Windows: Implement Secure Desktop for password entry. Add option and command line switch to activate it.

2025-11-12 11:28:26 -06:00 · 2016-12-30 12:17:09 +01:00
parent d116eba160
commit cdbe54e605
44 changed files with 268 additions and 15 deletions
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -721,6 +721,8 @@ void LoadSettingsAndCheckModified (HWND hwndDlg, BOOL bOnlyCheckModified, BOOL*

 	ConfigReadCompareInt ("HideWaitingDialog", FALSE, &bHideWaitingDialog, bOnlyCheckModified, pbSettingsModified);

+	ConfigReadCompareInt ("UseSecureDesktop", FALSE, &bUseSecureDesktop, bOnlyCheckModified, pbSettingsModified);
+
 	ConfigReadCompareInt ("MountVolumesRemovable", FALSE, &defaultMountOptions.Removable, bOnlyCheckModified, pbSettingsModified);
 	ConfigReadCompareInt ("MountVolumesReadOnly", FALSE, &defaultMountOptions.ReadOnly, bOnlyCheckModified, pbSettingsModified);

@@ -878,6 +880,7 @@ void SaveSettings (HWND hwndDlg)
 		ConfigWriteInt ("PreserveTimestamps",				defaultMountOptions.PreserveTimestamp);
 		ConfigWriteInt ("ShowDisconnectedNetworkDrives",bShowDisconnectedNetworkDrives);
 		ConfigWriteInt ("HideWaitingDialog",				bHideWaitingDialog);
+		ConfigWriteInt ("UseSecureDesktop",					bUseSecureDesktop);

 		ConfigWriteInt ("EnableBackgroundTask",				bEnableBkgTask);
 		ConfigWriteInt ("CloseBackgroundTaskOnNoVolumes",	bCloseBkgTaskWhenNoVolumes);
@@ -3132,6 +3135,9 @@ BOOL CALLBACK PreferencesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
 			SendMessage (GetDlgItem (hwndDlg, IDC_HIDE_WAITING_DIALOG), BM_SETCHECK,
 				bHideWaitingDialog ? BST_CHECKED:BST_UNCHECKED, 0);

+			SendMessage (GetDlgItem (hwndDlg, IDC_SECURE_DESKTOP_PASSWORD_ENTRY), BM_SETCHECK,
+				bUseSecureDesktop ? BST_CHECKED:BST_UNCHECKED, 0);
+
 			SendMessage (GetDlgItem (hwndDlg, IDC_PREF_TEMP_CACHE_ON_MULTIPLE_MOUNT), BM_SETCHECK,
 						bCacheDuringMultipleMount ? BST_CHECKED:BST_UNCHECKED, 0);

@@ -3247,6 +3253,7 @@ BOOL CALLBACK PreferencesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
 			bPreserveTimestamp = defaultMountOptions.PreserveTimestamp = IsButtonChecked (GetDlgItem (hwndDlg, IDC_PRESERVE_TIMESTAMPS));
 			bShowDisconnectedNetworkDrives = IsButtonChecked (GetDlgItem (hwndDlg, IDC_SHOW_DISCONNECTED_NETWORK_DRIVES));
 			bHideWaitingDialog = IsButtonChecked (GetDlgItem (hwndDlg, IDC_HIDE_WAITING_DIALOG));
+			bUseSecureDesktop = IsButtonChecked (GetDlgItem (hwndDlg, IDC_SECURE_DESKTOP_PASSWORD_ENTRY));
 			bCacheDuringMultipleMount	= IsButtonChecked (GetDlgItem (hwndDlg, IDC_PREF_TEMP_CACHE_ON_MULTIPLE_MOUNT));
 			bWipeCacheOnExit				= IsButtonChecked (GetDlgItem (hwndDlg, IDC_PREF_WIPE_CACHE_ON_EXIT));
 			bWipeCacheOnAutoDismount		= IsButtonChecked (GetDlgItem (hwndDlg, IDC_PREF_WIPE_CACHE_ON_AUTODISMOUNT));
@@ -4537,7 +4544,7 @@ static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, int
 	dlgParam.pim = pim;
 	dlgParam.truecryptMode = truecryptMode;

