mshtml: Fixed IObjectSafety failure handling.
[wine] / dlls / mshtml / secmgr.c
1 /*
2  * Copyright 2009 Jacek Caban for CodeWeavers
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17  */
18
19 #include "config.h"
20
21 #include <stdarg.h>
22 #include <stdio.h>
23
24 #define COBJMACROS
25
26 #include "windef.h"
27 #include "winbase.h"
28 #include "winuser.h"
29 #include "ole2.h"
30 #include "objsafe.h"
31 #include "activscp.h"
32
33 #include "wine/debug.h"
34
35 #include "mshtml_private.h"
36
37 WINE_DEFAULT_DEBUG_CHANNEL(mshtml);
38
39 static const WCHAR about_blankW[] = {'a','b','o','u','t',':','b','l','a','n','k',0};
40
41 /* Defined as extern in urlmon.idl, but not exported by uuid.lib */
42 const GUID GUID_CUSTOM_CONFIRMOBJECTSAFETY =
43     {0x10200490,0xfa38,0x11d0,{0xac,0x0e,0x00,0xa0,0xc9,0xf,0xff,0xc0}};
44
45 #define HOSTSECMGR_THIS(iface) DEFINE_THIS(HTMLDocumentNode, IInternetHostSecurityManager, iface)
46
47 static HRESULT WINAPI InternetHostSecurityManager_QueryInterface(IInternetHostSecurityManager *iface, REFIID riid, void **ppv)
48 {
49     HTMLDocumentNode *This = HOSTSECMGR_THIS(iface);
50     return IHTMLDOMNode_QueryInterface(HTMLDOMNODE(&This->node), riid, ppv);
51 }
52
53 static ULONG WINAPI InternetHostSecurityManager_AddRef(IInternetHostSecurityManager *iface)
54 {
55     HTMLDocumentNode *This = HOSTSECMGR_THIS(iface);
56     return IHTMLDOMNode_AddRef(HTMLDOMNODE(&This->node));
57 }
58
59 static ULONG WINAPI InternetHostSecurityManager_Release(IInternetHostSecurityManager *iface)
60 {
61     HTMLDocumentNode *This = HOSTSECMGR_THIS(iface);
62     return IHTMLDOMNode_Release(HTMLDOMNODE(&This->node));
63 }
64
65 static HRESULT WINAPI InternetHostSecurityManager_GetSecurityId(IInternetHostSecurityManager *iface,  BYTE *pbSecurityId,
66         DWORD *pcbSecurityId, DWORD_PTR dwReserved)
67 {
68     HTMLDocumentNode *This = HOSTSECMGR_THIS(iface);
69     FIXME("(%p)->(%p %p %lx)\n", This, pbSecurityId, pcbSecurityId, dwReserved);
70     return E_NOTIMPL;
71 }
72
73 static HRESULT WINAPI InternetHostSecurityManager_ProcessUrlAction(IInternetHostSecurityManager *iface, DWORD dwAction,
74         BYTE *pPolicy, DWORD cbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwFlags, DWORD dwReserved)
75 {
76     HTMLDocumentNode *This = HOSTSECMGR_THIS(iface);
77     const WCHAR *url;
78
79     TRACE("(%p)->(%d %p %d %p %d %x %x)\n", This, dwAction, pPolicy, cbPolicy, pContext, cbContext, dwFlags, dwReserved);
80
81     url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
82
83     return IInternetSecurityManager_ProcessUrlAction(This->secmgr, url, dwAction, pPolicy, cbPolicy,
84             pContext, cbContext, dwFlags, dwReserved);
85 }
86
87 static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct CONFIRMSAFETY *cs, DWORD *ret)
88 {
89     DWORD policy, enabled_opts, supported_opts;
90     IObjectSafety *obj_safety;
91     HRESULT hres;
92
93     TRACE("%s %p %s\n", debugstr_w(url), cs->pUnk, debugstr_guid(&cs->clsid));
94
95     /* FIXME: Check URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY */
96
97     hres = IInternetSecurityManager_ProcessUrlAction(This->secmgr, url, URLACTION_SCRIPT_SAFE_ACTIVEX,
98             (BYTE*)&policy, sizeof(policy), NULL, 0, 0, 0);
99     if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
100         *ret = URLPOLICY_DISALLOW;
101         return S_OK;
102     }
103
104     hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
105     if(FAILED(hres)) {
106         CATID scripting_catid = CATID_SafeForScripting;
107
108         if(!This->catmgr) {
109             hres = CoCreateInstance(&CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER,
