Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2752 lines
99 KiB

//*********************************************************************
//* Microsoft Windows **
//* Copyright(c) Microsoft Corp., 1995 **
//*********************************************************************
//
// SECURITY.cpp - "Security" Property Sheet
//
// HISTORY:
//
// 6/22/96 t-gpease moved to this file
// 5/14/97 t-ashlm new dialog
#include "inetcplp.h"
#include "inetcpl.h" // for LSDFLAGS
#include "intshcut.h"
#include "permdlg.h" // java permissions
#include "pdlgguid.h" // guids for Java VM permissions dlg
#include "advpub.h"
#include <cryptui.h>
#include <mluisupp.h>
void LaunchSecurityDialogEx(HWND hDlg, DWORD dwZone, BOOL bForceUI, BOOL bDisableAddSites);
//
// Private Functions and Structures
//
INT_PTR CALLBACK SecurityAddSitesDlgProc(HWND hDlg, UINT uMsg, WPARAM wParam,LPARAM lParam);
INT_PTR CALLBACK SecurityCustomSettingsDlgProc(HWND hDlg, UINT uMsg, WPARAM wParam,LPARAM lParam);
INT_PTR CALLBACK SecurityAddSitesIntranetDlgProc(HWND hDlg, UINT uMsg, WPARAM wParam,LPARAM lParam);
void SecurityChanged();
TCHAR *MyIntToStr(TCHAR *pBuf, BYTE iVal);
BOOL SecurityDlgInit(HWND hDlg);
#define WIDETEXT(x) L ## x
#define REGSTR_PATH_SO TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SO")
#define REGSTR_PATH_SOIEAK TEXT("Sofwtare\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SOIEAK")
///////////////////////////////////////////////////////////////////////////////////////
//
// Structures
//
///////////////////////////////////////////////////////////////////////////////////////
typedef struct tagSECURITYZONESETTINGS
{
BOOL dwFlags; // from the ZONEATTRIBUTES struct
DWORD dwZoneIndex; // as defined by ZoneManager
DWORD dwSecLevel; // current level (High, Medium, Low, Custom)
DWORD dwPrevSecLevel;
DWORD dwMinSecLevel; // current min level (High, Medium, Low, Custom)
DWORD dwRecSecLevel; // current recommended level (High, Medium, Low, Custom)
TCHAR szDescription[MAX_ZONE_DESCRIPTION];
TCHAR szDisplayName[MAX_ZONE_PATH];
HICON hicon;
} SECURITYZONESETTINGS, *LPSECURITYZONESETTINGS;
// structure for main security page
typedef struct tagSECURITYPAGE
{
HWND hDlg; // handle to window
LPURLZONEMANAGER pInternetZoneManager; // pointer to InternetZoneManager
IInternetSecurityManager *pInternetSecurityManager; // pointer to InternetSecurityManager
HIMAGELIST himl; // imagelist for Zones combobox
HWND hwndZones; // zones combo box hwnd
LPSECURITYZONESETTINGS pszs; // current settings for displayed zone
INT iZoneSel; // selected zone (as defined by ComboBox)
DWORD dwZoneCount; // number of zones
BOOL fChanged;
BOOL fPendingChange; // to prevent the controls sending multiple sets (for cancel, mostly)
HINSTANCE hinstUrlmon;
BOOL fNoEdit; // hklm lockout of level edit
BOOL fNoAddSites; // hklm lockout of addsites
BOOL fNoZoneMapEdit; // hklm lockout of zone map edits
HFONT hfontBolded; // special bolded font created for the zone title
BOOL fForceUI; // Force every zone to show ui?
BOOL fDisableAddSites; // Automatically diable add sites button?
TCHAR szPageUrl[INTERNET_MAX_URL_LENGTH];
} SECURITYPAGE, *LPSECURITYPAGE;
// structure for Intranet Add Sites
typedef struct tagADDSITESINTRANETINFO {
HWND hDlg; // handle to window
BOOL fUseIntranet; // Use local defined intranet addresses (in reg)
BOOL fUseProxyExclusion; // Use proxy exclusion list
BOOL fUseUNC; // Include UNC in intranet
LPSECURITYPAGE pSec;
} ADDSITESINTRANETINFO, *LPADDSITESINTRANETINFO;
// structure for Add Sites
typedef struct tagADDSITESINFO {
HWND hDlg; // handle to window
BOOL fRequireServerVerification; // Require Server Verification on sites in zone
HWND hwndWebSites; // handle to list
HWND hwndAdd; // handle to edit
TCHAR szWebSite[MAX_ZONE_PATH]; // text in edit control
BOOL fRSVOld;
LPSECURITYPAGE pSec;
} ADDSITESINFO, *LPADDSITESINFO;
// structure for Custom Settings
typedef struct tagCUSTOMSETTINGSINFO {
HWND hDlg; // handle to window
HWND hwndTree;
LPSECURITYPAGE pSec;
HWND hwndCombo;
INT iLevelSel;
IRegTreeOptions *pTO;
BOOL fUseHKLM; // get/set settings from HKLM
DWORD dwJavaPolicy; // Java policy selected
BOOL fChanged;
} CUSTOMSETTINGSINFO, *LPCUSTOMSETTINGSINFO;
BOOL SecurityEnableControls(LPSECURITYPAGE pSec, BOOL fSetFocus);
BOOL SecurityDlgApplyNow(LPSECURITYPAGE pSec, BOOL bPrompt);
void SiteAlreadyInZoneMessage(HWND hwnd, DWORD dwZone);
// global variables
extern DWORD g_dwtlsSecInitFlags;
extern BOOL g_fSecurityChanged; // flag indicating that Active Security has changed.
//////////////////////////////////////////////////////////////////////////////
//
// Main Security Page Helper Functions
//
//////////////////////////////////////////////////////////////////////////////
#define NUM_TEMPLATE_LEVELS 4
TCHAR g_szLevel[3][64];
TCHAR LEVEL_DESCRIPTION0[300];
TCHAR LEVEL_DESCRIPTION1[300];
TCHAR LEVEL_DESCRIPTION2[300];
TCHAR LEVEL_DESCRIPTION3[300];
LPTSTR LEVEL_DESCRIPTION[NUM_TEMPLATE_LEVELS] = {
LEVEL_DESCRIPTION0,
LEVEL_DESCRIPTION1,
LEVEL_DESCRIPTION2,
LEVEL_DESCRIPTION3
};
TCHAR CUSTOM_DESCRIPTION[300];
TCHAR LEVEL_NAME0[30];
TCHAR LEVEL_NAME1[30];
TCHAR LEVEL_NAME2[30];
TCHAR LEVEL_NAME3[30];
LPTSTR LEVEL_NAME[NUM_TEMPLATE_LEVELS] = {
LEVEL_NAME0,
LEVEL_NAME1,
LEVEL_NAME2,
LEVEL_NAME3
};
TCHAR CUSTOM_NAME[30];
// Some accessibility related prototypes.
// Our override of the slider window proc.
LRESULT CALLBACK SliderSubWndProc (HWND hwndSlider, UINT uMsg, WPARAM wParam, LPARAM lParam, WPARAM uID, ULONG_PTR dwRefData );
extern BOOL g_fAttemptedOleAccLoad ;
extern HMODULE g_hOleAcc;
// Can't find value for WM_GETOBJECT in the headers. Need to figure out the right header to include
// here.
#ifndef WM_GETOBJECT
#define WM_GETOBJECT 0x03d
#endif
// Prototype for CreateStdAccessibleProxy.
// A and W versions are available - pClassName can be ANSI or UNICODE
// string. This is a TCHAR-style prototype, but you can do a A or W
// specific one if desired.
typedef HRESULT (WINAPI *PFNCREATESTDACCESSIBLEPROXY) (
HWND hWnd,
LPTSTR pClassName,
LONG idObject,
REFIID riid,
void ** ppvObject
);
/*
* Arguments:
*
* HWND hWnd
* Handle of window to return IAccessible for.
*
* LPTSTR pClassName
* Class name indicating underlying class of the window. For
* example, if "LISTBOX" is used here, the returned object will
* behave appropriately for a listbox, and will expect the given
* hWnd to support listbox messages and styles. This argument
* nearly always reflects the window class from which the control
* is derived.
*
* LONG idObject
* Always OBJID_CLIENT
*
* REFIID riid
* Always IID_IAccessible
*
* void ** ppvObject
* Out pointer used to return an IAccessible to a newly-created
* object which represents the control hWnd as though it were of
* window class pClassName.
*
* If successful,
* returns S_OK, *ppvObject != NULL;
* otherwise returns error HRESULT.
*
*
*/
// Same for LresultFromObject...
typedef LRESULT (WINAPI *PFNLRESULTFROMOBJECT)(
REFIID riid,
WPARAM wParam,
LPUNKNOWN punk
);
PRIVATE PFNCREATESTDACCESSIBLEPROXY s_pfnCreateStdAccessibleProxy = NULL;
PRIVATE PFNLRESULTFROMOBJECT s_pfnLresultFromObject = NULL;
// Simple accessibility wrapper class which returns the right string values
class CSecurityAccessibleWrapper: public CAccessibleWrapper
{
// Want to remember the hwnd of the trackbar...
HWND m_hWnd;
public:
CSecurityAccessibleWrapper( HWND hWnd, IAccessible * pAcc );
~CSecurityAccessibleWrapper();
STDMETHODIMP get_accValue(VARIANT varChild, BSTR* pszValue);
};
// Ctor - pass through the IAccessible we're wrapping to the
// CAccessibleWrapper base class; also remember the trackbar hwnd.
CSecurityAccessibleWrapper::CSecurityAccessibleWrapper( HWND hWnd, IAccessible * pAcc )
: CAccessibleWrapper( pAcc ),
m_hWnd( hWnd )
{
// Do nothing
}
// Nothing to do here - but if we do need to do cleanup, this is the
// place for it.
CSecurityAccessibleWrapper::~CSecurityAccessibleWrapper()
{
// Do nothing
}
// Overridden get_accValue method...
STDMETHODIMP CSecurityAccessibleWrapper::get_accValue(VARIANT varChild, BSTR* pszValue)
{
// varChild.lVal specifies which sub-part of the component
// is being queried.
// CHILDID_SELF (0) specifies the overall component - other
// non-0 values specify a child.
// In a trackbar, CHILDID_SELF refers to the overall trackbar
// (which is what we want), whereas other values refer to the
// sub-components - the actual slider 'thumb', and the 'page
// up/page down' areas to the left/right of it.
if( varChild.vt == VT_I4 && varChild.lVal == CHILDID_SELF )
{
// Get the scrollbar value...
int iPos = (int)SendMessage( m_hWnd, TBM_GETPOS , 0, 0 );
// Check that it's in range...
// (It's possible that we may get this request after the
// trackbar has been created, bu before we've set it to
// a meaningful value.)
if( iPos < 0 || iPos >= NUM_TEMPLATE_LEVELS )
{
TCHAR rgchUndefined[40];
int cch = MLLoadString(IDS_TEMPLATE_NAME_UNDEFINED, rgchUndefined, ARRAYSIZE(rgchUndefined));
if (cch != 0)
{
*pszValue = SysAllocString(rgchUndefined);
}
else
{
// Load String failed, for some reason.
return HRESULT_FROM_WIN32(GetLastError());
}
}
else
{
*pszValue = SysAllocString( LEVEL_NAME[iPos]);
}
// All done!
return S_OK;
}
else
{
// Pass requests about the sub-components to the
// base class (which will forward to the 'original'
// IAccessible for us).
return CAccessibleWrapper::get_accValue(varChild, pszValue);
}
}
// Converting the Security Level DWORD identitifiers to slider levels, and vice versa
int SecLevelToSliderPos(DWORD dwLevel)
{
switch(dwLevel)
{
case URLTEMPLATE_LOW:
return 3;
case URLTEMPLATE_MEDLOW:
return 2;
case URLTEMPLATE_MEDIUM:
return 1;
case URLTEMPLATE_HIGH:
return 0;
case URLTEMPLATE_CUSTOM:
return -1;
default:
return -2;
}
}
DWORD SliderPosToSecLevel(int iPos)
{
switch(iPos)
{
case 3:
return URLTEMPLATE_LOW;
case 2:
return URLTEMPLATE_MEDLOW;
case 1:
return URLTEMPLATE_MEDIUM;
case 0:
return URLTEMPLATE_HIGH;
default:
return URLTEMPLATE_CUSTOM;
}
}
int ZoneIndexToGuiIndex(DWORD dwZoneIndex)
// Product testing asked for the zones in a specific order in the list box;
// This function returns the desired gui position for a given zone
// Unrecognized zones are added to the front
{
int iGuiIndex = -1;
switch(dwZoneIndex)
{
// Intranet: 2nd spot
case 1:
iGuiIndex = 1;
break;
// Internet: 1st spot
case 3:
iGuiIndex = 0;
break;
// Trusted Sites: 3rd Spot
case 2:
iGuiIndex = 2;
break;
// Restricted Sites: 4th Spot
case 4:
iGuiIndex = 3;
break;
// unknown zone
default:
iGuiIndex = -1;
break;
}
return iGuiIndex;
}
// Initialize the global variables (to be destroyed at WM_DESTROY)
// pSec, Urlmon, pSec->pInternetZoneManager, pSec->hIml
// and set up the proper relationships among them
BOOL SecurityInitGlobals(LPSECURITYPAGE * ppSec, HWND hDlg, SECURITYINITFLAGS * psif)
{
DWORD cxIcon;
DWORD cyIcon;
LPSECURITYPAGE pSec = NULL;
*ppSec = (LPSECURITYPAGE)LocalAlloc(LPTR, sizeof(SECURITYPAGE));
pSec = *ppSec;
if (!pSec)
{
return FALSE; // no memory?
}
// make sure Urlmon stays around until we're done with it.
pSec->hinstUrlmon = LoadLibrary(TEXT("URLMON.DLL"));
if(pSec->hinstUrlmon == NULL)
{
return FALSE; // no urlmon?
}
// Get the zone manager
if (FAILED(CoInternetCreateZoneManager(NULL, &(pSec->pInternetZoneManager),0)))
{
return FALSE; // no zone manager?
}
// get our zones hwnd
if (hDlg)
{
pSec->hwndZones = GetDlgItem(hDlg, IDC_LIST_ZONE);
if(! pSec->hwndZones)
{
ASSERT(FALSE);
return FALSE; // no list box?
}
}
// Get the internet secrity manager (for telling if a zone is empty,
// and deciphering the current URL
if(FAILED(CoInternetCreateSecurityManager(NULL, &(pSec->pInternetSecurityManager), 0)))
pSec->pInternetSecurityManager = NULL;
// Store the URL for use by the Add Sites sub-dialog
StrCpyN(pSec->szPageUrl, g_szCurrentURL, ARRAYSIZE(pSec->szPageUrl));
// tell dialog where to get info
if (hDlg)
{
SetWindowLongPtr(hDlg, DWLP_USER, (LONG_PTR)pSec);
}
// save the handle to the page
pSec->hDlg = hDlg;
pSec->fPendingChange = FALSE;
// set dialog options: force ui and disable add sites
if(psif)
{
pSec->fForceUI = psif->fForceUI;
pSec->fDisableAddSites = psif->fDisableAddSites;
}
// create an imagelist for the ListBox
cxIcon = GetSystemMetrics(SM_CXICON);
cyIcon = GetSystemMetrics(SM_CYICON);
#ifndef UNIX
UINT flags = ILC_COLOR32|ILC_MASK;
if(IS_WINDOW_RTL_MIRRORED(hDlg))
{
flags |= ILC_MIRROR;
}
pSec->himl = ImageList_Create(cxIcon, cyIcon, flags, pSec->dwZoneCount, 0);
#else
pSec->himl = ImageList_Create(cxIcon, cyIcon, ILC_COLOR|ILC_MASK, pSec->dwZoneCount, 0);
#endif
if(! pSec->himl)
{
return FALSE; // Image list not created
}
if (hDlg)
{
SendMessage(pSec->hwndZones, LVM_SETIMAGELIST, (WPARAM)LVSIL_NORMAL, (LPARAM)pSec->himl);
}
return TRUE;
}
void FreePszs(SECURITYZONESETTINGS* pszs)
{
if (pszs->hicon)
DestroyIcon(pszs->hicon);
LocalFree((HLOCAL)pszs);
}
void SecurityFreeGlobals(SECURITYPAGE* pSec)
{
if(pSec->hwndZones)
{
for (int iIndex = (int)SendMessage(pSec->hwndZones, LVM_GETITEMCOUNT, 0, 0) - 1;
iIndex >= 0; iIndex--)
{
LV_ITEM lvItem;
// get security zone settings object for this item and release it
lvItem.mask = LVIF_PARAM;
lvItem.iItem = iIndex;
lvItem.iSubItem = 0;
if (SendMessage(pSec->hwndZones, LVM_GETITEM, (WPARAM)0, (LPARAM)&lvItem) == TRUE)
{
LPSECURITYZONESETTINGS pszs = (LPSECURITYZONESETTINGS)lvItem.lParam;
if (pszs)
{
FreePszs(pszs);
pszs = NULL;
}
}
}
}
if(pSec->pInternetZoneManager)
pSec->pInternetZoneManager->Release();
if(pSec->pInternetSecurityManager)
pSec->pInternetSecurityManager->Release();
if(pSec->himl)
ImageList_Destroy(pSec->himl);
if(pSec->hfontBolded)
DeleteObject(pSec->hfontBolded);
// ok, we're done with URLMON
if(pSec->hinstUrlmon)
FreeLibrary(pSec->hinstUrlmon);
LocalFree(pSec);
}
// Set up the variables in pSec about whether the zone settings can be editted
void SecuritySetEdit(LPSECURITYPAGE pSec)
{
// if these calls fail then we'll use the default of zero which means no lockout
DWORD cb;
cb = SIZEOF(pSec->fNoEdit);
SHGetValue(HKEY_LOCAL_MACHINE, REGSTR_PATH_SECURITY_LOCKOUT, REGSTR_VAL_OPTIONS_EDIT,
NULL, &(pSec->fNoEdit), &cb);
// also allow g_restrict to restrict changing settings
pSec->fNoEdit += g_restrict.fSecChangeSettings;
SHGetValue(HKEY_LOCAL_MACHINE, REGSTR_PATH_SECURITY_LOCKOUT, REGSTR_VAL_OPTIONS_EDIT,
NULL, &(pSec->fNoAddSites), &cb);
cb = SIZEOF(pSec->fNoZoneMapEdit);
SHGetValue(HKEY_LOCAL_MACHINE, REGSTR_PATH_SECURITY_LOCKOUT, REGSTR_VAL_ZONES_MAP_EDIT,
NULL, &(pSec->fNoZoneMapEdit), &cb);
// also allow the g_restrict to restrict edit
pSec->fNoAddSites += g_restrict.fSecAddSites;
}
// Fill a zone with information from the zone manager and add it to the
// ordered list going to the listbox
// REturn values:
// S_OK indicates success
// S_FALSE indicates a good state, but the zone was not added (example: flag ZAFLAGS_NO_UI)
// E_OUTOFMEMORY
// E_FAIL - other failure
HRESULT SecurityInitZone(DWORD dwIndex, LPSECURITYPAGE pSec, DWORD dwZoneEnumerator,
LV_ITEM * plviZones, BOOL * pfSpotTaken)
{
DWORD dwZone;
ZONEATTRIBUTES za = {0};
HICON hiconSmall = NULL;
HICON hiconLarge = NULL;
LPSECURITYZONESETTINGS pszs;
WORD iIcon=0;
LPWSTR psz;
TCHAR szIconPath[MAX_PATH];
int iSpot;
LV_ITEM * plvItem;
HRESULT hr = 0;
// get the zone attributes for this zone
za.cbSize = sizeof(ZONEATTRIBUTES);
pSec->pInternetZoneManager->GetZoneAt(dwZoneEnumerator, dwIndex, &dwZone);
hr = pSec->pInternetZoneManager->GetZoneAttributes(dwZone, &za);
if(FAILED(hr))
{
return S_FALSE;
}
// if no ui, then ignore
if ((za.dwFlags & ZAFLAGS_NO_UI) && !pSec->fForceUI)
{
return S_FALSE;
}
// create a structure for zone settings
pszs = (LPSECURITYZONESETTINGS)LocalAlloc(LPTR, sizeof(*pszs));
if (!pszs)
{
return E_OUTOFMEMORY;
}
// store settings for later use
pszs->dwFlags = za.dwFlags;
pszs->dwZoneIndex = dwZone;
pszs->dwSecLevel = za.dwTemplateCurrentLevel;
pszs->dwMinSecLevel = za.dwTemplateMinLevel;
pszs->dwRecSecLevel = za.dwTemplateRecommended;
StrCpyN(pszs->szDescription, za.szDescription, ARRAYSIZE(pszs->szDescription));
StrCpyN(pszs->szDisplayName, za.szDisplayName, ARRAYSIZE(pszs->szDisplayName));
// load the icon
psz = za.szIconPath;
if (*psz)
{
// search for the '#'
while ((psz[0] != WIDETEXT('#')) && (psz[0] != WIDETEXT('\0')))
psz++;
// if we found it, then we have the foo.dll#00001200 format
if (psz[0] == WIDETEXT('#'))
{
psz[0] = WIDETEXT('\0');
StrCpyN(szIconPath, za.szIconPath, ARRAYSIZE(szIconPath));
iIcon = (WORD)StrToIntW(psz+1);
CHAR szPath[MAX_PATH];
SHUnicodeToAnsi(szIconPath, szPath, ARRAYSIZE(szPath));
ExtractIconExA(szPath,(UINT)(-1*iIcon), &hiconLarge, &hiconSmall, 1);
}
else
{
hiconLarge = (HICON)ExtractAssociatedIcon(ghInstance, szIconPath, (LPWORD)&iIcon);
}
}
// no icons?! well, just use the generic icon
if (!hiconSmall && !hiconLarge)
{
hiconLarge = LoadIcon(ghInstance, MAKEINTRESOURCE(IDI_ZONE));
if(! hiconLarge)
{
LocalFree((HLOCAL)pszs);
return S_FALSE; // no icon found for this zone, not even the generic one
}
}
// we want to save the Large icon if possible for use in the subdialogs
pszs->hicon = hiconLarge ? hiconLarge : hiconSmall;
if (plviZones && pfSpotTaken)
{
// Find the proper index for the zone in the listbox (there is a user-preferred order)
iSpot = ZoneIndexToGuiIndex(dwIndex);
if(iSpot == -1)
{
// if not a recognized zone, add it to the end of the list
iSpot = pSec->dwZoneCount - 1;
}
// Make sure there are no collisisons
while(iSpot >= 0 && pfSpotTaken[iSpot] == TRUE)
{
iSpot--;
}
// Don't go past beginning of array
if(iSpot < 0)
{
// It can be proven that it is impossible to get here, unless there is
// something wrong with the function ZoneIndexToGuiIndex
ASSERT(FALSE);
LocalFree((HLOCAL)pszs);
if(hiconSmall)
DestroyIcon(hiconSmall);
if(hiconLarge)
DestroyIcon(hiconLarge);
return E_FAIL;
}
plvItem = &(plviZones[iSpot]);
pfSpotTaken[iSpot] = TRUE;
// init the List Box item and save it for later addition
plvItem->mask = LVIF_TEXT | LVIF_IMAGE | LVIF_PARAM;
plvItem->iItem = iSpot;
plvItem->iSubItem = 0;
// large icons prefered for the icon view (if switch back to report view, prefer small icons)
plvItem->iImage = ImageList_AddIcon(pSec->himl, hiconLarge ? hiconLarge : hiconSmall);
plvItem->pszText = new TCHAR[MAX_PATH];
if(! plvItem->pszText)
{
LocalFree((HLOCAL)pszs);
if(hiconSmall)
DestroyIcon(hiconSmall);
if(hiconLarge)
DestroyIcon(hiconLarge);
return E_OUTOFMEMORY;
}
MLLoadString( IDS_ZONENAME_LOCAL + dwIndex, plvItem->pszText, MAX_PATH);
plvItem->lParam = (LPARAM)pszs; // save the zone settings here
}
else
{
pSec->pszs = pszs;
}
// if we created a small icon, destroy it, since the system does not save the handle
// when it is added to the imagelist (see ImageList_AddIcon in VC help)
// Keep it around if we had to use it in place of the large icon
if (hiconSmall && hiconLarge)
DestroyIcon(hiconSmall);
return S_OK;
}
// Find the current zone from, in order of preference,
// Current URL
// Parameter passed in through dwZone
// Default of internet
void SecurityFindCurrentZone(LPSECURITYPAGE pSec, SECURITYINITFLAGS * psif)
{
INT_PTR iItem;
DWORD dwZone=0;
HRESULT hr = E_FAIL;
// Check for zone selection in psif
if(psif)
{
dwZone = psif->dwZone;
hr = S_OK;
}
// check for current url, and if found, make it's zone the current (overwriting any request from
// psif)
if (g_szCurrentURL[0] && (pSec->pInternetSecurityManager != NULL))
{
LPWSTR pwsz;
#ifndef UNICODE
WCHAR wszCurrentURL[MAX_URL_STRING];
MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, g_szCurrentURL, -1, wszCurrentURL, ARRAYSIZE(wszCurrentURL));
pwsz = wszCurrentURL;
#else
pwsz = g_szCurrentURL;
#endif
hr = pSec->pInternetSecurityManager->MapUrlToZone(pwsz, (LPDWORD)&dwZone, 0);
}
// If there is an active zone, then dwZone now holds the zone's identifier
// if there is no active zone, check to see if there was a zone requested in dwZone
iItem = -1;
if (SUCCEEDED(hr)) // then we have a zone to display
{
ZONEATTRIBUTES za = {0};
LPTSTR pszText;
LV_FINDINFO lvfiName;
za.cbSize = (ULONG) sizeof(ZONEATTRIBUTES);
if(pSec->pInternetZoneManager->GetZoneAttributes(dwZone, &za) != E_FAIL)
{
#ifdef UNICODE
pszText = za.szDisplayName;
#else
CHAR szDisplayName[MAX_ZONE_PATH];
WideCharToMultiByte(CP_ACP, 0, za.szDisplayName, -1, szDisplayName, ARRAYSIZE(szDisplayName), NULL, NULL);
pszText = szDisplayName;
#endif // UNICODE
// Create a find info structure to find the index of the Zone
lvfiName.flags = LVFI_STRING;
lvfiName.psz = pszText;
iItem = SendMessage(pSec->hwndZones, LVM_FINDITEM, (WPARAM)-1, (LPARAM)&lvfiName);
}
}
if (iItem < 0)
{
iItem = 0;
// 0 is the the index (in the listbox) of the "Internet" zone, which we want to come up by default
}
// Sundown: typecast OK since zone values restricted
pSec->iZoneSel = (int) iItem;
}
// To make the slider control accessbile we have to subclass it and over-ride
// the accessiblity object
void SecurityInitSlider(LPSECURITYPAGE pSec)
{
HWND hwndSlider = GetDlgItem(pSec->hDlg, IDC_SLIDER);
ASSERT(hwndSlider != NULL);
// Sub-class the control
BOOL fSucceeded = SetWindowSubclass(hwndSlider, SliderSubWndProc, 0, NULL);
// Shouldn't fail normally. If we fail we will just fall through and use the
// base slider control.
ASSERT(fSucceeded);
// Initialize the slider control (set number of levels, and frequency one tick per level)
SendDlgItemMessage(pSec->hDlg, IDC_SLIDER, TBM_SETRANGE, (WPARAM) (BOOL) FALSE, (LPARAM) MAKELONG(0, NUM_TEMPLATE_LEVELS - 1));
SendDlgItemMessage(pSec->hDlg, IDC_SLIDER, TBM_SETTICFREQ, (WPARAM) 1, (LPARAM) 0);
}
void SecurityInitControls(LPSECURITYPAGE pSec)
{
LV_COLUMN lvCasey;
LV_ITEM lvItem;
// select the item in the listbox
lvItem.mask = LVIF_STATE;
lvItem.stateMask = LVIS_SELECTED;
lvItem.state = LVIS_SELECTED;
SendMessage(pSec->hwndZones, LVM_SETITEMSTATE, (WPARAM)pSec->iZoneSel, (LPARAM)&lvItem);
// get the zone settings for the selected item
lvItem.mask = LVIF_PARAM;
lvItem.iItem = pSec->iZoneSel;
lvItem.iSubItem = 0;
SendMessage(pSec->hwndZones, LVM_GETITEM, (WPARAM)0, (LPARAM)&lvItem);
pSec->pszs = (LPSECURITYZONESETTINGS)lvItem.lParam;
// Initialize the local strings to carry the Level Descriptions
MLLoadString(IDS_TEMPLATE_DESC_HI, LEVEL_DESCRIPTION0, ARRAYSIZE(LEVEL_DESCRIPTION0));
MLLoadString(IDS_TEMPLATE_DESC_MED, LEVEL_DESCRIPTION1, ARRAYSIZE(LEVEL_DESCRIPTION1));
MLLoadString(IDS_TEMPLATE_DESC_MEDLOW, LEVEL_DESCRIPTION2, ARRAYSIZE(LEVEL_DESCRIPTION2));
MLLoadString(IDS_TEMPLATE_DESC_LOW, LEVEL_DESCRIPTION3, ARRAYSIZE(LEVEL_DESCRIPTION3));
MLLoadString(IDS_TEMPLATE_DESC_CUSTOM, CUSTOM_DESCRIPTION, ARRAYSIZE(CUSTOM_DESCRIPTION));
MLLoadString(IDS_TEMPLATE_NAME_HI, LEVEL_NAME0, ARRAYSIZE(LEVEL_NAME0));
MLLoadString(IDS_TEMPLATE_NAME_MED, LEVEL_NAME1, ARRAYSIZE(LEVEL_NAME1));
MLLoadString(IDS_TEMPLATE_NAME_MEDLOW, LEVEL_NAME2, ARRAYSIZE(LEVEL_NAME2));
MLLoadString(IDS_TEMPLATE_NAME_LOW, LEVEL_NAME3, ARRAYSIZE(LEVEL_NAME3));
MLLoadString(IDS_TEMPLATE_NAME_CUSTOM, CUSTOM_NAME, ARRAYSIZE(CUSTOM_NAME));
// Initialize text boxes and icons for the current zone
WCHAR wszBuffer[ MAX_PATH*2];
MLLoadString( IDS_ZONEDESC_LOCAL + pSec->pszs->dwZoneIndex, wszBuffer, ARRAYSIZE(wszBuffer));
SetDlgItemText(pSec->hDlg, IDC_ZONE_DESCRIPTION, wszBuffer);
MLLoadString( IDS_ZONENAME_LOCAL + pSec->pszs->dwZoneIndex, wszBuffer, ARRAYSIZE(wszBuffer));
SetDlgItemText(pSec->hDlg, IDC_ZONELABEL, wszBuffer);
SendDlgItemMessage(pSec->hDlg, IDC_ZONE_ICON, STM_SETIMAGE, (WPARAM)IMAGE_ICON, (LPARAM)pSec->pszs->hicon);
// Initialize the slider control
SecurityInitSlider(pSec);
// Initialize the list view (add column 0 for icon and text, and autosize it)
lvCasey.mask = 0;
SendDlgItemMessage(pSec->hDlg, IDC_LIST_ZONE, LVM_INSERTCOLUMN, (WPARAM) 0, (LPARAM) &lvCasey);
SendDlgItemMessage(pSec->hDlg, IDC_LIST_ZONE, LVM_SETCOLUMNWIDTH, (WPARAM) 0, (LPARAM) MAKELPARAM(LVSCW_AUTOSIZE, 0));
// Set the font of the name to the bold font
pSec->hfontBolded = NULL;
HFONT hfontOrig = (HFONT) SendDlgItemMessage(pSec->hDlg, IDC_STATIC_EMPTY, WM_GETFONT, (WPARAM) 0, (LPARAM) 0);
if(hfontOrig == NULL)
hfontOrig = (HFONT) GetStockObject(SYSTEM_FONT);
// set the zone name and level font to bolded
if(hfontOrig)
{
LOGFONT lfData;
if(GetObject(hfontOrig, SIZEOF(lfData), &lfData) != 0)
{
// The distance from 400 (normal) to 700 (bold)
lfData.lfWeight += 300;
if(lfData.lfWeight > 1000)
lfData.lfWeight = 1000;
pSec->hfontBolded = CreateFontIndirect(&lfData);
if(pSec->hfontBolded)
{
// the zone level and zone name text boxes should have the same font, so this is okat
SendDlgItemMessage(pSec->hDlg, IDC_ZONELABEL, WM_SETFONT, (WPARAM) pSec->hfontBolded, (LPARAM) MAKELPARAM(FALSE, 0));
SendDlgItemMessage(pSec->hDlg, IDC_LEVEL_NAME, WM_SETFONT, (WPARAM) pSec->hfontBolded, (LPARAM) MAKELPARAM(FALSE, 0));
}
}
}
/*
{
// calculate the postions of the static text boxes for the "The current level is:" "<bold>(Level)</bold>" message
TCHAR * pszText = NULL;
LONG lLength = 30;
HDC hdc = NULL;
SIZE size;
RECT rect;
LONG lNameLeftPos = 0;
// Get the text from the "The current level is" box.
lLength = SendDlgItemMessage(pSec->hDlg, IDC_SEC_STATIC_CURRENT_LEVEL, WM_GETTEXTLENGTH,
(WPARAM) 0, (LPARAM) 0);
pszText = new TCHAR[lLength + 1];
if(!pszText)
goto Exit; // E_OUTOFMEMORY
SendDlgItemMessage(pSec->hDlg, IDC_SEC_STATIC_CURRENT_LEVEL, WM_GETTEXT, (WPARAM) lLength,
(LPARAM) pszText);
// get the device context
hdc = GetDC(GetDlgItem(pSec->hDlg, IDC_SEC_STATIC_CURRENT_LEVEL));
if(! hdc)
goto Exit;
// get the length of the text from the device context; assumes the proper font is already in
if(GetTextExtentPoint32(hdc, pszText, lLength, &size) == 0)
goto Exit;
// set the width of the "The current level is" box
GetClientRect(GetDlgItem(pSec->hDlg, IDC_SEC_STATIC_CURRENT_LEVEL), &rect);
rect.right = rect.left + size.cx;
lNameLeftPos = rect.right;
if(MoveWindow(GetDlgItem(pSec->hDlg, IDC_SEC_STATIC_CURRENT_LEVEL), rect.left, rect.top,
rect.right - rect.left, rect.top - rect.bottom, FALSE) == 0)
goto Exit;
// set the x position of the level name box
GetClientRect(GetDlgItem(pSec->hDlg, IDC_LEVEL_NAME), &rect);
rect.left = lNameLeftPos;
if(MoveWindow(GetDlgItem(pSec->hDlg, IDC_LEVEL_NAME), rect.left,
rect.top, rect.right - rect.left, rect.top - rect.bottom, FALSE) == 0)
goto Exit;
Exit:
if(hdc)
ReleaseDC(GetDlgItem(pSec->hDlg, IDC_SEC_STATIC_CURRENT_LEVEL), hdc);
if(pszText)
delete pszText;
}
*/
}
//
// SecurityDlgInit()
//
// Does initalization for Security Dlg.
//
// History:
//
// 6/17/96 t-gpease remove 'gPrefs', cleaned up code
// 6/20/96 t-gpease UI changes
// 5/14/97 t-ashlm UI changes
//
// 7/02/97 t-mattp UI changes (slider, listbox)
//
// hDlg is the handle to the SecurityDialog window
// psif holds initialization parameters. In the case of our entry point
// from shdocvw (ie, double click browser zone icon, view-internetoptions-security, or right click
// on desktop icon), it can be NULL
BOOL SecurityDlgInit(HWND hDlg, SECURITYINITFLAGS * psif)
{
LPSECURITYPAGE pSec = NULL;
UINT iIndex = 0;
HRESULT hr = 0;
DWORD dwZoneEnumerator;
// Initialize globals variables (to be destroyed at WM_DESTROY)
if(SecurityInitGlobals(&pSec, hDlg, psif) == FALSE)
{
EndDialog(hDlg, 0);
return FALSE; // Initialization failed
}
// Get a (local) enumerator for the zones
if (FAILED(pSec->pInternetZoneManager->
CreateZoneEnumerator(&dwZoneEnumerator, &(pSec->dwZoneCount), 0)))
{
EndDialog(hDlg, 0);
return FALSE; // no zone enumerator?
}
// Set up the variables in pSec about whether the zone settings can be editted
SecuritySetEdit(pSec);
// Add the Listbox items for the zones
// The zones have to be added in a particular order
// Array used to order zones for adding
LV_ITEM * plviZones = new LV_ITEM[pSec->dwZoneCount];
BOOL * pfSpotTaken = new BOOL[pSec->dwZoneCount];
// bail out if there were any allocation failures
if ((plviZones == NULL) || (pfSpotTaken == NULL))
{
if (plviZones)
delete [] plviZones;
if (pfSpotTaken)
delete [] pfSpotTaken;
pSec->pInternetZoneManager->DestroyZoneEnumerator(dwZoneEnumerator);
EndDialog(hDlg, 0);
return FALSE;
}
for(iIndex =0; iIndex < pSec->dwZoneCount; iIndex++)
pfSpotTaken[iIndex] = FALSE;
// propogate zone dropdown
for (DWORD dwIndex=0; dwIndex < pSec->dwZoneCount; dwIndex++)
{
if(FAILED(SecurityInitZone(dwIndex, pSec, dwZoneEnumerator, plviZones, pfSpotTaken)))
{
// Delete all memory allocated for any previous zones (which have not yet been added to
// the listbox)
for(iIndex = 0; iIndex < pSec->dwZoneCount; iIndex++)
{
if(pfSpotTaken[iIndex] && (LPSECURITYZONESETTINGS) (plviZones[iIndex].lParam) != NULL)
{
LocalFree((LPSECURITYZONESETTINGS) (plviZones[iIndex].lParam));
plviZones[iIndex].lParam = NULL;
if(plviZones[iIndex].pszText)
delete [] plviZones[iIndex].pszText;
}
}
delete [] plviZones;
delete [] pfSpotTaken;
pSec->pInternetZoneManager->DestroyZoneEnumerator(dwZoneEnumerator);
EndDialog(hDlg, 0);
return FALSE;
}
}
pSec->pInternetZoneManager->DestroyZoneEnumerator(dwZoneEnumerator);
// Add all of the arrayed listitems to the listbox
for(iIndex = 0; iIndex < pSec->dwZoneCount; iIndex++)
{
if(pfSpotTaken[iIndex])
{
SendMessage(pSec->hwndZones, LVM_INSERTITEM, (WPARAM)0, (LPARAM)&(plviZones[iIndex]));
delete [] plviZones[iIndex].pszText;
}
}
delete [] plviZones;
delete [] pfSpotTaken;
SecurityFindCurrentZone(pSec, psif);
SecurityInitControls(pSec);
SecurityEnableControls(pSec, FALSE);
return TRUE;
}
void SecurityChanged()
{
TCHAR szClassName[32];
HWND hwnd = GetTopWindow(GetDesktopWindow());
//
// FEATURE: These should be gotten from some place that is public
// to both MSHTML and INETCPL.
//
while (hwnd) {
GetClassName(hwnd, szClassName, ARRAYSIZE(szClassName));
// notify all "browser" windows that security has changed
if (!StrCmpI(szClassName, TEXT("ExploreWClass")) ||
!StrCmpI(szClassName, TEXT("IEFrame")) ||
!StrCmpI(szClassName, TEXT("CabinetWClass")))
{
// yes... post it a message..
PostMessage(hwnd, CWM_GLOBALSTATECHANGE, CWMF_SECURITY, 0L );
}
hwnd = GetNextWindow(hwnd, GW_HWNDNEXT);
}
}
int SecurityWarning(LPSECURITYPAGE pSec)
{
TCHAR szWarning[64];
TCHAR szBuf[512];
TCHAR szMessage[512];
TCHAR szLevel[64];
// Load "Warning!"
MLLoadShellLangString(IDS_WARNING, szWarning, ARRAYSIZE(szWarning));
// Load "It is not recommended...."
MLLoadShellLangString(IDS_SECURITY_WARNING, szBuf, ARRAYSIZE(szBuf));
// Load level: "High, Medium, Medium Low, Low"
if (pSec->pszs->dwMinSecLevel == URLTEMPLATE_HIGH)
MLLoadShellLangString(IDS_TEMPLATE_NAME_HI, szLevel, ARRAYSIZE(szLevel));
else if (pSec->pszs->dwMinSecLevel == URLTEMPLATE_MEDIUM)
MLLoadShellLangString(IDS_TEMPLATE_NAME_MED, szLevel, ARRAYSIZE(szLevel));
else if (pSec->pszs->dwMinSecLevel == URLTEMPLATE_MEDLOW)
MLLoadShellLangString(IDS_TEMPLATE_NAME_MEDLOW, szLevel, ARRAYSIZE(szLevel));
else
MLLoadShellLangString(IDS_TEMPLATE_NAME_LOW, szLevel, ARRAYSIZE(szLevel));
wnsprintf(szMessage, ARRAYSIZE(szMessage), szBuf, szLevel);
return MessageBox(pSec->hDlg,szMessage,szWarning, MB_ICONWARNING | MB_YESNO | MB_DEFBUTTON2);
}
int RegWriteWarning(HWND hParent)
{
TCHAR szWarning[64];
TCHAR szWriteWarning[128];
// load "Warning!"
MLLoadShellLangString(IDS_WARNING, szWarning, ARRAYSIZE(szWarning));
// Load "You are about to write..."
MLLoadShellLangString(IDS_WRITE_WARNING, szWriteWarning, ARRAYSIZE(szWriteWarning));
return MessageBox(hParent,szWriteWarning, szWarning, MB_ICONWARNING | MB_YESNO | MB_DEFBUTTON2);
}
BOOL SecurityEnableControls(LPSECURITYPAGE pSec, BOOL fSetFocus)
// Duties:
// Make the controls (slider, en/disabled buttons) match the data for the current zone
// Make the views (Level description text) match the data for the current zone
// Set focus (to slider, if enabled, else custom settings button, if enabled, else
// listbox) if fSetFocus is TRUE
// Note: the zone descriptions are not set here; those are handled by the code responsible
// for changing zones
{
int iLevel = -1;
if (pSec && pSec->pszs)
{
HWND hwndSlider = GetDlgItem(pSec->hDlg, IDC_SLIDER);
iLevel = SecLevelToSliderPos(pSec->pszs->dwSecLevel);
ASSERT(iLevel > -2);
// Set the level of the slider to the setting for the current zone
// Show or hide the slider for preset levels/custom
// Set the level description text
if(iLevel >= 0)
{
SendMessage(hwndSlider, TBM_SETPOS, (WPARAM) (BOOL) TRUE, (LPARAM) (LONG) iLevel);
// Make sure the slider is visible
ShowWindow(hwndSlider, SW_SHOW);
ShowWindow(GetDlgItem(pSec->hDlg, IDC_STATIC_SLIDERMOVETEXT), SW_SHOW);
SetDlgItemText(pSec->hDlg, IDC_LEVEL_DESCRIPTION, LEVEL_DESCRIPTION[iLevel]);
SetDlgItemText(pSec->hDlg, IDC_LEVEL_NAME, LEVEL_NAME[iLevel]);
}
else
{
// Hide the slider for custom
ShowWindow(hwndSlider, SW_HIDE);
ShowWindow(GetDlgItem(pSec->hDlg, IDC_STATIC_SLIDERMOVETEXT), SW_HIDE);
SetDlgItemText(pSec->hDlg, IDC_LEVEL_DESCRIPTION, CUSTOM_DESCRIPTION);
SetDlgItemText(pSec->hDlg, IDC_LEVEL_NAME, CUSTOM_NAME);
}
// If the zone is empty, show the "zone is empty" string
// Default is to not show the sting (if something goes wrong)
// Empty zone not possible for internet, intranet, or local zones
if((pSec->pszs->dwZoneIndex != URLZONE_INTRANET &&
pSec->pszs->dwZoneIndex != URLZONE_INTERNET) &&
pSec->pszs->dwZoneIndex != URLZONE_LOCAL_MACHINE &&
(pSec->pInternetSecurityManager != NULL))
{
IEnumString * piesZones = NULL;
LPOLESTR ppszDummy[1];
pSec->pInternetSecurityManager->GetZoneMappings(pSec->pszs->dwZoneIndex, &piesZones, 0);
// If enumerator can not get 1 item, zone is empty (not valid for internet and intranet)
if(piesZones && (piesZones->Next(1, ppszDummy, NULL) == S_FALSE))
{
ShowWindow(GetDlgItem(pSec->hDlg, IDC_STATIC_EMPTY), SW_SHOW);
}
else
{
ShowWindow(GetDlgItem(pSec->hDlg, IDC_STATIC_EMPTY), SW_HIDE);
}
if(piesZones)
piesZones->Release();
}
else
{
ShowWindow(GetDlgItem(pSec->hDlg, IDC_STATIC_EMPTY), SW_HIDE);
}
// If we were told to set focus then move focus to the slider.
if (fSetFocus)
{
if(!pSec->fNoEdit)
{
if(iLevel >= 0)
SetFocus(hwndSlider);
else if(pSec->pszs->dwFlags & ZAFLAGS_CUSTOM_EDIT)
SetFocus(GetDlgItem(pSec->hDlg, IDC_BUTTON_SETTINGS));
else
SetFocus(GetDlgItem(pSec->hDlg, IDC_LIST_ZONE));
}
else // No focus is allowed, set focus to the list box
{
SetFocus(GetDlgItem(pSec->hDlg, IDC_LIST_ZONE));
}
}
BOOL fEdit = !(pSec->fNoEdit || (IEHardened() && !IsNTAdmin(0, NULL)));
EnableWindow(hwndSlider, (iLevel >= 0) && fEdit);
EnableWindow(GetDlgItem(pSec->hDlg, IDC_ZONE_RESET),
fEdit && (pSec->pszs->dwSecLevel != pSec->pszs->dwRecSecLevel));
EnableWindow(GetDlgItem(pSec->hDlg, IDC_BUTTON_SETTINGS),
(pSec->pszs->dwFlags & ZAFLAGS_CUSTOM_EDIT) && fEdit);
EnableWindow(GetDlgItem(pSec->hDlg, IDC_BUTTON_ADD_SITES),
(pSec->pszs->dwFlags & ZAFLAGS_ADD_SITES) && !pSec->fDisableAddSites);
return TRUE;
}
return FALSE;
}
void SecuritySetLevel(DWORD dwLevel, LPSECURITYPAGE pSec)
{
// All calls to this function are requests to change the security
// level for the current zone
// dwLevel = requested level template (URLTEMPLATE_???)
int iPos = SecLevelToSliderPos(dwLevel);
ASSERT(iPos != -2);
BOOL bCanceled = FALSE;
// Do nothing if the requested level is equal to the current level
if(dwLevel != pSec->pszs->dwSecLevel)
{
// Pop up warning box if under recommended min level and lowering security (custom N/A)
if((pSec->pszs->dwMinSecLevel > dwLevel) && (pSec->pszs->dwSecLevel > dwLevel)
&& (dwLevel != URLTEMPLATE_CUSTOM))
{
if(SecurityWarning(pSec) == IDNO)
{
bCanceled = TRUE;
}
}
if(! bCanceled)
{
// Set the level
pSec->pszs->dwPrevSecLevel = pSec->pszs->dwSecLevel;
pSec->pszs->dwSecLevel = dwLevel;
ENABLEAPPLY(pSec->hDlg);
//Tell apply and ok that settings have been changed
pSec->fChanged = TRUE;
}
// Sync the controls to the new level (or back to the old if cancelled)
SecurityEnableControls(pSec, TRUE);
}
// Record that the change request has been handled
pSec->fPendingChange = FALSE;
}
//
// SecurityDlgApplyNow()
//
// Retrieves the user's choices in dlg ctls,
// and saves them through SecurityManager interfaces
// If bSaveAll is true, the data for all zones is saved,
// if false, only the current
// Return value is whether the changes were okayed
//
BOOL SecurityDlgApplyNow(LPSECURITYPAGE pSec, BOOL bSaveAll)
{
if (pSec->fChanged)
{
for (int iIndex = (int)SendMessage(pSec->hwndZones, LVM_GETITEMCOUNT, 0, 0) - 1;
iIndex >= 0; iIndex--)
{
if(!((bSaveAll) || (iIndex == pSec->iZoneSel)))
continue;
LV_ITEM lvItem = {0};
ZONEATTRIBUTES za = {0};
LPSECURITYZONESETTINGS pszs;
// get the item settings
lvItem.mask = LVIF_PARAM;
lvItem.iItem = iIndex;
lvItem.iSubItem = 0;
if(SendMessage(pSec->hwndZones, LVM_GETITEM, (WPARAM)0, (LPARAM)&lvItem))
{
pszs = (LPSECURITYZONESETTINGS)lvItem.lParam;
za.cbSize = sizeof(ZONEATTRIBUTES);
pSec->pInternetZoneManager->GetZoneAttributes(pszs->dwZoneIndex, &za);
za.dwTemplateCurrentLevel = pszs->dwSecLevel;
pSec->pInternetZoneManager->SetZoneAttributes(pszs->dwZoneIndex, &za);
// Custom settings are saved on exit from the Custom Settings window
}
}
UpdateAllWindows();
SecurityChanged();
if (bSaveAll)
{
// if bSaveAll is false, that means we're saving the info for one zone, but not
// the others. This happens when you have custom settings for a particular zone
// However, other zones may have been changed to only one of the standard settings
// We need to ensure that those settings also get saved when the user clicks OK/Apply.
pSec->fChanged = FALSE;
}
}
return TRUE;
}
//
// SecurityOnCommand()
//
// Handles Security Dialog's window messages
//
// History:
//
// 6/17/96 t-gpease created
// 5/14/97 t-ashlm ui changes
//
void SecurityOnCommand(LPSECURITYPAGE pSec, UINT id, UINT nCmd)
{
switch (id)
{
case IDC_BUTTON_ADD_SITES:
{
if (pSec->pszs->dwZoneIndex == URLZONE_INTRANET && !IEHardened())
{
DialogBoxParam(MLGetHinst(), MAKEINTRESOURCE(IDD_SECURITY_INTRANET), pSec->hDlg,
SecurityAddSitesIntranetDlgProc, (LPARAM)pSec);
}
else
{
DialogBoxParam(MLGetHinst(), MAKEINTRESOURCE(IDD_SECURITY_ADD_SITES), pSec->hDlg,
SecurityAddSitesDlgProc, (LPARAM)pSec);
}
// Resynch controls (in case the "zone is empty" message needs to be updated)
SecurityEnableControls(pSec, FALSE);
}
break;
case IDC_BUTTON_SETTINGS:
{
// Note: messages to change the level from preset to custom as a result of this call
// are sent by the CustomSettings dialog
DialogBoxParam(MLGetHinst(), MAKEINTRESOURCE(IDD_SECURITY_CUSTOM_SETTINGS), pSec->hDlg,
SecurityCustomSettingsDlgProc, (LPARAM)pSec);
break;
}
case IDC_ZONE_RESET:
if(!pSec->fPendingChange && pSec->pszs->dwSecLevel != pSec->pszs->dwRecSecLevel)
{
pSec->fPendingChange = TRUE;
PostMessage(pSec->hDlg, WM_APP, (WPARAM) 0, (LPARAM) pSec->pszs->dwRecSecLevel);
}
break;
case IDOK:
SecurityDlgApplyNow(pSec, TRUE);
EndDialog(pSec->hDlg, IDOK);
break;
case IDCANCEL:
EndDialog(pSec->hDlg, IDCANCEL);
break;
case IDC_SLIDER:
{
// Get the current slider position
// Sundown: forced typecast to int, slider positions are restricted
int iPos = (int) SendDlgItemMessage(pSec->hDlg, IDC_SLIDER, TBM_GETPOS, (WPARAM) 0, (LPARAM) 0);
if(nCmd == TB_THUMBTRACK)
{
// on Mouse Move, change the level description only
SetDlgItemText(pSec->hDlg, IDC_LEVEL_DESCRIPTION, LEVEL_DESCRIPTION[iPos]);
SetDlgItemText(pSec->hDlg, IDC_LEVEL_NAME, LEVEL_NAME[iPos]);
}
else
{
// Request that the current zone's security level be set to the corresponding level
DWORD_PTR dwLevel = SliderPosToSecLevel(iPos);
if(! pSec->fPendingChange)
{
pSec->fPendingChange = TRUE;
PostMessage(pSec->hDlg, WM_APP, (WPARAM) 0, (LPARAM) dwLevel);
}
}
}
break;
case IDC_LIST_ZONE:
{
// Sundown: coercion to int-- selection is range-restricted
int iNewSelection = (int) SendMessage(pSec->hwndZones, LVM_GETNEXTITEM, (WPARAM)-1,
MAKELPARAM(LVNI_SELECTED, 0));
if ((iNewSelection != pSec->iZoneSel) && (iNewSelection != -1))
{
LV_ITEM lvItem;
lvItem.iItem = iNewSelection;
lvItem.iSubItem = 0;
lvItem.mask = LVIF_PARAM;
SendMessage(pSec->hwndZones, LVM_GETITEM, (WPARAM)0, (LPARAM)&lvItem);
pSec->pszs = (LPSECURITYZONESETTINGS)lvItem.lParam;
pSec->iZoneSel = iNewSelection;
WCHAR wszBuffer[ MAX_PATH*2];
MLLoadString( IDS_ZONEDESC_LOCAL + pSec->pszs->dwZoneIndex, wszBuffer, ARRAYSIZE(wszBuffer));
SetDlgItemText(pSec->hDlg, IDC_ZONE_DESCRIPTION, wszBuffer);
MLLoadString( IDS_ZONENAME_LOCAL + pSec->pszs->dwZoneIndex, wszBuffer, ARRAYSIZE(wszBuffer));
SetDlgItemText(pSec->hDlg, IDC_ZONELABEL, wszBuffer);
SendDlgItemMessage(pSec->hDlg, IDC_ZONE_ICON, STM_SETIMAGE, (WPARAM)IMAGE_ICON, (LPARAM)pSec->pszs->hicon);
SecurityEnableControls(pSec, FALSE);
}
break;
}
}
} // SecurityOnCommand()
//
// SecurityDlgProc()
//
// Handles Security Dialog's window messages
//
// History:
//
// 6/17/96 t-gpease created
// 5/14/97 t-ashlm ui changes
//
INT_PTR CALLBACK SecurityDlgProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
LPSECURITYPAGE pSec;
if (uMsg == WM_INITDIALOG)
{
// A hack forced by PropertyPage:
// PropertyPage creates this dialog in mainwnd.cpp when the dialog is entered from
// the desktop e's properties, the browser's menu view-internetoptions-security, or
// right clicking on the browser's zone icon.
// In the property page case, lParam (our only route to get initialization information
// in) is a pointer to a PROPERTYSHEETHEADER, more or less, and of entirely no use to us.
// However, when called from our exported function LaunchSecurityDialogEx, using
// CreateDialogParamWrapW, we want to pass useful information in. The only way to make sure
// we our dealing with useful information is to make the passed in pointer be to a
// structure we know and love, and hence could not possibly be pointed to by PropertyPage.
// We use a ThreadLocalStorage object, as our information reference
SECURITYINITFLAGS * psif = NULL;
if(g_dwtlsSecInitFlags != (DWORD) -1)
psif = (SECURITYINITFLAGS *) TlsGetValue(g_dwtlsSecInitFlags);
if((SECURITYINITFLAGS *) lParam != psif)
psif = NULL;
return SecurityDlgInit(hDlg, psif);
}
pSec = (LPSECURITYPAGE)GetWindowLongPtr(hDlg, DWLP_USER);
if (!pSec)
return FALSE;
switch (uMsg)
{
case WM_COMMAND:
SecurityOnCommand(pSec, LOWORD(wParam), HIWORD(wParam));
return TRUE;
case WM_NOTIFY:
{
NMHDR *lpnm = (NMHDR *) lParam;
ASSERT(lpnm);
// List Box Messages
if(lpnm->idFrom == IDC_LIST_ZONE)
{
NM_LISTVIEW * lplvnm = (NM_LISTVIEW *) lParam;
if(lplvnm->hdr.code == LVN_ITEMCHANGED)
{
// If an item's state has changed, and it is now selected
if(((lplvnm->uChanged & LVIF_STATE) != 0) && ((lplvnm->uNewState & LVIS_SELECTED) != 0))
{
SecurityOnCommand(pSec, IDC_LIST_ZONE, LVN_ITEMCHANGED);
}
}
}
else
{
switch (lpnm->code)
{
case PSN_QUERYCANCEL:
case PSN_KILLACTIVE:
case PSN_RESET:
SetWindowLongPtr(pSec->hDlg, DWLP_MSGRESULT, FALSE);
return TRUE;
case PSN_APPLY:
// Hitting the apply button runs this code
SecurityDlgApplyNow(pSec, TRUE);
break;
}
}
}
break;
case WM_HELP: // F1
ResWinHelp( (HWND)((LPHELPINFO)lParam)->hItemHandle, IDS_HELPFILE,
HELP_WM_HELP, (DWORD_PTR)(LPSTR)mapIDCsToIDHs);
break;
case WM_APP:
// A message needs to be posted, because the set tools sometimes send two messages
// hence we need delayed action and a pending change boolean
// lParam is the level to set for this message
// wParam is not used
SecuritySetLevel((DWORD) lParam, pSec);
break;
case WM_VSCROLL:
// Slider Messages
SecurityOnCommand(pSec, IDC_SLIDER, LOWORD(wParam));
return TRUE;
case WM_CONTEXTMENU: // right mouse click
ResWinHelp( (HWND) wParam, IDS_HELPFILE,
HELP_CONTEXTMENU, (DWORD_PTR)(LPSTR)mapIDCsToIDHs);
break;
case WM_DESTROY:
if(! pSec)
break;
SecurityFreeGlobals(pSec);
SetWindowLongPtr(hDlg, DWLP_USER, (LONG_PTR)NULL);
break;
}
return FALSE;
}
// Subclassed window proc for the slider. This is used to take over the
// accessibility wrapper for the class so we can return the right zone
// string ( i.e. High, Medium, Low, etc). Just trap WM_GETOBJECT and pass
// in our override of the accessibility wrapper.
LRESULT CALLBACK SliderSubWndProc (HWND hwndSlider, UINT uMsg, WPARAM wParam, LPARAM lParam, WPARAM uID, ULONG_PTR dwRefData)
{
ASSERT(uID == 0);
ASSERT(dwRefData == 0);
switch (uMsg)
{
case WM_GETOBJECT:
if ( lParam == OBJID_CLIENT )
{
// At this point we will try to load oleacc and get the functions
// we need.
if (!g_fAttemptedOleAccLoad)
{
g_fAttemptedOleAccLoad = TRUE;
ASSERT(s_pfnCreateStdAccessibleProxy == NULL);
ASSERT(s_pfnLresultFromObject == NULL);
g_hOleAcc = LoadLibrary(TEXT("OLEACC"));
if (g_hOleAcc != NULL)
{
#ifdef UNICODE
s_pfnCreateStdAccessibleProxy = (PFNCREATESTDACCESSIBLEPROXY)
GetProcAddress(g_hOleAcc, "CreateStdAccessibleProxyW");
#else
s_pfnCreateStdAccessibleProxy = (PFNCREATESTDACCESSIBLEPROXY)
GetProcAddress(g_hOleAcc, "CreateStdAccessibleProxyA");
#endif
s_pfnLresultFromObject = (PFNLRESULTFROMOBJECT)
GetProcAddress(g_hOleAcc, "LresultFromObject");
}
if (s_pfnLresultFromObject == NULL || s_pfnCreateStdAccessibleProxy == NULL)
{
// No point holding on to Oleacc since we can't use it.
FreeLibrary(g_hOleAcc);
g_hOleAcc = NULL;
s_pfnLresultFromObject = NULL;
s_pfnCreateStdAccessibleProxy = NULL;
}
}
if (g_hOleAcc && s_pfnCreateStdAccessibleProxy && s_pfnLresultFromObject)
{
IAccessible *pAcc = NULL;
HRESULT hr;
// Create default slider proxy.
hr = s_pfnCreateStdAccessibleProxy(
hwndSlider,
TEXT("msctls_trackbar32"),
OBJID_CLIENT,
IID_IAccessible,
(void **)&pAcc
);
if (SUCCEEDED(hr) && pAcc)
{
// now wrap it up in our customized wrapper...
IAccessible * pWrapAcc = new CSecurityAccessibleWrapper( hwndSlider, pAcc );
// Release our ref to proxy (wrapper has its own addref'd ptr)...
pAcc->Release();
if (pWrapAcc != NULL)
{
// ...and return the wrapper via LresultFromObject...
LRESULT lr = s_pfnLresultFromObject( IID_IAccessible, wParam, pWrapAcc );
// Release our interface pointer - OLEACC has its own addref to the object
pWrapAcc->Release();
// Return the lresult, which 'contains' a reference to our wrapper object.
return lr;
// All done!
}
// If it didn't work, fall through to default behavior instead.
}
}
}
break;
case WM_DESTROY:
RemoveWindowSubclass(hwndSlider, SliderSubWndProc, uID);
break;
} /* end switch */
return DefSubclassProc(hwndSlider, uMsg, wParam, lParam);
}
// In Urlmon.dll
HRESULT __stdcall GetAddSitesFileUrl(LPWSTR /* [in, out] */ pszUrl);
HRESULT _GetAddSitesDisplayUrl(LPCWSTR pszUrl, LPWSTR pszUrlDisplay, DWORD cchUrlDisplay)
{
HRESULT hr;
LPWSTR pszSecUrl;
hr = CoInternetGetSecurityUrl(pszUrl, &pszSecUrl, PSU_DEFAULT, 0);
if (SUCCEEDED(hr))
{
LPCWSTR pszColon = StrChr(pszSecUrl, L':');
//Special case about Urls so we don't munge them.
if (pszColon && (pszColon - pszSecUrl != 5 || StrCmpNI(pszSecUrl, L"about", 5) != 0))
{
DWORD bufferUsed = min(cchUrlDisplay, (DWORD)(pszColon - pszSecUrl) + 2);
StrCpyN(pszUrlDisplay, pszSecUrl, bufferUsed);
//Don't add // if the security url already has it
if (StrCmpNI(pszColon + 1, L"//", 2) != 0)
{
StrCatBuff(pszUrlDisplay, L"//", cchUrlDisplay - bufferUsed);
StrCatBuff(pszUrlDisplay, pszColon + 1, cchUrlDisplay - bufferUsed - 2);
}
else
{
StrCatBuff(pszUrlDisplay, pszColon + 1, cchUrlDisplay - bufferUsed);
}
}
else
{
StrCpyN(pszUrlDisplay, pszSecUrl, cchUrlDisplay);
}
CoTaskMemFree(pszSecUrl);
}
else
{
StrCpyN(pszUrlDisplay, pszUrl, cchUrlDisplay);
hr = S_OK;
}
if (SUCCEEDED (hr))
// Transform file:// URLs to a file://UNC format if necessary:
hr = GetAddSitesFileUrl(pszUrlDisplay);
return hr;
}
BOOL __cdecl _FormatMessage(LPCWSTR szTemplate, LPWSTR szBuf, UINT cchBuf, ...)
{
BOOL fRet;
va_list ArgList;
va_start(ArgList, cchBuf);
fRet = FormatMessage(FORMAT_MESSAGE_FROM_STRING, szTemplate, 0, 0, szBuf, cchBuf, &ArgList);
va_end(ArgList);
return fRet;
}
HRESULT _AddSite(LPADDSITESINFO pasi)
{
HRESULT hr = S_OK;
LPWSTR psz;
SendMessage(pasi->hwndAdd, WM_GETTEXT, MAX_ZONE_PATH, (LPARAM)pasi->szWebSite);
#ifndef UNICODE
WCHAR wszMapping[MAX_ZONE_PATH];
MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, pasi->szWebSite, sizeof(pasi->szWebSite), wszMapping, ARRAYSIZE(wszMapping));
psz = wszMapping;
#else
psz = pasi->szWebSite;
#endif
if (*psz)
{
pasi->fRSVOld = pasi->fRequireServerVerification;
pasi->fRequireServerVerification = IsDlgButtonChecked(pasi->hDlg, IDC_CHECK_REQUIRE_SERVER_VERIFICATION);
// if the state of RequireServerVer has changed, then do a SetZoneAttr so we'll get the correct error codes
if (pasi->fRSVOld != pasi->fRequireServerVerification)
{
ZONEATTRIBUTES za;
za.cbSize = sizeof(ZONEATTRIBUTES);
pasi->pSec->pInternetZoneManager->GetZoneAttributes(pasi->pSec->pszs->dwZoneIndex, &za);
if (pasi->fRequireServerVerification)
za.dwFlags |= ZAFLAGS_REQUIRE_VERIFICATION;
else
za.dwFlags &= ~ZAFLAGS_REQUIRE_VERIFICATION;
pasi->pSec->pInternetZoneManager->SetZoneAttributes(pasi->pSec->pszs->dwZoneIndex, &za);
}
hr = pasi->pSec->pInternetSecurityManager->SetZoneMapping(pasi->pSec->pszs->dwZoneIndex,
psz, SZM_CREATE);
if (FAILED(hr))
{
UINT id = IDS_MAPPINGFAIL;
if (hr == URL_E_INVALID_SYNTAX)
{
id = IDS_INVALIDURL;
}
else if (hr == E_INVALIDARG)
{
id = IDS_INVALIDWILDCARD;
}
else if (hr == E_ACCESSDENIED)
{
id = IDS_HTTPSREQ;
}
else if (hr == HRESULT_FROM_WIN32(ERROR_FILE_EXISTS))
{
id = IDS_SITEEXISTS;
}
DWORD dwOldZone;
if (id == IDS_SITEEXISTS && SUCCEEDED(pasi->pSec->pInternetSecurityManager->MapUrlToZone(psz, &dwOldZone, 0)))
{
if (dwOldZone == pasi->pSec->pszs->dwZoneIndex)
{
// Nothing to do except inform the user
SiteAlreadyInZoneMessage(pasi->hDlg, dwOldZone);
}
else if (dwOldZone == URLZONE_UNTRUSTED)
{
// Do not allow moving a site from the restricted zone to any other zone.
WCHAR szMessage[200];
WCHAR szZone[100];
if (MLLoadString(IDS_CANNOT_MOVE_FROM_RESTRICTED, szMessage, ARRAYSIZE(szMessage)) &&
MLLoadString(IDS_ZONENAME_LOCAL + URLZONE_UNTRUSTED, szZone, ARRAYSIZE(szZone)))
{
MLShellMessageBox(pasi->hDlg, szMessage, szZone, MB_ICONINFORMATION | MB_OK);
}
}
else
{
// The site exists in another zone
WCHAR szNewZone[100];
MLLoadString(IDS_ZONENAME_LOCAL + pasi->pSec->pszs->dwZoneIndex, szNewZone, ARRAYSIZE(szNewZone));
WCHAR szOldZone[100];
MLLoadString(IDS_ZONENAME_LOCAL + dwOldZone, szOldZone, ARRAYSIZE(szOldZone));
WCHAR szFormat[200];
MLLoadString(IDS_ADDSITEREPLACE, szFormat, ARRAYSIZE(szFormat));
WCHAR szText[400];
_FormatMessage(szFormat, szText, ARRAYSIZE(szText), szOldZone, szNewZone);
if (IDYES == MLShellMessageBox(pasi->hDlg, szText, NULL, MB_ICONQUESTION | MB_YESNO))
{
pasi->pSec->pInternetSecurityManager->SetZoneMapping(dwOldZone, psz, SZM_DELETE);
hr = _AddSite(pasi);
}
}
}
else
{
MLShellMessageBox(pasi->hDlg, MAKEINTRESOURCEW(id), NULL, MB_ICONSTOP|MB_OK);
Edit_SetSel(pasi->hwndAdd, 0, -1);
}
}
else
{
WCHAR szUrl[MAX_ZONE_PATH];
_GetAddSitesDisplayUrl(pasi->szWebSite, szUrl, ARRAYSIZE(szUrl));
SendMessage(pasi->hwndWebSites, LB_ADDSTRING, (WPARAM)0, (LPARAM)szUrl);
SendMessage(pasi->hwndAdd, WM_SETTEXT, (WPARAM)0, (LPARAM)NULL);
SetFocus(pasi->hwndAdd);
}
}
return hr;
}
INT_PTR CALLBACK SecurityAddSitesDlgProc(HWND hDlg, UINT uMsg, WPARAM wParam,LPARAM lParam)
{
LPADDSITESINFO pasi;
if (uMsg == WM_INITDIALOG)
{
pasi = (LPADDSITESINFO)LocalAlloc(LPTR, sizeof(*pasi));
if (!pasi)
{
EndDialog(hDlg, IDCANCEL);
return FALSE;
}
// tell dialog where to get info
SetWindowLongPtr(hDlg, DWLP_USER, (LONG_PTR)pasi);
// save the handle to the page
pasi->hDlg = hDlg;
pasi->pSec = (LPSECURITYPAGE)lParam;
pasi->hwndWebSites = GetDlgItem(hDlg, IDC_LIST_WEBSITES);
pasi->hwndAdd = GetDlgItem(hDlg, IDC_EDIT_ADD_SITE);
// cross-lang platform support
SHSetDefaultDialogFont(hDlg, IDC_EDIT_ADD_SITE);
// limit the text so it will fit
SendMessage(pasi->hwndAdd, EM_SETLIMITTEXT, (WPARAM)sizeof(pasi->szWebSite), (LPARAM)0);
pasi->fRequireServerVerification = pasi->pSec->pszs->dwFlags & ZAFLAGS_REQUIRE_VERIFICATION;
CheckDlgButton(hDlg, IDC_CHECK_REQUIRE_SERVER_VERIFICATION, pasi->fRequireServerVerification);
// hide the checkbox if it doesn't support server verification
if (!(pasi->pSec->pszs->dwFlags & ZAFLAGS_SUPPORTS_VERIFICATION))
ShowWindow(GetDlgItem(hDlg, IDC_CHECK_REQUIRE_SERVER_VERIFICATION), SW_HIDE);
SendMessage(hDlg, WM_SETTEXT, (WPARAM)0, (LPARAM)pasi->pSec->pszs->szDisplayName);
SetDlgItemText(hDlg, IDC_ADDSITES_GROUPBOX,(LPTSTR)pasi->pSec->pszs->szDisplayName);
SendDlgItemMessage(hDlg, IDC_ZONE_ICON, STM_SETIMAGE, (WPARAM)IMAGE_ICON, (LPARAM)pasi->pSec->pszs->hicon);
EnableWindow(GetDlgItem(hDlg, IDC_BUTTON_REMOVE), FALSE);
if (pasi->pSec->pInternetSecurityManager || SUCCEEDED(CoInternetCreateSecurityManager(NULL, &(pasi->pSec->pInternetSecurityManager), 0)))
{
IEnumString *pEnum;
if (SUCCEEDED(pasi->pSec->pInternetSecurityManager->GetZoneMappings(pasi->pSec->pszs->dwZoneIndex, &pEnum, 0)))
{
LPOLESTR pszMapping;
#ifndef UNICODE
CHAR szMapping[MAX_URL_STRING];
#endif
LPTSTR psz;
while (pEnum->Next(1, &pszMapping, NULL) == S_OK)
{
#ifndef UNICODE
WideCharToMultiByte(CP_ACP, 0, pszMapping, -1, szMapping, ARRAYSIZE(szMapping), NULL, NULL);
psz = szMapping;
#else
psz = pszMapping;
#endif // UNICODE
SendMessage(pasi->hwndWebSites, LB_INSERTSTRING, (WPARAM)-1, (LPARAM)psz);
CoTaskMemFree(pszMapping);
}
pEnum->Release();
}
}
BOOL fUseHKLM = FALSE;
DWORD cb = SIZEOF(fUseHKLM);
SHGetValue( HKEY_LOCAL_MACHINE,
REGSTR_PATH_SECURITY_LOCKOUT,
REGSTR_VAL_HKLM_ONLY,
NULL,
&fUseHKLM,
&cb);
if (pasi->pSec->fNoAddSites || pasi->pSec->fNoZoneMapEdit || (fUseHKLM && !IsNTAdmin(0, NULL)))
{
EnableDlgItem(hDlg, IDC_EDIT_ADD_SITE, FALSE);
EnableDlgItem(hDlg, IDC_BUTTON_REMOVE, FALSE);
}
else if (pasi->pSec->szPageUrl[0])
{
// Security manager should have been created above
if (pasi->pSec->pInternetSecurityManager)
{
DWORD dwZone;
if (SUCCEEDED(pasi->pSec->pInternetSecurityManager->MapUrlToZone(pasi->pSec->szPageUrl, &dwZone, 0)))
{
// If a site is already restricted, we don't want to auto-suggest.
// If a site is already trusted, we can't add it to either list anyway.
// So we only need to check for Intranet and Internet.
if ((dwZone == URLZONE_INTERNET) ||
(pasi->pSec->pszs->dwZoneIndex == URLZONE_INTRANET && dwZone == URLZONE_TRUSTED) ||
(pasi->pSec->pszs->dwZoneIndex == URLZONE_TRUSTED && dwZone == URLZONE_INTRANET))
{
WCHAR szUrl[MAX_ZONE_PATH];
if (SUCCEEDED(_GetAddSitesDisplayUrl(pasi->pSec->szPageUrl, szUrl, ARRAYSIZE(szUrl))))
{
SetWindowText(pasi->hwndAdd, szUrl);
SetFocus(GetDlgItem(hDlg, IDC_BUTTON_ADD));
}
}
}
}
}
if (pasi->pSec->fNoZoneMapEdit)
{
EnableDlgItem(hDlg, IDC_CHECK_REQUIRE_SERVER_VERIFICATION, FALSE);
EnableDlgItem(hDlg, IDS_STATIC_ADDSITE, FALSE);
}
SHAutoComplete(GetDlgItem(hDlg, IDC_EDIT_ADD_SITE), SHACF_DEFAULT);
}
else
pasi = (LPADDSITESINFO)GetWindowLongPtr(hDlg, DWLP_USER);
if (!pasi)
return FALSE;
switch (uMsg)
{
case WM_COMMAND:
switch (LOWORD(wParam))
{
case IDCANCEL: //Close
{
ZONEATTRIBUTES za;
pasi->fRequireServerVerification = IsDlgButtonChecked(hDlg, IDC_CHECK_REQUIRE_SERVER_VERIFICATION);
if (pasi->fRequireServerVerification)
pasi->pSec->pszs->dwFlags |= ZAFLAGS_REQUIRE_VERIFICATION;
else
pasi->pSec->pszs->dwFlags &= ~ZAFLAGS_REQUIRE_VERIFICATION;
za.cbSize = sizeof(ZONEATTRIBUTES);
pasi->pSec->pInternetZoneManager->GetZoneAttributes(pasi->pSec->pszs->dwZoneIndex, &za);
za.dwFlags = pasi->pSec->pszs->dwFlags;
pasi->pSec->pInternetZoneManager->SetZoneAttributes(pasi->pSec->pszs->dwZoneIndex, &za);
SecurityChanged();
EndDialog(hDlg, IDOK);
break;
}
case IDC_LIST_WEBSITES:
switch (HIWORD(wParam))
{
case LBN_SELCHANGE:
case LBN_SELCANCEL:
if (!pasi->pSec->fNoAddSites && !pasi->pSec->fNoZoneMapEdit)
EnableWindow(GetDlgItem(hDlg, IDC_BUTTON_REMOVE), SendDlgItemMessage(hDlg, IDC_LIST_WEBSITES, LB_GETCURSEL, 0, 0) != -1);
break;
}
break;
case IDC_EDIT_ADD_SITE:
switch(HIWORD(wParam))
{
case EN_CHANGE:
BOOL fEnable = GetWindowTextLength(GetDlgItem(hDlg, IDC_EDIT_ADD_SITE)) ? TRUE:FALSE;
EnableWindow(GetDlgItem(hDlg,IDC_BUTTON_ADD), fEnable);
SendMessage(hDlg, DM_SETDEFID, fEnable ? IDC_BUTTON_ADD : IDOK, 0);
break;
}
break;
case IDC_BUTTON_ADD:
_AddSite(pasi);
break;
case IDC_BUTTON_REMOVE:
{
TCHAR szMapping[MAX_ZONE_PATH];
LPWSTR psz;
INT_PTR iSel = SendMessage(pasi->hwndWebSites, LB_GETCURSEL, 0, 0);
if (iSel != -1)
{
SendMessage(pasi->hwndWebSites, LB_GETTEXT, (WPARAM)iSel, (LPARAM)szMapping);
#ifndef UNICODE
WCHAR wszMapping[MAX_ZONE_PATH];
MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, szMapping, sizeof(szMapping), wszMapping, ARRAYSIZE(wszMapping));
psz = wszMapping;
#else
psz = szMapping;
#endif
SendMessage(pasi->hwndWebSites, LB_DELETESTRING, iSel , 0);
SendMessage(pasi->hwndWebSites, LB_SETCURSEL, iSel-1, 0);
if (!pasi->pSec->fNoAddSites && !pasi->pSec->fNoZoneMapEdit)
EnableWindow(GetDlgItem(hDlg, IDC_BUTTON_REMOVE), SendDlgItemMessage(hDlg, IDC_LIST_WEBSITES, LB_GETCURSEL, 0, 0) != -1);
pasi->pSec->pInternetSecurityManager->SetZoneMapping(pasi->pSec->pszs->dwZoneIndex,
psz, SZM_DELETE);
}
break;
}
default:
return FALSE;
}
return TRUE;
break;
case WM_HELP: // F1
ResWinHelp( (HWND)((LPHELPINFO)lParam)->hItemHandle, IDS_HELPFILE,
HELP_WM_HELP, (DWORD_PTR)(LPSTR)mapIDCsToIDHs);
break;
case WM_CONTEXTMENU: // right mouse click
ResWinHelp( (HWND) wParam, IDS_HELPFILE,
HELP_CONTEXTMENU, (DWORD_PTR)(LPSTR)mapIDCsToIDHs);
break;
case WM_DESTROY:
SHRemoveDefaultDialogFont(hDlg);
if (pasi)
{
LocalFree(pasi);
SetWindowLongPtr(hDlg, DWLP_USER, (LONG_PTR)NULL);
}
break;
}
return FALSE;
}
INT_PTR CALLBACK SecurityAddSitesIntranetDlgProc(HWND hDlg, UINT uMsg, WPARAM wParam,LPARAM lParam)
{
LPADDSITESINTRANETINFO pasii;
if (uMsg == WM_INITDIALOG)
{
pasii = (LPADDSITESINTRANETINFO)LocalAlloc(LPTR, sizeof(*pasii));
if (!pasii)
{
EndDialog(hDlg, IDCANCEL);
return FALSE;
}
// tell dialog where to get info
SetWindowLongPtr(hDlg, DWLP_USER, (LONG_PTR)pasii);
// save the handle to the page
pasii->hDlg = hDlg;
pasii->pSec = (LPSECURITYPAGE)lParam;
SendMessage(hDlg, WM_SETTEXT, (WPARAM)0, (LPARAM)pasii->pSec->pszs->szDisplayName);
CheckDlgButton(hDlg, IDC_CHECK_USEINTRANET, pasii->pSec->pszs->dwFlags & ZAFLAGS_INCLUDE_INTRANET_SITES);
CheckDlgButton(hDlg, IDC_CHECK_PROXY, pasii->pSec->pszs->dwFlags & ZAFLAGS_INCLUDE_PROXY_OVERRIDE);
CheckDlgButton(hDlg, IDC_CHECK_UNC, pasii->pSec->pszs->dwFlags & ZAFLAGS_UNC_AS_INTRANET);
SendDlgItemMessage(hDlg, IDC_ZONE_ICON, STM_SETIMAGE, (WPARAM)IMAGE_ICON, (LPARAM)pasii->pSec->pszs->hicon);
BOOL fHarden = IEHardened();
if (pasii->pSec->fNoAddSites || pasii->pSec->fNoZoneMapEdit || fHarden)
{
EnableDlgItem(hDlg, IDC_CHECK_USEINTRANET, FALSE);
EnableDlgItem(hDlg, IDC_CHECK_PROXY, FALSE);
}
if (pasii->pSec->fNoZoneMapEdit || fHarden)
{
EnableDlgItem(hDlg, IDC_CHECK_UNC, FALSE);
}
return TRUE;
}
else
pasii = (LPADDSITESINTRANETINFO)GetWindowLongPtr(hDlg, DWLP_USER);
if (!pasii)
return FALSE;
switch (uMsg) {
case WM_COMMAND:
switch (LOWORD(wParam))
{
case IDOK:
{
ZONEATTRIBUTES za;
pasii->fUseIntranet = IsDlgButtonChecked(hDlg, IDC_CHECK_USEINTRANET);
pasii->fUseProxyExclusion = IsDlgButtonChecked(hDlg, IDC_CHECK_PROXY);
pasii->fUseUNC = IsDlgButtonChecked(hDlg, IDC_CHECK_UNC);
if (pasii->fUseIntranet)
pasii->pSec->pszs->dwFlags |= ZAFLAGS_INCLUDE_INTRANET_SITES;
else
pasii->pSec->pszs->dwFlags &= ~ZAFLAGS_INCLUDE_INTRANET_SITES;
if (pasii->fUseProxyExclusion)
pasii->pSec->pszs->dwFlags |= ZAFLAGS_INCLUDE_PROXY_OVERRIDE;
else
pasii->pSec->pszs->dwFlags &= ~ZAFLAGS_INCLUDE_PROXY_OVERRIDE;
if (pasii->fUseUNC)
pasii->pSec->pszs->dwFlags |= ZAFLAGS_UNC_AS_INTRANET;
else
pasii->pSec->pszs->dwFlags &= ~ZAFLAGS_UNC_AS_INTRANET;
za.cbSize = sizeof(ZONEATTRIBUTES);
pasii->pSec->pInternetZoneManager->GetZoneAttributes(pasii->pSec->pszs->dwZoneIndex, &za);
za.dwFlags = pasii->pSec->pszs->dwFlags;
pasii->pSec->pInternetZoneManager->SetZoneAttributes(pasii->pSec->pszs->dwZoneIndex, &za);
SecurityChanged();
EndDialog(hDlg, IDOK);
break;
}
case IDCANCEL:
EndDialog(hDlg, IDCANCEL);
break;
case IDC_INTRANET_ADVANCED:
DialogBoxParam(MLGetHinst(), MAKEINTRESOURCE(IDD_SECURITY_ADD_SITES), hDlg,
SecurityAddSitesDlgProc, (LPARAM)pasii->pSec);
break;
default:
return FALSE;
}
return TRUE;
break;
case WM_HELP: // F1
ResWinHelp( (HWND)((LPHELPINFO)lParam)->hItemHandle, IDS_HELPFILE,
HELP_WM_HELP, (DWORD_PTR)(LPSTR)mapIDCsToIDHs);
break;
case WM_CONTEXTMENU: // right mouse click
ResWinHelp( (HWND) wParam, IDS_HELPFILE,
HELP_CONTEXTMENU, (DWORD_PTR)(LPSTR)mapIDCsToIDHs);
break;
case WM_DESTROY:
if (pasii)
{
LocalFree(pasii);
SetWindowLongPtr(hDlg, DWLP_USER, (LONG_PTR)NULL);
}
break;
}
return FALSE;
}
VOID ShowJavaZonePermissionsDialog (HWND hdlg, LPCUSTOMSETTINGSINFO pcsi)
{
HRESULT hr;
IJavaZonePermissionEditor *zoneeditor;
hr = CoCreateInstance(
CLSID_JavaRuntimeConfiguration,
NULL,
CLSCTX_INPROC_SERVER | CLSCTX_INPROC_HANDLER | CLSCTX_LOCAL_SERVER,
IID_IJavaZonePermissionEditor,
(PVOID*)&zoneeditor
);
if (SUCCEEDED(hr))
{
hr = zoneeditor->ShowUI(
hdlg,
0,
0,
pcsi->fUseHKLM ? URLZONEREG_HKLM : URLZONEREG_DEFAULT,
pcsi->pSec->pszs->dwZoneIndex,
pcsi->dwJavaPolicy | URLACTION_JAVA_PERMISSIONS,
pcsi->pSec->pInternetZoneManager
);
zoneeditor->Release();
}
}
void ShowCustom(LPCUSTOMSETTINGSINFO pcsi, HTREEITEM hti)
{
TV_ITEM tvi;
tvi.hItem = hti;
tvi.mask = TVIF_HANDLE | TVIF_PARAM | TVIF_IMAGE;
TreeView_GetItem( pcsi->hwndTree, &tvi );
// If it's not selected don't bother.
if (tvi.iImage != IDRADIOON)
return;
TCHAR szValName[64];
DWORD cb = SIZEOF(szValName);
DWORD dwChecked;
if (SHRegQueryUSValue((HUSKEY)tvi.lParam,
TEXT("ValueName"),
NULL,
(LPBYTE)szValName,
&cb,
pcsi->fUseHKLM,
NULL,
0) == ERROR_SUCCESS)
{
if (!(StrCmp(szValName, TEXT("1C00"))))
{
cb = SIZEOF(dwChecked);
if (SHRegQueryUSValue((HUSKEY)tvi.lParam,
TEXT("CheckedValue"),
NULL,
(LPBYTE)&dwChecked,
&cb,
pcsi->fUseHKLM,
NULL,
0) == ERROR_SUCCESS)
{
#ifndef UNIX
HWND hCtl = GetDlgItem(pcsi->hDlg, IDC_JAVACUSTOM);
ShowWindow(hCtl,
(dwChecked == URLPOLICY_JAVA_CUSTOM) && (tvi.iImage == IDRADIOON) ? SW_SHOWNA : SW_HIDE);
EnableWindow(hCtl, dwChecked==URLPOLICY_JAVA_CUSTOM ? TRUE : FALSE);
pcsi->dwJavaPolicy = dwChecked;
#endif
}
}
}
}
void _FindCustomRecursive(
LPCUSTOMSETTINGSINFO pcsi,
HTREEITEM htvi
)
{
HTREEITEM hctvi; // child
// step through the children
hctvi = TreeView_GetChild( pcsi->hwndTree, htvi );
while ( hctvi )
{
_FindCustomRecursive(pcsi,hctvi);
hctvi = TreeView_GetNextSibling( pcsi->hwndTree, hctvi );
}
ShowCustom(pcsi, htvi);
}
void _FindCustom(
LPCUSTOMSETTINGSINFO pcsi
)
{
HTREEITEM hti = TreeView_GetRoot( pcsi->hwndTree );
// and walk the list of other roots
while (hti)
{
// recurse through its children
_FindCustomRecursive(pcsi, hti);
// get the next root
hti = TreeView_GetNextSibling(pcsi->hwndTree, hti );
}
}
BOOL SecurityCustomSettingsInitDialog(HWND hDlg, LPARAM lParam)
{
LPCUSTOMSETTINGSINFO pcsi = (LPCUSTOMSETTINGSINFO)LocalAlloc(LPTR, sizeof(*pcsi));
HRESULT hr;
if (!pcsi)
{
EndDialog(hDlg, IDCANCEL);
return FALSE;
}
// tell dialog where to get info
SetWindowLongPtr(hDlg, DWLP_USER, (LONG_PTR)pcsi);
// save the handle to the page
pcsi->hDlg = hDlg;
pcsi->pSec = (LPSECURITYPAGE)lParam;
// save dialog handle
pcsi->hwndTree = GetDlgItem(pcsi->hDlg, IDC_TREE_SECURITY_SETTINGS);
CoInitialize(0);
hr = CoCreateInstance(CLSID_CRegTreeOptions, NULL, CLSCTX_INPROC_SERVER,
IID_IRegTreeOptions, (LPVOID *)&(pcsi->pTO));
DWORD cb = SIZEOF(pcsi->fUseHKLM);
SHGetValue(HKEY_LOCAL_MACHINE,
REGSTR_PATH_SECURITY_LOCKOUT,
REGSTR_VAL_HKLM_ONLY,
NULL,
&(pcsi->fUseHKLM),
&cb);
// if this fails, we'll just use the default of fUseHKLM == 0
if (SUCCEEDED(hr))
{
CHAR szZone[32];
wnsprintfA(szZone, ARRAYSIZE(szZone), "%ld", pcsi->pSec->pszs->dwZoneIndex);
// use the SOHKLM tree when fUseHKLM==TRUE for IEAK
hr = pcsi->pTO->InitTree(pcsi->hwndTree, HKEY_LOCAL_MACHINE,
pcsi->fUseHKLM ?
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SOIEAK" :
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SO",
szZone);
}
// find the first root and make sure that it is visible
TreeView_EnsureVisible( pcsi->hwndTree, TreeView_GetRoot( pcsi->hwndTree ) );
pcsi->hwndCombo = GetDlgItem(hDlg, IDC_COMBO_RESETLEVEL);
SendMessage(pcsi->hwndCombo, CB_INSERTSTRING, (WPARAM)0, (LPARAM)LEVEL_NAME[3]);
SendMessage(pcsi->hwndCombo, CB_INSERTSTRING, (WPARAM)0, (LPARAM)LEVEL_NAME[2]);
SendMessage(pcsi->hwndCombo, CB_INSERTSTRING, (WPARAM)0, (LPARAM)LEVEL_NAME[1]);
SendMessage(pcsi->hwndCombo, CB_INSERTSTRING, (WPARAM)0, (LPARAM)LEVEL_NAME[0]);
switch (pcsi->pSec->pszs->dwRecSecLevel)
{
case URLTEMPLATE_LOW:
pcsi->iLevelSel = 3;
break;
case URLTEMPLATE_MEDLOW:
pcsi->iLevelSel = 2;
break;
case URLTEMPLATE_MEDIUM:
pcsi->iLevelSel = 1;
break;
case URLTEMPLATE_HIGH:
pcsi->iLevelSel = 0;
break;
default:
pcsi->iLevelSel = 0;
break;
}
_FindCustom(pcsi);
SendMessage(pcsi->hwndCombo, CB_SETCURSEL, (WPARAM)pcsi->iLevelSel, (LPARAM)0);
if (pcsi->pSec->fNoEdit)
{
EnableDlgItem(hDlg, IDC_COMBO_RESETLEVEL, FALSE);
EnableDlgItem(hDlg, IDC_BUTTON_APPLY, FALSE);
}
pcsi->fChanged = FALSE;
return TRUE;
}
INT_PTR CALLBACK SecurityCustomSettingsDlgProc(HWND hDlg, UINT uMsg, WPARAM wParam,LPARAM lParam)
{
LPCUSTOMSETTINGSINFO pcsi;
if (uMsg == WM_INITDIALOG)
return SecurityCustomSettingsInitDialog(hDlg, lParam);
else
pcsi = (LPCUSTOMSETTINGSINFO)GetWindowLongPtr(hDlg, DWLP_USER);
if (!pcsi)
return FALSE;
switch (uMsg) {
case WM_NOTIFY:
{
LPNMHDR psn = (LPNMHDR)lParam;
switch( psn->code )
{
case TVN_KEYDOWN:
{
TV_KEYDOWN *pnm = (TV_KEYDOWN*)psn;
if (pnm->wVKey == VK_SPACE) {
if (!pcsi->pSec->fNoEdit)
{
HTREEITEM hti = (HTREEITEM)SendMessage(pcsi->hwndTree, TVM_GETNEXTITEM, TVGN_CARET, NULL);
pcsi->pTO->ToggleItem(hti);
ShowCustom(pcsi, hti);
pcsi->fChanged = TRUE;
EnableWindow(GetDlgItem(hDlg, IDC_BUTTON_APPLY),TRUE);
SetWindowLongPtr(hDlg, DWLP_MSGRESULT, TRUE); // eat the key
return TRUE;
}
}
break;
}
case NM_CLICK:
case NM_DBLCLK:
{ // is this click in our tree?
if ( psn->idFrom == IDC_TREE_SECURITY_SETTINGS )
{ // yes...
TV_HITTESTINFO ht;
HTREEITEM hti;
if (!pcsi->pSec->fNoEdit)
{
GetCursorPos( &ht.pt ); // get where we were hit
ScreenToClient( pcsi->hwndTree, &ht.pt ); // translate it to our window
// retrieve the item hit
hti = TreeView_HitTest( pcsi->hwndTree, &ht);
pcsi->pTO->ToggleItem(hti);
pcsi->fChanged = TRUE;
ShowCustom(pcsi, hti);
EnableWindow(GetDlgItem(hDlg, IDC_BUTTON_APPLY),TRUE);
}
}
}
break;
}
}
break;
case WM_COMMAND:
switch (LOWORD(wParam))
{
case IDOK:
if(pcsi->pSec->fPendingChange)
break;
if(pcsi->fChanged && RegWriteWarning(pcsi->pSec->hDlg) == IDNO)
break;
// we use send message instead of post because there is no chance of this button
// receiving multiple signals at one click, and we need the change level message to be
// processed before the apply message below
pcsi->pSec->fPendingChange = TRUE;
SendMessage(pcsi->pSec->hDlg, WM_APP, (WPARAM) 0, (LPARAM) URLTEMPLATE_CUSTOM);
if(pcsi->fChanged)
{
pcsi->pTO->WalkTree( WALK_TREE_SAVE );
}
// Saves custom to registry and Handles updateallwindows
// and securitychanged calls
// APPCOMPAT: Force a call to SetZoneAttributes when anything in custom changes.
// This forces the security manager to flush any caches it has for that zone.
pcsi->pSec->fChanged = TRUE;
SecurityDlgApplyNow(pcsi->pSec, FALSE);
EndDialog(hDlg, IDOK);
break;
case IDCANCEL:
EndDialog(hDlg, IDCANCEL);
break;
case IDC_COMBO_RESETLEVEL:
switch (HIWORD(wParam))
{
case CBN_SELCHANGE:
{
// Sundown: coercion to integer since cursor selection is 32b
int iNewSelection = (int) SendMessage(pcsi->hwndCombo, CB_GETCURSEL, (WPARAM)0, (LPARAM)0);
if (iNewSelection != pcsi->iLevelSel)
{
pcsi->iLevelSel = iNewSelection;
EnableWindow(GetDlgItem(hDlg, IDC_BUTTON_APPLY),TRUE);
}
break;
}
}
break;
case IDC_JAVACUSTOM:
ShowJavaZonePermissionsDialog(hDlg, pcsi);
break;
case IDC_BUTTON_APPLY:
{
TCHAR szLevel[64];
ZONEATTRIBUTES za;
if(pcsi->pSec->fPendingChange == TRUE)
break;
if(RegWriteWarning(hDlg) == IDNO)
{
break;
}
pcsi->pSec->fPendingChange = TRUE;
SendMessage(pcsi->hwndCombo, WM_GETTEXT, (WPARAM)ARRAYSIZE(szLevel), (LPARAM)szLevel);
za.cbSize = sizeof(ZONEATTRIBUTES);
pcsi->pSec->pInternetZoneManager->GetZoneAttributes(pcsi->pSec->pszs->dwZoneIndex, &za);
if (!StrCmp(szLevel, LEVEL_NAME[3]))
za.dwTemplateCurrentLevel = URLTEMPLATE_LOW;
else if (!StrCmp(szLevel, LEVEL_NAME[2]))
za.dwTemplateCurrentLevel = URLTEMPLATE_MEDLOW;
else if (!StrCmp(szLevel, LEVEL_NAME[1]))
za.dwTemplateCurrentLevel = URLTEMPLATE_MEDIUM;
else if (!StrCmp(szLevel, LEVEL_NAME[0]))
za.dwTemplateCurrentLevel = URLTEMPLATE_HIGH;
else
za.dwTemplateCurrentLevel = URLTEMPLATE_CUSTOM;
pcsi->pSec->pInternetZoneManager->SetZoneAttributes(pcsi->pSec->pszs->dwZoneIndex, &za);
pcsi->pTO->WalkTree(WALK_TREE_REFRESH);
// find the first root and make sure that it is visible
TreeView_EnsureVisible( pcsi->hwndTree, TreeView_GetRoot( pcsi->hwndTree ) );
EnableWindow(GetDlgItem(hDlg, IDC_BUTTON_APPLY), FALSE);
SendMessage(hDlg, DM_SETDEFID, IDOK, 0);
SetFocus(GetDlgItem(hDlg, IDOK)); // since we grayout the reset button, might have keyboard
// focus, so we should set focus somewhere else
_FindCustom(pcsi);
// BUG #57358. We tell the Zone Manager to change to [High/Med/Low] level because we want
// the policy values for those, but we don't want it to change the level from
// custom. So, after it changes the setting from Custom, we change it back.
// Save the level as custom
// we use send message instead of post because there is no chance of this button
// receiving multiple signals at one click, and we need the change level message to be
// processed before the apply message below
SendMessage(pcsi->pSec->hDlg, WM_APP, (WPARAM) 0, (LPARAM) URLTEMPLATE_CUSTOM);
// Saves custom to registry and Handles updateallwindows
// and securitychanged calls
// APPCOMPAT: Force a call to SetZoneAttributes when anything in custom changes.
// This forces the security manager to flush any caches it has for that zone.
pcsi->pSec->fChanged = TRUE;
SecurityDlgApplyNow(pcsi->pSec, TRUE);
pcsi->fChanged = FALSE;
break;
}
default:
return FALSE;
}
return TRUE;
break;
case WM_HELP: // F1
{
LPHELPINFO lphelpinfo;
lphelpinfo = (LPHELPINFO)lParam;
TV_HITTESTINFO ht;
HTREEITEM hItem;
// If this help is invoked through the F1 key.
if (GetAsyncKeyState(VK_F1) < 0)
{
// Yes we need to give help for the currently selected item.
hItem = TreeView_GetSelection(pcsi->hwndTree);
}
else
{
// Else we need to give help for the item at current cursor position
ht.pt =((LPHELPINFO)lParam)->MousePos;
ScreenToClient(pcsi->hwndTree, &ht.pt); // Translate it to our window
hItem = TreeView_HitTest(pcsi->hwndTree, &ht);
}
if (FAILED(pcsi->pTO->ShowHelp(hItem , HELP_WM_HELP)))
{
ResWinHelp( (HWND)((LPHELPINFO)lParam)->hItemHandle, IDS_HELPFILE,
HELP_WM_HELP, (DWORD_PTR)(LPSTR)mapIDCsToIDHs);
}
break;
}
case WM_CONTEXTMENU: // right mouse click
{
TV_HITTESTINFO ht;
GetCursorPos( &ht.pt ); // get where we were hit
ScreenToClient( pcsi->hwndTree, &ht.pt ); // translate it to our window
// retrieve the item hit
if (FAILED(pcsi->pTO->ShowHelp(TreeView_HitTest( pcsi->hwndTree, &ht),HELP_CONTEXTMENU)))
{
ResWinHelp( (HWND) wParam, IDS_HELPFILE,
HELP_CONTEXTMENU, (DWORD_PTR)(LPSTR)mapIDCsToIDHs);
}
break;
}
case WM_DESTROY:
if (pcsi)
{
if (pcsi->pTO)
{
pcsi->pTO->WalkTree( WALK_TREE_DELETE );
pcsi->pTO->Release();
pcsi->pTO=NULL;
}
LocalFree(pcsi);
SetWindowLongPtr(hDlg, DWLP_USER, (LONG_PTR)NULL);
CoUninitialize();
}
break;
}
return FALSE;
}
#ifdef UNIX
extern "C"
#endif
BOOL LaunchSecurityDialogEx(HWND hDlg, DWORD dwZone, DWORD dwFlags)
{
INITCOMMONCONTROLSEX icex;
SECURITYINITFLAGS * psif = NULL;
icex.dwSize = sizeof(INITCOMMONCONTROLSEX);
icex.dwICC = ICC_USEREX_CLASSES|ICC_NATIVEFNTCTL_CLASS;
InitCommonControlsEx(&icex);
if(g_dwtlsSecInitFlags != (DWORD) -1)
psif = (SECURITYINITFLAGS *) TlsGetValue(g_dwtlsSecInitFlags);
if(psif)
{
psif->fForceUI = dwFlags & LSDFLAG_FORCEUI;
psif->fDisableAddSites = dwFlags & LSDFLAG_NOADDSITES;
psif->dwZone = dwZone;
}
// passing in a NULL psif is okay
DialogBoxParam(MLGetHinst(), MAKEINTRESOURCE(IDD_SECSTANDALONE), hDlg,
SecurityDlgProc, (LPARAM) psif);
return TRUE;
}
// backwards compatability
#ifdef UNIX
extern "C"
#endif
void LaunchSecurityDialog(HWND hDlg, DWORD dwZone)
{
LaunchSecurityDialogEx(hDlg, dwZone, LSDFLAG_DEFAULT);
}
#ifdef UNIX
extern "C"
#endif
void LaunchSiteCertDialog(HWND hDlg)
{
CRYPTUI_CERT_MGR_STRUCT ccm = {0};
ccm.dwSize = sizeof(ccm);
ccm.hwndParent = hDlg;
CryptUIDlgCertMgr(&ccm);
}
BOOL SiteAlreadyInZone(LPCWSTR pszUrl, DWORD dwZone, SECURITYPAGE* pSec)
{
BOOL fRet = FALSE;
if (pSec->pInternetSecurityManager || SUCCEEDED(CoInternetCreateSecurityManager(NULL, &(pSec->pInternetSecurityManager), 0)))
{
DWORD dwMappedZone;
if (SUCCEEDED(pSec->pInternetSecurityManager->MapUrlToZone(pszUrl, &dwMappedZone, 0)))
{
fRet = (dwZone == dwMappedZone);
}
}
return fRet;
}
void SiteAlreadyInZoneMessage(HWND hwnd, DWORD dwZone)
{
WCHAR szFormat[200];
WCHAR szZone[100];
if (MLLoadString(IDS_SITEALREADYINZONE, szFormat, ARRAYSIZE(szFormat)) &&
MLLoadString(IDS_ZONENAME_LOCAL + dwZone, szZone, ARRAYSIZE(szZone)))
{
WCHAR szText[300];
wnsprintf(szText, ARRAYSIZE(szText), szFormat, szZone);
MLShellMessageBox(hwnd, szText, szZone, MB_ICONINFORMATION | MB_OK);
}
}
BOOL ShowAddSitesDialog(HWND hwnd, DWORD dwZone, LPCWSTR pszUrl)
{
BOOL fRet = FALSE;
SECURITYPAGE* pSec = NULL;
if (SecurityInitGlobals(&pSec, NULL, NULL))
{
DWORD dwEnum;
if (SUCCEEDED(pSec->pInternetZoneManager->CreateZoneEnumerator(&dwEnum, &(pSec->dwZoneCount), 0)))
{
if (S_OK == (SecurityInitZone(dwZone, pSec, dwEnum, NULL, NULL)))
{
if (!SiteAlreadyInZone(pszUrl, dwZone, pSec))
{
StrCpyN(pSec->szPageUrl, pszUrl, ARRAYSIZE(pSec->szPageUrl));
DialogBoxParam(MLGetHinst(), MAKEINTRESOURCE(IDD_SECURITY_ADD_SITES), hwnd, SecurityAddSitesDlgProc, (LPARAM)pSec);
fRet = TRUE;
FreePszs(pSec->pszs);
}
else
{
SiteAlreadyInZoneMessage(hwnd, dwZone);
}
}
pSec->pInternetZoneManager->DestroyZoneEnumerator(dwEnum);
}
SecurityFreeGlobals(pSec);
}
return fRet;
}