archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/winsafer/safehand.c

534 lines
14 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1997-2000 Microsoft Corporation
  5. Module Name:
  7. SafeHand.c (WinSAFER Handle Operations)
  9. Abstract:
  11. This module implements the WinSAFER APIs to open and close handles
  12. to SAFER Code Authorization Levels.
  14. Author:
  16. Jeffrey Lawson (JLawson) - Nov 1999
  18. Environment:
  20. User mode only.
  22. Exported Functions:
  24. CodeAuthzHandleToLevelStruct
  25. CodeAuthzpOpenPolicyRootKey
  26. CodeAuthzCreateLevelHandle
  27. CodeAuthzCloseLevelHandle
  28. SaferCreateLevel (public win32 api)
  29. SaferCloseLevel (public win32 api)
  31. Revision History:
  33. Created - Nov 1999
  35. --*/
  37. #include "pch.h"
  38. #pragma hdrstop
  39. #include <winsafer.h>
  40. #include <winsaferp.h>
  41. #include "saferp.h"
  44. //
  45. // All handles have a bit pattern OR-ed onto them to serve both
  46. // as a debugging aid in distinguishing obvious non-handles,
  47. // and also to ensure that a zero handle is never given back.
  48. //
  49. #define LEVEL_HANDLE_BITS 0x74000000
  50. #define LEVEL_HANDLE_MASK 0xFF000000
  54. NTSTATUS NTAPI
  55. CodeAuthzpCreateLevelHandleFromRecord(
  56. IN PAUTHZLEVELTABLERECORD pLevelRecord,
  57. IN DWORD dwScopeId,
  58. IN DWORD dwSaferFlags OPTIONAL,
  59. IN DWORD dwExtendedError,
  60. IN SAFER_IDENTIFICATION_TYPES IdentificationType,
  61. IN REFGUID refIdentGuid OPTIONAL,
  62. OUT SAFER_LEVEL_HANDLE *pLevelHandle
  63. )
  64. /*++
  66. Routine Description:
  68. Converts a level record to an opaque SAFER_LEVEL_HANDLE handle.
  70. Note that although this function assumes that the global
  71. critical section has already been obtained by the caller.
  73. Arguments:
  75. pLevelRecord - specifies the level record for which the
  76. request is being made. It is assumed that this record
  77. is valid and exists within the g_CodeLevelObjTable.
  79. dwScopeId - indicates the scope that will be stored within
  80. the opened handle. This scope affects the behavior of
  81. Get/SetInfoCodeAuthzLevel for code identifiers.
  83. dwSaferFlags - indicates any optional Safer flags that were
  84. derived from the matching code identifier. These bits
  85. will be bitwise ORed in SaferComputeTokenFromLevel.
  87. dwExtendedError - Error returned by WinVerifyTrust.
  89. IdentificationType - Rule that identified this level.
  91. refIdentGuid - indicates the Code Identifier record that was
  92. used to match the given level. This may be NULL.
  94. pLevelHandle - receives the resulting opaque Level handle.
  96. Return Value:
  98. Returns STATUS_SUCCESS on success.
  100. --*/
  101. {
  102. NTSTATUS Status;
  103. ULONG ulHandleIndex;
  104. PAUTHZLEVELHANDLESTRUCT pLevelStruct;
  107. ASSERT(ARGUMENT_PRESENT(pLevelRecord) &&
  108. ARGUMENT_PRESENT(pLevelHandle));
  111. //
  112. // Validate the value passed within the dwScope argument.
  113. //
  114. if (g_hKeyCustomRoot != NULL) {
  115. if (dwScopeId != SAFER_SCOPEID_REGISTRY) {
  116. Status = STATUS_INVALID_PARAMETER_MIX;
  117. goto ExitHandler;
  118. }
  119. } else {
  120. if (dwScopeId != SAFER_SCOPEID_MACHINE &&
  121. dwScopeId != SAFER_SCOPEID_USER) {
  122. Status = STATUS_INVALID_PARAMETER_MIX;
  123. goto ExitHandler;
  124. }
  125. }
  128. //
  129. // Allocate a handle to represent this level.
  130. //
  131. pLevelStruct = (PAUTHZLEVELHANDLESTRUCT) RtlAllocateHandle(
  132. &g_LevelHandleTable,
  133. &ulHandleIndex);
  134. if (!pLevelStruct) {
  135. Status = STATUS_INSUFFICIENT_RESOURCES;
  136. goto ExitHandler;
  137. }
  138. ASSERT((ulHandleIndex & LEVEL_HANDLE_MASK) == 0);
  139. *pLevelHandle = UlongToPtr(ulHandleIndex | LEVEL_HANDLE_BITS);
  142. //
  143. // Fill in the handle structure to represent this level.
