You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
581 lines
16 KiB
581 lines
16 KiB
/*++
|
|
|
|
Copyright (c) 1997-2000 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
saferp.h
|
|
|
|
Abstract:
|
|
|
|
This file implements the private (internal) functions, data types,
|
|
data structures, and definitions used by the other WinSAFER
|
|
code implementations. All of the APIs listed in this header are
|
|
not exported by ADVAPI32.DLL at all and are only callable by
|
|
other code actually located within advapi.
|
|
|
|
Author:
|
|
|
|
Jeffrey Lawson (JLawson)
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#ifndef _AUTHZSAFERP_H_
|
|
#define _AUTHZSAFERP_H_
|
|
|
|
#include "safewild.h"
|
|
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
// ---------------------------------------------------------
|
|
|
|
|
|
//
|
|
// Convenient macro for determining the number of elements in an array.
|
|
//
|
|
#ifndef ARRAYSIZE
|
|
#define ARRAYSIZE(a) (sizeof(a)/sizeof(a[0]))
|
|
#endif
|
|
|
|
|
|
//
|
|
// Simple inlined function to return true if a GUID is all zeros.
|
|
//
|
|
FORCEINLINE BOOLEAN IsZeroGUID(REFGUID rguid1)
|
|
{
|
|
return (
|
|
((unsigned long *) rguid1)[0] == 0 &&
|
|
((unsigned long *) rguid1)[1] == 0 &&
|
|
((unsigned long *) rguid1)[2] == 0 &&
|
|
((unsigned long *) rguid1)[3] == 0);
|
|
}
|
|
|
|
|
|
|
|
//
|
|
// Private structure used to store a table of all of the defined
|
|
// WinSafer Levels as we enumerate them to evaluate the matching one.
|
|
//
|
|
typedef struct _AUTHZLEVELTABLERECORD
|
|
{
|
|
// The user-defined integer value that controls the relative ranking
|
|
// of authorization level between Code Authorization Level.
|
|
DWORD dwLevelId;
|
|
|
|
// Boolean indicating whether this level is a "built-in" one.
|
|
BOOLEAN Builtin;
|
|
|
|
// Boolean indicating whether this level is enumerable
|
|
BOOLEAN isEnumerable;
|
|
|
|
// To load friendly name and description so that server apps can change
|
|
// threadlocale.
|
|
|
|
UINT uResourceID;
|
|
|
|
// The short friendly name and the description.
|
|
// UNICODE_STRING UnicodeFriendlyName;
|
|
// UNICODE_STRING UnicodeDescription;
|
|
|
|
// All of the following attributes are needed for
|
|
// actual creation of the restricted token.
|
|
BOOL DisallowExecution; // block execution entirely
|
|
BOOL DisableMaxPrivileges; // privilege options
|
|
PSID DefaultOwner; // default owner SID
|
|
DWORD SaferFlags; // special job execution flags
|
|
|
|
BOOL InvertDisableSids; // SIDs specified are negative
|
|
DWORD DisableSidCount; // number of deny-only SIDs
|
|
DWORD DisableSidUsedCount; // number actually used
|
|
PAUTHZ_WILDCARDSID SidsToDisable; // deny-only SIDs
|
|
|
|
BOOL InvertDeletePrivs; // privileges specified are negative
|
|
DWORD DeletePrivilegeCount; // number of privileges
|
|
DWORD DeletePrivilegeUsedCount; // number actually used
|
|
PLUID_AND_ATTRIBUTES PrivilegesToDelete; // privileges
|
|
|
|
DWORD RestrictedSidsInvCount; // number of inverted restricting SIDs
|
|
DWORD RestrictedSidsInvUsedCount; // number actually used
|
|
PAUTHZ_WILDCARDSID RestrictedSidsInv; // list of inverted restricting SIDs
|
|
|
|
DWORD RestrictedSidsAddedCount; // number of restricting SIDs
|
|
DWORD RestrictedSidsAddedUsedCount; // number actually used
|
|
PSID_AND_ATTRIBUTES RestrictedSidsAdded; // list of restricting SIDs
|
|
|
|
}
|
|
AUTHZLEVELTABLERECORD, *PAUTHZLEVELTABLERECORD;
|
|
|
|
|
|
//
|
|
// Private structure to store all code identifications.