110                     &IID_ICatInformation, (void**)&This->catmgr);
111             if(FAILED(hres))
112                 return hres;
113         }
114
115         hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &scripting_catid, 0, NULL);
116         if(FAILED(hres))
117             return hres;
118
119         *ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
120         return S_OK;
121     }
122
123     hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
124     if(FAILED(hres))
125         supported_opts = 0;
126
127     enabled_opts = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
128     if(supported_opts & INTERFACE_USES_SECURITY_MANAGER)
129         enabled_opts |= INTERFACE_USES_SECURITY_MANAGER;
130
131     hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
132     if(FAILED(hres)) {
133         enabled_opts &= ~INTERFACE_USES_SECURITY_MANAGER;
134         hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch, enabled_opts, enabled_opts);
135     }
136     IObjectSafety_Release(obj_safety);
137
138     *ret = SUCCEEDED(hres) ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
139     return S_OK;
140 }
141
142 static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager *iface, REFGUID guidKey,
143         BYTE **ppPolicy, DWORD *pcbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwReserved)
144 {
145     HTMLDocumentNode *This = HOSTSECMGR_THIS(iface);
146     const WCHAR *url;
147     HRESULT hres;
148
149     TRACE("(%p)->(%s %p %p %p %d %x)\n", This, debugstr_guid(guidKey), ppPolicy, pcbPolicy, pContext, cbContext, dwReserved);
150
151     url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
152
153     hres = IInternetSecurityManager_QueryCustomPolicy(This->secmgr, url, guidKey, ppPolicy, pcbPolicy,
154             pContext, cbContext, dwReserved);
155     if(hres != HRESULT_FROM_WIN32(ERROR_NOT_FOUND))
156         return hres;
157
158     if(IsEqualGUID(&GUID_CUSTOM_CONFIRMOBJECTSAFETY, guidKey)) {
159         IActiveScript *active_script;
160         struct CONFIRMSAFETY *cs;
161         DWORD policy;
162
163         if(cbContext != sizeof(struct CONFIRMSAFETY)) {
164             FIXME("wrong context size\n");
165             return E_FAIL;
166         }
167
168         cs = (struct CONFIRMSAFETY*)pContext;
169         hres = IUnknown_QueryInterface(cs->pUnk, &IID_IActiveScript, (void**)&active_script);
170         if(SUCCEEDED(hres)) {
171             FIXME("Got IAciveScript iface\n");
172             IActiveScript_Release(active_script);
173             return E_FAIL;
174         }
175
176         hres = confirm_safety(This, url, cs, &policy);
177         if(FAILED(hres))
178             return hres;
179
180         *ppPolicy = CoTaskMemAlloc(sizeof(policy));
181         if(!*ppPolicy)
182             return E_OUTOFMEMORY;
183
184         *(DWORD*)*ppPolicy = policy;
185         *pcbPolicy = sizeof(policy);
186         TRACE("policy %x\n", policy);
187         return S_OK;
188     }
189
190     FIXME("Unknown guidKey %s\n", debugstr_guid(guidKey));
191     return hres;
192 }
193
194 #undef HOSTSECMGR_THIS
195
196 static const IInternetHostSecurityManagerVtbl InternetHostSecurityManagerVtbl = {
197     InternetHostSecurityManager_QueryInterface,
198     InternetHostSecurityManager_AddRef,
199     InternetHostSecurityManager_Release,
200     InternetHostSecurityManager_GetSecurityId,
201     InternetHostSecurityManager_ProcessUrlAction,
202     InternetHostSecurityManager_QueryCustomPolicy
203 };
204
205 void HTMLDocumentNode_SecMgr_Init(HTMLDocumentNode *This)
206 {
207     This->lpIInternetHostSecurityManagerVtbl = &InternetHostSecurityManagerVtbl;
208 }