//+--------------------------------------------------------------------------- ///////////////////////////////////////////////////////////////////////////////// // // Microsoft Windows // Copyright (C) Microsoft Corporation, 2001-2002. // // File: ComponentDataSafer.cpp // // Contents: Implementation of CCertMgrComponentData // //---------------------------------------------------------------------------- #include "stdafx.h" USE_HANDLE_MACROS ("CERTMGR (ComponentDataSafer.cpp)") #include #include "compdata.h" #include "dataobj.h" #include "cookie.h" #include "Certifct.h" #include "dlgs.h" #pragma warning(push, 3) #include #include #pragma warning(pop) #include "storegpe.h" #include "PolicyPrecedencePropertyPage.h" #include "SaferLevelGeneral.h" #include "SaferEntry.h" #include "SaferEntryPathPropertyPage.h" #include "SaferEntryPropertySheet.h" #include "SaferEntryHashPropertyPage.h" #include "SaferEntryCertificatePropertyPage.h" #include "SaferEntryInternetZonePropertyPage.h" #include "SaferTrustedPublishersPropertyPage.h" #include "SaferDefinedFileTypesPropertyPage.h" #include "SaferEnforcementPropertyPage.h" #include "SaferUtil.h" #ifdef _DEBUG #ifndef ALPHA #define new DEBUG_NEW #endif #undef THIS_FILE static char THIS_FILE[] = __FILE__; #endif extern HKEY g_hkeyLastSaferRegistryScope; extern GUID g_guidExtension; extern GUID g_guidRegExt; extern GUID g_guidSnapin; CSaferWindowsExtension::CSaferWindowsExtension() : CCertMgrComponentData () { SetHtmlHelpFileName (SAFER_WINDOWS_HELP_FILE); m_strLinkedHelpFile = SAFER_WINDOWS_LINKED_HELP_FILE; }; HRESULT CCertMgrComponentData::AddSaferNewEntryMenuItems (LPCONTEXTMENUCALLBACK pContextMenuCallback, LONG lInsertionPointID) { _TRACE (1, L"Entering CCertMgrComponentData::AddSaferNewEntryMenuItems\n"); AFX_MANAGE_STATE (AfxGetStaticModuleState ()); ASSERT (pContextMenuCallback); if ( !pContextMenuCallback ) return E_POINTER; HRESULT hr = S_OK; ASSERT (m_pGPEInformation); // must not be RSOP if ( !m_pGPEInformation ) return E_FAIL; hr = AddSingleMenuItem (pContextMenuCallback, lInsertionPointID, IDS_SAFER_NEW_ENTRY_CERTIFICATE, IDS_SAFER_NEW_ENTRY_CERTIFICATE_HINT, IDM_SAFER_NEW_ENTRY_CERTIFICATE); if ( SUCCEEDED (hr) ) hr = AddSingleMenuItem (pContextMenuCallback, lInsertionPointID, IDS_SAFER_NEW_ENTRY_HASH, IDS_SAFER_NEW_ENTRY_HASH_HINT, IDM_SAFER_NEW_ENTRY_HASH); if ( SUCCEEDED (hr) ) hr = AddSingleMenuItem (pContextMenuCallback, lInsertionPointID, IDS_SAFER_NEW_ENTRY_INTERNET_ZONE, IDS_SAFER_NEW_ENTRY_INTERNET_ZONE_HINT, IDM_SAFER_NEW_ENTRY_INTERNET_ZONE); if ( SUCCEEDED (hr) ) hr = AddSingleMenuItem (pContextMenuCallback, lInsertionPointID, IDS_SAFER_NEW_ENTRY_PATH, IDS_SAFER_NEW_ENTRY_PATH_HINT, IDM_SAFER_NEW_ENTRY_PATH); _TRACE (-1, L"Leaving CCertMgrComponentData::AddSaferNewEntryMenuItems: 0x%x\n", hr); return hr; } HRESULT CCertMgrComponentData::OnSetSaferLevelDefault (LPDATAOBJECT pDataObject) { _TRACE (1, L"Entering CCertMgrComponentData::OnSetSaferLevelDefault\n"); AFX_MANAGE_STATE(AfxGetStaticModuleState()); ASSERT (pDataObject); if ( !pDataObject ) return E_POINTER; ASSERT (m_pGPEInformation); // must not be RSOP if ( !m_pGPEInformation ) return E_FAIL; HRESULT hr = S_OK; CCertMgrCookie* pCookie = ConvertCookie (pDataObject); ASSERT (pCookie); if ( pCookie ) { if ( pCookie->HasOpenPropertyPages () ) { CString text; CString caption; VERIFY (caption.LoadString (IDS_SAFER_WINDOWS_EXTENSION_REGISTRY)); VERIFY (text.LoadString (IDS_CANT_CHANGE_DEFAULT_PAGES_OPEN)); int iRetVal = 0; VERIFY (SUCCEEDED (m_pConsole->MessageBox (text, caption, MB_OK, &iRetVal))); return S_OK; } if ( CERTMGR_SAFER_COMPUTER_LEVEL == pCookie->m_objecttype || CERTMGR_SAFER_USER_LEVEL == pCookie->m_objecttype ) { CSaferLevel* pSaferLevel = dynamic_cast(pCookie); if ( pSaferLevel ) { int iRetVal = IDYES; if ( pSaferLevel->GetLevel () < m_dwDefaultSaferLevel ) { CString text; CString caption; VERIFY (caption.LoadString (IDS_SAFER_WINDOWS_EXTENSION_REGISTRY)); VERIFY (text.LoadString (IDS_DEFAULT_LEVEL_CHANGE_WARNING)); m_pConsole->MessageBox (text, caption, MB_ICONWARNING | MB_YESNO, &iRetVal); } if ( IDYES == iRetVal ) { hr = pSaferLevel->SetAsDefault (); if ( SUCCEEDED (hr) ) { m_dwDefaultSaferLevel = pSaferLevel->GetLevel (); if ( m_pConsole ) hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0); } else { CString text; CString caption; VERIFY (caption.LoadString (IDS_SAFER_WINDOWS_EXTENSION_REGISTRY)); // security review 2/22/2002 BryanWal ok text.FormatMessage (IDS_CANT_SET_AS_DEFAULT, pSaferLevel->GetObjectName (), GetSystemMessage (hr)); iRetVal = 0; ASSERT (m_pConsole); if ( m_pConsole ) { HRESULT hr1 = m_pConsole->MessageBox (text, caption, MB_ICONWARNING | MB_OK, &iRetVal); ASSERT (SUCCEEDED (hr1)); } } } } } else hr = E_FAIL; } _TRACE (-1, L"Leaving CCertMgrComponentData::OnSetSaferLevelDefault: 0x%x\n", hr); return hr; } HRESULT CCertMgrComponentData::AddSaferLevelPropPage ( LPPROPERTYSHEETCALLBACK pCallback, CSaferLevel* pSaferLevel, LONG_PTR lNotifyHandle, LPDATAOBJECT pDataObject) { _TRACE (1, L"Entering CCertMgrComponentData::AddSaferLevelPropPage\n"); HRESULT hr = S_OK; ASSERT (pCallback && pSaferLevel); if ( pCallback && pSaferLevel ) { CSaferLevelGeneral * pLevelPage = new CSaferLevelGeneral (*pSaferLevel, m_bIsRSOP, lNotifyHandle, pDataObject, m_dwDefaultSaferLevel, this); if ( pLevelPage ) { HPROPSHEETPAGE hLevelPage = MyCreatePropertySheetPage (&pLevelPage->m_psp); if ( hLevelPage ) { hr = pCallback->AddPage (hLevelPage); ASSERT (SUCCEEDED (hr)); if ( SUCCEEDED (hr) ) { if ( m_bIsRSOP ) { // CString regPath = SAFER_LEVELOBJECTS_REGKEY; // regPath += L"\\"; // DWORD dwLevel = pSaferLevel->GetLevel (); // WCHAR szLevel[16]; // regPath += _itow (dwLevel, szLevel, 10); CPolicyPrecedencePropertyPage * pPrecedencePage = new CPolicyPrecedencePropertyPage (this, SAFER_HKLM_REGBASE, SAFER_DEFAULTOBJ_REGVALUE, CERTMGR_SAFER_COMPUTER_LEVEL == pSaferLevel->m_objecttype); if ( pPrecedencePage ) { HPROPSHEETPAGE hPrecedencePage = MyCreatePropertySheetPage (&pPrecedencePage->m_psp); if ( hPrecedencePage ) { hr = pCallback->AddPage (hPrecedencePage); ASSERT (SUCCEEDED (hr)); if ( FAILED (hr) ) VERIFY (::DestroyPropertySheetPage (hPrecedencePage)); } else delete pPrecedencePage; } else { hr = E_OUTOFMEMORY; } } } else { VERIFY (::DestroyPropertySheetPage (hLevelPage)); } } else delete pLevelPage; } else { hr = E_OUTOFMEMORY; } } else hr = E_POINTER; _TRACE (-1, L"Leaving CCertMgrComponentData::AddSaferLevelPropPage: 0x%x\n", hr); return hr; } HRESULT CCertMgrComponentData::OnCreateNewSaferPolicy (LPDATAOBJECT pDataObject) { _TRACE (1, L"Entering CCertMgrComponentData::OnCreateNewSaferPolicy\n"); HRESULT hr = S_OK; CCertMgrCookie* pCookie = ConvertCookie (pDataObject); ASSERT (pCookie); if ( pCookie ) { bool bIsComputer = CERTMGR_SAFER_COMPUTER_ROOT == pCookie->m_objecttype; HKEY hGroupPolicyKey = 0; hr = m_pGPEInformation->GetRegistryKey ( bIsComputer ? GPO_SECTION_MACHINE : GPO_SECTION_USER, &hGroupPolicyKey); if ( SUCCEEDED (hr) ) { BOOL bDefaultsActuallyPopulated = FALSE; BOOL bResult = ::SaferiPopulateDefaultsInRegistry( hGroupPolicyKey, &bDefaultsActuallyPopulated); if ( bResult && bDefaultsActuallyPopulated ) { m_pGPEInformation->PolicyChanged (TRUE, TRUE, &g_guidExtension, &g_guidSnapin); m_pGPEInformation->PolicyChanged (TRUE, TRUE, &g_guidRegExt, &g_guidSnapin); } ::RegCloseKey (hGroupPolicyKey); } CSaferRootCookie* pSaferRootCookie = dynamic_cast (pCookie); if ( pSaferRootCookie ) pSaferRootCookie->m_bCreateSaferNodes = true; if ( !m_pResultData ) hr = GetResultData (&m_pResultData); if ( m_pResultData ) hr = m_pResultData->DeleteAllRsltItems (); // Force scope item selection to for call to // IComponent::QueryResultViewType () hr = m_pComponentConsole->SelectScopeItem (pCookie->m_hScopeItem); hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0); hr = OnNotifyExpand (pDataObject, TRUE, pCookie->m_hScopeItem); } else hr = E_FAIL; _TRACE (-1, L"Leaving CCertMgrComponentData::OnCreateNewSaferPolicy: 0x%x\n", hr); return hr; } HRESULT CCertMgrComponentData::OnDeleteSaferPolicy (LPDATAOBJECT pDataObject) { _TRACE (1, L"Entering CCertMgrComponentData::OnDeleteSaferPolicy\n"); AFX_MANAGE_STATE (AfxGetStaticModuleState ()); ASSERT (pDataObject); if ( !pDataObject ) return E_POINTER; HRESULT hr = S_OK; if ( GetOpenSaferPageCount () == 0 ) { CString text; CString caption; VERIFY (caption.LoadString (IDS_SAFER_WINDOWS_EXTENSION_REGISTRY)); VERIFY (text.LoadString (IDS_CONFIRM_DELETE_SAFER_POLICY)); int iRetVal = 0; VERIFY (SUCCEEDED (m_pConsole->MessageBox (text, caption, MB_YESNO | MB_ICONWARNING, &iRetVal))); if ( IDYES == iRetVal ) { CCertMgrCookie* pCookie = ConvertCookie (pDataObject); ASSERT (pCookie); if ( pCookie ) { bool bIsComputer = CERTMGR_SAFER_COMPUTER_ROOT == pCookie->m_objecttype; HKEY hGroupPolicyKey = 0; hr = m_pGPEInformation->GetRegistryKey ( bIsComputer ? GPO_SECTION_MACHINE : GPO_SECTION_USER, &hGroupPolicyKey); if ( SUCCEEDED (hr) ) { DWORD dwResult = 0; // Delete "Safer" key HKEY hWindowsKey = 0; LRESULT lResult = ::RegOpenKeyEx (hGroupPolicyKey, L"Software\\Policies\\Microsoft\\Windows", 0, // security review 2/22/2002 BryanWal ok KEY_ALL_ACCESS, // KEY_ALL_ACCESS required to delete keys &hWindowsKey); if ( ERROR_SUCCESS == lResult ) { dwResult = ::SHDeleteKey (hWindowsKey, L"Safer"); if ( ERROR_SUCCESS != dwResult && ERROR_FILE_NOT_FOUND != dwResult ) { _TRACE (0, L"SHDeleteKey (\"Safer\") failed: 0x%x (%s)\n", dwResult, (PCWSTR) GetSystemMessage (dwResult)); } ::RegCloseKey (hWindowsKey); } // Delete "SystemCertificates" safer keys HKEY hSysCertKey = 0; lResult = ::RegOpenKeyEx (hGroupPolicyKey, L"Software\\Policies\\Microsoft\\SystemCertificates", 0, // security review 2/22/2002 BryanWal ok KEY_ALL_ACCESS, // KEY_ALL_ACCESS required to delete keys &hSysCertKey); if ( ERROR_SUCCESS == lResult ) { dwResult = ::SHDeleteKey (hSysCertKey, L"Disallowed"); if ( ERROR_SUCCESS == dwResult || ERROR_FILE_NOT_FOUND == dwResult ) { dwResult = ::SHDeleteKey (hSysCertKey, L"TrustedPublisher"); if ( ERROR_SUCCESS != dwResult && ERROR_FILE_NOT_FOUND != dwResult ) { _TRACE (0, L"SHDeleteKey (\"TrustedPublisher\") failed: 0x%x (%s)\n", dwResult, (PCWSTR) GetSystemMessage (dwResult)); } } else { _TRACE (0, L"SHDeleteKey (\"Disallowed\") failed: 0x%x (%s)\n", dwResult, (PCWSTR) GetSystemMessage (dwResult)); } ::RegCloseKey (hSysCertKey); } if ( ERROR_SUCCESS != dwResult && ERROR_FILE_NOT_FOUND != dwResult ) { CString text; CString caption; VERIFY (caption.LoadString (IDS_SAFER_WINDOWS_EXTENSION_REGISTRY)); // security review 2/22/2002 BryanWal ok text.FormatMessage (IDS_CANT_DELETE_SAFER_POLICY, GetSystemMessage (dwResult)); int iRetVal1 = 0; VERIFY (SUCCEEDED (m_pConsole->MessageBox (text, caption, MB_OK, &iRetVal1))); } ::RegCloseKey (hGroupPolicyKey); } m_pGPEInformation->PolicyChanged (TRUE, FALSE, &g_guidExtension, &g_guidSnapin); m_pGPEInformation->PolicyChanged (TRUE, FALSE, &g_guidRegExt, &g_guidSnapin); CSaferRootCookie* pSaferRootCookie = dynamic_cast (pCookie); if ( pSaferRootCookie ) pSaferRootCookie->m_bCreateSaferNodes = false; if ( !m_pResultData ) hr = GetResultData (&m_pResultData); if ( m_pResultData ) hr = m_pResultData->DeleteAllRsltItems (); hr = DeleteChildren (pCookie->m_hScopeItem); // Force scope item selection to for call to // IComponent::QueryResultViewType () hr = m_pComponentConsole->SelectScopeItem (pCookie->m_hScopeItem); hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0); hr = OnNotifyExpand (pDataObject, TRUE, pCookie->m_hScopeItem); } else hr = E_FAIL; } } else { CString text; CString caption; VERIFY (caption.LoadString (IDS_SAFER_WINDOWS_EXTENSION_REGISTRY)); VERIFY (text.LoadString (IDS_CANT_DELETE_SAFER_PAGES_OPEN)); int iRetVal = 0; VERIFY (SUCCEEDED (m_pConsole->MessageBox (text, caption, MB_OK, &iRetVal))); return S_OK; } _TRACE (-1, L"Leaving CCertMgrComponentData::OnDeleteSaferPolicy: 0x%x\n", hr); return hr; } HRESULT CCertMgrComponentData::OnNewSaferEntry(long nCommandID, LPDATAOBJECT pDataObject) { _TRACE (1, L"Entering CCertMgrComponentData::OnNewSaferEntry ()\n"); AFX_MANAGE_STATE (AfxGetStaticModuleState ()); HRESULT hr = S_OK; CCertMgrCookie* pCookie = ConvertCookie (pDataObject); ASSERT (pCookie); if ( pCookie ) { bool bIsComputer = false; switch (pCookie->m_objecttype) { case CERTMGR_SAFER_COMPUTER_ENTRIES: bIsComputer = true; break; case CERTMGR_SAFER_USER_ENTRIES: break; default: ASSERT (0); hr = E_FAIL; return hr; } CSaferEntries* pSaferEntries = dynamic_cast (pCookie); if ( !pSaferEntries ) return E_UNEXPECTED; SAFER_ENTRY_TYPE saferEntryType = SAFER_ENTRY_TYPE_UNKNOWN; switch (nCommandID) { case IDM_SAFER_NEW_ENTRY_PATH: saferEntryType = SAFER_ENTRY_TYPE_PATH; break; case IDM_SAFER_NEW_ENTRY_HASH: saferEntryType = SAFER_ENTRY_TYPE_HASH; break; case IDM_SAFER_NEW_ENTRY_CERTIFICATE: saferEntryType = SAFER_ENTRY_TYPE_CERT; break; case IDM_SAFER_NEW_ENTRY_INTERNET_ZONE: saferEntryType = SAFER_ENTRY_TYPE_URLZONE; break; default: ASSERT (0); break; } CSaferEntry* pSaferEntry = new CSaferEntry ( saferEntryType, bIsComputer, L"", L"", 0, (DWORD) AUTHZ_UNKNOWN_LEVEL, m_pGPEInformation, 0, pSaferEntries, bIsComputer ? m_rsopObjectArrayComputer : m_rsopObjectArrayUser); ASSERT (pSaferEntry); if ( pSaferEntry ) { UINT nIDCaption = 0; switch (nCommandID) { case IDM_SAFER_NEW_ENTRY_PATH: nIDCaption = IDS_NEW_PATH_RULE; break; case IDM_SAFER_NEW_ENTRY_HASH: nIDCaption = IDS_NEW_HASH_RULE; break; case IDM_SAFER_NEW_ENTRY_CERTIFICATE: nIDCaption = IDS_NEW_CERTIFICATE_RULE; break; case IDM_SAFER_NEW_ENTRY_INTERNET_ZONE: nIDCaption = IDS_NEW_URLZONE_RULE; break; default: ASSERT (0); hr = E_FAIL; break; } CThemeContextActivator activator; HWND hParent = 0; hr = m_pConsole->GetMainWindow (&hParent); ASSERT (SUCCEEDED (hr)); if ( SUCCEEDED (hr) ) { CWnd parentWnd; VERIFY (parentWnd.Attach (hParent)); CSaferEntryPropertySheet propSheet (nIDCaption, &parentWnd); CSaferPropertyPage* pPage = 0; bool bObjectCreated = false; switch (nCommandID) { case IDM_SAFER_NEW_ENTRY_PATH: { CSaferEntryPathPropertyPage* pPropPage = new CSaferEntryPathPropertyPage (*pSaferEntry, 0, 0, false, true, this, bIsComputer, &bObjectCreated); if ( pPropPage ) { pPage = pPropPage; } else hr = E_OUTOFMEMORY; } break; case IDM_SAFER_NEW_ENTRY_HASH: { CSaferEntryHashPropertyPage* pPropPage = new CSaferEntryHashPropertyPage (*pSaferEntry, 0, 0, false, this, bIsComputer, &bObjectCreated); if ( pPropPage ) { pPage = pPropPage; } else hr = E_OUTOFMEMORY; } break; case IDM_SAFER_NEW_ENTRY_CERTIFICATE: { CSaferEntryCertificatePropertyPage* pPropPage = new CSaferEntryCertificatePropertyPage (*pSaferEntry, pSaferEntries, 0, 0, false, this, true, m_pGPEInformation, bIsComputer, &bObjectCreated); if ( pPropPage ) { pPage = pPropPage; } else hr = E_OUTOFMEMORY; } break; case IDM_SAFER_NEW_ENTRY_INTERNET_ZONE: { CSaferEntryInternetZonePropertyPage* pPropPage = new CSaferEntryInternetZonePropertyPage (*pSaferEntry, true, 0, 0, false, this, bIsComputer, &bObjectCreated); if ( pPropPage ) { pPage = pPropPage; } else hr = E_OUTOFMEMORY; } break; default: hr = E_FAIL; break; } if ( SUCCEEDED (hr) ) { propSheet.AddPage (pPage); CThemeContextActivator activator; INT_PTR iRet = propSheet.DoModal (); if ( IDOK == iRet || bObjectCreated ) { hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0); } } delete pSaferEntry; parentWnd.Detach (); } } else hr = E_OUTOFMEMORY; } else hr = E_FAIL; _TRACE (-1, L"Leaving CCertMgrComponentData::OnNewSaferEntry (): 0x%x\n", hr); return hr; } HRESULT CCertMgrComponentData::AddSaferTrustedPublisherPropPages ( LPPROPERTYSHEETCALLBACK pCallback, bool bIsMachineType) { _TRACE (1, L"Entering CCertMgrComponentData::AddSaferTrustedPublisherPropPages\n"); HRESULT hr = S_OK; ASSERT (pCallback); if ( pCallback ) { CSaferTrustedPublishersPropertyPage * pTrustedPublisherPage = new CSaferTrustedPublishersPropertyPage ( bIsMachineType, m_pGPEInformation, this); if ( pTrustedPublisherPage ) { HPROPSHEETPAGE hTrustedPublisherPage = MyCreatePropertySheetPage (&pTrustedPublisherPage->m_psp); if ( hTrustedPublisherPage ) { hr = pCallback->AddPage (hTrustedPublisherPage); ASSERT (SUCCEEDED (hr)); if ( SUCCEEDED (hr) ) { // Add the precedence page if this is RSOP if ( m_bIsRSOP ) { CPolicyPrecedencePropertyPage * pPrecedencePage = new CPolicyPrecedencePropertyPage (this, CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH, CERT_TRUST_PUB_AUTHENTICODE_FLAGS_VALUE_NAME, bIsMachineType); if ( pPrecedencePage ) { HPROPSHEETPAGE hPrecedencePage = MyCreatePropertySheetPage (&pPrecedencePage->m_psp); if ( hPrecedencePage ) { hr = pCallback->AddPage (hPrecedencePage); ASSERT (SUCCEEDED (hr)); if ( FAILED (hr) ) VERIFY (::DestroyPropertySheetPage (hPrecedencePage)); } else { delete pPrecedencePage; } } else { hr = E_OUTOFMEMORY; } } } else { VERIFY (::DestroyPropertySheetPage (hTrustedPublisherPage)); } } else delete pTrustedPublisherPage; } else { hr = E_OUTOFMEMORY; } } else hr = E_POINTER; _TRACE (-1, L"Leaving CCertMgrComponentData::AddSaferTrustedPublisherPropPages: 0x%x\n", hr); return hr; } HRESULT CCertMgrComponentData::AddSaferDefinedFileTypesPropPages ( LPPROPERTYSHEETCALLBACK pCallback, bool bIsComputerType) { _TRACE (1, L"Entering CCertMgrComponentData::AddSaferDefinedFileTypesPropPages\n"); HRESULT hr = S_OK; ASSERT (pCallback); if ( pCallback ) { CSaferDefinedFileTypesPropertyPage * pDefinedFileTypesPage = new CSaferDefinedFileTypesPropertyPage ( m_pGPEInformation, m_bIsRSOP, bIsComputerType ? m_rsopObjectArrayComputer : m_rsopObjectArrayUser, bIsComputerType, this); if ( pDefinedFileTypesPage ) { HPROPSHEETPAGE hDefinedFileTypesPage = MyCreatePropertySheetPage (&pDefinedFileTypesPage->m_psp); if ( hDefinedFileTypesPage ) { hr = pCallback->AddPage (hDefinedFileTypesPage); ASSERT (SUCCEEDED (hr)); if ( SUCCEEDED (hr) ) { if ( m_bIsRSOP ) { CPolicyPrecedencePropertyPage * pPrecedencePage = new CPolicyPrecedencePropertyPage (this, SAFER_HKLM_REGBASE, SAFER_EXETYPES_REGVALUE, bIsComputerType); if ( pPrecedencePage ) { HPROPSHEETPAGE hPrecedencePage = MyCreatePropertySheetPage (&pPrecedencePage->m_psp); if ( hPrecedencePage ) { hr = pCallback->AddPage (hPrecedencePage); ASSERT (SUCCEEDED (hr)); if ( FAILED (hr) ) VERIFY (::DestroyPropertySheetPage (hPrecedencePage)); } else delete pPrecedencePage; } else { hr = E_OUTOFMEMORY; } } } else { VERIFY (::DestroyPropertySheetPage (hDefinedFileTypesPage)); } } else delete pDefinedFileTypesPage; } else { hr = E_OUTOFMEMORY; } } else hr = E_POINTER; _TRACE (-1, L"Leaving CCertMgrComponentData::AddSaferDefinedFileTypesPropPages: 0x%x\n", hr); return hr; } HRESULT CCertMgrComponentData::AddSaferEnforcementPropPages ( LPPROPERTYSHEETCALLBACK pCallback, bool bIsComputerType) { _TRACE (1, L"Entering CCertMgrComponentData::AddSaferEnforcementPropPages\n"); HRESULT hr = S_OK; ASSERT (pCallback); if ( pCallback ) { CSaferEnforcementPropertyPage * pEnforcementPage = new CSaferEnforcementPropertyPage ( m_pGPEInformation, this, m_bIsRSOP, bIsComputerType ? m_rsopObjectArrayComputer : m_rsopObjectArrayUser, bIsComputerType); if ( pEnforcementPage ) { HPROPSHEETPAGE hEnforcementPage = MyCreatePropertySheetPage (&pEnforcementPage->m_psp); if ( hEnforcementPage ) { hr = pCallback->AddPage (hEnforcementPage); ASSERT (SUCCEEDED (hr)); if ( SUCCEEDED (hr) ) { if ( m_bIsRSOP ) { CPolicyPrecedencePropertyPage * pPrecedencePage = new CPolicyPrecedencePropertyPage (this, SAFER_HKLM_REGBASE, SAFER_TRANSPARENTENABLED_REGVALUE, bIsComputerType); if ( pPrecedencePage ) { HPROPSHEETPAGE hPrecedencePage = MyCreatePropertySheetPage (&pPrecedencePage->m_psp); if ( hPrecedencePage ) { hr = pCallback->AddPage (hPrecedencePage); ASSERT (SUCCEEDED (hr)); if ( FAILED (hr) ) VERIFY (::DestroyPropertySheetPage (hPrecedencePage)); } else delete pPrecedencePage; } else { hr = E_OUTOFMEMORY; } } } else { VERIFY (::DestroyPropertySheetPage (hEnforcementPage)); } } else delete pEnforcementPage; } else { hr = E_OUTOFMEMORY; } } else hr = E_POINTER; _TRACE (-1, L"Leaving CCertMgrComponentData::AddSaferEnforcementPropPages: 0x%x\n", hr); return hr; } HRESULT CCertMgrComponentData::AddSaferEntryPropertyPage ( LPPROPERTYSHEETCALLBACK pCallback, CCertMgrCookie* pCookie, LPDATAOBJECT pDataObject, LONG_PTR lNotifyHandle) { _TRACE (1, L"Entering CCertMgrComponentData::AddSaferEntryPropertyPage\n"); ASSERT (pCallback && pCookie); if ( !pCallback || !pCookie ) return E_POINTER; HRESULT hr = S_OK; bool bIsComputer = false; switch (pCookie->m_objecttype) { case CERTMGR_SAFER_COMPUTER_ENTRY: bIsComputer = true; break; case CERTMGR_SAFER_USER_ENTRY: break; default: ASSERT (0); hr = E_FAIL; return hr; } CSaferEntry* pSaferEntry = dynamic_cast (pCookie); ASSERT (pSaferEntry); if ( pSaferEntry ) { pSaferEntry->Refresh (); switch (pSaferEntry->GetType ()) { case SAFER_ENTRY_TYPE_PATH: { CSaferEntryPathPropertyPage* pPage = new CSaferEntryPathPropertyPage (*pSaferEntry, lNotifyHandle, pDataObject, m_bIsRSOP, false, this, bIsComputer); if ( pPage ) { HPROPSHEETPAGE hPage = MyCreatePropertySheetPage (&pPage->m_psp); if ( hPage ) { hr = pCallback->AddPage (hPage); if ( FAILED (hr) ) { VERIFY (::DestroyPropertySheetPage (hPage)); } } else delete pPage; } else hr = E_OUTOFMEMORY; } break; case SAFER_ENTRY_TYPE_HASH: { CSaferEntryHashPropertyPage* pPage = new CSaferEntryHashPropertyPage (*pSaferEntry, lNotifyHandle, pDataObject, m_bIsRSOP, this, bIsComputer); if ( pPage ) { HPROPSHEETPAGE hPage = MyCreatePropertySheetPage (&pPage->m_psp); if ( hPage ) { hr = pCallback->AddPage (hPage); if ( FAILED (hr) ) { VERIFY (::DestroyPropertySheetPage (hPage)); } } else delete pPage; } else hr = E_OUTOFMEMORY; } break; case SAFER_ENTRY_TYPE_CERT: { CSaferEntries* pSaferEntries = 0; hr = pSaferEntry->GetSaferEntriesNode (&pSaferEntries); if ( SUCCEEDED (hr) ) { CSaferEntryCertificatePropertyPage* pPage = new CSaferEntryCertificatePropertyPage (*pSaferEntry, pSaferEntries, lNotifyHandle, pDataObject, m_bIsRSOP, this, false, m_pGPEInformation, bIsComputer); if ( pPage ) { HPROPSHEETPAGE hPage = MyCreatePropertySheetPage (&pPage->m_psp); if ( hPage ) { hr = pCallback->AddPage (hPage); if ( FAILED (hr) ) { VERIFY (::DestroyPropertySheetPage (hPage)); } } else delete pPage; } else hr = E_OUTOFMEMORY; pSaferEntries->Release (); } } break; case SAFER_ENTRY_TYPE_URLZONE: { CSaferEntryInternetZonePropertyPage* pPage = new CSaferEntryInternetZonePropertyPage (*pSaferEntry, false, lNotifyHandle, pDataObject, m_bIsRSOP, this, bIsComputer); if ( pPage ) { HPROPSHEETPAGE hPage = MyCreatePropertySheetPage (&pPage->m_psp); if ( hPage ) { hr = pCallback->AddPage (hPage); if ( FAILED (hr) ) { VERIFY (::DestroyPropertySheetPage (hPage)); } } else delete pPage; } else hr = E_OUTOFMEMORY; } break; default: hr = E_FAIL; break; } if ( SUCCEEDED (hr) && m_bIsRSOP ) { CString szValue; switch (pSaferEntry->GetType ()) { case SAFER_ENTRY_TYPE_PATH: case SAFER_ENTRY_TYPE_HASH: case SAFER_ENTRY_TYPE_URLZONE: szValue = SAFER_IDS_ITEMDATA_REGVALUE; break; case SAFER_ENTRY_TYPE_CERT: szValue = STR_BLOB; break; default: ASSERT (0); break; } CPolicyPrecedencePropertyPage * pPrecedencePage = new CPolicyPrecedencePropertyPage (this, pSaferEntry->GetRSOPRegistryKey (), szValue, bIsComputer); if ( pPrecedencePage ) { HPROPSHEETPAGE hPrecedencePage = MyCreatePropertySheetPage (&pPrecedencePage->m_psp); if ( hPrecedencePage ) { hr = pCallback->AddPage (hPrecedencePage); ASSERT (SUCCEEDED (hr)); if ( FAILED (hr) ) VERIFY (::DestroyPropertySheetPage (hPrecedencePage)); } else delete pPrecedencePage; } else { hr = E_OUTOFMEMORY; } } } else hr = E_FAIL; _TRACE (-1, L"Leaving CCertMgrComponentData::AddSaferEntryPropertyPage: 0x%x\n", hr); return hr; } bool CSaferWindowsExtension::FoundInRSOPFilter (BSTR bstrKey) const { ASSERT (bstrKey); if ( !bstrKey ) return false; // security review 2/22/2002 BryanWal ok for all static size_t nSaferKeyLen = wcslen (SAFER_HKLM_REGBASE); static size_t nSaferPKKeyLen = wcslen (CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH); static size_t nTrustedPublisherKeyLane = wcslen (CERT_TRUST_PUB_SAFER_GROUP_POLICY_TRUSTED_PUBLISHER_STORE_REGPATH); static size_t nDisallowedKeyLen = wcslen (CERT_TRUST_PUB_SAFER_GROUP_POLICY_DISALLOWED_STORE_REGPATH); // security review 2/22/2002 BryanWal ok for all if ( !_wcsnicmp (SAFER_HKLM_REGBASE, bstrKey, nSaferKeyLen) || !_wcsnicmp (CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH, bstrKey, nSaferPKKeyLen) || !_wcsnicmp (CERT_TRUST_PUB_SAFER_GROUP_POLICY_TRUSTED_PUBLISHER_STORE_REGPATH, bstrKey, nTrustedPublisherKeyLane) || !_wcsnicmp (CERT_TRUST_PUB_SAFER_GROUP_POLICY_DISALLOWED_STORE_REGPATH, bstrKey, nDisallowedKeyLen) ) { return true; } else return false; } HRESULT CCertMgrComponentData::SaferEnumerateLevels (bool bIsComputer) { _TRACE (1, L"Entering CCertMgrComponent::SaferEnumerateLevels ()\n"); HRESULT hr = S_OK; if ( !m_pdwSaferLevels ) { if ( m_pGPEInformation ) { DWORD cbBuffer = 0; CPolicyKey policyKey (m_pGPEInformation, SAFER_HKLM_REGBASE, bIsComputer); SetRegistryScope (policyKey.GetKey (), bIsComputer); BOOL bRVal = SaferGetPolicyInformation( SAFER_SCOPEID_REGISTRY, SaferPolicyLevelList, cbBuffer, m_pdwSaferLevels, &cbBuffer, 0); if ( !bRVal && GetLastError () == ERROR_INSUFFICIENT_BUFFER ) { DWORD nLevels = cbBuffer/sizeof (DWORD); m_pdwSaferLevels = new DWORD[nLevels+1]; if ( m_pdwSaferLevels ) { // security review 2/22/2002 BryanWal ok memset (m_pdwSaferLevels, NO_MORE_SAFER_LEVELS, sizeof (DWORD) * (nLevels + 1)); bRVal = SaferGetPolicyInformation( SAFER_SCOPEID_REGISTRY, SaferPolicyLevelList, cbBuffer, m_pdwSaferLevels, &cbBuffer, 0); ASSERT (bRVal); if ( !bRVal ) { DWORD dwErr = GetLastError (); hr = HRESULT_FROM_WIN32 (dwErr); _TRACE (0, L"SaferGetPolicyInformation(SAFER_SCOPEID_REGISTRY, SaferPolicyLevelList) failed: %d\n", dwErr); } } else hr = E_OUTOFMEMORY; } else if ( !bRVal ) { ASSERT (0); DWORD dwErr = GetLastError (); hr = HRESULT_FROM_WIN32 (dwErr); _TRACE (0, L"SaferGetPolicyInformation(SAFER_SCOPEID_REGISTRY, SaferPolicyLevelList) failed: %d\n", dwErr); } } else { // Is RSOP const int RSOP_SAFER_LEVELS = 3; // SAFER_LEVELID_FULLYTRUSTED, SAFER_LEVELID_DISALLOWED + 1 m_pdwSaferLevels = new DWORD[RSOP_SAFER_LEVELS]; if ( m_pdwSaferLevels ) { m_pdwSaferLevels[0] = SAFER_LEVELID_FULLYTRUSTED; m_pdwSaferLevels[1] = SAFER_LEVELID_DISALLOWED; m_pdwSaferLevels[2] = (DWORD) NO_MORE_SAFER_LEVELS; } else hr = E_OUTOFMEMORY; } } _TRACE (-1, L"Leaving CCertMgrComponent::SaferEnumerateLevels (): 0x%x\n", hr); return hr; }