X-Git-Url: http://wien.tomnetworks.com/gitweb/?a=blobdiff_plain;f=mono%2Fmetadata%2Fmono-security.c;h=e3b82bcd61120cd411065aa34771a9879abe8d0b;hb=HEAD;hp=d59d624782a8d781bacbf49472ca26a457a185b8;hpb=3e81958f1dd4cecb97167c5b3cb5541bda31c444;p=mono.git diff --git a/mono/metadata/mono-security.c b/mono/metadata/mono-security.c index d59d624782a..e3b82bcd611 100644 --- a/mono/metadata/mono-security.c +++ b/mono/metadata/mono-security.c @@ -1,5 +1,6 @@ -/* - * security.c: Security internal calls +/** + * \file + * Security internal calls * * Author: * Sebastien Pouliot @@ -12,27 +13,16 @@ #include #endif -#include +#include #include #include #include #include #include #include -#include #include -#ifdef HOST_WIN32 - -#include -#include - -#ifndef PROTECTED_DACL_SECURITY_INFORMATION -#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000L -#endif - -#else - +#ifndef HOST_WIN32 #include #ifdef HAVE_GRP_H #include @@ -63,63 +53,12 @@ #endif #endif /* defined(__GNUC__) */ - -#endif /* not HOST_WIN32 */ - +#endif /* !HOST_WIN32 */ /* internal functions - reuse driven */ -#ifdef HOST_WIN32 - /* ask a server to translate a SID into a textual representation */ -static gunichar2* -GetSidName (gunichar2 *server, PSID sid, gint32 *size) -{ - gunichar2 *uniname = NULL; - DWORD cchName = 0; - DWORD cchDomain = 0; - SID_NAME_USE peUse; /* out */ - - LookupAccountSid (server, sid, NULL, &cchName, NULL, - &cchDomain, &peUse); - - if ((cchName > 0) && (cchDomain > 0)) { - gunichar2 *user = g_malloc0 ((cchName + 1) * 2); - gunichar2 *domain = g_malloc0 ((cchDomain + 1) * 2); - - LookupAccountSid (server, sid, user, &cchName, domain, - &cchDomain, &peUse); - - if (cchName > 0) { - if (cchDomain > 0) { - /* domain/machine name included (+ sepearator) */ - *size = cchName + cchDomain + 1; - uniname = g_malloc0 ((*size + 1) * 2); - memcpy (uniname, domain, cchDomain * 2); - *(uniname + cchDomain) = '\\'; - memcpy (uniname + cchDomain + 1, user, cchName * 2); - g_free (user); - } - else { - /* no domain / machine */ - *size = cchName; - uniname = user; - } - } - else { - /* nothing -> return NULL */ - g_free (user); - } - - g_free (domain); - } - - return uniname; -} - - -#else /* not HOST_WIN32 */ - +#ifndef HOST_WIN32 #define MONO_SYSCONF_DEFAULT_SIZE ((size_t) 1024) /* @@ -133,12 +72,13 @@ static size_t mono_sysconf (int name) return (size == -1) ? MONO_SYSCONF_DEFAULT_SIZE : size; } - static gchar* GetTokenName (uid_t uid) { gchar *uname = NULL; +#ifdef HAVE_PWD_H + #ifdef HAVE_GETPWUID_R struct passwd pwd; size_t fbufsize; @@ -171,9 +111,12 @@ GetTokenName (uid_t uid) g_free (fbuf); #endif +#endif /* HAVE_PWD_H */ + return uname; } +#ifdef HAVE_GRP_H static gboolean IsMemberInList (uid_t user, struct group *g) @@ -201,10 +144,15 @@ IsMemberInList (uid_t user, struct group *g) return result; } +#endif /* HAVE_GRP_H */ static gboolean IsDefaultGroup (uid_t user, gid_t group) { + gboolean result = FALSE; + +#ifdef HAVE_PWD_H + #ifdef HAVE_GETPWUID_R struct passwd pwd; size_t fbufsize; @@ -212,7 +160,6 @@ IsDefaultGroup (uid_t user, gid_t group) gint32 retval; #endif struct passwd *p = NULL; - gboolean result; #ifdef HAVE_GETPWUID_R #ifdef _SC_GETPW_R_SIZE_MAX @@ -238,9 +185,12 @@ IsDefaultGroup (uid_t user, gid_t group) g_free (fbuf); #endif +#endif /* HAVE_PWD_H */ + return result; } +#ifdef HAVE_GRP_H static gboolean IsMemberOf (gid_t user, struct group *g) @@ -256,92 +206,76 @@ IsMemberOf (gid_t user, struct group *g) return IsMemberInList (user, g); } -#endif +#endif /* HAVE_GRP_H */ +#endif /* !HOST_WIN32 */ /* ICALLS */ - /* System.Security.Principal.WindowsIdentity */ - +#ifndef HOST_WIN32 gpointer -ves_icall_System_Security_Principal_WindowsIdentity_GetCurrentToken (void) +mono_security_principal_windows_identity_get_current_token () { - gpointer token = NULL; - -#ifdef HOST_WIN32 - /* Note: This isn't a copy of the Token - we must not close it!!! - * http://www.develop.com/kbrown/book/html/whatis_windowsprincipal.html - */ - - /* thread may be impersonating somebody */ - if (OpenThreadToken (GetCurrentThread (), TOKEN_QUERY, 1, &token) == 0) { - /* if not take the process identity */ - OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &token); - } -#else - token = GINT_TO_POINTER (geteuid ()); -#endif - return token; + return GINT_TO_POINTER (geteuid ()); } +gpointer +ves_icall_System_Security_Principal_WindowsIdentity_GetCurrentToken (MonoError *error) +{ + error_init (error); + return mono_security_principal_windows_identity_get_current_token (); +} -MonoString* -ves_icall_System_Security_Principal_WindowsIdentity_GetTokenName (gpointer token) +static gint32 +internal_get_token_name (gpointer token, gunichar2 ** uniname) { - MonoError error; - MonoString *result = NULL; - gunichar2 *uniname = NULL; gint32 size = 0; - mono_error_init (&error); -#ifdef HOST_WIN32 - GetTokenInformation (token, TokenUser, NULL, size, (PDWORD)&size); - if (size > 0) { - TOKEN_USER *tu = g_malloc0 (size); - if (GetTokenInformation (token, TokenUser, tu, size, (PDWORD)&size)) { - uniname = GetSidName (NULL, tu->User.Sid, &size); - } - g_free (tu); - } -#else gchar *uname = GetTokenName ((uid_t) GPOINTER_TO_INT (token)); if (uname) { size = strlen (uname); - uniname = g_utf8_to_utf16 (uname, size, NULL, NULL, NULL); + *uniname = g_utf8_to_utf16 (uname, size, NULL, NULL, NULL); g_free (uname); } -#endif /* HOST_WIN32 */ + + return size; +} + +MonoStringHandle +ves_icall_System_Security_Principal_WindowsIdentity_GetTokenName (gpointer token, MonoError *error) +{ + MonoStringHandle result; + gunichar2 *uniname = NULL; + gint32 size = 0; + + error_init (error); + + size = internal_get_token_name (token, &uniname); if (size > 0) { - result = mono_string_new_utf16_checked (mono_domain_get (), uniname, size, &error); + result = mono_string_new_utf16_handle (mono_domain_get (), uniname, size, error); } else - result = mono_string_new (mono_domain_get (), ""); + result = mono_string_new_handle (mono_domain_get (), "", error); if (uniname) g_free (uniname); - mono_error_set_pending_exception (&error); return result; } +#endif /* !HOST_WIN32 */ - +#ifndef HOST_WIN32 gpointer -ves_icall_System_Security_Principal_WindowsIdentity_GetUserToken (MonoString *username) +ves_icall_System_Security_Principal_WindowsIdentity_GetUserToken (MonoStringHandle username, MonoError *error) { -#ifdef HOST_WIN32 - gpointer token = NULL; + gpointer token = (gpointer)-2; - /* TODO: MS has something like this working in Windows 2003 (client and - * server) but works only for domain accounts (so it's quite limiting). - * http://www.develop.com/kbrown/book/html/howto_logonuser.html - */ - g_warning ("Unsupported on Win32 (anyway requires W2K3 minimum)"); - -#else /* HOST_WIN32*/ + error_init (error); +#ifdef HAVE_PWD_H #ifdef HAVE_GETPWNAM_R struct passwd pwd; @@ -349,12 +283,12 @@ ves_icall_System_Security_Principal_WindowsIdentity_GetUserToken (MonoString *us gchar *fbuf; gint32 retval; #endif - gpointer token = (gpointer) -2; struct passwd *p; gchar *utf8_name; gboolean result; - utf8_name = mono_unicode_to_external (mono_string_chars (username)); + utf8_name = mono_string_handle_to_utf8 (username, error); + return_val_if_nok (error, NULL); #ifdef HAVE_GETPWNAM_R #ifdef _SC_GETPW_R_SIZE_MAX @@ -380,122 +314,106 @@ ves_icall_System_Security_Principal_WindowsIdentity_GetUserToken (MonoString *us g_free (fbuf); #endif g_free (utf8_name); -#endif + +#endif /* HAVE_PWD_H */ + return token; } - +#endif /* HOST_WIN32 */ /* http://www.dotnet247.com/247reference/msgs/39/195403.aspx // internal static string[] WindowsIdentity._GetRoles (IntPtr token) */ + +#ifndef HOST_WIN32 MonoArray* -ves_icall_System_Security_Principal_WindowsIdentity_GetRoles (gpointer token) +ves_icall_System_Security_Principal_WindowsIdentity_GetRoles (gpointer token) { - MonoArray *array = NULL; - MonoDomain *domain = mono_domain_get (); -#ifdef HOST_WIN32 MonoError error; - gint32 size = 0; + MonoArray *array = NULL; + MonoDomain *domain = mono_domain_get (); - GetTokenInformation (token, TokenGroups, NULL, size, (PDWORD)&size); - if (size > 0) { - TOKEN_GROUPS *tg = g_malloc0 (size); - if (GetTokenInformation (token, TokenGroups, tg, size, (PDWORD)&size)) { - int i=0; - int num = tg->GroupCount; - - array = mono_array_new (domain, mono_get_string_class (), num); - - for (i=0; i < num; i++) { - gint32 size = 0; - gunichar2 *uniname = GetSidName (NULL, tg->Groups [i].Sid, &size); - - if (uniname) { - MonoString *str = mono_string_new_utf16_checked (domain, uniname, size, &error); - if (!is_ok (&error)) { - g_free (uniname); - g_free (tg); - mono_error_set_pending_exception (&error); - return NULL; - } - mono_array_setref (array, i, str); - g_free (uniname); - } - } - } - g_free (tg); - } -#else /* POSIX-compliant systems should use IsMemberOfGroupId or IsMemberOfGroupName */ g_warning ("WindowsIdentity._GetRoles should never be called on POSIX"); -#endif + if (!array) { /* return empty array of string, i.e. string [0] */ - array = mono_array_new (domain, mono_get_string_class (), 0); + array = mono_array_new_checked (domain, mono_get_string_class (), 0, &error); + mono_error_set_pending_exception (&error); } return array; } - +#endif /* !HOST_WIN32 */ /* System.Security.Principal.WindowsImpersonationContext */ - +#ifndef HOST_WIN32 gboolean ves_icall_System_Security_Principal_WindowsImpersonationContext_CloseToken (gpointer token) { - gboolean result = TRUE; - -#ifdef HOST_WIN32 - result = (CloseHandle (token) != 0); -#endif - return result; + return TRUE; } +#endif /* !HOST_WIN32 */ - +#ifndef HOST_WIN32 