better custom security manager, less janky application restarts, Java debug configuration, clearing up README terminology

Author: tomysshadow

FlashpointSecurePlayer/CustomSecurityManager.cs

@@ -64,6 +64,29 @@ int InternetInterfaces.IInternetSecurityManager.GetSecuritySite(out IntPtr pSite
         int InternetInterfaces.IInternetSecurityManager.MapUrlToZone([MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, ref uint pdwZone, uint dwFlags) {
             // behave like local intranet
             pdwZone = 1;
+
+            if ((dwFlags & MUTZ_ISFILE) == MUTZ_ISFILE) {
+                return INET_E_DEFAULT_ACTION;
+            }
+
+            if (pwszUrl == null) {
+                return E_INVALIDARG;
+            }
+
+            if ((dwFlags & MUTZ_DONT_UNESCAPE) != MUTZ_DONT_UNESCAPE) {
+                try {
+                    pwszUrl = Uri.UnescapeDataString(pwszUrl);
+                } catch (ArgumentNullException) {
+                    return INET_E_DEFAULT_ACTION;
+                }
+            }
+
+            pwszUrl = pwszUrl.ToLower();
+
+            if (pwszUrl.IndexOf("http://") != 0 && pwszUrl.IndexOf("https://") != 0 && pwszUrl.IndexOf("ftp://") != 0) {
+                // we've wandered off from Flashpoint Server, revert to default zone settings
+                return INET_E_DEFAULT_ACTION;
+            }
             return S_OK;
         }
 
@@ -74,6 +97,24 @@ int InternetInterfaces.IInternetSecurityManager.GetSecurityId([MarshalAs(Unmanag
         int InternetInterfaces.IInternetSecurityManager.ProcessUrlAction([MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, uint dwAction, out uint pPolicy, uint cbPolicy, byte pContext, uint cbContext, uint dwFlags, uint dwReserved) {
             pPolicy = URLPOLICY_DISALLOW;
 
+            if ((dwFlags & PUAF_ISFILE) == PUAF_ISFILE) {
+                return INET_E_DEFAULT_ACTION;
+            }
+
+            if (pwszUrl == null) {
+                return E_INVALIDARG;
+            }
+
+            pwszUrl = pwszUrl.ToLower();
+
+            if (pwszUrl.IndexOf("http://") != 0 && pwszUrl.IndexOf("https://") != 0 && pwszUrl.IndexOf("ftp://") != 0) {
+                // we've wandered off from Flashpoint Server, don't allow zone elevation
+                if (dwAction == URLACTION_FEATURE_ZONE_ELEVATION) {
+                    return S_OK;
+                }
+                return INET_E_DEFAULT_ACTION;
+            }
+
             if (dwAction == URLACTION_ACTIVEX_TREATASUNTRUSTED || // trust ActiveX Controls always
                 dwAction == URLACTION_HTML_MIXED_CONTENT || // block HTTPS content on HTTP websites for Flashpoint Proxy
                 dwAction == URLACTION_CLIENT_CERT_PROMPT || // don't allow invalid certificates
@@ -112,6 +153,7 @@ int InternetInterfaces.IInternetSecurityManager.ProcessUrlAction([MarshalAs(Unma
                 dwAction == URLACTION_MANAGED_SIGNED || // run components regardless of if they're signed or not
                 dwAction == URLACTION_MANAGED_UNSIGNED ||
                 dwAction == URLACTION_DOTNET_USERCONTROLS || // allow .NET user controls
+                dwAction == URLACTION_FEATURE_ZONE_ELEVATION || // allow entering this zone from about:blank
                 dwAction == URLACTION_FEATURE_DATA_BINDING || // allow databinding
                 dwAction == URLACTION_FEATURE_CROSSDOMAIN_FOCUS_CHANGE || // allow crossdomain
                 dwAction == URLACTION_ALLOW_RESTRICTEDPROTOCOLS || // allow active content regardless of if the protocol is restricted

FlashpointSecurePlayer/EnvironmentVariables.cs

@@ -13,13 +13,28 @@
 
 namespace FlashpointSecurePlayer {
     class EnvironmentVariables : Modifications {
-        const string COMPATIBILITY_LAYER = "__COMPAT_LAYER";
+        const string COMPATIBILITY_LAYER_NAME = "__COMPAT_LAYER";
 
         public EnvironmentVariables(Form Form) : base(Form) { }
 
         public void Activate(string name, string server, string applicationMutexName) {
             base.Activate(name);
             ModificationsElement modificationsElement = GetModificationsElement(true, Name);
+            string value = null;
+            string compatibilityLayerValue = null;
+
+            try {
+                compatibilityLayerValue = Environment.GetEnvironmentVariable(COMPATIBILITY_LAYER_NAME);
+            } catch (ArgumentException) {
+                throw new EnvironmentVariablesFailedException();
+            } catch (SecurityException) {
+                throw new TaskRequiresElevationException();
+            }
+
+            if (compatibilityLayerValue != null) {
+                compatibilityLayerValue = compatibilityLayerValue.ToUpper();
+            }
+
             EnvironmentVariablesElement environmentVariablesElement = null;
 
             for (int i = 0;i < modificationsElement.EnvironmentVariables.Count;i++) {
@@ -29,39 +44,57 @@ public void Activate(string name, string server, string applicationMutexName) {
                     throw new EnvironmentVariablesFailedException();
                 }
 
-                string compatibilityLayer = null;
+                value = environmentVariablesElement.Value;
 
                 try {
-                    compatibilityLayer = Environment.GetEnvironmentVariable(COMPATIBILITY_LAYER);
+                    Environment.SetEnvironmentVariable(environmentVariablesElement.Name, RemoveVariablesFromValue(value) as string);
                 } catch (ArgumentException) {
                     throw new EnvironmentVariablesFailedException();
                 } catch (SecurityException) {
                     throw new TaskRequiresElevationException();
                 }
 
-                try {
-                    Environment.SetEnvironmentVariable(environmentVariablesElement.Name, RemoveVariablesFromValue(environmentVariablesElement.Value) as string);
-                } catch (ArgumentException) {
-                    throw new EnvironmentVariablesFailedException();
-                } catch (SecurityException) {
-                    throw new TaskRequiresElevationException();
+                if (value != null) {
+                    value = value.ToUpper();
                 }
 
-                if (environmentVariablesElement.Name == COMPATIBILITY_LAYER && String.IsNullOrEmpty(compatibilityLayer) && !String.IsNullOrEmpty(server)) {
-                    RestartApplication(false, Form, applicationMutexName);
-                    throw new InvalidModificationException();
+                // if this is the compatibility layer variable
+                // and the value is not what we want to set it to
+                // and we're in server mode...
+                if (environmentVariablesElement.Name == COMPATIBILITY_LAYER_NAME && value != compatibilityLayerValue && !String.IsNullOrEmpty(server)) {
+                    throw new CompatibilityLayersException();
                 }
             }
         }
 
-        new public void Deactivate() {
+        public void Deactivate(string server) {
             base.Deactivate();
+
+            if (String.IsNullOrEmpty(Name)) {
+                return;
+            }
+
             ModificationsElement modificationsElement = GetModificationsElement(false, Name);
 
             if (modificationsElement == null) {
                 return;
             }
 
+            string value = null;
+            string compatibilityLayerValue = null;
+
+            try {
+                compatibilityLayerValue = Environment.GetEnvironmentVariable(COMPATIBILITY_LAYER_NAME);
+            } catch (ArgumentException) {
+                throw new EnvironmentVariablesFailedException();
+            } catch (SecurityException) {
+                throw new TaskRequiresElevationException();
+            }
+
+            if (compatibilityLayerValue != null) {
+                compatibilityLayerValue = compatibilityLayerValue.ToUpper();
+            }
+
             EnvironmentVariablesElement environmentVariablesElement = null;
 
             for (int i = 0;i < modificationsElement.EnvironmentVariables.Count;i++) {
@@ -71,12 +104,23 @@ public void Activate(string name, string server, string applicationMutexName) {
                     throw new EnvironmentVariablesFailedException();
                 }
 
-                try {
-                    Environment.SetEnvironmentVariable(environmentVariablesElement.Name, null);
-                } catch (ArgumentException) {
-                    throw new EnvironmentVariablesFailedException();
-                } catch (SecurityException) {
-                    throw new TaskRequiresElevationException();
+                value = environmentVariablesElement.Value;
+
+                if (value != null) {
+                    value = value.ToUpper();
+                }
+
+                // if this isn't the compatibility layer variable
+                // or the value isn't what we want to set it to
+                // or we're not in server mode...
+                if (environmentVariablesElement.Name != COMPATIBILITY_LAYER_NAME || value != compatibilityLayerValue && String.IsNullOrEmpty(server)) {
+                    try {
+                        Environment.SetEnvironmentVariable(environmentVariablesElement.Name, null);
+                    } catch (ArgumentException) {
+                        throw new EnvironmentVariablesFailedException();
+                    } catch (SecurityException) {
+                        throw new TaskRequiresElevationException();
+                    }
                 }
             }
         }

