1*6777b538SAndroid Build Coastguard Worker // Copyright 2021 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker
5*6777b538SAndroid Build Coastguard Worker #include "base/win/sid.h"
6*6777b538SAndroid Build Coastguard Worker
7*6777b538SAndroid Build Coastguard Worker // clang-format off
8*6777b538SAndroid Build Coastguard Worker #include <windows.h> // Must be in front of other Windows header files.
9*6777b538SAndroid Build Coastguard Worker // clang-format on
10*6777b538SAndroid Build Coastguard Worker
11*6777b538SAndroid Build Coastguard Worker #include <sddl.h>
12*6777b538SAndroid Build Coastguard Worker #include <stdint.h>
13*6777b538SAndroid Build Coastguard Worker #include <stdlib.h>
14*6777b538SAndroid Build Coastguard Worker
15*6777b538SAndroid Build Coastguard Worker #include <iterator>
16*6777b538SAndroid Build Coastguard Worker #include <map>
17*6777b538SAndroid Build Coastguard Worker #include <utility>
18*6777b538SAndroid Build Coastguard Worker
19*6777b538SAndroid Build Coastguard Worker #include "base/check.h"
20*6777b538SAndroid Build Coastguard Worker #include "base/no_destructor.h"
21*6777b538SAndroid Build Coastguard Worker #include "base/rand_util.h"
22*6777b538SAndroid Build Coastguard Worker #include "base/ranges/algorithm.h"
23*6777b538SAndroid Build Coastguard Worker #include "base/strings/string_util_win.h"
24*6777b538SAndroid Build Coastguard Worker #include "base/win/scoped_handle.h"
25*6777b538SAndroid Build Coastguard Worker #include "base/win/scoped_localalloc.h"
26*6777b538SAndroid Build Coastguard Worker #include "base/win/windows_version.h"
27*6777b538SAndroid Build Coastguard Worker #include "third_party/boringssl/src/include/openssl/crypto.h"
28*6777b538SAndroid Build Coastguard Worker #include "third_party/boringssl/src/include/openssl/sha.h"
29*6777b538SAndroid Build Coastguard Worker
30*6777b538SAndroid Build Coastguard Worker namespace base::win {
31*6777b538SAndroid Build Coastguard Worker
32*6777b538SAndroid Build Coastguard Worker namespace {
33*6777b538SAndroid Build Coastguard Worker
34*6777b538SAndroid Build Coastguard Worker template <typename Iterator>
FromSubAuthorities(const SID_IDENTIFIER_AUTHORITY & identifier_authority,size_t sub_authority_count,Iterator sub_authorities)35*6777b538SAndroid Build Coastguard Worker Sid FromSubAuthorities(const SID_IDENTIFIER_AUTHORITY& identifier_authority,
36*6777b538SAndroid Build Coastguard Worker size_t sub_authority_count,
37*6777b538SAndroid Build Coastguard Worker Iterator sub_authorities) {
38*6777b538SAndroid Build Coastguard Worker DCHECK(sub_authority_count <= SID_MAX_SUB_AUTHORITIES);
39*6777b538SAndroid Build Coastguard Worker BYTE sid_buffer[SECURITY_MAX_SID_SIZE];
40*6777b538SAndroid Build Coastguard Worker SID* sid = reinterpret_cast<SID*>(sid_buffer);
41*6777b538SAndroid Build Coastguard Worker sid->Revision = SID_REVISION;
42*6777b538SAndroid Build Coastguard Worker sid->SubAuthorityCount = static_cast<UCHAR>(sub_authority_count);
43*6777b538SAndroid Build Coastguard Worker sid->IdentifierAuthority = identifier_authority;
44*6777b538SAndroid Build Coastguard Worker for (size_t index = 0; index < sub_authority_count; ++index) {
45*6777b538SAndroid Build Coastguard Worker sid->SubAuthority[index] = static_cast<DWORD>(*sub_authorities++);
46*6777b538SAndroid Build Coastguard Worker }
47*6777b538SAndroid Build Coastguard Worker DCHECK(::IsValidSid(sid));
48*6777b538SAndroid Build Coastguard Worker return *Sid::FromPSID(sid);
49*6777b538SAndroid Build Coastguard Worker }
50*6777b538SAndroid Build Coastguard Worker
