dlls/mshtml/secmgr.c

   1 /*
   2  * Copyright 2009 Jacek Caban for CodeWeavers
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the Free Software
  16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  17  */
  18
  19 #include "config.h"
  20
  21 #include <stdarg.h>
  22 #include <stdio.h>
  23
  24 #define COBJMACROS
  25
  26 #include "windef.h"
  27 #include "winbase.h"
  28 #include "winuser.h"
  29 #include "ole2.h"
  30 #include "activscp.h"
  31
  32 #include "wine/debug.h"
  33
  34 #include "mshtml_private.h"
  35
  36 WINE_DEFAULT_DEBUG_CHANNEL(mshtml);
  37
  38 static const WCHAR about_blankW[] = {'a','b','o','u','t',':','b','l','a','n','k',0};
  39
  40 /* Defined as extern in urlmon.idl, but not exported by uuid.lib */
  41 DECLSPEC_HIDDEN const GUID GUID_CUSTOM_CONFIRMOBJECTSAFETY =
  42     {0x10200490,0xfa38,0x11d0,{0xac,0x0e,0x00,0xa0,0xc9,0xf,0xff,0xc0}};
  43
  44 static inline HTMLDocumentNode *impl_from_IInternetHostSecurityManager(IInternetHostSecurityManager *iface)
  45 {
  46     return CONTAINING_RECORD(iface, HTMLDocumentNode, IInternetHostSecurityManager_iface);
  47 }
  48
  49 static HRESULT WINAPI InternetHostSecurityManager_QueryInterface(IInternetHostSecurityManager *iface, REFIID riid, void **ppv)
  50 {
  51     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
  52     return IHTMLDOMNode_QueryInterface(&This->node.IHTMLDOMNode_iface, riid, ppv);
  53 }
  54
  55 static ULONG WINAPI InternetHostSecurityManager_AddRef(IInternetHostSecurityManager *iface)
  56 {
  57     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
  58     return IHTMLDOMNode_AddRef(&This->node.IHTMLDOMNode_iface);
  59 }
  60
  61 static ULONG WINAPI InternetHostSecurityManager_Release(IInternetHostSecurityManager *iface)
  62 {
  63     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
  64     return IHTMLDOMNode_Release(&This->node.IHTMLDOMNode_iface);
  65 }
  66
  67 static HRESULT WINAPI InternetHostSecurityManager_GetSecurityId(IInternetHostSecurityManager *iface,  BYTE *pbSecurityId,
  68         DWORD *pcbSecurityId, DWORD_PTR dwReserved)
  69 {
  70     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
  71     FIXME("(%p)->(%p %p %lx)\n", This, pbSecurityId, pcbSecurityId, dwReserved);
  72     return E_NOTIMPL;
  73 }
  74
  75 static HRESULT WINAPI InternetHostSecurityManager_ProcessUrlAction(IInternetHostSecurityManager *iface, DWORD dwAction,
  76         BYTE *pPolicy, DWORD cbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwFlags, DWORD dwReserved)
  77 {
  78     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
  79     const WCHAR *url;
  80
  81     TRACE("(%p)->(%d %p %d %p %d %x %x)\n", This, dwAction, pPolicy, cbPolicy, pContext, cbContext, dwFlags, dwReserved);
  82
  83     url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
  84
  85     return IInternetSecurityManager_ProcessUrlAction(This->basedoc.window->secmgr, url, dwAction, pPolicy, cbPolicy,
  86             pContext, cbContext, dwFlags, dwReserved);
  87 }
  88
  89 static HRESULT confirm_safety_load(HTMLDocumentNode *This, struct CONFIRMSAFETY *cs, DWORD *ret)
  90 {
  91     IObjectSafety *obj_safety;
  92     HRESULT hres;
  93
  94     hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
  95     if(SUCCEEDED(hres)) {
  96         hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch,
  97                 INTERFACESAFE_FOR_UNTRUSTED_DATA, INTERFACESAFE_FOR_UNTRUSTED_DATA);
  98         IObjectSafety_Release(obj_safety);
  99         *ret = SUCCEEDED(hres) ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
 100     }else {
 101         CATID init_catid = CATID_SafeForInitializing;
 102
 103         hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &init_catid, 0, NULL);
 104         if(FAILED(hres))
 105             return hres;
 106
 107         *ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
 108     }
 109
 110     return S_OK;
 111 }
 112
 113 static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct CONFIRMSAFETY *cs, DWORD *ret)
 114 {
 115     DWORD policy, enabled_opts, supported_opts;
 116     IObjectSafety *obj_safety;
 117     HRESULT hres;
 118
 119     TRACE("%s %p %s\n", debugstr_w(url), cs->pUnk, debugstr_guid(&cs->clsid));
 120
 121     /* FIXME: Check URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY */
 122
 123     hres = IInternetSecurityManager_ProcessUrlAction(This->basedoc.window->secmgr, url, URLACTION_SCRIPT_SAFE_ACTIVEX,
 124             (BYTE*)&policy, sizeof(policy), NULL, 0, 0, 0);
