archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/shell/ext/ftp/security.cpp

144 lines
5.6 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*****************************************************************************\
  2. FILE: security.h
  3. \*****************************************************************************/
  5. #include "priv.h"
  6. #include "util.h"
  7. #include <imm.h>
  8. #include <mshtml.h>
  10. BOOL ProcessUrlAction(IUnknown * punkSite, LPCTSTR pszUrl, DWORD dwAction, DWORD dwFlags)
  11. {
  12. BOOL fAllowed = FALSE;
  14. if (pszUrl)
  15. {
  16. IInternetSecurityManager *pSecMgr;
  17. if (SUCCEEDED(CoCreateInstance(CLSID_InternetSecurityManager,
  18. NULL, CLSCTX_INPROC_SERVER,
  19. IID_IInternetSecurityManager,
  20. (void **)&pSecMgr)))
  21. {
  22. WCHAR wzUrl[MAX_URL_STRING];
  23. DWORD dwZoneID = URLZONE_UNTRUSTED;
  24. DWORD dwPolicy = 0;
  25. DWORD dwContext = 0;
  27. IUnknown_SetSite(pSecMgr, punkSite);
  28. SHTCharToUnicode(pszUrl, wzUrl, ARRAYSIZE(wzUrl));
  29. if (S_OK == pSecMgr->ProcessUrlAction(wzUrl, dwAction, (BYTE *)&dwPolicy, sizeof(dwPolicy), (BYTE *)&dwContext, sizeof(dwContext), dwFlags, 0))
  30. {
  31. if (GetUrlPolicyPermissions(dwPolicy) == URLPOLICY_ALLOW)
  32. fAllowed = TRUE;
  33. }
  34. IUnknown_SetSite(pSecMgr, NULL);
  35. pSecMgr->Release();
  36. }
  37. }
  39. return fAllowed;
  40. }
  43. /*****************************************************************************\
  44. FUNCTION: SecurityZoneCheck
  46. PARAMETERS:
  47. punkSite: Site for QS, and enabling modal if UI needed.
  48. dwAction: verb to check. normally URLACTION_SHELL_VERB
  49. pidl: FTP URL that we need to verify
  50. pszUrl: FTP URL that we need to verify
  51. dwFlags: normally PUAF_DEFAULT | PUAF_WARN_IF_DENIED
  53. DESCRIPTION:
  54. Only pidl or pszUrl is passed. This function will check if the verb
  55. (dwAction) is allowed in this zone. Our first job is to find the zone which
  56. can be any of the following:
  57. 1. Third party app that supports IInternetHostSecurityManager have a chance to disallow the action.
  58. 2. Hosted in DefView w/WebView. Zone of WebView can fail the action.
  59. 3. Hosted in HTML FRAME. Zone comes from trident can fail the action
  60. 4. Hosted in DefView w/o WebView. Zone comes from pidl or pszUrl and that can fail the action.
  61. \*****************************************************************************/
  62. BOOL ZoneCheckUrlAction(IUnknown * punkSite, DWORD dwAction, LPCTSTR pszUrl, DWORD dwFlags)
  63. {
  64. BOOL IsSafe = TRUE; // Assume we will allow this.
  65. IInternetHostSecurityManager * pihsm;
  67. // What we want to do is allow this to happen only if the author of the HTML that hosts
  68. // the DefView is safe. It's OK if they point to something unsafe, because they are
  69. // trusted.
  70. // 1. Third party app that supports IInternetHostSecurityManager have a chance to disallow the action.
  71. if (SUCCEEDED(IUnknown_QueryService(punkSite, IID_IInternetHostSecurityManager, IID_IInternetHostSecurityManager, (void**)&pihsm)))
  72. {
  73. if (S_OK != ZoneCheckHost(pihsm, dwAction, dwFlags))
  74. {
  75. // This zone is not OK or the user choose to not allow this to happen,
  76. // so cancel the operation.
  77. IsSafe = FALSE; // Turn off functionality.
  78. }
  80. pihsm->Release();
  81. }
  83. // 1. Hosted in DefView w/WebView. Zone of WebView can fail the action.
  84. if (IsSafe)
  85. {
  86. IOleCommandTarget * pct;
  88. if (SUCCEEDED(IUnknown_QueryService(punkSite, SID_DefView, IID_IOleCommandTarget, (void **)&pct)))
  89. {
  90. VARIANT vTemplatePath;
  91. vTemplatePath.vt = VT_EMPTY;
  92. if (pct->Exec(&CGID_DefView, DVCMDID_GETTEMPLATEDIRNAME, 0, NULL, &vTemplatePath) == S_OK)
  93. {
  94. if ((vTemplatePath.vt == VT_BSTR) && (S_OK != LocalZoneCheckPath(vTemplatePath.bstrVal, punkSite)))
  95. IsSafe = FALSE;
  97. // We were able to talk to the browser, so don't fall back on Trident because they may be
  98. // less secure.
  99. VariantClear(&vTemplatePath);
  100. }
  101. pct->Release();
  102. }
  103. }
  105. // 3. Hosted in HTML FRAME. Zone comes from trident can fail the action
  106. if (IsSafe)
  107. {
  108. // Try to use the URL from the document to zone check
  109. IHTMLDocument2 *pHtmlDoc;
  110. if (punkSite && SUCCEEDED(GetHTMLDoc2(punkSite, &pHtmlDoc)))
  111. {
  112. BSTR bstrPath;
  113. if (SUCCEEDED(pHtmlDoc->get_URL(&bstrPath)))
  114. {
  115. if (S_OK != ZoneCheckHost(pihsm, dwAction, dwFlags))
  116. {
  117. // This zone is not OK or the user choose to not allow this to happen,
  118. // so cancel the operation.
  119. IsSafe = FALSE; // Turn off functionality.
  120. }
  121. SysFreeString(bstrPath);
  122. }
  123. pHtmlDoc->Release();
  124. }
  125. }
  127. // 4. Hosted in DefView w/o WebView. Zone comes from pidl or pszUrl and that can fail the action.
  128. if (IsSafe)
  129. {
  130. IsSafe = ProcessUrlAction(punkSite, pszUrl, dwAction, dwFlags);
  131. }
  133. return IsSafe;
  134. }
  136. //*/
  137. BOOL ZoneCheckPidlAction(IUnknown * punkSite, DWORD dwAction, LPCITEMIDLIST pidl, DWORD dwFlags)
  138. {
  139. TCHAR szUrl[MAX_URL_STRING];
  141. if (FAILED(UrlCreateFromPidl(pidl, SHGDN_FORPARSING, szUrl, ARRAYSIZE(szUrl), (ICU_ESCAPE | ICU_USERNAME), FALSE)))
  142. return FALSE;
  144. return ZoneCheckUrlAction(punkSite, dwAction, szUrl, dwFlags);
  145. }