2009-09-29 00:11:28 +02:00
|
|
|
/*
|
|
|
|
* Copyright 2009 Jacek Caban for CodeWeavers
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdarg.h>
|
|
|
|
#include <stdio.h>
|
2012-07-17 14:42:18 +02:00
|
|
|
#include <assert.h>
|
2009-09-29 00:11:28 +02:00
|
|
|
|
|
|
|
#define COBJMACROS
|
|
|
|
|
|
|
|
#include "windef.h"
|
|
|
|
#include "winbase.h"
|
|
|
|
#include "winuser.h"
|
|
|
|
#include "ole2.h"
|
2009-10-01 00:01:17 +02:00
|
|
|
#include "activscp.h"
|
2009-09-29 00:11:28 +02:00
|
|
|
|
|
|
|
#include "wine/debug.h"
|
|
|
|
|
|
|
|
#include "mshtml_private.h"
|
|
|
|
|
|
|
|
WINE_DEFAULT_DEBUG_CHANNEL(mshtml);
|
|
|
|
|
2009-10-01 00:01:17 +02:00
|
|
|
/* Defined as extern in urlmon.idl, but not exported by uuid.lib */
|
2011-05-01 20:27:06 +02:00
|
|
|
DECLSPEC_HIDDEN const GUID GUID_CUSTOM_CONFIRMOBJECTSAFETY =
|
2009-10-01 00:01:17 +02:00
|
|
|
{0x10200490,0xfa38,0x11d0,{0xac,0x0e,0x00,0xa0,0xc9,0xf,0xff,0xc0}};
|
|
|
|
|
2011-01-03 01:01:38 +01:00
|
|
|
static inline HTMLDocumentNode *impl_from_IInternetHostSecurityManager(IInternetHostSecurityManager *iface)
|
|
|
|
{
|
|
|
|
return CONTAINING_RECORD(iface, HTMLDocumentNode, IInternetHostSecurityManager_iface);
|
|
|
|
}
|
2009-09-29 00:11:28 +02:00
|
|
|
|
|
|
|
static HRESULT WINAPI InternetHostSecurityManager_QueryInterface(IInternetHostSecurityManager *iface, REFIID riid, void **ppv)
|
|
|
|
{
|
2011-01-03 01:01:38 +01:00
|
|
|
HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
|
2010-12-30 01:39:16 +01:00
|
|
|
return IHTMLDOMNode_QueryInterface(&This->node.IHTMLDOMNode_iface, riid, ppv);
|
2009-09-29 00:11:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static ULONG WINAPI InternetHostSecurityManager_AddRef(IInternetHostSecurityManager *iface)
|
|
|
|
{
|
2011-01-03 01:01:38 +01:00
|
|
|
HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
|
2010-12-30 01:39:16 +01:00
|
|
|
return IHTMLDOMNode_AddRef(&This->node.IHTMLDOMNode_iface);
|
2009-09-29 00:11:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static ULONG WINAPI InternetHostSecurityManager_Release(IInternetHostSecurityManager *iface)
|
|
|
|
{
|
2011-01-03 01:01:38 +01:00
|
|
|
HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
|
2010-12-30 01:39:16 +01:00
|
|
|
return IHTMLDOMNode_Release(&This->node.IHTMLDOMNode_iface);
|
2009-09-29 00:11:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static HRESULT WINAPI InternetHostSecurityManager_GetSecurityId(IInternetHostSecurityManager *iface, BYTE *pbSecurityId,
|
|
|
|
DWORD *pcbSecurityId, DWORD_PTR dwReserved)
|
|
|
|
{
|
2011-01-03 01:01:38 +01:00
|
|
|
HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
|
2009-09-29 00:11:28 +02:00
|
|
|
FIXME("(%p)->(%p %p %lx)\n", This, pbSecurityId, pcbSecurityId, dwReserved);
|
|
|
|
return E_NOTIMPL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static HRESULT WINAPI InternetHostSecurityManager_ProcessUrlAction(IInternetHostSecurityManager *iface, DWORD dwAction,
|
|
|
|
BYTE *pPolicy, DWORD cbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwFlags, DWORD dwReserved)
|
|
|
|
{
|
2011-01-03 01:01:38 +01:00
|
|
|
HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
|
2009-10-01 00:05:36 +02:00
|
|
|
const WCHAR *url;
|
|
|
|
|
2009-10-10 00:37:13 +02:00
|
|
|
TRACE("(%p)->(%d %p %d %p %d %x %x)\n", This, dwAction, pPolicy, cbPolicy, pContext, cbContext, dwFlags, dwReserved);
|
2009-10-01 00:05:36 +02:00
|
|
|
|
2012-01-18 13:40:43 +01:00
|
|
|
if(!This->basedoc.window)
|
|
|
|
return E_UNEXPECTED;
|
|
|
|
|
2020-11-24 23:29:19 +01:00
|
|
|
