dlls/urlmon/tests/sec_mgr.c

   1 /*
   2  * Copyright 2005-2006 Jacek Caban for CodeWeavers
   3  * Copyright 2009 Detlef Riekenberg
   4  *
   5  * This library is free software; you can redistribute it and/or
   6  * modify it under the terms of the GNU Lesser General Public
   7  * License as published by the Free Software Foundation; either
   8  * version 2.1 of the License, or (at your option) any later version.
   9  *
  10  * This library is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * Lesser General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU Lesser General Public
  16  * License along with this library; if not, write to the Free Software
  17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  18  */
  19
  20 #define COBJMACROS
  21 #define CONST_VTABLE
  22 #define NONAMELESSUNION
  23
  24 #include <wine/test.h>
  25 #include <stdarg.h>
  26 #include <stddef.h>
  27
  28 #include "windef.h"
  29 #include "winbase.h"
  30 #include "ole2.h"
  31 #include "urlmon.h"
  32
  33 #include "initguid.h"
  34
  35 static const WCHAR url1[] = {'r','e','s',':','/','/','m','s','h','t','m','l','.','d','l','l',
  36         '/','b','l','a','n','k','.','h','t','m',0};
  37 static const WCHAR url2[] = {'i','n','d','e','x','.','h','t','m',0};
  38 static const WCHAR url3[] = {'f','i','l','e',':','/','/','c',':','\\','I','n','d','e','x','.','h','t','m',0};
  39 static const WCHAR url4[] = {'f','i','l','e',':','s','o','m','e','%','2','0','f','i','l','e',
  40         '%','2','e','j','p','g',0};
  41 static const WCHAR url5[] = {'h','t','t','p',':','/','/','w','w','w','.','w','i','n','e','h','q',
  42         '.','o','r','g',0};
  43 static const WCHAR url6[] = {'a','b','o','u','t',':','b','l','a','n','k',0};
  44 static const WCHAR url7[] = {'f','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g','/',
  45         'f','i','l','e','.','t','e','s','t',0};
  46 static const WCHAR url8[] = {'t','e','s','t',':','1','2','3','a','b','c',0};
  47 static const WCHAR url9[] =
  48     {'h','t','t','p',':','/','/','w','w','w','.','w','i','n','e','h','q','.','o','r','g',
  49      '/','s','i','t','e','/','a','b','o','u','t',0};
  50 static const WCHAR url10[] = {'f','i','l','e',':','/','/','s','o','m','e','%','2','0','f','i','l','e',
  51         '.','j','p','g',0};
  52
  53 static const WCHAR url4e[] = {'f','i','l','e',':','s','o','m','e',' ','f','i','l','e',
  54         '.','j','p','g',0};
  55
  56
  57 static const BYTE secid1[] = {'f','i','l','e',':',0,0,0,0};
  58 static const BYTE secid5[] = {'h','t','t','p',':','w','w','w','.','w','i','n','e','h','q',
  59     '.','o','r','g',3,0,0,0};
  60 static const BYTE secid6[] = {'a','b','o','u','t',':','b','l','a','n','k',3,0,0,0};
  61 static const BYTE secid7[] = {'f','t','p',':','w','i','n','e','h','q','.','o','r','g',
  62                               3,0,0,0};
  63 static const BYTE secid10[] =
  64     {'f','i','l','e',':','s','o','m','e','%','2','0','f','i','l','e','.','j','p','g',3,0,0,0};
  65 static const BYTE secid10_2[] =
  66     {'f','i','l','e',':','s','o','m','e',' ','f','i','l','e','.','j','p','g',3,0,0,0};
  67
  68 static struct secmgr_test {
  69     LPCWSTR url;
  70     DWORD zone;
  71     HRESULT zone_hres;