-	result = DialogBoxParamW (hInst,
+	result = SecureDesktopDialogBoxParam (hInst,
 		MAKEINTRESOURCEW (IDD_PASSWORD_DLG), hwndDlg,
 		(DLGPROC) PasswordDlgProc, (LPARAM) &dlgParam);

@@ -6440,6 +6447,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 			bPreserveTimestamp = defaultMountOptions.PreserveTimestamp = TRUE;
 			bShowDisconnectedNetworkDrives = FALSE;
 			bHideWaitingDialog = FALSE;
+			bUseSecureDesktop = FALSE;

 			ResetWrongPwdRetryCount ();

@@ -8449,6 +8457,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
 				OptionPim,
 				OptionTryEmptyPassword,
 				OptionNoWaitDlg,
+				OptionSecureDesktop,
 			};

 			argument args[]=
@@ -8476,6 +8485,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
 				{ CommandWipeCache,				L"/wipecache",		L"/w", FALSE },
 				{ OptionTryEmptyPassword,		L"/tryemptypass",	NULL, FALSE },
 				{ OptionNoWaitDlg,			L"/nowaitdlg",	NULL, FALSE },
+				{ OptionSecureDesktop,			L"/secureDesktop",	NULL, FALSE },
 			};

 			argumentspec as;
@@ -8547,6 +8557,25 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
 				}
 				break;

+			case OptionSecureDesktop:
+				{
+					wchar_t szTmp[16] = {0};
+					bCmdUseSecureDesktop = TRUE;
+					bCmdUseSecureDesktopValid = TRUE;
+
+					if (HAS_ARGUMENT == GetArgumentValue (lpszCommandLineArgs, &i, nNoCommandLineArgs,
+						     szTmp, ARRAYSIZE (szTmp)))
+					{
+						if (!_wcsicmp(szTmp,L"n") || !_wcsicmp(szTmp,L"no"))
+							bCmdUseSecureDesktop = FALSE;
+						else if (!_wcsicmp(szTmp,L"y") || !_wcsicmp(szTmp,L"yes"))
+							bCmdUseSecureDesktop = TRUE;
+						else
+							AbortProcess ("COMMAND_LINE_ERROR");
+					}
+				}
+				break;
+
 			case OptionCache:
 				{
 					wchar_t szTmp[16] = {0};
@@ -8972,6 +9001,7 @@ static BOOL StartSystemFavoritesService ()
 	DeviceChangeBroadcastDisabled = TRUE;
 	bShowDisconnectedNetworkDrives = TRUE;
 	bHideWaitingDialog = TRUE;
+	bUseSecureDesktop = FALSE;

 	InitOSVersionInfo();

--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -41,7 +41,7 @@ IDR_MOUNT_TLB           TYPELIB                 "Mount.tlb"
 // Dialog
 //

