projects / reactos.git / blob
? search:


d7f0c98215d679b4997112048b41442273c0c151
[reactos.git] / reactos / dll / win32 / mshtml / secmgr.c
1 /*
2 * Copyright 2009 Jacek Caban for CodeWeavers
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 */
18
19 #define WIN32_NO_STATUS
20 #define _INC_WINDOWS
21
22 #include <config.h>
23
24 #include <stdarg.h>
25 //#include <stdio.h>
26 #include <assert.h>
27
28 #define COBJMACROS
29
30 #include <windef.h>
31 #include <winbase.h>
32 //#include "winuser.h"
33 #include <ole2.h>
34 #include <activscp.h>
35
36 #include <wine/debug.h>
37
38 #include "mshtml_private.h"
39
40 WINE_DEFAULT_DEBUG_CHANNEL(mshtml);
41
42 static const WCHAR about_blankW[] = {'a','b','o','u','t',':','b','l','a','n','k',0};
43
44 /* Defined as extern in urlmon.idl, but not exported by uuid.lib */
45 DECLSPEC_HIDDEN const GUID GUID_CUSTOM_CONFIRMOBJECTSAFETY =
46 {0x10200490,0xfa38,0x11d0,{0xac,0x0e,0x00,0xa0,0xc9,0xf,0xff,0xc0}};
47
48 static inline HTMLDocumentNode *impl_from_IInternetHostSecurityManager(IInternetHostSecurityManager *iface)
49 {
50 return CONTAINING_RECORD(iface, HTMLDocumentNode, IInternetHostSecurityManager_iface);
51 }
52
53 static HRESULT WINAPI InternetHostSecurityManager_QueryInterface(IInternetHostSecurityManager *iface, REFIID riid, void **ppv)
54 {
55 HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
56 return IHTMLDOMNode_QueryInterface(&This->node.IHTMLDOMNode_iface, riid, ppv);
57 }
58
59 static ULONG WINAPI InternetHostSecurityManager_AddRef(IInternetHostSecurityManager *iface)
60 {
61 HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
62 return IHTMLDOMNode_AddRef(&This->node.IHTMLDOMNode_iface);
63 }
64
65 static ULONG WINAPI InternetHostSecurityManager_Release(IInternetHostSecurityManager *iface)
66 {
67 HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
68 return IHTMLDOMNode_Release(&This->node.IHTMLDOMNode_iface);
69 }
70
71 static HRESULT WINAPI InternetHostSecurityManager_GetSecurityId(IInternetHostSecurityManager *iface, BYTE *pbSecurityId,
72 DWORD *pcbSecurityId, DWORD_PTR dwReserved)
73 {
74 HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
75 FIXME("(%p)->(%p %p %lx)\n", This, pbSecurityId, pcbSecurityId, dwReserved);
76 return E_NOTIMPL;
77 }
78
79 static HRESULT WINAPI InternetHostSecurityManager_ProcessUrlAction(IInternetHostSecurityManager *iface, DWORD dwAction,
80 BYTE *pPolicy, DWORD cbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwFlags, DWORD dwReserved)
81 {
82 HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
83 const WCHAR *url;
84
85 TRACE("(%p)->(%d %p %d %p %d %x %x)\n", This, dwAction, pPolicy, cbPolicy, pContext, cbContext, dwFlags, dwReserved);
86
87 if(!This->basedoc.window)
88 return E_UNEXPECTED;
89
90 url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
91
92 return IInternetSecurityManager_ProcessUrlAction(This->basedoc.window->secmgr, url, dwAction, pPolicy, cbPolicy,
93 pContext, cbContext, dwFlags, dwReserved);
94 }
95
96 static HRESULT confirm_safety_load(HTMLDocumentNode *This, struct CONFIRMSAFETY *cs, DWORD *ret)
97 {
98 IObjectSafety *obj_safety;
99 HRESULT hres;
100
101 hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
102 if(SUCCEEDED(hres)) {
103 hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch,
104 INTERFACESAFE_FOR_UNTRUSTED_DATA, INTERFACESAFE_FOR_UNTRUSTED_DATA);
105 IObjectSafety_Release(obj_safety);
106 *ret = SUCCEEDED(hres) ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
107 }else {
108 CATID init_catid = CATID_SafeForInitializing;
109
110 hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &init_catid, 0, NULL);
111 assert(SUCCEEDED(hres));
112 *ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
113 }
114
115 return S_OK;
116 }
117
118 static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct CONFIRMSAFETY *cs, DWORD *ret)
119 {
120 DWORD policy, enabled_opts, supported_opts;
121 IObjectSafety *obj_safety;
122 HRESULT hres;
123
124 TRACE("%s %p %s\n", debugstr_w(url), cs->pUnk, debugstr_guid(&cs->clsid));
125
126 /* FIXME: Check URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY */
127
128 hres = IInternetSecurityManager_ProcessUrlAction(This->basedoc.window->secmgr, url, URLACTION_SCRIPT_SAFE_ACTIVEX,
129 (BYTE*)&policy, sizeof(policy), NULL, 0, 0, 0);
130 if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
131 *ret = URLPOLICY_DISALLOW;
132 return S_OK;
133 }
134
135 hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
136 if(SUCCEEDED(hres)) {
137 hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
138 if(FAILED(hres))
139 supported_opts = 0;
140
141 enabled_opts = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
142 if(supported_opts & INTERFACE_USES_SECURITY_MANAGER)
143 enabled_opts |= INTERFACE_USES_SECURITY_MANAGER;
144
145 hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
146 if(FAILED(hres)) {
147 enabled_opts &= ~INTERFACE_USES_SECURITY_MANAGER;
148 hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch, enabled_opts, enabled_opts);
149 }
150 IObjectSafety_Release(obj_safety);
151
152 if(FAILED(hres)) {
153 *ret = URLPOLICY_DISALLOW;
154 return S_OK;
155 }
156 }else {
157 CATID scripting_catid = CATID_SafeForScripting;
158
159 if(!This->catmgr) {
160 hres = CoCreateInstance(&CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER,
161 &IID_ICatInformation, (void**)&This->catmgr);
162 if(FAILED(hres))
163 return hres;
164 }
165
166 hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &scripting_catid, 0, NULL);
167 if(FAILED(hres))
168 return hres;
169
170 if(hres != S_OK) {
171 *ret = URLPOLICY_DISALLOW;
172 return S_OK;
173 }
174 }
175
176 if(cs->dwFlags & CONFIRMSAFETYACTION_LOADOBJECT)
177 return confirm_safety_load(This, cs, ret);
178
179 *ret = URLPOLICY_ALLOW;
180 return S_OK;
181 }
182
183 static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager *iface, REFGUID guidKey,
184 BYTE **ppPolicy, DWORD *pcbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwReserved)
185 {
186 HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
187 const WCHAR *url;
188 HRESULT hres;
189
190 TRACE("(%p)->(%s %p %p %p %d %x)\n", This, debugstr_guid(guidKey), ppPolicy, pcbPolicy, pContext, cbContext, dwReserved);
191
192 if(!This->basedoc.window)
193 return E_UNEXPECTED;
194
195 url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
196
197 hres = IInternetSecurityManager_QueryCustomPolicy(This->basedoc.window->secmgr, url, guidKey, ppPolicy, pcbPolicy,
198 pContext, cbContext, dwReserved);
199 if(hres != HRESULT_FROM_WIN32(ERROR_NOT_FOUND))
200 return hres;
201
202 if(IsEqualGUID(&GUID_CUSTOM_CONFIRMOBJECTSAFETY, guidKey)) {
203 IActiveScript *active_script;
204 struct CONFIRMSAFETY *cs;
205 DWORD policy;
206
207 if(cbContext != sizeof(struct CONFIRMSAFETY)) {
208 FIXME("wrong context size\n");
209 return E_FAIL;
210 }
211
212 cs = (struct CONFIRMSAFETY*)pContext;
213 TRACE("cs = {%s %p %x}\n", debugstr_guid(&cs->clsid), cs->pUnk, cs->dwFlags);
214
215 hres = IUnknown_QueryInterface(cs->pUnk, &IID_IActiveScript, (void**)&active_script);
216 if(SUCCEEDED(hres)) {
217 FIXME("Got IAciveScript iface\n");
218 IActiveScript_Release(active_script);
219 return E_FAIL;
220 }
221
222 hres = confirm_safety(This, url, cs, &policy);
223 if(FAILED(hres))
224 return hres;
225
226 *ppPolicy = CoTaskMemAlloc(sizeof(policy));
227 if(!*ppPolicy)
228 return E_OUTOFMEMORY;
229
230 *(DWORD*)*ppPolicy = policy;
231 *pcbPolicy = sizeof(policy);
232 TRACE("policy %x\n", policy);
233 return S_OK;
234 }
235
236 FIXME("Unknown guidKey %s\n", debugstr_guid(guidKey));
237 return hres;
238 }
239
240 static const IInternetHostSecurityManagerVtbl InternetHostSecurityManagerVtbl = {
241 InternetHostSecurityManager_QueryInterface,
242 InternetHostSecurityManager_AddRef,
243 InternetHostSecurityManager_Release,
244 InternetHostSecurityManager_GetSecurityId,
245 InternetHostSecurityManager_ProcessUrlAction,
246 InternetHostSecurityManager_QueryCustomPolicy
247 };
248
249 void HTMLDocumentNode_SecMgr_Init(HTMLDocumentNode *This)
250 {
251 This->IInternetHostSecurityManager_iface.lpVtbl = &InternetHostSecurityManagerVtbl;
252 }
A free Windows-compatible Operating System