1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <shlobj.h>
6 #include <shobjidl.h>
7
8 #include "chrome/common/win_safe_util.h"
9
10 #include "app/win/shell.h"
11 #include "base/file_path.h"
12 #include "base/logging.h"
13 #include "base/path_service.h"
14 #include "base/string_util.h"
15 #include "base/win/scoped_comptr.h"
16
17 namespace win_util {
18
19 // This function implementation is based on the attachment execution
20 // services functionally deployed with IE6 or Service pack 2. This
21 // functionality is exposed in the IAttachmentExecute COM interface.
22 // more information at:
23 // http://msdn2.microsoft.com/en-us/library/ms647048.aspx
SaferOpenItemViaShell(HWND hwnd,const std::wstring & window_title,const FilePath & full_path,const std::wstring & source_url)24 bool SaferOpenItemViaShell(HWND hwnd, const std::wstring& window_title,
25 const FilePath& full_path,
26 const std::wstring& source_url) {
27 base::win::ScopedComPtr<IAttachmentExecute> attachment_services;
28 HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices);
29 if (FAILED(hr)) {
30 // We don't have Attachment Execution Services, it must be a pre-XP.SP2
31 // Windows installation, or the thread does not have COM initialized.
32 if (hr == CO_E_NOTINITIALIZED) {
33 NOTREACHED();
34 return false;
35 }
36 return app::win::OpenItemViaShell(full_path);
37 }
38
39 // This GUID is associated with any 'don't ask me again' settings that the
40 // user can select for different file types.
41 // {2676A9A2-D919-4fee-9187-152100393AB2}
42 static const GUID kClientID = { 0x2676a9a2, 0xd919, 0x4fee,
43 { 0x91, 0x87, 0x15, 0x21, 0x0, 0x39, 0x3a, 0xb2 } };
44
45 attachment_services->SetClientGuid(kClientID);
46
47 if (!window_title.empty())
48 attachment_services->SetClientTitle(window_title.c_str());
49
50 // To help windows decide if the downloaded file is dangerous we can provide
51 // what the documentation calls evidence. Which we provide now:
52 //
53 // Set the file itself as evidence.
54 hr = attachment_services->SetLocalPath(full_path.value().c_str());
55 if (FAILED(hr))
56 return false;
57 // Set the origin URL as evidence.
58 hr = attachment_services->SetSource(source_url.c_str());
59 if (FAILED(hr))
60 return false;
61
62 // Now check the windows policy.
63 if (attachment_services->CheckPolicy() != S_OK) {
64 // It is possible that the above call returns an undocumented result
65 // equal to 0x800c000e which seems to indicate that the URL failed the
66 // the security check. If you proceed with the Prompt() call the
67 // Shell might show a dialog that says:
68 // "windows found that this file is potentially harmful. To help protect
69 // your computer, Windows has blocked access to this file."
70 // Upon dismissal of the dialog windows will delete the file (!!).
71 // So, we can 'return' in that case but maybe is best to let it happen to
72 // fail on the safe side.
73
74 ATTACHMENT_ACTION action;
75 // We cannot control what the prompt says or does directly but it
76 // is a pretty decent dialog; for example, if an executable is signed it can
77 // decode and show the publisher and the certificate.
78 hr = attachment_services->Prompt(hwnd, ATTACHMENT_PROMPT_EXEC, &action);
79 if (FAILED(hr) || (ATTACHMENT_ACTION_CANCEL == action)) {
80 // The user has declined opening the item.
81 return false;
82 }
83 }
84 return app::win::OpenItemViaShellNoZoneCheck(full_path);
85 }
86
SetInternetZoneIdentifier(const FilePath & full_path)87 bool SetInternetZoneIdentifier(const FilePath& full_path) {
88 const DWORD kShare = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE;
89 std::wstring path = full_path.value() + L":Zone.Identifier";
90 HANDLE file = CreateFile(path.c_str(), GENERIC_WRITE, kShare, NULL,
91 OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
92 if (INVALID_HANDLE_VALUE == file)
93 return false;
94
95 static const char kIdentifier[] = "[ZoneTransfer]\nZoneId=3";
96 // Don't include trailing null in data written.
97 static const DWORD kIdentifierSize = arraysize(kIdentifier) - 1;
98 DWORD written = 0;
99 BOOL result = WriteFile(file, kIdentifier, kIdentifierSize, &written,
100 NULL);
101 BOOL flush_result = FlushFileBuffers(file);
102 CloseHandle(file);
103
104 if (!result || !flush_result || written != kIdentifierSize) {
105 NOTREACHED();
106 return false;
107 }
108
109 return true;
110 }
111
112 } // namespace win_util
113