// helper used by CreateCryptProv
HRESULT
IsServiceAccount(
OUT BOOL * pfMember)
{
HRESULT hr = S_OK;
BOOL fMember = FALSE;
hr = IsMemberOf(WinLocalServiceSid, NULL, &fMember);
if (FAILED(hr) || fMember)
{
goto Cleanup;
}
hr = IsMemberOf(WinLocalSystemSid, NULL, &fMember);
if (FAILED(hr) || fMember)
{
goto Cleanup;
}
hr = IsMemberOf(WinNetworkServiceSid, NULL, &fMember);
if (FAILED(hr) || fMember)
{
goto Cleanup;
}
Cleanup:
*pfMember = fMember;
return hr;
}
bool TCred::IsMemberOf(std::string groupname) const {
gid_t gid;
if (GroupId(groupname, gid))
return false;
return IsMemberOf(gid);
}
/* Returns true for priveleged or if uid/gid intersects */
bool TCred::IsPermitted(const TCred &requirement) const {
if (Uid == requirement.Uid)
return true;
if (IsRootUser())
return true;
if (IsMemberOf(requirement.Gid))
return true;
for (auto gid: requirement.Groups)
if (IsMemberOf(gid))
return true;
return false;
}
gboolean
ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupName (gpointer user, MonoString *group)
{
gboolean result = FALSE;
#ifdef HOST_WIN32
MONO_ARCH_SAVE_REGS;
/* Windows version use a cache built using WindowsIdentity._GetRoles */
g_warning ("IsMemberOfGroupName should never be called on Win32");
#else /* HOST_WIN32 */
gchar *utf8_groupname;
MONO_ARCH_SAVE_REGS;
utf8_groupname = mono_unicode_to_external (mono_string_chars (group));
if (utf8_groupname) {
struct group *g = NULL;
#ifdef HAVE_GETGRNAM_R
struct group grp;
gchar *fbuf;
gint32 retval;
#ifdef _SC_GETGR_R_SIZE_MAX
size_t fbufsize = mono_sysconf (_SC_GETGR_R_SIZE_MAX);
#else
size_t fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
#endif
fbuf = g_malloc0 (fbufsize);
retval = getgrnam_r (utf8_groupname, &grp, fbuf, fbufsize, &g);
result = ((retval == 0) && (g == &grp));
#else
/* default to non thread-safe but posix compliant function */
g = getgrnam (utf8_groupname);
result = (g != NULL);
#endif
if (result) {
result = IsMemberOf ((uid_t) GPOINTER_TO_INT (user), g);
}
#ifdef HAVE_GETGRNAM_R
g_free (fbuf);
#endif
g_free (utf8_groupname);
}
#endif /* HOST_WIN32 */
return result;
}
gboolean
ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupId (gpointer user, gpointer group)
{
gboolean result = FALSE;
#ifdef HOST_WIN32
MONO_ARCH_SAVE_REGS;
/* The convertion from an ID to a string is done in managed code for Windows */
g_warning ("IsMemberOfGroupId should never be called on Win32");
#else /* HOST_WIN32 */
#ifdef HAVE_GETGRGID_R
struct group grp;
size_t fbufsize;
gchar *fbuf;
gint32 retval;
#endif
struct group *g = NULL;
MONO_ARCH_SAVE_REGS;
#ifdef HAVE_GETGRGID_R
#ifdef _SC_GETGR_R_SIZE_MAX
fbufsize = mono_sysconf (_SC_GETGR_R_SIZE_MAX);
#else
fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
#endif
fbuf = g_malloc0 (fbufsize);
retval = getgrgid_r ((gid_t) GPOINTER_TO_INT (group), &grp, fbuf, fbufsize, &g);
result = ((retval == 0) && (g == &grp));
#else
/* default to non thread-safe but posix compliant function */
g = getgrgid ((gid_t) GPOINTER_TO_INT (group));
result = (g != NULL);
#endif
if (result) {
result = IsMemberOf ((uid_t) GPOINTER_TO_INT (user), g);
}
#ifdef HAVE_GETGRGID_R
g_free (fbuf);
#endif
#endif /* HOST_WIN32 */
return result;
}
MonoBoolean
ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupId (gpointer user, gpointer group, MonoError *error)
{
gboolean result = FALSE;
#ifdef HAVE_GRP_H
#ifdef HAVE_GETGRGID_R
struct group grp;
size_t fbufsize;
gchar *fbuf;
gint32 retval;
#endif
struct group *g = NULL;
#ifdef HAVE_GETGRGID_R
#ifdef _SC_GETGR_R_SIZE_MAX
fbufsize = mono_sysconf (_SC_GETGR_R_SIZE_MAX);
#else
fbufsize = MONO_SYSCONF_DEFAULT_SIZE;
#endif
fbuf = (gchar *)g_malloc0 (fbufsize);
retval = getgrgid_r ((gid_t) GPOINTER_TO_INT (group), &grp, fbuf, fbufsize, &g);
result = ((retval == 0) && (g == &grp));
#else
/* default to non thread-safe but posix compliant function */
g = getgrgid ((gid_t) GPOINTER_TO_INT (group));
result = (g != NULL);
#endif
if (result)
result = IsMemberOf ((uid_t) GPOINTER_TO_INT (user), g);
#ifdef HAVE_GETGRGID_R
g_free (fbuf);
#endif
#endif /* HAVE_GRP_H */
return result;
}
bool TCred::IsPortoUser() const {
return IsRootUser() || IsMemberOf(PortoGroup);
}
