archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/winsafer/safeidep.c

806 lines
25 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1999-2000 Microsoft Corporation
  5. Module Name:
  7. SafeIdep.c (WinSAFER Identify Objects privates)
  9. Abstract:
  11. This module implements the WinSAFER APIs that loads the names (and
  12. high-level information) of all Authorization Levels defined within
  13. a given registry context. The list of available levels is loaded
  14. into a Rtl Generic Table that can be enumerated and accessed using
  15. conventional Rtl Generic Table techniques.
  17. Author:
  19. Jeffrey Lawson (JLawson) - Nov 1999
  21. Environment:
  23. User mode only.
  25. Exported Functions:
  27. CodeAuthzLevelObjpInitializeTable
  28. CodeAuthzLevelObjpLoadTable
  29. CodeAuthzLevelObjpEntireTableFree
  31. Revision History:
  33. Created - Nov 1999
  35. --*/
  37. #include "pch.h"
  38. #pragma hdrstop
  39. #include <winsafer.h>
  40. #include <winsaferp.h>
  41. #include "saferp.h"
  46. PVOID NTAPI
  47. SaferpGenericTableAllocate (
  48. IN PRTL_GENERIC_TABLE Table,
  49. IN CLONG ByteSize
  50. )
  51. /*++
  53. Routine Description:
  55. Internal callback for the generic table implementation.
  56. This function allocates memory for a new entry in a GENERIC_TABLE
  58. Arguments:
  60. Table - pointer to the Generic Table structure
  62. ByteSize - the size, in bytes, of the structure to allocate
  64. Return Value:
  66. Pointer to the allocated space.
  68. --*/
  69. {
  70. UNREFERENCED_PARAMETER(Table);
  71. return (PVOID) RtlAllocateHeap(RtlProcessHeap(), 0, ByteSize);
  72. }
  75. VOID NTAPI
  76. SaferpGenericTableFree (
  77. IN PRTL_GENERIC_TABLE Table,
  78. IN PVOID Buffer
  79. )
  80. /*++
  82. Routine Description:
  84. Internal callback for the generic table implementation.
  85. This function frees the space used by a GENERIC_TABLE entry.
  87. Arguments:
  89. Table - pointer to the Generic Table structure
  91. Buffer - pointer to the space to deallocate.
  93. Return Value:
  95. None.
  97. --*/
  98. {
  99. UNREFERENCED_PARAMETER(Table);
  100. ASSERT(Buffer != NULL);
  102. RtlFreeHeap(RtlProcessHeap(), 0, (LPVOID) Buffer);
  103. }
  109. RTL_GENERIC_COMPARE_RESULTS NTAPI
  110. SaferpGuidIdentsTableCompare (
  111. IN PRTL_GENERIC_TABLE Table,
  112. IN PVOID FirstStruct,
  113. IN PVOID SecondStruct
  114. )
  115. /*++
  117. Routine Description:
  119. Arguments:
  121. Return Value:
  123. --*/
  124. {
  125. PAUTHZIDENTSTABLERECORD FirstObj = (PAUTHZIDENTSTABLERECORD) FirstStruct;
  126. PAUTHZIDENTSTABLERECORD SecondObj = (PAUTHZIDENTSTABLERECORD) SecondStruct;
  127. int result;
  129. UNREFERENCED_PARAMETER(Table);
  131. // Explicitly handle null parameters as wildcards, allowing them
  132. // to match anything. We use this for quick deletion of the table.
  133. if (FirstStruct == NULL || SecondStruct == NULL)
  134. return GenericEqual;
  136. // Compare ascending by guid.
  137. result = memcmp(&FirstObj->IdentGuid,
  138. &SecondObj->IdentGuid, sizeof(GUID));
  139. if ( result < 0 )
  140. return GenericLessThan;
  141. else if ( result > 0 )
  142. return GenericGreaterThan;
  143. else
  144. return GenericEqual;
  145. }
  149. VOID NTAPI
  150. CodeAuthzGuidIdentsInitializeTable(
  151. IN OUT PRTL_GENERIC_TABLE pAuthzObjTable
  152. )
  153. /*++
  155. Routine Description:
  157. Arguments:
  159. pAuthzObjTable - pointer to the generic table structure to initialize.
