Go to the source code of this file.
Functions | |
| static BOOL | IsUserInGroup (PSID sid, const PTOKEN_GROUPS token_groups, const WCHAR *group_name) |
| User is in group if the token groups contain the SID of the group of if the user is a direct member of the group. More... | |
| static PTOKEN_GROUPS | GetTokenGroups (const HANDLE token) |
| Get a list of groups in token. More... | |
| static BOOL | CheckConfigPath (const WCHAR *workdir, const WCHAR *fname, const settings_t *s) |
| static int | OptionLookup (const WCHAR *name, const WCHAR *white_list[]) |
| static BOOL | GetBuiltinAdminGroupName (WCHAR *name, DWORD nlen) |
| BOOL | IsAuthorizedUser (PSID sid, const HANDLE token, const WCHAR *ovpn_admin_group) |
| static BOOL | LookupSID (const WCHAR *name, PSID sid, DWORD sid_size) |
| BOOL | CheckOption (const WCHAR *workdir, int argc, WCHAR *argv[], const settings_t *s) |
Variables | |
| static const WCHAR * | white_list [] |
Function Documentation
◆ CheckConfigPath()
|
static |
Definition at line 62 of file validate.c.
References settings_t::config_dir.
Referenced by CheckOption().
◆ CheckOption()
| BOOL CheckOption | ( | const WCHAR * | workdir, |
| int | argc, | ||
| WCHAR * | argv[], | ||
| const settings_t * | s | ||
| ) |
Definition at line 317 of file validate.c.
References CheckConfigPath(), OptionLookup(), and white_list.
Referenced by ValidateOptions().
◆ GetBuiltinAdminGroupName()
|
static |
◆ GetTokenGroups()
|
static |
Get a list of groups in token.
Returns a pointer to TOKEN_GROUPS struct or NULL on error. The caller should free the returned pointer.
Definition at line 202 of file validate.c.
References M_SYSERR, and MsgToEventLog().
Referenced by IsAuthorizedUser().
◆ IsAuthorizedUser()
| BOOL IsAuthorizedUser | ( | PSID | sid, |
| const HANDLE | token, | ||
| const WCHAR * | ovpn_admin_group | ||
| ) |
Definition at line 148 of file validate.c.
References GetBuiltinAdminGroupName(), GetTokenGroups(), IsUserInGroup(), M_INFO, M_SYSERR, MAX_NAME, MsgToEventLog(), and SYSTEM_ADMIN_GROUP.
Referenced by RunOpenvpn().
◆ IsUserInGroup()
|
static |
User is in group if the token groups contain the SID of the group of if the user is a direct member of the group.
The latter check catches dynamic changes in group membership in the local user database not reflected in the token. If token_groups or sid is NULL the corresponding check is skipped.
Using sid and list of groups in token avoids reference to domains so that this could be completed without access to a Domain Controller.
Returns true if the user is in the group, false otherwise.
Definition at line 258 of file validate.c.
References LookupSID(), M_SYSERR, and MsgToEventLog().
Referenced by IsAuthorizedUser().
◆ LookupSID()
|
static |
◆ OptionLookup()
|
static |
Variable Documentation
◆ white_list
|
static |
Definition at line 30 of file validate.c.
Referenced by CheckOption(), and OptionLookup().
