ddraw: Avoid unsafe IDirect3DVertexBuffer to object casts.
[wine] / dlls / mshtml / secmgr.c
1 /*
2  * Copyright 2009 Jacek Caban for CodeWeavers
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17  */
18
19 #include "config.h"
20
21 #include <stdarg.h>
22 #include <stdio.h>
23
24 #define COBJMACROS
25
26 #include "windef.h"
27 #include "winbase.h"
28 #include "winuser.h"
29 #include "ole2.h"
30 #include "objsafe.h"
31 #include "activscp.h"
32
33 #include "wine/debug.h"
34
35 #include "mshtml_private.h"
36
37 WINE_DEFAULT_DEBUG_CHANNEL(mshtml);
38
39 static const WCHAR about_blankW[] = {'a','b','o','u','t',':','b','l','a','n','k',0};
40
41 /* Defined as extern in urlmon.idl, but not exported by uuid.lib */
42 DECLSPEC_HIDDEN const GUID GUID_CUSTOM_CONFIRMOBJECTSAFETY =
43     {0x10200490,0xfa38,0x11d0,{0xac,0x0e,0x00,0xa0,0xc9,0xf,0xff,0xc0}};
44
45 static inline HTMLDocumentNode *impl_from_IInternetHostSecurityManager(IInternetHostSecurityManager *iface)
46 {
47     return CONTAINING_RECORD(iface, HTMLDocumentNode, IInternetHostSecurityManager_iface);
48 }
49
50 static HRESULT WINAPI InternetHostSecurityManager_QueryInterface(IInternetHostSecurityManager *iface, REFIID riid, void **ppv)
51 {
52     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
53     return IHTMLDOMNode_QueryInterface(&This->node.IHTMLDOMNode_iface, riid, ppv);
54 }
55
56 static ULONG WINAPI InternetHostSecurityManager_AddRef(IInternetHostSecurityManager *iface)
57 {
58     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
59     return IHTMLDOMNode_AddRef(&This->node.IHTMLDOMNode_iface);
60 }
61
62 static ULONG WINAPI InternetHostSecurityManager_Release(IInternetHostSecurityManager *iface)
63 {
64     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
65     return IHTMLDOMNode_Release(&This->node.IHTMLDOMNode_iface);
66 }
67
68 static HRESULT WINAPI InternetHostSecurityManager_GetSecurityId(IInternetHostSecurityManager *iface,  BYTE *pbSecurityId,
69         DWORD *pcbSecurityId, DWORD_PTR dwReserved)
70 {
71     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
72     FIXME("(%p)->(%p %p %lx)\n", This, pbSecurityId, pcbSecurityId, dwReserved);
73     return E_NOTIMPL;
74 }
75
76 static HRESULT WINAPI InternetHostSecurityManager_ProcessUrlAction(IInternetHostSecurityManager *iface, DWORD dwAction,
77         BYTE *pPolicy, DWORD cbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwFlags, DWORD dwReserved)
78 {
79     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
80     const WCHAR *url;
81
82     TRACE("(%p)->(%d %p %d %p %d %x %x)\n", This, dwAction, pPolicy, cbPolicy, pContext, cbContext, dwFlags, dwReserved);
83
84     url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
85
86     return IInternetSecurityManager_ProcessUrlAction(This->basedoc.window->secmgr, url, dwAction, pPolicy, cbPolicy,
87             pContext, cbContext, dwFlags, dwReserved);
88 }
89
90 static HRESULT confirm_safety_load(HTMLDocumentNode *This, struct CONFIRMSAFETY *cs, DWORD *ret)
91 {
92     IObjectSafety *obj_safety;
93     HRESULT hres;
94
95     hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
96     if(SUCCEEDED(hres)) {
97         hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch,
98                 INTERFACESAFE_FOR_UNTRUSTED_DATA, INTERFACESAFE_FOR_UNTRUSTED_DATA);
99         IObjectSafety_Release(obj_safety);
100         *ret = SUCCEEDED(hres) ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
101     }else {
102         CATID init_catid = CATID_SafeForInitializing;
103
104         hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &init_catid, 0, NULL);
105         if(FAILED(hres))
106             return hres;
107
108         *ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
109     }
110
111     return S_OK;
112 }
113
114 static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct CONFIRMSAFETY *cs, DWORD *ret)
115 {
116     DWORD policy, enabled_opts, supported_opts;
117     IObjectSafety *obj_safety;
118     HRESULT hres;
119
120     TRACE("%s %p %s\n", debugstr_w(url), cs->pUnk, debugstr_guid(&cs->clsid));
121
122     /* FIXME: Check URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY */
123
124     hres = IInternetSecurityManager_ProcessUrlAction(This->basedoc.window->secmgr, url, URLACTION_SCRIPT_SAFE_ACTIVEX,
125             (BYTE*)&policy, sizeof(policy), NULL, 0, 0, 0);
126     if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