  144. //
  145. RtlZeroMemory(pLevelStruct, sizeof(AUTHZLEVELHANDLESTRUCT));
  146. pLevelStruct->HandleHeader.Flags = RTL_HANDLE_ALLOCATED;
  147. pLevelStruct->dwLevelId = pLevelRecord->dwLevelId;
  148. pLevelStruct->dwScopeId = dwScopeId;
  149. pLevelStruct->dwSaferFlags = dwSaferFlags;
  150. pLevelStruct->dwHandleSequence = g_dwLevelHandleSequence;
  151. pLevelStruct->dwExtendedError = dwExtendedError;
  152. pLevelStruct->IdentificationType = IdentificationType;
  153. if (ARGUMENT_PRESENT(refIdentGuid)) {
  154. RtlCopyMemory(&pLevelStruct->identGuid, refIdentGuid, sizeof(GUID));
  155. } else {
  156. ASSERT(IsZeroGUID(&pLevelStruct->identGuid));
  157. }
  158. Status = STATUS_SUCCESS;
  161. ExitHandler:
  162. return Status;
  163. }
  166. NTSTATUS NTAPI
  167. CodeAuthzHandleToLevelStruct(
  168. IN SAFER_LEVEL_HANDLE hLevelObject,
  169. OUT PAUTHZLEVELHANDLESTRUCT *pLevelStruct)
  170. /*++
  172. Routine Description:
  174. Converts an opaque SAFER_LEVEL_HANDLE handle into a pointer to the
  175. internal handle structure.
  177. Note that although this function gains and releases access to
  178. the critical section during the API execution, the caller is
  179. expected to have already entered the critical section and
  180. maintain the critical section for the entire duration under
  181. which the return pLevelStruct will be used. Otherwise, the
  182. pLevelStruct can potentially become invalid if another thread
  183. reloads the cache tables and invalidates all handles.
  185. Arguments:
  187. hLevelObject - specifies the handle to the AuthzObject for which the
  188. request is being made.
  190. lpLevelObjectStruct - receives a pointer to the internal handle
  191. structure that represents the specified AuthzLevelObject.
  193. Return Value:
  195. Returns STATUS_SUCCESS on success.
  197. --*/
  198. {
  199. NTSTATUS Status;
  200. ULONG ulHandleIndex;
  202. if (!g_bInitializedFirstTime) {
  203. return STATUS_UNSUCCESSFUL;
  204. }
  205. if (!ARGUMENT_PRESENT(hLevelObject)) {
  206. return STATUS_INVALID_HANDLE;
  207. }
  208. if (!ARGUMENT_PRESENT(pLevelStruct)) {
  209. return STATUS_ACCESS_VIOLATION;
  210. }
  211. RtlEnterCriticalSection(&g_TableCritSec);
  212. ASSERT(!g_bNeedCacheReload);
  215. //
  216. // Translate the handle index into a pointer to the handle structure.
  217. //
  218. ulHandleIndex = PtrToUlong(hLevelObject);
  219. if ( (ulHandleIndex & LEVEL_HANDLE_MASK) != LEVEL_HANDLE_BITS) {
  220. Status = STATUS_INVALID_HANDLE;
  221. goto ExitHandler;
  222. }
  223. ulHandleIndex &= ~LEVEL_HANDLE_MASK;
  224. if (!RtlIsValidIndexHandle(&g_LevelHandleTable, ulHandleIndex,
  225. (PRTL_HANDLE_TABLE_ENTRY*) pLevelStruct)) {
  226. Status = STATUS_INVALID_HANDLE;
  227. goto ExitHandler;
  228. }
  230. //
  231. // Verify some additional sanity checks on the handle structure
  232. // that was mapped. Ensure that it was not a handle that was
  233. // opened, but invalidated because CodeAuthzReloadCacheTables was
  234. // called before closing then Level handle.
