1.3.2

2022-08-28 12:43:08 +02:00 · 2022-08-28 12:43:08 +02:00 · a6bf997c2e
parent df9be3b684
commit a6bf997c2e
8 changed files with 100 additions and 46 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,10 +9,13 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Added
 - added icons to sub tabs in the box options dialog
 - recovery and message pop-up menu options are not persisting across UI restarts any more
+- added new box color, a white box indicates that its not really a sandbox and is displayed when the user specified OpenFilePath=* or alike

 ### Changed
 - Sandboxie no longer issues message 1301 when forced processes are temporarily disabled
 -- the message can be re-enabled with "NotifyForceProcessDisabled=y"
+- reworked the "Open COM" checkbox mechanism in the plus UI
+-- Now it uses a template and it can also keep COM closed while OpenIpcPath=* is set

 ### Fixed
 - fixed compatibility issue with Proxifier [#2163](https://github.com/sandboxie-plus/Sandboxie/issues/2163)
--- a/Sandboxie/install/Templates.ini
+++ b/Sandboxie/install/Templates.ini
@ -3477,6 +3477,29 @@ RpcPortBinding=SHELL32.dll,'201ef99a-7fa0-444c-9399-19ba84f12a1a@ncalrpc:',IpcPo



+#
+# COM/RPC Presets
+#
+
+[Template_OpenCOM]
+OpenIpcPath=*\BaseNamedObjects*\__ComCatalogCache__
+OpenIpcPath=\RPC Control\epmapper
+OpenIpcPath=\RPC Control\OLE*
+OpenIpcPath=\RPC Control\LRPC*
+
+[Template_BoxedCOM]
+NormalIpcPath=*BaseNamedObjects*\__ComCatalogCache__
+NormalIpcPath=*BaseNamedObjects*\ComPlusCOMRegTable
+NormalIpcPath=*BaseNamedObjects*\RotHintTable
+NormalIpcPath=*BaseNamedObjects*\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}
+NormalIpcPath=*BaseNamedObjects*\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}
+NormalIpcPath=\RPC Control\actkernel
+NormalIpcPath=\RPC Control\epmapper
+NormalIpcPath=\RPC Control\OLE*
+NormalIpcPath=\RPC Control\LRPC*
+
+
+
 #
 # Optional RPC Port Config
 #
--- a/SandboxiePlus/SandMan/SandMan.cpp
+++ b/SandboxiePlus/SandMan/SandMan.cpp
@ -2288,10 +2288,16 @@ void CSandMan::UpdateSettings(bool bRebuildUI)

 	if (bRebuildUI) 
 	{
-		LoadLanguage();
-
 		StoreState();

+		RebuildUI();
+	}
+}
+
+void CSandMan::RebuildUI()
+{
+	LoadLanguage();
+
 	if(m_pRefreshAll) this->removeAction(m_pRefreshAll);
 	if(m_pMenuBrowse) this->removeAction(m_pMenuBrowse);
 	if(m_pMenuResetGUI) this->removeAction(m_pMenuResetGUI);
@ -2315,7 +2321,6 @@ void CSandMan::UpdateSettings(bool bRebuildUI)

 	if(m_pTrayBoxes) m_pTrayBoxes->setStyle(QStyleFactory::create(m_DefaultStyle));
 }
-}

 void CSandMan::OnResetMsgs()
 {
@ -2344,6 +2349,8 @@ void CSandMan::OnResetMsgs()
 		theConf->SetValue("Options/WarnTerminate", -1);

 		theConf->SetValue("Options/InfoMkLink", -1);
+
+		theConf->SetValue("Options/WarnOpenCOM", -1);
 	}

 	theAPI->GetUserSettings()->UpdateTextList("SbieCtrl_HideMessage", QStringList(), true);
@ -2352,8 +2359,6 @@ void CSandMan::OnResetMsgs()

 void CSandMan::OnResetGUI()
 {
-	hide();
-
 	theConf->DelValue("ErrorWindow/Window_Geometry");
 	theConf->DelValue("MainWindow/Window_Geometry");
 	theConf->DelValue("MainWindow/Window_State");
@ -2388,9 +2393,7 @@ void CSandMan::OnResetGUI()
 //	theConf->SetValue("Options/DPIScaling", 1);
 	theConf->SetValue("Options/FontScaling", 100);