|
|
//
|
|
#pragma warning(push)
|
|
#pragma warning(disable:4201) // nonstandard extension used : nameless struct/union
|
|
|
|
typedef struct _AUTHZIDENTSTABLERECORD
|
|
{
|
|
// unique identifier that distinguishes this code identity.
|
|
GUID IdentGuid;
|
|
|
|
// the following enumeration specifies what type of
|
|
// code identity this record represents.
|
|
SAFER_IDENTIFICATION_TYPES dwIdentityType;
|
|
|
|
// Specifies what Level this Code Identification maps to.
|
|
DWORD dwLevelId;
|
|
|
|
// Specifies what scope this Code Identity was loaded from.
|
|
DWORD dwScopeId;
|
|
|
|
// Actual details about this identity.
|
|
union {
|
|
struct {
|
|
BOOL bExpandVars;
|
|
UNICODE_STRING ImagePath;
|
|
DWORD dwSaferFlags;
|
|
} ImageNameInfo;
|
|
struct {
|
|
LARGE_INTEGER ImageSize;
|
|
DWORD HashSize;
|
|
BYTE ImageHash[SAFER_MAX_HASH_SIZE];
|
|
ALG_ID HashAlgorithm;
|
|
DWORD dwSaferFlags;
|
|
} ImageHashInfo;
|
|
struct {
|
|
DWORD UrlZoneId;
|
|
DWORD dwSaferFlags;
|
|
} ImageZone;
|
|
};
|
|
}
|
|
AUTHZIDENTSTABLERECORD, *PAUTHZIDENTSTABLERECORD;
|
|
#pragma warning(pop)
|
|
|
|
|
|
//
|
|
// Private structure representation of a Level handle. The
|
|
// typedef SAFER_LEVEL_HANDLE is an opaque reference to a structure of
|
|
// this type, accessed via the RtlHandleTable functions.
|
|
//
|
|
typedef struct _AUTHZLEVELHANDLESTRUCT_
|
|
{
|
|
// This first header is required by the RTL_HANDLE_TABLE system.
|
|
// All allocated handles will implicitly have bit 0 set. All other
|
|
// remaining bits can be used for our own purposes if we want.
|
|
RTL_HANDLE_TABLE_ENTRY HandleHeader;
|
|
|
|
// The following information is redundant. It can be found by
|
|
// also accessing the pLevelRecord directly.
|
|
DWORD dwLevelId;
|
|
|
|
// This scope identifier specifies the value that was passed to
|
|
// the Win32 API SaferCreateLevel and is really only looked at
|
|
// by SaferGetLevelInformation for the Identity GUID enums.
|
|
DWORD dwScopeId; // (same as from pIdentRecord)
|
|
|
|
// Stores the matching identity record that gave this result.
|
|
// May be NULL, as in case of direct SaferCreateLevel or a
|
|
// default Level match.
|
|
GUID identGuid;
|
|
|
|
// This value stores the Safer Flags that were derived from the
|
|
// Identity Entry record when SaferIdentifyLevel finds a match.
|
|
DWORD dwSaferFlags;
|
|
|
|
// The sequence value indicates the "generation" at which a handle
|
|
// was originally opened. If this value does not match the current
|
|
// value in the global g_dwLevelHandleSequence, then this handle
|
|
// should be considered a no-longer valid handle.
|
|
DWORD dwHandleSequence;
|
|
|
|
// Extended error information - applicable for certificate rules.
|
|
DWORD dwExtendedError;
|
|
|
|
// the following enumeration specifies what type of
|
|
// code identity this handle represents.
|
|
SAFER_IDENTIFICATION_TYPES IdentificationType;
|
|
|
|
// For future use and padding purposes.
|
|
DWORD dwReserved;
|
|
}
|
|
AUTHZLEVELHANDLESTRUCT, *PAUTHZLEVELHANDLESTRUCT;
|
|
|
|
|
|
//
|
|
// Private structure definition used to pass around all state
|
|
// information needed during the SaferIdentifyLevel execution.
|
|
//
|
|
typedef struct _LOCALIDENTITYCONTEXT
|
|
{
|
|
// Original query request data.
|
|
DWORD dwCheckFlags; // copy of original function input
|
|
PSAFER_CODE_PROPERTIES CodeProps; // RO: original function input
|
|
|
|
// Information about the hash that may have been computed.
