windows-nt/Source/XPSP1/NT/shell/shell32/ole2dup.c

#include "shellprv.h"
#pragma  hdrstop

// this makes sure the DLL for the given clsid stays in memory
// this is needed because we violate COM rules and hold apparment objects
// across the lifetime of appartment threads. these objects really need
// to be free threaded (we have always treated them as such)

STDAPI_(HINSTANCE) SHPinDllOfCLSIDStr(LPCTSTR pszCLSID)
{
    CLSID clsid;

    SHCLSIDFromString(pszCLSID, &clsid);
    return SHPinDllOfCLSID(&clsid);
}

// translate string form of CLSID into binary form

STDAPI SHCLSIDFromString(LPCTSTR psz, CLSID *pclsid)
{
    *pclsid = CLSID_NULL;
    if (psz == NULL) 
        return NOERROR;
    return GUIDFromString(psz, pclsid) ? NOERROR : CO_E_CLASSSTRING;
}

BOOL _IsShellDll(LPCTSTR pszDllPath)
{
    LPCTSTR pszDllName = PathFindFileName(pszDllPath);
    return lstrcmpi(pszDllName, TEXT("shell32.dll")) == 0;
}

HKEY g_hklmApprovedExt = (HKEY)-1;    // not tested yet

// On NT, we must check to ensure that this CLSID exists in
// the list of approved CLSIDs that can be used in-process.
// If not, we fail the creation with ERROR_ACCESS_DENIED.
// We explicitly allow anything serviced by this DLL

BOOL _IsShellExtApproved(LPCTSTR pszClass, LPCTSTR pszDllPath)
{
    BOOL fIsApproved = TRUE;

    ASSERT(!_IsShellDll(pszDllPath));

#ifdef FULL_DEBUG
    if (TRUE)
#else
    if (SHRestricted(REST_ENFORCESHELLEXTSECURITY))
#endif
    {
        if (g_hklmApprovedExt == (HKEY)-1)
        {
            g_hklmApprovedExt = NULL;
            RegOpenKey(HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved"), &g_hklmApprovedExt);
        }

        if (g_hklmApprovedExt)
        {
            fIsApproved = SHQueryValueEx(g_hklmApprovedExt, pszClass, 0, NULL, NULL, NULL) == ERROR_SUCCESS;
            if (!fIsApproved)
            {
                HKEY hk;
                if (RegOpenKey(HKEY_CURRENT_USER, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved"), &hk) == ERROR_SUCCESS)
                {
                    fIsApproved = SHQueryValueEx(hk, pszClass, 0, NULL, NULL, NULL) == ERROR_SUCCESS;
                    RegCloseKey(hk);
                }
            }
        }
    }

#ifdef FULL_DEBUG
    if (!SHRestricted(REST_ENFORCESHELLEXTSECURITY) && !fIsApproved)
    {
        TraceMsg(TF_WARNING, "%s not approved; fortunately, shell security is disabled", pszClass);
        fIsApproved = TRUE;
    }
#endif
    return fIsApproved;
}

STDAPI_(BOOL) IsGuimodeSetupRunning()
{
    DWORD dwSystemSetupInProgress;
    DWORD dwMiniSetupInProgress;
    DWORD dwType;
    DWORD dwSize;
    
    dwSize = sizeof(dwSystemSetupInProgress);
    if ((SHGetValueW(HKEY_LOCAL_MACHINE, L"SYSTEM\\Setup", L"SystemSetupInProgress", &dwType, (LPVOID)&dwSystemSetupInProgress, &dwSize) == ERROR_SUCCESS) &&
        (dwType == REG_DWORD) &&
        (dwSystemSetupInProgress != 0))
    {

        // starting w/ whistler on a syspreped machine the SystemSetupInProgress will be set EVEN AFTER guimode setup
        // has finished (needed for OOBE on the boot after guimode finishes). So, to distinguish the "first-boot" case
        // from the "guimode-setup" case we check the MiniSetupInProgress value as well.

        dwSize = sizeof(dwMiniSetupInProgress);
        if ((SHGetValueW(HKEY_LOCAL_MACHINE, L"SYSTEM\\Setup", L"MiniSetupInProgress", &dwType, (LPVOID)&dwMiniSetupInProgress, &dwSize) != ERROR_SUCCESS) ||
            (dwType != REG_DWORD) ||
            (dwMiniSetupInProgress == 0))
        {
            return TRUE;
        }
    }

    return FALSE;
}

typedef HRESULT (__stdcall *PFNDLLGETCLASSOBJECT)(REFCLSID rclsid, REFIID riid, void **ppv);

HRESULT _CreateFromDllGetClassObject(PFNDLLGETCLASSOBJECT pfn, const CLSID *pclsid, IUnknown *punkOuter, REFIID riid, void **ppv)
{
    IClassFactory *pcf;
    HRESULT hr = pfn(pclsid, &IID_IClassFactory, &pcf);
    if (SUCCEEDED(hr))
    {
        hr = pcf->lpVtbl->CreateInstance(pcf, punkOuter, riid, ppv);
#ifdef DEBUG
        if (SUCCEEDED(hr))
        {
            // confirm that OLE can create this object to
            // make sure our objects are really CoCreateable
            IUnknown *punk;
            HRESULT hrTemp = CoCreateInstance(pclsid, punkOuter, CLSCTX_INPROC_SERVER, riid, &punk);
            if (SUCCEEDED(hrTemp))
                punk->lpVtbl->Release(punk);
            else
            {
                if (hrTemp == CO_E_NOTINITIALIZED)
                {
                    // shell32.dll works without com being inited
                    TraceMsg(TF_WARNING, "shell32 or friend object used without COM being initalized");
                }
// the RIPMSG below was hitting too often in out-of-memory cases where lame class factories return E_FAIL, E_NOTIMPL, and a bunch of
// other meaningless error codes. I have therefore relegaed this ripmsg to FULL_DEBUG only status.
#ifdef FULL_DEBUG
                else if ((hrTemp != E_OUTOFMEMORY) &&   // stress can hit the E_OUTOFMEMORY case
                         (hrTemp != E_NOINTERFACE) &&   // stress can hit the E_NOINTERFACE case
                         (hrTemp != HRESULT_FROM_WIN32(ERROR_COMMITMENT_LIMIT)) &&      // stress can hit the ERROR_COMMITMENT_LIMIT case
                         (hrTemp != HRESULT_FROM_WIN32(ERROR_NO_SYSTEM_RESOURCES)) &&   // stress can hit the ERROR_NO_SYSTEM_RESOURCES case
                         !IsGuimodeSetupRunning())      // and we don't want to fire the assert during guimode (shell32 might not be registered yet)
                {
                    // others failures are bad
                    RIPMSG(FALSE, "CoCreate failed with %x", hrTemp);
                }
#endif // FULL_DEBUG
            }
        }
#endif
        pcf->lpVtbl->Release(pcf);
    }
    return hr;
}


HRESULT _CreateFromShell(const CLSID *pclsid, IUnknown *punkOuter, REFIID riid, void **ppv)
{
    return _CreateFromDllGetClassObject(DllGetClassObject, pclsid, punkOuter, riid, ppv);
}

HRESULT _CreateFromDll(LPCTSTR pszDllPath, const CLSID *pclsid, IUnknown *punkOuter, REFIID riid, void **ppv)
{
    HMODULE hmod = LoadLibraryEx(pszDllPath,NULL,LOAD_WITH_ALTERED_SEARCH_PATH);
    if (hmod)
    {
        HRESULT hr;
        PFNDLLGETCLASSOBJECT pfn = (PFNDLLGETCLASSOBJECT)GetProcAddress(hmod, "DllGetClassObject");
        if (pfn)
            hr = _CreateFromDllGetClassObject(pfn, pclsid, punkOuter, riid, ppv);
        else
            hr = E_FAIL;

        if (FAILED(hr))
            FreeLibrary(hmod);
        return hr;
    }
    return HRESULT_FROM_WIN32(GetLastError());
}

STDAPI SHGetInProcServerForClass(const CLSID *pclsid, LPTSTR pszDllPath, LPTSTR pszClass, BOOL *pbLoadWithoutCOM)
{
    TCHAR szKeyToOpen[GUIDSTR_MAX + 128], szInProcServer[GUIDSTR_MAX];
    HKEY hkeyInProcServer;
    DWORD dwSize = MAX_PATH * sizeof(TCHAR);  // convert to count of bytes
    DWORD dwError;