url = This->basedoc.window->url ? This->basedoc.window->url : L"about:blank";
|
2009-10-01 00:05:36 +02:00
|
|
|
|
2019-03-11 14:24:09 +01:00
|
|
|
return IInternetSecurityManager_ProcessUrlAction(get_security_manager(), url, dwAction, pPolicy, cbPolicy,
|
2009-10-01 00:05:36 +02:00
|
|
|
pContext, cbContext, dwFlags, dwReserved);
|
2009-09-29 00:11:28 +02:00
|
|
|
}
|
|
|
|
|
2010-12-09 16:28:58 +01:00
|
|
|
static HRESULT confirm_safety_load(HTMLDocumentNode *This, struct CONFIRMSAFETY *cs, DWORD *ret)
|
|
|
|
{
|
|
|
|
IObjectSafety *obj_safety;
|
|
|
|
HRESULT hres;
|
|
|
|
|
|
|
|
hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
|
|
|
|
if(SUCCEEDED(hres)) {
|
|
|
|
hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch,
|
|
|
|
INTERFACESAFE_FOR_UNTRUSTED_DATA, INTERFACESAFE_FOR_UNTRUSTED_DATA);
|
|
|
|
IObjectSafety_Release(obj_safety);
|
|
|
|
*ret = SUCCEEDED(hres) ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
|
|
|
|
}else {
|
|
|
|
CATID init_catid = CATID_SafeForInitializing;
|
|
|
|
|
|
|
|
hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &init_catid, 0, NULL);
|
2012-07-17 14:42:18 +02:00
|
|
|
assert(SUCCEEDED(hres));
|
2010-12-09 16:28:58 +01:00
|
|
|
*ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
|
|
|
|
}
|
|
|
|
|
|
|
|
return S_OK;
|
|
|
|
}
|
|
|
|
|
2009-11-20 00:00:41 +01:00
|
|
|
static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct CONFIRMSAFETY *cs, DWORD *ret)
|
2009-10-01 00:01:17 +02:00
|
|
|
{
|
|
|
|
DWORD policy, enabled_opts, supported_opts;
|
|
|
|
IObjectSafety *obj_safety;
|
|
|
|
HRESULT hres;
|
|
|
|
|
2010-05-05 13:21:36 +02:00
|
|
|
TRACE("%s %p %s\n", debugstr_w(url), cs->pUnk, debugstr_guid(&cs->clsid));
|
|
|
|
|
2009-10-01 00:01:17 +02:00
|
|
|
/* FIXME: Check URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY */
|
|
|
|
|
2019-03-11 14:24:09 +01:00
|
|
|
hres = IInternetSecurityManager_ProcessUrlAction(get_security_manager(), url, URLACTION_SCRIPT_SAFE_ACTIVEX,
|
2009-10-01 00:01:17 +02:00
|
|
|
(BYTE*)&policy, sizeof(policy), NULL, 0, 0, 0);
|
2009-11-20 00:00:41 +01:00
|
|
|
if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
|
|
|
|
*ret = URLPOLICY_DISALLOW;
|
|
|
|
return S_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
|
2010-12-09 16:28:58 +01:00
|
|
|
if(SUCCEEDED(hres)) {
|
|
|
|
hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
|
|
|
|
if(FAILED(hres))
|
|
|
|
supported_opts = 0;
|
|
|
|
|
|
|
|
enabled_opts = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
|
|
|
|
if(supported_opts & INTERFACE_USES_SECURITY_MANAGER)
|
|
|
|
enabled_opts |= INTERFACE_USES_SECURITY_MANAGER;
|
|
|
|
|
|
|
|
hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
|
|
|
|
if(FAILED(hres)) {
|
|
|
|
enabled_opts &= ~INTERFACE_USES_SECURITY_MANAGER;
|
|
|
|
hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch, enabled_opts, enabled_opts);
|
|
|
|
}
|
|
|
|
IObjectSafety_Release(obj_safety);
|
|
|
|
|
|
|
|
if(FAILED(hres)) {
|
|
|
|
*ret = URLPOLICY_DISALLOW;
|
|
|
|
return S_OK;
|
|
|
|
}
|
|
|
|
}else {
|
2009-11-20 00:00:41 +01:00
|
|
|
CATID scripting_catid = CATID_SafeForScripting;
|
|
|
|
|
|
|
|
if(!This->catmgr) {
|
|
|
|
hres = CoCreateInstance(&CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER,
|
|
|
|
&IID_ICatInformation, (void**)&This->catmgr);
|
|
|
|
if(FAILED(hres))
|
|
|
|
return hres;
|
|
|
|
}
|
|
|
|
|
|
|
|
hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &scripting_catid, 0, NULL);
|
|
|
|
if(FAILED(hres))
|
|
|
|
return hres;
|
2009-10-01 00:01:17 +02:00
|
|
|
|
2010-12-09 16:28:58 +01:00
|
|
|
if(hres != S_OK) {
|
|
|
|