  161. Return Value:
  163. Does not return a value.
  165. --*/
  166. {
  167. RtlInitializeGenericTable(
  168. pAuthzObjTable,
  169. (PRTL_GENERIC_COMPARE_ROUTINE) SaferpGuidIdentsTableCompare,
  170. (PRTL_GENERIC_ALLOCATE_ROUTINE) SaferpGenericTableAllocate,
  171. (PRTL_GENERIC_FREE_ROUTINE) SaferpGenericTableFree,
  172. NULL);
  173. }
  176. NTSTATUS NTAPI
  177. SaferpGuidIdentsLoadTable (
  178. IN OUT PRTL_GENERIC_TABLE pAuthzIdentTable,
  179. IN DWORD dwScopeId,
  180. IN HANDLE hKeyCustomBase,
  181. IN DWORD dwLevelId,
  182. IN SAFER_IDENTIFICATION_TYPES dwIdentityType
  183. )
  184. /*++
  186. Routine Description:
  188. Loads all Code Identities of a particular fragment type and which
  189. map to a specific LevelId value.
  191. Arguments:
  193. pAuthzIdentTable - specifies the table into which the new Code Identity
  194. records should be inserted.
  196. dwScopeId - can be AUTHZSCOPEID_USER, AUTHZSCOPEID_MACHINE, or
  197. AUTHSCOPEID_REGISTRY.
  199. hKeyCustomBase - used only if dwScopeId is AUTHZSCOPEID_REGISTRY.
  201. dwLevelId - specifies the LevelId for which identities should
  202. be loaded.
  204. dwIdentityType - specifies the type of identity to load.
  205. This can be SaferIdentityTypeImageName, SaferIdentityTypeImageHash,
  206. or SaferIdentityTypeUrlZone.
  208. Return Value:
  210. Returns STATUS_SUCCESS if no error occurs.
  212. --*/
  213. {
  214. DWORD dwIndex;
  215. NTSTATUS Status;
  216. HANDLE hKeyIdentityBase;
  219. //
  220. // We were given the key to the root of the policy storage,
  221. // so we need to open the subkey that contains the Identities.
  222. //
  223. {
  224. WCHAR szPathSuffix[MAX_PATH];
  225. WCHAR szDigits[20];
  226. UNICODE_STRING UnicodePathSuffix;
  227. UNICODE_STRING UnicodeDigits;
  230. UnicodePathSuffix.Buffer = szPathSuffix;
  231. UnicodePathSuffix.Length = 0;
  232. UnicodePathSuffix.MaximumLength = sizeof(szPathSuffix);
  234. UnicodeDigits.Buffer = szDigits;
  235. UnicodeDigits.Length = 0;
  236. UnicodeDigits.MaximumLength = sizeof(szDigits);
  238. Status = RtlAppendUnicodeToString(
  239. &UnicodePathSuffix,
  240. SAFER_CODEIDS_REGSUBKEY L"\\");
  241. if (!NT_SUCCESS(Status)) return Status;
  242. Status = RtlIntegerToUnicodeString(
  243. dwLevelId, 10, &UnicodeDigits);
  244. if (!NT_SUCCESS(Status)) return Status;
  245. Status = RtlAppendUnicodeStringToString(
  246. &UnicodePathSuffix, &UnicodeDigits);
  247. if (!NT_SUCCESS(Status)) return Status;
  249. switch (dwIdentityType)
  250. {
  251. case SaferIdentityTypeImageName:
  252. Status = RtlAppendUnicodeToString(
  253. &UnicodePathSuffix, L"\\" SAFER_PATHS_REGSUBKEY);
  254. break;
  256. case SaferIdentityTypeImageHash:
  257. Status = RtlAppendUnicodeToString(
  258. &UnicodePathSuffix, L"\\" SAFER_HASHMD5_REGSUBKEY);
  259. break;
  261. case SaferIdentityTypeUrlZone:
  262. Status = RtlAppendUnicodeToString(
  263. &UnicodePathSuffix, L"\\" SAFER_SOURCEURL_REGSUBKEY);
  264. break;
  266. default:
  267. Status = STATUS_INVALID_PARAMETER;
  268. break;
  269. }
  270. if (!NT_SUCCESS(Status)) return Status;
  271. ASSERT(UnicodePathSuffix.Buffer[ UnicodePathSuffix.Length /
  272. sizeof(WCHAR) ] == UNICODE_NULL);
  275. Status = CodeAuthzpOpenPolicyRootKey(
  276. dwScopeId,
  277. hKeyCustomBase,
  278. UnicodePathSuffix.Buffer,
  279. KEY_READ,
  280. FALSE,
  281. &hKeyIdentityBase);
  282. if (!NT_SUCCESS(Status))
  283. return Status;
  284. }
  287. //
  288. // Iterate through all subkeys under this branch.
