archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/inetcore/wininet/http/cookieprompt.cxx

623 lines
18 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  3. #include <wininetp.h>
  5. #include "cookieprompt.h"
  8. // checks a string to see if its a domain
  9. BOOL IsStringADomain( LPCSTR pszString)
  10. {
  11. int iLength = 0;
  12. bool fLastCharWasDot = false;
  14. while( pszString[iLength] != '\0')
  15. {
  16. if( fLastCharWasDot && pszString[iLength] == '.')
  17. return FALSE;
  19. fLastCharWasDot = pszString[iLength] == '.';
  21. if( !(IsCharAlphaNumericA( pszString[iLength])
  22. || pszString[iLength] == '.'
  23. || pszString[iLength] == '-'))
  24. {
  25. return FALSE;
  26. }
  28. iLength++;
  29. }
  31. return iLength > 0 ? TRUE : FALSE;
  32. }
  35. LPCSTR FindMinimizedCookieDomainInDomain( LPCSTR pszDomain)
  36. {
  37. LPCSTR pMinimizedDomain = pszDomain + strlen( pszDomain);
  39. do
  40. {
  41. pMinimizedDomain--;
  42. while( pszDomain < pMinimizedDomain
  43. && *(pMinimizedDomain-1) != L'.')
  44. {
  45. pMinimizedDomain--;
  46. }
  47. } while( !IsDomainLegalCookieDomainA( pMinimizedDomain, pszDomain)
  48. && pszDomain < pMinimizedDomain);
  50. return pMinimizedDomain;
  51. }
  54. CCookiePromptHistory::CCookiePromptHistory(const char *pchRegistryPath, bool fUseHKLM) {
  56. _fUseHKLM = fUseHKLM;
  57. lstrcpyn(_szRootKeyName, pchRegistryPath, sizeof(_szRootKeyName)/sizeof(_szRootKeyName[0]));
  58. _hkHistoryRoot = NULL;
  59. }
  61. CCookiePromptHistory::~CCookiePromptHistory() {
  63. if (_hkHistoryRoot)
  64. {
  65. RegCloseKey(_hkHistoryRoot);
  66. _hkHistoryRoot = NULL;
  67. }
  68. }
  70. HKEY CCookiePromptHistory::OpenRootKey()
  71. {
  72. HKEY hkey;
  74. if (_hkHistoryRoot == NULL)
  75. {
  76. if (RegCreateKeyEx(_fUseHKLM ? HKEY_LOCAL_MACHINE : HKEY_CURRENT_USER,
  77. _szRootKeyName,
  78. 0,
  79. NULL,
  80. REG_OPTION_NON_VOLATILE,
  81. KEY_CREATE_SUB_KEY | KEY_ENUMERATE_SUB_KEYS,
  82. NULL,
  83. &hkey,
  84. NULL) == ERROR_SUCCESS)
  85. {
  86. // if we aren't running in a service, we can cache the key
  87. if (!GlobalIsProcessNtService)
  88. {
  89. if (InterlockedCompareExchangePointer((void**)&_hkHistoryRoot, (void*)hkey, NULL))
  90. {
  91. // someone beat us in the race to fill in _hkHistoryRoot, close ours since we
  92. // failed to set it into _hkHistoryRoot
  93. RegCloseKey(hkey);
  94. hkey = _hkHistoryRoot;
  95. }
  96. }
  97. }
  98. else
  99. {
  100. hkey = NULL;
  101. }
  102. }
  103. else
  104. {
  105. // use the cached value
  106. hkey = _hkHistoryRoot;
  107. }
  109. return hkey;
  110. }
  112. BOOL CCookiePromptHistory::CloseRootKey(HKEY hkeyRoot)
  113. {
  114. BOOL bClosedKey = FALSE;
  116. if (hkeyRoot)
  117. {
  118. if (GlobalIsProcessNtService)
  119. {
  120. // we never cache the key when runnint in a service!