FromSubAuthorities(const SID_IDENTIFIER_AUTHORITY & identifier_authority,std::initializer_list<int32_t> sub_authorities)51*6777b538SAndroid Build Coastguard Worker Sid FromSubAuthorities(const SID_IDENTIFIER_AUTHORITY& identifier_authority,
52*6777b538SAndroid Build Coastguard Worker std::initializer_list<int32_t> sub_authorities) {
53*6777b538SAndroid Build Coastguard Worker return FromSubAuthorities(identifier_authority, sub_authorities.size(),
54*6777b538SAndroid Build Coastguard Worker sub_authorities.begin());
55*6777b538SAndroid Build Coastguard Worker }
56*6777b538SAndroid Build Coastguard Worker
FromNtAuthority(std::initializer_list<int32_t> sub_authorities)57*6777b538SAndroid Build Coastguard Worker Sid FromNtAuthority(std::initializer_list<int32_t> sub_authorities) {
58*6777b538SAndroid Build Coastguard Worker return FromSubAuthorities(SECURITY_NT_AUTHORITY, sub_authorities);
59*6777b538SAndroid Build Coastguard Worker }
60*6777b538SAndroid Build Coastguard Worker
WellKnownCapabilityToRid(WellKnownCapability capability)61*6777b538SAndroid Build Coastguard Worker int32_t WellKnownCapabilityToRid(WellKnownCapability capability) {
62*6777b538SAndroid Build Coastguard Worker switch (capability) {
63*6777b538SAndroid Build Coastguard Worker case WellKnownCapability::kInternetClient:
64*6777b538SAndroid Build Coastguard Worker return SECURITY_CAPABILITY_INTERNET_CLIENT;
65*6777b538SAndroid Build Coastguard Worker case WellKnownCapability::kInternetClientServer:
66*6777b538SAndroid Build Coastguard Worker return SECURITY_CAPABILITY_INTERNET_CLIENT_SERVER;
67*6777b538SAndroid Build Coastguard Worker case WellKnownCapability::kPrivateNetworkClientServer:
68*6777b538SAndroid Build Coastguard Worker return SECURITY_CAPABILITY_PRIVATE_NETWORK_CLIENT_SERVER;
69*6777b538SAndroid Build Coastguard Worker case WellKnownCapability::kPicturesLibrary:
70*6777b538SAndroid Build Coastguard Worker return SECURITY_CAPABILITY_PICTURES_LIBRARY;
71*6777b538SAndroid Build Coastguard Worker case WellKnownCapability::kVideosLibrary:
72*6777b538SAndroid Build Coastguard Worker return SECURITY_CAPABILITY_VIDEOS_LIBRARY;
73*6777b538SAndroid Build Coastguard Worker case WellKnownCapability::kMusicLibrary:
74*6777b538SAndroid Build Coastguard Worker return SECURITY_CAPABILITY_MUSIC_LIBRARY;
75*6777b538SAndroid Build Coastguard Worker case WellKnownCapability::kDocumentsLibrary:
76*6777b538SAndroid Build Coastguard Worker return SECURITY_CAPABILITY_DOCUMENTS_LIBRARY;
77*6777b538SAndroid Build Coastguard Worker case WellKnownCapability::kEnterpriseAuthentication:
78*6777b538SAndroid Build Coastguard Worker return SECURITY_CAPABILITY_ENTERPRISE_AUTHENTICATION;
79*6777b538SAndroid Build Coastguard Worker case WellKnownCapability::kSharedUserCertificates:
80*6777b538SAndroid Build Coastguard Worker return SECURITY_CAPABILITY_SHARED_USER_CERTIFICATES;
81*6777b538SAndroid Build Coastguard Worker case WellKnownCapability::kRemovableStorage:
82*6777b538SAndroid Build Coastguard Worker return SECURITY_CAPABILITY_REMOVABLE_STORAGE;
83*6777b538SAndroid Build Coastguard Worker case WellKnownCapability::kAppointments:
84*6777b538SAndroid Build Coastguard Worker return SECURITY_CAPABILITY_APPOINTMENTS;
85*6777b538SAndroid Build Coastguard Worker case WellKnownCapability::kContacts:
86*6777b538SAndroid Build Coastguard Worker return SECURITY_CAPABILITY_CONTACTS;
87*6777b538SAndroid Build Coastguard Worker }
88*6777b538SAndroid Build Coastguard Worker }
89*6777b538SAndroid Build Coastguard Worker
90*6777b538SAndroid Build Coastguard Worker } // namespace
91*6777b538SAndroid Build Coastguard Worker
