Commit f793d2cf authored by Piotr Caban's avatar Piotr Caban Committed by Alexandre Julliard

jscript: Added more safety options flags handling to create_activex_object.

parent 63a05db4
...@@ -58,7 +58,7 @@ static IInternetHostSecurityManager *get_sec_mgr(script_ctx_t *ctx) ...@@ -58,7 +58,7 @@ static IInternetHostSecurityManager *get_sec_mgr(script_ctx_t *ctx)
static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid) static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid)
{ {
IInternetHostSecurityManager *secmgr; IInternetHostSecurityManager *secmgr = NULL;
IObjectWithSite *obj_site; IObjectWithSite *obj_site;
struct CONFIRMSAFETY cs; struct CONFIRMSAFETY cs;
IClassFactoryEx *cfex; IClassFactoryEx *cfex;
...@@ -76,15 +76,17 @@ static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid) ...@@ -76,15 +76,17 @@ static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid)
TRACE("GUID %s\n", debugstr_guid(&guid)); TRACE("GUID %s\n", debugstr_guid(&guid));
secmgr = get_sec_mgr(ctx); if(ctx->safeopt & INTERFACE_USES_SECURITY_MANAGER) {
if(!secmgr) secmgr = get_sec_mgr(ctx);
return NULL; if(!secmgr)
return NULL;
policy = 0; policy = 0;
hres = IInternetHostSecurityManager_ProcessUrlAction(secmgr, URLACTION_ACTIVEX_RUN, (BYTE*)&policy, sizeof(policy), hres = IInternetHostSecurityManager_ProcessUrlAction(secmgr, URLACTION_ACTIVEX_RUN,
(BYTE*)&guid, sizeof(GUID), 0, 0); (BYTE*)&policy, sizeof(policy), (BYTE*)&guid, sizeof(GUID), 0, 0);
if(FAILED(hres) || policy != URLPOLICY_ALLOW) if(FAILED(hres) || policy != URLPOLICY_ALLOW)
return NULL; return NULL;
}
hres = CoGetClassObject(&guid, CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER, NULL, &IID_IClassFactory, (void**)&cf); hres = CoGetClassObject(&guid, CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER, NULL, &IID_IClassFactory, (void**)&cf);
if(FAILED(hres)) if(FAILED(hres))
...@@ -100,19 +102,21 @@ static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid) ...@@ -100,19 +102,21 @@ static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid)
if(FAILED(hres)) if(FAILED(hres))
return NULL; return NULL;
cs.clsid = guid; if(secmgr) {
cs.pUnk = obj; cs.clsid = guid;
cs.dwFlags = 0; cs.pUnk = obj;
hres = IInternetHostSecurityManager_QueryCustomPolicy(secmgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY, &bpolicy, &policy_size, cs.dwFlags = 0;
(BYTE*)&cs, sizeof(cs), 0); hres = IInternetHostSecurityManager_QueryCustomPolicy(secmgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY,
if(SUCCEEDED(hres)) { &bpolicy, &policy_size, (BYTE*)&cs, sizeof(cs), 0);
policy = policy_size >= sizeof(DWORD) ? *(DWORD*)bpolicy : URLPOLICY_DISALLOW; if(SUCCEEDED(hres)) {
CoTaskMemFree(bpolicy); policy = policy_size >= sizeof(DWORD) ? *(DWORD*)bpolicy : URLPOLICY_DISALLOW;
} CoTaskMemFree(bpolicy);
}
if(FAILED(hres) || policy != URLPOLICY_ALLOW) { if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
IUnknown_Release(obj); IUnknown_Release(obj);
return NULL; return NULL;
}
} }
hres = IUnknown_QueryInterface(obj, &IID_IObjectWithSite, (void**)&obj_site); hres = IUnknown_QueryInterface(obj, &IID_IObjectWithSite, (void**)&obj_site);
...@@ -150,7 +154,8 @@ static HRESULT ActiveXObject_value(script_ctx_t *ctx, vdisp_t *jsthis, WORD flag ...@@ -150,7 +154,8 @@ static HRESULT ActiveXObject_value(script_ctx_t *ctx, vdisp_t *jsthis, WORD flag
return E_NOTIMPL; return E_NOTIMPL;
} }
if(ctx->safeopt != (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER)) { if(ctx->safeopt != (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER)
&& ctx->safeopt != INTERFACE_USES_DISPEX) {
FIXME("Unsupported safeopt %x\n", ctx->safeopt); FIXME("Unsupported safeopt %x\n", ctx->safeopt);
return E_NOTIMPL; return E_NOTIMPL;
} }
......