  121. INET_ASSERT(_hkHistoryRoot == NULL);
  123. RegCloseKey(hkeyRoot);
  124. bClosedKey = TRUE;
  125. }
  126. else
  127. {
  128. INET_ASSERT(_hkHistoryRoot == hkeyRoot);
  129. }
  130. }
  132. return bClosedKey;
  133. }
  135. /*
  136. Lookup user-decision for given host+policy combination.
  137. If "pchPolicyID" is NULL the decision applies regardless of policy.
  138. */
  139. BOOL CCookiePromptHistory::lookupDecision(const char *pchHostName,
  140. const char *pchPolicyID,
  141. unsigned long *pdwDecision) {
  143. BOOL fRet = FALSE;
  144. HKEY hSiteKey;
  145. CHAR szBuffer[ INTERNET_MAX_URL_LENGTH];
  146. DWORD dwBufferSize = INTERNET_MAX_URL_LENGTH;
  149. if (SUCCEEDED( UrlUnescape( (LPSTR)pchHostName, szBuffer, &dwBufferSize, 0)) // forced LPSTR conv necessary because COULD be inplace unescape
  150. && IsStringADomain( szBuffer))
  151. {
  152. HKEY hkHistoryRoot = OpenRootKey();
  154. if (hSiteKey = lookupSiteKey(hkHistoryRoot, FindMinimizedCookieDomainInDomain(szBuffer)))
  155. {
  157. DWORD dwType, dwCookieState;
  158. DWORD dwSize = sizeof(dwCookieState);
  160. if (ERROR_SUCCESS == RegQueryValueEx(hSiteKey, pchPolicyID, 0, &dwType, (LPBYTE) &dwCookieState, &dwSize)
  161. && (dwType==REG_DWORD)) {
  163. *pdwDecision = dwCookieState;
  164. fRet = TRUE;
  165. }
  167. RegCloseKey(hSiteKey);
  168. }
  170. CloseRootKey(hkHistoryRoot);
  171. }
  173. //commented code - legacy design where we allowed rules on a non-minimized domain
  174. // while (pchHostName && !fRet)
  175. // {
  176. // if (hSiteKey=lookupSiteKey(pchHostName)) {
  177. //
  178. // DWORD dwType, dwCookieState;
  179. // DWORD dwSize = sizeof(dwCookieState);
  180. //
  181. // if (ERROR_SUCCESS == RegQueryValueEx(hSiteKey, pchPolicyID, 0, &dwType, (LPBYTE) &dwCookieState, &dwSize)
  182. // && (dwType==REG_DWORD)) {
  183. //
  184. // *pdwDecision = dwCookieState;
  185. // fRet = TRUE;
  186. // }
  187. //
  188. // RegCloseKey(hSiteKey);
  189. // }
  190. //
  191. // /* Find and skip over next dot if there is one */
  192. // if (pchHostName = strchr(pchHostName, '.'))
  193. // pchHostName++;
  194. // }
  196. return fRet;
  197. }
  199. /*
  200. Save user-decision for given host+policy combination.
  201. If "pchPolicyID" is NULL the decision applies to all policies
  202. */
  203. BOOL CCookiePromptHistory::saveDecision(const char *pchHostName,
  204. const char *pszPolicyID,
  205. unsigned long dwDecision) {
  207. BOOL fRet = FALSE;
  208. HKEY hSiteKey;
  209. CHAR szBuffer[ INTERNET_MAX_URL_LENGTH];
  210. DWORD dwBufferSize = INTERNET_MAX_URL_LENGTH;
  213. if (SUCCEEDED( UrlUnescape( (LPSTR)pchHostName, szBuffer, &dwBufferSize, 0)) // forced LPSTR conv necessary because COULD be inplace unescape
  214. && IsStringADomain( szBuffer))
  215. {
  216. HKEY hkHistoryRoot = OpenRootKey();
  218. if (hSiteKey = lookupSiteKey(hkHistoryRoot, FindMinimizedCookieDomainInDomain( szBuffer), true))
  219. {
  220. if (ERROR_SUCCESS == RegSetValueEx(hSiteKey, pszPolicyID, 0, REG_DWORD,
  221. (LPBYTE) &dwDecision, sizeof(dwDecision)))
  222. fRet = TRUE;
  224. RegCloseKey(hSiteKey);
  225. }
  227. CloseRootKey(hkHistoryRoot);
  228. }
  230. return fRet;