  72     DWORD secid_size;
  73     const BYTE *secid;
  74     HRESULT secid_hres;
  75 } secmgr_tests[] = {
  76     {url1, 0,   S_OK, sizeof(secid1), secid1, S_OK},
  77     {url2, 100, 0x80041001, 0, NULL, E_INVALIDARG},
  78     {url3, 0,   S_OK, sizeof(secid1), secid1, S_OK},
  79     {url5, 3,   S_OK, sizeof(secid5), secid5, S_OK},
  80     {url6, 3,   S_OK, sizeof(secid6), secid6, S_OK},
  81     {url7, 3,   S_OK, sizeof(secid7), secid7, S_OK}
  82 };
  83
  84 static void test_SecurityManager(void)
  85 {
  86     int i;
  87     IInternetSecurityManager *secmgr = NULL;
  88     BYTE buf[512];
  89     DWORD zone, size, policy;
  90     HRESULT hres;
  91
  92     hres = CoInternetCreateSecurityManager(NULL, &secmgr, 0);
  93     ok(hres == S_OK, "CoInternetCreateSecurityManager failed: %08x\n", hres);
  94     if(FAILED(hres))
  95         return;
  96
  97     for(i=0; i < sizeof(secmgr_tests)/sizeof(secmgr_tests[0]); i++) {
  98         zone = 100;
  99         hres = IInternetSecurityManager_MapUrlToZone(secmgr, secmgr_tests[i].url,
 100                                                      &zone, 0);
 101         ok(hres == secmgr_tests[i].zone_hres /* IE <=6 */
 102            || (FAILED(secmgr_tests[i].zone_hres) && hres == E_INVALIDARG), /* IE7 */
 103            "[%d] MapUrlToZone failed: %08x, expected %08x\n",
 104                 i, hres, secmgr_tests[i].zone_hres);
 105         if(SUCCEEDED(hres))
 106             ok(zone == secmgr_tests[i].zone, "[%d] zone=%d, expected %d\n", i, zone,
 107                secmgr_tests[i].zone);
 108         else
 109             ok(zone == secmgr_tests[i].zone || zone == -1, "[%d] zone=%d\n", i, zone);
 110
 111         size = sizeof(buf);
 112         memset(buf, 0xf0, sizeof(buf));
 113         hres = IInternetSecurityManager_GetSecurityId(secmgr, secmgr_tests[i].url,
 114                 buf, &size, 0);
 115         ok(hres == secmgr_tests[i].secid_hres,
 116            "[%d] GetSecurityId failed: %08x, expected %08x\n",
 117            i, hres, secmgr_tests[i].secid_hres);
 118         if(secmgr_tests[i].secid) {
 119             ok(size == secmgr_tests[i].secid_size, "[%d] size=%d, expected %d\n",
 120                     i, size, secmgr_tests[i].secid_size);
 121             ok(!memcmp(buf, secmgr_tests[i].secid, size), "[%d] wrong secid\n", i);
 122         }
 123     }
 124
 125     zone = 100;
 126     hres = IInternetSecurityManager_MapUrlToZone(secmgr, url10, &zone, 0);
 127     ok(hres == S_OK, "MapUrlToZone failed: %08x, expected S_OK\n", hres);
 128     ok(zone == 3, "zone=%d, expected 3\n", zone);
 129
 130     /* win2k3 translates %20 into a space */
 131     size = sizeof(buf);
 132     memset(buf, 0xf0, sizeof(buf));
 133     hres = IInternetSecurityManager_GetSecurityId(secmgr, url10, buf, &size, 0);
 134     ok(hres == S_OK, "GetSecurityId failed: %08x, expected S_OK\n", hres);
 135     ok(size == sizeof(secid10) ||
 136        size == sizeof(secid10_2), /* win2k3 */
 137        "size=%d\n", size);
 138     ok(!memcmp(buf, secid10, size) ||
 139        !memcmp(buf, secid10_2, size), /* win2k3 */
 140        "wrong secid\n");
 141
 142     zone = 100;
 143     hres = IInternetSecurityManager_MapUrlToZone(secmgr, NULL, &zone, 0);
