Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

574 lines
16 KiB

/*++
Copyright (c) 1997-2000 Microsoft Corporation
Module Name:
saferp.h
Abstract:
This file implements the private (internal) functions, data types,
data structures, and definitions used by the other WinSAFER
code implementations. All of the APIs listed in this header are
not exported by ADVAPI32.DLL at all and are only callable by
other code actually located within advapi.
Author:
Jeffrey Lawson (JLawson)
Revision History:
--*/
#ifndef _AUTHZSAFERP_H_
#define _AUTHZSAFERP_H_
#include "safewild.h"
#ifdef __cplusplus
extern "C" {
#endif
// ---------------------------------------------------------
//
// Convenient macro for determining the number of elements in an array.
//
#ifndef ARRAYSIZE
#define ARRAYSIZE(a) (sizeof(a)/sizeof(a[0]))
#endif
//
// Simple inlined function to return true if a GUID is all zeros.
//
FORCEINLINE BOOLEAN IsZeroGUID(REFGUID rguid1)
{
return (
((unsigned long *) rguid1)[0] == 0 &&
((unsigned long *) rguid1)[1] == 0 &&
((unsigned long *) rguid1)[2] == 0 &&
((unsigned long *) rguid1)[3] == 0);
}
//
// Private structure used to store a table of all of the defined
// WinSafer Levels as we enumerate them to evaluate the matching one.
//
typedef struct _AUTHZLEVELTABLERECORD
{
// The user-defined integer value that controls the relative ranking
// of authorization level between Code Authorization Level.
DWORD dwLevelId;
// Boolean indicating whether this level is a "built-in" one.
BOOLEAN Builtin;
// Boolean indicating whether this level is enumerable
BOOLEAN isEnumerable;
// The short friendly name and the description.
UNICODE_STRING UnicodeFriendlyName;
UNICODE_STRING UnicodeDescription;
// All of the following attributes are needed for
// actual creation of the restricted token.
BOOL DisallowExecution; // block execution entirely
BOOL DisableMaxPrivileges; // privilege options
PSID DefaultOwner; // default owner SID
DWORD SaferFlags; // special job execution flags
BOOL InvertDisableSids; // SIDs specified are negative
DWORD DisableSidCount; // number of deny-only SIDs
DWORD DisableSidUsedCount; // number actually used
PAUTHZ_WILDCARDSID SidsToDisable; // deny-only SIDs
BOOL InvertDeletePrivs; // privileges specified are negative
DWORD DeletePrivilegeCount; // number of privileges
DWORD DeletePrivilegeUsedCount; // number actually used
PLUID_AND_ATTRIBUTES PrivilegesToDelete; // privileges
DWORD RestrictedSidsInvCount; // number of inverted restricting SIDs
DWORD RestrictedSidsInvUsedCount; // number actually used
PAUTHZ_WILDCARDSID RestrictedSidsInv; // list of inverted restricting SIDs
DWORD RestrictedSidsAddedCount; // number of restricting SIDs
DWORD RestrictedSidsAddedUsedCount; // number actually used
PSID_AND_ATTRIBUTES RestrictedSidsAdded; // list of restricting SIDs
}
AUTHZLEVELTABLERECORD, *PAUTHZLEVELTABLERECORD;
//
// Private structure to store all code identifications.
//
#pragma warning(push)
#pragma warning(disable:4201) // nonstandard extension used : nameless struct/union
typedef struct _AUTHZIDENTSTABLERECORD
{
// unique identifier that distinguishes this code identity.
GUID IdentGuid;
// the following enumeration specifies what type of
// code identity this record represents.
SAFER_IDENTIFICATION_TYPES dwIdentityType;
// Specifies what Level this Code Identification maps to.
DWORD dwLevelId;
// Specifies what scope this Code Identity was loaded from.
DWORD dwScopeId;
// Actual details about this identity.
union {
struct {
BOOL bExpandVars;
UNICODE_STRING ImagePath;
DWORD dwSaferFlags;
} ImageNameInfo;
struct {
LARGE_INTEGER ImageSize;
DWORD HashSize;
BYTE ImageHash[SAFER_MAX_HASH_SIZE];
ALG_ID HashAlgorithm;
DWORD dwSaferFlags;
} ImageHashInfo;
struct {
DWORD UrlZoneId;
DWORD dwSaferFlags;
} ImageZone;
};
}
AUTHZIDENTSTABLERECORD, *PAUTHZIDENTSTABLERECORD;
#pragma warning(pop)
//
// Private structure representation of a Level handle. The
// typedef SAFER_LEVEL_HANDLE is an opaque reference to a structure of
// this type, accessed via the RtlHandleTable functions.
