Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

572 lines
15 KiB

/*++
Copyright (c) 1997-2001 Microsoft Corporation
Module Name:
winsafer.h
Abstract:
This file implements the publicly exported functions, data types,
data structures, and definitions usable by programs that directly
interact with the Windows SAFER APIs.
--*/
#ifndef _WINSAFER_H
#define _WINSAFER_H
#include <guiddef.h>
#include <wincrypt.h>
#ifdef __cplusplus
extern "C" {
#endif
//
// Opaque datatype for representing handles to Safer objects.
//
DECLARE_HANDLE(SAFER_LEVEL_HANDLE);
//
// Constants to represent scope with SaferCreateLevel and others.
//
#define SAFER_SCOPEID_MACHINE 1
#define SAFER_SCOPEID_USER 2
//
// Pre-defined levels that can be used with SaferCreateLevel
//
#define SAFER_LEVELID_FULLYTRUSTED 0x40000
#define SAFER_LEVELID_NORMALUSER 0x20000
#define SAFER_LEVELID_CONSTRAINED 0x10000
#define SAFER_LEVELID_UNTRUSTED 0x01000
#define SAFER_LEVELID_DISALLOWED 0x00000
//
// Flags to use when creating/opening a Level with SaferCreateLevel
//
#define SAFER_LEVEL_OPEN 1
//
// Maximum string size.
//
#define SAFER_MAX_FRIENDLYNAME_SIZE 256
#define SAFER_MAX_DESCRIPTION_SIZE 256
#define SAFER_MAX_HASH_SIZE 64
//
// Flags to use with SaferComputeTokenFromLevel.
//
#define SAFER_TOKEN_NULL_IF_EQUAL 0x00000001
#define SAFER_TOKEN_COMPARE_ONLY 0x00000002
#define SAFER_TOKEN_MAKE_INERT 0x00000004
#define SAFER_TOKEN_WANT_FLAGS 0x00000008
//
// Flags for specifying what criteria within SAFER_CODE_PROPERTIES to evaluate
// when finding code identity with SaferIdentifyLevel.
//
#define SAFER_CRITERIA_IMAGEPATH 0x00001
#define SAFER_CRITERIA_NOSIGNEDHASH 0x00002
#define SAFER_CRITERIA_IMAGEHASH 0x00004
#define SAFER_CRITERIA_AUTHENTICODE 0x00008
#define SAFER_CRITERIA_URLZONE 0x00010
#define SAFER_CRITERIA_IMAGEPATH_NT 0x01000
//
// Code image information structure passed to SaferIdentifyLevel.
//
#include <pshpack8.h>
typedef struct _SAFER_CODE_PROPERTIES
{
//
// Must be initialized to be the size of this structure,
// for the purposes of future/backwards compatibility.
//
DWORD cbSize;
//
// Must be initialized to the types of criteria that should
// be considered when evaluating this structure. This can be
// a combination of the SAFER_CRITERIA_xxxx flags. If not enough
// of the structure elements needed to evaluate the criteria
// types indicated were supplied, then some of those criteria
// flags may be silently ignored. Specifying 0 for this value
// will cause the entire structure's contents to be ignored.
//
DWORD dwCheckFlags;
//
// Optionally specifies the fully-qualified path and filename
// to be used for discrimination checks based on the path.
// The ImagePath will additionally be used to open and read the
// file to identify any other discrimination criteria that was
// unsupplied in this structure.
//
LPCWSTR ImagePath;
//
// Optionally specifies a file handle that has been opened to
// code image with at least GENERIC_READ access. The handle will
// be used instead of explicitly opening the file again to compute
// other discrimination criteria that was unsupplied in this structure.
//
HANDLE hImageFileHandle;
//
// Optionally specifies the pre-determined Internet Explorer
// security zone. These enums are defined within urlmon.h
// For example: URLZONE_LOCAL_MACHINE, URLZONE_INTRANET,
// URLZONE_TRUSTED, URLZONE_INTERNET, or URLZONE_UNTRUSTED.
