3 * Security internal calls
6 * Sebastien Pouliot <sebastien@ximian.com>
8 * Copyright 2004-2009 Novell, Inc (http://www.novell.com)
9 * Licensed under the MIT license. See LICENSE file in the project root for full license information.
16 #include <mono/metadata/assembly-internals.h>
17 #include <mono/metadata/appdomain.h>
18 #include <mono/metadata/image.h>
19 #include <mono/metadata/exception.h>
20 #include <mono/metadata/object-internals.h>
21 #include <mono/metadata/metadata-internals.h>
22 #include <mono/metadata/security.h>
23 #include <mono/utils/strenc.h>
35 #include <sys/types.h>
42 #ifndef HAVE_GETGRGID_R
43 #warning Non-thread safe getgrgid being used!
45 #ifndef HAVE_GETGRNAM_R
46 #warning Non-thread safe getgrnam being used!
48 #ifndef HAVE_GETPWNAM_R
49 #warning Non-thread safe getpwnam being used!
51 #ifndef HAVE_GETPWUID_R
52 #warning Non-thread safe getpwuid being used!
55 #endif /* defined(__GNUC__) */
56 #endif /* !HOST_WIN32 */
58 /* internal functions - reuse driven */
60 /* ask a server to translate a SID into a textual representation */
62 #define MONO_SYSCONF_DEFAULT_SIZE ((size_t) 1024)
65 * Ensure we always get a valid (usable) value from sysconf.
66 * In case of error, we return the default value.
68 static size_t mono_sysconf (int name)
70 size_t size = (size_t) sysconf (name);
72 return (size == -1) ? MONO_SYSCONF_DEFAULT_SIZE : size;
76 GetTokenName (uid_t uid)
82 #ifdef HAVE_GETPWUID_R
88 struct passwd *p = NULL;
91 #ifdef HAVE_GETPWUID_R
92 #ifdef _SC_GETPW_R_SIZE_MAX
93 fbufsize = mono_sysconf (_SC_GETPW_R_SIZE_MAX);
95 fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
97 fbuf = (gchar *)g_malloc0 (fbufsize);
98 retval = getpwuid_r (uid, &pwd, fbuf, fbufsize, &p);
99 result = ((retval == 0) && (p == &pwd));
101 /* default to non thread-safe but posix compliant function */
103 result = (p != NULL);
107 uname = g_strdup (p->pw_name);
110 #ifdef HAVE_GETPWUID_R
114 #endif /* HAVE_PWD_H */
122 IsMemberInList (uid_t user, struct group *g)
124 gboolean result = FALSE;
125 gchar *utf8_username = GetTokenName (user);
131 gchar **users = g->gr_mem;
135 if (strcmp (utf8_username, u) == 0) {
143 g_free (utf8_username);
147 #endif /* HAVE_GRP_H */
150 IsDefaultGroup (uid_t user, gid_t group)
152 gboolean result = FALSE;
156 #ifdef HAVE_GETPWUID_R
162 struct passwd *p = NULL;
164 #ifdef HAVE_GETPWUID_R
165 #ifdef _SC_GETPW_R_SIZE_MAX
166 fbufsize = mono_sysconf (_SC_GETPW_R_SIZE_MAX);
168 fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
171 fbuf = (gchar *)g_malloc0 (fbufsize);
172 retval = getpwuid_r (user, &pwd, fbuf, fbufsize, &p);
173 result = ((retval == 0) && (p == &pwd));
175 /* default to non thread-safe but posix compliant function */
177 result = (p != NULL);
181 result = (p->pw_gid == group);
184 #ifdef HAVE_GETPWUID_R
188 #endif /* HAVE_PWD_H */
196 IsMemberOf (gid_t user, struct group *g)
201 /* is it the user default group */
202 if (IsDefaultGroup (user, g->gr_gid))
205 /* is the user in the group list */
206 return IsMemberInList (user, g);
209 #endif /* HAVE_GRP_H */
211 #endif /* !HOST_WIN32 */
215 /* System.Security.Principal.WindowsIdentity */
219 ves_icall_System_Security_Principal_WindowsIdentity_GetCurrentToken (void)
221 return GINT_TO_POINTER (geteuid ());
225 internal_get_token_name (gpointer token, gunichar2 ** uniname)
229 gchar *uname = GetTokenName ((uid_t) GPOINTER_TO_INT (token));
232 size = strlen (uname);
233 *uniname = g_utf8_to_utf16 (uname, size, NULL, NULL, NULL);
241 ves_icall_System_Security_Principal_WindowsIdentity_GetTokenName (gpointer token)
244 MonoString *result = NULL;
245 gunichar2 *uniname = NULL;
250 size = internal_get_token_name (token, &uniname);
253 result = mono_string_new_utf16_checked (mono_domain_get (), uniname, size, &error);
256 result = mono_string_new_checked (mono_domain_get (), "", &error);
261 mono_error_set_pending_exception (&error);
264 #endif /* !HOST_WIN32 */
268 ves_icall_System_Security_Principal_WindowsIdentity_GetUserToken (MonoString *username)
270 gpointer token = (gpointer)-2;
274 #ifdef HAVE_GETPWNAM_R
284 utf8_name = mono_unicode_to_external (mono_string_chars (username));
286 #ifdef HAVE_GETPWNAM_R
287 #ifdef _SC_GETPW_R_SIZE_MAX
288 fbufsize = mono_sysconf (_SC_GETPW_R_SIZE_MAX);
290 fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
293 fbuf = (gchar *)g_malloc0 (fbufsize);
294 retval = getpwnam_r (utf8_name, &pwd, fbuf, fbufsize, &p);
295 result = ((retval == 0) && (p == &pwd));
297 /* default to non thread-safe but posix compliant function */
298 p = getpwnam (utf8_name);
299 result = (p != NULL);
303 token = GINT_TO_POINTER (p->pw_uid);
306 #ifdef HAVE_GETPWNAM_R
311 #endif /* HAVE_PWD_H */
315 #endif /* HOST_WIN32 */
317 /* http://www.dotnet247.com/247reference/msgs/39/195403.aspx
318 // internal static string[] WindowsIdentity._GetRoles (IntPtr token)
323 ves_icall_System_Security_Principal_WindowsIdentity_GetRoles (gpointer token)
326 MonoArray *array = NULL;
327 MonoDomain *domain = mono_domain_get ();
329 /* POSIX-compliant systems should use IsMemberOfGroupId or IsMemberOfGroupName */
330 g_warning ("WindowsIdentity._GetRoles should never be called on POSIX");
333 /* return empty array of string, i.e. string [0] */
334 array = mono_array_new_checked (domain, mono_get_string_class (), 0, &error);
335 mono_error_set_pending_exception (&error);
339 #endif /* !HOST_WIN32 */
341 /* System.Security.Principal.WindowsImpersonationContext */
345 ves_icall_System_Security_Principal_WindowsImpersonationContext_CloseToken (gpointer token)
349 #endif /* !HOST_WIN32 */
353 ves_icall_System_Security_Principal_WindowsImpersonationContext_DuplicateToken (gpointer token)
357 #endif /* !HOST_WIN32 */
359 #if G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT)
361 ves_icall_System_Security_Principal_WindowsImpersonationContext_SetCurrentToken (gpointer token)
364 return (ImpersonateLoggedOnUser (token) != 0);
366 uid_t itoken = (uid_t) GPOINTER_TO_INT (token);
367 #ifdef HAVE_SETRESUID
368 if (setresuid (-1, itoken, getuid ()) < 0)
371 return geteuid () == itoken;
376 ves_icall_System_Security_Principal_WindowsImpersonationContext_RevertToSelf (void)
379 return (RevertToSelf () != 0);
381 #ifdef HAVE_GETRESUID
386 #ifdef HAVE_GETRESUID
387 if (getresuid (&ruid, &euid, &suid) < 0)
390 #ifdef HAVE_SETRESUID
391 if (setresuid (-1, suid, -1) < 0)
396 return geteuid () == suid;
399 #endif /* G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT) */
401 /* System.Security.Principal.WindowsPrincipal */
405 ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupId (gpointer user, gpointer group)
407 gboolean result = FALSE;
411 #ifdef HAVE_GETGRGID_R
417 struct group *g = NULL;
419 #ifdef HAVE_GETGRGID_R
420 #ifdef _SC_GETGR_R_SIZE_MAX
421 fbufsize = mono_sysconf (_SC_GETGR_R_SIZE_MAX);
423 fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
425 fbuf = (gchar *)g_malloc0 (fbufsize);
426 retval = getgrgid_r ((gid_t) GPOINTER_TO_INT (group), &grp, fbuf, fbufsize, &g);
427 result = ((retval == 0) && (g == &grp));
429 /* default to non thread-safe but posix compliant function */
430 g = getgrgid ((gid_t) GPOINTER_TO_INT (group));
431 result = (g != NULL);
435 result = IsMemberOf ((uid_t) GPOINTER_TO_INT (user), g);
438 #ifdef HAVE_GETGRGID_R
442 #endif /* HAVE_GRP_H */
448 ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupName (gpointer user, MonoString *group)
450 gboolean result = FALSE;
454 gchar *utf8_groupname;
456 utf8_groupname = mono_unicode_to_external (mono_string_chars (group));
457 if (utf8_groupname) {
458 struct group *g = NULL;
459 #ifdef HAVE_GETGRNAM_R
463 #ifdef _SC_GETGR_R_SIZE_MAX
464 size_t fbufsize = mono_sysconf (_SC_GETGR_R_SIZE_MAX);
466 size_t fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
468 fbuf = (gchar *)g_malloc0 (fbufsize);
469 retval = getgrnam_r (utf8_groupname, &grp, fbuf, fbufsize, &g);
470 result = ((retval == 0) && (g == &grp));
472 /* default to non thread-safe but posix compliant function */
473 g = getgrnam (utf8_groupname);
474 result = (g != NULL);
478 result = IsMemberOf ((uid_t) GPOINTER_TO_INT (user), g);