  289. //
  290. for (dwIndex = 0; ; dwIndex++)
  291. {
  292. DWORD dwLength;
  293. HANDLE hKeyThisIdentity;
  294. OBJECT_ATTRIBUTES ObjectAttributes;
  295. AUTHZIDENTSTABLERECORD AuthzIdentsRec;
  297. BYTE RawQueryBuffer[sizeof(KEY_BASIC_INFORMATION) + 256];
  298. PKEY_BASIC_INFORMATION pBasicInformation =
  299. (PKEY_BASIC_INFORMATION) &RawQueryBuffer[0];
  300. PKEY_VALUE_PARTIAL_INFORMATION pPartialInformation =
  301. (PKEY_VALUE_PARTIAL_INFORMATION) &RawQueryBuffer[0];
  302. UNICODE_STRING ValueName;
  303. UNICODE_STRING UnicodeKeyname;
  306. //
  307. // Find the next Identity GUID that we will check.
  308. //
  309. Status = NtEnumerateKey(hKeyIdentityBase,
  310. dwIndex,
  311. KeyBasicInformation,
  312. pBasicInformation,
  313. sizeof(RawQueryBuffer),
  314. &dwLength);
  315. if (!NT_SUCCESS(Status)) {
  316. //
  317. // If this one key was too large to fit in our query buffer
  318. // then simply skip over it and try enumerating the next one.
  319. //
  320. if (Status == STATUS_BUFFER_OVERFLOW) {
  321. continue;
  322. } else {
  323. break;
  324. }
  325. }
  326. UnicodeKeyname.Buffer = pBasicInformation->Name;
  327. UnicodeKeyname.MaximumLength = UnicodeKeyname.Length =
  328. (USHORT) pBasicInformation->NameLength;
  329. // Note that UnicodeKeyname.Buffer is not necessarily null terminated.
  330. ASSERT(UnicodeKeyname.Length <= wcslen(UnicodeKeyname.Buffer) * sizeof(WCHAR));
  333. //
  334. // Translate the keyname (which we expect to be a GUID).
  335. //
  336. RtlZeroMemory(&AuthzIdentsRec, sizeof(AUTHZIDENTSTABLERECORD));
  337. Status = RtlGUIDFromString(&UnicodeKeyname,
  338. &AuthzIdentsRec.IdentGuid);
  339. if (!NT_SUCCESS(Status) ||
  340. IsZeroGUID(&AuthzIdentsRec.IdentGuid)) {
  341. // the keyname was apparently not numeric.
  342. continue;
  343. }
  344. AuthzIdentsRec.dwScopeId = dwScopeId;
  345. AuthzIdentsRec.dwLevelId = dwLevelId;
  346. AuthzIdentsRec.dwIdentityType = dwIdentityType;
  347. if (RtlLookupElementGenericTable(
  348. pAuthzIdentTable, (PVOID) &AuthzIdentsRec) != NULL) {
  349. // this identity GUID happens to have already been found.
  350. continue;
  351. }
  354. //
  355. // Try to open a handle to that Identity GUID.
  356. //
  357. InitializeObjectAttributes(&ObjectAttributes,
  358. &UnicodeKeyname,
  359. OBJ_CASE_INSENSITIVE,
  360. hKeyIdentityBase,
  361. NULL
  362. );
  363. Status = NtOpenKey(&hKeyThisIdentity,
  364. KEY_READ,
  365. &ObjectAttributes);
  366. if (!NT_SUCCESS(Status)) {
  367. // If we failed to open it, skip to the next one.
  368. continue;
  369. }
  372. //
  373. // Add the new record into our table.
  374. //
  375. switch (dwIdentityType) {
  376. // --------------------
  378. case SaferIdentityTypeImageName:
  379. //
  380. // Read the image path.
  381. //
  382. RtlInitUnicodeString(
  383. &ValueName, SAFER_IDS_ITEMDATA_REGVALUE);
  384. Status = NtQueryValueKey(hKeyThisIdentity,
  385. &ValueName,
  386. KeyValuePartialInformation,
  387. pPartialInformation,
  388. sizeof(RawQueryBuffer),
  389. &dwLength);
  390. if (!NT_SUCCESS(Status)) {
  391. break;
  392. }
  394. if (pPartialInformation->Type == REG_SZ ||
  395. pPartialInformation->Type == REG_EXPAND_SZ) {
  397. AuthzIdentsRec.ImageNameInfo.bExpandVars =
  398. (pPartialInformation->Type == REG_EXPAND_SZ);
  399. Status = RtlCreateUnicodeString(
  400. &AuthzIdentsRec.ImageNameInfo.ImagePath,
  401. (LPCWSTR) pPartialInformation->Data);
  402. if (!NT_SUCCESS(Status)) {
  403. break;
  404. }
  405. } else {
  406. Status = STATUS_UNSUCCESSFUL;
  407. break;
  408. }
  410. //
  411. // Read the extra WinSafer flags.
  412. //
  413. RtlInitUnicodeString(&ValueName,
  414. SAFER_IDS_SAFERFLAGS_REGVALUE);
  415. Status = NtQueryValueKey(hKeyThisIdentity,
  416. &ValueName,
  417. KeyValuePartialInformation,
  418. pPartialInformation,
  419. sizeof(RawQueryBuffer),
  420. &dwLength);
  421. if (NT_SUCCESS(Status) &&
  422. pPartialInformation->Type == REG_DWORD &&
  423. pPartialInformation->DataLength == sizeof(DWORD)) {
  425. AuthzIdentsRec.ImageNameInfo.dwSaferFlags =
  426. (*(PDWORD) pPartialInformation->Data);
  428. } else {
  429. // default the flags if they are missing.
  430. AuthzIdentsRec.ImageNameInfo.dwSaferFlags = 0;
  431. Status = STATUS_SUCCESS;
  432. }
  434. break;
  436. // --------------------
  438. case SaferIdentityTypeImageHash:
  439. //
  440. // Read the hash data and hash size.
  441. //
  442. RtlInitUnicodeString(&ValueName,
  443. SAFER_IDS_ITEMDATA_REGVALUE);
  444. Status = NtQueryValueKey(hKeyThisIdentity,
  445. &ValueName,
  446. KeyValuePartialInformation,
  447. pPartialInformation,
  448. sizeof(RawQueryBuffer),
  449. &dwLength);
  450. if (!NT_SUCCESS(Status)) {
  451. break;
  452. }
  453. if (pPartialInformation->Type == REG_BINARY &&
  454. pPartialInformation->DataLength > 0 &&
  455. pPartialInformation->DataLength <= SAFER_MAX_HASH_SIZE) {
  457. AuthzIdentsRec.ImageHashInfo.HashSize =
  458. pPartialInformation->DataLength;
  459. RtlCopyMemory(&AuthzIdentsRec.ImageHashInfo.ImageHash[0],
  460. pPartialInformation->Data,
  461. pPartialInformation->DataLength);
  463. } else {
  464. Status = STATUS_UNSUCCESSFUL;
  465. break;
  466. }
  468. //
  469. // Read the algorithm used to compute the hash.