//
DWORD UrlZoneId;
//
// Optionally specifies the pre-computed hash of the image.
// The supplied hash is interpreted as being valid if ImageSize
// is non-zero and dwImageHashSize is non-zero and HashAlgorithm
// represents a valid hashing algorithm from wincrypt.h
//
// If the supplied hash fails to meet the conditions above, then
// the hash will be automatically computed against:
// 1) by using ImageSize and pByteBlock if both are non-zero.
// 2) by using hImageFileHandle if it is non-null.
// 3) by attempting to open ImagePath if it is non-null.
//
BYTE ImageHash[SAFER_MAX_HASH_SIZE];
DWORD dwImageHashSize;
LARGE_INTEGER ImageSize;
ALG_ID HashAlgorithm;
//
// Optionally specifies a memory block of memory representing
// the image for which the trust is being requested for. When
// this member is specified, ImageSize must also be supplied.
//
LPBYTE pByteBlock;
//
// Optionally gives the arguments used for Authenticode signer
// certificate verification. These arguments are supplied to the
// WinVerifyTrust() API and control the user-interface prompting
// to accept untrusted certificates.
//
HWND hWndParent;
DWORD dwWVTUIChoice;
} SAFER_CODE_PROPERTIES, *PSAFER_CODE_PROPERTIES;
#include <poppack.h>
//
// Masks for the per-identity WinSafer flags
//
#define SAFER_POLICY_JOBID_MASK 0xFF000000
#define SAFER_POLICY_JOBID_CONSTRAINED 0x04000000
#define SAFER_POLICY_JOBID_UNTRUSTED 0x03000000
#define SAFER_POLICY_ONLY_EXES 0x00010000
#define SAFER_POLICY_SANDBOX_INERT 0x00020000
#define SAFER_POLICY_UIFLAGS_MASK 0x000000FF
#define SAFER_POLICY_UIFLAGS_INFORMATION_PROMPT 0x00000001
#define SAFER_POLICY_UIFLAGS_OPTION_PROMPT 0x00000002
//
// Information classes on the overall policy that can be queried
// with SaferSet/GetPolicyInformation and set at different
// policy scopes based on access of the caller.
//
typedef enum _SAFER_POLICY_INFO_CLASS
{
//
// Accesses the list of all Levels defined in a policy.
// The corresponding data element is a buffer that is filled
// with multiple DWORDs, each representing the LevelIds that
// are defined within this scope.
//
SaferPolicyLevelList = 1,
//
// for transparent enforcement of policy in the execution
// framework -- will be used by native code execution but can
// be used by any policy enforcement environment.
// Corresponding data element is a DWORD holding a Boolean value.
//
SaferPolicyEnableTransparentEnforcement,
//
// Returns the name of the Level that has been designed
// as the default level within the specified scope.
// The corresponding data element is a single DWORD buffer
// representing the LevelId of the default Level. If no
// level has been configured to be the default, then the
// GetInfo API will return FALSE and GetLastError will
// return ERROR_NOT_FOUND.
//
SaferPolicyDefaultLevel,
//
// Returns whether Code Identities or Default Level within the
// user scope can be considered during identification.
//
SaferPolicyEvaluateUserScope,
//
// Control Flags for for safer policy scope.
//
SaferPolicyScopeFlags
} SAFER_POLICY_INFO_CLASS;
//
// Enumerations used for retrieving specific information about a
// single authorization Level via SaferGet/SetInformationFromLevel.
//
typedef enum _SAFER_OBJECT_INFO_CLASS
{
SaferObjectLevelId = 1, // get: DWORD
SaferObjectScopeId, // get: DWORD
SaferObjectFriendlyName, // get/set: LPCWSTR
SaferObjectDescription, // get/set: LPCWSTR
SaferObjectBuiltin, // get: DWORD boolean
SaferObjectDisallowed, // get: DWORD boolean
SaferObjectDisableMaxPrivilege, // get: DWORD boolean
SaferObjectInvertDeletedPrivileges, // get: DWORD boolean
SaferObjectDeletedPrivileges, // get: TOKEN_PRIVILEGES
SaferObjectDefaultOwner, // get: TOKEN_OWNER
SaferObjectSidsToDisable, // get: TOKEN_GROUPS
SaferObjectRestrictedSidsInverted, // get: TOKEN_GROUPS
SaferObjectRestrictedSidsAdded, // get: TOKEN_GROUPS
//
// To enumerate all identities, call GetInfo with
// SaferObjectAllIdentificationGuids.