  235. //
  236. if (*pLevelStruct == NULL ||
  237. (*pLevelStruct)->dwHandleSequence != g_dwLevelHandleSequence ||
  238. !CodeAuthzLevelObjpLookupByLevelId(
  239. &g_CodeLevelObjTable, (*pLevelStruct)->dwLevelId ) )
  240. {
  241. Status = STATUS_INVALID_HANDLE;
  242. goto ExitHandler;
  243. }
  244. Status = STATUS_SUCCESS;
  247. ExitHandler:
  248. RtlLeaveCriticalSection(&g_TableCritSec);
  249. return Status;
  250. }
  255. NTSTATUS NTAPI
  256. CodeAuthzCreateLevelHandle(
  257. IN DWORD dwLevelId,
  258. IN DWORD OpenFlags,
  259. IN DWORD dwScopeId,
  260. IN DWORD dwSaferFlags OPTIONAL,
  261. OUT SAFER_LEVEL_HANDLE *pLevelHandle)
  262. /*++
  264. Routine Description:
  266. Internal function to open a handle to a WinSafer Level.
  268. Arguments:
  270. dwLevelId - input level of the WinSafer Level to open.
  271. Note that the dwScopeId argument does not affect the scope
  272. of the level that is opened itself.
  274. OpenFlags - flags that affect how the object is opened.
  276. dwScopeId - input scope identifier that is stored within the
  277. resulting handle. This scope identifier is used to affect
  278. the behavior of SaferGet/SetLevelInformation for code identifier.
  280. dwSaferFlags - flags that are stored within the resulting handle.
  281. These flags are usually derived from the code identifier
  282. that matched, and will be used in the final call to
  283. SaferComputeTokenFromLevel.
  285. pLevelHandle - receives the new handle.
  287. Return Value:
  289. Returns STATUS_SUCCESS on success.
  291. --*/
  292. {
  293. NTSTATUS Status;
  294. PAUTHZLEVELTABLERECORD pLevelRecord;
  298. //
  299. // Verify our input arguments are okay.
  300. //
  301. if (!ARGUMENT_PRESENT(pLevelHandle)) {
  302. Status = STATUS_ACCESS_VIOLATION;
  303. goto ExitHandler;
  304. }
  305. if ((OpenFlags & SAFER_LEVEL_CREATE) != 0 ||
  306. (OpenFlags & SAFER_LEVEL_DELETE) != 0) {
  307. // BLACKCOMB TODO: need to support creation or deletion.
  308. Status = STATUS_NOT_IMPLEMENTED;
  309. goto ExitHandler;
  310. }
  311. if (!g_bInitializedFirstTime) {
  312. Status = STATUS_UNSUCCESSFUL;
  313. goto ExitHandler;
  314. }
  315. RtlEnterCriticalSection(&g_TableCritSec);
  316. if (g_bNeedCacheReload) {
  317. Status = CodeAuthzpImmediateReloadCacheTables();
  318. if (!NT_SUCCESS(Status)) {
  319. goto ExitHandler2;
  320. }
  321. }
  324. //
  325. // Find the cached record for the requested level.
  326. //
  327. pLevelRecord = CodeAuthzLevelObjpLookupByLevelId(
  328. &g_CodeLevelObjTable,
  329. dwLevelId);
  330. if (!pLevelRecord) {
  331. Status = STATUS_NOT_FOUND;
  332. goto ExitHandler2;
  333. }
  334. ASSERT(pLevelRecord->dwLevelId == dwLevelId);
  337. //
  338. // Actually create a Level handle for this record.
  339. //
  340. Status = CodeAuthzpCreateLevelHandleFromRecord(
  341. pLevelRecord, dwScopeId,
  342. dwSaferFlags, ERROR_SUCCESS, SaferIdentityDefault, NULL, pLevelHandle);
  345. //
  346. // Handle cleanup and error handling.
  347. //
  348. ExitHandler2:
  349. RtlLeaveCriticalSection(&g_TableCritSec);
  351. ExitHandler:
  352. return Status;
  353. }
  356. NTSTATUS NTAPI
  357. CodeAuthzCloseLevelHandle(
  358. IN SAFER_LEVEL_HANDLE hLevelObject)
  359. /*++
  361. Routine Description:
  363. Internal function to close an AuthzObject handle.
  365. Arguments:
  367. hLevelObject - the AuthzObject handle to close.
  369. Return Value:
  371. Returns STATUS_SUCCESS on success.
  373. --*/
  374. {
  375. NTSTATUS Status;
  376. ULONG ulHandleIndex;
  377. PAUTHZLEVELHANDLESTRUCT pLevelStruct;
  379. if (!ARGUMENT_PRESENT(hLevelObject)) {
  380. Status = STATUS_INVALID_HANDLE;
  381. goto ExitHandler;
  382. }
  383. if (!g_bInitializedFirstTime) {
  384. Status = STATUS_UNSUCCESSFUL;
  385. goto ExitHandler;
  386. }
  387. RtlEnterCriticalSection(&g_TableCritSec);
  389. ulHandleIndex = PtrToUlong(hLevelObject);
  390. if ( (ulHandleIndex & LEVEL_HANDLE_MASK) != LEVEL_HANDLE_BITS) {
  391. Status = STATUS_INVALID_HANDLE;
  392. goto ExitHandler2;
  393. }
  394. ulHandleIndex &= ~LEVEL_HANDLE_MASK;
  395. if (!RtlIsValidIndexHandle(&g_LevelHandleTable, ulHandleIndex,
  396. (PRTL_HANDLE_TABLE_ENTRY *) &pLevelStruct)) {
  397. Status = STATUS_INVALID_HANDLE;
  398. goto ExitHandler2;
  399. }
  400. if (!RtlFreeHandle(&g_LevelHandleTable,
  401. (PRTL_HANDLE_TABLE_ENTRY) pLevelStruct)) {
  402. Status = STATUS_INVALID_HANDLE;
  403. goto ExitHandler2;
  404. }
  405. Status = STATUS_SUCCESS;
  407. ExitHandler2:
  408. RtlLeaveCriticalSection(&g_TableCritSec);
  409. ExitHandler:
  410. return Status;
  411. }
  415. BOOL WINAPI
  416. SaferCreateLevel(
  417. IN DWORD dwScopeId,
  418. IN DWORD dwLevelId,
  419. IN DWORD OpenFlags,
  420. OUT SAFER_LEVEL_HANDLE *pLevelObject,
  421. IN LPVOID lpReserved)
  422. /*++
  424. Routine Description:
  426. Public function implementing the Unicode version of this API,
  427. allowing the user to create or open an Authorization Object
  428. and receive a handle representing the object.
  430. Arguments:
  432. dwScopeId - not used (anymore), reserved for future use.
  434. dwLevelId - input object level of the AuthzObject to create/open.
  436. OpenFlags - flags to control opening, creation, or deletion.
  438. lpReserved - not used, reserved for future use.
  440. pLevelObject - receives the new handle.
  442. Return Value:
  444. Returns FALSE on error, TRUE on success. Sets GetLastError() on error.
  446. --*/
  447. {
  448. NTSTATUS Status;
  451. //
  452. // Verify the arguments were all supplied.
  453. //
  454. UNREFERENCED_PARAMETER(lpReserved);
  455. if (!g_bInitializedFirstTime) {
  456. Status = STATUS_UNSUCCESSFUL;
  457. goto ExitHandler;
  458. }
  459. if (!ARGUMENT_PRESENT(pLevelObject)) {
  460. Status = STATUS_ACCESS_VIOLATION;
  461. goto ExitHandler;
  462. }
  463. RtlEnterCriticalSection(&g_TableCritSec);
  464. if (g_hKeyCustomRoot != NULL) {
  465. if (dwScopeId != SAFER_SCOPEID_REGISTRY) {
  466. Status = STATUS_INVALID_PARAMETER_MIX;
  467. goto ExitHandler2;
  468. }
  469. } else {
  470. if (dwScopeId != SAFER_SCOPEID_MACHINE &&
  471. dwScopeId != SAFER_SCOPEID_USER) {
  472. Status = STATUS_INVALID_PARAMETER_MIX;
  473. goto ExitHandler2;
  474. }
  475. }
  478. //
  479. // Actually call the worker functions to get it done.
  480. //
  481. Status = CodeAuthzCreateLevelHandle(
  482. dwLevelId,
  483. OpenFlags,
  484. dwScopeId,
  485. 0,
  486. pLevelObject);
  488. //
  489. // Set the error result.
  490. //
  491. ExitHandler2:
  492. RtlLeaveCriticalSection(&g_TableCritSec);
  494. ExitHandler:
  495. if ( NT_SUCCESS( Status ) ) {
  496. return TRUE;
  497. }
  498. BaseSetLastNTError(Status);
  499. return FALSE;
  500. }
  504. BOOL WINAPI
  505. SaferCloseLevel(
  506. IN SAFER_LEVEL_HANDLE hLevelObject)
  507. /*++
  509. Routine Description:
  511. Public function to close a handle to an Authorization Level Object.
  513. Arguments:
  515. hLevelObject - the AuthzObject handle to close.
  517. Return Value:
  519. Returns FALSE on error, TRUE on success.
  521. --*/
  522. {
  523. NTSTATUS Status;
  525. Status = CodeAuthzCloseLevelHandle(hLevelObject);
  526. if (! NT_SUCCESS(Status) ) {
  527. BaseSetLastNTError(Status);
  528. return FALSE;
  529. }
  530. return TRUE;
  531. }