Good job, Chris!

This is the first release of the new JEDI Windows API (JWA) and JEDI Windows Security Code Library (JWSCL).

JWA is known as the JEDI Windows API header conversions. JWA can be compiled into one jwaWindows unit. There is no more need to add dozens of different units into the uses statement and the smart-linking mechanism of Delphi does the rest for you. However single units can also be used!

JWSCL is a collection of classes to make programming Windows Security a whole lot easier. It uses JWA excessively.

JWSCL makes use of the following things easier:

  • Detect Windows version, version checks
  • Token
    • Impersonation
    • User login
  • SID
  • Access Control List
  • Security Descriptor
    • Owner, Group, DACL, SACL
  • WindowStation
  • Desktop
  • LSA
  • Rights mapping
  • Secured object e.g. files, registry (+inheritance), and generic window
    handles
  • Credentials (Login Dialog)
  • Encryption (MS Crypt API)
  • Well-known SIDs
  • Privileges
  • Security Dialogs (security tab sheet, like in windows explorer file
    security dialog)
  • Terminal Sessions
  • Unicode + ANSI
  • Vista Elevation
  • Vista Integrity Level

Download (JWSCL download contains JWA already):
http://sourceforge.net/project/showfiles.php?group_id=121894
(JWA and JWSCL downloads are an image of the Subversion repository, so you can transparently update them later using an SVN client)

As a simple demonstration this code shows how to get the maximum possible rights to access a file.

program ReadFileSecurity;

{$APPTYPE CONSOLE}

uses
  SysUtils,
  Dialogs,
  Controls,
  JwaWindows,
  JwsclTypes,
  JwsclExceptions,
  JwsclConstants,
  JwsclMapping,
  JwsclVersion,
  JwsclProcess,
  JwsclSid,
  JwsclAcl,
  JwsclCredentials,
  JwsclDescriptor,
  JwsclToken,
  JwsclKnownSid,
  JwsclAccounts,
  JwsclSecureObjects,
  JwsclStrings;

function CheckAccessToFile(
  DesiredAccess: DWORD; const FileName: WideString): Boolean;
var FileObject : TJwSecureFileObject;
begin
  FileObject := TJwSecureFileObject.Create(FileName);
  try
    result := FileObject.AccessCheck(DesiredAccess);
  finally
    FileObject.Free;
  end;
end;

function CheckMaximumAccessToFile(const FileName: WideString): DWORD;
var FileObject : TJwSecureFileObject;
    PrivilegeSet: TJwPrivilegeSet;
    AccessStatus: boolean;
begin
  FileObject := TJwSecureFileObject.Create(FileName);
  try
    FileObject.AccessCheck(
      MAXIMUM_ALLOWED,//DesiredAccess: TJwAccessMask;
      PrivilegeSet,//out PrivilegeSet: TJwPrivilegeSet;
      result,//out GrantedAccess: TJwAccessMask;
      AccessStatus,//out AccessStatus: boolean;
      nil//const ClientToken: TJwSecurityToken = nil);
      );
  finally
    PrivilegeSet.Free;
    FileObject.Free;
  end;
end;

var AccessMask : DWORD;
    FileName : String;
begin
  FileName := ParamStr(1);
  if Length(FileName) = 0 then
    FileName := ParamStr(0);

  writeln('Check access for '+FileName);
  try
    if CheckAccessToFile(FILE_ALL_ACCESS,FileName) then
      writeln('Full control allowed')
    else
      writeln('Full control denied');
  except
    On E : Exception do
     Writeln(E.Message);
  end;

  try
    AccessMask := CheckMaximumAccessToFile(FileName);
    writeln('Maximum access possible:
['+TJwSecurityFileMapping.MapAccessMaskToString(AccessMask)+']');
  except
    On E : Exception do
     Writeln(E.Message);
  end;

  Writeln('[Hit return]');
  readln;
end.

Consider how many lines you would had to write without the classes.

Author of the JEDI Windows Security Code Library is Chris Wimmer. Thanks for this great contribution to the Delphi-world, Chris!

// Oliver

This entry was posted in EN, IT Security, Programming. Bookmark the permalink.

One Response to Good job, Chris!

  1. Chris says:

    Vielleicht könnte man EDA erweitern, so dass auch Sicherheitsrelevantes angezeigt wird und geändert werden kann 😀

    Wäre mal wieder Zeit, dass eine Korifäe zurück zu Delphi kehrt.

    Come BACK!

Leave a Reply

Your email address will not be published. Required fields are marked *