  470. //
  471. RtlInitUnicodeString(&ValueName,
  472. SAFER_IDS_HASHALG_REGVALUE);
  473. Status = NtQueryValueKey(hKeyThisIdentity,
  474. &ValueName,
  475. KeyValuePartialInformation,
  476. pPartialInformation,
  477. sizeof(RawQueryBuffer),
  478. &dwLength);
  479. if (!NT_SUCCESS(Status)) {
  480. break;
  481. }
  482. if (pPartialInformation->Type == REG_DWORD &&
  483. pPartialInformation->DataLength == sizeof(DWORD)) {
  485. AuthzIdentsRec.ImageHashInfo.HashAlgorithm =
  486. *((PDWORD) pPartialInformation->Data);
  487. } else {
  488. Status = STATUS_UNSUCCESSFUL;
  489. break;
  490. }
  491. if ((AuthzIdentsRec.ImageHashInfo.HashAlgorithm &
  492. ALG_CLASS_ALL) != ALG_CLASS_HASH) {
  493. Status = STATUS_UNSUCCESSFUL;
  494. break;
  495. }
  498. //
  499. // Read the original image size.
  500. //
  501. RtlInitUnicodeString(&ValueName,
  502. SAFER_IDS_ITEMSIZE_REGVALUE);
  503. Status = NtQueryValueKey(hKeyThisIdentity,
  504. &ValueName,
  505. KeyValuePartialInformation,
  506. pPartialInformation,
  507. sizeof(RawQueryBuffer),
  508. &dwLength);
  509. if (!NT_SUCCESS(Status)) {
  510. break;
  511. }
  512. if (pPartialInformation->Type == REG_DWORD &&
  513. pPartialInformation->DataLength == sizeof(DWORD)) {
  515. AuthzIdentsRec.ImageHashInfo.ImageSize.LowPart =
  516. *((PDWORD) pPartialInformation->Data);
  517. AuthzIdentsRec.ImageHashInfo.ImageSize.HighPart = 0;
  518. } else if (pPartialInformation->Type == REG_QWORD &&
  519. pPartialInformation->DataLength == 2 * sizeof(DWORD) ) {
  521. AuthzIdentsRec.ImageHashInfo.ImageSize.QuadPart =
  522. ((PLARGE_INTEGER) pPartialInformation->Data)->QuadPart;
  523. } else {
  524. Status = STATUS_UNSUCCESSFUL;
  525. break;
  526. }
  528. //
  529. // Read the extra WinSafer flags.
  530. //
  531. RtlInitUnicodeString(&ValueName,
  532. SAFER_IDS_SAFERFLAGS_REGVALUE);
  533. Status = NtQueryValueKey(hKeyThisIdentity,
  534. &ValueName,
  535. KeyValuePartialInformation,
  536. pPartialInformation,
  537. sizeof(RawQueryBuffer),
  538. &dwLength);
  539. if (NT_SUCCESS(Status) &&
  540. pPartialInformation->Type == REG_DWORD &&
  541. pPartialInformation->DataLength == sizeof(DWORD)) {
  543. #ifdef SAFER_POLICY_ONLY_EXES
  544. AuthzIdentsRec.ImageHashInfo.dwSaferFlags =
  545. (*((PDWORD) pPartialInformation->Data)) &
  546. ~SAFER_POLICY_ONLY_EXES;
  547. #else
  548. AuthzIdentsRec.ImageHashInfo.dwSaferFlags =
  549. (*((PDWORD) pPartialInformation->Data));
  550. #endif
  552. } else {
  553. // default the flags if they are missing.
  554. AuthzIdentsRec.ImageHashInfo.dwSaferFlags = 0;
  555. Status = STATUS_SUCCESS;
  556. }
  559. break;
  561. // --------------------
  563. case SaferIdentityTypeUrlZone:
  564. //
  565. // Read the zone identifier.
