archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/com/published/comutils/reghelp.cxx

282 lines
8.3 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 2002.
  5. //
  6. // File: reghelp.cxx
  7. //
  8. // Contents: Registry helper functions for accessing HKCR
  9. //
  10. // Classes:
  11. //
  12. // Functions:
  13. //
  14. // Notes:
  15. // The registry APIs do a surprising thing when you access
  16. // HKEY_CLASSES_ROOT. They will determine which user hive to use
  17. // based on whoever was impersonating when the first access was made for
  18. // the process, and it will use that mapping no matte who is impersonated
  19. // later. As such, it is impossible to know at any point in time where you
  20. // will be picking up your user mapping when you access HKCR.
  21. // This could present security holes if a malicious user were able to force
  22. // their own hive to be the first one accessed. So, for example, a
  23. // malicious user could force their own InprocServer32 value to be used
  24. // instead of one from a different user's hive.
  25. //
  26. // The APIs in this file provide a reliable means of accessing HKCR, so that
  27. // you always know what the mapping will be. These functions will use
  28. // HKEY_USERS\SID_ProcessToken\Software\Classes instead of trying to get
  29. // the current user's token.
  30. //
  31. //----------------------------------------------------------------------------
  32. #include<nt.h>
  33. #include<ntrtl.h>
  34. #include<nturtl.h>
  36. #include <windows.h>
  37. #include <reghelp.hxx>
  39. //+-------------------------------------------------------------------
  40. //
  41. // Function: Impersonation helper functions
  42. //
  43. //--------------------------------------------------------------------
  44. inline void ResumeImpersonate( HANDLE hToken )
  45. {
  46. if (hToken != NULL)
  47. {
  48. BOOL fResult = SetThreadToken( NULL, hToken );
  49. ASSERT(fResult);
  50. CloseHandle( hToken );
  51. }
  52. }
  54. inline void SuspendImpersonate( HANDLE *pHandle )
  55. {
  56. if(OpenThreadToken( GetCurrentThread(), TOKEN_IMPERSONATE,
  57. TRUE, pHandle ))
  58. {
  60. BOOL fResult = SetThreadToken(NULL, NULL);
  61. ASSERT(fResult);
  62. }
  63. else
  64. {
  65. *pHandle = NULL;
  66. }
  67. }
  69. //+-------------------------------------------------------------------
  70. //
  71. // Function: OpenClassesRootKeyExW, private
  72. //
  73. // Synopsis: See the comments above. This is the special verision of
  74. // RegOpenKeyExW for HKCR-based hives.
  75. //
  76. //--------------------------------------------------------------------
  77. LONG WINAPI OpenClassesRootKeyExW(LPCWSTR pszSubKey,REGSAM samDesired,HKEY *phkResult)
  78. {
  79. LONG lResult = ERROR_SUCCESS;
  80. HANDLE hImpToken = NULL;
  81. HANDLE hProcToken = NULL;
  82. HKEY hkcr = NULL;
  84. if(phkResult == NULL)
  85. return ERROR_INVALID_PARAMETER;
  87. *phkResult = NULL;
  89. SuspendImpersonate(&hImpToken);
  90. BOOL fRet = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hProcToken);
  91. if (fRet)
  92. {
  93. lResult = RegOpenUserClassesRoot(hProcToken, 0, MAXIMUM_ALLOWED, &hkcr);
  94. if (lResult != ERROR_SUCCESS)
  95. {
  96. // Failed to open the user's HKCR. We're going to use
  97. // HKLM\Software\Classes.
  98. lResult = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
  99. L"Software\\Classes",
  100. 0,
  101. MAXIMUM_ALLOWED,
  102. &hkcr);
  103. }
  105. CloseHandle(hProcToken);
  106. }
  107. else
  108. {
  109. lResult = GetLastError();
  110. }
  112. ResumeImpersonate(hImpToken);
  114. if(lResult == ERROR_SUCCESS)
  115. {
  116. if( (pszSubKey != NULL) && (pszSubKey[0]) )
  117. {
  118. lResult = RegOpenKeyEx(hkcr,pszSubKey,0,samDesired,phkResult);
  119. RegCloseKey(hkcr);
  120. }
  121. else
  122. {
  123. *phkResult = hkcr;
  124. }
  125. }
  127. return lResult;
  128. }
  130. //+-------------------------------------------------------------------
  131. //
  132. // Function: OpenClassesRootKeyW, private
  133. //
  134. // Synopsis: See the comments above. This is the special verision of
  135. // RegOpenKeyW for HKCR-based hives.
  136. //
  137. //--------------------------------------------------------------------
  138. LONG WINAPI OpenClassesRootKeyW(LPCWSTR pszSubKey,HKEY *phkResult)
  139. {
  140. return OpenClassesRootKeyExW(pszSubKey,MAXIMUM_ALLOWED,phkResult);
  141. }
  143. //+-------------------------------------------------------------------
  144. //
  145. // Function: QueryClassesRootValueW, private
  146. //
  147. // Synopsis: See the comments above. This is the special verision of
  148. // RegQueryValue for HKCR-based hives.
