windows-nt/Source/XPSP1/NT/ds/security/winsafer/safepol.c

305 lines
6.7 KiB
C
Raw Normal View History

2020-09-26 03:20:57 -05:00
/*++
Copyright (c) 1997-2000 Microsoft Corporation
Module Name:
safepol.c (SAFER Code Authorization Policy)
Abstract:
This module implements the WinSAFER APIs
Author:
Jeffrey Lawson (JLawson) - Apr 1999
Environment:
User mode only.
Exported Functions:
CodeAuthzpGetInformationCodeAuthzPolicy
CodeAuthzpSetInformationCodeAuthzPolicy
SaferGetPolicyInformation (public win32)
SaferSetPolicyInformation (public win32)
Revision History:
Created - Apr 1999
--*/
#include "pch.h"
#pragma hdrstop
#include <winsafer.h>
#include <winsaferp.h>
#include "saferp.h"
NTSTATUS NTAPI
CodeAuthzpGetInformationCodeAuthzPolicy (
IN DWORD dwScopeId,
IN SAFER_POLICY_INFO_CLASS CodeAuthzPolicyInfoClass,
IN DWORD InfoBufferSize,
IN OUT PVOID InfoBuffer,
OUT PDWORD InfoBufferRetSize
)
/*++
Routine Description:
Arguments:
dwScopeId -
CodeAuthzPolicyInfoClass -
InfoBufferSize -
InfoBuffer -
InfoBufferRetSize -
Return Value:
Returns STATUS_SUCCESS if no error occurs, otherwise returns the
status code indicating the nature of the failure.
--*/
{
NTSTATUS Status;
//
// Handle the specific information type as appropriate.
//
switch (CodeAuthzPolicyInfoClass)
{
case SaferPolicyLevelList:
// scope is only primary.
Status = CodeAuthzPol_GetInfoCached_LevelListRaw(
dwScopeId,
InfoBufferSize, InfoBuffer, InfoBufferRetSize);
break;
case SaferPolicyDefaultLevel:
// scope is primary or secondary for non-registry case.
Status = CodeAuthzPol_GetInfoCached_DefaultLevel(
dwScopeId,
InfoBufferSize, InfoBuffer, InfoBufferRetSize);
break;
case SaferPolicyEnableTransparentEnforcement:
// scope is only primary.
Status = CodeAuthzPol_GetInfoRegistry_TransparentEnabled(
dwScopeId,
InfoBufferSize, InfoBuffer, InfoBufferRetSize);
break;
case SaferPolicyEvaluateUserScope:
// scope is only primary.
Status = CodeAuthzPol_GetInfoCached_HonorUserIdentities(
dwScopeId,
InfoBufferSize, InfoBuffer, InfoBufferRetSize);
break;
case SaferPolicyScopeFlags:
// scope is only primary.
Status = CodeAuthzPol_GetInfoRegistry_ScopeFlags(
dwScopeId,
InfoBufferSize, InfoBuffer, InfoBufferRetSize);
break;
default:
Status = STATUS_INVALID_INFO_CLASS;
break;
}
return Status;
}
NTSTATUS NTAPI
CodeAuthzpSetInformationCodeAuthzPolicy (
IN DWORD dwScopeId,
IN SAFER_POLICY_INFO_CLASS CodeAuthzPolicyInfoClass,
IN DWORD InfoBufferSize,
OUT PVOID InfoBuffer
)
/*++
Routine Description:
Arguments:
dwScopeId -
CodeAuthzPolicyInfoClass -
InfoBufferSize -
InfoBuffer -
Return Value:
Returns STATUS_SUCCESS if no error occurs, otherwise returns the
status code indicating the nature of the failure.
--*/
{
NTSTATUS Status;
//
// Handle the specific information type as appropriate.
//
switch (CodeAuthzPolicyInfoClass)
{
case SaferPolicyLevelList:
// not valid for setting.
Status = STATUS_INVALID_INFO_CLASS;
break;
case SaferPolicyDefaultLevel:
// scope is primary or secondary for non-registry case.
Status = CodeAuthzPol_SetInfoDual_DefaultLevel(
dwScopeId, InfoBufferSize, InfoBuffer);
break;
case SaferPolicyEnableTransparentEnforcement:
// scope is only primary.
Status = CodeAuthzPol_SetInfoRegistry_TransparentEnabled(
dwScopeId, InfoBufferSize, InfoBuffer);
break;
case SaferPolicyScopeFlags:
// scope is only primary.
Status = CodeAuthzPol_SetInfoRegistry_ScopeFlags(
dwScopeId, InfoBufferSize, InfoBuffer);
break;
case SaferPolicyEvaluateUserScope:
// scope is only primary.
Status = CodeAuthzPol_SetInfoDual_HonorUserIdentities(
dwScopeId, InfoBufferSize, InfoBuffer);
break;
default:
Status = STATUS_INVALID_INFO_CLASS;
break;
}
return Status;
}
BOOL WINAPI
SaferGetPolicyInformation(
IN DWORD dwScopeId,
IN SAFER_POLICY_INFO_CLASS CodeAuthzPolicyInfoClass,
IN DWORD InfoBufferSize,
IN OUT PVOID InfoBuffer,
IN OUT PDWORD InfoBufferRetSize,
IN LPVOID lpReserved
)
/*++
Routine Description:
Arguments:
dwScopeId -
CodeAuthzPolicyInfoClass -
InfoBufferSize -
InfoBuffer -
InfoBufferRetSize -
lpReserved - unused, must be zero.
Return Value:
Returns TRUE if successful, otherwise returns FALSE and sets
the value returned by GetLastError() to be the specific cause.
--*/
{
NTSTATUS Status;
Status = CodeAuthzpGetInformationCodeAuthzPolicy(
dwScopeId, CodeAuthzPolicyInfoClass,
InfoBufferSize, InfoBuffer, InfoBufferRetSize);
if (NT_SUCCESS(Status))
return TRUE;
BaseSetLastNTError(Status);
UNREFERENCED_PARAMETER(lpReserved);
return FALSE;
}
BOOL WINAPI
SaferSetPolicyInformation(
IN DWORD dwScopeId,
IN SAFER_POLICY_INFO_CLASS CodeAuthzPolicyInfoClass,
IN DWORD InfoBufferSize,
IN PVOID InfoBuffer,
IN LPVOID lpReserved
)
/*++
Routine Description:
Arguments:
dwScopeId -
CodeAuthzPolicyInfoClass -
InfoBufferSize -
InfoBuffer -
lpReserved - unused, must be zero.
Return Value:
Returns TRUE if successful, otherwise returns FALSE and sets
the value returned by GetLastError() to be the specific cause.
--*/
{
NTSTATUS Status;
Status = CodeAuthzpSetInformationCodeAuthzPolicy (
dwScopeId, CodeAuthzPolicyInfoClass,
InfoBufferSize, InfoBuffer);
if (NT_SUCCESS(Status))
return TRUE;
BaseSetLastNTError(Status);
UNREFERENCED_PARAMETER(lpReserved);
return FALSE;
}