1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include <shlobj.h>
6#include <shobjidl.h>
7
8#include "chrome/common/win_safe_util.h"
9
10#include "app/win/shell.h"
11#include "base/file_path.h"
12#include "base/logging.h"
13#include "base/path_service.h"
14#include "base/string_util.h"
15#include "base/win/scoped_comptr.h"
16
17namespace win_util {
18
19// This function implementation is based on the attachment execution
20// services functionally deployed with IE6 or Service pack 2. This
21// functionality is exposed in the IAttachmentExecute COM interface.
22// more information at:
23// http://msdn2.microsoft.com/en-us/library/ms647048.aspx
24bool SaferOpenItemViaShell(HWND hwnd, const std::wstring& window_title,
25                           const FilePath& full_path,
26                           const std::wstring& source_url) {
27  base::win::ScopedComPtr<IAttachmentExecute> attachment_services;
28  HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices);
29  if (FAILED(hr)) {
30    // We don't have Attachment Execution Services, it must be a pre-XP.SP2
31    // Windows installation, or the thread does not have COM initialized.
32    if (hr == CO_E_NOTINITIALIZED) {
33      NOTREACHED();
34      return false;
35    }
36    return app::win::OpenItemViaShell(full_path);
37  }
38
39  // This GUID is associated with any 'don't ask me again' settings that the
40  // user can select for different file types.
41  // {2676A9A2-D919-4fee-9187-152100393AB2}
42  static const GUID kClientID = { 0x2676a9a2, 0xd919, 0x4fee,
43    { 0x91, 0x87, 0x15, 0x21, 0x0, 0x39, 0x3a, 0xb2 } };
44
45  attachment_services->SetClientGuid(kClientID);
46
47  if (!window_title.empty())
48    attachment_services->SetClientTitle(window_title.c_str());
49
50  // To help windows decide if the downloaded file is dangerous we can provide
51  // what the documentation calls evidence. Which we provide now:
52  //
53  // Set the file itself as evidence.
54  hr = attachment_services->SetLocalPath(full_path.value().c_str());
55  if (FAILED(hr))
56    return false;
57  // Set the origin URL as evidence.
58  hr = attachment_services->SetSource(source_url.c_str());
59  if (FAILED(hr))
60    return false;
61
62  // Now check the windows policy.
63  if (attachment_services->CheckPolicy() != S_OK) {
64    // It is possible that the above call returns an undocumented result
65    // equal to 0x800c000e which seems to indicate that the URL failed the
66    // the security check. If you proceed with the Prompt() call the
67    // Shell might show a dialog that says:
68    // "windows found that this file is potentially harmful. To help protect
69    // your computer, Windows has blocked access to this file."
70    // Upon dismissal of the dialog windows will delete the file (!!).
71    // So, we can 'return' in that case but maybe is best to let it happen to
72    // fail on the safe side.
73
74    ATTACHMENT_ACTION action;
75    // We cannot control what the prompt says or does directly but it
76    // is a pretty decent dialog; for example, if an executable is signed it can
77    // decode and show the publisher and the certificate.
78    hr = attachment_services->Prompt(hwnd, ATTACHMENT_PROMPT_EXEC, &action);
79    if (FAILED(hr) || (ATTACHMENT_ACTION_CANCEL == action)) {
80      // The user has declined opening the item.
81      return false;
82    }
83  }
84  return app::win::OpenItemViaShellNoZoneCheck(full_path);
85}
86
87bool SetInternetZoneIdentifier(const FilePath& full_path) {
88  const DWORD kShare = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE;
89  std::wstring path = full_path.value() + L":Zone.Identifier";
90  HANDLE file = CreateFile(path.c_str(), GENERIC_WRITE, kShare, NULL,
91                           OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
92  if (INVALID_HANDLE_VALUE == file)
93    return false;
94
95  static const char kIdentifier[] = "[ZoneTransfer]\nZoneId=3";
96  // Don't include trailing null in data written.
97  static const DWORD kIdentifierSize = arraysize(kIdentifier) - 1;
98  DWORD written = 0;
99  BOOL result = WriteFile(file, kIdentifier, kIdentifierSize, &written,
100                          NULL);
101  BOOL flush_result = FlushFileBuffers(file);
102  CloseHandle(file);
103
104  if (!result || !flush_result || written != kIdentifierSize) {
105    NOTREACHED();
106    return false;
107  }
108
109  return true;
110}
111
112}  // namespace win_util
113