  566. //
  567. RtlInitUnicodeString(&ValueName,
  568. SAFER_IDS_ITEMDATA_REGVALUE);
  569. Status = NtQueryValueKey(hKeyThisIdentity,
  570. &ValueName,
  571. KeyValuePartialInformation,
  572. pPartialInformation,
  573. sizeof(RawQueryBuffer),
  574. &dwLength);
  575. if (!NT_SUCCESS(Status)) {
  576. break;
  577. }
  578. if (pPartialInformation->Type == REG_DWORD &&
  579. pPartialInformation->DataLength == sizeof(DWORD)) {
  581. AuthzIdentsRec.ImageZone.UrlZoneId =
  582. * (PDWORD) pPartialInformation->Data;
  584. } else {
  585. Status = STATUS_UNSUCCESSFUL;
  586. break;
  587. }
  589. //
  590. // Read the extra WinSafer flags.
  591. //
  592. RtlInitUnicodeString(&ValueName,
  593. SAFER_IDS_SAFERFLAGS_REGVALUE);
  594. Status = NtQueryValueKey(hKeyThisIdentity,
  595. &ValueName,
  596. KeyValuePartialInformation,
  597. pPartialInformation,
  598. sizeof(RawQueryBuffer),
  599. &dwLength);
  600. if (NT_SUCCESS(Status) &&
  601. pPartialInformation->Type == REG_DWORD &&
  602. pPartialInformation->DataLength == sizeof(DWORD)) {
  604. #ifdef SAFER_POLICY_ONLY_EXES
  605. AuthzIdentsRec.ImageZone.dwSaferFlags =
  606. (*(PDWORD) pPartialInformation->Data) &
  607. ~SAFER_POLICY_ONLY_EXES;
  608. #else
  609. AuthzIdentsRec.ImageZone.dwSaferFlags =
  610. (*(PDWORD) pPartialInformation->Data);
  611. #endif
  613. } else {
  614. // default the flags if they are missing.
  615. AuthzIdentsRec.ImageZone.dwSaferFlags = 0;
  616. Status = STATUS_SUCCESS;
  617. }
  619. break;
  621. // --------------------
  623. default:
  624. ASSERT(0 && "unexpected identity type");
  625. Status = STATUS_INVALID_INFO_CLASS;
  626. }
  628. // Only insert the record if we don't have
  629. // any other entries with this same GUID.
  630. if (NT_SUCCESS(Status)) {
  631. RtlInsertElementGenericTable(
  632. pAuthzIdentTable,
  633. (PVOID) &AuthzIdentsRec,
  634. sizeof(AUTHZIDENTSTABLERECORD),
  635. NULL);
  636. }
  637. NtClose(hKeyThisIdentity);
  638. }
  640. NtClose(hKeyIdentityBase);
  641. return STATUS_SUCCESS;
  642. }
  645. NTSTATUS NTAPI
  646. CodeAuthzGuidIdentsLoadTableAll (
  647. IN PRTL_GENERIC_TABLE pAuthzLevelTable,
  648. IN OUT PRTL_GENERIC_TABLE pAuthzIdentTable,
  649. IN DWORD dwScopeId,
  650. IN HANDLE hKeyCustomBase
  651. )
  652. /*++
  654. Routine Description:
  656. Arguments:
  658. pAuthzLevelTable - specifies the table that has already been
  659. loaded with the WinSafer Levels that should be allowed.
  660. These Levels do not necessarily need to have been loaded
  661. from the same scope from which the Code Identities are
  662. being loaded from.
  664. pAuthzIdentTable - specifies the table into which the loaded
  665. Code Identities should be inserted.
  667. dwScopeId - scope from where the Code Identities should be loaded from.
  668. This may be AUTHZSCOPEID_MACHINE, AUTHZSCOPEID_USER, or
  669. AUTHZSCOPEID_REGISTRY.
  671. hKeyCustomBase - only used if dwScopeId was AUTHZSCOPEID_REGISTRY.
  673. Return Value:
  675. Returns STATUS_SUCCESS if no errors occurred.
  677. --*/
  678. {
  679. NTSTATUS Status;
  680. NTSTATUS WorstStatus = STATUS_SUCCESS;
  681. PVOID RestartKey;
  682. PAUTHZLEVELTABLERECORD pAuthzLevelRecord;
  685. //
  686. // Enumerate through all records and close the registry handles.
