jscript: Added more safety options flags handling to create_activex_object.

f793d2cf · Piotr Caban · Alexandre Julliard · 63a05db4 · f793d2cf · f793d2cf
Commit f793d2cf authored Oct 14, 2010 by Piotr Caban Committed by Alexandre Julliard Oct 15, 2010
Hide whitespace changes
Inline Side-by-side

Showing with 65 additions and 46 deletions

activex.c dlls/jscript/activex.c +27 -22

activex.c dlls/jscript/tests/activex.c +38 -24

No files found.
--- a/dlls/jscript/activex.c
+++ b/dlls/jscript/activex.c
@@ -58,7 +58,7 @@ static IInternetHostSecurityManager *get_sec_mgr(script_ctx_t *ctx)

 static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid)
 {
-    IInternetHostSecurityManager *secmgr;
+    IInternetHostSecurityManager *secmgr = NULL;
    IObjectWithSite *obj_site;
    struct CONFIRMSAFETY cs;
    IClassFactoryEx *cfex;
@@ -76,15 +76,17 @@ static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid)

    TRACE("GUID %s\n", debugstr_guid(&guid));

-    secmgr = get_sec_mgr(ctx);
-    if(!secmgr)
-        return NULL;
+    if(ctx->safeopt & INTERFACE_USES_SECURITY_MANAGER) {
+        secmgr = get_sec_mgr(ctx);
+        if(!secmgr)
+            return NULL;

-    policy = 0;
-    hres = IInternetHostSecurityManager_ProcessUrlAction(secmgr, URLACTION_ACTIVEX_RUN, (BYTE*)&policy, sizeof(policy),
-            (BYTE*)&guid, sizeof(GUID), 0, 0);
-    if(FAILED(hres) || policy != URLPOLICY_ALLOW)
-        return NULL;
+        policy = 0;
+        hres = IInternetHostSecurityManager_ProcessUrlAction(secmgr, URLACTION_ACTIVEX_RUN,
+                (BYTE*)&policy, sizeof(policy), (BYTE*)&guid, sizeof(GUID), 0, 0);
+        if(FAILED(hres) || policy != URLPOLICY_ALLOW)
+            return NULL;
+    }

    hres = CoGetClassObject(&guid, CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER, NULL, &IID_IClassFactory, (void**)&cf);
    if(FAILED(hres))
@@ -100,19 +102,21 @@ static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid)
    if(FAILED(hres))
        return NULL;

-    cs.clsid = guid;
-    cs.pUnk = obj;
-    cs.dwFlags = 0;
-    hres = IInternetHostSecurityManager_QueryCustomPolicy(secmgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY, &bpolicy, &policy_size,
-            (BYTE*)&cs, sizeof(cs), 0);
-    if(SUCCEEDED(hres)) {
-        policy = policy_size >= sizeof(DWORD) ? *(DWORD*)bpolicy : URLPOLICY_DISALLOW;
-        CoTaskMemFree(bpolicy);
-    }
+    if(secmgr) {
+        cs.clsid = guid;
+        cs.pUnk = obj;
+        cs.dwFlags = 0;
+        hres = IInternetHostSecurityManager_QueryCustomPolicy(secmgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY,
+                &bpolicy, &policy_size, (BYTE*)&cs, sizeof(cs), 0);
+        if(SUCCEEDED(hres)) {
+            policy = policy_size >= sizeof(DWORD) ? *(DWORD*)bpolicy : URLPOLICY_DISALLOW;
+            CoTaskMemFree(bpolicy);
+        }

-    if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
-        IUnknown_Release(obj);
-        return NULL;
+        if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
+            IUnknown_Release(obj);
+            return NULL;
+        }
    }

    hres = IUnknown_QueryInterface(obj, &IID_IObjectWithSite, (void**)&obj_site);
@@ -150,7 +154,8 @@ static HRESULT ActiveXObject_value(script_ctx_t *ctx, vdisp_t *jsthis, WORD flag
        return E_NOTIMPL;
    }

-    if(ctx->safeopt != (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER)) {
+    if(ctx->safeopt != (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER)
+        && ctx->safeopt != INTERFACE_USES_DISPEX) {
        FIXME("Unsupported safeopt %x\n", ctx->safeopt);
        return E_NOTIMPL;
    }

--- a/dlls/jscript/tests/activex.c
+++ b/dlls/jscript/tests/activex.c
@@ -188,8 +188,8 @@ static HRESULT WINAPI DispatchEx_QueryInterface(IDispatchEx *iface, REFIID riid,
    }else if(IsEqualGUID(&IID_IObjectWithSite, riid)) {
        CHECK_EXPECT(QI_IObjectWithSite);
        *ppv = object_with_site;
-    }else {
-        return E_NOINTERFACE;
+    }else if(IsEqualGUID(&IID_IObjectSafety, riid)) {
+        ok(0, "Unexpected IID_IObjectSafety query\n");
    }

    return *ppv ? S_OK : E_NOINTERFACE;
@@ -662,10 +662,10 @@ static const IActiveScriptSiteVtbl ActiveScriptSiteVtbl = {

 static IActiveScriptSite ActiveScriptSite = { &ActiveScriptSiteVtbl };

-static void set_safety_options(IUnknown *unk)
+static void set_safety_options(IUnknown *unk, BOOL use_sec_mgr)
 {
    IObjectSafety *safety;
-    DWORD supported, enabled;
+    DWORD supported, enabled, options_all, options_set;
    HRESULT hres;

    hres = IUnknown_QueryInterface(unk, &IID_IObjectSafety, (void**)&safety);
@@ -673,18 +673,20 @@ static void set_safety_options(IUnknown *unk)
    if(FAILED(hres))
        return;

-    hres = IObjectSafety_SetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse,
-            INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER,
-            INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER);
+    options_all = INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER;
+    if(use_sec_mgr)
+        options_set = options_all;
+    else
+        options_set = INTERFACE_USES_DISPEX;
+
+    hres = IObjectSafety_SetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse, options_all, options_set);
    ok(hres == S_OK, "SetInterfaceSafetyOptions failed: %08x\n", hres);

    supported = enabled = 0xdeadbeef;
    hres = IObjectSafety_GetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse, &supported, &enabled);
    ok(hres == S_OK, "GetInterfaceSafetyOptions failed: %08x\n", hres);
-    ok(supported == (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER),
-       "supported=%x\n", supported);
-    ok(enabled == (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER),
-       "enabled=%x\n", enabled);
+    ok(supported == options_all, "supported=%x, expected %x\n", supported, options_all);
+    ok(enabled == options_set, "enabled=%x, expected %x\n", enabled, options_set);

    IObjectSafety_Release(safety);
 }
@@ -701,7 +703,7 @@ static void _parse_script_a(unsigned line, IActiveScriptParse *parser, const cha
    ok_(__FILE__,line)(hres == S_OK, "ParseScriptText failed: %08x\n", hres);
 }

-static IActiveScriptParse *create_script(BOOL skip_tests)
+static IActiveScriptParse *create_script(BOOL skip_tests, BOOL use_sec_mgr)
 {
    IActiveScriptParse *parser;
    IActiveScript *script;
@@ -725,7 +727,7 @@ static IActiveScriptParse *create_script(BOOL skip_tests)
        return NULL;

    if(!skip_tests)
-        set_safety_options((IUnknown*)script);
+        set_safety_options((IUnknown*)script, use_sec_mgr);

    hres = IActiveScript_QueryInterface(script, &IID_IActiveScriptParse, (void**)&parser);
    ok(hres == S_OK, "Could not get IActiveScriptParse: %08x\n", hres);
@@ -804,7 +806,7 @@ static void test_ActiveXObject(void)
    IActiveScriptParse *parser;
    IDispatchEx *proc;

-    parser = create_script(FALSE);
+    parser = create_script(FALSE, TRUE);

    SET_EXPECT(Host_QS_SecMgr);
    SET_EXPECT(ProcessUrlAction);
@@ -849,7 +851,7 @@ static void test_ActiveXObject(void)
    IDispatchEx_Release(proc);
    IUnknown_Release(parser);

-    parser = create_script(FALSE);
+    parser = create_script(FALSE, TRUE);
    proc = parse_procedure_a(parser, "(new ActiveXObject('Wine.Test')).reportSuccess();");

    SET_EXPECT(Host_QS_SecMgr);
@@ -871,7 +873,7 @@ static void test_ActiveXObject(void)
    IDispatchEx_Release(proc);
    IUnknown_Release(parser);

-    parser = create_script(FALSE);
+    parser = create_script(FALSE, TRUE);
    QS_SecMgr_hres = E_NOINTERFACE;

    SET_EXPECT(Host_QS_SecMgr);
@@ -880,7 +882,7 @@ static void test_ActiveXObject(void)

    IUnknown_Release(parser);

-    parser = create_script(FALSE);
+    parser = create_script(FALSE, TRUE);
    ProcessUrlAction_hres = E_FAIL;

    SET_EXPECT(Host_QS_SecMgr);
@@ -891,7 +893,7 @@ static void test_ActiveXObject(void)

    IUnknown_Release(parser);

-    parser = create_script(FALSE);
+    parser = create_script(FALSE, TRUE);
    ProcessUrlAction_policy = URLPOLICY_DISALLOW;

    SET_EXPECT(Host_QS_SecMgr);
@@ -902,7 +904,7 @@ static void test_ActiveXObject(void)

    IUnknown_Release(parser);

-    parser = create_script(FALSE);
+    parser = create_script(FALSE, TRUE);
    CreateInstance_hres = E_FAIL;

    SET_EXPECT(Host_QS_SecMgr);
@@ -915,7 +917,7 @@ static void test_ActiveXObject(void)

    IUnknown_Release(parser);

-    parser = create_script(FALSE);
+    parser = create_script(FALSE, TRUE);
    QueryCustomPolicy_hres = E_FAIL;

    SET_EXPECT(Host_QS_SecMgr);
@@ -930,7 +932,7 @@ static void test_ActiveXObject(void)

    IUnknown_Release(parser);

-    parser = create_script(FALSE);
+    parser = create_script(FALSE, TRUE);
    QueryCustomPolicy_psize = 6;

    SET_EXPECT(Host_QS_SecMgr);
@@ -949,7 +951,7 @@ static void test_ActiveXObject(void)

    IUnknown_Release(parser);

-    parser = create_script(FALSE);
+    parser = create_script(FALSE, TRUE);
    QueryCustomPolicy_policy = URLPOLICY_DISALLOW;

    SET_EXPECT(Host_QS_SecMgr);
@@ -985,7 +987,19 @@ static void test_ActiveXObject(void)

    IUnknown_Release(parser);

-    parser = create_script(FALSE);
+    parser = create_script(FALSE, FALSE);
+
+    SET_EXPECT(CreateInstance);
+    SET_EXPECT(QI_IObjectWithSite);
+    SET_EXPECT(reportSuccess);
+    parse_script_a(parser, "(new ActiveXObject('Wine.Test')).reportSuccess();");
+    CHECK_CALLED(CreateInstance);
+    CHECK_CALLED(QI_IObjectWithSite);
+    CHECK_CALLED(reportSuccess);
+
+    IUnknown_Release(parser);
+
+    parser = create_script(FALSE, TRUE);
    object_with_site = &ObjectWithSite;

    SET_EXPECT(Host_QS_SecMgr);
@@ -1071,7 +1085,7 @@ static BOOL check_jscript(void)
    BSTR str;
    HRESULT hres;

-    parser = create_script(TRUE);
+    parser = create_script(TRUE, TRUE);
    if(!parser)
        return FALSE;