 125     if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
 126         *ret = URLPOLICY_DISALLOW;
 127         return S_OK;
 128     }
 129
 130     hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
 131     if(SUCCEEDED(hres)) {
 132         hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
 133         if(FAILED(hres))
 134             supported_opts = 0;
 135
 136         enabled_opts = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
 137         if(supported_opts & INTERFACE_USES_SECURITY_MANAGER)
 138             enabled_opts |= INTERFACE_USES_SECURITY_MANAGER;
 139
 140         hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
 141         if(FAILED(hres)) {
 142             enabled_opts &= ~INTERFACE_USES_SECURITY_MANAGER;
 143             hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch, enabled_opts, enabled_opts);
 144         }
 145         IObjectSafety_Release(obj_safety);
 146
 147         if(FAILED(hres)) {
 148             *ret = URLPOLICY_DISALLOW;
 149             return S_OK;
 150         }
 151     }else {
 152         CATID scripting_catid = CATID_SafeForScripting;
 153
 154         if(!This->catmgr) {
 155             hres = CoCreateInstance(&CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER,
 156                     &IID_ICatInformation, (void**)&This->catmgr);
 157             if(FAILED(hres))
 158                 return hres;
 159         }
 160
 161         hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &scripting_catid, 0, NULL);
 162         if(FAILED(hres))
 163             return hres;
 164
 165         if(hres != S_OK) {
 166             *ret = URLPOLICY_DISALLOW;
 167             return S_OK;
 168         }
 169     }
 170
 171     if(cs->dwFlags & CONFIRMSAFETYACTION_LOADOBJECT)
 172         return confirm_safety_load(This, cs, ret);
 173
 174     *ret = URLPOLICY_ALLOW;
 175     return S_OK;
 176 }
 177
 178 static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager *iface, REFGUID guidKey,
 179         BYTE **ppPolicy, DWORD *pcbPolicy, BYTE *pContext, DWORD cbContext, DWORD dwReserved)
 180 {
 181     HTMLDocumentNode *This = impl_from_IInternetHostSecurityManager(iface);
 182     const WCHAR *url;
 183     HRESULT hres;
 184
 185     TRACE("(%p)->(%s %p %p %p %d %x)\n", This, debugstr_guid(guidKey), ppPolicy, pcbPolicy, pContext, cbContext, dwReserved);
 186
 187     url = This->basedoc.window->url ? This->basedoc.window->url : about_blankW;
 188
 189     hres = IInternetSecurityManager_QueryCustomPolicy(This->basedoc.window->secmgr, url, guidKey, ppPolicy, pcbPolicy,
 190             pContext, cbContext, dwReserved);
 191     if(hres != HRESULT_FROM_WIN32(ERROR_NOT_FOUND))
 192         return hres;
 193
 194     if(IsEqualGUID(&GUID_CUSTOM_CONFIRMOBJECTSAFETY, guidKey)) {
 195         IActiveScript *active_script;
 196         struct CONFIRMSAFETY *cs;
 197         DWORD policy;
 198
 199         if(cbContext != sizeof(struct CONFIRMSAFETY)) {
 200             FIXME("wrong context size\n");
 201             return E_FAIL;
 202         }
 203
 204         cs = (struct CONFIRMSAFETY*)pContext;
 205         TRACE("cs = {%s %p %x}\n", debugstr_guid(&cs->clsid), cs->pUnk, cs->dwFlags);
 206
 207         hres = IUnknown_QueryInterface(cs->pUnk, &IID_IActiveScript, (void**)&active_script);
 208         if(SUCCEEDED(hres)) {
 209             FIXME("Got IAciveScript iface\n");
 210             IActiveScript_Release(active_script);
 211             return E_FAIL;
 212         }
 213
 214         hres = confirm_safety(This, url, cs, &policy);
 215         if(FAILED(hres))
 216             return hres;
 217
 218         *ppPolicy = CoTaskMemAlloc(sizeof(policy));
 219         if(!*ppPolicy)
 220             return E_OUTOFMEMORY;
 221
 222         *(DWORD*)*ppPolicy = policy;
 223         *pcbPolicy = sizeof(policy);
 224         TRACE("policy %x\n", policy);
 225         return S_OK;
 226     }
 227
 228     FIXME("Unknown guidKey %s\n", debugstr_guid(guidKey));
 229     return hres;
 230 }
 231
 232 static const IInternetHostSecurityManagerVtbl InternetHostSecurityManagerVtbl = {
 233     InternetHostSecurityManager_QueryInterface,
 234     InternetHostSecurityManager_AddRef,
 235     InternetHostSecurityManager_Release,
 236     InternetHostSecurityManager_GetSecurityId,
 237     InternetHostSecurityManager_ProcessUrlAction,
 238     InternetHostSecurityManager_QueryCustomPolicy
 239 };
 240
 241 void HTMLDocumentNode_SecMgr_Init(HTMLDocumentNode *This)
 242 {
 243     This->IInternetHostSecurityManager_iface.lpVtbl = &InternetHostSecurityManagerVtbl;
 244 }