Commit f793d2cf authored by Piotr Caban's avatar Piotr Caban Committed by Alexandre Julliard

jscript: Added more safety options flags handling to create_activex_object.

parent 63a05db4
......@@ -58,7 +58,7 @@ static IInternetHostSecurityManager *get_sec_mgr(script_ctx_t *ctx)
static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid)
{
IInternetHostSecurityManager *secmgr;
IInternetHostSecurityManager *secmgr = NULL;
IObjectWithSite *obj_site;
struct CONFIRMSAFETY cs;
IClassFactoryEx *cfex;
......@@ -76,15 +76,17 @@ static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid)
TRACE("GUID %s\n", debugstr_guid(&guid));
secmgr = get_sec_mgr(ctx);
if(!secmgr)
return NULL;
if(ctx->safeopt & INTERFACE_USES_SECURITY_MANAGER) {
secmgr = get_sec_mgr(ctx);
if(!secmgr)
return NULL;
policy = 0;
hres = IInternetHostSecurityManager_ProcessUrlAction(secmgr, URLACTION_ACTIVEX_RUN, (BYTE*)&policy, sizeof(policy),
(BYTE*)&guid, sizeof(GUID), 0, 0);
if(FAILED(hres) || policy != URLPOLICY_ALLOW)
return NULL;
policy = 0;
hres = IInternetHostSecurityManager_ProcessUrlAction(secmgr, URLACTION_ACTIVEX_RUN,
(BYTE*)&policy, sizeof(policy), (BYTE*)&guid, sizeof(GUID), 0, 0);
if(FAILED(hres) || policy != URLPOLICY_ALLOW)
return NULL;
}
hres = CoGetClassObject(&guid, CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER, NULL, &IID_IClassFactory, (void**)&cf);
if(FAILED(hres))
......@@ -100,19 +102,21 @@ static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid)
if(FAILED(hres))
return NULL;
cs.clsid = guid;
cs.pUnk = obj;
cs.dwFlags = 0;
hres = IInternetHostSecurityManager_QueryCustomPolicy(secmgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY, &bpolicy, &policy_size,
(BYTE*)&cs, sizeof(cs), 0);
if(SUCCEEDED(hres)) {
policy = policy_size >= sizeof(DWORD) ? *(DWORD*)bpolicy : URLPOLICY_DISALLOW;
CoTaskMemFree(bpolicy);
}
if(secmgr) {
cs.clsid = guid;
cs.pUnk = obj;
cs.dwFlags = 0;
hres = IInternetHostSecurityManager_QueryCustomPolicy(secmgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY,
&bpolicy, &policy_size, (BYTE*)&cs, sizeof(cs), 0);
if(SUCCEEDED(hres)) {
policy = policy_size >= sizeof(DWORD) ? *(DWORD*)bpolicy : URLPOLICY_DISALLOW;
CoTaskMemFree(bpolicy);
}
if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
IUnknown_Release(obj);
return NULL;
if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
IUnknown_Release(obj);
return NULL;
}
}
hres = IUnknown_QueryInterface(obj, &IID_IObjectWithSite, (void**)&obj_site);
......@@ -150,7 +154,8 @@ static HRESULT ActiveXObject_value(script_ctx_t *ctx, vdisp_t *jsthis, WORD flag
return E_NOTIMPL;
}
if(ctx->safeopt != (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER)) {
if(ctx->safeopt != (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER)
&& ctx->safeopt != INTERFACE_USES_DISPEX) {
FIXME("Unsupported safeopt %x\n", ctx->safeopt);
return E_NOTIMPL;
}
......
......@@ -188,8 +188,8 @@ static HRESULT WINAPI DispatchEx_QueryInterface(IDispatchEx *iface, REFIID riid,
}else if(IsEqualGUID(&IID_IObjectWithSite, riid)) {
CHECK_EXPECT(QI_IObjectWithSite);
*ppv = object_with_site;
}else {
return E_NOINTERFACE;
}else if(IsEqualGUID(&IID_IObjectSafety, riid)) {
ok(0, "Unexpected IID_IObjectSafety query\n");
}
return *ppv ? S_OK : E_NOINTERFACE;
......@@ -662,10 +662,10 @@ static const IActiveScriptSiteVtbl ActiveScriptSiteVtbl = {
static IActiveScriptSite ActiveScriptSite = { &ActiveScriptSiteVtbl };
static void set_safety_options(IUnknown *unk)
static void set_safety_options(IUnknown *unk, BOOL use_sec_mgr)
{
IObjectSafety *safety;
DWORD supported, enabled;
DWORD supported, enabled, options_all, options_set;
HRESULT hres;
hres = IUnknown_QueryInterface(unk, &IID_IObjectSafety, (void**)&safety);
......@@ -673,18 +673,20 @@ static void set_safety_options(IUnknown *unk)
if(FAILED(hres))
return;
hres = IObjectSafety_SetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse,
INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER,
INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER);
options_all = INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER;
if(use_sec_mgr)
options_set = options_all;
else
options_set = INTERFACE_USES_DISPEX;
hres = IObjectSafety_SetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse, options_all, options_set);
ok(hres == S_OK, "SetInterfaceSafetyOptions failed: %08x\n", hres);
supported = enabled = 0xdeadbeef;
hres = IObjectSafety_GetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse, &supported, &enabled);
ok(hres == S_OK, "GetInterfaceSafetyOptions failed: %08x\n", hres);
ok(supported == (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER),
"supported=%x\n", supported);
ok(enabled == (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER),
"enabled=%x\n", enabled);
ok(supported == options_all, "supported=%x, expected %x\n", supported, options_all);
ok(enabled == options_set, "enabled=%x, expected %x\n", enabled, options_set);
IObjectSafety_Release(safety);
}
......@@ -701,7 +703,7 @@ static void _parse_script_a(unsigned line, IActiveScriptParse *parser, const cha
ok_(__FILE__,line)(hres == S_OK, "ParseScriptText failed: %08x\n", hres);
}
static IActiveScriptParse *create_script(BOOL skip_tests)
static IActiveScriptParse *create_script(BOOL skip_tests, BOOL use_sec_mgr)
{
IActiveScriptParse *parser;
IActiveScript *script;
......@@ -725,7 +727,7 @@ static IActiveScriptParse *create_script(BOOL skip_tests)
return NULL;
if(!skip_tests)
set_safety_options((IUnknown*)script);
set_safety_options((IUnknown*)script, use_sec_mgr);
hres = IActiveScript_QueryInterface(script, &IID_IActiveScriptParse, (void**)&parser);
ok(hres == S_OK, "Could not get IActiveScriptParse: %08x\n", hres);
......@@ -804,7 +806,7 @@ static void test_ActiveXObject(void)
IActiveScriptParse *parser;
IDispatchEx *proc;
parser = create_script(FALSE);
parser = create_script(FALSE, TRUE);
SET_EXPECT(Host_QS_SecMgr);
SET_EXPECT(ProcessUrlAction);
......@@ -849,7 +851,7 @@ static void test_ActiveXObject(void)
IDispatchEx_Release(proc);
IUnknown_Release(parser);
parser = create_script(FALSE);
parser = create_script(FALSE, TRUE);
proc = parse_procedure_a(parser, "(new ActiveXObject('Wine.Test')).reportSuccess();");
SET_EXPECT(Host_QS_SecMgr);
......@@ -871,7 +873,7 @@ static void test_ActiveXObject(void)
IDispatchEx_Release(proc);
IUnknown_Release(parser);
parser = create_script(FALSE);
parser = create_script(FALSE, TRUE);
QS_SecMgr_hres = E_NOINTERFACE;
SET_EXPECT(Host_QS_SecMgr);
......@@ -880,7 +882,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
parser = create_script(FALSE);
parser = create_script(FALSE, TRUE);
ProcessUrlAction_hres = E_FAIL;
SET_EXPECT(Host_QS_SecMgr);
......@@ -891,7 +893,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
parser = create_script(FALSE);
parser = create_script(FALSE, TRUE);
ProcessUrlAction_policy = URLPOLICY_DISALLOW;
SET_EXPECT(Host_QS_SecMgr);
......@@ -902,7 +904,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
parser = create_script(FALSE);
parser = create_script(FALSE, TRUE);
CreateInstance_hres = E_FAIL;
SET_EXPECT(Host_QS_SecMgr);
......@@ -915,7 +917,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
parser = create_script(FALSE);
parser = create_script(FALSE, TRUE);
QueryCustomPolicy_hres = E_FAIL;
SET_EXPECT(Host_QS_SecMgr);
......@@ -930,7 +932,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
parser = create_script(FALSE);
parser = create_script(FALSE, TRUE);
QueryCustomPolicy_psize = 6;
SET_EXPECT(Host_QS_SecMgr);
......@@ -949,7 +951,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
parser = create_script(FALSE);
parser = create_script(FALSE, TRUE);
QueryCustomPolicy_policy = URLPOLICY_DISALLOW;
SET_EXPECT(Host_QS_SecMgr);
......@@ -985,7 +987,19 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
parser = create_script(FALSE);
parser = create_script(FALSE, FALSE);
SET_EXPECT(CreateInstance);
SET_EXPECT(QI_IObjectWithSite);
SET_EXPECT(reportSuccess);
parse_script_a(parser, "(new ActiveXObject('Wine.Test')).reportSuccess();");
CHECK_CALLED(CreateInstance);
CHECK_CALLED(QI_IObjectWithSite);
CHECK_CALLED(reportSuccess);
IUnknown_Release(parser);
parser = create_script(FALSE, TRUE);
object_with_site = &ObjectWithSite;
SET_EXPECT(Host_QS_SecMgr);
......@@ -1071,7 +1085,7 @@ static BOOL check_jscript(void)
BSTR str;
HRESULT hres;
parser = create_script(TRUE);
parser = create_script(TRUE, TRUE);
if(!parser)
return FALSE;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment