summaryrefslogtreecommitdiff
path: root/src/inc/corperm.h
blob: e8c7cc7c996d0a79d245281bc9a206d0d492ead1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
//*****************************************************************************
// File: CorPerm.H
//
// Defines the public routines defined in the security libraries. All these
// routines are defined within CorPerm.lib.
//
//*****************************************************************************

#ifndef _CORPERM_H_
#define _CORPERM_H_

#include <ole2.h> // Definitions of OLE types.

#ifndef FEATURE_PAL
#include <wintrust.h>
#endif

#include <specstrings.h>
#include "corhdr.h"
#include "corpolicy.h"

#ifdef __cplusplus
extern "C" {
#endif


//--------------------------------------------------------------------------
// Global security settings
// ------------------------
// 

// Needs to be in sync with URLZONE
typedef enum {
    LocalMachine = 0, /* URLZONE_LOCAL_MACHINE */     // 0, My Computer
    Intranet     = 1, /* URLZONE_INTRANET */          // 1, The Intranet
    Trusted      = 2, /* URLZONE_TRUSTED */           // 2, Trusted Zone
    Internet     = 3, /* URLZONE_INTERNET */          // 3, The Internet
    Untrusted    = 4, /* URLZONE_UNTRUSTED */         // 4, Untrusted Zone
    NumZones     = 5,
    NoZone       = -1
} SecZone;

// Managed URL action flags (see urlmon.idl)
#define URLACTION_MANAGED_MIN                           0x00002000
#define URLACTION_MANAGED_SIGNED                        0x00002001
#define URLACTION_MANAGED_UNSIGNED                      0x00002004
#define URLACTION_MANAGED_MANIFEST_PERMISSIONS          0x00002007
#define URLACTION_MANAGED_MAX                           0x000020FF

// Global disable flags. These are set for every zone.
#define CORSETTING_EXECUTION_PERMISSION_CHECK_DISABLED  0x00000100

// Trust Levels 
#define URLPOLICY_COR_NOTHING                   0x00000000
#define URLPOLICY_COR_TIME                      0x00010000
#define URLPOLICY_COR_EQUIPMENT                 0x00020000
#define URLPOLICY_COR_EVERYTHING                0x00030000
#define URLPOLICY_COR_CUSTOM                    0x00800000

// Manifest permission settings - note that URLPOLICY_DISABLED is also a valid value
#define URLPOLICY_COR_HIGH_SAFETY               0x00010000
#define URLPOLICY_COR_LOW_SAFETY                0x00030000

#define KEY_COM_SECURITY_POLICY L"\\Security\\Policy" 
#define KEY_COM_SECURITY_ZONEOVERRIDE L"TreatCustomZonesAsInternetZone"
#define HKEY_POLICY_ROOT        HKEY_LOCAL_MACHINE

#ifndef FEATURE_PAL

//--------------------------------------------------------------------
// GetPublisher
// ------------
// Returns signature information (Encoded signature and permissions)
// NOTE: This does perform any policy checks on the certificates. All
// that can be determined is the File was signed and the bits are OK.
//
// Free information with CoTaskMemFree (just the pointer not the contents)
//

#define COR_UNSIGNED_NO         0x0
#define COR_UNSIGNED_YES        0x1
#define COR_UNSIGNED_ALWAYS     0x2

extern HRESULT DisplayUnsignedRequestDialog(HWND hParent,       // Parents hwnd
                                            PCRYPT_PROVIDER_DATA pData, 
                                            LPCWSTR pURL,       // Url associated with code
                                            LPCWSTR pZONE,      // Zone associated with code
                                            DWORD* pdwState);   // Return COR_UNSIGNED_YES or COR_UNSIGNED_NO

// For dwFlag values
#define COR_NOUI               0x01
#define COR_NOPOLICY           0x02
#define COR_DISPLAYGRANTED     0x04    // Intersect the requested permissions with the policy to 
                                       // to display the granted set

HRESULT STDMETHODCALLTYPE
GetPublisher(__in __in_z IN LPWSTR        pwsFileName,      // File name, this is required even with the handle
             IN HANDLE        hFile,            // Optional file name
             IN  DWORD        dwFlags,          // COR_NOUI or COR_NOPOLICY
             OUT PCOR_TRUST  *pInfo,            // Returns a PCOR_TRUST (Use CoTaskMemFree)
             OUT DWORD       *dwInfo);          // Size of pInfo.