  231. }
  233. /*
  234. Clear previously saved decision for given hostname+policy combination.
  235. If the policy-ID is "*" all decisions about the site are cleared.
  236. */
  237. BOOL CCookiePromptHistory::clearDecision(const char *pchHostName, const char *pchPolicyID) {
  239. BOOL fRet = FALSE;
  240. int error = ERROR_SUCCESS;
  241. HKEY hkHistoryRoot = OpenRootKey();
  243. if ( pchPolicyID != NULL && !strcmp(pchPolicyID, "*")) {
  245. error = SHDeleteKey(hkHistoryRoot, pchHostName);
  246. }
  247. else if (HKEY hSiteKey = lookupSiteKey(hkHistoryRoot, pchHostName, false)) {
  249. error = RegDeleteValue(hSiteKey, pchPolicyID);
  250. RegCloseKey(hSiteKey);
  251. }
  253. CloseRootKey(hkHistoryRoot);
  255. /* If neither of the previous conditionals were TRUE, then there is
  256. no decision corresponding to that hostname */
  257. return (error==ERROR_SUCCESS);
  258. }
  260. HKEY CCookiePromptHistory::lookupSiteKey(HKEY hkHistoryRoot, const char *pchHostName, bool fCreate) {
  262. HKEY hSiteKey = NULL;
  264. if (hkHistoryRoot)
  265. {
  266. LONG error;
  268. if (fCreate)
  269. {
  270. RegCreateKeyEx(hkHistoryRoot,
  271. pchHostName,
  272. 0,
  273. NULL,
  274. 0,
  275. KEY_QUERY_VALUE | KEY_SET_VALUE,
  276. NULL,
  277. &hSiteKey,
  278. NULL);
  279. }
  280. else
  281. {
  282. RegOpenKeyEx(hkHistoryRoot,
  283. pchHostName,
  284. 0,
  285. KEY_QUERY_VALUE | KEY_SET_VALUE,
  286. &hSiteKey);
  287. }
  288. }
  290. return hSiteKey;
  291. }
  293. BOOL CCookiePromptHistory::clearAll() {
  295. DWORD dwIndex = 0;
  296. DWORD dwRet;
  297. HKEY hkHistoryRoot = OpenRootKey();
  299. do {
  301. FILETIME ft;
  302. char achHostName[INTERNET_MAX_HOST_NAME_LENGTH];
  303. DWORD dwNameLen = sizeof(achHostName);
  305. dwRet = RegEnumKeyEx(hkHistoryRoot,
  306. dwIndex,
  307. achHostName,
  308. & dwNameLen,
  309. NULL, NULL, NULL,
  310. &ft);
  312. if (dwRet == ERROR_SUCCESS)
  313. {
  314. if (SHDeleteKey(hkHistoryRoot, achHostName) != ERROR_SUCCESS)
  315. {
  316. dwIndex++;
  317. }
  318. }
  319. }
  320. while (dwRet == ERROR_SUCCESS);
  322. CloseRootKey(hkHistoryRoot);
  324. return TRUE;
  325. }
  327. unsigned long CCookiePromptHistory::enumerateDecisions(char *pchSiteName, unsigned long *pcbName,
  328. unsigned long *pdwDecision,
  329. unsigned long dwIndex) {
  331. FILETIME ft;
  332. HKEY hkHistoryRoot = OpenRootKey();
  334. DWORD dwRet = RegEnumKeyEx(hkHistoryRoot, dwIndex, pchSiteName, pcbName, NULL, NULL, NULL, &ft);
  336. if (dwRet==ERROR_SUCCESS) {
  338. if (HKEY hSiteKey = lookupSiteKey(hkHistoryRoot, pchSiteName, false)) {
  340. DWORD dwType;
  341. DWORD dwSize = sizeof(DWORD);
  343. dwRet = RegQueryValueEx(hSiteKey, NULL, 0, &dwType, (LPBYTE) pdwDecision, &dwSize);