FlashpointSecurePlayer/FlashpointSecurePlayer.cs

@@ -75,8 +75,8 @@ private void ShowError(string errorLabelText) {
             this.errorLabel.Text = errorLabelText;
         }
 
-        private void AskLaunchInAdministratorMode() {
-            if (!TestProcessRunningAsAdministrator()) {
+        private void AskLaunchAsAdministratorUser() {
+            if (!TestLaunchedAsAdministratorUser()) {
                 // popup message box and restart program here
                 // https://docs.microsoft.com/en-us/dotnet/api/system.windows.forms.messagebox?view=netframework-4.8
                 /*
@@ -89,7 +89,7 @@ then there'd be no dialog except this one - and I don't want
                  the program to enter an infinite restart loop
                  */
                 ShowOutput();
-                DialogResult dialogResult = MessageBox.Show(Properties.Resources.LaunchInAdministratorMode, Properties.Resources.FlashpointSecurePlayer, MessageBoxButtons.YesNo, MessageBoxIcon.None);
+                DialogResult dialogResult = MessageBox.Show(String.Format(Properties.Resources.LaunchGame, Properties.Resources.AsAdministratorUser), Properties.Resources.FlashpointSecurePlayer, MessageBoxButtons.YesNo, MessageBoxIcon.None);
 
                 if (dialogResult == DialogResult.No) {
                     Application.Exit();
@@ -101,7 +101,20 @@ the program to enter an infinite restart loop
             }
 
             // we're already running as admin?
-            ShowError(Properties.Resources.GameFailedAdministratorMode);
+            ShowError(String.Format(Properties.Resources.GameFailedLaunch, Properties.Resources.AsAdministratorUser));
+            throw new InvalidModificationException();
+        }
+
+        private void AskLaunchWithCompatibilitySettings() {
+            ShowOutput();
+            DialogResult dialogResult = MessageBox.Show(String.Format(Properties.Resources.LaunchGame, Properties.Resources.WithCompatibilitySettings), Properties.Resources.FlashpointSecurePlayer, MessageBoxButtons.YesNo, MessageBoxIcon.None);
+
+            if (dialogResult == DialogResult.No) {
+                Application.Exit();
+                throw new InvalidModificationException();
+            }
+
+            RestartApplication(false, this, APPLICATION_MUTEX_NAME);
             throw new InvalidModificationException();
         }
 
@@ -164,7 +177,7 @@ private async Task ActivateModificationsAsync(string commandLine, ErrorDelegate
                 } catch (System.Configuration.ConfigurationErrorsException) {
                     errorDelegate(Properties.Resources.ConfigurationFailedLoad);
                 } catch (TaskRequiresElevationException) {
-                    AskLaunchInAdministratorMode();
+                    AskLaunchAsAdministratorUser();
                 }
 
                 if (modificationsElement.ModeTemplates.ServerModeTemplate.ElementInformation.IsPresent || modificationsElement.ModeTemplates.SoftwareModeTemplate.ElementInformation.IsPresent) {
@@ -175,7 +188,7 @@ private async Task ActivateModificationsAsync(string commandLine, ErrorDelegate
                     } catch (System.Configuration.ConfigurationErrorsException) {
                         errorDelegate(Properties.Resources.ConfigurationFailedLoad);
                     } catch (TaskRequiresElevationException) {
-                        AskLaunchInAdministratorMode();
+                        AskLaunchAsAdministratorUser();
                     }
                 }
 
@@ -187,7 +200,9 @@ private async Task ActivateModificationsAsync(string commandLine, ErrorDelegate
                     } catch (System.Configuration.ConfigurationErrorsException) {
                         errorDelegate(Properties.Resources.ConfigurationFailedLoad);
                     } catch (TaskRequiresElevationException) {
-                        AskLaunchInAdministratorMode();
+                        AskLaunchAsAdministratorUser();
+                    } catch (CompatibilityLayersException) {
+                        AskLaunchWithCompatibilitySettings();
                     }
                 }
 
@@ -209,7 +224,7 @@ private async Task ActivateModificationsAsync(string commandLine, ErrorDelegate
                     } catch (System.Configuration.ConfigurationErrorsException) {
                         errorDelegate(Properties.Resources.ConfigurationFailedLoad);
                     } catch (TaskRequiresElevationException) {
-                        AskLaunchInAdministratorMode();
+                        AskLaunchAsAdministratorUser();
                     }
                 }
 