  687. //
  688. RestartKey = NULL;
  689. for (pAuthzLevelRecord = (PAUTHZLEVELTABLERECORD)
  690. RtlEnumerateGenericTableWithoutSplaying(
  691. pAuthzLevelTable, &RestartKey);
  692. pAuthzLevelRecord != NULL;
  693. pAuthzLevelRecord = (PAUTHZLEVELTABLERECORD)
  694. RtlEnumerateGenericTableWithoutSplaying(
  695. pAuthzLevelTable, &RestartKey)
  696. )
  697. {
  698. Status = SaferpGuidIdentsLoadTable(
  699. pAuthzIdentTable,
  700. dwScopeId,
  701. hKeyCustomBase,
  702. pAuthzLevelRecord->dwLevelId,
  703. SaferIdentityTypeImageName);
  704. if (!NT_SUCCESS(Status))
  705. WorstStatus = Status;
  707. Status = SaferpGuidIdentsLoadTable(
  708. pAuthzIdentTable,
  709. dwScopeId,
  710. hKeyCustomBase,
  711. pAuthzLevelRecord->dwLevelId,
  712. SaferIdentityTypeImageHash);
  713. if (!NT_SUCCESS(Status))
  714. WorstStatus = Status;
  716. Status = SaferpGuidIdentsLoadTable(
  717. pAuthzIdentTable,
  718. dwScopeId,
  719. hKeyCustomBase,
  720. pAuthzLevelRecord->dwLevelId,
  721. SaferIdentityTypeUrlZone);
  722. if (!NT_SUCCESS(Status))
  723. WorstStatus = Status;
  724. }
  727. return WorstStatus;
  728. }
  732. VOID NTAPI
  733. CodeAuthzGuidIdentsEntireTableFree (
  734. IN OUT PRTL_GENERIC_TABLE pAuthzIdentTable
  735. )
  736. /*++
  738. Routine Description:
  740. Frees the allocated memory associated with all of the entries
  741. currently within a Code Identities table. Once the table has
  742. been emptied, it may immediately be filled again without any
  743. other initialization necessary.
  745. Arguments:
  747. pAuthzIdentTable - pointer to the table that should be cleared.
  749. Return Value:
  751. Does not return any value.
  753. --*/
  754. {
  755. ULONG NumElements;
  757. //
  758. // Now iterate through the table again and free all of the
  759. // elements themselves.
  760. //
  761. NumElements = RtlNumberGenericTableElements(pAuthzIdentTable);
  763. while ( NumElements-- > 0 ) {
  764. // Delete all elements. Note that we pass NULL as the element
  765. // to delete because our compare function is smart enough to
  766. // allow treatment of NULL as a wildcard element.
  767. BOOL retval = RtlDeleteElementGenericTable( pAuthzIdentTable, NULL);
  768. ASSERT(retval == TRUE);
  769. }
  770. }
  773. PAUTHZIDENTSTABLERECORD NTAPI
  774. CodeAuthzIdentsLookupByGuid (
  775. IN PRTL_GENERIC_TABLE pAuthzIdentTable,
  776. IN REFGUID pIdentGuid
  777. )
  778. /*++
  780. Routine Description:
  782. This function searches for an identity within a GENERIC_TABLE.
  784. Arguments:
  786. pAuthzIdentTable - pointer to the Generic Table structure
  788. pIdentGuid -
  790. Return Value:
  792. Returns a pointer to the Code Identity record if the GUID
  793. specified was found. Otherwise NULL is returned.
  795. --*/
  796. {
  797. AUTHZIDENTSTABLERECORD AuthzIdentsRec;
  799. RtlCopyMemory(&AuthzIdentsRec.IdentGuid, pIdentGuid, sizeof(GUID));
  800. return (PAUTHZIDENTSTABLERECORD)
  801. RtlLookupElementGenericTable(pAuthzIdentTable,
  802. (PVOID) &AuthzIdentsRec);
  803. }