//
SaferObjectAllIdentificationGuids, // get: SAFER_IDENTIFICATION_GUIDS
//
// To create a new identity, call SetInfo with
// SaferObjectSingleIdentification with a new
// unique GUID that you have generated.
// To get details on a single identity, call GetInfo with
// SaferObjectSingleIdentification with desired GUID.
// To modify details of a single identity, call SetInfo with
// SaferObjectSingleIdentification with desired info and GUID.
// To delete an identity, call SetInfo with
// SaferObjectSingleIdentification with the
// header.dwIdentificationType set to 0.
//
SaferObjectSingleIdentification, // get/set: SAFER_IDENTIFICATION_*
SaferObjectExtendedError // get: DWORD dwError
} SAFER_OBJECT_INFO_CLASS;
//
// Structures and enums used by the SaferGet/SetLevelInformation APIs.
//
#include <pshpack8.h>
typedef enum _SAFER_IDENTIFICATION_TYPES
{
SaferIdentityDefault,
SaferIdentityTypeImageName = 1,
SaferIdentityTypeImageHash,
SaferIdentityTypeUrlZone,
SaferIdentityTypeCertificate
} SAFER_IDENTIFICATION_TYPES;
typedef struct _SAFER_IDENTIFICATION_HEADER
{
//
// indicates the type of the structure, one of SaferIdentityType*
//
SAFER_IDENTIFICATION_TYPES dwIdentificationType;
//
// size of the whole structure, not just the common header.
//
DWORD cbStructSize;
//
// the unique GUID of the Identity in question.
//
GUID IdentificationGuid;
//
// last change of this identification.
//
FILETIME lastModified;
} SAFER_IDENTIFICATION_HEADER, *PSAFER_IDENTIFICATION_HEADER;
typedef struct _SAFER_PATHNAME_IDENTIFICATION
{
//
// header.dwIdentificationType must be SaferIdentityTypeImageName
// header.cbStructSize must be sizeof(SAFER_PATHNAME_IDENTIFICATION)
//
SAFER_IDENTIFICATION_HEADER header;
//
// user-entered description
//
WCHAR Description[SAFER_MAX_DESCRIPTION_SIZE];
//
// filepath or name, possibly with vars
//
PWCHAR ImageName;
//
// any combo of SAFER_POL_SAFERFLAGS_*
//
DWORD dwSaferFlags;
} SAFER_PATHNAME_IDENTIFICATION, *PSAFER_PATHNAME_IDENTIFICATION;
typedef struct _SAFER_HASH_IDENTIFICATION
{
//
// header.dwIdentificationType must be SaferIdentityTypeImageHash
// header.cbStructSize must be sizeof(SAFER_HASH_IDENTIFICATION)
//
SAFER_IDENTIFICATION_HEADER header;
//
// user-entered friendly name, initially from file's resources.
//
WCHAR Description[SAFER_MAX_DESCRIPTION_SIZE];
//
// user-entered description.
//
WCHAR FriendlyName[SAFER_MAX_FRIENDLYNAME_SIZE];
//
// amount of ImageHash actually used, in bytes (MD5 is 16 bytes).
//
DWORD HashSize;
//
// computed hash data itself.
//
BYTE ImageHash[SAFER_MAX_HASH_SIZE];
//
// algorithm in which the hash was computed (CALG_MD5, etc).
//
ALG_ID HashAlgorithm;
//
// size of the original file in bytes.
