reactos/dll/win32/mshtml/secmgr.c

   1 /*
   2  * Copyright 2009 Jacek Caban for CodeWeavers
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the Free Software
  16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  17  */
  18
  19 #include "mshtml_private.h"
  20
  21 #include <activscp.h>
  22
  23 static const WCHAR about_blankW[] = {'a','b','o','u','t',':','b','l','a','n','k',0};
  24
  25 /* Defined as extern in urlmon.idl, but not exported by uuid.lib */
  26 DECLSPEC_HIDDEN const GUID GUID_CUSTOM_CONFIRMOBJECTSAFETY =
  27     {0x10200490,0xfa38,0x11d0,{0xac,0x0e,0x00,0xa0,0xc9,0xf,0xff,0xc0}};
  28
  29 static inline HTMLDocumentNode *impl_from_IInternetHostSecurityManager(IInternetHostSecurityManager *iface)
  30 {
  31     return CONTAINING_RECORD(iface, HTMLDocumentNode, IInternetHostSecurityManager_iface);
  32 }
  33
  34 static HRESULT WINAPI InternetHostSecurityManager_QueryInterface(IInternetHostSecurityManager *iface, REFIID riid, void **ppv)
  35 {
  36     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
  37     return IHTMLDOMNode_QueryInterface(&This->node.IHTMLDOMNode_iface, riid, ppv);
  38 }
  39
  40 static ULONG WINAPI InternetHostSecurityManager_AddRef(IInternetHostSecurityManager *iface)
  41 {
  42     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
  43     return IHTMLDOMNode_AddRef(&This->node.IHTMLDOMNode_iface);
  44 }
  45
  46 static ULONG WINAPI InternetHostSecurityManager_Release(IInternetHostSecurityManager *iface)
  47 {
  48     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
  49     return IHTMLDOMNode_Release(&This->node.IHTMLDOMNode_iface);
  50 }
  51
  52 static HRESULT WINAPI InternetHostSecurityManager_GetSecurityId(IInternetHostSecurityManager *iface,  BYTE *pbSecurityId,
  53         DWORD *pcbSecurityId, DWORD_PTR dwReserved)
  54 {
  55     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
  56     FIXME("(%p)->(%p %p %lx)\n", This, pbSecurityId, pcbSecurityId, dwReserved);
  57     return E_NOTIMPL;
  58 }
  59
  60 static HRESULT WINAPI InternetHostSecurityManager_ProcessUrlAction(IInternetHostSecurityManager *iface, DWORD dwAction,
  61         BYTE *pPolicy, DWORD cbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwFlags, DWORD dwReserved)
  62 {
  63     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
  64     const WCHAR *url;
  65
  66     TRACE("(%p)->(%d %p %d %p %d %x %x)\n", This, dwAction, pPolicy, cbPolicy, pContext, cbContext, dwFlags, dwReserved);
  67
  68     if(!This->basedoc.window)
  69         return E_UNEXPECTED;
  70
  71     url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
  72
  73     return IInternetSecurityManager_ProcessUrlAction(This->basedoc.window->secmgr, url, dwAction, pPolicy, cbPolicy,
  74             pContext, cbContext, dwFlags, dwReserved);
  75 }
  76
  77 static HRESULT confirm_safety_load(HTMLDocumentNode *This, struct CONFIRMSAFETY *cs, DWORD *ret)
  78 {
  79     IObjectSafety *obj_safety;
  80     HRESULT hres;
  81
  82     hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
  83     if(SUCCEEDED(hres)) {
  84         hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch,
  85                 INTERFACESAFE_FOR_UNTRUSTED_DATA, INTERFACESAFE_FOR_UNTRUSTED_DATA);
  86         IObjectSafety_Release(obj_safety);
  87         *ret = SUCCEEDED(hres) ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
  88     }else {
  89         CATID init_catid = CATID_SafeForInitializing;
  90
  91         hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &init_catid, 0, NULL);
  92         assert(SUCCEEDED(hres));
  93         *ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
  94     }
  95
  96     return S_OK;
  97 }
  98
  99 static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct CONFIRMSAFETY *cs, DWORD *ret)
 100 {
 101     DWORD policy, enabled_opts, supported_opts;
 102     IObjectSafety *obj_safety;
 103     HRESULT hres;
 104
 105     TRACE("%s %p %s\n", debugstr_w(url), cs->pUnk, debugstr_guid(&cs->clsid));
 106
 107     /* FIXME: Check URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY */
 108
 109     hres = IInternetSecurityManager_ProcessUrlAction(This->basedoc.window->secmgr, url, URLACTION_SCRIPT_SAFE_ACTIVEX,
 110             (BYTE*)&policy, sizeof(policy), NULL, 0, 0, 0);
 111     if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
 112         *ret = URLPOLICY_DISALLOW;
 113         return S_OK;
 114     }
 115
