Home | History | Annotate | Download | only in common 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include <shlobj.h>
      6 #include <shobjidl.h>
      7 
      8 #include "chrome/common/win_safe_util.h"
      9 
     10 #include "app/win/shell.h"
     11 #include "base/file_path.h"
     12 #include "base/logging.h"
     13 #include "base/path_service.h"
     14 #include "base/string_util.h"
     15 #include "base/win/scoped_comptr.h"
     16 
     17 namespace win_util {
     18 
     19 // This function implementation is based on the attachment execution
     20 // services functionally deployed with IE6 or Service pack 2. This
     21 // functionality is exposed in the IAttachmentExecute COM interface.
     22 // more information at:
     23 // http://msdn2.microsoft.com/en-us/library/ms647048.aspx
     24 bool SaferOpenItemViaShell(HWND hwnd, const std::wstring& window_title,
     25                            const FilePath& full_path,
     26                            const std::wstring& source_url) {
     27   base::win::ScopedComPtr<IAttachmentExecute> attachment_services;
     28   HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices);
     29   if (FAILED(hr)) {
     30     // We don't have Attachment Execution Services, it must be a pre-XP.SP2
     31     // Windows installation, or the thread does not have COM initialized.
     32     if (hr == CO_E_NOTINITIALIZED) {
     33       NOTREACHED();
     34       return false;
     35     }
     36     return app::win::OpenItemViaShell(full_path);
     37   }
     38 
     39   // This GUID is associated with any 'don't ask me again' settings that the
     40   // user can select for different file types.
     41   // {2676A9A2-D919-4fee-9187-152100393AB2}
     42   static const GUID kClientID = { 0x2676a9a2, 0xd919, 0x4fee,
     43     { 0x91, 0x87, 0x15, 0x21, 0x0, 0x39, 0x3a, 0xb2 } };
     44 
     45   attachment_services->SetClientGuid(kClientID);
     46 
     47   if (!window_title.empty())
     48     attachment_services->SetClientTitle(window_title.c_str());
     49 
     50   // To help windows decide if the downloaded file is dangerous we can provide
     51   // what the documentation calls evidence. Which we provide now:
     52   //
     53   // Set the file itself as evidence.
     54   hr = attachment_services->SetLocalPath(full_path.value().c_str());
     55   if (FAILED(hr))
     56     return false;
     57   // Set the origin URL as evidence.
     58   hr = attachment_services->SetSource(source_url.c_str());
     59   if (FAILED(hr))
     60     return false;
     61 
     62   // Now check the windows policy.
     63   if (attachment_services->CheckPolicy() != S_OK) {
     64     // It is possible that the above call returns an undocumented result
     65     // equal to 0x800c000e which seems to indicate that the URL failed the
     66     // the security check. If you proceed with the Prompt() call the
     67     // Shell might show a dialog that says:
     68     // "windows found that this file is potentially harmful. To help protect
     69     // your computer, Windows has blocked access to this file."
     70     // Upon dismissal of the dialog windows will delete the file (!!).
     71     // So, we can 'return' in that case but maybe is best to let it happen to
     72     // fail on the safe side.
     73 
     74     ATTACHMENT_ACTION action;
     75     // We cannot control what the prompt says or does directly but it
     76     // is a pretty decent dialog; for example, if an executable is signed it can
     77     // decode and show the publisher and the certificate.
     78     hr = attachment_services->Prompt(hwnd, ATTACHMENT_PROMPT_EXEC, &action);
     79     if (FAILED(hr) || (ATTACHMENT_ACTION_CANCEL == action)) {
     80       // The user has declined opening the item.
     81       return false;
     82     }
     83   }
     84   return app::win::OpenItemViaShellNoZoneCheck(full_path);
     85 }
     86 
     87 bool SetInternetZoneIdentifier(const FilePath& full_path) {
     88   const DWORD kShare = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE;
     89   std::wstring path = full_path.value() + L":Zone.Identifier";
     90   HANDLE file = CreateFile(path.c_str(), GENERIC_WRITE, kShare, NULL,
     91                            OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
     92   if (INVALID_HANDLE_VALUE == file)
     93     return false;
     94 
     95   static const char kIdentifier[] = "[ZoneTransfer]\nZoneId=3";
     96   // Don't include trailing null in data written.
     97   static const DWORD kIdentifierSize = arraysize(kIdentifier) - 1;
     98   DWORD written = 0;
     99   BOOL result = WriteFile(file, kIdentifier, kIdentifierSize, &written,
    100                           NULL);
    101   BOOL flush_result = FlushFileBuffers(file);
    102   CloseHandle(file);
    103 
    104   if (!result || !flush_result || written != kIdentifierSize) {
    105     NOTREACHED();
    106     return false;
    107   }
    108 
    109   return true;
    110 }
    111 
    112 }  // namespace win_util
    113