archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/winsafer/safelog.c

255 lines
7.6 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1997-2000 Microsoft Corporation
  5. Module Name:
  7. safelog.c (SAFER Event Logging)
  9. Abstract:
  11. This module implements the internal WinSAFER APIs to write eventlog
  12. messages. All of our message strings are defined in ntstatus.mc
  13. and are physically located within ntdll.dll file.
  15. Currently we are just reusing the previously existing event source
  16. called "Application Popup", which already happens to use ntdll.dll
  17. as its message resource library. Events of this source always go
  18. into the "System Log".
  20. Author:
  22. Jeffrey Lawson (JLawson) - Apr 1999
  24. Environment:
  26. User mode only.
  28. Exported Functions:
  30. SaferRecordEventLogEntry
  32. Revision History:
  34. Created - Nov 2000
  36. --*/
  38. #include "pch.h"
  39. #pragma hdrstop
  40. #include <winsafer.h>
  41. #include <winsaferp.h>
  42. #include "saferp.h"
  47. const static GUID guidTrustedCert = SAFER_GUID_RESULT_TRUSTED_CERT;
  48. const static GUID guidDefaultRule = SAFER_GUID_RESULT_DEFAULT_LEVEL;
  52. BOOL WINAPI
  53. SaferpRecordEventLogEntryHelper(
  54. IN NTSTATUS LogStatusCode,
  55. IN LPCWSTR szTargetPath,
  56. IN REFGUID refRuleGuid,
  57. IN LPCWSTR szRulePath
  58. )
  59. {
  60. NTSTATUS Status = STATUS_UNSUCCESSFUL;
  61. WORD wNumStrings = 0;
  62. LPWSTR lpszStrings[5];
  63. HANDLE hEventSource;
  64. UNICODE_STRING UnicodeGuid;
  66. hEventSource = RegisterEventSourceW(NULL, L"Software Restriction Policy");
  68. if (hEventSource != NULL) {
  70. Status = STATUS_SUCCESS;
  71. RtlInitEmptyUnicodeString(&UnicodeGuid, NULL, 0);
  73. switch (LogStatusCode)
  74. {
  75. case STATUS_ACCESS_DISABLED_BY_POLICY_DEFAULT:
  76. if (!ARGUMENT_PRESENT(szTargetPath)) {
  77. Status = STATUS_INVALID_PARAMETER;
  78. break;
  79. }
  80. lpszStrings[0] = (LPWSTR) szTargetPath;
  81. wNumStrings = 1;
  82. break;
  84. case STATUS_ACCESS_DISABLED_BY_POLICY_OTHER:
  85. if (!ARGUMENT_PRESENT(szTargetPath) ||
  86. !ARGUMENT_PRESENT(refRuleGuid)) {
  87. Status = STATUS_INVALID_PARAMETER;
  88. break;
  89. }
  91. Status = RtlStringFromGUID(refRuleGuid, &UnicodeGuid);
  92. if (NT_SUCCESS(Status)) {
  93. ASSERT(UnicodeGuid.Buffer != NULL);
  94. lpszStrings[0] = (LPWSTR) szTargetPath;
  95. lpszStrings[1] = UnicodeGuid.Buffer;
  96. wNumStrings = 2;
  97. }
  98. break;
  100. case STATUS_ACCESS_DISABLED_BY_POLICY_PUBLISHER:
  101. if (!ARGUMENT_PRESENT(szTargetPath)) {
  102. Status = STATUS_INVALID_PARAMETER;
  103. break;
  104. }
  105. lpszStrings[0] = (LPWSTR) szTargetPath;
  106. wNumStrings = 1;
  107. break;
  109. case STATUS_ACCESS_DISABLED_BY_POLICY_PATH:
  110. if (!ARGUMENT_PRESENT(szTargetPath) ||
  111. !ARGUMENT_PRESENT(refRuleGuid) ||
  112. !ARGUMENT_PRESENT(szRulePath)) {
  113. Status = STATUS_INVALID_PARAMETER;
  114. break;
  115. }
  116. Status = RtlStringFromGUID(refRuleGuid, &UnicodeGuid);
  117. if (NT_SUCCESS(Status)) {
  118. ASSERT(UnicodeGuid.Buffer != NULL);
  119. lpszStrings[0] = (LPWSTR) szTargetPath;
  120. lpszStrings[1] = UnicodeGuid.Buffer;
  121. lpszStrings[2] = (LPWSTR) szRulePath;
  122. wNumStrings = 3;
  123. }
  124. break;
  126. default:
  127. Status = STATUS_INVALID_PARAMETER;
  128. }
  130. if (NT_SUCCESS(Status)) {
  131. ReportEventW(
  132. hEventSource, // handle to event log
  133. EVENTLOG_WARNING_TYPE, // event type
  134. 0, // event category
  135. LogStatusCode, // event ID
  136. NULL, // current user's SID
  137. wNumStrings, // strings in lpszStrings
  138. 0, // no bytes of raw data
  139. lpszStrings, // array of error strings
  140. NULL); // no raw data
  141. }
  143. DeregisterEventSource(hEventSource);
  145. if (UnicodeGuid.Buffer != NULL) {
  146. RtlFreeUnicodeString(&UnicodeGuid);
  147. }
  148. }
  150. if (NT_SUCCESS(Status)) {
  151. return TRUE;
  152. } else {
  153. return FALSE;
  154. }
  155. }
  159. BOOL WINAPI
  160. SaferRecordEventLogEntry(
  161. IN SAFER_LEVEL_HANDLE hAuthzLevel,
  162. IN LPCWSTR szTargetPath,
  163. IN LPVOID lpReserved
  164. )
  165. {
  166. PSAFER_IDENTIFICATION_HEADER pIdentCommon;
  167. DWORD dwIdentBufferSize;
  168. BOOL bResult;
  171. //
  172. // Allocate enough memory for the largest structure we can expect
  173. // and then query the information about the identifier that matched.