//
typedef struct _AUTHZLEVELHANDLESTRUCT_
{
// This first header is required by the RTL_HANDLE_TABLE system.
// All allocated handles will implicitly have bit 0 set. All other
// remaining bits can be used for our own purposes if we want.
RTL_HANDLE_TABLE_ENTRY HandleHeader;
// The following information is redundant. It can be found by
// also accessing the pLevelRecord directly.
DWORD dwLevelId;
// This scope identifier specifies the value that was passed to
// the Win32 API SaferCreateLevel and is really only looked at
// by SaferGetLevelInformation for the Identity GUID enums.
DWORD dwScopeId; // (same as from pIdentRecord)
// Stores the matching identity record that gave this result.
// May be NULL, as in case of direct SaferCreateLevel or a
// default Level match.
GUID identGuid;
// This value stores the Safer Flags that were derived from the
// Identity Entry record when SaferIdentifyLevel finds a match.
DWORD dwSaferFlags;
// The sequence value indicates the "generation" at which a handle
// was originally opened. If this value does not match the current
// value in the global g_dwLevelHandleSequence, then this handle
// should be considered a no-longer valid handle.
DWORD dwHandleSequence;
// Extended error information - applicable for certificate rules.
DWORD dwExtendedError;
// the following enumeration specifies what type of
// code identity this handle represents.
SAFER_IDENTIFICATION_TYPES IdentificationType;
// For future use and padding purposes.
DWORD dwReserved;
}
AUTHZLEVELHANDLESTRUCT, *PAUTHZLEVELHANDLESTRUCT;
//
// Private structure definition used to pass around all state
// information needed during the SaferIdentifyLevel execution.
//
typedef struct _LOCALIDENTITYCONTEXT
{
// Original query request data.
DWORD dwCheckFlags; // copy of original function input
PSAFER_CODE_PROPERTIES CodeProps; // RO: original function input
// Information about the hash that may have been computed.
BOOLEAN bHaveHash;
BYTE FinalHash[SAFER_MAX_HASH_SIZE];
DWORD FinalHashSize;
ALG_ID FinalHashAlgorithm;
// File handle that may have been opened or supplied by the caller.
HANDLE hFileHandle;
// File handle status. If this is TRUE then hFileHandle needs to
// be closed before returning.
BOOLEAN bCloseFileHandle;
// Fully qualified NT filename of the input file.
UNICODE_STRING UnicodeFullyQualfiedLongFileName;
// Information about the image that may have been mapped.
LARGE_INTEGER ImageSize;
PVOID pImageMemory;
// Memory mapped file status. If this is TRUE then
// pImageMemory needs to be unmapped before returning.
BOOLEAN bImageMemoryNeedUnmap;
}
LOCALIDENTITYCONTEXT, *PLOCALIDENTITYCONTEXT;
//
// Various globals that are used for the cache of levels and
// identities so that we do not need to go to the registry each time.
//
extern BOOLEAN g_bInitializedFirstTime;
extern CRITICAL_SECTION g_TableCritSec;
extern HANDLE g_hKeyCustomRoot;
extern DWORD g_dwKeyOptions;
extern BOOLEAN g_bNeedCacheReload;
extern RTL_GENERIC_TABLE g_CodeLevelObjTable;
extern RTL_GENERIC_TABLE g_CodeIdentitiesTable;
