/exception.h>
19 #include <mono/metadata/object-internals.h>
20 #include <mono/metadata/metadata-internals.h>
21 #include <mono/metadata/security.h>
22 #include <mono/utils/strenc.h>
34 #include <sys/types.h>
41 #ifndef HAVE_GETGRGID_R
42 #warning Non-thread safe getgrgid being used!
44 #ifndef HAVE_GETGRNAM_R
45 #warning Non-thread safe getgrnam being used!
47 #ifndef HAVE_GETPWNAM_R
48 #warning Non-thread safe getpwnam being used!
50 #ifndef HAVE_GETPWUID_R
51 #warning Non-thread safe getpwuid being used!
54 #endif /* defined(__GNUC__) */
55 #endif /* !HOST_WIN32 */
57 /* internal functions - reuse driven */
59 /* ask a server to translate a SID into a textual representation */
61 #define MONO_SYSCONF_DEFAULT_SIZE ((size_t) 1024)
64 * Ensure we always get a valid (usable) value from sysconf.
65 * In case of error, we return the default value.
67 static size_t mono_sysconf (int name)
69 size_t size = (size_t) sysconf (name);
71 return (size == -1) ? MONO_SYSCONF_DEFAULT_SIZE : size;
75 GetTokenName (uid_t uid)
79 #ifdef HAVE_GETPWUID_R
85 struct passwd *p = NULL;
88 #ifdef HAVE_GETPWUID_R
89 #ifdef _SC_GETPW_R_SIZE_MAX
90 fbufsize = mono_sysconf (_SC_GETPW_R_SIZE_MAX);
92 fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
94 fbuf = (gchar *)g_malloc0 (fbufsize);
95 retval = getpwuid_r (uid, &pwd, fbuf, fbufsize, &p);
96 result = ((retval == 0) && (p == &pwd));
98 /* default to non thread-safe but posix compliant function */
100 result = (p != NULL);
104 uname = g_strdup (p->pw_name);
107 #ifdef HAVE_GETPWUID_R
115 IsMemberInList (uid_t user, struct group *g)
117 gboolean result = FALSE;
118 gchar *utf8_username = GetTokenName (user);
124 gchar **users = g->gr_mem;
128 if (strcmp (utf8_username, u) == 0) {
136 g_free (utf8_username);
141 IsDefaultGroup (uid_t user, gid_t group)
143 #ifdef HAVE_GETPWUID_R
149 struct passwd *p = NULL;
152 #ifdef HAVE_GETPWUID_R
153 #ifdef _SC_GETPW_R_SIZE_MAX
154 fbufsize = mono_sysconf (_SC_GETPW_R_SIZE_MAX);
156 fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
159 fbuf = (gchar *)g_malloc0 (fbufsize);
160 retval = getpwuid_r (user, &pwd, fbuf, fbufsize, &p);
161 result = ((retval == 0) && (p == &pwd));
163 /* default to non thread-safe but posix compliant function */
165 result = (p != NULL);
169 result = (p->pw_gid == group);
172 #ifdef HAVE_GETPWUID_R
180 IsMemberOf (gid_t user, struct group *g)
185 /* is it the user default group */
186 if (IsDefaultGroup (user, g->gr_gid))
189 /* is the user in the group list */
190 return IsMemberInList (user, g);
192 #endif /* !HOST_WIN32 */
196 /* System.Security.Principal.WindowsIdentity */
200 ves_icall_System_Security_Principal_WindowsIdentity_GetCurrentToken (void)
202 return GINT_TO_POINTER (geteuid ());
206 internal_get_token_name (gpointer token, gunichar2 ** uniname)
210 gchar *uname = GetTokenName ((uid_t) GPOINTER_TO_INT (token));
213 size = strlen (uname);
214 *uniname = g_utf8_to_utf16 (uname, size, NULL, NULL, NULL);
222 ves_icall_System_Security_Principal_WindowsIdentity_GetTokenName (gpointer token)
225 MonoString *result = NULL;
226 gunichar2 *uniname = NULL;
231 size = internal_get_token_name (token, &uniname);
234 result = mono_string_new_utf16_checked (mono_domain_get (), uniname, size, &error);
237 result = mono_string_new (mono_domain_get (), "");
242 mono_error_set_pending_exception (&error);
245 #endif /* !HOST_WIN32 */
249 ves_icall_System_Security_Principal_WindowsIdentity_GetUserToken (MonoString *username)
251 #ifdef HAVE_GETPWNAM_R
257 gpointer token = (gpointer) -2;
262 utf8_name = mono_unicode_to_external (mono_string_chars (username));
264 #ifdef HAVE_GETPWNAM_R
265 #ifdef _SC_GETPW_R_SIZE_MAX
266 fbufsize = mono_sysconf (_SC_GETPW_R_SIZE_MAX);
268 fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
271 fbuf = (gchar *)g_malloc0 (fbufsize);
