186 lines
5.7 KiB
C
186 lines
5.7 KiB
C
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
#define SAFER_SCOPEID_REGISTRY 3
|
|
#define SAFER_LEVEL_DELETE 2
|
|
#define SAFER_LEVEL_CREATE 4
|
|
|
|
//
|
|
// Private registry key locations.
|
|
//
|
|
|
|
#define SAFER_HKLM_REGBASE L"Software\\Policies\\Microsoft\\Windows\\Safer"
|
|
#define SAFER_HKCU_REGBASE L"Software\\Policies\\Microsoft\\Windows\\Safer"
|
|
|
|
//
|
|
// default winsafer executable file types as a multisz string
|
|
//
|
|
|
|
#define SAFER_DEFAULT_EXECUTABLE_FILE_TYPES L"ADE\0ADP\0BAS\0BAT\0CHM\0\
|
|
CMD\0COM\0CPL\0CRT\0EXE\0HLP\0HTA\0INF\0INS\0ISP\0LNK\0MDB\0MDE\0MSC\0\
|
|
MSI\0MSP\0MST\0OCX\0PCD\0PIF\0REG\0SCR\0SHS\0URL\0VB\0WSC\0"
|
|
|
|
|
|
//
|
|
// name of the objects sub-branch.
|
|
//
|
|
|
|
#define SAFER_OBJECTS_REGSUBKEY L"LevelObjects"
|
|
|
|
//
|
|
// names of the values under each of the object sub-branches.
|
|
//
|
|
|
|
#define SAFER_OBJFRIENDLYNAME_REGVALUEW L"FriendlyName"
|
|
#define SAFER_OBJDESCRIPTION_REGVALUEW L"Description"
|
|
#define SAFER_OBJDISALLOW_REGVALUE L"DisallowExecution"
|
|
|
|
//
|
|
// name of the code identifiers sub-branch
|
|
//
|
|
|
|
#define SAFER_CODEIDS_REGSUBKEY L"CodeIdentifiers"
|
|
|
|
//
|
|
// name of the value under the top level code identifier branch.
|
|
//
|
|
|
|
#define SAFER_DEFAULTOBJ_REGVALUE L"DefaultLevel"
|
|
#define SAFER_TRANSPARENTENABLED_REGVALUE L"TransparentEnabled"
|
|
#define SAFER_HONORUSER_REGVALUE L"HonorUserIdentities"
|
|
#define SAFER_EXETYPES_REGVALUE L"ExecutableTypes"
|
|
#define SAFER_POLICY_SCOPE L"PolicyScope"
|
|
#define SAFER_LOGFILE_NAME L"LogFileName"
|
|
#define SAFER_HIDDEN_LEVELS L"Levels"
|
|
#define SAFER_AUTHENTICODE_REGVALUE L"AuthenticodeEnabled"
|
|
|
|
//
|
|
// names of the various subkeys under the code identifier sub-branches
|
|
//
|
|
|
|
#define SAFER_PATHS_REGSUBKEY L"Paths"
|
|
#define SAFER_HASHMD5_REGSUBKEY L"Hashes"
|
|
#define SAFER_SOURCEURL_REGSUBKEY L"UrlZones"
|
|
|
|
//
|
|
// names of the various values under each code identifiery sub-branch.
|
|
//
|
|
|
|
#define SAFER_IDS_LASTMODIFIED_REGVALUE L"LastModified"
|
|
#define SAFER_IDS_DESCRIPTION_REGVALUE L"Description"
|
|
#define SAFER_IDS_ITEMSIZE_REGVALUE L"ItemSize"
|
|
#define SAFER_IDS_ITEMDATA_REGVALUE L"ItemData"
|
|
#define SAFER_IDS_SAFERFLAGS_REGVALUE L"SaferFlags"
|
|
#define SAFER_IDS_FRIENDLYNAME_REGVALUE L"FriendlyName"
|
|
#define SAFER_IDS_HASHALG_REGVALUE L"HashAlg"
|
|
#define SAFER_VALUE_NAME_DEFAULT_LEVEL L"DefaultLevel"
|
|
#define SAFER_VALUE_NAME_HASH_SIZE L"HashSize"
|
|
|
|
//
|
|
// registry values
|
|
//
|
|
|
|
#define SAFER_IDS_LEVEL_DESCRIPTION_FULLY_TRUSTED L"DescriptionFullyTrusted"
|
|
#define SAFER_IDS_LEVEL_DESCRIPTION_NORMAL_USER L"DescriptionNormalUser"
|
|
#define SAFER_IDS_LEVEL_DESCRIPTION_CONSTRAINED L"DescriptionConstrained"
|
|
#define SAFER_IDS_LEVEL_DESCRIPTION_UNTRUSTED L"DescriptionUntrusted"