extern RTL_HANDLE_TABLE g_LevelHandleTable;
extern DWORD g_dwLevelHandleSequence;
extern BOOLEAN g_bHonorScopeUser;
extern PAUTHZLEVELTABLERECORD g_DefaultCodeLevel;
extern PAUTHZLEVELTABLERECORD g_DefaultCodeLevelUser;
extern PAUTHZLEVELTABLERECORD g_DefaultCodeLevelMachine;
//
// Private function prototypes defined within SAFEINIT.C
//
NTSTATUS NTAPI
CodeAuthzInitializeGlobals(VOID);
VOID NTAPI
CodeAuthzDeinitializeGlobals(VOID);
NTSTATUS NTAPI
CodeAuthzReloadCacheTables(
IN HANDLE hKeyCustomRoot OPTIONAL,
IN DWORD dwKeyOptions,
IN BOOLEAN bImmediateLoad
);
NTSTATUS NTAPI
CodeAuthzpImmediateReloadCacheTables(
VOID
);
NTSTATUS NTAPI
CodeAuthzpDeleteKeyRecursively(
IN HANDLE hBaseKey,
IN PUNICODE_STRING pSubKey OPTIONAL
);
NTSTATUS NTAPI
CodeAuthzpFormatLevelKeyPath(
IN DWORD dwLevelId,
IN OUT PUNICODE_STRING UnicodeSuffix
);
NTSTATUS NTAPI
CodeAuthzpFormatIdentityKeyPath(
IN DWORD dwLevelId,
IN LPCWSTR szIdentityType,
IN REFGUID refIdentGuid,
IN OUT PUNICODE_STRING UnicodeSuffix
);
NTSTATUS NTAPI
CodeAuthzpOpenPolicyRootKey(
IN DWORD dwScopeId,
IN HANDLE hKeyCustomBase OPTIONAL,
IN LPCWSTR szRegistrySuffix OPTIONAL,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN bCreateKey,
OUT HANDLE *OpenedHandle
);
VOID NTAPI
CodeAuthzpRecomputeEffectiveDefaultLevel(VOID);
//
// Private function prototypes defined within SAFEHAND.C
//
NTSTATUS NTAPI
CodeAuthzpCreateLevelHandleFromRecord(
IN PAUTHZLEVELTABLERECORD pLevelRecord,
IN DWORD dwScopeId,
IN DWORD dwSaferFlags OPTIONAL,
IN DWORD dwExtendedError,
IN SAFER_IDENTIFICATION_TYPES IdentificationType,
IN REFGUID refIdentGuid OPTIONAL,
OUT SAFER_LEVEL_HANDLE *pLevelHandle
);
NTSTATUS NTAPI
CodeAuthzHandleToLevelStruct(
IN SAFER_LEVEL_HANDLE hLevelObject,
OUT PAUTHZLEVELHANDLESTRUCT *pLevelStruct
);
NTSTATUS NTAPI
CodeAuthzCreateLevelHandle(
IN DWORD dwLevelId,
IN DWORD OpenFlags,
IN DWORD dwScopeId,
IN DWORD dwSaferFlags OPTIONAL,
OUT SAFER_LEVEL_HANDLE *pLevelHandle);
NTSTATUS NTAPI
CodeAuthzCloseLevelHandle(
IN SAFER_LEVEL_HANDLE hLevelObject
);
//
// Functions related to WinSafer Level enumeration (SAFEIDEP.C)
//
VOID NTAPI
CodeAuthzLevelObjpInitializeTable(
IN OUT PRTL_GENERIC_TABLE pAuthzObjTable
);
NTSTATUS NTAPI
CodeAuthzLevelObjpLoadTable (
IN OUT PRTL_GENERIC_TABLE pAuthzObjTable,
IN DWORD dwScopeId,
IN HANDLE hKeyCustomRoot
);
VOID NTAPI
CodeAuthzLevelObjpEntireTableFree (
IN OUT PRTL_GENERIC_TABLE pAuthzObjTable
);
PAUTHZLEVELTABLERECORD NTAPI
CodeAuthzLevelObjpLookupByLevelId (
IN PRTL_GENERIC_TABLE pAuthzObjTable,
IN DWORD dwLevelId
);
//
// Functions related to WinSafer Code Identity enumeration. (SAFEIDEP.C)
//
VOID NTAPI
CodeAuthzGuidIdentsInitializeTable(
IN OUT PRTL_GENERIC_TABLE pAuthzObjTable
);
NTSTATUS NTAPI
CodeAuthzGuidIdentsLoadTableAll (
IN PRTL_GENERIC_TABLE pAuthzLevelTable,
IN OUT PRTL_GENERIC_TABLE pAuthzIdentTable,
IN DWORD dwScopeId,
IN HANDLE hKeyCustomBase
);
VOID NTAPI
CodeAuthzGuidIdentsEntireTableFree (
IN OUT PRTL_GENERIC_TABLE pAuthzIdentTable
);
PAUTHZIDENTSTABLERECORD NTAPI