272 retval = getpwnam_r (utf8_name, &pwd, fbuf, fbufsize, &p);
273 result = ((retval == 0) && (p == &pwd));
275 /* default to non thread-safe but posix compliant function */
276 p = getpwnam (utf8_name);
277 result = (p != NULL);
281 token = GINT_TO_POINTER (p->pw_uid);
284 #ifdef HAVE_GETPWNAM_R
291 #endif /* HOST_WIN32 */
293 /* http://www.dotnet247.com/247reference/msgs/39/195403.aspx
294 // internal static string[] WindowsIdentity._GetRoles (IntPtr token)
299 ves_icall_System_Security_Principal_WindowsIdentity_GetRoles (gpointer token)
302 MonoArray *array = NULL;
303 MonoDomain *domain = mono_domain_get ();
305 /* POSIX-compliant systems should use IsMemberOfGroupId or IsMemberOfGroupName */
306 g_warning ("WindowsIdentity._GetRoles should never be called on POSIX");
309 /* return empty array of string, i.e. string [0] */
310 array = mono_array_new_checked (domain, mono_get_string_class (), 0, &error);
311 mono_error_set_pending_exception (&error);
315 #endif /* !HOST_WIN32 */
317 /* System.Security.Principal.WindowsImpersonationContext */
321 ves_icall_System_Security_Principal_WindowsImpersonationContext_CloseToken (gpointer token)
325 #endif /* !HOST_WIN32 */
329 ves_icall_System_Security_Principal_WindowsImpersonationContext_DuplicateToken (gpointer token)
333 #endif /* !HOST_WIN32 */
335 #if G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT)
337 ves_icall_System_Security_Principal_WindowsImpersonationContext_SetCurrentToken (gpointer token)
340 return (ImpersonateLoggedOnUser (token) != 0);
342 uid_t itoken = (uid_t) GPOINTER_TO_INT (token);
343 #ifdef HAVE_SETRESUID
344 if (setresuid (-1, itoken, getuid ()) < 0)
347 return geteuid () == itoken;
352 ves_icall_System_Security_Principal_WindowsImpersonationContext_RevertToSelf (void)
355 return (RevertToSelf () != 0);
357 #ifdef HAVE_GETRESUID
362 #ifdef HAVE_GETRESUID
363 if (getresuid (&ruid, &euid, &suid) < 0)
366 #ifdef HAVE_SETRESUID
367 if (setresuid (-1, suid, -1) < 0)
372 return geteuid () == suid;
375 #endif /* G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT) */
377 /* System.Security.Principal.WindowsPrincipal */
381 ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupId (gpointer user, gpointer group)
383 gboolean result = FALSE;
385 #ifdef HAVE_GETGRGID_R
391 struct group *g = NULL;
393 #ifdef HAVE_GETGRGID_R
394 #ifdef _SC_GETGR_R_SIZE_MAX
395 fbufsize = mono_sysconf (_SC_GETGR_R_SIZE_MAX);
397 fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
399 fbuf = (gchar *)g_malloc0 (fbufsize);
400 retval = getgrgid_r ((gid_t) GPOINTER_TO_INT (group), &grp, fbuf, fbufsize, &g);
401 result = ((retval == 0) && (g == &grp));
403 /* default to non thread-safe but posix compliant function */
404 g = getgrgid ((gid_t) GPOINTER_TO_INT (group));
405 result = (g != NULL);
409 result = IsMemberOf ((uid_t) GPOINTER_TO_INT (user), g);
412 #ifdef HAVE_GETGRGID_R
420 ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupName (gpointer user, MonoString *group)
422 gboolean result = FALSE;
423 gchar *utf8_groupname;
425 utf8_groupname = mono_unicode_to_external (mono_string_chars (group));
426 if (utf8_groupname) {
427 struct group *g = NULL;
428 #ifdef HAVE_GETGRNAM_R
432 #ifdef _SC_GETGR_R_SIZE_MAX
433 size_t fbufsize = mono_sysconf (_SC_GETGR_R_SIZE_MAX);
435 size_t fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
437 fbuf = (gchar *)g_malloc0 (fbufsize);
438 retval = getgrnam_r (utf8_groupname, &grp, fbuf, fbufsize, &g);
439 result = ((retval == 0) && (g == &grp));
441 /* default to non thread-safe but posix compliant function */
442 g = getgrnam (utf8_groupname);
443 result = (g != NULL);
447 result = IsMemberOf ((uid_t) GPOINTER_TO_INT (user), g);
450 #ifdef HAVE_GETGRNAM_R
453 g_free (utf8_groupname);
458 #endif /* !HOST_WIN32 */
460 /* Mono.Security.Cryptography IO related internal calls */
464 IsProtected (MonoString *path, gint32 protection)
466 gboolean result = FALSE;
467 gchar *utf8_name = mono_unicode_to_external (mono_string_chars (path));
470 if (stat (utf8_name, &st) == 0) {
471 result = (((st.st_mode & 0777) & protection) == 0);
480 Protect (MonoString *path, gint32 file_mode, gint32 add_dir_mode)
482 gboolean result = FALSE;
483 gchar *utf8_name = mono_unicode_to_external (mono_string_chars (path));
486 if (stat (utf8_name, &st) == 0) {
487 int mode = file_mode;
488 if (st.st_mode & S_IFDIR)
489 mode |= add_dir_mode;
490 result = (chmod (utf8_name, mode) == 0);
498 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_CanSecure (MonoString *root)
500 /* we assume some kind of security is applicable outside Windows */
505 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_IsMachineProtected (MonoString *path)
507 gboolean ret = FALSE;
509 /* no one, but the owner, should have write access to the directory */
510 ret = IsProtected (path, (S_IWGRP | S_IWOTH));
511 return (MonoBoolean)ret;
515 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_IsUserProtected (MonoString *path)
517 gboolean ret = FALSE;
519 /* no one, but the user, should have access to the directory */
520 ret = IsProtected (path, (S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH));
521 return (MonoBoolean)ret;
525 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_ProtectMachine (MonoString *path)
527 gboolean ret = FALSE;
529 /* read/write to owner, read to everyone else */
530 ret = Protect (path, (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH), (S_IXUSR | S_IXGRP | S_IXOTH));
531 return (MonoBoolean)ret;
535 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_ProtectUser (MonoString *path)
537 gboolean ret = FALSE;
539 /* read/write to user, no access to everyone else */
540 ret = Protect (path, (S_IRUSR | S_IWUSR), S_IXUSR);
541 return (MonoBoolean)ret;
543 #endif /* !HOST_WIN32 */
546 * Returns TRUE if there is "something" where the Authenticode signature is
547 * normally located. Returns FALSE is data directory is empty.
549 * Note: Neither the structure nor the signature is verified by this function.
552 ves_icall_System_Security_Policy_Evidence_IsAuthenticodePresent (MonoReflectionAssemblyHandle refass, MonoError *error)
555 if (MONO_HANDLE_IS_NULL (refass))
557 MonoAssembly *assembly = MONO_HANDLE_GETVAL (refass, assembly);
558 if (assembly && assembly->image) {
559 return (MonoBoolean)mono_image_has_authenticode_entry (assembly->image);
565 /* System.Security.SecureString related internal calls */
567 static MonoImage *system_security_assembly = NULL;
570 ves_icall_System_Security_SecureString_DecryptInternal (MonoArray *data, MonoObject *scope)
573 invoke_protected_memory_method (data, scope, FALSE, &error);
574 mono_error_set_pending_exception (&error);
577 ves_icall_System_Security_SecureString_EncryptInternal (MonoArray* data, MonoObject *scope)
580 invoke_protected_memory_method (data, scope, TRUE, &error);
581 mono_error_set_pending_exception (&error);
584 void invoke_protected_memory_method (MonoArray *data, MonoObject *scope, gboolean encrypt, MonoError *error)
592 if (system_security_assembly == NULL) {
593 system_security_assembly = mono_image_loaded ("System.Security");
594 if (!system_security_assembly) {
595 MonoAssembly *sa = mono_assembly_open ("System.Security.dll", NULL);
597 g_assert_not_reached ();
598 system_security_assembly = mono_assembly_get_image (sa);
602 klass = mono_class_load_from_name (system_security_assembly,
603 "System.Security.Cryptography", "ProtectedMemory");
604 method = mono_class_get_method_from_name (klass, encrypt ? "Protect" : "Unprotect", 2);
606 params [1] = scope; /* MemoryProtectionScope.SameProcess */
608 mono_runtime_invoke_checked (method, NULL, params, error);