mshtml: Don't use ITypeInfo for InvokeEx(DISPATCH_PROPERTYGET) implementation.
[wine] / dlls / mshtml / secmgr.c
1 /*
2  * Copyright 2009 Jacek Caban for CodeWeavers
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17  */
18
19 #include "config.h"
20
21 #include <stdarg.h>
22 #include <stdio.h>
23
24 #define COBJMACROS
25
26 #include "windef.h"
27 #include "winbase.h"
28 #include "winuser.h"
29 #include "ole2.h"
30 #include "activscp.h"
31
32 #include "wine/debug.h"
33
34 #include "mshtml_private.h"
35
36 WINE_DEFAULT_DEBUG_CHANNEL(mshtml);
37
38 static const WCHAR about_blankW[] = {'a','b','o','u','t',':','b','l','a','n','k',0};
39
40 /* Defined as extern in urlmon.idl, but not exported by uuid.lib */
41 DECLSPEC_HIDDEN const GUID GUID_CUSTOM_CONFIRMOBJECTSAFETY =
42     {0x10200490,0xfa38,0x11d0,{0xac,0x0e,0x00,0xa0,0xc9,0xf,0xff,0xc0}};
43
44 static inline HTMLDocumentNode *impl_from_IInternetHostSecurityManager(IInternetHostSecurityManager *iface)
45 {
46     return CONTAINING_RECORD(iface, HTMLDocumentNode, IInternetHostSecurityManager_iface);
47 }
48
49 static HRESULT WINAPI InternetHostSecurityManager_QueryInterface(IInternetHostSecurityManager *iface, REFIID riid, void **ppv)
50 {
51     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
52     return IHTMLDOMNode_QueryInterface(&This->node.IHTMLDOMNode_iface, riid, ppv);
53 }
54
55 static ULONG WINAPI InternetHostSecurityManager_AddRef(IInternetHostSecurityManager *iface)
56 {
57     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
58     return IHTMLDOMNode_AddRef(&This->node.IHTMLDOMNode_iface);
59 }
60
61 static ULONG WINAPI InternetHostSecurityManager_Release(IInternetHostSecurityManager *iface)
62 {
63     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
64     return IHTMLDOMNode_Release(&This->node.IHTMLDOMNode_iface);
65 }
66
67 static HRESULT WINAPI InternetHostSecurityManager_GetSecurityId(IInternetHostSecurityManager *iface,  BYTE *pbSecurityId,
68         DWORD *pcbSecurityId, DWORD_PTR dwReserved)
69 {
70     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
71     FIXME("(%p)->(%p %p %lx)\n", This, pbSecurityId, pcbSecurityId, dwReserved);
72     return E_NOTIMPL;
73 }
74
75 static HRESULT WINAPI InternetHostSecurityManager_ProcessUrlAction(IInternetHostSecurityManager *iface, DWORD dwAction,
76         BYTE *pPolicy, DWORD cbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwFlags, DWORD dwReserved)
77 {
78     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
79     const WCHAR *url;
80
81     TRACE("(%p)->(%d %p %d %p %d %x %x)\n", This, dwAction, pPolicy, cbPolicy, pContext, cbContext, dwFlags, dwReserved);
82
83     if(!This->basedoc.window)
84         return E_UNEXPECTED;
85
86     url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
87
88     return IInternetSecurityManager_ProcessUrlAction(This->basedoc.window->secmgr, url, dwAction, pPolicy, cbPolicy,
89             pContext, cbContext, dwFlags, dwReserved);
90 }
91
92 static HRESULT confirm_safety_load(HTMLDocumentNode *This, struct CONFIRMSAFETY *cs, DWORD *ret)
93 {
94     IObjectSafety *obj_safety;
95     HRESULT hres;
96
97     hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
98     if(SUCCEEDED(hres)) {
99         hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch,
100                 INTERFACESAFE_FOR_UNTRUSTED_DATA, INTERFACESAFE_FOR_UNTRUSTED_DATA);
101         IObjectSafety_Release(obj_safety);
102         *ret = SUCCEEDED(hres) ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
103     }else {
104         CATID init_catid = CATID_SafeForInitializing;
105
106         hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &init_catid, 0, NULL);
107         if(FAILED(hres))
108             return hres;
109
110         *ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
111     }
112
113     return S_OK;
114 }
115
116 static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct CONFIRMSAFETY *cs, DWORD *ret)
117 {
118     DWORD policy, enabled_opts, supported_opts;
119     IObjectSafety *obj_safety;
120     HRESULT hres;
121
122     TRACE("%s %p %s\n", debugstr_w(url), cs->pUnk, debugstr_guid(&cs->clsid));
123
124     /* FIXME: Check URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY */
125
126     hres = IInternetSecurityManager_ProcessUrlAction(This->basedoc.window->secmgr, url, URLACTION_SCRIPT_SAFE_ACTIVEX,
127             (BYTE*)&policy, sizeof(policy), NULL, 0, 0, 0);
128     if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