  149. //
  150. //--------------------------------------------------------------------
  151. LONG WINAPI QueryClassesRootValueW(LPCWSTR pszSubKey,LPWSTR pszValue,PLONG lpcbValue)
  152. {
  153. HKEY hkcr = NULL;
  154. LONG lResult = OpenClassesRootKeyW(NULL,&hkcr);
  156. if(lResult == ERROR_SUCCESS)
  157. {
  158. lResult = RegQueryValueW(hkcr,pszSubKey,pszValue,lpcbValue);
  159. RegCloseKey(hkcr);
  160. }
  162. return lResult;
  163. }
  165. //+-------------------------------------------------------------------
  166. //
  167. // Function: OpenClassesRootKeyExA, private
  168. //
  169. // Synopsis: See the comments above. This is the special verision of
  170. // RegOpenKeyExA for HKCR-based hives.
  171. //
  172. //--------------------------------------------------------------------
  173. LONG WINAPI OpenClassesRootKeyExA(LPCSTR pszSubKey,REGSAM samDesired,HKEY *phkResult)
  174. {
  175. LONG lResult = ERROR_SUCCESS;
  176. HANDLE hImpToken = NULL;
  177. HANDLE hProcToken = NULL;
  178. HKEY hkcr = NULL;
  180. if(phkResult == NULL)
  181. return ERROR_INVALID_PARAMETER;
  183. *phkResult = NULL;
  185. SuspendImpersonate(&hImpToken);
  186. BOOL fRet = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hProcToken);
  187. if (fRet)
  188. {
  189. lResult = RegOpenUserClassesRoot(hProcToken, 0, MAXIMUM_ALLOWED, &hkcr);
  190. if (lResult != ERROR_SUCCESS)
  191. {
  192. // Failed to open the user's HKCR. We're going to use
  193. // HKLM\Software\Classes.
  194. lResult = RegOpenKeyExA(HKEY_LOCAL_MACHINE,
  195. "Software\\Classes",
  196. 0,
  197. MAXIMUM_ALLOWED,
  198. &hkcr);
  199. }
  201. CloseHandle(hProcToken);
  202. }
  203. else
  204. {
  205. lResult = GetLastError();
  206. }
  208. ResumeImpersonate(hImpToken);
  210. if(lResult == ERROR_SUCCESS)
  211. {
  212. if( (pszSubKey != NULL) && (pszSubKey[0]) )
  213. {
  214. lResult = RegOpenKeyExA(hkcr,pszSubKey,0,samDesired,phkResult);
  215. RegCloseKey(hkcr);
  216. }
  217. else
  218. {
  219. *phkResult = hkcr;
  220. }
  221. }
  223. return lResult;
  224. }
  226. //+-------------------------------------------------------------------
  227. //
  228. // Function: OpenClassesRootKeyA, private
  229. //
  230. // Synopsis: See the comments above. This is the special verision of
  231. // RegOpenKeyA for HKCR-based hives.
  232. //
  233. //--------------------------------------------------------------------
  234. LONG WINAPI OpenClassesRootKeyA(LPCSTR pszSubKey,HKEY *phkResult)
  235. {
  236. return OpenClassesRootKeyExA(pszSubKey,MAXIMUM_ALLOWED,phkResult);
  237. }
  239. //+-------------------------------------------------------------------
  240. //
  241. // Function: QueryClassesRootValueA, private
  242. //
  243. // Synopsis: See the comments above. This is the special verision of
  244. // RegQueryValueA for HKCR-based hives.
  245. //
  246. //--------------------------------------------------------------------
  247. LONG WINAPI QueryClassesRootValueA(LPCSTR pszSubKey,LPSTR pszValue,PLONG lpcbValue)
  248. {
  249. HKEY hkcr = NULL;
  250. LONG lResult = OpenClassesRootKeyA(NULL,&hkcr);
  252. if(lResult == ERROR_SUCCESS)
  253. {
  254. lResult = RegQueryValueA(hkcr,pszSubKey,pszValue,lpcbValue);
  255. RegCloseKey(hkcr);
  256. }
  258. return lResult;
  259. }
  261. //+-------------------------------------------------------------------
  262. //
  263. // Function: SetClassesRootValueW, private
  264. //
  265. // Synopsis: See the comments above. This is the special verision of
  266. // RegSetValueW for HKCR-based hives.
  267. //
  268. //--------------------------------------------------------------------
  269. LONG WINAPI SetClassesRootValueW(LPCWSTR pszSubKey,DWORD dwType,LPCWSTR pszData,DWORD cbData)
  270. {
  271. HKEY hkcr = NULL;
  272. LONG lResult = OpenClassesRootKeyW(NULL,&hkcr);
  274. if(lResult == ERROR_SUCCESS)
  275. {
  276. lResult = RegSetValueW(hkcr,pszSubKey,dwType,pszData,cbData);
  277. RegCloseKey(hkcr);
  278. }
  280. return lResult;
  281. }