 144     ok(hres == E_INVALIDARG, "MapUrlToZone failed: %08x, expected E_INVALIDARG\n", hres);
 145     ok(zone == 100 || zone == -1, "zone=%d\n", zone);
 146
 147     size = sizeof(buf);
 148     hres = IInternetSecurityManager_GetSecurityId(secmgr, NULL, buf, &size, 0);
 149     ok(hres == E_INVALIDARG,
 150        "GetSecurityId failed: %08x, expected E_INVALIDARG\n", hres);
 151     hres = IInternetSecurityManager_GetSecurityId(secmgr, secmgr_tests[1].url,
 152                                                   NULL, &size, 0);
 153     ok(hres == E_INVALIDARG,
 154        "GetSecurityId failed: %08x, expected E_INVALIDARG\n", hres);
 155     hres = IInternetSecurityManager_GetSecurityId(secmgr, secmgr_tests[1].url,
 156                                                   buf, NULL, 0);
 157     ok(hres == E_INVALIDARG,
 158        "GetSecurityId failed: %08x, expected E_INVALIDARG\n", hres);
 159
 160     hres = IInternetSecurityManager_ProcessUrlAction(secmgr, NULL, URLACTION_SCRIPT_RUN, (BYTE*)&policy,
 161             sizeof(WCHAR), NULL, 0, 0, 0);
 162     ok(hres == E_INVALIDARG, "ProcessUrlAction failed: %08x, expected E_INVALIDARG\n", hres);
 163
 164     IInternetSecurityManager_Release(secmgr);
 165 }
 166
 167 /* Check if Internet Explorer is configured to run in "Enhanced Security Configuration" (aka hardened mode) */
 168 /* Note: this code is duplicated in dlls/mshtml/tests/dom.c, dlls/mshtml/tests/script.c and dlls/urlmon/tests/sec_mgr.c */
 169 static BOOL is_ie_hardened(void)
 170 {
 171     HKEY zone_map;
 172     DWORD ie_harden, type, size;
 173
 174     ie_harden = 0;
 175     if(RegOpenKeyExA(HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap",
 176                     0, KEY_QUERY_VALUE, &zone_map) == ERROR_SUCCESS) {
 177         size = sizeof(DWORD);
 178         if (RegQueryValueExA(zone_map, "IEHarden", NULL, &type, (LPBYTE) &ie_harden, &size) != ERROR_SUCCESS ||
 179             type != REG_DWORD) {
 180             ie_harden = 0;
 181         }
 182         RegCloseKey(zone_map);
 183     }
 184
 185     return ie_harden != 0;
 186 }
 187
 188 static void test_url_action(IInternetSecurityManager *secmgr, IInternetZoneManager *zonemgr, DWORD action)
 189 {
 190     DWORD res, size, policy, reg_policy;
 191     char buf[10];
 192     HKEY hkey;
 193     HRESULT hres;
 194
 195     /* FIXME: HKEY_CURRENT_USER is most of the time the default but this can be changed on a system.
 196      * The test should be changed to cope with that, if need be.
 197      */
 198     res = RegOpenKeyA(HKEY_CURRENT_USER,
 199             "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", &hkey);
 200     if(res != ERROR_SUCCESS) {
 201         ok(0, "Could not open zone key\n");
 202         return;
 203     }
 204
 205     wsprintf(buf, "%X", action);
 206     size = sizeof(DWORD);
 207     res = RegQueryValueExA(hkey, buf, NULL, NULL, (BYTE*)&reg_policy, &size);
 208     RegCloseKey(hkey);
 209     if(res != ERROR_SUCCESS || size != sizeof(DWORD)) {
 210         policy = 0xdeadbeef;
 211         hres = IInternetSecurityManager_ProcessUrlAction(secmgr, url9, action, (BYTE*)&policy,
 212                 sizeof(WCHAR), NULL, 0, 0, 0);
 213         ok(hres == E_FAIL, "ProcessUrlAction(%x) failed: %08x, expected E_FAIL\n", action, hres);