  344. RegCloseKey(hSiteKey);
  345. }
  346. else
  347. {
  348. dwRet = ERROR_NO_DATA;
  349. }
  350. }
  352. CloseRootKey(hkHistoryRoot);
  354. return dwRet;
  355. }
  358. /*
  359. Exported APIs for manipulating per-site cookie settings
  360. */
  361. extern CCookiePromptHistory cookieUIhistory;
  363. BOOL DeletePersistentCookies(const char *pszDomainSuffix);
  366. INTERNETAPI_(BOOL) InternetSetPerSiteCookieDecisionA( IN LPCSTR pchHostName, DWORD dwDecision)
  367. {
  368. BOOL retVal = FALSE;
  370. if( !pchHostName
  371. || IsBadStringPtr(pchHostName, INTERNET_MAX_URL_LENGTH))
  372. {
  373. SetLastError( ERROR_INVALID_PARAMETER);
  374. return FALSE;
  375. }
  378. if( dwDecision == COOKIE_STATE_UNKNOWN)
  379. {
  380. retVal = cookieUIhistory.clearDecision( pchHostName, "*");
  381. }
  382. else if ( (dwDecision == COOKIE_STATE_ACCEPT) || (dwDecision == COOKIE_STATE_REJECT))
  383. {
  384. retVal = cookieUIhistory.saveDecision( pchHostName, NULL, dwDecision);
  386. /* side-effect: choosing to reject all future cookies for a given website
  387. implicitly deletes existing cache cookies from that site*/
  388. if (dwDecision==COOKIE_STATE_REJECT)
  389. DeletePersistentCookies(pchHostName);
  390. }
  392. return retVal;
  393. }
  395. INTERNETAPI_(BOOL) InternetSetPerSiteCookieDecisionW( IN LPCWSTR pwchHostName, DWORD dwDecision)
  396. {
  397. if( !pwchHostName || IsBadStringPtrW( pwchHostName, INTERNET_MAX_URL_LENGTH))
  398. {
  399. SetLastError( ERROR_INVALID_PARAMETER);
  400. return FALSE;
  401. }
  403. MEMORYPACKET mpHostName;
  404. ALLOC_MB(pwchHostName,0,mpHostName);
  405. if (!mpHostName.psStr)
  406. {
  407. return FALSE;
  408. }
  409. UNICODE_TO_ANSI(pwchHostName, mpHostName);
  411. return InternetSetPerSiteCookieDecisionA( mpHostName.psStr, dwDecision);
  412. }
  414. INTERNETAPI_(BOOL) InternetGetPerSiteCookieDecisionA( IN LPCSTR pchHostName, unsigned long* pResult)
  415. {
  416. if( IsBadWritePtr( pResult, sizeof(unsigned long))
  417. || !pchHostName
  418. || IsBadStringPtr(pchHostName, INTERNET_MAX_URL_LENGTH))
  419. {
  420. SetLastError( ERROR_INVALID_PARAMETER);
  421. return FALSE;
  422. }
  424. return cookieUIhistory.lookupDecision( pchHostName, NULL, pResult);
  425. }
  427. INTERNETAPI_(BOOL) InternetGetPerSiteCookieDecisionW( IN LPCWSTR pwchHostName, unsigned long* pResult)
  428. {
  429. if( IsBadWritePtr( pResult, sizeof(unsigned long))
  430. || !pwchHostName
  431. || IsBadStringPtrW(pwchHostName, INTERNET_MAX_URL_LENGTH))
  432. {
  433. SetLastError( ERROR_INVALID_PARAMETER);
  434. return FALSE;
  435. }
  437. MEMORYPACKET mpHostName;
  438. ALLOC_MB(pwchHostName,0,mpHostName);
  439. if (!mpHostName.psStr)