127         *ret = URLPOLICY_DISALLOW;
128         return S_OK;
129     }
130
131     hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
132     if(SUCCEEDED(hres)) {
133         hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
134         if(FAILED(hres))
135             supported_opts = 0;
136
137         enabled_opts = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
138         if(supported_opts & INTERFACE_USES_SECURITY_MANAGER)
139             enabled_opts |= INTERFACE_USES_SECURITY_MANAGER;
140
141         hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
142         if(FAILED(hres)) {
143             enabled_opts &= ~INTERFACE_USES_SECURITY_MANAGER;
144             hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch, enabled_opts, enabled_opts);
145         }
146         IObjectSafety_Release(obj_safety);
147
148         if(FAILED(hres)) {
149             *ret = URLPOLICY_DISALLOW;
150             return S_OK;
151         }
152     }else {
153         CATID scripting_catid = CATID_SafeForScripting;
154
155         if(!This->catmgr) {
156             hres = CoCreateInstance(&CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER,
157                     &IID_ICatInformation, (void**)&This->catmgr);
158             if(FAILED(hres))
159                 return hres;
160         }
161
162         hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &scripting_catid, 0, NULL);
163         if(FAILED(hres))
164             return hres;
165
166         if(hres != S_OK) {
167             *ret = URLPOLICY_DISALLOW;
168             return S_OK;
169         }
170     }
171
172     if(cs->dwFlags & CONFIRMSAFETYACTION_LOADOBJECT)
173         return confirm_safety_load(This, cs, ret);
174
175     *ret = URLPOLICY_ALLOW;
176     return S_OK;
177 }
178
179 static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager *iface, REFGUID guidKey,
180         BYTE **ppPolicy, DWORD *pcbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwReserved)
181 {
182     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
183     const WCHAR *url;
184     HRESULT hres;
185
186     TRACE("(%p)->(%s %p %p %p %d %x)\n", This, debugstr_guid(guidKey), ppPolicy, pcbPolicy, pContext, cbContext, dwReserved);
187
188     url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
189
190     hres = IInternetSecurityManager_QueryCustomPolicy(This->basedoc.window->secmgr, url, guidKey, ppPolicy, pcbPolicy,
191             pContext, cbContext, dwReserved);
192     if(hres != HRESULT_FROM_WIN32(ERROR_NOT_FOUND))
193         return hres;
194
195     if(IsEqualGUID(&GUID_CUSTOM_CONFIRMOBJECTSAFETY, guidKey)) {
196         IActiveScript *active_script;
197         struct CONFIRMSAFETY *cs;
198         DWORD policy;
199
200         if(cbContext != sizeof(struct CONFIRMSAFETY)) {
201             FIXME("wrong context size\n");
202             return E_FAIL;
203         }
204
205         cs = (struct CONFIRMSAFETY*)pContext;
206         TRACE("cs = {%s %p %x}\n", debugstr_guid(&cs->clsid), cs->pUnk, cs->dwFlags);
207
208         hres = IUnknown_QueryInterface(cs->pUnk, &IID_IActiveScript, (void**)&active_script);
209         if(SUCCEEDED(hres)) {
210             FIXME("Got IAciveScript iface\n");
211             IActiveScript_Release(active_script);
212             return E_FAIL;
213         }
214
215         hres = confirm_safety(This, url, cs, &policy);
216         if(FAILED(hres))
217             return hres;
218
219         *ppPolicy = CoTaskMemAlloc(sizeof(policy));
220         if(!*ppPolicy)
221             return E_OUTOFMEMORY;
222
223         *(DWORD*)*ppPolicy = policy;
224         *pcbPolicy = sizeof(policy);
225         TRACE("policy %x\n", policy);
226         return S_OK;
227     }
228
229     FIXME("Unknown guidKey %s\n", debugstr_guid(guidKey));
230     return hres;
231 }
232
233 static const IInternetHostSecurityManagerVtbl InternetHostSecurityManagerVtbl = {
234     InternetHostSecurityManager_QueryInterface,
235     InternetHostSecurityManager_AddRef,
236     InternetHostSecurityManager_Release,
237     InternetHostSecurityManager_GetSecurityId,
238     InternetHostSecurityManager_ProcessUrlAction,
239     InternetHostSecurityManager_QueryCustomPolicy
240 };
241
242 void HTMLDocumentNode_SecMgr_Init(HTMLDocumentNode *This)
243 {
244     This->IInternetHostSecurityManager_iface.lpVtbl = &InternetHostSecurityManagerVtbl;
245 }