129         *ret = URLPOLICY_DISALLOW;
130         return S_OK;
131     }
132
133     hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
134     if(SUCCEEDED(hres)) {
135         hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
136         if(FAILED(hres))
137             supported_opts = 0;
138
139         enabled_opts = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
140         if(supported_opts & INTERFACE_USES_SECURITY_MANAGER)
141             enabled_opts |= INTERFACE_USES_SECURITY_MANAGER;
142
143         hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
144         if(FAILED(hres)) {
145             enabled_opts &= ~INTERFACE_USES_SECURITY_MANAGER;
146             hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch, enabled_opts, enabled_opts);
147         }
148         IObjectSafety_Release(obj_safety);
149
150         if(FAILED(hres)) {
151             *ret = URLPOLICY_DISALLOW;
152             return S_OK;
153         }
154     }else {
155         CATID scripting_catid = CATID_SafeForScripting;
156
157         if(!This->catmgr) {
158             hres = CoCreateInstance(&CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER,
159                     &IID_ICatInformation, (void**)&This->catmgr);
160             if(FAILED(hres))
161                 return hres;
162         }
163
164         hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &scripting_catid, 0, NULL);
165         if(FAILED(hres))
166             return hres;
167
168         if(hres != S_OK) {
169             *ret = URLPOLICY_DISALLOW;
170             return S_OK;
171         }
172     }
173
174     if(cs->dwFlags & CONFIRMSAFETYACTION_LOADOBJECT)
175         return confirm_safety_load(This, cs, ret);
176
177     *ret = URLPOLICY_ALLOW;
178     return S_OK;
179 }
180
181 static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager *iface, REFGUID guidKey,
182         BYTE **ppPolicy, DWORD *pcbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwReserved)
183 {
184     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
185     const WCHAR *url;
186     HRESULT hres;
187
188     TRACE("(%p)->(%s %p %p %p %d %x)\n", This, debugstr_guid(guidKey), ppPolicy, pcbPolicy, pContext, cbContext, dwReserved);
189
190     if(!This->basedoc.window)
191         return E_UNEXPECTED;
192
193     url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
194
195     hres = IInternetSecurityManager_QueryCustomPolicy(This->basedoc.window->secmgr, url, guidKey, ppPolicy, pcbPolicy,
196             pContext, cbContext, dwReserved);
197     if(hres != HRESULT_FROM_WIN32(ERROR_NOT_FOUND))
198         return hres;
199
200     if(IsEqualGUID(&GUID_CUSTOM_CONFIRMOBJECTSAFETY, guidKey)) {
201         IActiveScript *active_script;
202         struct CONFIRMSAFETY *cs;
203         DWORD policy;
204
205         if(cbContext != sizeof(struct CONFIRMSAFETY)) {
206             FIXME("wrong context size\n");
207             return E_FAIL;
208         }
209
210         cs = (struct CONFIRMSAFETY*)pContext;
211         TRACE("cs = {%s %p %x}\n", debugstr_guid(&cs->clsid), cs->pUnk, cs->dwFlags);
212
213         hres = IUnknown_QueryInterface(cs->pUnk, &IID_IActiveScript, (void**)&active_script);
214         if(SUCCEEDED(hres)) {
215             FIXME("Got IAciveScript iface\n");
216             IActiveScript_Release(active_script);
217             return E_FAIL;
218         }
219
220         hres = confirm_safety(This, url, cs, &policy);
221         if(FAILED(hres))
222             return hres;
223
224         *ppPolicy = CoTaskMemAlloc(sizeof(policy));
225         if(!*ppPolicy)
226             return E_OUTOFMEMORY;
227
228         *(DWORD*)*ppPolicy = policy;
229         *pcbPolicy = sizeof(policy);
230         TRACE("policy %x\n", policy);
231         return S_OK;
232     }
233
234     FIXME("Unknown guidKey %s\n", debugstr_guid(guidKey));
235     return hres;
236 }
237
238 static const IInternetHostSecurityManagerVtbl InternetHostSecurityManagerVtbl = {
239     InternetHostSecurityManager_QueryInterface,
240     InternetHostSecurityManager_AddRef,
241     InternetHostSecurityManager_Release,
242     InternetHostSecurityManager_GetSecurityId,
243     InternetHostSecurityManager_ProcessUrlAction,
244     InternetHostSecurityManager_QueryCustomPolicy
245 };
246
247 void HTMLDocumentNode_SecMgr_Init(HTMLDocumentNode *This)
248 {
249     This->IInternetHostSecurityManager_iface.lpVtbl = &InternetHostSecurityManagerVtbl;
250 }