 214         ok(policy == 0xdeadbeef, "(%x) policy=%x\n", action, policy);
 215
 216         policy = 0xdeadbeef;
 217         hres = IInternetZoneManager_GetZoneActionPolicy(zonemgr, 3, action, (BYTE*)&policy,
 218                 sizeof(DWORD), URLZONEREG_DEFAULT);
 219         ok(hres == E_FAIL, "GetZoneActionPolicy failed: %08x, expected E_FAIL\n", hres);
 220         ok(policy == 0xdeadbeef, "(%x) policy=%x\n", action, policy);
 221         return;
 222     }
 223
 224     policy = 0xdeadbeef;
 225     hres = IInternetZoneManager_GetZoneActionPolicy(zonemgr, 3, action, (BYTE*)&policy,
 226             sizeof(DWORD), URLZONEREG_DEFAULT);
 227     ok(hres == S_OK, "GetZoneActionPolicy failed: %08x\n", hres);
 228     ok(policy == reg_policy, "(%x) policy=%x, expected %x\n", action, policy, reg_policy);
 229
 230     if(policy != URLPOLICY_QUERY) {
 231         if(winetest_interactive || ! is_ie_hardened()) {
 232             policy = 0xdeadbeef;
 233             hres = IInternetSecurityManager_ProcessUrlAction(secmgr, url9, action, (BYTE*)&policy,
 234                     sizeof(WCHAR), NULL, 0, 0, 0);
 235             if(reg_policy == URLPOLICY_DISALLOW)
 236                 ok(hres == S_FALSE, "ProcessUrlAction(%x) failed: %08x, expected S_FALSE\n", action, hres);
 237             else
 238                 ok(hres == S_OK, "ProcessUrlAction(%x) failed: %08x\n", action, hres);
 239             ok(policy == 0xdeadbeef, "(%x) policy=%x\n", action, policy);
 240         }else {
 241             skip("IE running in Enhanced Security Configuration\n");
 242         }
 243     }
 244 }
 245
 246 static void test_special_url_action(IInternetSecurityManager *secmgr, IInternetZoneManager *zonemgr, DWORD action)
 247 {
 248     DWORD policy;
 249     HRESULT hres;
 250
 251     policy = 0xdeadbeef;
 252     hres = IInternetZoneManager_GetZoneActionPolicy(zonemgr, 3, action, (BYTE*)&policy,
 253             sizeof(DWORD), URLZONEREG_DEFAULT);
 254     ok(hres == S_OK, "GetZoneActionPolicy failed: %08x\n", hres);
 255     ok(policy == URLPOLICY_DISALLOW, "(%x) policy=%x, expected URLPOLICY_DISALLOW\n", action, policy);
 256
 257     policy = 0xdeadbeef;
 258     hres = IInternetSecurityManager_ProcessUrlAction(secmgr, url1, action, (BYTE*)&policy,
 259             sizeof(WCHAR), NULL, 0, 0, 0);
 260     ok(hres == S_FALSE, "ProcessUrlAction(%x) failed: %08x, expected S_FALSE\n", action, hres);
 261 }
 262
 263 static void test_polices(void)
 264 {
 265     IInternetZoneManager *zonemgr = NULL;
 266     IInternetSecurityManager *secmgr = NULL;
 267     HRESULT hres;
 268
 269     hres = CoInternetCreateSecurityManager(NULL, &secmgr, 0);
 270     ok(hres == S_OK, "CoInternetCreateSecurityManager failed: %08x\n", hres);
 271     hres = CoInternetCreateZoneManager(NULL, &zonemgr, 0);
 272     ok(hres == S_OK, "CoInternetCreateZoneManager failed: %08x\n", hres);
 273
 274     test_url_action(secmgr, zonemgr, URLACTION_SCRIPT_RUN);
 275     test_url_action(secmgr, zonemgr, URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY);
 276     test_url_action(secmgr, zonemgr, URLACTION_CHANNEL_SOFTDIST_PERMISSIONS);
 277     test_url_action(secmgr, zonemgr, 0xdeadbeef);