 116     hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
 117     if(SUCCEEDED(hres)) {
 118         hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
 119         if(FAILED(hres))
 120             supported_opts = 0;
 121
 122         enabled_opts = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
 123         if(supported_opts & INTERFACE_USES_SECURITY_MANAGER)
 124             enabled_opts |= INTERFACE_USES_SECURITY_MANAGER;
 125
 126         hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
 127         if(FAILED(hres)) {
 128             enabled_opts &= ~INTERFACE_USES_SECURITY_MANAGER;
 129             hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch, enabled_opts, enabled_opts);
 130         }
 131         IObjectSafety_Release(obj_safety);
 132
 133         if(FAILED(hres)) {
 134             *ret = URLPOLICY_DISALLOW;
 135             return S_OK;
 136         }
 137     }else {
 138         CATID scripting_catid = CATID_SafeForScripting;
 139
 140         if(!This->catmgr) {
 141             hres = CoCreateInstance(&CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER,
 142                     &IID_ICatInformation, (void**)&This->catmgr);
 143             if(FAILED(hres))
 144                 return hres;
 145         }
 146
 147         hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &scripting_catid, 0, NULL);
 148         if(FAILED(hres))
 149             return hres;
 150
 151         if(hres != S_OK) {
 152             *ret = URLPOLICY_DISALLOW;
 153             return S_OK;
 154         }
 155     }
 156
 157     if(cs->dwFlags & CONFIRMSAFETYACTION_LOADOBJECT)
 158         return confirm_safety_load(This, cs, ret);
 159
 160     *ret = URLPOLICY_ALLOW;
 161     return S_OK;
 162 }
 163
 164 static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager *iface, REFGUID guidKey,
 165         BYTE **ppPolicy, DWORD *pcbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwReserved)
 166 {
 167     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
 168     const WCHAR *url;
 169     HRESULT hres;
 170
 171     TRACE("(%p)->(%s %p %p %p %d %x)\n", This, debugstr_guid(guidKey), ppPolicy, pcbPolicy, pContext, cbContext, dwReserved);
 172
 173     if(!This->basedoc.window)
 174         return E_UNEXPECTED;
 175
 176     url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
 177
 178     hres = IInternetSecurityManager_QueryCustomPolicy(This->basedoc.window->secmgr, url, guidKey, ppPolicy, pcbPolicy,
 179             pContext, cbContext, dwReserved);
 180     if(hres != HRESULT_FROM_WIN32(ERROR_NOT_FOUND))
 181         return hres;
 182
 183     if(IsEqualGUID(&GUID_CUSTOM_CONFIRMOBJECTSAFETY, guidKey)) {
 184         IActiveScript *active_script;
 185         struct CONFIRMSAFETY *cs;
 186         DWORD policy;
 187
 188         if(cbContext != sizeof(struct CONFIRMSAFETY)) {
 189             FIXME("wrong context size\n");
 190             return E_FAIL;
 191         }
 192
 193         cs = (struct CONFIRMSAFETY*)pContext;
 194         TRACE("cs = {%s %p %x}\n", debugstr_guid(&cs->clsid), cs->pUnk, cs->dwFlags);
 195
 196         hres = IUnknown_QueryInterface(cs->pUnk, &IID_IActiveScript, (void**)&active_script);
 197         if(SUCCEEDED(hres)) {
 198             FIXME("Got IAciveScript iface\n");
 199             IActiveScript_Release(active_script);
 200             return E_FAIL;
 201         }
 202
 203         hres = confirm_safety(This, url, cs, &policy);
 204         if(FAILED(hres))
 205             return hres;
 206
 207         *ppPolicy = CoTaskMemAlloc(sizeof(policy));
 208         if(!*ppPolicy)
 209             return E_OUTOFMEMORY;
 210
 211         *(DWORD*)*ppPolicy = policy;
 212         *pcbPolicy = sizeof(policy);
 213         TRACE("policy %x\n", policy);
 214         return S_OK;
 215     }
 216
 217     FIXME("Unknown guidKey %s\n", debugstr_guid(guidKey));
 218     return hres;
 219 }
 220
 221 static const IInternetHostSecurityManagerVtbl InternetHostSecurityManagerVtbl = {
 222     InternetHostSecurityManager_QueryInterface,
 223     InternetHostSecurityManager_AddRef,
 224     InternetHostSecurityManager_Release,
 225     InternetHostSecurityManager_GetSecurityId,
 226     InternetHostSecurityManager_ProcessUrlAction,
 227     InternetHostSecurityManager_QueryCustomPolicy
 228 };
 229
 230 void HTMLDocumentNode_SecMgr_Init(HTMLDocumentNode *This)
 231 {
 232     This->IInternetHostSecurityManager_iface.lpVtbl = &InternetHostSecurityManagerVtbl;
 233 }