Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

383 lines
14 KiB

#include "shellprv.h"
#pragma hdrstop
// this makes sure the DLL for the given clsid stays in memory
// this is needed because we violate COM rules and hold apparment objects
// across the lifetime of appartment threads. these objects really need
// to be free threaded (we have always treated them as such)
STDAPI_(HINSTANCE) SHPinDllOfCLSIDStr(LPCTSTR pszCLSID)
{
CLSID clsid;
SHCLSIDFromString(pszCLSID, &clsid);
return SHPinDllOfCLSID(&clsid);
}
// translate string form of CLSID into binary form
STDAPI SHCLSIDFromString(LPCTSTR psz, CLSID *pclsid)
{
*pclsid = CLSID_NULL;
if (psz == NULL)
return NOERROR;
return GUIDFromString(psz, pclsid) ? NOERROR : CO_E_CLASSSTRING;
}
BOOL _IsShellDll(LPCTSTR pszDllPath)
{
LPCTSTR pszDllName = PathFindFileName(pszDllPath);
return lstrcmpi(pszDllName, TEXT("shell32.dll")) == 0;
}
HKEY g_hklmApprovedExt = (HKEY)-1; // not tested yet
// On NT, we must check to ensure that this CLSID exists in
// the list of approved CLSIDs that can be used in-process.
// If not, we fail the creation with ERROR_ACCESS_DENIED.
// We explicitly allow anything serviced by this DLL
BOOL _IsShellExtApproved(LPCTSTR pszClass, LPCTSTR pszDllPath)
{
BOOL fIsApproved = TRUE;
ASSERT(!_IsShellDll(pszDllPath));
#ifdef FULL_DEBUG
if (TRUE)
#else
if (SHRestricted(REST_ENFORCESHELLEXTSECURITY))
#endif
{
if (g_hklmApprovedExt == (HKEY)-1)
{
g_hklmApprovedExt = NULL;
RegOpenKey(HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved"), &g_hklmApprovedExt);
}
if (g_hklmApprovedExt)
{
fIsApproved = SHQueryValueEx(g_hklmApprovedExt, pszClass, 0, NULL, NULL, NULL) == ERROR_SUCCESS;
if (!fIsApproved)
{
HKEY hk;
if (RegOpenKey(HKEY_CURRENT_USER, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved"), &hk) == ERROR_SUCCESS)
{
fIsApproved = SHQueryValueEx(hk, pszClass, 0, NULL, NULL, NULL) == ERROR_SUCCESS;
RegCloseKey(hk);
}
}
}
}
#ifdef FULL_DEBUG
if (!SHRestricted(REST_ENFORCESHELLEXTSECURITY) && !fIsApproved)
{
TraceMsg(TF_WARNING, "%s not approved; fortunately, shell security is disabled", pszClass);
fIsApproved = TRUE;
}
#endif
return fIsApproved;
}
STDAPI_(BOOL) IsGuimodeSetupRunning()
{
DWORD dwSystemSetupInProgress;
DWORD dwMiniSetupInProgress;
DWORD dwType;
DWORD dwSize;
dwSize = sizeof(dwSystemSetupInProgress);
if ((SHGetValueW(HKEY_LOCAL_MACHINE, L"SYSTEM\\Setup", L"SystemSetupInProgress", &dwType, (LPVOID)&dwSystemSetupInProgress, &dwSize) == ERROR_SUCCESS) &&
(dwType == REG_DWORD) &&
(dwSystemSetupInProgress != 0))
{
// starting w/ whistler on a syspreped machine the SystemSetupInProgress will be set EVEN AFTER guimode setup
// has finished (needed for OOBE on the boot after guimode finishes). So, to distinguish the "first-boot" case
// from the "guimode-setup" case we check the MiniSetupInProgress value as well.
dwSize = sizeof(dwMiniSetupInProgress);
if ((SHGetValueW(HKEY_LOCAL_MACHINE, L"SYSTEM\\Setup", L"MiniSetupInProgress", &dwType, (LPVOID)&dwMiniSetupInProgress, &dwSize) != ERROR_SUCCESS) ||
(dwType != REG_DWORD) ||
(dwMiniSetupInProgress == 0))
{
return TRUE;
}
}
return FALSE;
}
typedef HRESULT (__stdcall *PFNDLLGETCLASSOBJECT)(REFCLSID rclsid, REFIID riid, void **ppv);
HRESULT _CreateFromDllGetClassObject(PFNDLLGETCLASSOBJECT pfn, const CLSID *pclsid, IUnknown *punkOuter, REFIID riid, void **ppv)
{
IClassFactory *pcf;
HRESULT hr = pfn(pclsid, &IID_IClassFactory, &pcf);
if (SUCCEEDED(hr))
{
hr = pcf->lpVtbl->CreateInstance(pcf, punkOuter, riid, ppv);
#ifdef DEBUG
if (SUCCEEDED(hr))
{
// confirm that OLE can create this object to
// make sure our objects are really CoCreateable
IUnknown *punk;
HRESULT hrTemp = CoCreateInstance(pclsid, punkOuter, CLSCTX_INPROC_SERVER, riid, &punk);
if (SUCCEEDED(hrTemp))
punk->lpVtbl->Release(punk);
else
{
if (hrTemp == CO_E_NOTINITIALIZED)
{
// shell32.dll works without com being inited
TraceMsg(TF_WARNING, "shell32 or friend object used without COM being initalized");
}
// the RIPMSG below was hitting too often in out-of-memory cases where lame class factories return E_FAIL, E_NOTIMPL, and a bunch of
// other meaningless error codes. I have therefore relegaed this ripmsg to FULL_DEBUG only status.
#ifdef FULL_DEBUG
else if ((hrTemp != E_OUTOFMEMORY) && // stress can hit the E_OUTOFMEMORY case
(hrTemp != E_NOINTERFACE) && // stress can hit the E_NOINTERFACE case
(hrTemp != HRESULT_FROM_WIN32(ERROR_COMMITMENT_LIMIT)) && // stress can hit the ERROR_COMMITMENT_LIMIT case
(hrTemp != HRESULT_FROM_WIN32(ERROR_NO_SYSTEM_RESOURCES)) && // stress can hit the ERROR_NO_SYSTEM_RESOURCES case
!IsGuimodeSetupRunning()) // and we don't want to fire the assert during guimode (shell32 might not be registered yet)
{
// others failures are bad
RIPMSG(FALSE, "CoCreate failed with %x", hrTemp);
}
#endif // FULL_DEBUG
}
}
#endif
pcf->lpVtbl->Release(pcf);
}
return hr;
}
HRESULT _CreateFromShell(const CLSID *pclsid, IUnknown *punkOuter, REFIID riid, void **ppv)
{
return _CreateFromDllGetClassObject(DllGetClassObject, pclsid, punkOuter, riid, ppv);
}
HRESULT _CreateFromDll(LPCTSTR pszDllPath, const CLSID *pclsid, IUnknown *punkOuter, REFIID riid, void **ppv)
{
HMODULE hmod = LoadLibraryEx(pszDllPath,NULL,LOAD_WITH_ALTERED_SEARCH_PATH);
if (hmod)
{
HRESULT hr;
PFNDLLGETCLASSOBJECT pfn = (PFNDLLGETCLASSOBJECT)GetProcAddress(hmod, "DllGetClassObject");
if (pfn)
hr = _CreateFromDllGetClassObject(pfn, pclsid, punkOuter, riid, ppv);
else
hr = E_FAIL;
if (FAILED(hr))
FreeLibrary(hmod);
return hr;
}
return HRESULT_FROM_WIN32(GetLastError());
}
STDAPI SHGetInProcServerForClass(const CLSID *pclsid, LPTSTR pszDllPath, LPTSTR pszClass, BOOL *pbLoadWithoutCOM)
{
TCHAR szKeyToOpen[GUIDSTR_MAX + 128], szInProcServer[GUIDSTR_MAX];
HKEY hkeyInProcServer;
DWORD dwSize = MAX_PATH * sizeof(TCHAR); // convert to count of bytes
DWORD dwError;
SHStringFromGUID(pclsid, szInProcServer, ARRAYSIZE(szInProcServer));
lstrcpy(pszClass, szInProcServer);
*pszDllPath = 0;
lstrcpy(szKeyToOpen, TEXT("CLSID\\"));
lstrcat(szKeyToOpen, szInProcServer);
lstrcat(szKeyToOpen, TEXT("\\InProcServer32"));
dwError = RegOpenKeyEx(HKEY_CLASSES_ROOT, szKeyToOpen, 0, KEY_QUERY_VALUE, &hkeyInProcServer);
if (dwError == ERROR_SUCCESS)
{
SHQueryValueEx(hkeyInProcServer, NULL, 0, NULL, (BYTE *)pszDllPath, &dwSize);
*pbLoadWithoutCOM = SHQueryValueEx(hkeyInProcServer, TEXT("LoadWithoutCOM"), NULL, NULL, NULL, NULL) == ERROR_SUCCESS;
RegCloseKey(hkeyInProcServer);
}
//
// Return a more accurate error code so we don't
// fire a bogus assertion.
//
if (*pszDllPath)
{
return S_OK;
}
else
{
// If error was "key not found", then the class is not registered.
// If no error, then class is not registered properly (e.g., null
// string for InProcServer32).
if (dwError == ERROR_FILE_NOT_FOUND || dwError == ERROR_SUCCESS)
{
return REGDB_E_CLASSNOTREG;
}
else
{
// Any other error is worth reporting as-is (out of memory,
// access denied, etc.)
return HRESULT_FROM_WIN32(dwError);
}
}
}
STDAPI _SHCoCreateInstance(const CLSID * pclsid, IUnknown *punkOuter, DWORD dwCoCreateFlags,
BOOL bMustBeApproved, REFIID riid, void **ppv)
{
HRESULT hr = E_FAIL;
TCHAR szClass[GUIDSTR_MAX + 64], szDllPath[MAX_PATH];
BOOL bLoadWithoutCOM = FALSE;
*ppv = NULL;
*szDllPath = 0;
// save us some registry accesses and try the shell first
// but only if its INPROC
if (dwCoCreateFlags & CLSCTX_INPROC_SERVER)
hr = _CreateFromShell(pclsid, punkOuter, riid, ppv);
#ifdef DEBUG
if (SUCCEEDED(hr))
{
HRESULT hrRegistered = THR(SHGetInProcServerForClass(pclsid, szDllPath, szClass, &bLoadWithoutCOM));
//
// check to see if we're the explorer process before complaining (to
// avoid ripping during setup before all objects have been registered)
//
if (IsProcessAnExplorer() && !IsGuimodeSetupRunning() && hrRegistered == REGDB_E_CLASSNOTREG)
{
ASSERTMSG(FAILED(hr), "object not registered (add to selfreg.inx) pclsid = %x", pclsid);
}
}
#endif
if (FAILED(hr))
{
BOOL fNeedsInProc = ((dwCoCreateFlags & CLSCTX_ALL) == CLSCTX_INPROC_SERVER);
hr = fNeedsInProc ? THR(SHGetInProcServerForClass(pclsid, szDllPath, szClass, &bLoadWithoutCOM)) : S_FALSE;
if (SUCCEEDED(hr))
{
if (hr == S_OK && _IsShellDll(szDllPath))
{
// Object likely moved out of the shell DLL.
hr = CLASS_E_CLASSNOTAVAILABLE;
}
else if (bMustBeApproved &&
SHStringFromGUID(pclsid, szClass, ARRAYSIZE(szClass)) &&
!_IsShellExtApproved(szClass, szDllPath))
{
TraceMsg(TF_ERROR, "SHCoCreateInstance() %s needs to be registered under HKLM or HKCU"
",Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved", szClass);
hr = HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED);
}
else
{
hr = THR(SHCoCreateInstanceAC(pclsid, punkOuter, dwCoCreateFlags, riid, ppv));
if (FAILED(hr) && fNeedsInProc && bLoadWithoutCOM)
{
if ((hr == REGDB_E_IIDNOTREG) || (hr == CO_E_NOTINITIALIZED))
{
hr = THR(_CreateFromDll(szDllPath, pclsid, punkOuter, riid, ppv));
}
}
// only RIP if this is not a secondary explorer process since secondary explorers dont init com or ole since
// they are going to delegate to an existing process and we don't want to have to load ole for perf in that case.
if (!IsSecondaryExplorerProcess())
{
RIPMSG((hr != CO_E_NOTINITIALIZED), "COM not inited for dll %s", szDllPath);
}
// sometimes we need to permanently pin these objects.
if (SUCCEEDED(hr) && fNeedsInProc && (OBJCOMPATF_PINDLL & SHGetObjectCompatFlags(NULL, pclsid)))
{
SHPinDllOfCLSID(pclsid);
}
}
}
}
#ifdef DEBUG
if (FAILED(hr) && (hr != E_NOINTERFACE)) // E_NOINTERFACE means riid not accepted
{
ULONGLONG dwTF = IsFlagSet(g_dwBreakFlags, BF_COCREATEINSTANCE) ? TF_ALWAYS : TF_WARNING;
TraceMsg(dwTF, "CoCreateInstance: failed (%s,%x)", szClass, hr);
}
#endif
return hr;
}
STDAPI SHCoCreateInstance(LPCTSTR pszCLSID, const CLSID * pclsid, IUnknown *punkOuter, REFIID riid, void **ppv)
{
CLSID clsid;
if (pszCLSID)
{
SHCLSIDFromString(pszCLSID, &clsid);
pclsid = &clsid;
}
return _SHCoCreateInstance(pclsid, punkOuter, CLSCTX_INPROC_SERVER, FALSE, riid, ppv);
}
//
// create a shell extension object, ensures that object is in the approved list
//
STDAPI SHExtCoCreateInstance2(LPCTSTR pszCLSID, const CLSID *pclsid, IUnknown *punkOuter, DWORD dwClsCtx, REFIID riid, void **ppv)
{
CLSID clsid;
if (pszCLSID)
{
SHCLSIDFromString(pszCLSID, &clsid);
pclsid = &clsid;
}
return _SHCoCreateInstance(pclsid, punkOuter, dwClsCtx, TRUE, riid, ppv);
}
STDAPI SHExtCoCreateInstance(LPCTSTR pszCLSID, const CLSID *pclsid, IUnknown *punkOuter, REFIID riid, void **ppv)
{
return SHExtCoCreateInstance2(pszCLSID, pclsid, punkOuter, CLSCTX_NO_CODE_DOWNLOAD | CLSCTX_INPROC_SERVER, riid, ppv);
}
STDAPI_(BOOL) SHIsBadInterfacePtr(const void *pv, UINT cbVtbl)
{
IUnknown const * punk = pv;
return IsBadReadPtr(punk, sizeof(punk->lpVtbl)) ||
IsBadReadPtr(punk->lpVtbl, cbVtbl) ||
IsBadCodePtr((FARPROC)punk->lpVtbl->Release);
}
// private API that loads COM inproc objects out of band of COM. this
// should be used very carefully, only in special legacy cases where
// we knowingly need to break COM rules. right now this is only for AVIFile
// as it depended on the Win95 behavior of SHCoCreateInstance() loading objects
// without COM being inited and without them being marshalled
STDAPI SHCreateInstance(REFCLSID clsid, REFIID riid, void **ppv)
{
TCHAR szClass[GUIDSTR_MAX + 64], szDllPath[MAX_PATH];
BOOL bLoadWithoutCOM;
HRESULT hr = SHGetInProcServerForClass(clsid, szDllPath, szClass, &bLoadWithoutCOM);
if (SUCCEEDED(hr))
{
hr = THR(_CreateFromDll(szDllPath, clsid, NULL, riid, ppv));
}
else
{
*ppv = NULL;
}
return hr;
}