 278
 279     test_special_url_action(secmgr, zonemgr, URLACTION_SCRIPT_OVERRIDE_SAFETY);
 280
 281     IInternetSecurityManager_Release(secmgr);
 282     IInternetZoneManager_Release(zonemgr);
 283 }
 284
 285 static void test_CreateZoneEnumerator(void)
 286 {
 287     IInternetZoneManager *zonemgr = NULL;
 288     HRESULT hr;
 289     DWORD dwEnum;
 290     DWORD dwEnum2;
 291     DWORD dwCount;
 292     DWORD dwCount2;
 293
 294     hr = CoInternetCreateZoneManager(NULL, &zonemgr, 0);
 295     ok(hr == S_OK, "CoInternetCreateZoneManager result: 0x%x\n", hr);
 296     if (FAILED(hr))
 297         return;
 298
 299     dwEnum=0xdeadbeef;
 300     hr = IInternetZoneManager_CreateZoneEnumerator(zonemgr, &dwEnum, NULL, 0);
 301     ok((hr == E_INVALIDARG) && (dwEnum == 0xdeadbeef),
 302         "got 0x%x with 0x%x (expected E_INVALIDARG with 0xdeadbeef)\n", hr, dwEnum);
 303
 304     dwCount=0xdeadbeef;
 305     hr = IInternetZoneManager_CreateZoneEnumerator(zonemgr, NULL, &dwCount, 0);
 306     ok((hr == E_INVALIDARG) && (dwCount == 0xdeadbeef),
 307         "got 0x%x and 0x%x (expected E_INVALIDARG and 0xdeadbeef)\n", hr, dwCount);
 308
 309     dwEnum=0xdeadbeef;
 310     dwCount=0xdeadbeef;
 311     hr = IInternetZoneManager_CreateZoneEnumerator(zonemgr, &dwEnum, &dwCount, 0xffffffff);
 312     ok((hr == E_INVALIDARG) && (dwEnum == 0xdeadbeef) && (dwCount == 0xdeadbeef),
 313         "got 0x%x with 0x%x and 0x%x (expected E_INVALIDARG with 0xdeadbeef and 0xdeadbeef)\n",
 314         hr, dwEnum, dwCount);
 315
 316     dwEnum=0xdeadbeef;
 317     dwCount=0xdeadbeef;
 318     hr = IInternetZoneManager_CreateZoneEnumerator(zonemgr, &dwEnum, &dwCount, 1);
 319     ok((hr == E_INVALIDARG) && (dwEnum == 0xdeadbeef) && (dwCount == 0xdeadbeef),
 320         "got 0x%x with 0x%x and 0x%x (expected E_INVALIDARG with 0xdeadbeef and 0xdeadbeef)\n",
 321         hr, dwEnum, dwCount);
 322
 323     dwEnum=0xdeadbeef;
 324     dwCount=0xdeadbeef;
 325     /* Normal use */
 326     hr = IInternetZoneManager_CreateZoneEnumerator(zonemgr, &dwEnum, &dwCount, 0);
 327     ok(hr == S_OK, "got 0x%x (expected S_OK)\n", hr);
 328
 329     if (SUCCEEDED(hr)) {
 330         dwEnum2=0xdeadbeef;
 331         dwCount2=0xdeadbeef;
 332         hr = IInternetZoneManager_CreateZoneEnumerator(zonemgr, &dwEnum2, &dwCount2, 0);
 333         ok(hr == S_OK, "got 0x%x (expected S_OK)\n", hr);
 334         if (SUCCEEDED(hr)) {
 335             /* native urlmon has an incrementing counter for dwEnum */
 336             hr = IInternetZoneManager_DestroyZoneEnumerator(zonemgr, dwEnum2);
 337             ok(hr == S_OK, "got 0x%x (expected S_OK)\n", hr);
 338         }
 339
 340         hr = IInternetZoneManager_DestroyZoneEnumerator(zonemgr, dwEnum);
 341         ok(hr == S_OK, "got 0x%x (expected S_OK)\n", hr);
 342
 343         /* Destroy the Enumerator twice is detected and handled in native urlmon */
 344         hr = IInternetZoneManager_DestroyZoneEnumerator(zonemgr, dwEnum);
 345         ok((hr == E_INVALIDARG), "got 0x%x (expected E_INVALIDARG)\n", hr);
 346     }
 347
 348     /* ::Release succeed also, when a ::DestroyZoneEnumerator is missing */
 349     hr = IInternetZoneManager_Release(zonemgr);