481 #ifdef HAVE_GETGRNAM_R
484 g_free (utf8_groupname);
487 #endif /* HAVE_GRP_H */
491 #endif /* !HOST_WIN32 */
493 /* Mono.Security.Cryptography IO related internal calls */
497 IsProtected (MonoString *path, gint32 protection)
499 gboolean result = FALSE;
500 gchar *utf8_name = mono_unicode_to_external (mono_string_chars (path));
503 if (stat (utf8_name, &st) == 0) {
504 result = (((st.st_mode & 0777) & protection) == 0);
513 Protect (MonoString *path, gint32 file_mode, gint32 add_dir_mode)
515 gboolean result = FALSE;
516 gchar *utf8_name = mono_unicode_to_external (mono_string_chars (path));
519 if (stat (utf8_name, &st) == 0) {
520 int mode = file_mode;
521 if (st.st_mode & S_IFDIR)
522 mode |= add_dir_mode;
523 result = (chmod (utf8_name, mode) == 0);
531 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_CanSecure (MonoString *root)
533 /* we assume some kind of security is applicable outside Windows */
538 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_IsMachineProtected (MonoString *path)
540 gboolean ret = FALSE;
542 /* no one, but the owner, should have write access to the directory */
543 ret = IsProtected (path, (S_IWGRP | S_IWOTH));
544 return (MonoBoolean)ret;
548 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_IsUserProtected (MonoString *path)
550 gboolean ret = FALSE;
552 /* no one, but the user, should have access to the directory */
553 ret = IsProtected (path, (S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH));
554 return (MonoBoolean)ret;
558 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_ProtectMachine (MonoString *path)
560 gboolean ret = FALSE;
562 /* read/write to owner, read to everyone else */
563 ret = Protect (path, (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH), (S_IXUSR | S_IXGRP | S_IXOTH));
564 return (MonoBoolean)ret;
568 ves_icall_Mono_Security_Cryptography_KeyPairPersistence_ProtectUser (MonoString *path)
570 gboolean ret = FALSE;
572 /* read/write to user, no access to everyone else */
573 ret = Protect (path, (S_IRUSR | S_IWUSR), S_IXUSR);
574 return (MonoBoolean)ret;
576 #endif /* !HOST_WIN32 */
579 * Returns TRUE if there is "something" where the Authenticode signature is
580 * normally located. Returns FALSE is data directory is empty.
582 * Note: Neither the structure nor the signature is verified by this function.
585 ves_icall_System_Security_Policy_Evidence_IsAuthenticodePresent (MonoReflectionAssemblyHandle refass, MonoError *error)
588 if (MONO_HANDLE_IS_NULL (refass))
590 MonoAssembly *assembly = MONO_HANDLE_GETVAL (refass, assembly);
591 if (assembly && assembly->image) {
592 return (MonoBoolean)mono_image_has_authenticode_entry (assembly->image);
598 /* System.Security.SecureString related internal calls */
600 static MonoImage *system_security_assembly = NULL;
603 ves_icall_System_Security_SecureString_DecryptInternal (MonoArray *data, MonoObject *scope)
606 invoke_protected_memory_method (data, scope, FALSE, &error);
607 mono_error_set_pending_exception (&error);
610 ves_icall_System_Security_SecureString_EncryptInternal (MonoArray* data, MonoObject *scope)
613 invoke_protected_memory_method (data, scope, TRUE, &error);
614 mono_error_set_pending_exception (&error);
617 void invoke_protected_memory_method (MonoArray *data, MonoObject *scope, gboolean encrypt, MonoError *error)
625 if (system_security_assembly == NULL) {
626 system_security_assembly = mono_image_loaded ("System.Security");
627 if (!system_security_assembly) {
628 MonoAssembly *sa = mono_assembly_open_predicate ("System.Security.dll", FALSE, FALSE, NULL, NULL, NULL);
630 g_assert_not_reached ();
631 system_security_assembly = mono_assembly_get_image (sa);
635 klass = mono_class_load_from_name (system_security_assembly,
636 "System.Security.Cryptography", "ProtectedMemory");
637 method = mono_class_get_method_from_name (klass, encrypt ? "Protect" : "Unprotect", 2);
639 params [1] = scope; /* MemoryProtectionScope.SameProcess */
641 mono_runtime_invoke_checked (method, NULL, params, error);