archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetcore/wininet/auth/urlzone.cxx

502 lines
11 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module Name:
  7. urlzone.cxx
  9. Abstract:
  11. Glue layer to zone security manager, now residing in urlmon.dll
  13. Author:
  15. Rajeev Dujari (rajeevd) 02-Aug-1997
  17. Contents:
  19. UrlZonesAttach
  20. UrlZonesDetach
  21. GetCredPolicy
  23. --*/
  26. #include <wininetp.h>
  27. #include "urlmon.h"
  29. //
  30. // prototypes
  31. //
  32. typedef HRESULT (*PFNCREATESECMGR)(IServiceProvider * pSP, IInternetSecurityManager **ppSM, DWORD dwReserved);
  33. typedef HRESULT (*PFNCREATEZONEMGR)(IServiceProvider * pSP, IInternetZoneManager **ppZM, DWORD dwReserved);
  35. //
  36. // globals
  37. //
  38. IInternetSecurityManager* g_pSecMgr = NULL;
  39. IInternetZoneManager* g_pZoneMgr = NULL;
  41. static BOOL g_bAttemptedInit = FALSE;
  42. static HINSTANCE g_hInstUrlMon = NULL;
  43. static PFNCREATESECMGR g_pfnCreateSecMgr = NULL;
  44. static PFNCREATEZONEMGR g_pfnCreateZoneMgr = NULL;
  46. //
  47. // Handy class which uses a stack buffer if possible, otherwise allocates.
  48. //
  49. struct FlexBuf
  50. {
  51. BYTE Buf[512];
  52. LPBYTE pbBuf;
  54. FlexBuf()
  55. {
  56. pbBuf = NULL;
  57. }
  59. ~FlexBuf()
  60. {
  61. if (pbBuf != NULL) {
  62. delete [] pbBuf;
  63. }
  64. }
  66. LPBYTE GetPtr (DWORD cbBuf)
  67. {
  68. if (cbBuf < sizeof(Buf))
  69. return Buf;
  70. pbBuf = new BYTE [cbBuf];
  71. return pbBuf;
  72. }
  73. };
  75. struct UnicodeBuf : public FlexBuf
  76. {
  77. LPWSTR Convert (LPCSTR pszUrl)
  78. {
  79. DWORD cbUrl = lstrlenA (pszUrl) + 1;
  80. LPWSTR pwszUrl = (LPWSTR) GetPtr (sizeof(WCHAR) * cbUrl);
  81. if (!pwszUrl)
  82. return NULL;
  83. MultiByteToWideChar
  84. (CP_ACP, 0, pszUrl, cbUrl, pwszUrl, cbUrl);
  85. return pwszUrl;
  86. }
  87. };
  89. //
  90. // Dynaload urlmon and create security manager object on demand.
  91. //
  93. BOOL UrlZonesAttach (void)
  94. {
  95. EnterCriticalSection(&ZoneMgrCritSec);
  96. BOOL bRet = FALSE;
  97. HRESULT hr;
  99. if (g_bAttemptedInit)
  100. {
  101. bRet = (g_pSecMgr != NULL && g_pZoneMgr != NULL);
  102. goto End;
  103. }
  105. g_bAttemptedInit = TRUE;
  107. g_hInstUrlMon = LoadLibraryA(URLMON_DLL);
  108. if (!g_hInstUrlMon)
  109. {
  110. bRet = FALSE;
  111. goto End;
  112. }
  114. g_pfnCreateSecMgr = (PFNCREATESECMGR)
  115. GetProcAddress(g_hInstUrlMon, "CoInternetCreateSecurityManager");
  116. if (!g_pfnCreateSecMgr)
  117. {
  118. bRet = FALSE;
  119. goto End;
  120. }
  122. g_pfnCreateZoneMgr = (PFNCREATEZONEMGR)
  123. GetProcAddress(g_hInstUrlMon, "CoInternetCreateZoneManager");
  124. if (!g_pfnCreateZoneMgr)
  125. {
  126. bRet = FALSE;
  127. goto End;
  128. }
  130. hr = (*g_pfnCreateSecMgr)(NULL, &g_pSecMgr, NULL);
  131. if( hr != S_OK )
  132. {
  133. bRet = FALSE;
  134. goto End;
  135. }
  137. hr = (*g_pfnCreateZoneMgr)(NULL, &g_pZoneMgr, NULL);
  138. bRet = (hr == S_OK);
  140. End:
  141. LeaveCriticalSection(&ZoneMgrCritSec);
  142. return bRet;
  143. }
  145. //
  146. // Clean up upon process detach.
  147. //
  149. STDAPI_(void) UrlZonesDetach (void)
  150. {
  151. EnterCriticalSection(&ZoneMgrCritSec);
  153. if (g_pSecMgr)
  154. {
  155. g_pSecMgr->Release();
  156. g_pSecMgr = NULL;
  157. }
  158. if (g_pZoneMgr)
  159. {
  160. g_pZoneMgr->Release();
  161. g_pZoneMgr = NULL;
  162. }
  163. if (g_hInstUrlMon)
  164. {
  165. FreeLibrary(g_hInstUrlMon);
  166. g_hInstUrlMon = NULL;
  167. }
  168. LeaveCriticalSection(&ZoneMgrCritSec);
  169. }
  171. extern "C" DWORD GetZoneFromUrl(LPCSTR pszUrl);
  173. DWORD GetZoneFromUrl(LPCSTR pszUrl)
  174. {
  175. DWORD dwZone;
  176. dwZone = URLZONE_UNTRUSTED; // null URL indicates restricted zone.
  178. UnicodeBuf ub;
  179. EnterCriticalSection(&ZoneMgrCritSec);
  180. if (!g_pSecMgr && !UrlZonesAttach())
  181. goto err;
  183. LPWSTR pwszUrl;
  184. if (!pszUrl)
  185. pwszUrl = NULL;
  186. else
  187. {
  188. pwszUrl = ub.Convert (pszUrl);
  189. if (!pwszUrl)
  190. goto err;
  191. }
  193. if (pszUrl)
  194. {
  195. // Otherwise determine the zone for this URL.
  196. g_pSecMgr->MapUrlToZone (pwszUrl, &dwZone, 0);
  197. }
  199. err:
  200. LeaveCriticalSection(&ZoneMgrCritSec);
  201. return dwZone;
  202. }
  204. //
  205. // Routine to get the Routine to indicate whether ntlm logon credential is allowed.
  206. //
  208. DWORD GetCredPolicy (LPSTR pszUrl)
  209. {
  210. HRESULT hr;
  211. DWORD dwPolicy;
  213. UnicodeBuf ub;
  214. EnterCriticalSection(&ZoneMgrCritSec);
  216. if (!UrlZonesAttach())
  217. goto err;
  219. LPWSTR pwszUrl;
  220. if (!pszUrl)
  221. pwszUrl = NULL;
  222. else
  223. {
  224. pwszUrl = ub.Convert (pszUrl);
  225. if (!pwszUrl)
  226. goto err;
  227. }
  229. hr = g_pSecMgr->ProcessUrlAction (pwszUrl, URLACTION_CREDENTIALS_USE,
  230. (LPBYTE) &dwPolicy, sizeof(dwPolicy), NULL, 0, PUAF_NOUI, 0);
  233. // Resolve the ambiguous "Prompt if Intranet zone policy".
  235. if (dwPolicy == URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT)
  236. {
  237. DWORD dwZone;
  238. dwZone = URLZONE_UNTRUSTED; // null URL indicates restricted zone.
  240. if (pszUrl)
  241. {
  242. // Otherwise determine the zone for this URL.
  243. hr = g_pSecMgr->MapUrlToZone (pwszUrl, &dwZone, 0);
  244. if (hr != S_OK)
  245. goto err;
  246. }
  248. if (dwZone == URLZONE_INTRANET)
  249. dwPolicy = URLPOLICY_CREDENTIALS_SILENT_LOGON_OK;
  250. else
  251. dwPolicy = URLPOLICY_CREDENTIALS_MUST_PROMPT_USER;
  252. }
  254. LeaveCriticalSection(&ZoneMgrCritSec);
  255. return dwPolicy;
  257. err:
  258. INET_ASSERT (FALSE);
  259. LeaveCriticalSection(&ZoneMgrCritSec);
  260. return URLPOLICY_CREDENTIALS_MUST_PROMPT_USER;
  261. }
  263. /*
  264. Main-switch for the cookie feature has 3 states.
  265. 1. ALLOW: all cookies are accepted/replayed (including leashed ones)
  266. 2. QUERY: received cookies are subject to P3P evaluation,
  267. leashed cookies are not replayed
  268. 3. DISALLOW:no cookies are accepted/replayed.
