Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

153 lines
3.9 KiB

#include "priv.h"
#include <wintrust.h>
#include "wvtp.h"
#define WINTRUST TEXT("wintrust.dll")
#ifdef DELAY_LOAD_WVT
#ifndef _WVTP_NOCODE_
Cwvt::Cwvt()
{
m_fInited = FALSE;
}
Cwvt::~Cwvt()
{
if (m_fInited) {
FreeLibrary(m_hMod);
}
}
HRESULT
Cwvt::Init(void)
{
if (m_fInited) {
return S_OK;
}
m_hMod = LoadLibrary( WINTRUST );
if (NULL == m_hMod) {
return (HRESULT_FROM_WIN32(ERROR_MOD_NOT_FOUND));
}
#define CHECKAPI(_fn) \
*(FARPROC*)&(_pfn##_fn) = GetProcAddress(m_hMod, #_fn); \
if (!(_pfn##_fn)) { \
FreeLibrary(m_hMod); \
return (HRESULT_FROM_WIN32(ERROR_MOD_NOT_FOUND)); \
}
CHECKAPI(WinVerifyTrust);
m_fInited = TRUE;
return S_OK;
}
#endif // _WVTP_NOCODE_
#endif // DELAY_LOAD_WVT
#define REGSTR_PATH_INFODEL_REST TEXT("Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions")
#define REGSTR_PATH_DOWNLOAD TEXT("Software\\Microsoft\\Internet Explorer\\Download")
#define REGVAL_UI_REST TEXT("NoWinVerifyTrustUI")
BOOL
IsUIRestricted()
{
HKEY hkeyRest = 0;
BOOL bUIRest = FALSE;
DWORD dwValue = 0;
DWORD dwLen = sizeof(DWORD);
// per-machine UI off policy
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, REGSTR_PATH_INFODEL_REST, 0, KEY_READ, &hkeyRest) == ERROR_SUCCESS) {
if (RegQueryValueEx( hkeyRest, REGVAL_UI_REST, NULL, NULL,
(LPBYTE)&dwValue, &dwLen) == ERROR_SUCCESS && dwValue)
bUIRest = TRUE;
RegCloseKey(hkeyRest);
}
return bUIRest;
}
// FEATURE: move these to corpolicy.h in iedev\inc!!!
// {D41E4F1F-A407-11d1-8BC9-00C04FA30A41}
#define COR_POLICY_LOCKDOWN_CHECK \
{ 0xd41e4f1f, 0xa407, 0x11d1, {0x8b, 0xc9, 0x0, 0xc0, 0x4f, 0xa3, 0xa, 0x41 } }
//--------------------------------------------------------------------
// For COR_POLICY_LOCKDOWN_CHECK:
// -----------------------------
// Structure to pass into WVT
typedef struct _COR_LOCKDOWN {
DWORD cbSize; // Size of policy provider
DWORD flag; // reserved
BOOL fAllPublishers; // Trust all publishers or just ones in the trusted data base
} COR_LOCKDOWN, *PCOR_LOCKDOWN;
HRESULT Cwvt::VerifyTrust(HANDLE hFile, HWND hWnd, LPCWSTR szStatusText)
{
WINTRUST_DATA sWTD;
WINTRUST_FILE_INFO sWTFI;
GUID gV2 = COR_POLICY_LOCKDOWN_CHECK;
COR_LOCKDOWN sCorPolicy;
HRESULT hr = S_OK;
memset(&sCorPolicy, 0, sizeof(COR_LOCKDOWN));
sCorPolicy.cbSize = sizeof(COR_LOCKDOWN);
if ( (hWnd == INVALID_HANDLE_VALUE) || IsUIRestricted())
sCorPolicy.fAllPublishers = FALSE; // lockdown to only trusted pubs
else
sCorPolicy.fAllPublishers = TRUE; // regular behavior
// Set up the winverify provider structures
memset(&sWTD, 0x00, sizeof(WINTRUST_DATA));
memset(&sWTFI, 0x00, sizeof(WINTRUST_FILE_INFO));
sWTFI.cbStruct = sizeof(WINTRUST_FILE_INFO);
sWTFI.hFile = hFile;
sWTFI.pcwszFilePath = szStatusText;
sWTD.cbStruct = sizeof(WINTRUST_DATA);
sWTD.pPolicyCallbackData = &sCorPolicy; // Add in the cor trust information!!
//check policy to find out if we should display UI
if (SHRegGetBoolUSValue(REGSTR_PATH_DOWNLOAD, TEXT("CheckExeSignatures"),FALSE, FALSE))
{
sWTD.dwUIChoice = WTD_UI_ALL; // No bad UI is overridden in COR TRUST provider
sWTD.dwUnionChoice = WTD_CHOICE_FILE;
sWTD.pFile = &sWTFI;
ULONG_PTR uCookie = 0;
SHActivateContext(&uCookie);
hr = WinVerifyTrust(hWnd, &gV2, &sWTD);
if (uCookie)
{
SHDeactivateContext(uCookie);
}
// APPCOMPAT: this works around a wvt bug that returns 0x57 (success) when
// you hit No to an usigned control
if (SUCCEEDED(hr) && hr != S_OK) {
hr = TRUST_E_FAIL;
}
}
return hr;
}