|
|
BOOLEAN bHaveHash;
|
|
BYTE FinalHash[SAFER_MAX_HASH_SIZE];
|
|
DWORD FinalHashSize;
|
|
ALG_ID FinalHashAlgorithm;
|
|
|
|
// File handle that may have been opened or supplied by the caller.
|
|
HANDLE hFileHandle;
|
|
|
|
// File handle status. If this is TRUE then hFileHandle needs to
|
|
// be closed before returning.
|
|
BOOLEAN bCloseFileHandle;
|
|
|
|
// Fully qualified NT filename of the input file.
|
|
UNICODE_STRING UnicodeFullyQualfiedLongFileName;
|
|
|
|
// Information about the image that may have been mapped.
|
|
LARGE_INTEGER ImageSize;
|
|
PVOID pImageMemory;
|
|
|
|
// Memory mapped file status. If this is TRUE then
|
|
// pImageMemory needs to be unmapped before returning.
|
|
BOOLEAN bImageMemoryNeedUnmap;
|
|
}
|
|
LOCALIDENTITYCONTEXT, *PLOCALIDENTITYCONTEXT;
|
|
|
|
|
|
|
|
|
|
//
|
|
// Various globals that are used for the cache of levels and
|
|
// identities so that we do not need to go to the registry each time.
|
|
//
|
|
extern BOOLEAN g_bInitializedFirstTime;
|
|
|
|
extern CRITICAL_SECTION g_TableCritSec;
|
|
extern HANDLE g_hKeyCustomRoot;
|
|
extern DWORD g_dwKeyOptions;
|
|
|
|
extern BOOLEAN g_bNeedCacheReload;
|
|
|
|
extern RTL_GENERIC_TABLE g_CodeLevelObjTable;
|
|
extern RTL_GENERIC_TABLE g_CodeIdentitiesTable;
|
|
extern RTL_HANDLE_TABLE g_LevelHandleTable;
|
|
extern DWORD g_dwLevelHandleSequence;
|
|
|
|
extern BOOLEAN g_bHonorScopeUser;
|
|
|
|
extern PAUTHZLEVELTABLERECORD g_DefaultCodeLevel;
|
|
extern PAUTHZLEVELTABLERECORD g_DefaultCodeLevelUser;
|
|
extern PAUTHZLEVELTABLERECORD g_DefaultCodeLevelMachine;
|
|
|
|
|
|
extern LARGE_INTEGER g_SaferPolicyTimeStamp;
|
|
extern DWORD g_dwNumHandlesAllocated;
|
|
|
|
//
|
|
// Private function prototypes defined within SAFEINIT.C
|
|
//
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzInitializeGlobals(VOID);
|
|
|
|
|
|
VOID NTAPI
|
|
CodeAuthzDeinitializeGlobals(VOID);
|
|
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzReloadCacheTables(
|
|
IN HANDLE hKeyCustomRoot OPTIONAL,
|
|
IN DWORD dwKeyOptions,
|
|
IN BOOLEAN bImmediateLoad
|
|
);
|
|
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzpImmediateReloadCacheTables(
|
|
VOID
|
|
);
|
|
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzpDeleteKeyRecursively(
|
|
IN HANDLE hBaseKey,
|
|
IN PUNICODE_STRING pSubKey OPTIONAL
|
|
);
|
|
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzpFormatLevelKeyPath(
|
|
IN DWORD dwLevelId,
|
|
IN OUT PUNICODE_STRING UnicodeSuffix
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzpFormatIdentityKeyPath(
|
|
IN DWORD dwLevelId,
|
|
IN LPCWSTR szIdentityType,
|
|
IN REFGUID refIdentGuid,
|
|
IN OUT PUNICODE_STRING UnicodeSuffix
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzpOpenPolicyRootKey(
|
|
IN DWORD dwScopeId,
|
|
IN HANDLE hKeyCustomBase OPTIONAL,
|
|
IN LPCWSTR szRegistrySuffix OPTIONAL,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN BOOLEAN bCreateKey,
|
|
OUT HANDLE *OpenedHandle
|
|
);
|
|
|
|
VOID NTAPI
|
|
