|
|
#include <cdlpch.h>
#include <softpub.h>
#define WINTRUST TEXT("wintrust.dll")
#ifdef DELAY_LOAD_WVT
#ifndef _WVTP_NOCODE_
Cwvt::Cwvt(){ DEBUG_ENTER((DBG_DOWNLOAD, None, "Cwvt::Cwvt", "this=%#x", this )); m_fInited = FALSE; m_bHaveWTData = FALSE;
DEBUG_LEAVE(0);}
Cwvt::~Cwvt(){ DEBUG_ENTER((DBG_DOWNLOAD, None, "Cwvt::~Cwvt", "this=%#x", this )); if (m_fInited) { FreeLibrary(m_hMod); }
DEBUG_LEAVE(0);}
HRESULT Cwvt::Init(void){ DEBUG_ENTER((DBG_DOWNLOAD, Hresult, "Cwvt::Init", "this=%#x", this )); GUID PublishedSoftware = WIN_SPUB_ACTION_PUBLISHED_SOFTWARE; GUID *ActionID = &PublishedSoftware;
if (m_fInited) { DEBUG_LEAVE(S_OK); return S_OK; }
m_hMod = LoadLibrary( WINTRUST );
if (NULL == m_hMod) { DEBUG_LEAVE(HRESULT_FROM_WIN32(ERROR_MOD_NOT_FOUND)); return (HRESULT_FROM_WIN32(ERROR_MOD_NOT_FOUND)); }
#define CHECKAPI(_fn) \
*(FARPROC*)&(_pfn##_fn) = GetProcAddress(m_hMod, #_fn); \ if (!(_pfn##_fn)) { \ FreeLibrary(m_hMod); \ \ DEBUG_LEAVE(HRESULT_FROM_WIN32(ERROR_MOD_NOT_FOUND)); \ return (HRESULT_FROM_WIN32(ERROR_MOD_NOT_FOUND)); \ }
CHECKAPI(WinVerifyTrust);
if (g_bNT5OrGreater) {#define CHECKNT5API(_fn) \
*(FARPROC*)&(_pfn##_fn) = GetProcAddress(m_hMod, #_fn); CHECKNT5API(IsCatalogFile); CHECKNT5API(CryptCATAdminAcquireContext); CHECKNT5API(CryptCATAdminReleaseContext); CHECKNT5API(CryptCATAdminReleaseCatalogContext); CHECKNT5API(CryptCATAdminEnumCatalogFromHash); CHECKNT5API(CryptCATAdminCalcHashFromFileHandle); CHECKNT5API(CryptCATAdminAddCatalog); CHECKNT5API(CryptCATAdminRemoveCatalog); CHECKNT5API(CryptCATCatalogInfoFromContext); CHECKNT5API(CryptCATAdminResolveCatalogPath); }
m_fInited = TRUE; DEBUG_LEAVE(S_OK); return S_OK;}
BOOLIsUIRestricted(){ DEBUG_ENTER((DBG_DOWNLOAD, Bool, "IsUIRestricted", NULL ));
HKEY hkeyRest = 0; BOOL bUIRest = FALSE; DWORD dwValue = 0; DWORD dwLen = sizeof(DWORD);
// per-machine UI off policy
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, REGSTR_PATH_INFODEL_REST, 0, KEY_READ, &hkeyRest) == ERROR_SUCCESS) {
if (RegQueryValueEx( hkeyRest, REGVAL_UI_REST, NULL, NULL, (LPBYTE)&dwValue, &dwLen) == ERROR_SUCCESS && dwValue) bUIRest = TRUE;
RegCloseKey(hkeyRest); } DEBUG_LEAVE(bUIRest); return bUIRest;}
#endif // _WVTP_NOCODE_
#endif // DELAY_LOAD_WVT
// {D41E4F1D-A407-11d1-8BC9-00C04FA30A41}
#define COR_POLICY_PROVIDER_DOWNLOAD \
{ 0xd41e4f1d, 0xa407, 0x11d1, {0x8b, 0xc9, 0x0, 0xc0, 0x4f, 0xa3, 0xa, 0x41 } }
#define ZEROSTRUCT(arg) memset( &arg, 0, sizeof(arg))
void PrintHash(BYTE* pbHash, DWORD cbHash){ LPSTR pszHash = NULL; if (cbHash) { char* pHexTable = "0123456789ABCDEF"; pszHash = new CHAR[2*cbHash+1];
if (!pszHash) goto End;
for (DWORD i=0; i<cbHash; i++) { pszHash[2*i] = pHexTable[(pbHash[i]&0xf0)>>4]; pszHash[2*i+1] = pHexTable[pbHash[i]&0x0f]; } pszHash[2*i] = '\0'; } DEBUG_ENTER((DBG_DOWNLOAD, None, "PrintHash", "%d, %.80q", cbHash, (pszHash?pszHash:"NULL") ));
DEBUG_LEAVE(0);
if(pszHash) delete [] pszHash; End: return;}
HRESULT Cwvt::WinVerifyTrust_Wrap(HWND hwnd, GUID * ActionID, WINTRUST_DATA* ActionData){ DEBUG_ENTER((DBG_DOWNLOAD, Hresult, "EXTERNAL::WinVerifyTrust", "%#x, %#x, %#x", hwnd, ActionID, ActionData )); HRESULT hr;
hr = WinVerifyTrust(hwnd, ActionID, ActionData);
DEBUG_LEAVE(hr); return hr;}#ifdef DBG
#define PRINT_HASH(pbHash, cbHash) PrintHash((pbHash),(cbHash))
#else
#define PRINT_HASH(pbHash, cbHash) {}
#endif
HRESULT Cwvt::VerifyTrust(HANDLE hFile, HWND hWnd, PJAVA_TRUST *ppJavaTrust, LPCWSTR szStatusText, IInternetHostSecurityManager *pHostSecurityManager, LPSTR szFilePath, LPSTR szCatalogFile, CDownload *pdl) { DEBUG_ENTER((DBG_DOWNLOAD, Hresult, "Cwvt::VerifyTrust", "this=%#x, %#x, %#x, %#x, %.80wq, %#x, %.80q, %#x=%.80q, %#x", this, hFile, hWnd, ppJavaTrust, szStatusText, pHostSecurityManager, szFilePath, szCatalogFile, szCatalogFile, pdl )); LPWSTR wzFileName = NULL; LPWSTR wzFilePath = NULL; LPWSTR wzCatalogFile = NULL; GUID guidJava = JAVA_POLICY_PROVIDER_DOWNLOAD; GUID guidCor = COR_POLICY_PROVIDER_DOWNLOAD; GUID guidAuthenticode = WINTRUST_ACTION_GENERIC_VERIFY_V2; GUID *pguidActionIDJava = &guidJava; GUID *pguidActionIDCor = &guidCor; WINTRUST_DATA wintrustData; WINTRUST_DATA wtdAuthenticode; WINTRUST_FILE_INFO fileData; JAVA_POLICY_PROVIDER javaPolicyData; WCHAR wpath [MAX_PATH]; PJAVA_TRUST pbJavaTrust = NULL; IServiceProvider *pServProv = NULL; LPCATALOGFILEINFO pcfi = NULL; HRESULT hr = S_OK;
ZEROSTRUCT(wintrustData); ZEROSTRUCT(fileData); ZEROSTRUCT(javaPolicyData);
javaPolicyData.cbSize = sizeof(JAVA_POLICY_PROVIDER); javaPolicyData.VMBased = FALSE; javaPolicyData.fNoBadUI = FALSE;
javaPolicyData.pwszZone = szStatusText; javaPolicyData.pZoneManager = (LPVOID)pHostSecurityManager;
fileData.cbStruct = sizeof(WINTRUST_FILE_INFO); fileData.pcwszFilePath = szStatusText; fileData.hFile = hFile;
wintrustData.cbStruct = sizeof(WINTRUST_DATA); wintrustData.pPolicyCallbackData = &javaPolicyData;
if ( (hWnd == INVALID_HANDLE_VALUE) || IsUIRestricted()) wintrustData.dwUIChoice = WTD_UI_NONE; else wintrustData.dwUIChoice = WTD_UI_ALL;
wintrustData.dwUnionChoice = WTD_CHOICE_FILE; wintrustData.pFile = &fileData;
if (szCatalogFile) { ::Ansi2Unicode(szCatalogFile, &wzCatalogFile); ::Ansi2Unicode(szFilePath, &wzFilePath); wzFileName = PathFindFileNameW(szStatusText);