  440. {
  441. return FALSE;
  442. }
  443. UNICODE_TO_ANSI(pwchHostName, mpHostName);
  445. return InternetGetPerSiteCookieDecisionA( mpHostName.psStr, pResult);
  446. }
  448. INTERNETAPI_(BOOL) InternetEnumPerSiteCookieDecisionA(OUT LPSTR pszSiteName, IN OUT unsigned long *pcSiteNameSize, OUT unsigned long *pdwDecision, IN unsigned long dwIndex) {
  450. int error = ERROR_INVALID_PARAMETER;
  452. if( !pcSiteNameSize || IsBadWritePtr( pcSiteNameSize, sizeof(DWORD)))
  453. {
  454. goto doneInternetEnumPerSiteCookieDecisionA;
  455. }
  457. if( !pszSiteName || IsBadWritePtr( pszSiteName, *pcSiteNameSize))
  458. {
  459. goto doneInternetEnumPerSiteCookieDecisionA;
  460. }
  462. if( !pdwDecision || IsBadWritePtr(pdwDecision, sizeof(DWORD)))
  463. {
  464. goto doneInternetEnumPerSiteCookieDecisionA;
  465. }
  467. error = cookieUIhistory.enumerateDecisions(pszSiteName, pcSiteNameSize, pdwDecision, dwIndex);
  469. if( error == ERROR_SUCCESS)
  470. *pcSiteNameSize += 1; // reg function doesn't count null terminator in size, it should
  472. doneInternetEnumPerSiteCookieDecisionA:
  473. if (error!=ERROR_SUCCESS)
  474. SetLastError(error);
  476. return (error==ERROR_SUCCESS);
  477. }
  479. INTERNETAPI_(BOOL) InternetEnumPerSiteCookieDecisionW(LPWSTR pwszSiteName, unsigned long *pcSiteNameSize, unsigned long *pdwDecision, unsigned long dwIndex) {
  481. DWORD dwErr = ERROR_INVALID_PARAMETER;
  482. BOOL fRet = FALSE;
  483. LPSTR pszSiteName = NULL;
  485. if( !pcSiteNameSize || IsBadWritePtr( pcSiteNameSize, sizeof(DWORD)))
  486. goto cleanup;
  488. if( !pwszSiteName || IsBadWritePtr( pwszSiteName, *pcSiteNameSize * sizeof(WCHAR)))
  489. goto cleanup;
  491. if( !pdwDecision || IsBadWritePtr( pdwDecision, sizeof(DWORD)))
  492. goto cleanup;
  494. pszSiteName = new char[*pcSiteNameSize];
  495. if( !pszSiteName)
  496. {
  497. dwErr = ERROR_NOT_ENOUGH_MEMORY;
  498. goto cleanup;
  499. }
  501. fRet = InternetEnumPerSiteCookieDecisionA( pszSiteName, pcSiteNameSize, pdwDecision, dwIndex);
  503. if (fRet)
  504. {
  505. SHAnsiToUnicode( pszSiteName, pwszSiteName, *pcSiteNameSize);
  506. }
  508. dwErr = ERROR_SUCCESS;
  510. cleanup:
  511. if (dwErr!=ERROR_SUCCESS)
  512. SetLastError(dwErr);
  513. if ( pszSiteName != NULL)
  514. delete [] pszSiteName;
  516. return fRet;
  517. }
  519. INTERNETAPI_(BOOL) InternetClearAllPerSiteCookieDecisions()
  520. {
  521. return cookieUIhistory.clearAll();
  522. }
  524. BOOL DeletePersistentCookies(const char *pszDomainSuffix)
  525. {
  526. BOOL bRetval = TRUE;
  527. DWORD dwEntrySize, dwLastEntrySize;
  528. LPINTERNET_CACHE_ENTRY_INFOA lpCacheEntry;
  530. HANDLE hCacheDir = NULL;
  531. dwEntrySize = dwLastEntrySize = MAX_CACHE_ENTRY_INFO_SIZE;
