Windows2003-3790/shell/shdocvw/wvt.cpp

#include "priv.h"
#include <wintrust.h>
#include "wvtp.h"

#define WINTRUST TEXT("wintrust.dll")

#ifdef DELAY_LOAD_WVT

#ifndef _WVTP_NOCODE_
Cwvt::Cwvt()
{
    m_fInited = FALSE;
}

Cwvt::~Cwvt()
{
    if (m_fInited) {
        FreeLibrary(m_hMod);
    }
}

HRESULT 
Cwvt::Init(void)
{

    if (m_fInited) {
        return S_OK;
    }

    m_hMod = LoadLibrary( WINTRUST );

    if (NULL == m_hMod) {
        return (HRESULT_FROM_WIN32(ERROR_MOD_NOT_FOUND));
    }


#define CHECKAPI(_fn) \
    *(FARPROC*)&(_pfn##_fn) = GetProcAddress(m_hMod, #_fn); \
    if (!(_pfn##_fn)) { \
        FreeLibrary(m_hMod); \
        return (HRESULT_FROM_WIN32(ERROR_MOD_NOT_FOUND)); \
    }

    CHECKAPI(WinVerifyTrust);

    m_fInited = TRUE;
    return S_OK;
}


#endif // _WVTP_NOCODE_
#endif // DELAY_LOAD_WVT

#define REGSTR_PATH_INFODEL_REST     TEXT("Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions")
#define REGSTR_PATH_DOWNLOAD  TEXT("Software\\Microsoft\\Internet Explorer\\Download")
#define REGVAL_UI_REST        TEXT("NoWinVerifyTrustUI")

BOOL
IsUIRestricted()
{

    HKEY hkeyRest = 0;
    BOOL bUIRest = FALSE;
    DWORD dwValue = 0;
    DWORD dwLen = sizeof(DWORD);

    // per-machine UI off policy
    if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, REGSTR_PATH_INFODEL_REST, 0, KEY_READ, &hkeyRest) == ERROR_SUCCESS) {

        if (RegQueryValueEx( hkeyRest, REGVAL_UI_REST, NULL, NULL,
                      (LPBYTE)&dwValue, &dwLen) == ERROR_SUCCESS && dwValue)
            bUIRest = TRUE;

        RegCloseKey(hkeyRest);
    }

    return bUIRest;
}

// FEATURE: move these to corpolicy.h in iedev\inc!!!
// {D41E4F1F-A407-11d1-8BC9-00C04FA30A41}
#define COR_POLICY_LOCKDOWN_CHECK \
{ 0xd41e4f1f, 0xa407, 0x11d1, {0x8b, 0xc9, 0x0, 0xc0, 0x4f, 0xa3, 0xa, 0x41 } }

//--------------------------------------------------------------------
// For COR_POLICY_LOCKDOWN_CHECK:
// -----------------------------

// Structure to pass into WVT
typedef struct _COR_LOCKDOWN {
    DWORD                 cbSize;          // Size of policy provider
    DWORD                 flag;            // reserved
    BOOL                  fAllPublishers;  // Trust all publishers or just ones in the trusted data base
} COR_LOCKDOWN, *PCOR_LOCKDOWN;


HRESULT Cwvt::VerifyTrust(HANDLE hFile, HWND hWnd, LPCWSTR szStatusText) 
{
    WINTRUST_DATA           sWTD = {0};
    WINTRUST_FILE_INFO      sWTFI = {0};

    GUID gV2 = COR_POLICY_LOCKDOWN_CHECK;
    COR_LOCKDOWN  sCorPolicy;

    HRESULT hr = S_OK;

    ZeroMemory(&sCorPolicy, sizeof(sCorPolicy));
    
    sCorPolicy.cbSize = sizeof(COR_LOCKDOWN);

    if ( (hWnd == INVALID_HANDLE_VALUE) || IsUIRestricted())
        sCorPolicy.fAllPublishers = FALSE; // lockdown to only trusted pubs
    else
        sCorPolicy.fAllPublishers = TRUE; // regular behavior
    
    // Set up the winverify provider structures
       
    sWTFI.cbStruct      = sizeof(WINTRUST_FILE_INFO);
    sWTFI.hFile         = hFile;
    sWTFI.pcwszFilePath = szStatusText;

    sWTD.cbStruct       = sizeof(WINTRUST_DATA);
    sWTD.pPolicyCallbackData = &sCorPolicy; // Add in the cor trust information!!

    //check policy to find out if we should display UI 

    if (SHRegGetBoolUSValue(REGSTR_PATH_DOWNLOAD, TEXT("CheckExeSignatures"),FALSE, FALSE))
    {
        sWTD.dwUIChoice     = WTD_UI_ALL;        // No bad UI is overridden in COR TRUST provider
        sWTD.dwUnionChoice  = WTD_CHOICE_FILE;
        sWTD.pFile          = &sWTFI;
        
        ULONG_PTR uCookie = 0;
        SHActivateContext(&uCookie);

        hr = WinVerifyTrust(hWnd, &gV2, &sWTD);
        
        if (uCookie)
        {
            SHDeactivateContext(uCookie);
        }

        // APPCOMPAT: this works around a wvt bug that returns 0x57 (success) when
        // you hit No to an usigned control
        if (SUCCEEDED(hr) && hr != S_OK) {
            hr = TRUST_E_FAIL;
        }
    }
    
    return hr;
}
First commit 2001-01-01 00:00:00 +01:00			`#include "priv.h"`
			`#include <wintrust.h>`
			`#include "wvtp.h"`

			`#define WINTRUST TEXT("wintrust.dll")`

			`#ifdef DELAY_LOAD_WVT`

			`#ifndef _WVTP_NOCODE_`
			`Cwvt::Cwvt()`
			`{`
			`m_fInited = FALSE;`
			`}`

			`Cwvt::~Cwvt()`
			`{`
			`if (m_fInited) {`
			`FreeLibrary(m_hMod);`
			`}`
			`}`

			`HRESULT`
			`Cwvt::Init(void)`
			`{`

			`if (m_fInited) {`
			`return S_OK;`
			`}`

			`m_hMod = LoadLibrary( WINTRUST );`

			`if (NULL == m_hMod) {`
			`return (HRESULT_FROM_WIN32(ERROR_MOD_NOT_FOUND));`
			`}`


			`#define CHECKAPI(_fn) \`
			`(FARPROC)&(_pfn##_fn) = GetProcAddress(m_hMod, #_fn); \`
			`if (!(_pfn##_fn)) { \`
			`FreeLibrary(m_hMod); \`
			`return (HRESULT_FROM_WIN32(ERROR_MOD_NOT_FOUND)); \`
			`}`

			`CHECKAPI(WinVerifyTrust);`

			`m_fInited = TRUE;`
			`return S_OK;`
			`}`


			`#endif // _WVTP_NOCODE_`
			`#endif // DELAY_LOAD_WVT`

			`#define REGSTR_PATH_INFODEL_REST TEXT("Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions")`
			`#define REGSTR_PATH_DOWNLOAD TEXT("Software\\Microsoft\\Internet Explorer\\Download")`
			`#define REGVAL_UI_REST TEXT("NoWinVerifyTrustUI")`

			`BOOL`
			`IsUIRestricted()`
			`{`

			`HKEY hkeyRest = 0;`
			`BOOL bUIRest = FALSE;`
			`DWORD dwValue = 0;`
			`DWORD dwLen = sizeof(DWORD);`

			`// per-machine UI off policy`
			`if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, REGSTR_PATH_INFODEL_REST, 0, KEY_READ, &hkeyRest) == ERROR_SUCCESS) {`

			`if (RegQueryValueEx( hkeyRest, REGVAL_UI_REST, NULL, NULL,`
			`(LPBYTE)&dwValue, &dwLen) == ERROR_SUCCESS && dwValue)`
			`bUIRest = TRUE;`

			`RegCloseKey(hkeyRest);`
			`}`

			`return bUIRest;`
			`}`

			`// FEATURE: move these to corpolicy.h in iedev\inc!!!`
			`// {D41E4F1F-A407-11d1-8BC9-00C04FA30A41}`
			`#define COR_POLICY_LOCKDOWN_CHECK \`
			`{ 0xd41e4f1f, 0xa407, 0x11d1, {0x8b, 0xc9, 0x0, 0xc0, 0x4f, 0xa3, 0xa, 0x41 } }`

			`//--------------------------------------------------------------------`
			`// For COR_POLICY_LOCKDOWN_CHECK:`
			`// -----------------------------`

			`// Structure to pass into WVT`
			`typedef struct _COR_LOCKDOWN {`
			`DWORD cbSize; // Size of policy provider`
			`DWORD flag; // reserved`
			`BOOL fAllPublishers; // Trust all publishers or just ones in the trusted data base`
			`} COR_LOCKDOWN, *PCOR_LOCKDOWN;`


			`HRESULT Cwvt::VerifyTrust(HANDLE hFile, HWND hWnd, LPCWSTR szStatusText)`
			`{`
			`WINTRUST_DATA sWTD = {0};`
			`WINTRUST_FILE_INFO sWTFI = {0};`

			`GUID gV2 = COR_POLICY_LOCKDOWN_CHECK;`
			`COR_LOCKDOWN sCorPolicy;`

			`HRESULT hr = S_OK;`

			`ZeroMemory(&sCorPolicy, sizeof(sCorPolicy));`

			`sCorPolicy.cbSize = sizeof(COR_LOCKDOWN);`

			`if ( (hWnd == INVALID_HANDLE_VALUE) \|\| IsUIRestricted())`
			`sCorPolicy.fAllPublishers = FALSE; // lockdown to only trusted pubs`
			`else`
			`sCorPolicy.fAllPublishers = TRUE; // regular behavior`

			`// Set up the winverify provider structures`

			`sWTFI.cbStruct = sizeof(WINTRUST_FILE_INFO);`
			`sWTFI.hFile = hFile;`
			`sWTFI.pcwszFilePath = szStatusText;`

			`sWTD.cbStruct = sizeof(WINTRUST_DATA);`
			`sWTD.pPolicyCallbackData = &sCorPolicy; // Add in the cor trust information!!`

			`//check policy to find out if we should display UI`

			`if (SHRegGetBoolUSValue(REGSTR_PATH_DOWNLOAD, TEXT("CheckExeSignatures"),FALSE, FALSE))`
			`{`
			`sWTD.dwUIChoice = WTD_UI_ALL; // No bad UI is overridden in COR TRUST provider`
			`sWTD.dwUnionChoice = WTD_CHOICE_FILE;`
			`sWTD.pFile = &sWTFI;`

			`ULONG_PTR uCookie = 0;`
			`SHActivateContext(&uCookie);`

			`hr = WinVerifyTrust(hWnd, &gV2, &sWTD);`

			`if (uCookie)`
			`{`
			`SHDeactivateContext(uCookie);`
			`}`

			`// APPCOMPAT: this works around a wvt bug that returns 0x57 (success) when`
			`// you hit No to an usigned control`
			`if (SUCCEEDED(hr) && hr != S_OK) {`
			`hr = TRUST_E_FAIL;`
			`}`
			`}`

			`return hr;`
			`}`