You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
311 lines
8.2 KiB
311 lines
8.2 KiB
/*****************************************************************************\
|
|
* MODULE: prnsec.cpp
|
|
*
|
|
* PURPOSE: Implementations
|
|
*
|
|
* Copyright (C) 1999 Microsoft Corporation
|
|
*
|
|
* History:
|
|
*
|
|
* 09/2/99 mlawrenc First implemented the security templates
|
|
*
|
|
\*****************************************************************************/
|
|
|
|
#include <stdio.h>
|
|
|
|
#include "stdafx.h"
|
|
#include <strsafe.h>
|
|
#include "prnsec.h"
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
// Static Data Members
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
LPTSTR COlePrnSecurity::m_MsgStrings[EndMessages*2] = { NULL };
|
|
const DWORD COlePrnSecurity::dwMaxResBuf = 256;
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
// Methods
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
COlePrnSecurity::COlePrnSecurity(IN IUnknown *&iSite,
|
|
IN DWORD &dwSafety )
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This initialises all of the required members
|
|
|
|
Arguments:
|
|
iSite - A reference to the Site Interface pointer
|
|
dwSafety - A reference to the ATL Safety Flags member
|
|
|
|
--*/
|
|
: m_iSite(iSite),
|
|
m_dwSafetyFlags(dwSafety),
|
|
m_bDisplayUIonDisallow(TRUE),
|
|
m_iSecurity(NULL) {
|
|
}
|
|
|
|
|
|
COlePrnSecurity::~COlePrnSecurity()
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This clears any memory we have had to allocate
|
|
|
|
--*/
|
|
{
|
|
if (m_iSecurity)
|
|
m_iSecurity->Release();
|
|
}
|
|
|
|
|
|
|
|
HRESULT COlePrnSecurity::GetActionPolicy(IN DWORD dwAction,
|
|
OUT DWORD &dwPolicy)
|
|
/*++
|
|
|
|
Routine Description:
|
|
Sees whether the requested action is allowed by the site.
|
|
|
|
|
|
Arguments:
|
|
dwAction : The action which we want to perform
|
|
dwPolicy : The policy associated with the action
|
|
|
|
Return Value:
|
|
S_OK or S_FAIL the Policy was returned, S_OK generally means don't prompt
|
|
E_XXXXX
|
|
|
|
--*/
|
|
{
|
|
HRESULT hr = S_OK;
|
|
|
|
dwPolicy = URLPOLICY_DISALLOW;
|
|
|
|
if (!(m_dwSafetyFlags & INTERFACESAFE_FOR_UNTRUSTED_CALLER)) {
|
|
dwPolicy = URLPOLICY_ALLOW;
|
|
goto Cleanup;
|
|
}
|
|
|
|
if (NULL == m_iSecurity &&
|
|
FAILED( hr = SetSecurityManager()) )
|
|
goto Cleanup;
|
|
|
|
_ASSERTE(m_iSecurity != NULL);
|
|
|
|
hr = m_iSecurity->ProcessUrlAction(dwAction,
|
|
(LPBYTE)&dwPolicy,
|
|
sizeof(dwPolicy),
|
|
NULL,
|
|
0,
|
|
m_bDisplayUIonDisallow ? PUAF_WARN_IF_DENIED : PUAF_NOUI,
|
|
0);
|
|
if (FAILED(hr)) {
|
|
dwPolicy = URLPOLICY_DISALLOW;
|
|
goto Cleanup;
|
|
}
|
|
|
|
Cleanup:
|
|
|
|
return hr;
|
|
}
|
|
|
|
|
|
HRESULT COlePrnSecurity::SetSecurityManager(void)
|
|
/*++
|
|
|
|
Routine Description:
|
|
Sets up the security manager
|
|
|
|
Return Value:
|
|
E_FAIL - Failed to instantiate
|
|
E_NOINTERFACE - There was no security Manager
|
|
S_OK - We instantiated the security manager
|
|
|
|
--*/
|
|
{
|
|
HRESULT hr = E_NOINTERFACE;
|
|
IServiceProvider *iServiceProvider = NULL;
|
|
|
|
if (NULL != m_iSecurity) {
|
|
hr = S_OK;
|
|
goto Cleanup;
|
|
}
|
|
|
|
if (NULL == m_iSite)
|
|
goto Cleanup;
|
|
|
|
if ( FAILED(hr = m_iSite->QueryInterface(IID_IServiceProvider,
|
|
(LPVOID *)&iServiceProvider) ) )
|
|
goto Cleanup;
|
|
|
|
// From the Service Provider, we can get the security Manager if there is one
|
|
hr = iServiceProvider->QueryService(SID_SInternetHostSecurityManager,
|
|
IID_IInternetHostSecurityManager,
|
|
(LPVOID *)&m_iSecurity);
|
|
|
|
// Either of these are equivalent to allowing the policy to go through
|
|
// We have a Security Manager
|
|
Cleanup:
|
|
|
|
if (iServiceProvider)
|
|
iServiceProvider->Release();
|
|
|
|
return hr;
|
|
}
|
|
|
|
|
|
LPTSTR COlePrnSecurity::LoadResString(UINT uResId)
|
|
/*++
|
|
|
|
Routine Description:
|
|
Allocate and return a resource string.
|
|
|
|
Parameters:
|
|
uResId - Resource Id to load
|
|
|
|
Return Value:
|
|
The String or NULL
|
|
|
|
--*/
|
|
{
|
|
TCHAR szStr[dwMaxResBuf];
|
|
DWORD dwLength;
|
|
LPTSTR lpszRet = NULL;
|
|
|
|
|
|
dwLength = LoadString(_Module.GetResourceInstance(), uResId, szStr, dwMaxResBuf);
|
|
|
|
if (dwLength == 0)
|
|
goto Cleanup;
|
|
|
|
dwLength = (dwLength + 1)*sizeof(TCHAR);
|
|
|
|
lpszRet = (LPTSTR)LocalAlloc( LPTR, dwLength );
|
|
|
|
if (NULL == lpszRet)
|
|
goto Cleanup;
|
|
|
|
//
|
|
// Use byte-size there.
|
|
//
|
|
StringCbCopy( lpszRet, dwLength, szStr );
|
|
|
|
Cleanup:
|
|
return lpszRet;
|
|
}
|
|
|
|
BOOL COlePrnSecurity::InitStrings(void)
|
|
/*++
|
|
|
|
Routine Description:
|
|
Initialise all of the security strings. It either allocates all of them or none
|
|
|
|
Return Value:
|
|
TRUE if successful, False otherwise
|
|
|
|
--*/
|
|
{
|
|
BOOL bRet = TRUE;
|
|
|
|
for(DWORD dwIndex = StartMessages; dwIndex < (EndMessages*2); dwIndex++) {
|
|
m_MsgStrings[dwIndex] = LoadResString(START_SECURITY_DIALOGUE_RES + dwIndex);
|
|
if (NULL == m_MsgStrings[dwIndex]) {
|
|
DeallocStrings(); // Deallocate any we have allocated
|
|
bRet = FALSE;
|
|
break;
|
|
}
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
void COlePrnSecurity::DeallocStrings(void)
|
|
/*++
|
|
|
|
Routine Description:
|
|
Deallocate all of the security strings
|
|
|
|
--*/
|
|
{
|
|
for(DWORD dwIndex = StartMessages; dwIndex < (EndMessages*2); dwIndex++) {
|
|
if (NULL != m_MsgStrings[dwIndex]) {
|
|
LocalFree( m_MsgStrings[dwIndex]);
|
|
m_MsgStrings[dwIndex] = NULL;
|
|
}
|
|
}
|
|
}
|
|
|
|
HRESULT COlePrnSecurity::PromptUser(SecurityMessage eMessage,
|
|
LPTSTR lpszOther)
|
|
/*++
|
|
|
|
Routine Description:
|
|
Prompt the user with a [Yes]/[No] Message Box based on the message passed in and
|
|
the other string passed in (which is substituted in with sprintf()
|
|
|
|
Parameters:
|
|
eMessage - The Message to display
|
|
lpszOther - Other Data to display
|
|
|
|
Return Value:
|
|
E_POINTER - lpszOther was NULL
|
|
E_OUTOFMEMORY - Could not allocate temporary storage
|
|
E_UNEXPECTED - sprintf wrote more character than we thought
|
|
S_OK - The Dialogue Box was displayed and the user selected [Yes]
|
|
S_FALSE - The Dialogue Box was displayed and the user selected [No]
|
|
|
|
--*/
|
|
{
|
|
HRESULT hr = E_POINTER;
|
|
DWORD dwIndex = ((DWORD)eMessage)*2;
|
|
LPTSTR lpszMessage = NULL;
|
|
DWORD dwLength;
|
|
int iMBRes;
|
|
|
|
|
|
if (NULL == lpszOther)
|
|
goto Cleanup;
|
|
|
|
_ASSERTE( dwIndex < EndMessages ); // Must be a valid message
|
|
_ASSERTE( m_MsgStrings[dwIndex ] != NULL ); // The table must have been initialised
|
|
_ASSERTE( m_MsgStrings[dwIndex + 1] != NULL );
|
|
|
|
// Required Length of the message string
|
|
dwLength = lstrlen( m_MsgStrings[dwIndex+1] ) + lstrlen( lpszOther ) + 1;
|
|
|
|
lpszMessage = (LPTSTR)LocalAlloc( LPTR , dwLength * sizeof(TCHAR) );
|
|
|
|
if (NULL == lpszMessage)
|
|
goto Cleanup;
|
|
|
|
if ( FAILED( StringCchPrintf( lpszMessage, dwLength, m_MsgStrings[dwIndex+1], lpszOther ))) {
|
|
hr = E_UNEXPECTED;
|
|
goto Cleanup;
|
|
}
|
|
|
|
// Now display the MessageBox
|
|
|
|
iMBRes = MessageBox( NULL,
|
|
lpszMessage,
|
|
m_MsgStrings[dwIndex],
|
|
MB_YESNO | MB_ICONQUESTION | MB_DEFBUTTON2 );
|
|
|
|
switch(iMBRes) {
|
|
case IDYES: hr = S_OK; break;
|
|
case IDNO: hr = S_FALSE; break;
|
|
default: hr = E_UNEXPECTED; break;
|
|
}
|
|
|
|
Cleanup:
|
|
if (NULL != lpszMessage)
|
|
LocalFree( lpszMessage );
|
|
|
|
return hr;
|
|
}
|
|
|
|
/***********************************************************************************
|
|
** End of File (prnsec.cpp)
|
|
**********************************************************************************/
|