if (!m_bHaveWTData) { memset(&m_wtCatalogInfo, 0x0, sizeof(m_wtCatalogInfo)); m_wtCatalogInfo.cbStruct = sizeof(WINTRUST_CATALOG_INFO); m_bHaveWTData = TRUE; } m_wtCatalogInfo.pcwszCatalogFilePath = wzCatalogFile; m_wtCatalogInfo.pcwszMemberTag = wzFileName; m_wtCatalogInfo.pcwszMemberFilePath = wzFilePath;
wtdAuthenticode = wintrustData; wtdAuthenticode.pCatalog = &m_wtCatalogInfo; wtdAuthenticode.dwUnionChoice = WTD_CHOICE_CATALOG; wtdAuthenticode.dwStateAction = WTD_STATEACTION_VERIFY; wtdAuthenticode.dwUIChoice = WTD_UI_NONE;
hr = WinVerifyTrust_Wrap(hWnd, &guidAuthenticode, &wtdAuthenticode); if (FAILED(hr)) { hr = WinVerifyTrust_Wrap(hWnd, pguidActionIDCor, &wintrustData);
if (hr == TRUST_E_PROVIDER_UNKNOWN) hr = WinVerifyTrust_Wrap(hWnd, pguidActionIDJava, &wintrustData); } else { // Clone Java permissions
pbJavaTrust = pdl->GetCodeDownload()->GetJavaTrust(); if (!pbJavaTrust) { hr = pdl->GetBSC()->QueryInterface(IID_IServiceProvider, (void **)&pServProv); if (SUCCEEDED(hr)) { hr = pServProv->QueryService(IID_ICatalogFileInfo, IID_ICatalogFileInfo, (void **)&pcfi); if (SUCCEEDED(hr)) { pcfi->GetJavaTrust((void **)&pbJavaTrust); } } SAFERELEASE(pServProv); SAFERELEASE(pcfi); pdl->SetMainCABJavaTrustPermissions(pbJavaTrust); } } } else { hr = WinVerifyTrust_Wrap(hWnd, pguidActionIDCor, &wintrustData); if (hr == TRUST_E_PROVIDER_UNKNOWN) hr = WinVerifyTrust_Wrap(hWnd, pguidActionIDJava, &wintrustData);
if (SUCCEEDED(hr)) { pdl->SetMainCABJavaTrustPermissions(javaPolicyData.pbJavaTrust); } }
SAFEDELETE(wzCatalogFile); SAFEDELETE(wzFilePath);
// BUGBUG: this works around a wvt bug that returns 0x57 (success) when
// you hit No to an usigned control
if (SUCCEEDED(hr) && hr != S_OK) { hr = TRUST_E_FAIL; }
if (FAILED(hr)) { // display original hr intact to help debugging
// CodeDownloadDebugOut(DEB_CODEDL, TRUE, ID_CDLDBG_VERIFYTRUST_FAILED, hr);
} else { *ppJavaTrust = javaPolicyData.pbJavaTrust; } if (hr == TRUST_E_SUBJECT_NOT_TRUSTED && wintrustData.dwUIChoice == WTD_UI_NONE) { // if we didn't ask for the UI to be out up there has been no UI
// work around WVT bvug that it returns us this special error code
// without putting up UI.
hr = TRUST_E_FAIL; // this will put up mshtml ui after the fact
// that security settings prevented us
}
if (FAILED(hr) && (hr != TRUST_E_SUBJECT_NOT_TRUSTED)) {
// trust system has failed without UI
// map error to this generic error that will falg our client to put
// up additional info that this is a trust system error if reqd.
hr = TRUST_E_FAIL; }
if (hr == TRUST_E_SUBJECT_NOT_TRUSTED) {
pdl->GetCodeDownload()->SetUserDeclined(); }
DEBUG_LEAVE(hr); return hr;}
HRESULTCwvt::VerifyTrustOnCatalogFile(IN LPCWSTR pwszCatalogFile){ DEBUG_ENTER((DBG_DOWNLOAD, Hresult, "Cwvt::VerifyTrustOnCatalogFile", "this=%#x, %.200wq", this, pwszCatalogFile )); HRESULT hr = NOERROR; WINTRUST_DATA WintrustData; WINTRUST_FILE_INFO WintrustFileInfo; GUID guidDriverActionVerify = DRIVER_ACTION_VERIFY;
ZeroMemory(&WintrustData, sizeof(WINTRUST_DATA)); WintrustData.cbStruct = sizeof(WINTRUST_DATA); WintrustData.dwUIChoice = WTD_UI_NONE; WintrustData.fdwRevocationChecks = WTD_REVOKE_NONE; WintrustData.dwUnionChoice = WTD_CHOICE_FILE; WintrustData.pFile = &WintrustFileInfo; WintrustData.dwProvFlags = WTD_REVOCATION_CHECK_NONE; ZeroMemory(&WintrustFileInfo, sizeof(WINTRUST_FILE_INFO)); WintrustFileInfo.cbStruct = sizeof(WINTRUST_FILE_INFO);
WintrustFileInfo.pcwszFilePath = pwszCatalogFile;
hr = WinVerifyTrust_Wrap(NULL, &guidDriverActionVerify, &WintrustData);
DEBUG_LEAVE(hr); return hr;}
HRESULT Cwvt::IsValidCatalogFile(LPCWSTR pwszCatalogFile){ DEBUG_ENTER((DBG_DOWNLOAD, Hresult, "Cwvt::IsValidCatalogFile", "this=%#x, %.200wq", this, pwszCatalogFile )); HRESULT hr = E_FAIL;
DWORD cbLen = lstrlenW(pwszCatalogFile); WCHAR* pwszCatalogFileCopy = new WCHAR[cbLen+1];
if (pwszCatalogFileCopy) { StrCpyW(pwszCatalogFileCopy, pwszCatalogFile);
// IsCatalogFile doesn't take LPCWSTR, only a LPWSTR - may mangle url.
if(IsCatalogFile(NULL, pwszCatalogFileCopy)) { StrCpyW(pwszCatalogFileCopy, pwszCatalogFile); hr = VerifyTrustOnCatalogFile(pwszCatalogFile); } }
delete [] pwszCatalogFileCopy; DEBUG_LEAVE(hr); return hr;}
/*
return value: S_OK - all ok. S_FALSE - AddCatalog succeeded, but getting Cataloginfo failed. E_FAIL - any other failure */HRESULT Cwvt::InstallCatalogFile(LPSTR pszCatalogFile){ DEBUG_ENTER((DBG_DOWNLOAD, Hresult, "Cwvt::InstallCatalogFile", "this=%#x, %.200q", this, pszCatalogFile )); WCHAR* pwszCatalogFile = NULL; HRESULT hr; HCATADMIN hCatAdmin; GUID guidDriverActionVerify = DRIVER_ACTION_VERIFY;
hr = Ansi2Unicode(pszCatalogFile, &pwszCatalogFile); if(SUCCEEDED(hr) && SUCCEEDED(hr = IsValidCatalogFile(pwszCatalogFile)) && CryptCATAdminAcquireContext(&hCatAdmin, &guidDriverActionVerify, 0)) { HCATINFO hCatInfo; CATALOG_INFO CatalogInfo;
hCatInfo = CryptCATAdminAddCatalog(hCatAdmin, pwszCatalogFile, NULL, 0);
if (hCatInfo) { CatalogInfo.cbStruct = sizeof(CATALOG_INFO); if (CryptCATCatalogInfoFromContext(hCatInfo, &CatalogInfo, 0)) {#ifdef DBG
DEBUG_PRINT(DOWNLOAD, INFO, ("Cwvt::InstallCatalogFile: cat_filename: %.200wq \n", (CatalogInfo.wszCatalogFile ? CatalogInfo.wszCatalogFile : L"NULL") ));#endif
/* can get name and full path of catalog file if need be
StrCpyW(pwszFullPathCatalogFile, CatalogInfo.wszCatalogFile); */ hr = S_OK; } else { hr = S_FALSE; } CryptCATAdminReleaseCatalogContext(hCatAdmin, hCatInfo, 0); } else { hr = E_FAIL; } CryptCATAdminReleaseContext(hCatAdmin, 0); } else { hr = E_FAIL; }
if (pwszCatalogFile) delete [] pwszCatalogFile; DEBUG_LEAVE(hr); return hr;}
// This function verifies the specified file against the database in the
// specified subsystem.
// NOTE: *pdwBuffer = count of *WIDECHARs* in pwszFullPathCatalogFile.
HRESULT Cwvt::VerifyFileAgainstSystemCatalog(LPCSTR pcszFile, LPWSTR pwszFullPathCatalogFile, DWORD* pdwBuffer){ DEBUG_ENTER((DBG_DOWNLOAD, Hresult, "Cwvt::VerifyFileAgainstSystemCatalog", "this=%#x, %.90q, %.90wq, %#x[%d]", this, pcszFile, pwszFullPathCatalogFile, pdwBuffer, (pdwBuffer?*pdwBuffer:0) ));
HCATADMIN hAdmin = NULL ; HRESULT hr = E_FAIL; BOOL fOK = FALSE; HANDLE hFile = NULL ; DWORD cbHash; BYTE* pbHash = NULL; HCATINFO hCatInfo = NULL ; GUID guidDriverActionVerify = DRIVER_ACTION_VERIFY;
DEBUG_ENTER((DBG_DOWNLOAD, Dword, "EXTERNAL::CreateFile", "%.80q", pcszFile ));
// Open the file for read-only access
hFile = CreateFile( pcszFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL ) ;
DEBUG_LEAVE(hFile);
if (INVALID_HANDLE_VALUE != hFile) { // Acquire a catalog context
fOK = CryptCATAdminAcquireContext( &hAdmin, &guidDriverActionVerify, 0 ) ; if (fOK) { // Determine the hash of the file
fOK = CryptCATAdminCalcHashFromFileHandle( hFile, &cbHash, NULL, 0 );
DEBUG_ENTER((DBG_DOWNLOAD, Bool, "CryptCATAdminCalcHashFromFileHandle", "%d", cbHash) );
DEBUG_LEAVE(fOK);
if (fOK && (pbHash = new BYTE[cbHash])) { fOK = CryptCATAdminCalcHashFromFileHandle( hFile, &cbHash, pbHash, 0 ) ;
PRINT_HASH(pbHash, cbHash);
if (fOK) { // Find the first catalog that contains this hash
hCatInfo = CryptCATAdminEnumCatalogFromHash( hAdmin, pbHash, cbHash, 0, NULL ) ;
if (hCatInfo) // A catalog was found
{ hr = S_OK; CATALOG_INFO CatalogInfo;
if (pwszFullPathCatalogFile) { CatalogInfo.cbStruct = sizeof(CATALOG_INFO); DWORD dwLen = 0;
if (CryptCATCatalogInfoFromContext(hCatInfo, &CatalogInfo, 0) && pdwBuffer) { if (CatalogInfo.wszCatalogFile && ((dwLen = lstrlenW(CatalogInfo.wszCatalogFile)) <= *pdwBuffer)) { StrCpyW(pwszFullPathCatalogFile, CatalogInfo.wszCatalogFile); } else { hr = S_FALSE; *pdwBuffer = dwLen+1; } } }#ifdef DBG
{ CatalogInfo.cbStruct = sizeof(CATALOG_INFO);
if (CryptCATCatalogInfoFromContext(hCatInfo, &CatalogInfo, 0)) { DEBUG_PRINT(DOWNLOAD, INFO, ("Cwvt::VerifyFileAgainstSystemCatalog: cat_filename: %.200wq \n", (CatalogInfo.wszCatalogFile ? CatalogInfo.wszCatalogFile : L"NULL") )); } }#endif
CryptCATAdminReleaseCatalogContext( hAdmin, hCatInfo, 0 ) ; }//hCatInfo
}//fOK
}//(fOK && (pbHash = new BYTE[cbHash]))
CryptCATAdminReleaseContext( hAdmin, 0 ) ; }//fOK
CloseHandle( hFile ) ; }//(INVALID_HANDLE_VALUE != hFile)
if (pbHash) delete [] pbHash;
DEBUG_LEAVE(hr); return hr ;}
/*
