📄 jwawinsafer.pas
字号:
{******************************************************************************}
{ }
{ Windows Safer API interface Unit for Object Pascal }
{ }
{ Portions created by Microsoft are Copyright (C) 1995-2001 Microsoft }
{ Corporation. All Rights Reserved. }
{ }
{ The original file is: winsafer.h, released Nov 2001. The original Pascal }
{ code is: WinSafer.pas, released Februari 2002. The initial developer of the }
{ Pascal code is Marcel van Brakel (brakelm@chello.nl). }
{ }
{ Portions created by Marcel van Brakel are Copyright (C) 1999-2001 }
{ Marcel van Brakel. All Rights Reserved. }
{ }
{ Obtained through: Joint Endeavour of Delphi Innovators (Project JEDI) }
{ }
{ You may retrieve the latest version of this file at the Project JEDI home }
{ page, located at http://delphi-jedi.org or my personal homepage located at }
{ http://members.chello.nl/m.vanbrakel2 }
{ }
{ The contents of this file are used with permission, subject to the Mozilla }
{ Public License Version 1.1 (the "License"); you may not use this file except }
{ in compliance with the License. You may obtain a copy of the License at }
{ http://www.mozilla.org/MPL/MPL-1.1.html }
{ }
{ Software distributed under the License is distributed on an "AS IS" basis, }
{ WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for }
{ the specific language governing rights and limitations under the License. }
{ }
{ Alternatively, the contents of this file may be used under the terms of the }
{ GNU Lesser General Public License (the "LGPL License"), in which case the }
{ provisions of the LGPL License are applicable instead of those above. }
{ If you wish to allow use of your version of this file only under the terms }
{ of the LGPL License and not to allow others to use your version of this file }
{ under the MPL, indicate your decision by deleting the provisions above and }
{ replace them with the notice and other provisions required by the LGPL }
{ License. If you do not delete the provisions above, a recipient may use }
{ your version of this file under either the MPL or the LGPL License. }
{ }
{ For more information about the LGPL: http://www.gnu.org/copyleft/lesser.html }
{ }
{******************************************************************************}
unit JwaWinSafer;
{$WEAKPACKAGEUNIT}
{$HPPEMIT ''}
{$HPPEMIT '#include "winsafer.h"'}
{$HPPEMIT ''}
{$I WINDEFINES.INC}
interface
uses
JwaWinCrypt, JwaWinType;
//
// Opaque datatype for representing handles to Safer objects.
//
type
SAFER_LEVEL_HANDLE = HANDLE;
{$EXTERNALSYM SAFER_LEVEL_HANDLE}
PSAFER_LEVEL_HANDLE = ^SAFER_LEVEL_HANDLE;
{$EXTERNALSYM PSAFER_LEVEL_HANDLE}
TSaferLevelHandle = SAFER_LEVEL_HANDLE;
PSaferLevelHandle = PSAFER_LEVEL_HANDLE;
//
// Constants to represent scope with SaferCreateLevel and others.
//
const
SAFER_SCOPEID_MACHINE = 1;
{$EXTERNALSYM SAFER_SCOPEID_MACHINE}
SAFER_SCOPEID_USER = 2;
{$EXTERNALSYM SAFER_SCOPEID_USER}
//
// Pre-defined levels that can be used with SaferCreateLevel
//
SAFER_LEVELID_FULLYTRUSTED = $40000;
{$EXTERNALSYM SAFER_LEVELID_FULLYTRUSTED}
SAFER_LEVELID_NORMALUSER = $20000;
{$EXTERNALSYM SAFER_LEVELID_NORMALUSER}
SAFER_LEVELID_CONSTRAINED = $10000;
{$EXTERNALSYM SAFER_LEVELID_CONSTRAINED}
SAFER_LEVELID_UNTRUSTED = $01000;
{$EXTERNALSYM SAFER_LEVELID_UNTRUSTED}
SAFER_LEVELID_DISALLOWED = $00000;
{$EXTERNALSYM SAFER_LEVELID_DISALLOWED}
//
// Flags to use when creating/opening a Level with SaferCreateLevel
//
SAFER_LEVEL_OPEN = 1;
{$EXTERNALSYM SAFER_LEVEL_OPEN}
//
// Maximum string size.
//
SAFER_MAX_FRIENDLYNAME_SIZE = 256;
{$EXTERNALSYM SAFER_MAX_FRIENDLYNAME_SIZE}
SAFER_MAX_DESCRIPTION_SIZE = 256;
{$EXTERNALSYM SAFER_MAX_DESCRIPTION_SIZE}
SAFER_MAX_HASH_SIZE = 64;
{$EXTERNALSYM SAFER_MAX_HASH_SIZE}
//
// Flags to use with SaferComputeTokenFromLevel.