-IDD_PREFERENCES_DLG DIALOGEX 0, 0, 336, 333
+IDD_PREFERENCES_DLG DIALOGEX 0, 0, 336, 340
 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
 CAPTION "VeraCrypt - Preferences"
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
@@ -78,28 +78,30 @@ BEGIN
    CONTROL         "Make disconnected network drives available for mounting",IDC_SHOW_DISCONNECTED_NETWORK_DRIVES,
                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,11,208,316,10
    CONTROL         "Cache passwords in driver memory",IDC_PREF_CACHE_PASSWORDS,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,11,254,146,11
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,11,263,146,11
    CONTROL         "Wipe cached passwords on exit",IDC_PREF_WIPE_CACHE_ON_EXIT,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,162,254,165,11
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,162,263,165,11
    CONTROL         "Temporarily cache password during ""Mount Favorite Volumes"" operations",IDC_PREF_TEMP_CACHE_ON_MULTIPLE_MOUNT,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,11,268,294,11
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,11,277,294,11
    CONTROL         "Wipe cached passwords on auto-dismount",IDC_PREF_WIPE_CACHE_ON_AUTODISMOUNT,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,11,282,296,11
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,11,291,296,11
    CONTROL         "Include PIM when caching a password",IDC_PREF_CACHE_PIM,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,11,296,296,10
-    PUSHBUTTON      "More Settings...",IDC_MORE_SETTINGS,5,317,85,14
-    DEFPUSHBUTTON   "OK",IDOK,225,317,50,14
-    PUSHBUTTON      "Cancel",IDCANCEL,281,317,50,14
-    GROUPBOX        "Windows",IDT_WINDOWS_RELATED_SETTING,4,160,328,76
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,11,305,296,10
+    PUSHBUTTON      "More Settings...",IDC_MORE_SETTINGS,5,324,85,14
+    DEFPUSHBUTTON   "OK",IDOK,225,324,50,14
+    PUSHBUTTON      "Cancel",IDCANCEL,281,324,50,14
+    GROUPBOX        "Windows",IDT_WINDOWS_RELATED_SETTING,4,160,328,87
    GROUPBOX        "Default Mount Options",IDT_DEFAULT_MOUNT_OPTIONS,4,3,328,26
    GROUPBOX        "VeraCrypt Background Task",IDT_TASKBAR_ICON,4,33,328,26
    GROUPBOX        "Auto-Dismount",IDT_AUTO_DISMOUNT,4,94,328,62
    LTEXT           "minutes",IDT_MINUTES,289,129,39,10
    LTEXT           "Dismount all when:",IDT_AUTO_DISMOUNT_ON,9,104,71,20
-    GROUPBOX        "Password Cache",IDT_PW_CACHE_OPTIONS,4,243,328,68
+    GROUPBOX        "Password Cache",IDT_PW_CACHE_OPTIONS,4,252,328,68
    GROUPBOX        "Actions to perform upon logon to Windows",IDT_LOGON,4,63,328,28
    CONTROL         "Don't show wait message dialog when performing operations",IDC_HIDE_WAITING_DIALOG,
                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,11,220,316,10
+    CONTROL         "Use Secure Desktop for password entry",IDC_SECURE_DESKTOP_PASSWORD_ENTRY,
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,11,232,316,10
 END

 IDD_VOLUME_PROPERTIES DIALOGEX 60, 30, 284, 224
@@ -421,7 +423,7 @@ BEGIN
        LEFTMARGIN, 7
        RIGHTMARGIN, 329
        TOPMARGIN, 7
-        BOTTOMMARGIN, 331
+        BOTTOMMARGIN, 338
    END

    IDD_VOLUME_PROPERTIES, DIALOG
--- a/src/Mount/Resource.h
+++ b/src/Mount/Resource.h
@@ -183,6 +183,7 @@
 #define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160
 #define IDC_HIDE_WAITING_DIALOG         1161
 #define IDC_DISABLE_BOOT_LOADER_HASH_PROMPT 1162
+#define IDC_SECURE_DESKTOP_PASSWORD_ENTRY 1163
 #define IDM_HELP                        40001
 #define IDM_ABOUT                       40002
 #define IDM_UNMOUNT_VOLUME              40003
@@ -259,7 +260,7 @@
 #define _APS_NO_MFC                     1
 #define _APS_NEXT_RESOURCE_VALUE        120
 #define _APS_NEXT_COMMAND_VALUE         40069
-#define _APS_NEXT_CONTROL_VALUE         1163
+#define _APS_NEXT_CONTROL_VALUE         1164
 #define _APS_NEXT_SYMED_VALUE           101
 #endif
 #endif