CodeAuthzIdentsLookupByGuid (
IN PRTL_GENERIC_TABLE pAuthzIdentTable,
IN REFGUID pIdentGuid
);
//
// Helper functions that are used during actual identification (SAFEIDEP.C)
//
LONG NTAPI
CodeAuthzpCompareImagePath(
IN LPCWSTR szPathFragment,
IN LPCWSTR szFullImagePath);
NTSTATUS NTAPI
CodeAuthzpComputeImageHash(
IN PVOID pImageMemory,
IN DWORD dwImageSize,
OUT PBYTE pComputedHash OPTIONAL,
IN OUT PDWORD pdwHashSize OPTIONAL,
OUT ALG_ID *pHashAlgorithm OPTIONAL
);
//
// Private function prototypes for low-level policy reading/writing. (SAFEPOLR.C)
//
NTSTATUS NTAPI
CodeAuthzPol_GetInfoCached_LevelListRaw(
IN DWORD dwScopeId,
IN DWORD InfoBufferSize OPTIONAL,
OUT PVOID InfoBuffer OPTIONAL,
OUT PDWORD InfoBufferRetSize OPTIONAL
);
NTSTATUS NTAPI
CodeAuthzPol_GetInfoCached_DefaultLevel(
IN DWORD dwScopeId,
IN DWORD InfoBufferSize OPTIONAL,
OUT PVOID InfoBuffer OPTIONAL,
OUT PDWORD InfoBufferRetSize OPTIONAL
);
NTSTATUS NTAPI
CodeAuthzPol_GetInfoRegistry_DefaultLevel(
IN DWORD dwScopeId,
IN DWORD InfoBufferSize OPTIONAL,
OUT PVOID InfoBuffer OPTIONAL,
OUT PDWORD InfoBufferRetSize OPTIONAL
);
NTSTATUS NTAPI
CodeAuthzPol_SetInfoDual_DefaultLevel(
IN DWORD dwScopeId,
IN DWORD InfoBufferSize,
OUT PVOID InfoBuffer
);
NTSTATUS NTAPI
CodeAuthzPol_GetInfoCached_HonorUserIdentities(
IN DWORD dwScopeId,
IN DWORD InfoBufferSize OPTIONAL,
OUT PVOID InfoBuffer OPTIONAL,
OUT PDWORD InfoBufferRetSize OPTIONAL
);
NTSTATUS NTAPI
CodeAuthzPol_GetInfoRegistry_HonorUserIdentities(
IN DWORD dwScopeId,
IN DWORD InfoBufferSize OPTIONAL,
OUT PVOID InfoBuffer OPTIONAL,
OUT PDWORD InfoBufferRetSize OPTIONAL
);
NTSTATUS NTAPI
CodeAuthzPol_SetInfoDual_HonorUserIdentities(
IN DWORD dwScopeId,
IN DWORD InfoBufferSize,
IN PVOID InfoBuffer
);
NTSTATUS NTAPI
CodeAuthzPol_GetInfoRegistry_TransparentEnabled(
IN DWORD dwScopeId,
IN DWORD InfoBufferSize OPTIONAL,
OUT PVOID InfoBuffer OPTIONAL,
OUT PDWORD InfoBufferRetSize OPTIONAL
);
NTSTATUS NTAPI
CodeAuthzPol_SetInfoRegistry_TransparentEnabled(
IN DWORD dwScopeId,
IN DWORD InfoBufferSize,
IN PVOID InfoBuffer
);
NTSTATUS NTAPI
CodeAuthzPol_GetInfoRegistry_ScopeFlags(
IN DWORD dwScopeId,
IN DWORD InfoBufferSize OPTIONAL,
OUT PVOID InfoBuffer OPTIONAL,
OUT PDWORD InfoBufferRetSize OPTIONAL
);
NTSTATUS NTAPI
CodeAuthzPol_SetInfoRegistry_ScopeFlags(
IN DWORD dwScopeId,
IN DWORD InfoBufferSize,
IN PVOID InfoBuffer
);
//
// Private function prototypes defined elsewhere.
//
LPVOID NTAPI
CodeAuthzpGetTokenInformation(
IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS TokenInformationClass
);
NTSTATUS NTAPI
CodeAuthzIsExecutableFileType(
IN PUNICODE_STRING szFullPathname,
IN BOOLEAN bFromShellExecute,
OUT PBOOLEAN pbResult
);
NTSTATUS NTAPI
CodeAuthzFullyQualifyFilename(
IN HANDLE hFileHandle OPTIONAL,
IN BOOLEAN bSourceIsNtPath,
IN LPCWSTR szSourceFilePath,
OUT PUNICODE_STRING pUnicodeResult
);
BOOL NTAPI
SaferpLoadUnicodeResourceString(
IN HANDLE hModule,
IN UINT wID,
OUT PUNICODE_STRING pUnicodeString,
IN WORD wLangId
);
#ifdef __cplusplus
}
#endif
#endif