From 77cd2c924918bdfa479d21de54f6f45a007a8d01 Mon Sep 17 00:00:00 2001
From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com>
Date: Sun, 12 May 2024 16:25:53 +0200
Subject: [PATCH] 1.14.0
---
Sandboxie/core/dll/dns_filter.c | 11 +++++++++++
Sandboxie/core/dll/net.c | 11 +++++++++++
Sandboxie/core/drv/verify.h | 1 +
SandboxiePlus/SandMan/SandMan.cpp | 16 ++++++++++++----
SandboxiePlus/SandMan/Windows/OptionsNetwork.cpp | 7 +++++++
SandboxiePlus/SandMan/Windows/OptionsWindow.cpp | 5 +++++
SandboxiePlus/SandMan/Windows/OptionsWindow.h | 1 +
7 files changed, 48 insertions(+), 4 deletions(-)
diff --git a/Sandboxie/core/dll/dns_filter.c b/Sandboxie/core/dll/dns_filter.c
index 303c0d0c..a7817159 100644
--- a/Sandboxie/core/dll/dns_filter.c
+++ b/Sandboxie/core/dll/dns_filter.c
@@ -31,6 +31,8 @@
#include "wsa_defs.h"
#include "common/pattern.h"
#include "common/str_util.h"
+#include "core/drv/api_defs.h"
+#include "core/drv/verify.h"
//---------------------------------------------------------------------------
@@ -192,6 +194,15 @@ _FX BOOLEAN WSA_InitNetDnsFilter(HMODULE module)
map_init(&WSA_LookupMap, Dll_Pool);
}
+ SCertInfo CertInfo = { 0 };
+ if (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_ADVANCED(CertInfo)) {
+
+ const WCHAR* strings[] = { L"NetworkDnsFilter" , NULL };
+ SbieApi_LogMsgExt(-1, 6009, strings);
+
+ WSA_FilterEnabled = FALSE;
+ }
+
//
// Setup DNS hooks
//
diff --git a/Sandboxie/core/dll/net.c b/Sandboxie/core/dll/net.c
index 3333981b..e4a20ac9 100644
--- a/Sandboxie/core/dll/net.c
+++ b/Sandboxie/core/dll/net.c
@@ -33,6 +33,8 @@
#include "wsa_defs.h"
#include "core/svc/sbieiniwire.h"
#include "common/base64.c"
+#include "core/drv/api_defs.h"
+#include "core/drv/verify.h"
//---------------------------------------------------------------------------
@@ -1324,6 +1326,15 @@ _FX BOOLEAN WSA_InitNetProxy()
return FALSE;
}
+ SCertInfo CertInfo = { 0 };
+ if (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_ADVANCED(CertInfo)) {
+
+ const WCHAR* strings[] = { L"NetworkUseProxy" , NULL };
+ SbieApi_LogMsgExt(-1, 6009, strings);
+
+ return FALSE;
+ }
+
return TRUE;
}
diff --git a/Sandboxie/core/drv/verify.h b/Sandboxie/core/drv/verify.h
index 4e0f0ca6..f10ea8e3 100644
--- a/Sandboxie/core/drv/verify.h
+++ b/Sandboxie/core/drv/verify.h
@@ -86,6 +86,7 @@ enum ECertLevel {
#define CERT_IS_TYPE(cert,t) ((cert.type & 0b11100) == (unsigned long)(t))
#define CERT_IS_SUBSCRIPTION(cert) (CERT_IS_TYPE(cert, eCertBusiness) || CERT_IS_TYPE(cert, eCertHome) || cert.type == eCertEntryPatreon || CERT_IS_TYPE(cert, eCertEvaluation))
#define CERT_IS_INSIDER(cert) (CERT_IS_TYPE(cert, eCertEternal) || cert.type == eCertGreatPatreon)
+#define CERT_IS_ADVANCED(cert) (CERT_IS_TYPE(cert, eCertEternal) || (CERT_IS_LEVEL(cert, eCertAdvanced) && cert.type != eCertPatreon))
#define CERT_IS_LEVEL(cert,l) (cert.active && cert.level >= (unsigned long)(l))
#ifdef KERNEL_MODE
diff --git a/SandboxiePlus/SandMan/SandMan.cpp b/SandboxiePlus/SandMan/SandMan.cpp
index a421e0e6..35f9350f 100644
--- a/SandboxiePlus/SandMan/SandMan.cpp
+++ b/SandboxiePlus/SandMan/SandMan.cpp
@@ -2968,13 +2968,21 @@ void CSandMan::SaveMessageLog(QIODevice* pFile)
bool CSandMan::CheckCertificate(QWidget* pWidget, int iType)
{
QString Message;
- if (iType == 1)
+ if (iType == 1 || iType == 2)
{
- if (CERT_IS_LEVEL(g_CertInfo, eCertAdvanced))
- return true;
+ if (iType == 1) {
+ if (CERT_IS_LEVEL(g_CertInfo, eCertAdvanced))
+ return true;
+ }
+ else {
+ if (CERT_IS_ADVANCED(g_CertInfo))
+ return true;
+ }
Message = tr("The selected feature requires an advanced supporter certificate.");
- if(g_CertInfo.active)
+ if (iType == 2 && CERT_IS_TYPE(g_CertInfo, eCertPatreon))
+ Message.append(tr("
you need to be on the Great Patreon level or higher to unlock this feature."));
+ else if (g_CertInfo.active)
Message.append(tr("
Upgrade your Certificate to unlock advanced features."));
else
Message.append(tr("
Become a project supporter, and receive a supporter certificate"));
diff --git a/SandboxiePlus/SandMan/Windows/OptionsNetwork.cpp b/SandboxiePlus/SandMan/Windows/OptionsNetwork.cpp
index 10fe5eaf..153c9e43 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsNetwork.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsNetwork.cpp
@@ -60,6 +60,13 @@ void COptionsWindow::CreateNetwork()
connect(ui.chkBlockDns, SIGNAL(clicked(bool)), this, SLOT(OnBlockDns()));
connect(ui.chkBlockSamba, SIGNAL(clicked(bool)), this, SLOT(OnBlockSamba()));
+ connect(ui.tabsInternet, SIGNAL(currentChanged(int)), this, SLOT(OnInternetTab()));
+
+ if (!CERT_IS_ADVANCED(g_CertInfo)) {
+ ui.tabDNS->setEnabled(false);
+ ui.tabNetProxy->setEnabled(false);
+ }
+
ui.chkProxyResolveHostnames->setVisible(false);
}
diff --git a/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp b/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
index 861fb962..d81b32be 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
@@ -1206,6 +1206,11 @@ void COptionsWindow::UpdateCurrentTab()
{
LoadBlockINet();
}
+ else if (m_pCurrentTab == ui.tabDNS || m_pCurrentTab == ui.tabNetProxy)
+ {
+ if (!m_pCurrentTab->isEnabled())
+ theGUI->CheckCertificate(this, 2);
+ }
else if (m_pCurrentTab == ui.tabCOM) {
CheckOpenCOM();
}
diff --git a/SandboxiePlus/SandMan/Windows/OptionsWindow.h b/SandboxiePlus/SandMan/Windows/OptionsWindow.h
index 4223caff..c38e70e3 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsWindow.h
+++ b/SandboxiePlus/SandMan/Windows/OptionsWindow.h
@@ -238,6 +238,7 @@ private slots:
void OnTab() { OnTab(ui.tabs->currentWidget()); }
void OnAccessTab() { OnTab(ui.tabsAccess->currentWidget()); }
+ void OnInternetTab() { OnTab(ui.tabsInternet->currentWidget()); }
void OnGeneralChanged();
void OnPSTChanged();