gpointer ves_icall_System_Security_Principal_WindowsImpersonationContext_DuplicateToken (gpointer token) { - gpointer dupe = NULL; - -#ifdef HOST_WIN32 - if (DuplicateToken (token, SecurityImpersonation, &dupe) == 0) { - dupe = NULL; - } -#else - dupe = token; -#endif - return dupe; + return token; } +#endif /* !HOST_WIN32 */ - +#if G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT) gboolean ves_icall_System_Security_Principal_WindowsImpersonationContext_SetCurrentToken (gpointer token) { - /* Posix version implemented in /mono/mono/io-layer/security.c */ +#ifdef HOST_WIN32 return (ImpersonateLoggedOnUser (token) != 0); +#else + uid_t itoken = (uid_t) GPOINTER_TO_INT (token); +#ifdef HAVE_SETRESUID + if (setresuid (-1, itoken, getuid ()) < 0) + return FALSE; +#endif + return geteuid () == itoken; +#endif } - gboolean ves_icall_System_Security_Principal_WindowsImpersonationContext_RevertToSelf (void) { - /* Posix version implemented in /mono/mono/io-layer/security.c */ +#ifdef HOST_WIN32 return (RevertToSelf () != 0); -} +#else +#ifdef HAVE_GETRESUID + uid_t ruid, euid; +#endif + uid_t suid = -1; +#ifdef HAVE_GETRESUID + if (getresuid (&ruid, &euid, &suid) < 0) + return FALSE; +#endif +#ifdef HAVE_SETRESUID + if (setresuid (-1, suid, -1) < 0) + return FALSE; +#else + return TRUE; +#endif + return geteuid () == suid; +#endif +} +#endif /* G_HAVE_API_SUPPORT(HAVE_CLASSIC_WINAPI_SUPPORT) */ /* System.Security.Principal.WindowsPrincipal */ +#ifndef HOST_WIN32 gboolean ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupId (gpointer user, gpointer group) { gboolean result = FALSE; -#ifdef HOST_WIN32 - /* The convertion from an ID to a string is done in managed code for Windows */ - g_warning ("IsMemberOfGroupId should never be called on Win32"); - -#else /* HOST_WIN32 */ +#ifdef HAVE_GRP_H #ifdef HAVE_GETGRGID_R struct group grp; @@ -528,22 +446,18 @@ ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupId (gpointer g_free (fbuf); #endif -#endif /* HOST_WIN32 */ +#endif /* HAVE_GRP_H */ return result; } - gboolean ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupName (gpointer user, MonoString *group) { gboolean result = FALSE; -#ifdef HOST_WIN32 - /* Windows version use a cache built using WindowsIdentity._GetRoles */ - g_warning ("IsMemberOfGroupName should never be called on Win32"); +#ifdef HAVE_GRP_H -#else /* HOST_WIN32 */ gchar *utf8_groupname; utf8_groupname = mono_unicode_to_external (mono_string_chars (group)); @@ -576,231 +490,17 @@ ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupName (gpoint #endif g_free (utf8_groupname); } -#endif /* HOST_WIN32 */ + +#endif /* HAVE_GRP_H */ return result; } - +#endif /* !HOST_WIN32 */ /* Mono.Security.Cryptography IO related internal calls */ -#ifdef HOST_WIN32 - -static PSID -GetAdministratorsSid (void) -{ - SID_IDENTIFIER_AUTHORITY admins = SECURITY_NT_AUTHORITY; - PSID pSid = NULL; - if (!AllocateAndInitializeSid (&admins, 2, SECURITY_BUILTIN_DOMAIN_RID, - DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pSid)) - return NULL; - /* Note: this SID must be freed with FreeSid () */ - return pSid; -} - - -static PSID -GetEveryoneSid (void) -{ - SID_IDENTIFIER_AUTHORITY