  532. lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFOA) new BYTE[dwEntrySize];
  533. if( lpCacheEntry == NULL)
  534. {
  535. bRetval = FALSE;
  536. goto Exit;
  537. }
  538. lpCacheEntry->dwStructSize = dwEntrySize;
  540. Again:
  541. if (!(hCacheDir = FindFirstUrlCacheEntryA("cookie:",lpCacheEntry,&dwEntrySize)))
  542. {
  543. delete [] lpCacheEntry;
  544. switch(GetLastError())
  545. {
  546. case ERROR_NO_MORE_ITEMS:
  547. goto Exit;
  548. case ERROR_INSUFFICIENT_BUFFER:
  549. lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFOA)
  550. new BYTE[dwEntrySize];
  551. if( lpCacheEntry == NULL)
  552. {
  553. bRetval = FALSE;
  554. goto Exit;
  555. }
  556. lpCacheEntry->dwStructSize = dwLastEntrySize = dwEntrySize;
  557. goto Again;
  558. default:
  559. bRetval = FALSE;
  560. goto Exit;
  561. }
  562. }
  564. do
  565. {
  566. if (lpCacheEntry->CacheEntryType & COOKIE_CACHE_ENTRY) {
  568. const char achEmpty[] = "";
  569. const char *pszFind = NULL;
  570. const char *pszAtSign = strchr(lpCacheEntry->lpszSourceUrlName, '@');
  572. /*
  573. The source URL for a cookie has the format:
  574. cookie:username@domain/path
  575. The logic for determining whether to delete the cookie checks for
  576. the following conditions on source URL:
  577. 1. presence of the @ sign
  578. 2. presence of argument passed in "pszDomainSuffix" as substring
  579. 3. the substring must occur after a dot or the @ sign
  580. (this avoids partial name matching on domains)
  581. 4. substring must occur as suffix, eg only at the end
  582. this happens IFF the match is followed by forward slash
  583. */
  584. if (pszDomainSuffix==NULL || /* null argument means "delete all cookies" */
  585. (pszAtSign &&
  586. (pszFind=strstr(pszAtSign+1, pszDomainSuffix)) &&
  587. (pszFind[-1]=='.' || pszFind[-1]=='@') &&
  588. pszFind[strlen(pszDomainSuffix)]=='/'))
  589. DeleteUrlCacheEntryA(lpCacheEntry->lpszSourceUrlName);
  590. }
  592. dwEntrySize = dwLastEntrySize;
  593. Retry:
  594. if (!FindNextUrlCacheEntryA(hCacheDir,lpCacheEntry, &dwEntrySize))
  595. {
  596. delete [] lpCacheEntry;
  597. switch(GetLastError())
  598. {
  599. case ERROR_NO_MORE_ITEMS:
  600. goto Exit;
  601. case ERROR_INSUFFICIENT_BUFFER:
  602. lpCacheEntry = (LPINTERNET_CACHE_ENTRY_INFOA)
  603. new BYTE[dwEntrySize];
  604. if( lpCacheEntry == NULL)
  605. {
  606. bRetval = FALSE;
  607. goto Exit;
  608. }
  609. lpCacheEntry->dwStructSize = dwLastEntrySize = dwEntrySize;
  610. goto Retry;
  611. default:
  612. bRetval = FALSE;
  613. goto Exit;
  614. }
  615. }
  616. }
  617. while (TRUE);
  619. Exit:
  620. if (hCacheDir)
  621. FindCloseUrlCache(hCacheDir);
  622. return bRetval;
  623. }