dlls/mshtml/secmgr.c

   1 /*
   2  * Copyright 2009 Jacek Caban for CodeWeavers
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the Free Software
  16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  17  */
  18
  19 #include "config.h"
  20
  21 #include <stdarg.h>
  22 #include <stdio.h>
  23
  24 #define COBJMACROS
  25
  26 #include "windef.h"
  27 #include "winbase.h"
  28 #include "winuser.h"
  29 #include "ole2.h"
  30 #include "objsafe.h"
  31 #include "activscp.h"
  32
  33 #include "wine/debug.h"
  34
  35 #include "mshtml_private.h"
  36
  37 WINE_DEFAULT_DEBUG_CHANNEL(mshtml);
  38
  39 static const WCHAR about_blankW[] = {'a','b','o','u','t',':','b','l','a','n','k',0};
  40
  41 /* Defined as extern in urlmon.idl, but not exported by uuid.lib */
  42 const GUID GUID_CUSTOM_CONFIRMOBJECTSAFETY =
  43     {0x10200490,0xfa38,0x11d0,{0xac,0x0e,0x00,0xa0,0xc9,0xf,0xff,0xc0}};
  44
  45 #define HOSTSECMGR_THIS(iface) DEFINE_THIS(HTMLDocumentNode, IInternetHostSecurityManager, iface)
  46
  47 static HRESULT WINAPI InternetHostSecurityManager_QueryInterface(IInternetHostSecurityManager *iface, REFIID riid, void **ppv)
  48 {
  49     HTMLDocumentNode *This = HOSTSECMGR_THIS(iface);
  50     return IHTMLDOMNode_QueryInterface(HTMLDOMNODE(&This->node), riid, ppv);
  51 }
  52
  53 static ULONG WINAPI InternetHostSecurityManager_AddRef(IInternetHostSecurityManager *iface)
  54 {
  55     HTMLDocumentNode *This = HOSTSECMGR_THIS(iface);
  56     return IHTMLDOMNode_AddRef(HTMLDOMNODE(&This->node));
  57 }
  58
  59 static ULONG WINAPI InternetHostSecurityManager_Release(IInternetHostSecurityManager *iface)
  60 {
  61     HTMLDocumentNode *This = HOSTSECMGR_THIS(iface);
  62     return IHTMLDOMNode_Release(HTMLDOMNODE(&This->node));
  63 }
  64
  65 static HRESULT WINAPI InternetHostSecurityManager_GetSecurityId(IInternetHostSecurityManager *iface,  BYTE *pbSecurityId,
  66         DWORD *pcbSecurityId, DWORD_PTR dwReserved)
  67 {
  68     HTMLDocumentNode *This = HOSTSECMGR_THIS(iface);
  69     FIXME("(%p)->(%p %p %lx)\n", This, pbSecurityId, pcbSecurityId, dwReserved);
  70     return E_NOTIMPL;
  71 }
  72
  73 static HRESULT WINAPI InternetHostSecurityManager_ProcessUrlAction(IInternetHostSecurityManager *iface, DWORD dwAction,
  74         BYTE *pPolicy, DWORD cbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwFlags, DWORD dwReserved)
  75 {
  76     HTMLDocumentNode *This = HOSTSECMGR_THIS(iface);
  77     const WCHAR *url;
  78
  79     TRACE("(%p)->(%d %p %d %p %d %x %x)\n", This, dwAction, pPolicy, cbPolicy, pContext, cbContext, dwFlags, dwReserved);
  80
  81     url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
  82
  83     return IInternetSecurityManager_ProcessUrlAction(This->secmgr, url, dwAction, pPolicy, cbPolicy,
  84             pContext, cbContext, dwFlags, dwReserved);
  85 }
  86
  87 static DWORD confirm_safety(HTMLDocumentNode *This, const WCHAR *url, IUnknown *obj)
  88 {
  89     DWORD policy, enabled_opts, supported_opts;
  90     IObjectSafety *obj_safety;
  91     HRESULT hres;
  92
  93     /* FIXME: Check URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY */
  94
  95     hres = IInternetSecurityManager_ProcessUrlAction(This->secmgr, url, URLACTION_SCRIPT_SAFE_ACTIVEX,