  174. //
  175. dwIdentBufferSize = max(sizeof(SAFER_HASH_IDENTIFICATION),
  176. sizeof(SAFER_PATHNAME_IDENTIFICATION));
  177. pIdentCommon = (PSAFER_IDENTIFICATION_HEADER)
  178. HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwIdentBufferSize);
  179. if (!pIdentCommon) {
  180. return FALSE;
  181. }
  182. pIdentCommon->cbStructSize = sizeof(SAFER_IDENTIFICATION_HEADER);
  183. if (!SaferGetLevelInformation(
  184. hAuthzLevel,
  185. SaferObjectSingleIdentification,
  186. pIdentCommon,
  187. dwIdentBufferSize,
  188. &dwIdentBufferSize)) {
  190. if (GetLastError() == ERROR_NOT_ENOUGH_MEMORY) {
  192. HeapFree(GetProcessHeap(), 0, pIdentCommon);
  193. pIdentCommon = (PSAFER_IDENTIFICATION_HEADER)
  194. HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwIdentBufferSize);
  195. if (!pIdentCommon) {
  196. return FALSE;
  197. }
  198. pIdentCommon->cbStructSize = sizeof(SAFER_IDENTIFICATION_HEADER);
  199. if (!SaferGetLevelInformation(
  200. hAuthzLevel,
  201. SaferObjectSingleIdentification,
  202. pIdentCommon,
  203. dwIdentBufferSize,
  204. &dwIdentBufferSize)) {
  205. bResult = FALSE;
  206. goto Cleanup;
  207. }
  209. }
  210. else
  211. {
  212. bResult = FALSE;
  213. goto Cleanup;
  214. }
  215. }
  218. //
  219. // Look at the resulting information about the identifier.
  220. //
  221. if (IsEqualGUID(&pIdentCommon->IdentificationGuid, &guidTrustedCert))
  222. {
  223. bResult = SaferpRecordEventLogEntryHelper(
  224. STATUS_ACCESS_DISABLED_BY_POLICY_PUBLISHER,
  225. szTargetPath, NULL, NULL);
  226. }
  227. else if (IsEqualGUID(&pIdentCommon->IdentificationGuid, &guidDefaultRule))
  228. {
  229. bResult = SaferpRecordEventLogEntryHelper(
  230. STATUS_ACCESS_DISABLED_BY_POLICY_DEFAULT,
  231. szTargetPath, NULL, NULL);
  232. }
  233. else if (pIdentCommon->dwIdentificationType == SaferIdentityTypeImageName)
  234. {
  235. PSAFER_PATHNAME_IDENTIFICATION pIdentPath =
  236. (PSAFER_PATHNAME_IDENTIFICATION) pIdentCommon;
  237. bResult = SaferpRecordEventLogEntryHelper(
  238. STATUS_ACCESS_DISABLED_BY_POLICY_PATH,
  239. szTargetPath, &pIdentCommon->IdentificationGuid,
  240. pIdentPath->ImageName);
  241. }
  242. else
  243. {
  244. bResult = SaferpRecordEventLogEntryHelper(
  245. STATUS_ACCESS_DISABLED_BY_POLICY_OTHER,
  246. szTargetPath, &pIdentCommon->IdentificationGuid,
  247. NULL);
  248. }
  250. Cleanup:
  251. HeapFree(GetProcessHeap(), 0, pIdentCommon);
  253. return bResult;
  254. }