    SHStringFromGUID(pclsid, szInProcServer, ARRAYSIZE(szInProcServer));

    lstrcpy(pszClass, szInProcServer);

    *pszDllPath = 0;

    lstrcpy(szKeyToOpen, TEXT("CLSID\\"));
    lstrcat(szKeyToOpen, szInProcServer);
    lstrcat(szKeyToOpen, TEXT("\\InProcServer32"));

    dwError = RegOpenKeyEx(HKEY_CLASSES_ROOT, szKeyToOpen, 0, KEY_QUERY_VALUE, &hkeyInProcServer);
    if (dwError == ERROR_SUCCESS)
    {
        SHQueryValueEx(hkeyInProcServer, NULL, 0, NULL, (BYTE *)pszDllPath, &dwSize);

        *pbLoadWithoutCOM = SHQueryValueEx(hkeyInProcServer, TEXT("LoadWithoutCOM"), NULL, NULL, NULL, NULL) == ERROR_SUCCESS;
        RegCloseKey(hkeyInProcServer);
    }

    //
    //  Return a more accurate error code so we don't
    //  fire a bogus assertion.
    //
    if (*pszDllPath)
    {
        return S_OK;
    }
    else
    {
        // If error was "key not found", then the class is not registered.
        // If no error, then class is not registered properly (e.g., null
        // string for InProcServer32).
        if (dwError == ERROR_FILE_NOT_FOUND || dwError == ERROR_SUCCESS)
        {
            return REGDB_E_CLASSNOTREG;
        }
        else
        {
            // Any other error is worth reporting as-is (out of memory,
            // access denied, etc.)
            return HRESULT_FROM_WIN32(dwError);
        }
    }
}

STDAPI _SHCoCreateInstance(const CLSID * pclsid, IUnknown *punkOuter, DWORD dwCoCreateFlags, 
                           BOOL bMustBeApproved, REFIID riid, void **ppv)
{
    HRESULT hr = E_FAIL;
    TCHAR szClass[GUIDSTR_MAX + 64], szDllPath[MAX_PATH];
    BOOL bLoadWithoutCOM = FALSE;
    *ppv = NULL;
    *szDllPath = 0;

    // save us some registry accesses and try the shell first
    // but only if its INPROC
    if (dwCoCreateFlags & CLSCTX_INPROC_SERVER)
        hr = _CreateFromShell(pclsid, punkOuter, riid, ppv);

#ifdef DEBUG
    if (SUCCEEDED(hr))
    {
        HRESULT hrRegistered = THR(SHGetInProcServerForClass(pclsid, szDllPath, szClass, &bLoadWithoutCOM));

        //
        // check to see if we're the explorer process before complaining (to
        // avoid ripping during setup before all objects have been registered)
        //
        if (IsProcessAnExplorer() && !IsGuimodeSetupRunning() && hrRegistered == REGDB_E_CLASSNOTREG)
        {
            ASSERTMSG(FAILED(hr), "object not registered (add to selfreg.inx) pclsid = %x", pclsid);
        }
    }
#endif

    if (FAILED(hr))
    {
        BOOL fNeedsInProc = ((dwCoCreateFlags & CLSCTX_ALL) == CLSCTX_INPROC_SERVER);
        hr = fNeedsInProc ? THR(SHGetInProcServerForClass(pclsid, szDllPath, szClass, &bLoadWithoutCOM)) : S_FALSE;
        if (SUCCEEDED(hr))
        {
            if (hr == S_OK && _IsShellDll(szDllPath))
            {
                // Object likely moved out of the shell DLL.
                hr = CLASS_E_CLASSNOTAVAILABLE;
            }
            else if (bMustBeApproved &&
                     SHStringFromGUID(pclsid, szClass, ARRAYSIZE(szClass)) &&
                     !_IsShellExtApproved(szClass, szDllPath))
            {
                TraceMsg(TF_ERROR, "SHCoCreateInstance() %s needs to be registered under HKLM or HKCU"
                    ",Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved", szClass);
                hr = HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED);
            }
            else
            {
                hr = THR(SHCoCreateInstanceAC(pclsid, punkOuter, dwCoCreateFlags, riid, ppv));

                if (FAILED(hr) && fNeedsInProc && bLoadWithoutCOM)
                {
                    if ((hr == REGDB_E_IIDNOTREG) || (hr == CO_E_NOTINITIALIZED))
                    {
                        hr = THR(_CreateFromDll(szDllPath, pclsid, punkOuter, riid, ppv));
                    }
                }