everyone = SECURITY_WORLD_SID_AUTHORITY; - PSID pSid = NULL; - if (!AllocateAndInitializeSid (&everyone, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pSid)) - return NULL; - /* Note: this SID must be freed with FreeSid () */ - return pSid; -} - - -static PSID -GetCurrentUserSid (void) -{ - PSID sid = NULL; - guint32 size = 0; - gpointer token = ves_icall_System_Security_Principal_WindowsIdentity_GetCurrentToken (); - - GetTokenInformation (token, TokenUser, NULL, size, (PDWORD)&size); - if (size > 0) { - TOKEN_USER *tu = g_malloc0 (size); - if (GetTokenInformation (token, TokenUser, tu, size, (PDWORD)&size)) { - DWORD length = GetLengthSid (tu->User.Sid); - sid = (PSID) g_malloc0 (length); - if (!CopySid (length, sid, tu->User.Sid)) { - g_free (sid); - sid = NULL; - } - } - g_free (tu); - } - /* Note: this SID must be freed with g_free () */ - return sid; -} - - -static ACCESS_MASK -GetRightsFromSid (PSID sid, PACL acl) -{ - ACCESS_MASK rights = 0; - TRUSTEE trustee; - - BuildTrusteeWithSidW (&trustee, sid); - if (GetEffectiveRightsFromAcl (acl, &trustee, &rights) != ERROR_SUCCESS) - return 0; - - return rights; -} - - -static gboolean -IsMachineProtected (gunichar2 *path) -{ - gboolean success = FALSE; - PACL pDACL = NULL; - PSID pEveryoneSid = NULL; - - DWORD dwRes = GetNamedSecurityInfoW (path, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pDACL, NULL, NULL); - if (dwRes != ERROR_SUCCESS) - return FALSE; - - /* We check that Everyone is still limited to READ-ONLY - - but not if new entries have been added by an Administrator */ - - pEveryoneSid = GetEveryoneSid (); - if (pEveryoneSid) { - ACCESS_MASK rights = GetRightsFromSid (pEveryoneSid, pDACL); - /* http://msdn.microsoft.com/library/en-us/security/security/generic_access_rights.asp?frame=true */ - success = (rights == (READ_CONTROL | SYNCHRONIZE | FILE_READ_DATA | FILE_READ_EA | FILE_READ_ATTRIBUTES)); - FreeSid (pEveryoneSid); - } - /* Note: we don't need to check our own access - - we'll know soon enough when reading the file */ - - if (pDACL) - LocalFree (pDACL); - - return success; -} - - -static gboolean -IsUserProtected (gunichar2 *path) -{ - gboolean success = FALSE; - PACL pDACL = NULL; - PSID pEveryoneSid = NULL; - PSECURITY_DESCRIPTOR pSecurityDescriptor = NULL; - - DWORD dwRes = GetNamedSecurityInfoW (path, SE_FILE_OBJECT, - DACL_SECURITY_INFORMATION, NULL, NULL, &pDACL, NULL, &pSecurityDescriptor); - if (dwRes != ERROR_SUCCESS) - return FALSE; - - /* We check that our original entries in the ACL are in place - - but not if new entries have been added by the user */ - - /* Everyone should be denied */ - pEveryoneSid = GetEveryoneSid (); - if (pEveryoneSid) { - ACCESS_MASK rights = GetRightsFromSid (pEveryoneSid, pDACL); - success = (rights == 0); - FreeSid (pEveryoneSid); - } - /* Note: we don't need to check our own access - - we'll know soon enough when reading the file */ - - if (pSecurityDescriptor) - LocalFree (pSecurityDescriptor); - - return success; -} - - -static gboolean -ProtectMachine (gunichar2 *path) -{ - PSID pEveryoneSid = GetEveryoneSid (); - PSID pAdminsSid = GetAdministratorsSid (); - DWORD retval = -1; - - if (pEveryoneSid && pAdminsSid) { - PACL pDACL = NULL; - EXPLICIT_ACCESS ea [2]; - ZeroMemory (&ea, 2 * sizeof (EXPLICIT_ACCESS)); - - /* grant all access to the BUILTIN\Administrators group */ - BuildTrusteeWithSidW (&ea [0].Trustee, pAdminsSid); - ea [0].grfAccessPermissions = GENERIC_ALL; - ea [0].grfAccessMode = SET_ACCESS; - ea [0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; - ea [0].Trustee.TrusteeForm = TRUSTEE_IS_SID; - ea [0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; - - /* read-only access everyone */ - BuildTrusteeWithSidW (&ea [1].Trustee, pEveryoneSid); - ea [1].grfAccessPermissions = GENERIC_READ; - ea [1].grfAccessMode = SET_ACCESS; - ea [1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; - ea [1].Trustee.TrusteeForm = TRUSTEE_IS_SID; - ea [1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; - - retval = SetEntriesInAcl (2, ea, NULL, &pDACL); - if (retval == ERROR_SUCCESS) { - /* with PROTECTED_DACL_SECURITY_INFORMATION we */ - /* remove any existing ACL (like inherited ones) */ - retval = SetNamedSecurityInfo (path, SE_FILE_OBJECT, - DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION, - NULL, NULL, pDACL, NULL); - } - if (pDACL) - LocalFree (pDACL); - } - - if (pEveryoneSid) - FreeSid (pEveryoneSid); - if (pAdminsSid) - FreeSid (pAdminsSid); - return (retval == ERROR_SUCCESS); -} - - -static gboolean -ProtectUser (gunichar2 *path) -{ - DWORD retval = -1; - - PSID pCurrentSid = GetCurrentUserSid (); - if (pCurrentSid) { - PACL pDACL = NULL; - EXPLICIT_ACCESS ea; - ZeroMemory (&ea, sizeof (EXPLICIT_ACCESS)); - - /* grant exclusive access to the current user */ - BuildTrusteeWithSidW (&ea.Trustee, pCurrentSid); - ea.grfAccessPermissions = GENERIC_ALL; - ea.grfAccessMode = SET_ACCESS; - ea.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; - ea.Trustee.TrusteeForm = TRUSTEE_IS_SID; - ea.Trustee.TrusteeType = TRUSTEE_IS_USER; - - retval = SetEntriesInAcl (1, &ea, NULL, &pDACL); - if (retval == ERROR_SUCCESS) { - /* with PROTECTED_DACL_SECURITY_INFORMATION we - remove any existing ACL (like inherited ones) */ - retval = SetNamedSecurityInfo (path, SE_FILE_OBJECT, - DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION, - NULL, NULL, pDACL, NULL); - } - - if (pDACL) - LocalFree (pDACL); - g_free (pCurrentSid); /* g_malloc0 */ - } - - return (retval == ERROR_SUCCESS); -} - -#else - -static gboolean +#ifndef HOST_WIN32 +static gboolean IsProtected (MonoString *path, gint32 protection) { gboolean result = FALSE; @@ -816,7 +516,7 @@ IsProtected (MonoString *path, gint32 protection) } -static gboolean +static gboolean Protect (MonoString *path, gint32 file_mode, gint32 add_dir_mode) { gboolean result = FALSE; @@ -834,85 +534,53 @@ Protect (MonoString *path, gint32 file_mode, gint32 add_dir_mode) return result; } -#endif /* not HOST_WIN32 */ - - MonoBoolean ves_icall_Mono_Security_Cryptography_KeyPairPersistence_CanSecure (MonoString *root) { -#if HOST_WIN32 - gint32 flags; - - /* ACL are nice... unless you have FAT or other uncivilized filesystem */ - if (!GetVolumeInformation (mono_string_chars (root), NULL, 0, NULL, NULL, (LPDWORD)&flags, NULL, 0)) - return FALSE; - return ((flags & FS_PERSISTENT_ACLS) == FS_PERSISTENT_ACLS); -#else /* we assume some kind of security is applicable outside Windows */ return TRUE; -#endif } - MonoBoolean ves_icall_Mono_Security_Cryptography_KeyPairPersistence_IsMachineProtected (MonoString *path) { gboolean ret = FALSE; /* no one, but the owner, should have write access to the directory */ -#ifdef HOST_WIN32 - ret = IsMachineProtected (mono_string_chars (path)); -#else ret = IsProtected (path, (S_IWGRP | S_IWOTH)); -#endif - return ret; + return (MonoBoolean)ret; } - MonoBoolean ves_icall_Mono_Security_Cryptography_KeyPairPersistence_IsUserProtected (MonoString *path) { gboolean ret = FALSE; /* no one, but the user, should have access to the directory */ -#ifdef HOST_WIN32 - ret = IsUserProtected (mono_string_chars (path)); -#else ret = IsProtected (path, (S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH)); -#endif - return ret; + return (MonoBoolean)ret; } - MonoBoolean ves_icall_Mono_Security_Cryptography_KeyPairPersistence_ProtectMachine (MonoString *path) { gboolean ret = FALSE; /* read/write to owner, read to everyone else */ -#ifdef HOST_WIN32 - ret = ProtectMachine (mono_string_chars (path)); -#else ret = Protect (path, (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH), (S_IXUSR | S_IXGRP | S_IXOTH)); -#endif - return ret; + return (MonoBoolean)ret; } - MonoBoolean ves_icall_Mono_Security_Cryptography_KeyPairPersistence_ProtectUser (MonoString *path) { gboolean ret = FALSE; /* read/write to user, no access to everyone else */ -#ifdef HOST_WIN32 - ret = ProtectUser (mono_string_chars (path)); -#else ret = Protect (path, (S_IRUSR | S_IWUSR), S_IXUSR); -#endif - return ret; + return (MonoBoolean)ret; } - +#endif /* !HOST_WIN32 */ /* * Returns TRUE if there is "something" where the Authenticode signature is @@ -921,10 +589,14 @@ ves_icall_Mono_Security_Cryptography_KeyPairPersistence_ProtectUser (MonoString * Note: Neither the structure nor the signature is verified by this function. */ MonoBoolean -ves_icall_System_Security_Policy_Evidence_IsAuthenticodePresent (MonoReflectionAssembly *refass) +ves_icall_System_Security_Policy_Evidence_IsAuthenticodePresent (MonoReflectionAssemblyHandle refass, MonoError *error) { - if (refass && refass->assembly && refass->assembly->image) { - return mono_image_has_authenticode_entry (refass->assembly->image); + error_init (error); + if (MONO_HANDLE_IS_NULL (refass)) + return FALSE; + MonoAssembly *assembly = MONO_HANDLE_GETVAL (refass, assembly); + if (assembly && assembly->image) { + return (MonoBoolean)mono_image_has_authenticode_entry (assembly->image); } return FALSE; } @@ -955,12 +627,12 @@ void invoke_protected_memory_method (MonoArray *data, MonoObject *scope, gboolea MonoMethod *method; void *params [2]; - mono_error_init (error); + error_init (error); if (system_security_assembly == NULL) { system_security_assembly = mono_image_loaded ("System.Security"); if (!system_security_assembly) { - MonoAssembly *sa = mono_assembly_open ("System.Security.dll", NULL); + MonoAssembly *sa = mono_assembly_open_predicate ("System.Security.dll", FALSE, FALSE, NULL, NULL, NULL); if (!sa) g_assert_not_reached (); system_security_assembly = mono_assembly_get_image (sa);