Sid(const void * sid,size_t length)92*6777b538SAndroid Build Coastguard Worker Sid::Sid(const void* sid, size_t length)
93*6777b538SAndroid Build Coastguard Worker : sid_(static_cast<const char*>(sid),
94*6777b538SAndroid Build Coastguard Worker static_cast<const char*>(sid) + length) {
95*6777b538SAndroid Build Coastguard Worker DCHECK(::IsValidSid(GetPSID()));
96*6777b538SAndroid Build Coastguard Worker }
97*6777b538SAndroid Build Coastguard Worker
FromKnownCapability(WellKnownCapability capability)98*6777b538SAndroid Build Coastguard Worker Sid Sid::FromKnownCapability(WellKnownCapability capability) {
99*6777b538SAndroid Build Coastguard Worker int32_t capability_rid = WellKnownCapabilityToRid(capability);
100*6777b538SAndroid Build Coastguard Worker return FromSubAuthorities(SECURITY_APP_PACKAGE_AUTHORITY,
101*6777b538SAndroid Build Coastguard Worker {SECURITY_CAPABILITY_BASE_RID, capability_rid});
102*6777b538SAndroid Build Coastguard Worker }
103*6777b538SAndroid Build Coastguard Worker
FromNamedCapability(const std::wstring & capability_name)104*6777b538SAndroid Build Coastguard Worker Sid Sid::FromNamedCapability(const std::wstring& capability_name) {
105*6777b538SAndroid Build Coastguard Worker static const base::NoDestructor<std::map<std::wstring, WellKnownCapability>>
106*6777b538SAndroid Build Coastguard Worker known_capabilities(
107*6777b538SAndroid Build Coastguard Worker {{L"INTERNETCLIENT", WellKnownCapability::kInternetClient},
108*6777b538SAndroid Build Coastguard Worker {L"INTERNETCLIENTSERVER",
109*6777b538SAndroid Build Coastguard Worker WellKnownCapability::kInternetClientServer},
110*6777b538SAndroid Build Coastguard Worker {L"PRIVATENETWORKCLIENTSERVER",
111*6777b538SAndroid Build Coastguard Worker WellKnownCapability::kPrivateNetworkClientServer},
112*6777b538SAndroid Build Coastguard Worker {L"PICTURESLIBRARY", WellKnownCapability::kPicturesLibrary},
113*6777b538SAndroid Build Coastguard Worker {L"VIDEOSLIBRARY", WellKnownCapability::kVideosLibrary},
114*6777b538SAndroid Build Coastguard Worker {L"MUSICLIBRARY", WellKnownCapability::kMusicLibrary},
115*6777b538SAndroid Build Coastguard Worker {L"DOCUMENTSLIBRARY", WellKnownCapability::kDocumentsLibrary},
116*6777b538SAndroid Build Coastguard Worker {L"ENTERPRISEAUTHENTICATION",
117*6777b538SAndroid Build Coastguard Worker WellKnownCapability::kEnterpriseAuthentication},
118*6777b538SAndroid Build Coastguard Worker {L"SHAREDUSERCERTIFICATES",
119*6777b538SAndroid Build Coastguard Worker WellKnownCapability::kSharedUserCertificates},
120*6777b538SAndroid Build Coastguard Worker {L"REMOVABLESTORAGE", WellKnownCapability::kRemovableStorage},
121*6777b538SAndroid Build Coastguard Worker {L"APPOINTMENTS", WellKnownCapability::kAppointments},
122*6777b538SAndroid Build Coastguard Worker {L"CONTACTS", WellKnownCapability::kContacts}});
123*6777b538SAndroid Build Coastguard Worker
124*6777b538SAndroid Build Coastguard Worker std::wstring cap_upper = base::ToUpperASCII(capability_name);
125*6777b538SAndroid Build Coastguard Worker auto known_cap = known_capabilities->find(cap_upper);
126*6777b538SAndroid Build Coastguard Worker if (known_cap != known_capabilities->end()) {
127*6777b538SAndroid Build Coastguard Worker return FromKnownCapability(known_cap->second);
128*6777b538SAndroid Build Coastguard Worker }
129*6777b538SAndroid Build Coastguard Worker CRYPTO_library_init();
130*6777b538SAndroid Build Coastguard Worker static_assert((SHA256_DIGEST_LENGTH / sizeof(DWORD)) ==
131*6777b538SAndroid Build Coastguard Worker SECURITY_APP_PACKAGE_RID_COUNT);