 350     ok(hr == S_OK, "got 0x%x (expected S_OK)\n", hr);
 351 }
 352
 353 static void test_GetZoneActionPolicy(void)
 354 {
 355     IInternetZoneManager *zonemgr = NULL;
 356     BYTE buf[32];
 357     HRESULT hres;
 358     DWORD action = URLACTION_CREDENTIALS_USE; /* Implemented on all IE versions */
 359
 360     hres = CoInternetCreateZoneManager(NULL, &zonemgr, 0);
 361     ok(hres == S_OK, "CoInternetCreateZoneManager failed: %08x\n", hres);
 362     if(FAILED(hres))
 363         return;
 364
 365     hres = IInternetZoneManager_GetZoneActionPolicy(zonemgr, 3, action, buf,
 366             sizeof(DWORD), URLZONEREG_DEFAULT);
 367     ok(hres == S_OK, "GetZoneActionPolicy failed: %08x\n", hres);
 368     ok(*(DWORD*)buf == URLPOLICY_CREDENTIALS_SILENT_LOGON_OK ||
 369             *(DWORD*)buf == URLPOLICY_CREDENTIALS_MUST_PROMPT_USER ||
 370             *(DWORD*)buf == URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT ||
 371             *(DWORD*)buf == URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY,
 372             "unexpected policy=%d\n", *(DWORD*)buf);
 373
 374     hres = IInternetZoneManager_GetZoneActionPolicy(zonemgr, 3, action, NULL,
 375             sizeof(DWORD), URLZONEREG_DEFAULT);
 376     ok(hres == E_INVALIDARG, "GetZoneActionPolicy failed: %08x, expected E_INVALIDARG\n", hres);
 377
 378     hres = IInternetZoneManager_GetZoneActionPolicy(zonemgr, 3, action, buf,
 379             2, URLZONEREG_DEFAULT);
 380     ok(hres == E_INVALIDARG, "GetZoneActionPolicy failed: %08x, expected E_INVALIDARG\n", hres);
 381
 382     hres = IInternetZoneManager_GetZoneActionPolicy(zonemgr, 3, 0x1fff, buf,
 383             sizeof(DWORD), URLZONEREG_DEFAULT);
 384     ok(hres == E_FAIL, "GetZoneActionPolicy failed: %08x, expected E_FAIL\n", hres);
 385
 386     hres = IInternetZoneManager_GetZoneActionPolicy(zonemgr, 13, action, buf,
 387             sizeof(DWORD), URLZONEREG_DEFAULT);
 388     ok(hres == E_INVALIDARG, "GetZoneActionPolicy failed: %08x, expected E_INVALIDARG\n", hres);
 389
 390     IInternetZoneManager_Release(zonemgr);
 391 }
 392
 393 static void test_GetZoneAt(void)
 394 {
 395     IInternetZoneManager *zonemgr = NULL;
 396     HRESULT hr;
 397     DWORD dwEnum;
 398     DWORD dwCount;
 399     DWORD dwZone;
 400     DWORD i;
 401
 402     hr = CoInternetCreateZoneManager(NULL, &zonemgr, 0);
 403     ok(hr == S_OK, "CoInternetCreateZoneManager result: 0x%x\n", hr);
 404     if (FAILED(hr))
 405         return;
 406
 407     hr = IInternetZoneManager_CreateZoneEnumerator(zonemgr, &dwEnum, &dwCount, 0);
 408     if (FAILED(hr))
 409         goto cleanup;
 410
 411     if (0) {
 412         /* this crashes with native urlmon */
 413         hr = IInternetZoneManager_GetZoneAt(zonemgr, dwEnum, 0, NULL);
 414     }
 415
 416     dwZone = 0xdeadbeef;
 417     hr = IInternetZoneManager_GetZoneAt(zonemgr, 0xdeadbeef, 0, &dwZone);
 418     ok(hr == E_INVALIDARG,
 419         "got 0x%x with 0x%x (expected E_INVALIDARG)\n", hr, dwZone);
 420
 421     for (i = 0; i < dwCount; i++)
 422     {
 423         dwZone = 0xdeadbeef;
 424         hr = IInternetZoneManager_GetZoneAt(zonemgr, dwEnum, i, &dwZone);
 425         ok(hr == S_OK, "#%d: got x%x with %d (expected S_OK)\n", i, hr, dwZone);
 426     }
 427
 428     dwZone = 0xdeadbeef;
 429     /* MSDN (index .. must be .. less than or equal to) is wrong */
 430     hr = IInternetZoneManager_GetZoneAt(zonemgr, dwEnum, dwCount, &dwZone);
 431     ok(hr == E_INVALIDARG,
 432         "got 0x%x with 0x%x (expected E_INVALIDARG)\n", hr, dwZone);
 433
 434     hr = IInternetZoneManager_DestroyZoneEnumerator(zonemgr, dwEnum);
 435     ok(hr == S_OK, "got 0x%x (expected S_OK)\n", hr);
 436
 437 cleanup:
 438     hr = IInternetZoneManager_Release(zonemgr);
 439     ok(hr == S_OK, "got 0x%x (expected S_OK)\n", hr);
 440 }
 441
 442 static void test_GetZoneAttributes(void)
 443 {
 444     IInternetZoneManager *zonemgr = NULL;
 445     CHAR buffer [sizeof(ZONEATTRIBUTES) + 32];
 446     ZONEATTRIBUTES* pZA = (ZONEATTRIBUTES*) buffer;
 447     HRESULT hr;
 448     DWORD i;
 449
 450     hr = CoInternetCreateZoneManager(NULL, &zonemgr, 0);
 451     ok(hr == S_OK, "CoInternetCreateZoneManager result: 0x%x\n", hr);
 452     if (FAILED(hr))
 453         return;
 454
 455     /* native urlmon has Zone "0" upto Zone "4" since IE4 */
 456     for (i = 0; i < 5; i++) {
 457         memset(buffer, -1, sizeof(buffer));
 458         hr = IInternetZoneManager_GetZoneAttributes(zonemgr, i, pZA);
 459         ok(hr == S_OK, "#%d: got 0x%x (expected S_OK)\n", i, hr);
 460     }
 461
 462     /* IE8 no longer set cbSize */
 463     memset(buffer, -1, sizeof(buffer));
 464     pZA->cbSize = 0;
 465     hr = IInternetZoneManager_GetZoneAttributes(zonemgr, 0, pZA);
 466     ok(hr == S_OK, "got 0x%x (expected S_OK)\n", hr);
 467     ok((pZA->cbSize == 0) || (pZA->cbSize == sizeof(ZONEATTRIBUTES)),
 468         "got cbSize = %d (expected 0)\n", pZA->cbSize);
 469
 470     memset(buffer, -1, sizeof(buffer));
 471     pZA->cbSize = 64;
 472     hr = IInternetZoneManager_GetZoneAttributes(zonemgr, 0, pZA);
 473     ok(hr == S_OK, "got 0x%x (expected S_OK)\n", hr);
 474     ok((pZA->cbSize == 64) || (pZA->cbSize == sizeof(ZONEATTRIBUTES)),
 475         "got cbSize = %d (expected 64)\n", pZA->cbSize);
 476
 477     memset(buffer, -1, sizeof(buffer));
 478     hr = IInternetZoneManager_GetZoneAttributes(zonemgr, 0, pZA);
 479     ok(hr == S_OK, "got 0x%x (expected S_OK)\n", hr);
 480     ok((pZA->cbSize == 0xffffffff) || (pZA->cbSize == sizeof(ZONEATTRIBUTES)),
 481         "got cbSize = 0x%x (expected 0xffffffff)\n", pZA->cbSize);
 482
 483     /* IE8 no longer fail on invalid zones */
 484     memset(buffer, -1, sizeof(buffer));
 485     hr = IInternetZoneManager_GetZoneAttributes(zonemgr, 0xdeadbeef, pZA);
 486     ok(hr == S_OK || (hr == E_FAIL),
 487         "got 0x%x (expected S_OK or E_FAIL)\n", hr);
 488
 489     hr = IInternetZoneManager_GetZoneAttributes(zonemgr, 0, NULL);
 490     ok(hr == E_INVALIDARG, "got 0x%x (expected E_INVALIDARG)\n", hr);
 491
 492     hr = IInternetZoneManager_Release(zonemgr);
 493     ok(hr == S_OK, "got 0x%x (expected S_OK)\n", hr);
 494 }
 495
 496
 497 START_TEST(sec_mgr)
 498 {
 499     OleInitialize(NULL);
 500
 501     test_SecurityManager();
 502     test_polices();
 503     test_CreateZoneEnumerator();
 504     test_GetZoneActionPolicy();
 505     test_GetZoneAt();
 506     test_GetZoneAttributes();
 507
 508     OleUninitialize();
 509 }