*ret = URLPOLICY_DISALLOW;
|
|
|
|
return S_OK;
|
|
|
|
}
|
2009-11-20 00:00:41 +01:00
|
|
|
}
|
2009-10-01 00:01:17 +02:00
|
|
|
|
2010-12-09 16:28:58 +01:00
|
|
|
if(cs->dwFlags & CONFIRMSAFETYACTION_LOADOBJECT)
|
|
|
|
return confirm_safety_load(This, cs, ret);
|
2010-05-05 13:21:36 +02:00
|
|
|
|
2010-12-09 16:28:58 +01:00
|
|
|
*ret = URLPOLICY_ALLOW;
|
2009-11-20 00:00:41 +01:00
|
|
|
return S_OK;
|
2009-10-01 00:01:17 +02:00
|
|
|
}
|
|
|
|
|
2009-09-29 00:11:28 +02:00
|
|
|
static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager *iface, REFGUID guidKey,
|
|
|
|
BYTE **ppPolicy, DWORD *pcbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwReserved)
|
|
|
|
{
|
2011-01-03 01:01:38 +01:00
|
|
|
HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
|
2009-10-01 00:01:17 +02:00
|
|
|
const WCHAR *url;
|
|
|
|
HRESULT hres;
|
|
|
|
|
|
|
|
TRACE("(%p)->(%s %p %p %p %d %x)\n", This, debugstr_guid(guidKey), ppPolicy, pcbPolicy, pContext, cbContext, dwReserved);
|
|
|
|
|
2012-01-18 13:40:43 +01:00
|
|
|
if(!This->basedoc.window)
|
|
|
|
return E_UNEXPECTED;
|
|
|
|
|
2020-11-24 23:29:19 +01:00
|
|
|
url = This->basedoc.window->url ? This->basedoc.window->url : L"about:blank";
|
2009-10-01 00:01:17 +02:00
|
|
|
|
2019-03-11 14:24:09 +01:00
|
|
|
hres = IInternetSecurityManager_QueryCustomPolicy(get_security_manager(), url, guidKey, ppPolicy, pcbPolicy,
|
2009-10-01 00:01:17 +02:00
|
|
|
pContext, cbContext, dwReserved);
|
|
|
|
if(hres != HRESULT_FROM_WIN32(ERROR_NOT_FOUND))
|
|
|
|
return hres;
|
|
|
|
|
|
|
|
if(IsEqualGUID(&GUID_CUSTOM_CONFIRMOBJECTSAFETY, guidKey)) {
|
|
|
|
IActiveScript *active_script;
|
|
|
|
struct CONFIRMSAFETY *cs;
|
|
|
|
DWORD policy;
|
|
|
|
|
|
|
|
if(cbContext != sizeof(struct CONFIRMSAFETY)) {
|
|
|
|
FIXME("wrong context size\n");
|
|
|
|
return E_FAIL;
|
|
|
|
}
|
|
|
|
|
|
|
|
cs = (struct CONFIRMSAFETY*)pContext;
|
2010-12-09 16:28:58 +01:00
|
|
|
TRACE("cs = {%s %p %x}\n", debugstr_guid(&cs->clsid), cs->pUnk, cs->dwFlags);
|
|
|
|
|
2009-10-01 00:01:17 +02:00
|
|
|
hres = IUnknown_QueryInterface(cs->pUnk, &IID_IActiveScript, (void**)&active_script);
|
|
|
|
if(SUCCEEDED(hres)) {
|
|
|
|
FIXME("Got IAciveScript iface\n");
|
|
|
|
IActiveScript_Release(active_script);
|
|
|
|
return E_FAIL;
|
|
|
|
}
|
|
|
|
|
2009-11-20 00:00:41 +01:00
|
|
|
hres = confirm_safety(This, url, cs, &policy);
|
|
|
|
if(FAILED(hres))
|
|
|
|
return hres;
|
2009-10-01 00:01:17 +02:00
|
|
|
|
|
|
|
*ppPolicy = CoTaskMemAlloc(sizeof(policy));
|
|
|
|
if(!*ppPolicy)
|
|
|
|
return E_OUTOFMEMORY;
|
|
|
|
|
|
|
|
*(DWORD*)*ppPolicy = policy;
|
|
|
|
*pcbPolicy = sizeof(policy);
|
2010-05-05 13:21:36 +02:00
|
|
|
TRACE("policy %x\n", policy);
|
2009-10-01 00:01:17 +02:00
|
|
|
return S_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
FIXME("Unknown guidKey %s\n", debugstr_guid(guidKey));
|
|
|
|
return hres;
|
2009-09-29 00:11:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static const IInternetHostSecurityManagerVtbl InternetHostSecurityManagerVtbl = {
|
|
|
|
InternetHostSecurityManager_QueryInterface,
|
|
|
|
InternetHostSecurityManager_AddRef,
|
|
|
|
InternetHostSecurityManager_Release,
|
|
|
|
InternetHostSecurityManager_GetSecurityId,
|
|
|
|
InternetHostSecurityManager_ProcessUrlAction,
|
|
|
|
InternetHostSecurityManager_QueryCustomPolicy
|
|
|
|
};
|
|
|
|
|
|
|
|
void HTMLDocumentNode_SecMgr_Init(HTMLDocumentNode *This)
|
|
|
|
{
|
2011-01-03 01:01:38 +01:00
|
|
|
This->IInternetHostSecurityManager_iface.lpVtbl = &InternetHostSecurityManagerVtbl;
|
2009-09-29 00:11:28 +02:00
|
|
|
}
|