  269. */
  270. DWORD GetCookieMainSwitch(DWORD dwZone) {
  272. DWORD dwPolicy = URLPOLICY_DISALLOW;
  274. if (!UrlZonesAttach())
  275. return dwPolicy;
  277. EnterCriticalSection(&ZoneMgrCritSec);
  279. HRESULT hr = g_pZoneMgr->GetZoneActionPolicy(dwZone, URLACTION_COOKIES_ENABLED,
  280. (LPBYTE)&dwPolicy, sizeof(dwPolicy),
  281. URLZONEREG_DEFAULT);
  283. LeaveCriticalSection(&ZoneMgrCritSec);
  285. return SUCCEEDED(hr) ? dwPolicy : URLPOLICY_ALLOW;
  286. }
  288. DWORD GetCookieMainSwitch(LPCSTR pszURL) {
  290. return GetCookieMainSwitch(GetZoneFromUrl(pszURL));
  291. }
  293. DWORD GetCookiePolicy (LPCSTR pszUrl, DWORD dwUrlAction, BOOL fRestricted)
  294. {
  295. if (GlobalSuppressCookiesPolicy)
  296. {
  297. return URLPOLICY_ALLOW;
  298. }
  300. EnterCriticalSection(&ZoneMgrCritSec);
  301. UnicodeBuf ub;
  302. DWORD dwCP;
  304. if (!UrlZonesAttach())
  305. goto err;
  307. // Convert to unicode.
  308. LPWSTR pwszUrl;
  309. pwszUrl = ub.Convert (pszUrl);
  310. if (!pwszUrl)
  311. goto err;
  313. DWORD dwPolicy;
  314. HRESULT hr;
  315. DWORD dwFlags;
  317. dwFlags = PUAF_NOUI;
  318. if (fRestricted)
  319. dwFlags |= PUAF_ENFORCERESTRICTED;
  321. hr = g_pSecMgr->ProcessUrlAction (pwszUrl, dwUrlAction,
  322. (LPBYTE) &dwPolicy, sizeof(dwPolicy), NULL, 0, dwFlags, 0);
  324. if (!SUCCEEDED(hr) )
  325. goto err;
  327. dwCP = GetUrlPolicyPermissions(dwPolicy);
  328. LeaveCriticalSection(&ZoneMgrCritSec);
  329. return dwCP;
  331. err:
  332. LeaveCriticalSection(&ZoneMgrCritSec);
  333. INET_ASSERT (FALSE);
  334. return URLPOLICY_QUERY;
  335. }
  337. DWORD GetClientCertPromptPolicy (LPCSTR pszUrl, BOOL fRestricted /* = FALSE */)
  338. {
  339. EnterCriticalSection(&ZoneMgrCritSec);
  340. UnicodeBuf ub;
  341. DWORD dwCP;
  342. DWORD dwUrlAction = URLACTION_CLIENT_CERT_PROMPT;
  343. DWORD dwFlags;
  345. if (!UrlZonesAttach())
  346. goto err;
  348. // Convert to unicode.
  349. LPWSTR pwszUrl;
  350. pwszUrl = ub.Convert (pszUrl);
  351. if (!pwszUrl)
  352. goto err;
  354. DWORD dwPolicy;
  356. dwFlags = PUAF_NOUI;
  357. if (fRestricted)
  358. dwFlags |= PUAF_ENFORCERESTRICTED;
  360. HRESULT hr;
  362. hr = g_pSecMgr->ProcessUrlAction (pwszUrl, dwUrlAction,
  363. (LPBYTE) &dwPolicy, sizeof(dwPolicy), NULL, 0, dwFlags, 0);
  365. if (!SUCCEEDED(hr) )
  366. goto err;
  368. dwCP = GetUrlPolicyPermissions(dwPolicy);
  369. LeaveCriticalSection(&ZoneMgrCritSec);
  370. return dwCP;
  372. err:
  373. LeaveCriticalSection(&ZoneMgrCritSec);
  374. INET_ASSERT (FALSE);
  375. return URLPOLICY_QUERY;
  376. }
  378. VOID SetStopWarning( LPCSTR pszUrl, DWORD dwPolicy, DWORD dwUrlAction)
  379. {
  380. EnterCriticalSection(&ZoneMgrCritSec);
  381. UnicodeBuf ub;
  382. ZONEATTRIBUTES za = {0};
  384. if (!UrlZonesAttach())
  385. goto err;
  387. // Convert to unicode.