CodeAuthzpRecomputeEffectiveDefaultLevel(VOID);
|
|
|
|
|
|
|
|
//
|
|
// Private function prototypes defined within SAFEHAND.C
|
|
//
|
|
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzpCreateLevelHandleFromRecord(
|
|
IN PAUTHZLEVELTABLERECORD pLevelRecord,
|
|
IN DWORD dwScopeId,
|
|
IN DWORD dwSaferFlags OPTIONAL,
|
|
IN DWORD dwExtendedError,
|
|
IN SAFER_IDENTIFICATION_TYPES IdentificationType,
|
|
IN REFGUID refIdentGuid OPTIONAL,
|
|
OUT SAFER_LEVEL_HANDLE *pLevelHandle
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzHandleToLevelStruct(
|
|
IN SAFER_LEVEL_HANDLE hLevelObject,
|
|
OUT PAUTHZLEVELHANDLESTRUCT *pLevelStruct
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzCreateLevelHandle(
|
|
IN DWORD dwLevelId,
|
|
IN DWORD OpenFlags,
|
|
IN DWORD dwScopeId,
|
|
IN DWORD dwSaferFlags OPTIONAL,
|
|
OUT SAFER_LEVEL_HANDLE *pLevelHandle);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzCloseLevelHandle(
|
|
IN SAFER_LEVEL_HANDLE hLevelObject
|
|
);
|
|
|
|
|
|
|
|
|
|
//
|
|
// Functions related to WinSafer Level enumeration (SAFEIDEP.C)
|
|
//
|
|
|
|
VOID NTAPI
|
|
CodeAuthzLevelObjpInitializeTable(
|
|
IN OUT PRTL_GENERIC_TABLE pAuthzObjTable
|
|
);
|
|
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzLevelObjpLoadTable (
|
|
IN OUT PRTL_GENERIC_TABLE pAuthzObjTable,
|
|
IN DWORD dwScopeId,
|
|
IN HANDLE hKeyCustomRoot
|
|
);
|
|
|
|
VOID NTAPI
|
|
CodeAuthzLevelObjpEntireTableFree (
|
|
IN OUT PRTL_GENERIC_TABLE pAuthzObjTable
|
|
);
|
|
|
|
PAUTHZLEVELTABLERECORD NTAPI
|
|
CodeAuthzLevelObjpLookupByLevelId (
|
|
IN PRTL_GENERIC_TABLE pAuthzObjTable,
|
|
IN DWORD dwLevelId
|
|
);
|
|
|
|
|
|
|
|
//
|
|
// Functions related to WinSafer Code Identity enumeration. (SAFEIDEP.C)
|
|
//
|
|
|
|
VOID NTAPI
|
|
CodeAuthzGuidIdentsInitializeTable(
|
|
IN OUT PRTL_GENERIC_TABLE pAuthzObjTable
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzGuidIdentsLoadTableAll (
|
|
IN PRTL_GENERIC_TABLE pAuthzLevelTable,
|
|
IN OUT PRTL_GENERIC_TABLE pAuthzIdentTable,
|
|
IN DWORD dwScopeId,
|
|
IN HANDLE hKeyCustomBase
|
|
);
|
|
|
|
VOID NTAPI
|
|
CodeAuthzGuidIdentsEntireTableFree (
|
|
IN OUT PRTL_GENERIC_TABLE pAuthzIdentTable
|
|
);
|
|
|
|
PAUTHZIDENTSTABLERECORD NTAPI
|
|
CodeAuthzIdentsLookupByGuid (
|
|
IN PRTL_GENERIC_TABLE pAuthzIdentTable,
|
|
IN REFGUID pIdentGuid
|
|
);
|
|
|
|
|
|
//
|
|
// Helper functions that are used during actual identification (SAFEIDEP.C)
|
|
//
|
|
|
|
LONG NTAPI
|
|
CodeAuthzpCompareImagePath(
|
|
IN LPCWSTR szPathFragment,
|
|
IN LPCWSTR szFullImagePath);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzpComputeImageHash(
|
|
IN PVOID pImageMemory,
|
|
IN DWORD dwImageSize,
|
|
OUT PBYTE pComputedHash OPTIONAL,
|
|
IN OUT PDWORD pdwHashSize OPTIONAL,
|
|
OUT ALG_ID *pHashAlgorithm OPTIONAL
|
|
);
|
|
|
|
|
|
|
|
//
|
|
// Private function prototypes for low-level policy reading/writing. (SAFEPOLR.C)
|
|
//
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzPol_GetInfoCached_LevelListRaw(
|
|
IN DWORD dwScopeId,