132*6777b538SAndroid Build Coastguard Worker DWORD rids[(SHA256_DIGEST_LENGTH / sizeof(DWORD)) + 2];
133*6777b538SAndroid Build Coastguard Worker rids[0] = SECURITY_CAPABILITY_BASE_RID;
134*6777b538SAndroid Build Coastguard Worker rids[1] = SECURITY_CAPABILITY_APP_RID;
135*6777b538SAndroid Build Coastguard Worker
136*6777b538SAndroid Build Coastguard Worker SHA256(reinterpret_cast<const uint8_t*>(cap_upper.c_str()),
137*6777b538SAndroid Build Coastguard Worker cap_upper.size() * sizeof(wchar_t),
138*6777b538SAndroid Build Coastguard Worker reinterpret_cast<uint8_t*>(&rids[2]));
139*6777b538SAndroid Build Coastguard Worker return FromSubAuthorities(SECURITY_APP_PACKAGE_AUTHORITY, std::size(rids),
140*6777b538SAndroid Build Coastguard Worker rids);
141*6777b538SAndroid Build Coastguard Worker }
142*6777b538SAndroid Build Coastguard Worker
FromKnownSid(WellKnownSid type)143*6777b538SAndroid Build Coastguard Worker Sid Sid::FromKnownSid(WellKnownSid type) {
144*6777b538SAndroid Build Coastguard Worker switch (type) {
145*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kNull:
146*6777b538SAndroid Build Coastguard Worker return FromSubAuthorities(SECURITY_NULL_SID_AUTHORITY,
147*6777b538SAndroid Build Coastguard Worker {SECURITY_NULL_RID});
148*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kWorld:
149*6777b538SAndroid Build Coastguard Worker return FromSubAuthorities(SECURITY_WORLD_SID_AUTHORITY,
150*6777b538SAndroid Build Coastguard Worker {SECURITY_WORLD_RID});
151*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kCreatorOwner:
152*6777b538SAndroid Build Coastguard Worker return FromSubAuthorities(SECURITY_CREATOR_SID_AUTHORITY,
153*6777b538SAndroid Build Coastguard Worker {SECURITY_CREATOR_OWNER_RID});
154*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kCreatorOwnerRights:
155*6777b538SAndroid Build Coastguard Worker return FromSubAuthorities(SECURITY_CREATOR_SID_AUTHORITY,
156*6777b538SAndroid Build Coastguard Worker {SECURITY_CREATOR_OWNER_RIGHTS_RID});
157*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kNetwork:
158*6777b538SAndroid Build Coastguard Worker return FromNtAuthority({SECURITY_NETWORK_RID});
159*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kBatch:
160*6777b538SAndroid Build Coastguard Worker return FromNtAuthority({SECURITY_BATCH_RID});
161*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kInteractive:
162*6777b538SAndroid Build Coastguard Worker return FromNtAuthority({SECURITY_INTERACTIVE_RID});
163*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kService:
164*6777b538SAndroid Build Coastguard Worker return FromNtAuthority({SECURITY_SERVICE_RID});
165*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kAnonymous:
166*6777b538SAndroid Build Coastguard Worker return FromNtAuthority({SECURITY_ANONYMOUS_LOGON_RID});
167*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kSelf:
168*6777b538SAndroid Build Coastguard Worker return FromNtAuthority({SECURITY_PRINCIPAL_SELF_RID});
169*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kAuthenticatedUser:
170*6777b538SAndroid Build Coastguard Worker return FromNtAuthority({SECURITY_AUTHENTICATED_USER_RID});
171*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kRestricted:
172*6777b538SAndroid Build Coastguard Worker return FromNtAuthority({SECURITY_RESTRICTED_CODE_RID});
173*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kWriteRestricted:
174*6777b538SAndroid Build Coastguard Worker return FromNtAuthority({SECURITY_WRITE_RESTRICTED_CODE_RID});
175*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kLocalSystem:
176*6777b538SAndroid Build Coastguard Worker return FromNtAuthority({SECURITY_LOCAL_SYSTEM_RID});
177*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kLocalService:
178*6777b538SAndroid Build Coastguard Worker return FromNtAuthority({SECURITY_LOCAL_SERVICE_RID});
179*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kNetworkService:
180*6777b538SAndroid Build Coastguard Worker return FromNtAuthority({SECURITY_NETWORK_SERVICE_RID});
181*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kBuiltinAdministrators:
182*6777b538SAndroid Build Coastguard Worker return FromNtAuthority(
183*6777b538SAndroid Build Coastguard Worker {SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS});
184*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kBuiltinUsers:
185*6777b538SAndroid Build Coastguard Worker return FromNtAuthority(
186*6777b538SAndroid Build Coastguard Worker {SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS});
187*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kBuiltinGuests:
188*6777b538SAndroid Build Coastguard Worker return FromNtAuthority(
189*6777b538SAndroid Build Coastguard Worker {SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS});
190*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kUntrustedLabel:
191*6777b538SAndroid Build Coastguard Worker return FromIntegrityLevel(SECURITY_MANDATORY_UNTRUSTED_RID);
192*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kLowLabel:
193*6777b538SAndroid Build Coastguard Worker return FromIntegrityLevel(SECURITY_MANDATORY_LOW_RID);
194*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kMediumLabel:
195*6777b538SAndroid Build Coastguard Worker return FromIntegrityLevel(SECURITY_MANDATORY_MEDIUM_RID);
196*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kHighLabel:
197*6777b538SAndroid Build Coastguard Worker return FromIntegrityLevel(SECURITY_MANDATORY_HIGH_RID);
198*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kSystemLabel:
199*6777b538SAndroid Build Coastguard Worker return FromIntegrityLevel(SECURITY_MANDATORY_SYSTEM_RID);
200*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kAllApplicationPackages:
201*6777b538SAndroid Build Coastguard Worker return FromSubAuthorities(SECURITY_APP_PACKAGE_AUTHORITY,
202*6777b538SAndroid Build Coastguard Worker {SECURITY_APP_PACKAGE_BASE_RID,
203*6777b538SAndroid Build Coastguard Worker SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE});
204*6777b538SAndroid Build Coastguard Worker case WellKnownSid::kAllRestrictedApplicationPackages:
205*6777b538SAndroid Build Coastguard Worker return FromSubAuthorities(
206*6777b538SAndroid Build Coastguard Worker SECURITY_APP_PACKAGE_AUTHORITY,
207*6777b538SAndroid Build Coastguard Worker {SECURITY_APP_PACKAGE_BASE_RID,
208*6777b538SAndroid Build Coastguard Worker SECURITY_BUILTIN_PACKAGE_ANY_RESTRICTED_PACKAGE});
209*6777b538SAndroid Build Coastguard Worker }
210*6777b538SAndroid Build Coastguard Worker }
211*6777b538SAndroid Build Coastguard Worker
FromSddlString(const std::wstring & sddl_sid)212*6777b538SAndroid Build Coastguard Worker std::optional<Sid> Sid::FromSddlString(const std::wstring& sddl_sid) {
213*6777b538SAndroid Build Coastguard Worker PSID psid = nullptr;
214*6777b538SAndroid Build Coastguard Worker if (!::ConvertStringSidToSid(sddl_sid.c_str(), &psid)) {
215*6777b538SAndroid Build Coastguard Worker return std::nullopt;
216*6777b538SAndroid Build Coastguard Worker }
217*6777b538SAndroid Build Coastguard Worker auto psid_alloc = TakeLocalAlloc(psid);
218*6777b538SAndroid Build Coastguard Worker return FromPSID(psid_alloc.get());
219*6777b538SAndroid Build Coastguard Worker }
220*6777b538SAndroid Build Coastguard Worker
FromPSID(PSID sid)221*6777b538SAndroid Build Coastguard Worker std::optional<Sid> Sid::FromPSID(PSID sid) {
222*6777b538SAndroid Build Coastguard Worker DCHECK(sid);
223*6777b538SAndroid Build Coastguard Worker if (!sid || !::IsValidSid(sid))
224*6777b538SAndroid Build Coastguard Worker return std::nullopt;
225*6777b538SAndroid Build Coastguard Worker return Sid(sid, ::GetLengthSid(sid));
226*6777b538SAndroid Build Coastguard Worker }
227*6777b538SAndroid Build Coastguard Worker
GenerateRandomSid()228*6777b538SAndroid Build Coastguard Worker Sid Sid::GenerateRandomSid() {
229*6777b538SAndroid Build Coastguard Worker DWORD sub_authorities[4] = {};
230*6777b538SAndroid Build Coastguard Worker RandBytes(&sub_authorities, sizeof(sub_authorities));
231*6777b538SAndroid Build Coastguard Worker return FromSubAuthorities(SECURITY_NULL_SID_AUTHORITY,
232*6777b538SAndroid Build Coastguard Worker std::size(sub_authorities), sub_authorities);
233*6777b538SAndroid Build Coastguard Worker }
234*6777b538SAndroid Build Coastguard Worker
FromIntegrityLevel(DWORD integrity_level)235*6777b538SAndroid Build Coastguard Worker Sid Sid::FromIntegrityLevel(DWORD integrity_level) {
236*6777b538SAndroid Build Coastguard Worker return FromSubAuthorities(SECURITY_MANDATORY_LABEL_AUTHORITY, 1,
237*6777b538SAndroid Build Coastguard Worker &integrity_level);
238*6777b538SAndroid Build Coastguard Worker }
239*6777b538SAndroid Build Coastguard Worker
FromSddlStringVector(const std::vector<std::wstring> & sddl_sids)240*6777b538SAndroid Build Coastguard Worker std::optional<std::vector<Sid>> Sid::FromSddlStringVector(
241*6777b538SAndroid Build Coastguard Worker const std::vector<std::wstring>& sddl_sids) {
242*6777b538SAndroid Build Coastguard Worker std::vector<Sid> converted_sids;
243*6777b538SAndroid Build Coastguard Worker converted_sids.reserve(sddl_sids.size());
244*6777b538SAndroid Build Coastguard Worker for (const std::wstring& sddl_sid : sddl_sids) {
245*6777b538SAndroid Build Coastguard Worker std::optional<Sid> sid = FromSddlString(sddl_sid);
246*6777b538SAndroid Build Coastguard Worker if (!sid)
247*6777b538SAndroid Build Coastguard Worker return std::nullopt;
248*6777b538SAndroid Build Coastguard Worker converted_sids.push_back(std::move(*sid));
249*6777b538SAndroid Build Coastguard Worker }
250*6777b538SAndroid Build Coastguard Worker return converted_sids;
251*6777b538SAndroid Build Coastguard Worker }
252*6777b538SAndroid Build Coastguard Worker
FromNamedCapabilityVector(const std::vector<std::wstring> & capability_names)253*6777b538SAndroid Build Coastguard Worker std::vector<Sid> Sid::FromNamedCapabilityVector(
254*6777b538SAndroid Build Coastguard Worker const std::vector<std::wstring>& capability_names) {
255*6777b538SAndroid Build Coastguard Worker std::vector<Sid> sids;
256*6777b538SAndroid Build Coastguard Worker ranges::transform(capability_names, std::back_inserter(sids),
257*6777b538SAndroid Build Coastguard Worker FromNamedCapability);
258*6777b538SAndroid Build Coastguard Worker return sids;
259*6777b538SAndroid Build Coastguard Worker }
260*6777b538SAndroid Build Coastguard Worker
FromKnownCapabilityVector(const std::vector<WellKnownCapability> & capabilities)261*6777b538SAndroid Build Coastguard Worker std::vector<Sid> Sid::FromKnownCapabilityVector(
262*6777b538SAndroid Build Coastguard Worker const std::vector<WellKnownCapability>& capabilities) {
263*6777b538SAndroid Build Coastguard Worker std::vector<Sid> sids;
264*6777b538SAndroid Build Coastguard Worker ranges::transform(capabilities, std::back_inserter(sids),
265*6777b538SAndroid Build Coastguard Worker FromKnownCapability);
266*6777b538SAndroid Build Coastguard Worker return sids;
267*6777b538SAndroid Build Coastguard Worker }
268*6777b538SAndroid Build Coastguard Worker
FromKnownSidVector(const std::vector<WellKnownSid> & known_sids)269*6777b538SAndroid Build Coastguard Worker std::vector<Sid> Sid::FromKnownSidVector(
270*6777b538SAndroid Build Coastguard Worker const std::vector<WellKnownSid>& known_sids) {
271*6777b538SAndroid Build Coastguard Worker std::vector<Sid> sids;
272*6777b538SAndroid Build Coastguard Worker ranges::transform(known_sids, std::back_inserter(sids), FromKnownSid);
273*6777b538SAndroid Build Coastguard Worker return sids;
274*6777b538SAndroid Build Coastguard Worker }
275*6777b538SAndroid Build Coastguard Worker
Sid(WellKnownSid known_sid)276*6777b538SAndroid Build Coastguard Worker Sid::Sid(WellKnownSid known_sid) : Sid(FromKnownSid(known_sid)) {}
Sid(WellKnownCapability known_capability)277*6777b538SAndroid Build Coastguard Worker Sid::Sid(WellKnownCapability known_capability)
278*6777b538SAndroid Build Coastguard Worker : Sid(FromKnownCapability(known_capability)) {}
279*6777b538SAndroid Build Coastguard Worker Sid::Sid(Sid&& sid) = default;
280*6777b538SAndroid Build Coastguard Worker Sid& Sid::operator=(Sid&&) = default;
281*6777b538SAndroid Build Coastguard Worker Sid::~Sid() = default;
282*6777b538SAndroid Build Coastguard Worker
GetPSID() const283*6777b538SAndroid Build Coastguard Worker PSID Sid::GetPSID() const {
284*6777b538SAndroid Build Coastguard Worker DCHECK(!sid_.empty());
285*6777b538SAndroid Build Coastguard Worker return const_cast<char*>(sid_.data());
286*6777b538SAndroid Build Coastguard Worker }
287*6777b538SAndroid Build Coastguard Worker
ToSddlString() const288*6777b538SAndroid Build Coastguard Worker std::optional<std::wstring> Sid::ToSddlString() const {
289*6777b538SAndroid Build Coastguard Worker LPWSTR sid = nullptr;
290*6777b538SAndroid Build Coastguard Worker if (!::ConvertSidToStringSid(GetPSID(), &sid))
291*6777b538SAndroid Build Coastguard Worker return std::nullopt;
292*6777b538SAndroid Build Coastguard Worker auto sid_ptr = TakeLocalAlloc(sid);
293*6777b538SAndroid Build Coastguard Worker return sid_ptr.get();
294*6777b538SAndroid Build Coastguard Worker }
295*6777b538SAndroid Build Coastguard Worker
Clone() const296*6777b538SAndroid Build Coastguard Worker Sid Sid::Clone() const {
297*6777b538SAndroid Build Coastguard Worker return Sid(sid_.data(), sid_.size());
298*6777b538SAndroid Build Coastguard Worker }
299*6777b538SAndroid Build Coastguard Worker
Equal(PSID sid) const300*6777b538SAndroid Build Coastguard Worker bool Sid::Equal(PSID sid) const {
301*6777b538SAndroid Build Coastguard Worker return !!::EqualSid(GetPSID(), sid);
302*6777b538SAndroid Build Coastguard Worker }
303*6777b538SAndroid Build Coastguard Worker
operator ==(const Sid & sid) const304*6777b538SAndroid Build Coastguard Worker bool Sid::operator==(const Sid& sid) const {
305*6777b538SAndroid Build Coastguard Worker return Equal(sid.GetPSID());
306*6777b538SAndroid Build Coastguard Worker }
307*6777b538SAndroid Build Coastguard Worker
operator !=(const Sid & sid) const308*6777b538SAndroid Build Coastguard Worker bool Sid::operator!=(const Sid& sid) const {
309*6777b538SAndroid Build Coastguard Worker return !(operator==(sid));
310*6777b538SAndroid Build Coastguard Worker }
311*6777b538SAndroid Build Coastguard Worker
312*6777b538SAndroid Build Coastguard Worker } // namespace base::win
313