  388. LPWSTR pwszUrl;
  389. pwszUrl = ub.Convert (pszUrl);
  390. if (!pwszUrl)
  391. goto err;
  393. HRESULT hr;
  394. DWORD dwZone;
  395. hr = g_pSecMgr->MapUrlToZone(pwszUrl, &dwZone, 0);
  396. if (!SUCCEEDED(hr) )
  397. goto err;
  399. DWORD dwZonePolicy;
  401. hr = g_pZoneMgr->GetZoneActionPolicy(
  402. dwZone,
  403. dwUrlAction,
  404. (LPBYTE)&dwZonePolicy,
  405. sizeof(dwZonePolicy),
  406. URLZONEREG_DEFAULT );
  408. if (!SUCCEEDED(hr) )
  409. goto err;
  411. // set the policy back with passed value
  412. SetUrlPolicyPermissions(dwZonePolicy, dwPolicy);
  414. hr = g_pZoneMgr->SetZoneActionPolicy(
  415. dwZone,
  416. dwUrlAction,
  417. (LPBYTE) &dwZonePolicy,
  418. sizeof(dwZonePolicy),
  419. URLZONEREG_DEFAULT );
  421. if (!SUCCEEDED(hr) )
  422. goto err;
  424. // change the generic zone setting to 'custom' now we've changed something
  425. za.cbSize = sizeof(ZONEATTRIBUTES);
  426. g_pZoneMgr->GetZoneAttributes(dwZone, &za);
  427. za.dwTemplateCurrentLevel = URLTEMPLATE_CUSTOM;
  428. g_pZoneMgr->SetZoneAttributes(dwZone, &za);
  431. err:
  432. LeaveCriticalSection(&ZoneMgrCritSec);
  433. return;
  434. }
  436. //
  437. // Set and query no cookies mode
  438. //
  439. BOOL IsNoCookies(DWORD dwZone)
  440. {
  441. BOOL fNoCookies = FALSE;
  442. HRESULT hr;
  443. DWORD dwZonePolicy;
  445. EnterCriticalSection(&ZoneMgrCritSec);
  447. if (!UrlZonesAttach())
  448. goto exit;
  450. hr = g_pZoneMgr->GetZoneActionPolicy(
  451. dwZone,
  452. URLACTION_COOKIES_ENABLED,
  453. (LPBYTE)&dwZonePolicy,
  454. sizeof(dwZonePolicy),
  455. URLZONEREG_DEFAULT );
  457. if(SUCCEEDED(hr))
  458. {
  459. dwZonePolicy = GetUrlPolicyPermissions(dwZonePolicy);
  460. if(URLPOLICY_DISALLOW == dwZonePolicy)
  461. {
  462. fNoCookies = TRUE;
  463. }
  464. }
  466. exit:
  467. LeaveCriticalSection(&ZoneMgrCritSec);
  468. return fNoCookies;
  469. }
  471. void SetNoCookies(DWORD dwZone, DWORD dwNewPolicy)
  472. {
  473. DWORD dwZonePolicy;
  474. HRESULT hr;
  476. EnterCriticalSection(&ZoneMgrCritSec);
  478. if (!UrlZonesAttach())
  479. goto exit;
  481. hr = g_pZoneMgr->GetZoneActionPolicy(
  482. dwZone,
  483. URLACTION_COOKIES_ENABLED,
  484. (LPBYTE)&dwZonePolicy,
  485. sizeof(dwZonePolicy),
  486. URLZONEREG_DEFAULT );
  488. if(SUCCEEDED(hr))
  489. {
  490. SetUrlPolicyPermissions(dwZonePolicy, dwNewPolicy);
  492. g_pZoneMgr->SetZoneActionPolicy(
  493. dwZone,
  494. URLACTION_COOKIES_ENABLED,
  495. (LPBYTE)&dwZonePolicy,
  496. sizeof(dwZonePolicy),
  497. URLZONEREG_DEFAULT );
  498. }
  500. exit:
  501. LeaveCriticalSection(&ZoneMgrCritSec);
  502. }