...@@ -188,8 +188,8 @@ static HRESULT WINAPI DispatchEx_QueryInterface(IDispatchEx *iface, REFIID riid, ...@@ -188,8 +188,8 @@ static HRESULT WINAPI DispatchEx_QueryInterface(IDispatchEx *iface, REFIID riid,
}else if(IsEqualGUID(&IID_IObjectWithSite, riid)) { }else if(IsEqualGUID(&IID_IObjectWithSite, riid)) {
CHECK_EXPECT(QI_IObjectWithSite); CHECK_EXPECT(QI_IObjectWithSite);
*ppv = object_with_site; *ppv = object_with_site;
}else { }else if(IsEqualGUID(&IID_IObjectSafety, riid)) {
return E_NOINTERFACE; ok(0, "Unexpected IID_IObjectSafety query\n");
} }
return *ppv ? S_OK : E_NOINTERFACE; return *ppv ? S_OK : E_NOINTERFACE;
...@@ -662,10 +662,10 @@ static const IActiveScriptSiteVtbl ActiveScriptSiteVtbl = { ...@@ -662,10 +662,10 @@ static const IActiveScriptSiteVtbl ActiveScriptSiteVtbl = {
static IActiveScriptSite ActiveScriptSite = { &ActiveScriptSiteVtbl }; static IActiveScriptSite ActiveScriptSite = { &ActiveScriptSiteVtbl };
static void set_safety_options(IUnknown *unk) static void set_safety_options(IUnknown *unk, BOOL use_sec_mgr)
{ {
IObjectSafety *safety; IObjectSafety *safety;
DWORD supported, enabled; DWORD supported, enabled, options_all, options_set;
HRESULT hres; HRESULT hres;
hres = IUnknown_QueryInterface(unk, &IID_IObjectSafety, (void**)&safety); hres = IUnknown_QueryInterface(unk, &IID_IObjectSafety, (void**)&safety);
...@@ -673,18 +673,20 @@ static void set_safety_options(IUnknown *unk) ...@@ -673,18 +673,20 @@ static void set_safety_options(IUnknown *unk)
if(FAILED(hres)) if(FAILED(hres))
return; return;
hres = IObjectSafety_SetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse, options_all = INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER;
INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER, if(use_sec_mgr)
INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER); options_set = options_all;
else
options_set = INTERFACE_USES_DISPEX;
hres = IObjectSafety_SetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse, options_all, options_set);
ok(hres == S_OK, "SetInterfaceSafetyOptions failed: %08x\n", hres); ok(hres == S_OK, "SetInterfaceSafetyOptions failed: %08x\n", hres);
supported = enabled = 0xdeadbeef; supported = enabled = 0xdeadbeef;
hres = IObjectSafety_GetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse, &supported, &enabled); hres = IObjectSafety_GetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse, &supported, &enabled);
ok(hres == S_OK, "GetInterfaceSafetyOptions failed: %08x\n", hres); ok(hres == S_OK, "GetInterfaceSafetyOptions failed: %08x\n", hres);
ok(supported == (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER), ok(supported == options_all, "supported=%x, expected %x\n", supported, options_all);
"supported=%x\n", supported); ok(enabled == options_set, "enabled=%x, expected %x\n", enabled, options_set);
ok(enabled == (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER),
"enabled=%x\n", enabled);
IObjectSafety_Release(safety); IObjectSafety_Release(safety);
} }
...@@ -701,7 +703,7 @@ static void _parse_script_a(unsigned line, IActiveScriptParse *parser, const cha ...@@ -701,7 +703,7 @@ static void _parse_script_a(unsigned line, IActiveScriptParse *parser, const cha
ok_(__FILE__,line)(hres == S_OK, "ParseScriptText failed: %08x\n", hres); ok_(__FILE__,line)(hres == S_OK, "ParseScriptText failed: %08x\n", hres);
} }
static IActiveScriptParse *create_script(BOOL skip_tests) static IActiveScriptParse *create_script(BOOL skip_tests, BOOL use_sec_mgr)
{ {
IActiveScriptParse *parser; IActiveScriptParse *parser;
IActiveScript *script; IActiveScript *script;
...@@ -725,7 +727,7 @@ static IActiveScriptParse *create_script(BOOL skip_tests) ...@@ -725,7 +727,7 @@ static IActiveScriptParse *create_script(BOOL skip_tests)
return NULL; return NULL;
if(!skip_tests) if(!skip_tests)
set_safety_options((IUnknown*)script); set_safety_options((IUnknown*)script, use_sec_mgr);
hres = IActiveScript_QueryInterface(script, &IID_IActiveScriptParse, (void**)&parser); hres = IActiveScript_QueryInterface(script, &IID_IActiveScriptParse, (void**)&parser);
ok(hres == S_OK, "Could not get IActiveScriptParse: %08x\n", hres); ok(hres == S_OK, "Could not get IActiveScriptParse: %08x\n", hres);
...@@ -804,7 +806,7 @@ static void test_ActiveXObject(void) ...@@ -804,7 +806,7 @@ static void test_ActiveXObject(void)
IActiveScriptParse *parser; IActiveScriptParse *parser;
IDispatchEx *proc; IDispatchEx *proc;
parser = create_script(FALSE); parser = create_script(FALSE, TRUE);
SET_EXPECT(Host_QS_SecMgr); SET_EXPECT(Host_QS_SecMgr);
SET_EXPECT(ProcessUrlAction); SET_EXPECT(ProcessUrlAction);
...@@ -849,7 +851,7 @@ static void test_ActiveXObject(void) ...@@ -849,7 +851,7 @@ static void test_ActiveXObject(void)
IDispatchEx_Release(proc); IDispatchEx_Release(proc);
IUnknown_Release(parser); IUnknown_Release(parser);
parser = create_script(FALSE); parser = create_script(FALSE, TRUE);
proc = parse_procedure_a(parser, "(new ActiveXObject('Wine.Test')).reportSuccess();"); proc = parse_procedure_a(parser, "(new ActiveXObject('Wine.Test')).reportSuccess();");
SET_EXPECT(Host_QS_SecMgr); SET_EXPECT(Host_QS_SecMgr);
...@@ -871,7 +873,7 @@ static void test_ActiveXObject(void) ...@@ -871,7 +873,7 @@ static void test_ActiveXObject(void)
IDispatchEx_Release(proc); IDispatchEx_Release(proc);
IUnknown_Release(parser); IUnknown_Release(parser);
parser = create_script(FALSE); parser = create_script(FALSE, TRUE);
QS_SecMgr_hres = E_NOINTERFACE; QS_SecMgr_hres = E_NOINTERFACE;
SET_EXPECT(Host_QS_SecMgr); SET_EXPECT(Host_QS_SecMgr);
...@@ -880,7 +882,7 @@ static void test_ActiveXObject(void) ...@@ -880,7 +882,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser); IUnknown_Release(parser);
parser = create_script(FALSE); parser = create_script(FALSE, TRUE);
ProcessUrlAction_hres = E_FAIL; ProcessUrlAction_hres = E_FAIL;
SET_EXPECT(Host_QS_SecMgr); SET_EXPECT(Host_QS_SecMgr);
...@@ -891,7 +893,7 @@ static void test_ActiveXObject(void) ...@@ -891,7 +893,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser); IUnknown_Release(parser);
parser = create_script(FALSE); parser = create_script(FALSE, TRUE);
ProcessUrlAction_policy = URLPOLICY_DISALLOW; ProcessUrlAction_policy = URLPOLICY_DISALLOW;
SET_EXPECT(Host_QS_SecMgr); SET_EXPECT(Host_QS_SecMgr);
...@@ -902,7 +904,7 @@ static void test_ActiveXObject(void) ...@@ -902,7 +904,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser); IUnknown_Release(parser);
parser = create_script(FALSE); parser = create_script(FALSE, TRUE);
CreateInstance_hres = E_FAIL; CreateInstance_hres = E_FAIL;
SET_EXPECT(Host_QS_SecMgr); SET_EXPECT(Host_QS_SecMgr);
...@@ -915,7 +917,7 @@ static void test_ActiveXObject(void) ...@@ -915,7 +917,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser); IUnknown_Release(parser);
parser = create_script(FALSE); parser = create_script(FALSE, TRUE);
QueryCustomPolicy_hres = E_FAIL; QueryCustomPolicy_hres = E_FAIL;
SET_EXPECT(Host_QS_SecMgr); SET_EXPECT(Host_QS_SecMgr);
...@@ -930,7 +932,7 @@ static void test_ActiveXObject(void) ...@@ -930,7 +932,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser); IUnknown_Release(parser);
parser = create_script(FALSE); parser = create_script(FALSE, TRUE);
QueryCustomPolicy_psize = 6; QueryCustomPolicy_psize = 6;
SET_EXPECT(Host_QS_SecMgr); SET_EXPECT(Host_QS_SecMgr);
...@@ -949,7 +951,7 @@ static void test_ActiveXObject(void) ...@@ -949,7 +951,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser); IUnknown_Release(parser);
parser = create_script(FALSE); parser = create_script(FALSE, TRUE);
QueryCustomPolicy_policy = URLPOLICY_DISALLOW; QueryCustomPolicy_policy = URLPOLICY_DISALLOW;
SET_EXPECT(Host_QS_SecMgr); SET_EXPECT(Host_QS_SecMgr);
...@@ -985,7 +987,19 @@ static void test_ActiveXObject(void) ...@@ -985,7 +987,19 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser); IUnknown_Release(parser);
parser = create_script(FALSE); parser = create_script(FALSE, FALSE);
SET_EXPECT(CreateInstance);
SET_EXPECT(QI_IObjectWithSite);
SET_EXPECT(reportSuccess);
parse_script_a(parser, "(new ActiveXObject('Wine.Test')).reportSuccess();");
CHECK_CALLED(CreateInstance);
CHECK_CALLED(QI_IObjectWithSite);
CHECK_CALLED(reportSuccess);
IUnknown_Release(parser);
parser = create_script(FALSE, TRUE);
object_with_site = &ObjectWithSite; object_with_site = &ObjectWithSite;
SET_EXPECT(Host_QS_SecMgr); SET_EXPECT(Host_QS_SecMgr);
...@@ -1071,7 +1085,7 @@ static BOOL check_jscript(void) ...@@ -1071,7 +1085,7 @@ static BOOL check_jscript(void)
BSTR str; BSTR str;
HRESULT hres; HRESULT hres;
parser = create_script(TRUE); parser = create_script(TRUE, TRUE);
if(!parser) if(!parser)
return FALSE; return FALSE;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment