Home Explore Help
Sign In
pascal
/
freepascal.compiler
mirror of https://gitlab.com/freepascal.org/fpc/source.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: bde44508b1
Branches Tags
freepascal.comp...
/
packages
/
base
/
winunits
/
jwaauthz.pas

jwaauthz.pas 25 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705 
  1. {******************************************************************************}
    2. 

  2. {                                                                              }
    3. 

  3. { Authorization Framework API interface Unit for Object Pascal                 }
    4. 

  4. {                                                                              }
    5. 

  5. { Portions created by Microsoft are Copyright (C) 1995-2001 Microsoft          }
    6. 

  6. { Corporation. All Rights Reserved.                                            }
    7. 

  7. {                                                                              }
    8. 

  8. { The original file is: authz.h, released August 2001. The original Pascal     }
    9. 

  9. { code is: Authz.pas, released October 2001. The initial developer of the      }
    10. 

  10. { Pascal code is Marcel van Brakel (brakelm att chello dott nl).               }
    11. 

  11. {                                                                              }
    12. 

  12. { Portions created by Marcel van Brakel are Copyright (C) 1999-2001            }
    13. 

  13. { Marcel van Brakel. All Rights Reserved.                                      }
    14. 

  14. {                                                                              }
    15. 

  15. { Obtained through: Joint Endeavour of Delphi Innovators (Project JEDI)        }
    16. 

  16. {                                                                              }
    17. 

  17. { You may retrieve the latest version of this file at the Project JEDI         }
    18. 

  18. { APILIB home page, located at http://jedi-apilib.sourceforge.net              }
    19. 

  19. {                                                                              }
    20. 

  20. { The contents of this file are used with permission, subject to the Mozilla   }
    21. 

  21. { Public License Version 1.1 (the "License"); you may not use this file except }
    22. 

  22. { in compliance with the License. You may obtain a copy of the License at      }
    23. 

  23. { http://www.mozilla.org/MPL/MPL-1.1.html                                      }
    24. 

  24. {                                                                              }
    25. 

  25. { Software distributed under the License is distributed on an "AS IS" basis,   }
    26. 

  26. { WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for }
    27. 

  27. { the specific language governing rights and limitations under the License.    }
    28. 

  28. {                                                                              }
    29. 

  29. { Alternatively, the contents of this file may be used under the terms of the  }
    30. 

  30. { GNU Lesser General Public License (the  "LGPL License"), in which case the   }
    31. 

  31. { provisions of the LGPL License are applicable instead of those above.        }
    32. 

  32. { If you wish to allow use of your version of this file only under the terms   }
    33. 

  33. { of the LGPL License and not to allow others to use your version of this file }
    34. 

  34. { under the MPL, indicate your decision by deleting  the provisions above and  }
    35. 

  35. { replace  them with the notice and other provisions required by the LGPL      }
    36. 

  36. { License.  If you do not delete the provisions above, a recipient may use     }
    37. 

  37. { your version of this file under either the MPL or the LGPL License.          }
    38. 

  38. {                                                                              }
    39. 

  39. { For more information about the LGPL: http://www.gnu.org/copyleft/lesser.html }
    40. 

  40. {                                                                              }
    41. 

  41. {******************************************************************************}
    42. 

  42. 

  43. // $Id: JwaAuthz.pas,v 1.10 2005/09/06 16:36:50 marquardt Exp $
    44. 

  44. 

  45. unit JwaAuthz;
    46. 

  46. 

  47. {$WEAKPACKAGEUNIT}
    48. 

  48. 

  49. {$HPPEMIT ''}
    50. 

  50. {$HPPEMIT '#include "authz.h"'}
    51. 

  51. {$HPPEMIT ''}
    52. 

  52. 

  53. {$I jediapilib.inc}
    54. 

  54. 

  55. interface
    56. 

  56. 

  57. uses
    58. 

  58.   JwaWindows;
    59. 

  59. 

  60. //
    61. 

  61. // Flags which may be used at the time of client context creation using a sid.
    62. 

  62. //
    63. 

  63. 

  64. const
    65. 

  65.   AUTHZ_SKIP_TOKEN_GROUPS = $2;
    66. 

  66.   {$EXTERNALSYM AUTHZ_SKIP_TOKEN_GROUPS}
    67. 

  67.   AUTHZ_REQUIRE_S4U_LOGON = $4;
    68. 

  68.   {$EXTERNALSYM AUTHZ_REQUIRE_S4U_LOGON}
    69. 

  69. 

  70. type
    71. 

  71.   AUTHZ_ACCESS_CHECK_RESULTS_HANDLE = HANDLE;
    72. 

  72.   {$EXTERNALSYM AUTHZ_ACCESS_CHECK_RESULTS_HANDLE}
    73. 

  73.   AUTHZ_CLIENT_CONTEXT_HANDLE = HANDLE;
    74. 

  74.   {$EXTERNALSYM AUTHZ_CLIENT_CONTEXT_HANDLE}
    75. 

  75.   AUTHZ_RESOURCE_MANAGER_HANDLE = HANDLE;
    76. 

  76.   {$EXTERNALSYM AUTHZ_RESOURCE_MANAGER_HANDLE}
    77. 

  77.   AUTHZ_AUDIT_EVENT_HANDLE = HANDLE;
    78. 

  78.   {$EXTERNALSYM AUTHZ_AUDIT_EVENT_HANDLE}
    79. 

  79.   AUTHZ_AUDIT_EVENT_TYPE_HANDLE = HANDLE;
    80. 

  80.   {$EXTERNALSYM AUTHZ_AUDIT_EVENT_TYPE_HANDLE}
    81. 

  81.   AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE = HANDLE;
    82. 

  82.   {$EXTERNALSYM AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE}
    83. 

  83. 

  84.   PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE = ^AUTHZ_ACCESS_CHECK_RESULTS_HANDLE;
    85. 

  85.   {$EXTERNALSYM PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE}
    86. 

  86.   PAUTHZ_CLIENT_CONTEXT_HANDLE = ^AUTHZ_CLIENT_CONTEXT_HANDLE;
    87. 

  87.   {$EXTERNALSYM PAUTHZ_CLIENT_CONTEXT_HANDLE}
    88. 

  88.   PAUTHZ_RESOURCE_MANAGER_HANDLE = ^AUTHZ_RESOURCE_MANAGER_HANDLE;
    89. 

  89.   {$EXTERNALSYM PAUTHZ_RESOURCE_MANAGER_HANDLE}
    90. 

  90.   PAUTHZ_AUDIT_EVENT_HANDLE = ^AUTHZ_AUDIT_EVENT_HANDLE;
    91. 

  91.   {$EXTERNALSYM PAUTHZ_AUDIT_EVENT_HANDLE}
    92. 

  92.   PAUTHZ_AUDIT_EVENT_TYPE_HANDLE = ^AUTHZ_AUDIT_EVENT_TYPE_HANDLE;
    93. 

  93.   {$EXTERNALSYM PAUTHZ_AUDIT_EVENT_TYPE_HANDLE}
    94. 

  94.   PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE = ^AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE;
    95. 

  95.   {$EXTERNALSYM PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE}
    96. 

  96. 

  97. //
    98. 

  98. // Structure defining the access check request.
    99. 

  99. //
    100. 

  100. 

  101.   PAUTHZ_ACCESS_REQUEST = ^AUTHZ_ACCESS_REQUEST;
    102. 

  102.   {$EXTERNALSYM PAUTHZ_ACCESS_REQUEST}
    103. 

  103.   _AUTHZ_ACCESS_REQUEST = record
    104. 

  104.     DesiredAccess: ACCESS_MASK;
    105. 

  105.     //
    106. 

  106.     // To replace the principal self sid in the acl.
    107. 

  107.     //
    108. 

  108.     PrincipalSelfSid: PSID;
    109. 

  109.     //
    110. 

  110.     // Object type list represented by an array of (level, guid) pair and the
    111. 

  111.     // number of elements in the array. This is a post-fix representation of the
    112. 

  112.     // object tree.
    113. 

  113.     // These fields should be set to NULL and 0 respectively except when per
    114. 

  114.     // property access is desired.
    115. 

  115.     //
    116. 

  116.     ObjectTypeList: POBJECT_TYPE_LIST;
    117. 

  117.     ObjectTypeListLength: DWORD;
    118. 

  118.     //
    119. 

  119.     // To support completely business rules based access. This will be passed as
    120. 

  120.     // input to the callback access check function. Access check algorithm does
    121. 

  121.     // not interpret these.
    122. 

  122.     //
    123. 

  123.     OptionalArguments: PVOID;
    124. 

  124.   end;
    125. 

  125.   {$EXTERNALSYM _AUTHZ_ACCESS_REQUEST}
    126. 

  126.   AUTHZ_ACCESS_REQUEST = _AUTHZ_ACCESS_REQUEST;
    127. 

  127.   {$EXTERNALSYM AUTHZ_ACCESS_REQUEST}
    128. 

  128.   TAuthzAccessRequest = AUTHZ_ACCESS_REQUEST;
    129. 

  129.   PAuthzAccessRequest = PAUTHZ_ACCESS_REQUEST;
    130. 

  130. 

  131. //
    132. 

  132. // Structure to return the results of the access check call.
    133. 

  133. //
    134. 

  134. 

  135. const
    136. 

  136.   AUTHZ_GENERATE_SUCCESS_AUDIT = $1;
    137. 

  137.   {$EXTERNALSYM AUTHZ_GENERATE_SUCCESS_AUDIT}
    138. 

  138.   AUTHZ_GENERATE_FAILURE_AUDIT = $2;
    139. 

  139.   {$EXTERNALSYM AUTHZ_GENERATE_FAILURE_AUDIT}
    140. 

  140. 

  141. type
    142. 

  142.   PAUTHZ_ACCESS_REPLY = ^AUTHZ_ACCESS_REPLY;
    143. 

  143.   {$EXTERNALSYM PAUTHZ_ACCESS_REPLY}
    144. 

  144.   _AUTHZ_ACCESS_REPLY = record
    145. 

  145.     //
    146. 

  146.     // The length of the array representing the object type list structure. If
    147. 

  147.     // no object type is used to represent the object, then the length must be
    148. 

  148.     // set to 1.
    149. 

  149.     //
    150. 

  150.     // Note: This parameter must be filled!
    151. 

  151.     //
    152. 

  152.     ResultListLength: DWORD;
    153. 

  153.     //
    154. 

  154.     // Array of granted access masks. This memory is allocated by the RM. Access
    155. 

  155.     // check routines just fill in the values.
    156. 

  156.     //
    157. 

  157.     GrantedAccessMask: PACCESS_MASK;
    158. 

  158.     //
    159. 

  159.     // Array of SACL evaluation results.  This memory is allocated by the RM, if SACL
    160. 

  160.     // evaluation results are desired. Access check routines just fill in the values.
    161. 

  161.     // Sacl evaluation will only be performed if auditing is requested.
    162. 

  162.     //
    163. 

  163.     SaclEvaluationResults: PDWORD;
    164. 

  164.     //
    165. 

  165.     // Array of results for each element of the array. This memory is allocated
    166. 

  166.     // by the RM. Access check routines just fill in the values.
    167. 

  167.     //
    168. 

  168.     Error: PDWORD;
    169. 

  169.   end;
    170. 

  170.   {$EXTERNALSYM _AUTHZ_ACCESS_REPLY}
    171. 

  171.   AUTHZ_ACCESS_REPLY = _AUTHZ_ACCESS_REPLY;
    172. 

  172.   {$EXTERNALSYM AUTHZ_ACCESS_REPLY}
    173. 

  173.   TAuthzAccessReply = AUTHZ_ACCESS_REPLY;
    174. 

  174.   PAuthzAccessReply = PAUTHZ_ACCESS_REPLY;
    175. 

  175. 

  176. //
    177. 

  177. // Typedefs for callback functions to be provided by the resource manager.
    178. 

  178. //
    179. 

  179. 

  180. //
    181. 

  181. // Callback access check function takes in
    182. 

  182. //     AuthzClientContext - a client context
    183. 

  183. //     pAce - pointer to a callback ace
    184. 

  184. //     pArgs - Optional arguments that were passed to AuthzAccessCheck thru
    185. 

  185. //             AuthzAccessRequest->OptionalArguments are passed back here.
    186. 

  186. //     pbAceApplicable - The resource manager must supply whether the ace should
    187. 

  187. //         be used in the computation of access evaluation
    188. 

  188. //
    189. 

  189. // Returns
    190. 

  190. //     TRUE if the API succeeded.
    191. 

  191. //     FALSE on any intermediate errors (like failed memory allocation)
    192. 

  192. //         In case of failure, the caller must use SetLastError(ErrorValue).
    193. 

  193. //
    194. 

  194. 

  195. type
    196. 

  196.   PFN_AUTHZ_DYNAMIC_ACCESS_CHECK = function(hAuthzClientContext: AUTHZ_CLIENT_CONTEXT_HANDLE;
    197. 

  197.     pAce: PACE_HEADER; pArgs: PVOID; var pbAceApplicable: BOOL): BOOL; stdcall;
    198. 

  198.   {$EXTERNALSYM PFN_AUTHZ_DYNAMIC_ACCESS_CHECK}
    199. 

  199.   PFnAuthzDynamicAccessCheck = PFN_AUTHZ_DYNAMIC_ACCESS_CHECK;
    200. 

  200. 

  201. //
    202. 

  202. // Callback compute dynamic groups function takes in
    203. 

  203. //     AuthzClientContext - a client context
    204. 

  204. //     pArgs - Optional arguments that supplied to AuthzInitializeClientContext*
    205. 

  205. //         thru DynamicGroupArgs are passed back here..
    206. 

  206. //     pSidAttrArray - To allocate and return an array of (sids, attribute)
    207. 

  207. //         pairs to be added to the normal part of the client context.
    208. 

  208. //     pSidCount - Number of elements in pSidAttrArray
    209. 

  209. //     pRestrictedSidAttrArray - To allocate and return an array of (sids, attribute)
    210. 

  210. //         pairs to be added to the restricted part of the client context.
    211. 

  211. //     pRestrictedSidCount - Number of elements in pRestrictedSidAttrArray
    212. 

  212. //
    213. 

  213. // Note:
    214. 

  214. //    Memory returned thru both these array will be freed by the callback
    215. 

  215. //    free function defined by the resource manager.
    216. 

  216. //
    217. 

  217. // Returns
    218. 

  218. //     TRUE if the API succeeded.
    219. 

  219. //     FALSE on any intermediate errors (like failed memory allocation)
    220. 

  220. //         In case of failure, the caller must use SetLastError(ErrorValue).
    221. 

  221. //
    222. 

  222. 

  223. type
    224. 

  224.   PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS = function(hAuthzClientContext: AUTHZ_CLIENT_CONTEXT_HANDLE;
    225. 

  225.     Args: PVOID; var pSidAttrArray: PSID_AND_ATTRIBUTES; var pSidCount: DWORD;
    226. 

  226.     var pRestrictedSidAttrArray: PSID_AND_ATTRIBUTES; var pRestrictedSidCount: DWORD): BOOL; stdcall;
    227. 

  227.   {$EXTERNALSYM PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS}
    228. 

  228.   PFnAuthzComputeDynamicGroups = PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS;
    229. 

  229. 

  230. //
    231. 

  231. // Callback free function takes in
    232. 

  232. //     pSidAttrArray - To be freed. This has been allocated by the compute
    233. 

  233. //     dynamic groups function.
    234. 

  234. //
    235. 

  235. 

  236.   PFN_AUTHZ_FREE_DYNAMIC_GROUPS = procedure(pSidAttrArray: PSID_AND_ATTRIBUTES); stdcall;
    237. 

  237.   {$EXTERNALSYM PFN_AUTHZ_FREE_DYNAMIC_GROUPS}
    238. 

  238.   PFnAuthzFreeDynamicGroups = PFN_AUTHZ_FREE_DYNAMIC_GROUPS;
    239. 

  239. 

  240. //
    241. 

  241. // Valid flags for AuthzAccessCheck
    242. 

  242. //
    243. 

  243. 

  244. const
    245. 

  245.   AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD = $00000001;
    246. 

  246.   {$EXTERNALSYM AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD}
    247. 

  247. 

  248. function AuthzAccessCheck(Flags: DWORD; hAuthzClientContext: AUTHZ_CLIENT_CONTEXT_HANDLE; pRequest: PAUTHZ_ACCESS_REQUEST;
    249. 

  249.   hAuditEvent: AUTHZ_AUDIT_EVENT_HANDLE; pSecurityDescriptor: PSECURITY_DESCRIPTOR; OptionalSecurityDescriptorArray: PPSECURITY_DESCRIPTOR;
    250. 

  250.   OptionalSecurityDescriptorCount: DWORD; pReply: PAUTHZ_ACCESS_REPLY; phAccessCheckResultsOPTIONAL: PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE): BOOL; stdcall;
    251. 

  251. {$EXTERNALSYM AuthzAccessCheck}
    252. 

  252. 

  253. function AuthzCachedAccessCheck(Flags: DWORD; hAccessCheckResults: AUTHZ_ACCESS_CHECK_RESULTS_HANDLE; pRequest: PAUTHZ_ACCESS_REQUEST; hAuditEvent: AUTHZ_AUDIT_EVENT_HANDLE; pReply: PAUTHZ_ACCESS_REPLY): BOOL; stdcall;
    254. 

  254. {$EXTERNALSYM AuthzCachedAccessCheck}
    255. 

  255. 

  256. function AuthzOpenObjectAudit(Flags: DWORD; hAuthzClientContext: AUTHZ_CLIENT_CONTEXT_HANDLE; pRequest: PAUTHZ_ACCESS_REQUEST; hAuditEvent: AUTHZ_AUDIT_EVENT_HANDLE; pSecurityDescriptor: PSECURITY_DESCRIPTOR; OptionalSecurityDescriptorArray: PPSECURITY_DESCRIPTOR; OptionalSecurityDescriptorCount: DWORD; pReply: PAUTHZ_ACCESS_REPLY): BOOL; stdcall;
    257. 

  257. {$EXTERNALSYM AuthzOpenObjectAudit}
    258. 

  258. 

  259. function AuthzFreeHandle(hAccessCheckResults: AUTHZ_ACCESS_CHECK_RESULTS_HANDLE): BOOL; stdcall;
    260. 

  260. {$EXTERNALSYM AuthzFreeHandle}
    261. 

  261. 

  262. //
    263. 

  263. // Flags for AuthzInitializeResourceManager
    264. 

  264. //
    265. 

  265. 

  266. const
    267. 

  267.   AUTHZ_RM_FLAG_NO_AUDIT = $1;
    268. 

  268.   {$EXTERNALSYM AUTHZ_RM_FLAG_NO_AUDIT}
    269. 

  269. 

  270.   AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION = $2;
    271. 

  271.   {$EXTERNALSYM AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION}
    272. 

  272. 

  273.   AUTHZ_VALID_RM_INIT_FLAGS = AUTHZ_RM_FLAG_NO_AUDIT or AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION;
    274. 

  274.   {$EXTERNALSYM AUTHZ_VALID_RM_INIT_FLAGS}
    275. 

  275. 

  276. function AuthzInitializeResourceManager(Flags: DWORD; pfnDynamicAccessCheck: PFN_AUTHZ_DYNAMIC_ACCESS_CHECK; pfnComputeDynamicGroups: PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS; pfnFreeDynamicGroups: PFN_AUTHZ_FREE_DYNAMIC_GROUPS; szResourceManagerName: LPCWSTR; phAuthzResourceManager: PAUTHZ_RESOURCE_MANAGER_HANDLE): BOOL; stdcall;
    277. 

  277. {$EXTERNALSYM AuthzInitializeResourceManager}
    278. 

  278. 

  279. function AuthzFreeResourceManager(hAuthzResourceManager: AUTHZ_RESOURCE_MANAGER_HANDLE): BOOL; stdcall;
    280. 

  280. {$EXTERNALSYM AuthzFreeResourceManager}
    281. 

  281. 

  282. function AuthzInitializeContextFromToken(Flags: DWORD; TokenHandle: HANDLE; hAuthzResourceManager: AUTHZ_RESOURCE_MANAGER_HANDLE; pExpirationTime: PLARGE_INTEGER; Identifier: LUID; DynamicGroupArgs: PVOID; phAuthzClientContext: PAUTHZ_CLIENT_CONTEXT_HANDLE): BOOL; stdcall;
    283. 

  283. {$EXTERNALSYM AuthzInitializeContextFromToken}
    284. 

  284. 

  285. function AuthzInitializeContextFromSid(Flags: DWORD; UserSid: PSID; hAuthzResourceManager: AUTHZ_RESOURCE_MANAGER_HANDLE; pExpirationTime: PLARGE_INTEGER; Identifier: LUID; DynamicGroupArgs: PVOID; phAuthzClientContext: PAUTHZ_CLIENT_CONTEXT_HANDLE): BOOL; stdcall;
    286. 

  286. {$EXTERNALSYM AuthzInitializeContextFromSid}
    287. 

  287. 

  288. function AuthzInitializeContextFromAuthzContext(Flags: DWORD; hAuthzClientContext: AUTHZ_CLIENT_CONTEXT_HANDLE; pExpirationTime: PLARGE_INTEGER; Identifier: LUID; DynamicGroupArgs: PVOID; phNewAuthzClientContext: PAUTHZ_CLIENT_CONTEXT_HANDLE): BOOL; stdcall;
    289. 

  289. {$EXTERNALSYM AuthzInitializeContextFromAuthzContext}
    290. 

  290. 

  291. function AuthzAddSidsToContext(hAuthzClientContext: AUTHZ_CLIENT_CONTEXT_HANDLE; Sids: PSID_AND_ATTRIBUTES; SidCount: DWORD; RestrictedSids: PSID_AND_ATTRIBUTES; RestrictedSidCount: DWORD; phNewAuthzClientContext: PAUTHZ_CLIENT_CONTEXT_HANDLE): BOOL; stdcall;
    292. 

  292. {$EXTERNALSYM AuthzAddSidsToContext}
    293. 

  293. 

  294. //
    295. 

  295. // Enumeration type to be used to specify the type of information to be
    296. 

  296. // retrieved from an existing AuthzClientContext.
    297. 

  297. //
    298. 

  298. 

  299. type
    300. 

  300.   _AUTHZ_CONTEXT_INFORMATION_CLASS = (
    301. 

  301.     AuthzContextInfo__0,
    302. 

  302.     AuthzContextInfoUserSid,
    303. 

  303.     AuthzContextInfoGroupsSids,
    304. 

  304.     AuthzContextInfoRestrictedSids,
    305. 

  305.     AuthzContextInfoPrivileges,
    306. 

  306.     AuthzContextInfoExpirationTime,
    307. 

  307.     AuthzContextInfoServerContext,
    308. 

  308.     AuthzContextInfoIdentifier,
    309. 

  309.     AuthzContextInfoSource,
    310. 

  310.     AuthzContextInfoAll,
    311. 

  311.     AuthzContextInfoAuthenticationId);
    312. 

  312.   {$EXTERNALSYM _AUTHZ_CONTEXT_INFORMATION_CLASS}
    313. 

  313.   AUTHZ_CONTEXT_INFORMATION_CLASS = _AUTHZ_CONTEXT_INFORMATION_CLASS;
    314. 

  314.   {$EXTERNALSYM AUTHZ_CONTEXT_INFORMATION_CLASS}
    315. 

  315.   TAuthzContextInformationClass = AUTHZ_CONTEXT_INFORMATION_CLASS;
    316. 

  316. 

  317. function AuthzGetInformationFromContext(hAuthzClientContext: AUTHZ_CLIENT_CONTEXT_HANDLE;
    318. 

  318.   InfoClass: AUTHZ_CONTEXT_INFORMATION_CLASS; BufferSize: DWORD; pSizeRequired: PDWORD;
    319. 

  319.   Buffer: PVOID): BOOL; stdcall;
    320. 

  320. {$EXTERNALSYM AuthzGetInformationFromContext}
    321. 

  321. 

  322. function AuthzFreeContext(hAuthzClientContext: AUTHZ_CLIENT_CONTEXT_HANDLE): BOOL; stdcall;
    323. 

  323. {$EXTERNALSYM AuthzFreeContext}
    324. 

  324. 

  325. //
    326. 

  326. // Valid flags that may be used in AuthzInitializeObjectAccessAuditEvent().
    327. 

  327. //
    328. 

  328. 

  329. const
    330. 

  330.   AUTHZ_NO_SUCCESS_AUDIT = $00000001;
    331. 

  331.   {$EXTERNALSYM AUTHZ_NO_SUCCESS_AUDIT}
    332. 

  332.   AUTHZ_NO_FAILURE_AUDIT = $00000002;
    333. 

  333.   {$EXTERNALSYM AUTHZ_NO_FAILURE_AUDIT}
    334. 

  334.   AUTHZ_NO_ALLOC_STRINGS = $00000004;
    335. 

  335.   {$EXTERNALSYM AUTHZ_NO_ALLOC_STRINGS}
    336. 

  336. 

  337.   AUTHZ_VALID_OBJECT_ACCESS_AUDIT_FLAGS = AUTHZ_NO_SUCCESS_AUDIT or AUTHZ_NO_FAILURE_AUDIT or AUTHZ_NO_ALLOC_STRINGS;
    338. 

  338.   {$EXTERNALSYM AUTHZ_VALID_OBJECT_ACCESS_AUDIT_FLAGS}
    339. 

  339. 

  340. function AuthzInitializeObjectAccessAuditEvent(Flags: DWORD; hAuditEventType: AUTHZ_AUDIT_EVENT_TYPE_HANDLE;
    341. 

  341.   szOperationType: PWSTR; szObjectType: PWSTR; szObjectName: PWSTR; szAdditionalInfo: PWSTR;
    342. 

  342.   phAuditEvent: PAUTHZ_AUDIT_EVENT_HANDLE; dwAdditionalParameterCount: DWORD {, ...}): BOOL; stdcall;
    343. 

  343. {$EXTERNALSYM AuthzInitializeObjectAccessAuditEvent}
    344. 

  344. 

  345. function AuthzInitializeObjectAccessAuditEvent2(Flags: DWORD; hAuditEventType: AUTHZ_AUDIT_EVENT_TYPE_HANDLE;
    346. 

  346.   szOperationType: PWSTR; szObjectType: PWSTR; szObjectName: PWSTR; szAdditionalInfo, szAdditionalInfo2: PWSTR;
    347. 

  347.   phAuditEvent: PAUTHZ_AUDIT_EVENT_HANDLE; dwAdditionalParameterCount: DWORD {, ...}): BOOL; stdcall;
    348. 

  348. {$EXTERNALSYM AuthzInitializeObjectAccessAuditEvent2}
    349. 

  349. 

  350. //
    351. 

  351. // Enumeration type to be used to specify the type of information to be
    352. 

  352. // retrieved from an existing AUTHZ_AUDIT_EVENT_HANDLE.
    353. 

  353. //
    354. 

  354. 

  355. type
    356. 

  356.   _AUTHZ_AUDIT_EVENT_INFORMATION_CLASS = (
    357. 

  357.     AuthzAuditEvent__0,
    358. 

  358.     AuthzAuditEventInfoFlags,
    359. 

  359.     AuthzAuditEventInfoOperationType,
    360. 

  360.     AuthzAuditEventInfoObjectType,
    361. 

  361.     AuthzAuditEventInfoObjectName,
    362. 

  362.     AuthzAuditEventInfoAdditionalInfo);
    363. 

  363.   {$EXTERNALSYM _AUTHZ_AUDIT_EVENT_INFORMATION_CLASS}
    364. 

  364.   AUTHZ_AUDIT_EVENT_INFORMATION_CLASS = _AUTHZ_AUDIT_EVENT_INFORMATION_CLASS;
    365. 

  365.   {$EXTERNALSYM AUTHZ_AUDIT_EVENT_INFORMATION_CLASS}
    366. 

  366.   AuthzAuditEventInformationClass = AUTHZ_AUDIT_EVENT_INFORMATION_CLASS;
    367. 

  367. 

  368. // todo this one seems not to be exported from authz.dll
    369. 

  369. 

  370. function AuthzGetInformationFromAuditEvent(hAuditEvent: AUTHZ_AUDIT_EVENT_HANDLE; InfoClass: AUTHZ_AUDIT_EVENT_INFORMATION_CLASS; BufferSize: DWORD; pSizeRequired: PDWORD; Buffer: PVOID): BOOL; stdcall;
    371. 

  371. {$EXTERNALSYM AuthzGetInformationFromAuditEvent}
    372. 

  372. 

  373. function AuthzFreeAuditEvent(hAuditEvent: AUTHZ_AUDIT_EVENT_HANDLE): BOOL; stdcall;
    374. 

  374. {$EXTERNALSYM AuthzFreeAuditEvent}
    375. 

  375. 

  376. (* TODO
    377. 

  377. //
    378. 

  378. // Support for generic auditing.
    379. 

  379. //
    380. 

  380. 

  381. typedef struct _AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET
    382. 

  382. {
    383. 

  383.     PWSTR szObjectTypeName;
    384. 

  384.     DWORD dwOffset;
    385. 

  385. } AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET, *PAUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET;
    386. 

  386. 

  387. typedef struct _AUTHZ_SOURCE_SCHEMA_REGISTRATION
    388. 

  388. {
    389. 

  389.     DWORD dwFlags;
    390. 

  390.     PWSTR szEventSourceName;
    391. 

  391.     PWSTR szEventMessageFile;
    392. 

  392.     PWSTR szEventSourceXmlSchemaFile;
    393. 

  393.     PWSTR szEventAccessStringsFile;
    394. 

  394.     PWSTR szExecutableImagePath;
    395. 

  395.     PVOID pReserved;
    396. 

  396.     DWORD dwObjectTypeNameCount;
    397. 

  397.     AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET ObjectTypeNames[ANYSIZE_ARRAY];
    398. 

  398. } AUTHZ_SOURCE_SCHEMA_REGISTRATION, *PAUTHZ_SOURCE_SCHEMA_REGISTRATION;
    399. 

  399. 

  400. #define AUTHZ_FLAG_ALLOW_MULTIPLE_SOURCE_INSTANCES 0x1
    401. 

  401. 

  402. AUTHZAPI
    403. 

  403. BOOL 
    404. 

  404. WINAPI
    405. 

  405. AuthzInstallSecurityEventSource(
    406. 

  406.     IN DWORD                             dwFlags,
    407. 

  407.     IN PAUTHZ_SOURCE_SCHEMA_REGISTRATION pRegistration
    408. 

  408.     );
    409. 

  409. 

  410. AUTHZAPI
    411. 

  411. BOOL
    412. 

  412. WINAPI
    413. 

  413. AuthzUninstallSecurityEventSource(
    414. 

  414.     IN DWORD  dwFlags,
    415. 

  415.     IN PCWSTR szEventSourceName
    416. 

  416.     );
    417. 

  417. 

  418. AUTHZAPI
    419. 

  419. BOOL
    420. 

  420. WINAPI
    421. 

  421. AuthzEnumerateSecurityEventSources(
    422. 

  422.     IN     DWORD                             dwFlags,
    423. 

  423.     OUT    PAUTHZ_SOURCE_SCHEMA_REGISTRATION Buffer,
    424. 

  424.     OUT    PDWORD                            pdwCount,
    425. 

  425.     IN OUT PDWORD                            pdwLength
    426. 

  426.     );
    427. 

  427.     
    428. 

  428. AUTHZAPI
    429. 

  429. BOOL
    430. 

  430. WINAPI
    431. 

  431. AuthzRegisterSecurityEventSource(
    432. 

  432.     IN  DWORD                                 dwFlags,
    433. 

  433.     IN  PCWSTR                                szEventSourceName,
    434. 

  434.     OUT PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider
    435. 

  435.     );
    436. 

  436.     
    437. 

  437. AUTHZAPI
    438. 

  438. BOOL
    439. 

  439. WINAPI
    440. 

  440. AuthzUnregisterSecurityEventSource(
    441. 

  441.     IN     DWORD                                 dwFlags,
    442. 

  442.     IN OUT PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider
    443. 

  443.     );
    444. 

  444. 

  445. AUTHZAPI
    446. 

  446. BOOL
    447. 

  447. WINAPI
    448. 

  448. AuthzReportSecurityEvent(
    449. 

  449.     IN     DWORD                                dwFlags,
    450. 

  450.     IN OUT AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider,
    451. 

  451.     IN     DWORD                                dwAuditId,
    452. 

  452.     IN     PSID                                 pUserSid        OPTIONAL,
    453. 

  453.     IN     DWORD                                dwCount,
    454. 

  454.     ...    
    455. 

  455.     );
    456. 

  456. 

  457. AUTHZAPI
    458. 

  458. BOOL
    459. 

  459. WINAPI
    460. 

  460. AuthzReportSecurityEventFromParams(
    461. 

  461.     IN     DWORD                                dwFlags,
    462. 

  462.     IN OUT AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider,
    463. 

  463.     IN     DWORD                                dwAuditId,
    464. 

  464.     IN     PSID                                 pUserSid       OPTIONAL,
    465. 

  465.     IN     PAUDIT_PARAMS                        pParams
    466. 

  466.     );
    467. 

  467. *)
    468. 

  468. 

  469. implementation
    470. 

  470. 

  471. uses
    472. 

  472.   JwaWinDLLNames;
    473. 

  473. 

  474. {$IFDEF DYNAMIC_LINK}
    475. 

  475. 

  476. var
    477. 

  477.   _AuthzAccessCheck: Pointer;
    478. 

  478. 

  479. function AuthzAccessCheck;
    480. 

  480. begin
    481. 

  481.   GetProcedureAddress(_AuthzAccessCheck, authzlib, 'AuthzAccessCheck');
    482. 

  482.   asm
    483. 

  483.         MOV     ESP, EBP
    484. 

  484.         POP     EBP
    485. 

  485.         JMP     [_AuthzAccessCheck]
    486. 

  486.   end;
    487. 

  487. end;
    488. 

  488. 

  489. var
    490. 

  490.   _AuthzCachedAccessCheck: Pointer;
    491. 

  491. 

  492. function AuthzCachedAccessCheck;
    493. 

  493. begin
    494. 

  494.   GetProcedureAddress(_AuthzCachedAccessCheck, authzlib, 'AuthzCachedAccessCheck');
    495. 

  495.   asm
    496. 

  496.         MOV     ESP, EBP
    497. 

  497.         POP     EBP
    498. 

  498.         JMP     [_AuthzCachedAccessCheck]
    499. 

  499.   end;
    500. 

  500. end;
    501. 

  501. 

  502. var
    503. 

  503.   _AuthzOpenObjectAudit: Pointer;
    504. 

  504. 

  505. function AuthzOpenObjectAudit;
    506. 

  506. begin
    507. 

  507.   GetProcedureAddress(_AuthzOpenObjectAudit, authzlib, 'AuthzOpenObjectAudit');
    508. 

  508.   asm
    509. 

  509.         MOV     ESP, EBP
    510. 

  510.         POP     EBP
    511. 

  511.         JMP     [_AuthzOpenObjectAudit]
    512. 

  512.   end;
    513. 

  513. end;
    514. 

  514. 

  515. var
    516. 

  516.   _AuthzFreeHandle: Pointer;
    517. 

  517. 

  518. function AuthzFreeHandle;
    519. 

  519. begin
    520. 

  520.   GetProcedureAddress(_AuthzFreeHandle, authzlib, 'AuthzFreeHandle');
    521. 

  521.   asm
    522. 

  522.         MOV     ESP, EBP
    523. 

  523.         POP     EBP
    524. 

  524.         JMP     [_AuthzFreeHandle]
    525. 

  525.   end;
    526. 

  526. end;
    527. 

  527. 

  528. var
    529. 

  529.   _AuthzInitializeResourceManager: Pointer;
    530. 

  530. 

  531. function AuthzInitializeResourceManager;
    532. 

  532. begin
    533. 

  533.   GetProcedureAddress(_AuthzInitializeResourceManager, authzlib, 'AuthzInitializeResourceManager');
    534. 

  534.   asm
    535. 

  535.         MOV     ESP, EBP
    536. 

  536.         POP     EBP
    537. 

  537.         JMP     [_AuthzInitializeResourceManager]
    538. 

  538.   end;
    539. 

  539. end;
    540. 

  540. 

  541. var
    542. 

  542.   _AuthzFreeResourceManager: Pointer;
    543. 

  543. 

  544. function AuthzFreeResourceManager;
    545. 

  545. begin
    546. 

  546.   GetProcedureAddress(_AuthzFreeResourceManager, authzlib, 'AuthzFreeResourceManager');
    547. 

  547.   asm
    548. 

  548.         MOV     ESP, EBP
    549. 

  549.         POP     EBP
    550. 

  550.         JMP     [_AuthzFreeResourceManager]
    551. 

  551.   end;
    552. 

  552. end;
    553. 

  553. 

  554. var
    555. 

  555.   _AuthzInitializeContextFromToken: Pointer;
    556. 

  556. 

  557. function AuthzInitializeContextFromToken;
    558. 

  558. begin
    559. 

  559.   GetProcedureAddress(_AuthzInitializeContextFromToken, authzlib, 'AuthzInitializeContextFromToken');
    560. 

  560.   asm
    561. 

  561.         MOV     ESP, EBP
    562. 

  562.         POP     EBP
    563. 

  563.         JMP     [_AuthzInitializeContextFromToken]
    564. 

  564.   end;
    565. 

  565. end;
    566. 

  566. 

  567. var
    568. 

  568.   _AuthzInitializeContextFromSid: Pointer;
    569. 

  569. 

  570. function AuthzInitializeContextFromSid;
    571. 

  571. begin
    572. 

  572.   GetProcedureAddress(_AuthzInitializeContextFromSid, authzlib, 'AuthzInitializeContextFromSid');
    573. 

  573.   asm
    574. 

  574.         MOV     ESP, EBP
    575. 

  575.         POP     EBP
    576. 

  576.         JMP     [_AuthzInitializeContextFromSid]
    577. 

  577.   end;
    578. 

  578. end;
    579. 

  579. 

  580. var
    581. 

  581.   _AuthzInitCxtFromAuthzCxt: Pointer;
    582. 

  582. 

  583. function AuthzInitializeContextFromAuthzContext;
    584. 

  584. begin
    585. 

  585.   GetProcedureAddress(_AuthzInitCxtFromAuthzCxt, authzlib, 'AuthzInitializeContextFromAuthzContext');
    586. 

  586.   asm
    587. 

  587.         MOV     ESP, EBP
    588. 

  588.         POP     EBP
    589. 

  589.         JMP     [_AuthzInitCxtFromAuthzCxt]
    590. 

  590.   end;
    591. 

  591. end;
    592. 

  592. 

  593. var
    594. 

  594.   _AuthzAddSidsToContext: Pointer;
    595. 

  595. 

  596. function AuthzAddSidsToContext;
    597. 

  597. begin
    598. 

  598.   GetProcedureAddress(_AuthzAddSidsToContext, authzlib, 'AuthzAddSidsToContext');
    599. 

  599.   asm
    600. 

  600.         MOV     ESP, EBP
    601. 

  601.         POP     EBP
    602. 

  602.         JMP     [_AuthzAddSidsToContext]
    603. 

  603.   end;
    604. 

  604. end;
    605. 

  605. 

  606. var
    607. 

  607.   _AuthzGetInformationFromContext: Pointer;
    608. 

  608. 

  609. function AuthzGetInformationFromContext;
    610. 

  610. begin
    611. 

  611.   GetProcedureAddress(_AuthzGetInformationFromContext, authzlib, 'AuthzGetInformationFromContext');
    612. 

  612.   asm
    613. 

  613.         MOV     ESP, EBP
    614. 

  614.         POP     EBP
    615. 

  615.         JMP     [_AuthzGetInformationFromContext]
    616. 

  616.   end;
    617. 

  617. end;
    618. 

  618. 

  619. var
    620. 

  620.   _AuthzFreeContext: Pointer;
    621. 

  621. 

  622. function AuthzFreeContext;
    623. 

  623. begin
    624. 

  624.   GetProcedureAddress(_AuthzFreeContext, authzlib, 'AuthzFreeContext');
    625. 

  625.   asm
    626. 

  626.         MOV     ESP, EBP
    627. 

  627.         POP     EBP
    628. 

  628.         JMP     [_AuthzFreeContext]
    629. 

  629.   end;
    630. 

  630. end;
    631. 

  631. 

  632. var
    633. 

  633.   _AuthzInitObjAccAuditEvent: Pointer;
    634. 

  634. 

  635. function AuthzInitializeObjectAccessAuditEvent;
    636. 

  636. begin
    637. 

  637.   GetProcedureAddress(_AuthzInitObjAccAuditEvent, authzlib, 'AuthzInitializeObjectAccessAuditEvent');
    638. 

  638.   asm
    639. 

  639.         MOV     ESP, EBP
    640. 

  640.         POP     EBP
    641. 

  641.         JMP     [_AuthzInitObjAccAuditEvent]
    642. 

  642.   end;
    643. 

  643. end;
    644. 

  644. 

  645. var
    646. 

  646.   _AuthzInitObjAccAuditEvent2: Pointer;
    647. 

  647. 

  648. function AuthzInitializeObjectAccessAuditEvent2;
    649. 

  649. begin
    650. 

  650.   GetProcedureAddress(_AuthzInitObjAccAuditEvent2, authzlib, 'AuthzInitializeObjectAccessAuditEvent2');
    651. 

  651.   asm
    652. 

  652.         MOV     ESP, EBP
    653. 

  653.         POP     EBP
    654. 

  654.         JMP     [_AuthzInitObjAccAuditEvent2]
    655. 

  655.   end;
    656. 

  656. end;
    657. 

  657. 

  658. var
    659. 

  659.   _AuthzGetInfoFromAuditEvent: Pointer;
    660. 

  660. 

  661. function AuthzGetInformationFromAuditEvent;
    662. 

  662. begin
    663. 

  663.   GetProcedureAddress(_AuthzGetInfoFromAuditEvent, authzlib, 'AuthzGetInformationFromAuditEvent');
    664. 

  664.   asm
    665. 

  665.         MOV     ESP, EBP
    666. 

  666.         POP     EBP
    667. 

  667.         JMP     [_AuthzGetInfoFromAuditEvent]
    668. 

  668.   end;
    669. 

  669. end;
    670. 

  670. 

  671. var
    672. 

  672.   _AuthzFreeAuditEvent: Pointer;
    673. 

  673. 

  674. function AuthzFreeAuditEvent;
    675. 

  675. begin
    676. 

  676.   GetProcedureAddress(_AuthzFreeAuditEvent, authzlib, 'AuthzFreeAuditEvent');
    677. 

  677.   asm
    678. 

  678.         MOV     ESP, EBP
    679. 

  679.         POP     EBP
    680. 

  680.         JMP     [_AuthzFreeAuditEvent]
    681. 

  681.   end;
    682. 

  682. end;
    683. 

  683. 

  684. {$ELSE}
    685. 

  685. 

  686. function AuthzAccessCheck; external authzlib name 'AuthzAccessCheck';
    687. 

  687. function AuthzCachedAccessCheck; external authzlib name 'AuthzCachedAccessCheck';
    688. 

  688. function AuthzOpenObjectAudit; external authzlib name 'AuthzOpenObjectAudit';
    689. 

  689. function AuthzFreeHandle; external authzlib name 'AuthzFreeHandle';
    690. 

  690. function AuthzInitializeResourceManager; external authzlib name 'AuthzInitializeResourceManager';
    691. 

  691. function AuthzFreeResourceManager; external authzlib name 'AuthzFreeResourceManager';
    692. 

  692. function AuthzInitializeContextFromToken; external authzlib name 'AuthzInitializeContextFromToken';
    693. 

  693. function AuthzInitializeContextFromSid; external authzlib name 'AuthzInitializeContextFromSid';
    694. 

  694. function AuthzInitializeContextFromAuthzContext; external authzlib name 'AuthzInitializeContextFromAuthzContext';
    695. 

  695. function AuthzAddSidsToContext; external authzlib name 'AuthzAddSidsToContext';
    696. 

  696. function AuthzGetInformationFromContext; external authzlib name 'AuthzGetInformationFromContext';
    697. 

  697. function AuthzFreeContext; external authzlib name 'AuthzFreeContext';
    698. 

  698. function AuthzInitializeObjectAccessAuditEvent; external authzlib name 'AuthzInitializeObjectAccessAuditEvent';
    699. 

  699. function AuthzInitializeObjectAccessAuditEvent2; external authzlib name 'AuthzInitializeObjectAccessAuditEvent2';
    700. 

  700. function AuthzGetInformationFromAuditEvent; external authzlib name 'AuthzGetInformationFromAuditEvent';
    701. 

  701. function AuthzFreeAuditEvent; external authzlib name 'AuthzFreeAuditEvent';
    702. 

  702. 

  703. {$ENDIF DYNAMIC_LINK}
    704. 

  704. 

  705. end.
    706.