#endif  // !FEATURE_PAL

interface IMetaDataAssemblyImport;

// Structure used to describe an individual security permission.
class CORSEC_ATTRIBUTE
{
public:
    DWORD           dwIndex;                    // Unique permission index used for error tracking
    CHAR*           pName;   // Fully qualified permission class name
    mdMemberRef     tkCtor;                     // Custom attribute constructor
    mdTypeRef       tkTypeRef;                  // Custom attribute class ref
    mdAssemblyRef   tkAssemblyRef;              // Custom attribute class assembly
    BYTE            *pbValues;                  // Serialized field/property initializers
    SIZE_T          cbValues;                   // Byte count for above
    WORD            wValues;                    // Count of values in above

    CORSEC_ATTRIBUTE()
    {
        pbValues = NULL;
        pName = NULL;
    }

    ~CORSEC_ATTRIBUTE()
    {
        delete [] pbValues;
        delete [] pName;
    }
};

// Context structure that tracks the creation of a security permission set from
// individual permission requests.
class CORSEC_ATTRSET
{
public:
    mdToken         tkObj;                      // Parent object
    DWORD           dwAction;                   // Security action type (CorDeclSecurity)
    DWORD           dwAttrCount;              // Number of attributes in set
    CORSEC_ATTRIBUTE     *pAttrs;              // Pointer to array of attributes
    DWORD           dwAllocated;                // Number of elements in above array
#ifdef __cplusplus
    IMetaDataAssemblyImport *pImport;           // Current meta data scope
    IUnknown        *pAppDomain;                // AppDomain in which managed security code will be run. 

#else
    void            *pImport;
    void            *pAppDomain;
#endif

    CORSEC_ATTRSET()
    {
        pAttrs = NULL;
    }

    ~CORSEC_ATTRSET()
    {
        delete [] pAttrs;
    }
};

// Reads permission requests (if any) from the manifest of an assembly.
HRESULT STDMETHODCALLTYPE
GetPermissionRequests(LPCWSTR   pwszFileName,
                      BYTE    **ppbMinimal,
                      DWORD    *pcbMinimal,
                      BYTE    **ppbOptional,
                      DWORD    *pcbOptional,
                      BYTE    **ppbRefused,
                      DWORD    *pcbRefused);

// Translate a set of security custom attributes into a serialized permission set blob.
HRESULT STDMETHODCALLTYPE
TranslateSecurityAttributes(CORSEC_ATTRSET    *pPset,
                            BYTE          **ppbOutput,
                            DWORD          *pcbOutput,
                            BYTE          **ppbNonCasOutput,
                            DWORD          *pcbNonCasOutput,
                            DWORD          *pdwErrorIndex);

class CMiniMdRW;
struct IMDInternalImport;

HRESULT STDMETHODCALLTYPE
GroupSecurityAttributesByAction(CORSEC_ATTRSET /*OUT*/rPermSets[],
                                      COR_SECATTR rSecAttrs[],
                                      ULONG cSecAttrs,
                                      mdToken tkObj,
                                      ULONG *pulErrorAttr,
                                      CMiniMdRW* pMiniMd,
                                      IMDInternalImport* pInternalImport);

// if pBuffer is NULL, this just sets *pCount to the number of bytes required
// if pBuffer is not NULL, it serializes pAttrSet into pBuffer
HRESULT AttributeSetToBlob(CORSEC_ATTRSET* pAttrSet, BYTE* pBuffer, SIZE_T* pCount, IMetaDataAssemblyImport *pImport, DWORD dwAction);

#ifdef __cplusplus
}
#endif

#endif