return value: S_OK - all ok. S_FALSE - failed to remove catalog. */HRESULT Cwvt::UninstallCatalogFile(LPWSTR pwszCatalogFile){ DEBUG_ENTER((DBG_DOWNLOAD, Hresult, "Cwvt::UninstallCatalogFile", "this=%#x, %.90wq", this, pwszCatalogFile )); HRESULT hr = S_FALSE; HCATADMIN hCatAdmin; GUID guidDriverActionVerify = DRIVER_ACTION_VERIFY;
if (CryptCATAdminAcquireContext(&hCatAdmin, &guidDriverActionVerify, 0)) { if(CryptCATAdminRemoveCatalog(hCatAdmin, pwszCatalogFile, 0)) { hr = S_OK; } CryptCATAdminReleaseContext(hCatAdmin, 0); }
DEBUG_LEAVE(hr); return hr;}
HRESULT GetActivePolicy(IInternetHostSecurityManager* pZoneManager, LPCWSTR pwszZone, DWORD dwUrlAction, DWORD& dwPolicy, BOOL fEnforceRestricted){ DEBUG_ENTER((DBG_DOWNLOAD, Hresult, "GetActivePolicy", "%#x, %.80wq, %#x, %#x, #B", pZoneManager, pwszZone, dwUrlAction, &dwPolicy, fEnforceRestricted )); HRESULT hr = TRUST_E_FAIL; HRESULT hr2 = TRUST_E_FAIL; DWORD cbPolicy = sizeof(DWORD);
// Policy are ordered such that high numbers are the most conservative
// and the lower numbers are less conservative
DWORD dwDocumentPolicy = URLPOLICY_ALLOW; DWORD dwUrlPolicy = URLPOLICY_ALLOW; // We are going for the most conservative so lets set the
// value to the least conservative
dwPolicy = URLPOLICY_ALLOW;
IInternetSecurityManager* iSM = NULL; DWORD dwPUAflags = fEnforceRestricted ? PUAF_ENFORCERESTRICTED : 0;
// Ask the document base for its policy
if(pZoneManager) { // Given a IInternetHostSecurityManager
hr = pZoneManager->ProcessUrlAction(dwUrlAction, (PBYTE) &dwDocumentPolicy, cbPolicy, NULL, 0, dwPUAflags | PUAF_NOUI, 0); } // Get the policy for the URL
if(pwszZone) { // Create an IInternetSecurityManager
hr2 = CoInternetCreateSecurityManager(NULL, &iSM, 0); if(hr2 == S_OK) { // We got the manager so get the policy info
hr2 = iSM->ProcessUrlAction(pwszZone, dwUrlAction, (PBYTE) &dwUrlPolicy, cbPolicy, NULL, 0, dwPUAflags | PUAF_NOUI, 0); iSM->Release(); } else iSM = NULL; }
// if they both failed and we have zones then set it to deny and return an error
if(FAILED(hr) && FAILED(hr2)) { // If we failed because there are on zones then lets QUERY
// BUGBUG: we should actually try to get the IE30 security policy here.
if(iSM == NULL && pZoneManager == NULL) { dwPolicy = URLPOLICY_QUERY; hr = S_OK; } else { dwPolicy = URLPOLICY_DISALLOW; hr = TRUST_E_FAIL; } } else { if(SUCCEEDED(hr)) dwPolicy = dwDocumentPolicy; if(SUCCEEDED(hr2)) dwPolicy = dwPolicy > dwUrlPolicy ? dwPolicy : dwUrlPolicy;
if (dwPolicy == URLPOLICY_DISALLOW) hr = TRUST_E_FAIL; else hr = S_OK; }
DEBUG_LEAVE(hr); return hr;}
|