//
LARGE_INTEGER ImageSize;
//
// any combo of SAFER_POL_SAFERFLAGS_*
//
DWORD dwSaferFlags;
} SAFER_HASH_IDENTIFICATION, *PSAFER_HASH_IDENTIFICATION;
typedef struct _SAFER_URLZONE_IDENTIFICATION
{
//
// header.dwIdentificationType must be SaferIdentityTypeUrlZone
// header.cbStructSize must be sizeof(SAFER_URLZONE_IDENTIFICATION)
//
SAFER_IDENTIFICATION_HEADER header;
//
// any single URLZONE_* from urlmon.h
//
DWORD UrlZoneId;
//
// any combo of SAFER_POLICY_*
//
DWORD dwSaferFlags;
} SAFER_URLZONE_IDENTIFICATION, *PSAFER_URLZONE_IDENTIFICATION;
#include <poppack.h>
//
// Functions related to querying and setting the global policy
// controls to disable transparent enforcement, and perform level
// enumeration operations.
//
WINADVAPI
BOOL WINAPI
SaferGetPolicyInformation(
IN DWORD dwScopeId,
IN SAFER_POLICY_INFO_CLASS SaferPolicyInfoClass,
IN DWORD InfoBufferSize,
IN OUT PVOID InfoBuffer,
IN OUT PDWORD InfoBufferRetSize,
IN LPVOID lpReserved
);
WINADVAPI
BOOL WINAPI
SaferSetPolicyInformation(
IN DWORD dwScopeId,
IN SAFER_POLICY_INFO_CLASS SaferPolicyInfoClass,
IN DWORD InfoBufferSize,
IN PVOID InfoBuffer,
IN LPVOID lpReserved
);
//
// Functions to open or close a handle to a Safer Level.
//
WINADVAPI
BOOL WINAPI
SaferCreateLevel(
IN DWORD dwScopeId,
IN DWORD dwLevelId,
IN DWORD OpenFlags,
OUT SAFER_LEVEL_HANDLE * pLevelHandle,
IN LPVOID lpReserved
);
WINADVAPI
BOOL WINAPI
SaferCloseLevel(
IN SAFER_LEVEL_HANDLE hLevelHandle
);
WINADVAPI
BOOL WINAPI
SaferIdentifyLevel(
IN DWORD dwNumProperties,
IN PSAFER_CODE_PROPERTIES pCodeProperties,
OUT SAFER_LEVEL_HANDLE * pLevelHandle,
IN LPVOID lpReserved
);
WINADVAPI
BOOL WINAPI
SaferComputeTokenFromLevel(
IN SAFER_LEVEL_HANDLE LevelHandle,
IN HANDLE InAccessToken OPTIONAL,
OUT PHANDLE OutAccessToken,
IN DWORD dwFlags,
IN LPVOID lpReserved
);
WINADVAPI
BOOL WINAPI
SaferGetLevelInformation(
IN SAFER_LEVEL_HANDLE LevelHandle,
IN SAFER_OBJECT_INFO_CLASS dwInfoType,
OUT LPVOID lpQueryBuffer OPTIONAL,
IN DWORD dwInBufferSize,
OUT LPDWORD lpdwOutBufferSize
);
WINADVAPI
BOOL WINAPI
SaferSetLevelInformation(
IN SAFER_LEVEL_HANDLE LevelHandle,
IN SAFER_OBJECT_INFO_CLASS dwInfoType,
IN LPVOID lpQueryBuffer,
IN DWORD dwInBufferSize
);
//
// This function performs logging of messages to the Application
// event log. This is called by the hooks within CreateProcess,
// ShellExecute and cmd when a lower trust evaluation result occurs.
//
WINADVAPI
BOOL WINAPI
SaferRecordEventLogEntry(
IN SAFER_LEVEL_HANDLE hLevel,
IN LPCWSTR szTargetPath,
IN LPVOID lpReserved
);
WINADVAPI
BOOL WINAPI
SaferiIsExecutableFileType(
IN LPCWSTR szFullPathname,
IN BOOLEAN bFromShellExecute
);
#ifdef __cplusplus
}
#endif
#endif