-	LoadState();
-
-	SafeShow(this);
+	RebuildUI();
 }

 void CSandMan::OnEditIni()
--- a/SandboxiePlus/SandMan/SandMan.h
+++ b/SandboxiePlus/SandMan/SandMan.h
@ -148,6 +148,7 @@ public slots:
 	class CRecoveryWindow*	ShowRecovery(const CSandBoxPtr& pBox, bool bFind = true);

 	void				UpdateSettings(bool bRebuildUI);
+	void				RebuildUI();
 	void				OnIniReloaded();

 	void				SetupHotKeys();
--- a/SandboxiePlus/SandMan/Windows/OptionsAccess.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsAccess.cpp
@ -6,6 +6,7 @@
 #include "../MiscHelpers/Common/Common.h"
 #include "../MiscHelpers/Common/ComboInputDialog.h"
 #include "../MiscHelpers/Common/SettingsWidgets.h"
+#include "../MiscHelpers/Common/CheckableMessageBox.h"
 #include "Helpers/WinAdmin.h"


@ -304,9 +305,15 @@ void COptionsWindow::AddAccessEntry(EAccessType	Type, EAccessMode Mode, QString
 	pItem->setText(2, GetAccessModeStr(Mode));
 	pItem->setData(2, Qt::UserRole, (int)Mode);

+	//////////////////////////////////////////////////////////
+	// File and Registry entries auto append a '*' wildcard 
+	// when thay don't contain any.
+	// Prepanding '|' disables this behavioure
+	//
+
 	QString sPath = Path;
 	if (Type == eFile || Type == eKey) { 
-		if (sPath.left(1) != "|" && !sPath.contains("*") && sPath.right(1) != "*")
+		if (!sPath.isEmpty() && sPath.left(1) != "|" && !sPath.contains("*") && sPath.right(1) != "*")
 			sPath.append("*");
 	}
 	pItem->setText(3, sPath);
@ -430,6 +437,21 @@ void COptionsWindow::CloseAccessEdit(QTreeWidgetItem* pItem, bool bSave)
 			}
 		}

+		if (pItem->data(0, Qt::UserRole).toInt() == eIPC && pMode->currentData().toInt() == eOpen 
+		  && ((pPath->text() == "*" && pItem->data(3, Qt::UserRole).toString() != "*") 
+		   || (pPath->text() == "\\*" && pItem->data(3, Qt::UserRole).toString() != "\\*"))
+		  && !m_BoxTemplates.contains("BoxedCOM"))  
+		{
+ 			if (theConf->GetInt("Options/WarnOpenCOM", -1) == -1) {
+				bool State = false;
+				if (CCheckableMessageBox::question(this, "Sandboxie-Plus", tr("Opening all IPC access, also opens COM access, do you want to restrict COM to the sandbox non the less?")
+				 , tr("Don't ask in future"), &State, QDialogButtonBox::Yes | QDialogButtonBox::No, QDialogButtonBox::Yes) == QDialogButtonBox::Yes)
+					SetTemplate("BoxedCOM", true); // Normal overrides Open even without rule specificity :D
+				if (State)
+					theConf->SetValue("Options/WarnOpenCOM", 1);
+			}
+		}
+
 		pItem->setText(1, (pNot->isChecked() ? "NOT " : "") + pCombo->currentText());
 		pItem->setData(1, Qt::UserRole, (pNot->isChecked() ? "!" : "") + Program);
 		pItem->setText(2, GetAccessModeStr((EAccessMode)pMode->currentData().toInt()));
--- a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
@ -79,6 +79,7 @@ void COptionsWindow::LoadAdvanced()
 	ui.chkProtectSystem->setChecked(!m_pBox->GetBool("ExposeBoxedSystem", false));
 	ui.chkDropPrivileges->setChecked(m_pBox->GetBool("StripSystemPrivileges", true));

+	CheckOpenCOM();
 	ui.chkComTimeout->setChecked(!m_pBox->GetBool("RpcMgmtSetComTimeout", true));

 	ui.chkNoSecurityIsolation->setChecked(m_pBox->GetBool("NoSecurityIsolation", false));
@ -241,7 +242,7 @@ void COptionsWindow::SaveAdvanced()
 	WriteTextList("OnBoxDelete", DeleteCommand);
 	//

-	WriteAdvancedCheck(ui.chkHideOtherBoxes, "HideOtherBoxes");
+	WriteAdvancedCheck(ui.chkHideOtherBoxes, "HideOtherBoxes", "", "n");

 	QStringList Processes;
 	for (int i = 0; i < ui.lstProcesses->count(); i++)
@ -322,20 +323,20 @@ void COptionsWindow::OnAdvancedChanged()
 	OnOptChanged();
 }

+void COptionsWindow::CheckOpenCOM()
+{
+	bool bComIpcOpen = GetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\epmapper") != NULL || GetAccessEntry(eIPC, "", eOpen, "*") != NULL;
+	if(bComIpcOpen)
+		ui.chkOpenCOM->setChecked(!m_BoxTemplates.contains("BoxedCOM"));
+	else
+		ui.chkOpenCOM->setChecked(m_BoxTemplates.contains("OpenCOM"));
+}
+
 void COptionsWindow::OnOpenCOM()
 {
-	if (ui.chkOpenCOM->isChecked()) {
-		SetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\epmapper");
-		SetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\LRPC*");
-		SetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\OLE*");
-		SetAccessEntry(eIPC, "", eOpen, "*\\BaseNamedObjects*\\__ComCatalogCache__");
-	}
-	else {
-		DelAccessEntry(eIPC, "", eOpen, "\\RPC Control\\epmapper");
-		DelAccessEntry(eIPC, "", eOpen, "\\RPC Control\\LRPC*");
-		DelAccessEntry(eIPC, "", eOpen, "\\RPC Control\\OLE*");
-		DelAccessEntry(eIPC, "", eOpen, "*\\BaseNamedObjects*\\__ComCatalogCache__");
-	}
+	bool bComIpcOpen = GetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\epmapper") != NULL || GetAccessEntry(eIPC, "", eOpen, "*") != NULL;
+	SetTemplate("OpenCOM", !bComIpcOpen && ui.chkOpenCOM->isChecked());
+	SetTemplate("BoxedCOM", bComIpcOpen && !ui.chkOpenCOM->isChecked());
 }

 void COptionsWindow::OnNoWindowRename()
--- a/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
@ -778,7 +778,7 @@ void COptionsWindow::UpdateCurrentTab()
 	}
 	else if (m_iCurrentTab == eAdvanced)
 	{
-		ui.chkOpenCOM->setChecked(GetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\epmapper") != NULL);
+		CheckOpenCOM();
 	
 		if (GetAccessEntry(eWnd, "", eOpen, "*") != NULL)
 		{
--- a/SandboxiePlus/SandMan/Windows/OptionsWindow.h
+++ b/SandboxiePlus/SandMan/Windows/OptionsWindow.h
@ -370,6 +370,7 @@ protected:
 	void UpdateBoxIsolation();
 	void ShowTriggersTmpl(bool bUpdate = false);
 	void AddTriggerItem(const QString& Value, ETriggerAction Type, const QString& Template = QString());
+	void CheckOpenCOM();
 	//

 	void CreateDebug();