|
|
#define SAFER_IDS_LEVEL_DESCRIPTION_DISALLOWED L"DescriptionDisallowed"
|
|
|
|
//
|
|
// defines for OOB rules
|
|
//
|
|
//#define SAFER_DEFAULT_OLK_RULE_PATH L"%USERPROFILE%\\Local Settings\\Temporary Internet Files\\OLK\\"
|
|
|
|
#define SAFER_LEVEL_ZERO L"0"
|
|
#define SAFER_REGKEY_SEPERATOR L"\\"
|
|
#define SAFER_DEFAULT_RULE_GUID L"{dda3f824-d8cb-441b-834d-be2efd2c1a33}"
|
|
|
|
|
|
|
|
#define SAFERP_WINDOWS_GUID {0x191cd7fa, 0xf240, 0x4a17, 0x89, 0x86, 0x94, 0xd4, 0x80, 0xa6, 0xc8, 0xca}
|
|
|
|
#define SAFERP_WINDOWS_EXE_GUID {0x7272edfb, 0xaf9f, 0x4ddf, 0xb6, 0x5b, 0xe4, 0x28, 0x2f, 0x2d, 0xee, 0xfc}
|
|
|
|
#define SAFERP_SYSTEM_EXE_GUID {0x8868b733, 0x4b3a, 0x48f8, 0x91, 0x36, 0xaa, 0x6d, 0x05, 0xd4, 0xfc, 0x83}
|
|
|
|
#define SAFERP_PROGRAMFILES_GUID {0xd2c34ab2, 0x529a, 0x46b2, 0xb2, 0x93, 0xfc, 0x85, 0x3f, 0xce, 0x72, 0xea}
|
|
|
|
|
|
#define SAFER_GUID_RESULT_TRUSTED_CERT \
|
|
{ 0xc59e7b5a, \
|
|
0xaf71, \
|
|
0x4595, \
|
|
{0xb8, 0xdb, 0x46, 0xb4, 0x91, 0xe8, 0x90, 0x07} }
|
|
|
|
#define SAFER_GUID_RESULT_DEFAULT_LEVEL \
|
|
{ 0x11015445, \
|
|
0xd282, \
|
|
0x4f86, \
|
|
{0x96, 0xa2, 0x9e, 0x48, 0x5f, 0x59, 0x33, 0x02} }
|
|
|
|
|
|
|
|
//
|
|
// The following is a private function that is exported
|
|
// for WinVerifyTrust to call to determine if a given hash has a
|
|
// WinSafer policy associated with it.
|
|
//
|
|
|
|
BOOL WINAPI
|
|
SaferiSearchMatchingHashRules(
|
|
IN ALG_ID HashAlgorithm OPTIONAL,
|
|
IN PBYTE pHashBytes,
|
|
IN DWORD dwHashSize,
|
|
IN DWORD dwOriginalImageSize OPTIONAL,
|
|
OUT PDWORD pdwFoundLevel,
|
|
OUT PDWORD pdwSaferFlags
|
|
);
|
|
|
|
//
|
|
// The following is a private function exported to allow the current
|
|
// registry scope to be altered. This has the effect of changing
|
|
// how AUTHZSCOPEID_REGISTRY is interepreted.
|
|
//
|
|
|
|
WINADVAPI
|
|
BOOL WINAPI
|
|
SaferiChangeRegistryScope(
|
|
IN HKEY hKeyCustomRoot OPTIONAL,
|
|
IN DWORD dwKeyOptions
|
|
);
|
|
|
|
//
|
|
// The following is a private function provided to try to empiracally
|
|
// determine if the two access token have been restricted with comparable
|
|
// WinSafer authorization Levels. When TRUE is returned, the pdwResult
|
|
// output parameter will receive any of the following values:
|
|
// -1 = Client's access token is more authorized than Server's.
|
|
// 0 = Client's access token is comparable level to Server's.
|
|
// 1 = Server's access token is more authorized than Clients's.
|
|
//
|
|
|
|
WINADVAPI
|
|
BOOL WINAPI
|
|
SaferiCompareTokenLevels (
|
|
IN HANDLE ClientAccessToken,
|
|
IN HANDLE ServerAccessToken,
|
|
OUT PDWORD pdwResult
|
|
);
|
|
|
|
|
|
//
|
|
// The following is a private function exported to allow population if defaults in
|
|
// the registry.
|
|
//
|
|
BOOL WINAPI
|
|
SaferiPopulateDefaultsInRegistry(
|
|
IN HKEY hKeyBase,
|
|
OUT BOOL *pbSetDefaults
|
|
);
|
|
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|