  96             (BYTE*)&policy, sizeof(policy), NULL, 0, 0, 0);
  97     if(FAILED(hres) || policy != URLPOLICY_ALLOW)
  98         return URLPOLICY_DISALLOW;
  99
 100     hres = IUnknown_QueryInterface(obj, &IID_IObjectSafety, (void**)&obj_safety);
 101     if(FAILED(hres))
 102         return URLPOLICY_DISALLOW;
 103
 104     hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
 105     if(SUCCEEDED(hres)) {
 106         enabled_opts = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
 107         if(supported_opts & INTERFACE_USES_SECURITY_MANAGER)
 108             enabled_opts |= INTERFACE_USES_SECURITY_MANAGER;
 109         hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
 110     }
 111     IObjectSafety_Release(obj_safety);
 112     if(FAILED(hres))
 113         return URLPOLICY_DISALLOW;
 114
 115     return URLPOLICY_ALLOW;
 116 }
 117
 118 static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager *iface, REFGUID guidKey,
 119         BYTE **ppPolicy, DWORD *pcbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwReserved)
 120 {
 121     HTMLDocumentNode *This = HOSTSECMGR_THIS(iface);
 122     const WCHAR *url;
 123     HRESULT hres;
 124
 125     TRACE("(%p)->(%s %p %p %p %d %x)\n", This, debugstr_guid(guidKey), ppPolicy, pcbPolicy, pContext, cbContext, dwReserved);
 126
 127     url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
 128
 129     hres = IInternetSecurityManager_QueryCustomPolicy(This->secmgr, url, guidKey, ppPolicy, pcbPolicy,
 130             pContext, cbContext, dwReserved);
 131     if(hres != HRESULT_FROM_WIN32(ERROR_NOT_FOUND))
 132         return hres;
 133
 134     if(IsEqualGUID(&GUID_CUSTOM_CONFIRMOBJECTSAFETY, guidKey)) {
 135         IActiveScript *active_script;
 136         struct CONFIRMSAFETY *cs;
 137         DWORD policy;
 138
 139         if(cbContext != sizeof(struct CONFIRMSAFETY)) {
 140             FIXME("wrong context size\n");
 141             return E_FAIL;
 142         }
 143
 144         cs = (struct CONFIRMSAFETY*)pContext;
 145         hres = IUnknown_QueryInterface(cs->pUnk, &IID_IActiveScript, (void**)&active_script);
 146         if(SUCCEEDED(hres)) {
 147             FIXME("Got IAciveScript iface\n");
 148             IActiveScript_Release(active_script);
 149             return E_FAIL;
 150         }
 151
 152         policy = confirm_safety(This, url, cs->pUnk);
 153
 154         *ppPolicy = CoTaskMemAlloc(sizeof(policy));
 155         if(!*ppPolicy)
 156             return E_OUTOFMEMORY;
 157
 158         *(DWORD*)*ppPolicy = policy;
 159         *pcbPolicy = sizeof(policy);
 160         return S_OK;
 161     }
 162
 163     FIXME("Unknown guidKey %s\n", debugstr_guid(guidKey));
 164     return hres;
 165 }
 166
 167 #undef HOSTSECMGR_THIS
 168
 169 static const IInternetHostSecurityManagerVtbl InternetHostSecurityManagerVtbl = {
 170     InternetHostSecurityManager_QueryInterface,
 171     InternetHostSecurityManager_AddRef,
 172     InternetHostSecurityManager_Release,
 173     InternetHostSecurityManager_GetSecurityId,
 174     InternetHostSecurityManager_ProcessUrlAction,
 175     InternetHostSecurityManager_QueryCustomPolicy
 176 };
 177
 178 void HTMLDocumentNode_SecMgr_Init(HTMLDocumentNode *This)
 179 {
 180     This->lpIInternetHostSecurityManagerVtbl = &InternetHostSecurityManagerVtbl;
 181 }