|
|
IN DWORD InfoBufferSize OPTIONAL,
|
|
OUT PVOID InfoBuffer OPTIONAL,
|
|
OUT PDWORD InfoBufferRetSize OPTIONAL
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzPol_GetInfoCached_DefaultLevel(
|
|
IN DWORD dwScopeId,
|
|
IN DWORD InfoBufferSize OPTIONAL,
|
|
OUT PVOID InfoBuffer OPTIONAL,
|
|
OUT PDWORD InfoBufferRetSize OPTIONAL
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzPol_GetInfoRegistry_DefaultLevel(
|
|
IN DWORD dwScopeId,
|
|
IN DWORD InfoBufferSize OPTIONAL,
|
|
OUT PVOID InfoBuffer OPTIONAL,
|
|
OUT PDWORD InfoBufferRetSize OPTIONAL
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzPol_SetInfoDual_DefaultLevel(
|
|
IN DWORD dwScopeId,
|
|
IN DWORD InfoBufferSize,
|
|
OUT PVOID InfoBuffer
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzPol_GetInfoCached_HonorUserIdentities(
|
|
IN DWORD dwScopeId,
|
|
IN DWORD InfoBufferSize OPTIONAL,
|
|
OUT PVOID InfoBuffer OPTIONAL,
|
|
OUT PDWORD InfoBufferRetSize OPTIONAL
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzPol_GetInfoRegistry_HonorUserIdentities(
|
|
IN DWORD dwScopeId,
|
|
IN DWORD InfoBufferSize OPTIONAL,
|
|
OUT PVOID InfoBuffer OPTIONAL,
|
|
OUT PDWORD InfoBufferRetSize OPTIONAL
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzPol_SetInfoDual_HonorUserIdentities(
|
|
IN DWORD dwScopeId,
|
|
IN DWORD InfoBufferSize,
|
|
IN PVOID InfoBuffer
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzPol_GetInfoRegistry_TransparentEnabled(
|
|
IN DWORD dwScopeId,
|
|
IN DWORD InfoBufferSize OPTIONAL,
|
|
OUT PVOID InfoBuffer OPTIONAL,
|
|
OUT PDWORD InfoBufferRetSize OPTIONAL
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzPol_SetInfoRegistry_TransparentEnabled(
|
|
IN DWORD dwScopeId,
|
|
IN DWORD InfoBufferSize,
|
|
IN PVOID InfoBuffer
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzPol_GetInfoRegistry_ScopeFlags(
|
|
IN DWORD dwScopeId,
|
|
IN DWORD InfoBufferSize OPTIONAL,
|
|
OUT PVOID InfoBuffer OPTIONAL,
|
|
OUT PDWORD InfoBufferRetSize OPTIONAL
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzPol_SetInfoRegistry_ScopeFlags(
|
|
IN DWORD dwScopeId,
|
|
IN DWORD InfoBufferSize,
|
|
IN PVOID InfoBuffer
|
|
);
|
|
|
|
|
|
//
|
|
// Private function prototypes defined elsewhere.
|
|
//
|
|
|
|
LPVOID NTAPI
|
|
CodeAuthzpGetTokenInformation(
|
|
IN HANDLE TokenHandle,
|
|
IN TOKEN_INFORMATION_CLASS TokenInformationClass
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzIsExecutableFileType(
|
|
IN PUNICODE_STRING szFullPathname,
|
|
IN BOOLEAN bFromShellExecute,
|
|
OUT PBOOLEAN pbResult
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
CodeAuthzFullyQualifyFilename(
|
|
IN HANDLE hFileHandle OPTIONAL,
|
|
IN BOOLEAN bSourceIsNtPath,
|
|
IN LPCWSTR szSourceFilePath,
|
|
OUT PUNICODE_STRING pUnicodeResult
|
|
);
|
|
|
|
BOOL NTAPI
|
|
SaferpLoadUnicodeResourceString(
|
|
IN HANDLE hModule,
|
|
IN UINT wID,
|
|
OUT PUNICODE_STRING pUnicodeString,
|
|
IN WORD wLangId
|
|
);
|
|
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif
|
|
|