//
SAFER_TOKEN_NULL_IF_EQUAL = $00000001;
{$EXTERNALSYM SAFER_TOKEN_NULL_IF_EQUAL}
SAFER_TOKEN_COMPARE_ONLY = $00000002;
{$EXTERNALSYM SAFER_TOKEN_COMPARE_ONLY}
SAFER_TOKEN_MAKE_INERT = $00000004;
{$EXTERNALSYM SAFER_TOKEN_MAKE_INERT}
SAFER_TOKEN_WANT_FLAGS = $00000008;
{$EXTERNALSYM SAFER_TOKEN_WANT_FLAGS}
//
// Flags for specifying what criteria within SAFER_CODE_PROPERTIES to evaluate
// when finding code identity with SaferIdentifyLevel.
//
SAFER_CRITERIA_IMAGEPATH = $00001;
{$EXTERNALSYM SAFER_CRITERIA_IMAGEPATH}
SAFER_CRITERIA_NOSIGNEDHASH = $00002;
{$EXTERNALSYM SAFER_CRITERIA_NOSIGNEDHASH}
SAFER_CRITERIA_IMAGEHASH = $00004;
{$EXTERNALSYM SAFER_CRITERIA_IMAGEHASH}
SAFER_CRITERIA_AUTHENTICODE = $00008;
{$EXTERNALSYM SAFER_CRITERIA_AUTHENTICODE}
SAFER_CRITERIA_URLZONE = $00010;
{$EXTERNALSYM SAFER_CRITERIA_URLZONE}
SAFER_CRITERIA_IMAGEPATH_NT = $01000;
{$EXTERNALSYM SAFER_CRITERIA_IMAGEPATH_NT}
//
// Code image information structure passed to SaferIdentifyLevel.
//
// #include <pshpack8.h> todo
type
_SAFER_CODE_PROPERTIES = record
//
// Must be initialized to be the size of this structure,
// for the purposes of future/backwards compatibility.
//
cbSize: DWORD;
//
// Must be initialized to the types of criteria that should
// be considered when evaluating this structure. This can be
// a combination of the SAFER_CRITERIA_xxxx flags. If not enough
// of the structure elements needed to evaluate the criteria
// types indicated were supplied, then some of those criteria
// flags may be silently ignored. Specifying 0 for this value
// will cause the entire structure's contents to be ignored.
//
dwCheckFlags: DWORD;
//
// Optionally specifies the fully-qualified path and filename
// to be used for discrimination checks based on the path.
// The ImagePath will additionally be used to open and read the
// file to identify any other discrimination criteria that was
// unsupplied in this structure.
//
ImagePath: LPCWSTR;
//
// Optionally specifies a file handle that has been opened to
// code image with at least GENERIC_READ access. The handle will
// be used instead of explicitly opening the file again to compute
// other discrimination criteria that was unsupplied in this structure.
//
hImageFileHandle: HANDLE;
//
// Optionally specifies the pre-determined Internet Explorer
// security zone. These enums are defined within urlmon.h
// For example: URLZONE_LOCAL_MACHINE, URLZONE_INTRANET,
// URLZONE_TRUSTED, URLZONE_INTERNET, or URLZONE_UNTRUSTED.
//
UrlZoneId: DWORD;
//
// Optionally specifies the pre-computed hash of the image.
// The supplied hash is interpreted as being valid if ImageSize
// is non-zero and dwImageHashSize is non-zero and HashAlgorithm
// represents a valid hashing algorithm from wincrypt.h
//
// If the supplied hash fails to meet the conditions above, then
// the hash will be automatically computed against:
// 1) by using ImageSize and pByteBlock if both are non-zero.
// 2) by using hImageFileHandle if it is non-null.
// 3) by attempting to open ImagePath if it is non-null.
//
ImageHash: array [0..SAFER_MAX_HASH_SIZE - 1] of BYTE;
dwImageHashSize: DWORD;
ImageSize: LARGE_INTEGER;
HashAlgorithm: ALG_ID;
//
// Optionally specifies a memory block of memory representing
// the image for which the trust is being requested for. When
// this member is specified, ImageSize must also be supplied.
//
pByteBlock: LPBYTE;
//
// Optionally gives the arguments used for Authenticode signer
// certificate verification. These arguments are supplied to the
// WinVerifyTrust() API and control the user-interface prompting
// to accept untrusted certificates.