@@ -219,7 +234,7 @@ private async Task ActivateModificationsAsync(string commandLine, ErrorDelegate
                     } catch (InvalidModificationException ex) {
                         throw ex;
                     } catch (TaskRequiresElevationException) {
-                        AskLaunchInAdministratorMode();
+                        AskLaunchAsAdministratorUser();
                     } catch {
                         errorDelegate(Properties.Resources.UnknownProcessCompatibilityConflict);
                     }
@@ -242,17 +257,19 @@ private async Task DeactivateModificationsAsync(ErrorDelegate errorDelegate) {
                 } catch (System.Configuration.ConfigurationErrorsException) {
                     errorDelegate(Properties.Resources.ConfigurationFailedLoad);
                 } catch (TaskRequiresElevationException) {
-                    AskLaunchInAdministratorMode();
+                    AskLaunchAsAdministratorUser();
                 }
 
                 try {
-                    EnvironmentVariables.Deactivate();
+                    EnvironmentVariables.Deactivate(Server);
                 } catch (EnvironmentVariablesFailedException) {
                     errorDelegate(Properties.Resources.EnvironmentVariablesFailed);
                 } catch (System.Configuration.ConfigurationErrorsException) {
                     errorDelegate(Properties.Resources.ConfigurationFailedLoad);
                 } catch (TaskRequiresElevationException) {
-                    AskLaunchInAdministratorMode();
+                    AskLaunchAsAdministratorUser();
+                } catch (CompatibilityLayersException) {
+                    AskLaunchWithCompatibilitySettings();
                 }
 
                 try {
@@ -278,12 +295,9 @@ private async Task StartSecurePlayback() {
                     throw new InvalidModificationException();
                 }
 
-                //this.ShowInTaskbar = true;
-                //this.WindowState = FormWindowState.Normal;
-
                 // this requires admin
-                if (!TestProcessRunningAsAdministrator()) {
-                    AskLaunchInAdministratorMode();
+                if (!TestLaunchedAsAdministratorUser()) {
+                    AskLaunchAsAdministratorUser();
                 }
 
                 ResetProgressBar();
@@ -341,7 +355,7 @@ private async Task StartSecurePlayback() {
                     return;
                 } catch (TaskRequiresElevationException) {
                     // we're already running as admin?
-                    ShowError(Properties.Resources.GameFailedAdministratorMode);
+                    ShowError(String.Format(Properties.Resources.GameFailedLaunch, Properties.Resources.AsAdministratorUser));
                     return;
                 } catch (InvalidOperationException) {
                     ShowError(Properties.Resources.RegistryBackupAlreadyRunning);
@@ -535,13 +549,15 @@ private async void FlashpointSecurePlayer_Load(object sender, EventArgs e) {
                 }
             } catch (TaskRequiresElevationException) {
                 try {
-                    AskLaunchInAdministratorMode();
+                    AskLaunchAsAdministratorUser();
                 } catch (InvalidModificationException) {
                     Application.Exit();
                     return;
                 }
             }
 
+            BringToFront();
+            Activate();
             ShowOutput(Properties.Resources.RequiredComponentsAreUnloading);
 
             string arg = null;

FlashpointSecurePlayer/FlashpointSecurePlayerConfigs/javadebug.config

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <configSections>
+    <section name="flashpointSecurePlayer" type="FlashpointSecurePlayer.Shared+FlashpointSecurePlayerSection, FlashpointSecurePlayer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
+  </configSections>
+
+  <flashpointSecurePlayer>
+    <modifications>
+      <modification name="javadebug">
+	    <modeTemplates>
+		  <softwareModeTemplate hideWindow="false">
+		    <regexes>
+		      <regex name="^\s*(?:(&quot;[^\\&quot;]*(?:\\&quot;[^\\&quot;]*)*&quot;?)\s*(.*)$)?([^\\&quot;\s]*(?:\\&quot;[^\\&quot;\s]*)*)\s*(.*)$" replace="Java\JDK_1.8.0_181\bin\appletviewer.exe -J-Dhttp.proxyHost=127.0.0.1 -J-Dhttp.proxyPort=22500 -J-Dhttps.proxyHost=127.0.0.1 -J-Dhttps.proxyPort=22500 -J-Dftp.proxyHost=127.0.0.1 -J-Dftp.proxyPort=22500 -J-DsocksProxyHost=127.0.0.1 -J-DsocksProxyPort= -J-Xbootclasspath/a:..\jre\lib\deploy.jar;..\jre\lib\javaws.jar;..\jre\lib\plugin.jar $2$4 $1$3" />
+			</regexes>
+		  </softwareModeTemplate>
+		</modeTemplates>
+      </modification>
+    </modifications>
+  </flashpointSecurePlayer>
+  <startup>
+    
+  <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/></startup>
+</configuration>