                // only RIP if this is not a secondary explorer process since secondary explorers dont init com or ole since
                // they are going to delegate to an existing process and we don't want to have to load ole for perf in that case.
                if (!IsSecondaryExplorerProcess())
                {
                    RIPMSG((hr != CO_E_NOTINITIALIZED), "COM not inited for dll %s", szDllPath);
                }

                //  sometimes we need to permanently pin these objects.
                if (SUCCEEDED(hr) && fNeedsInProc && (OBJCOMPATF_PINDLL & SHGetObjectCompatFlags(NULL, pclsid)))
                {
                    SHPinDllOfCLSID(pclsid);
                }
            }
        }
    }

#ifdef DEBUG
    if (FAILED(hr) && (hr != E_NOINTERFACE))    // E_NOINTERFACE means riid not accepted
    {
        ULONGLONG dwTF = IsFlagSet(g_dwBreakFlags, BF_COCREATEINSTANCE) ? TF_ALWAYS : TF_WARNING;
        TraceMsg(dwTF, "CoCreateInstance: failed (%s,%x)", szClass, hr);
    }
#endif
    return hr;
}

STDAPI SHCoCreateInstance(LPCTSTR pszCLSID, const CLSID * pclsid, IUnknown *punkOuter, REFIID riid, void **ppv)
{
    CLSID clsid;
    if (pszCLSID)
    {
        SHCLSIDFromString(pszCLSID, &clsid);
        pclsid = &clsid;
    }
    return _SHCoCreateInstance(pclsid, punkOuter, CLSCTX_INPROC_SERVER, FALSE, riid, ppv);
}

//
// create a shell extension object, ensures that object is in the approved list
//
STDAPI SHExtCoCreateInstance2(LPCTSTR pszCLSID, const CLSID *pclsid, IUnknown *punkOuter, DWORD dwClsCtx, REFIID riid, void **ppv)
{
    CLSID clsid;
    
    if (pszCLSID)
    {
        SHCLSIDFromString(pszCLSID, &clsid);
        pclsid = &clsid;
    }

    return _SHCoCreateInstance(pclsid, punkOuter, dwClsCtx, TRUE, riid, ppv);
}

STDAPI SHExtCoCreateInstance(LPCTSTR pszCLSID, const CLSID *pclsid, IUnknown *punkOuter, REFIID riid, void **ppv)
{
    return SHExtCoCreateInstance2(pszCLSID, pclsid, punkOuter, CLSCTX_NO_CODE_DOWNLOAD | CLSCTX_INPROC_SERVER, riid, ppv);
}

STDAPI_(BOOL) SHIsBadInterfacePtr(const void *pv, UINT cbVtbl)
{
    IUnknown const * punk = pv;
    return IsBadReadPtr(punk, sizeof(punk->lpVtbl)) || 
           IsBadReadPtr(punk->lpVtbl, cbVtbl) || 
           IsBadCodePtr((FARPROC)punk->lpVtbl->Release);
}

// private API that loads COM inproc objects out of band of COM. this 
// should be used very carefully, only in special legacy cases where 
// we knowingly need to break COM rules. right now this is only for AVIFile
// as it depended on the Win95 behavior of SHCoCreateInstance() loading objects
// without COM being inited and without them being marshalled

STDAPI SHCreateInstance(REFCLSID clsid, REFIID riid, void **ppv)
{
    TCHAR szClass[GUIDSTR_MAX + 64], szDllPath[MAX_PATH];
    BOOL bLoadWithoutCOM;

    HRESULT hr = SHGetInProcServerForClass(clsid, szDllPath, szClass, &bLoadWithoutCOM);
    if (SUCCEEDED(hr))
    {
        hr = THR(_CreateFromDll(szDllPath, clsid, NULL, riid, ppv));
    }
    else
    {
        *ppv = NULL;
    }
    return hr;
}