//
hWndParent: HWND;
dwWVTUIChoice: DWORD;
end;
{$EXTERNALSYM _SAFER_CODE_PROPERTIES}
SAFER_CODE_PROPERTIES = _SAFER_CODE_PROPERTIES;
{$EXTERNALSYM SAFER_CODE_PROPERTIES}
PSAFER_CODE_PROPERTIES = ^SAFER_CODE_PROPERTIES;
{$EXTERNALSYM PSAFER_CODE_PROPERTIES}
TSaferCodeProperties = SAFER_CODE_PROPERTIES;
PSaferCodeProperties = PSAFER_CODE_PROPERTIES;
// #include <poppack.h>
//
// Masks for the per-identity WinSafer flags
//
const
SAFER_POLICY_JOBID_MASK = DWORD($FF000000);
{$EXTERNALSYM SAFER_POLICY_JOBID_MASK}
SAFER_POLICY_JOBID_CONSTRAINED = $04000000;
{$EXTERNALSYM SAFER_POLICY_JOBID_CONSTRAINED}
SAFER_POLICY_JOBID_UNTRUSTED = $03000000;
{$EXTERNALSYM SAFER_POLICY_JOBID_UNTRUSTED}
SAFER_POLICY_ONLY_EXES = $00010000;
{$EXTERNALSYM SAFER_POLICY_ONLY_EXES}
SAFER_POLICY_SANDBOX_INERT = $00020000;
{$EXTERNALSYM SAFER_POLICY_SANDBOX_INERT}
SAFER_POLICY_UIFLAGS_MASK = $000000FF;
{$EXTERNALSYM SAFER_POLICY_UIFLAGS_MASK}
SAFER_POLICY_UIFLAGS_INFORMATION_PROMPT = $00000001;
{$EXTERNALSYM SAFER_POLICY_UIFLAGS_INFORMATION_PROMPT}
SAFER_POLICY_UIFLAGS_OPTION_PROMPT = $00000002;
{$EXTERNALSYM SAFER_POLICY_UIFLAGS_OPTION_PROMPT}
//
// Information classes on the overall policy that can be queried
// with SaferSet/GetPolicyInformation and set at different
// policy scopes based on access of the caller.
//
type
_SAFER_POLICY_INFO_CLASS = (
spicFiller0,
//
// Accesses the list of all Levels defined in a policy.
// The corresponding data element is a buffer that is filled
// with multiple DWORDs, each representing the LevelIds that
// are defined within this scope.
//
SaferPolicyLevelList,
//
// for transparent enforcement of policy in the execution
// framework -- will be used by native code execution but can
// be used by any policy enforcement environment.
// Corresponding data element is a DWORD holding a Boolean value.
//
SaferPolicyEnableTransparentEnforcement,
//
// Returns the name of the Level that has been designed
// as the default level within the specified scope.
// The corresponding data element is a single DWORD buffer
// representing the LevelId of the default Level. If no
// level has been configured to be the default, then the
// GetInfo API will return FALSE and GetLastError will
// return ERROR_NOT_FOUND.
//
SaferPolicyDefaultLevel,
//
// Returns whether Code Identities or Default Level within the
// user scope can be considered during identification.
//
SaferPolicyEvaluateUserScope,
//
// Control Flags for for safer policy scope.
//
SaferPolicyScopeFlags);
{$EXTERNALSYM _SAFER_POLICY_INFO_CLASS}
SAFER_POLICY_INFO_CLASS = _SAFER_POLICY_INFO_CLASS;
{$EXTERNALSYM SAFER_POLICY_INFO_CLASS}
TSaferPolicyInfoClass = SAFER_POLICY_INFO_CLASS;
//
// Enumerations used for retrieving specific information about a
// single authorization Level via SaferGet/SetInformationFromLevel.
//
_SAFER_OBJECT_INFO_CLASS = (
soicFillter0,
SaferObjectLevelId, // get: DWORD
SaferObjectScopeId, // get: DWORD
SaferObjectFriendlyName, // get/set: LPCWSTR
SaferObjectDescription, // get/set: LPCWSTR
SaferObjectBuiltin, // get: DWORD boolean
SaferObjectDisallowed, // get: DWORD boolean
SaferObjectDisableMaxPrivilege, // get: DWORD boolean
SaferObjectInvertDeletedPrivileges, // get: DWORD boolean
SaferObjectDeletedPrivileges, // get: TOKEN_PRIVILEGES
SaferObjectDefaultOwner, // get: TOKEN_OWNER
SaferObjectSidsToDisable, // get: TOKEN_GROUPS
SaferObjectRestrictedSidsInverted, // get: TOKEN_GROUPS
SaferObjectRestrictedSidsAdded, // get: TOKEN_GROUPS
//
// To enumerate all identities, call GetInfo with
// SaferObjectAllIdentificationGuids.
//
SaferObjectAllIdentificationGuids, // get: SAFER_IDENTIFICATION_GUIDS
//
// To create a new identity, call SetInfo with
// SaferObjectSingleIdentification with a new
// unique GUID that you have generated.
// To get details on a single identity, call GetInfo with
// SaferObjectSingleIdentification with desired GUID.
// To modify details of a single identity, call SetInfo with
// SaferObjectSingleIdentification with desired info and GUID.
// To delete an identity, call SetInfo with
// SaferObjectSingleIdentification with the
// header.dwIdentificationType set to 0.
//
SaferObjectSingleIdentification, // get/set: SAFER_IDENTIFICATION_*
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -