1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <shlobj.h> 6 #include <shobjidl.h> 7 8 #include "chrome/common/win_safe_util.h" 9 10 #include "app/win/shell.h" 11 #include "base/file_path.h" 12 #include "base/logging.h" 13 #include "base/path_service.h" 14 #include "base/string_util.h" 15 #include "base/win/scoped_comptr.h" 16 17 namespace win_util { 18 19 // This function implementation is based on the attachment execution 20 // services functionally deployed with IE6 or Service pack 2. This 21 // functionality is exposed in the IAttachmentExecute COM interface. 22 // more information at: 23 // http://msdn2.microsoft.com/en-us/library/ms647048.aspx 24 bool SaferOpenItemViaShell(HWND hwnd, const std::wstring& window_title, 25 const FilePath& full_path, 26 const std::wstring& source_url) { 27 base::win::ScopedComPtr<IAttachmentExecute> attachment_services; 28 HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices); 29 if (FAILED(hr)) { 30 // We don't have Attachment Execution Services, it must be a pre-XP.SP2 31 // Windows installation, or the thread does not have COM initialized. 32 if (hr == CO_E_NOTINITIALIZED) { 33 NOTREACHED(); 34 return false; 35 } 36 return app::win::OpenItemViaShell(full_path); 37 } 38 39 // This GUID is associated with any 'don't ask me again' settings that the 40 // user can select for different file types. 41 // {2676A9A2-D919-4fee-9187-152100393AB2} 42 static const GUID kClientID = { 0x2676a9a2, 0xd919, 0x4fee, 43 { 0x91, 0x87, 0x15, 0x21, 0x0, 0x39, 0x3a, 0xb2 } }; 44 45 attachment_services->SetClientGuid(kClientID); 46 47 if (!window_title.empty()) 48 attachment_services->SetClientTitle(window_title.c_str()); 49 50 // To help windows decide if the downloaded file is dangerous we can provide 51 // what the documentation calls evidence. Which we provide now: 52 // 53 // Set the file itself as evidence. 54 hr = attachment_services->SetLocalPath(full_path.value().c_str()); 55 if (FAILED(hr)) 56 return false; 57 // Set the origin URL as evidence. 58 hr = attachment_services->SetSource(source_url.c_str()); 59 if (FAILED(hr)) 60 return false; 61 62 // Now check the windows policy. 63 if (attachment_services->CheckPolicy() != S_OK) { 64 // It is possible that the above call returns an undocumented result 65 // equal to 0x800c000e which seems to indicate that the URL failed the 66 // the security check. If you proceed with the Prompt() call the 67 // Shell might show a dialog that says: 68 // "windows found that this file is potentially harmful. To help protect 69 // your computer, Windows has blocked access to this file." 70 // Upon dismissal of the dialog windows will delete the file (!!). 71 // So, we can 'return' in that case but maybe is best to let it happen to 72 // fail on the safe side. 73 74 ATTACHMENT_ACTION action; 75 // We cannot control what the prompt says or does directly but it 76 // is a pretty decent dialog; for example, if an executable is signed it can 77 // decode and show the publisher and the certificate. 78 hr = attachment_services->Prompt(hwnd, ATTACHMENT_PROMPT_EXEC, &action); 79 if (FAILED(hr) || (ATTACHMENT_ACTION_CANCEL == action)) { 80 // The user has declined opening the item. 81 return false; 82 } 83 } 84 return app::win::OpenItemViaShellNoZoneCheck(full_path); 85 } 86 87 bool SetInternetZoneIdentifier(const FilePath& full_path) { 88 const DWORD kShare = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE; 89 std::wstring path = full_path.value() + L":Zone.Identifier"; 90 HANDLE file = CreateFile(path.c_str(), GENERIC_WRITE, kShare, NULL, 91 OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); 92 if (INVALID_HANDLE_VALUE == file) 93 return false; 94 95 static const char kIdentifier[] = "[ZoneTransfer]\nZoneId=3"; 96 // Don't include trailing null in data written. 97 static const DWORD kIdentifierSize = arraysize(kIdentifier) - 1; 98 DWORD written = 0; 99 BOOL result = WriteFile(file, kIdentifier, kIdentifierSize, &written, 100 NULL); 101 BOOL flush_result = FlushFileBuffers(file); 102 CloseHandle(file); 103 104 if (!result || !flush_result || written != kIdentifierSize) { 105 NOTREACHED(); 106 return false; 107 } 108 109 return true; 110 } 111 112 } // namespace win_util 113