Piotr Caban : jscript: Added more safety options flags handling to create_activex_object.
Module: wine Branch: master Commit: f793d2cf049b38d81addc3fdc91cf6dcb3e8f776 URL: http://source.winehq.org/git/wine.git/?a=commit;h=f793d2cf049b38d81addc3fdc9...
Author: Piotr Caban piotr@codeweavers.com Date: Thu Oct 14 23:55:38 2010 +0200
jscript: Added more safety options flags handling to create_activex_object.
---
dlls/jscript/activex.c | 49 ++++++++++++++++++--------------- dlls/jscript/tests/activex.c | 62 +++++++++++++++++++++++++---------------- 2 files changed, 65 insertions(+), 46 deletions(-)
diff --git a/dlls/jscript/activex.c b/dlls/jscript/activex.c index b532bd4..07a9dcc 100644 --- a/dlls/jscript/activex.c +++ b/dlls/jscript/activex.c @@ -58,7 +58,7 @@ static IInternetHostSecurityManager *get_sec_mgr(script_ctx_t *ctx)
static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid) { - IInternetHostSecurityManager *secmgr; + IInternetHostSecurityManager *secmgr = NULL; IObjectWithSite *obj_site; struct CONFIRMSAFETY cs; IClassFactoryEx *cfex; @@ -76,15 +76,17 @@ static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid)
TRACE("GUID %s\n", debugstr_guid(&guid));
- secmgr = get_sec_mgr(ctx); - if(!secmgr) - return NULL; + if(ctx->safeopt & INTERFACE_USES_SECURITY_MANAGER) { + secmgr = get_sec_mgr(ctx); + if(!secmgr) + return NULL;
- policy = 0; - hres = IInternetHostSecurityManager_ProcessUrlAction(secmgr, URLACTION_ACTIVEX_RUN, (BYTE*)&policy, sizeof(policy), - (BYTE*)&guid, sizeof(GUID), 0, 0); - if(FAILED(hres) || policy != URLPOLICY_ALLOW) - return NULL; + policy = 0; + hres = IInternetHostSecurityManager_ProcessUrlAction(secmgr, URLACTION_ACTIVEX_RUN, + (BYTE*)&policy, sizeof(policy), (BYTE*)&guid, sizeof(GUID), 0, 0); + if(FAILED(hres) || policy != URLPOLICY_ALLOW) + return NULL; + }
hres = CoGetClassObject(&guid, CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER, NULL, &IID_IClassFactory, (void**)&cf); if(FAILED(hres)) @@ -100,19 +102,21 @@ static IUnknown *create_activex_object(script_ctx_t *ctx, const WCHAR *progid) if(FAILED(hres)) return NULL;
- cs.clsid = guid; - cs.pUnk = obj; - cs.dwFlags = 0; - hres = IInternetHostSecurityManager_QueryCustomPolicy(secmgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY, &bpolicy, &policy_size, - (BYTE*)&cs, sizeof(cs), 0); - if(SUCCEEDED(hres)) { - policy = policy_size >= sizeof(DWORD) ? *(DWORD*)bpolicy : URLPOLICY_DISALLOW; - CoTaskMemFree(bpolicy); - } + if(secmgr) { + cs.clsid = guid; + cs.pUnk = obj; + cs.dwFlags = 0; + hres = IInternetHostSecurityManager_QueryCustomPolicy(secmgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY, + &bpolicy, &policy_size, (BYTE*)&cs, sizeof(cs), 0); + if(SUCCEEDED(hres)) { + policy = policy_size >= sizeof(DWORD) ? *(DWORD*)bpolicy : URLPOLICY_DISALLOW; + CoTaskMemFree(bpolicy); + }
- if(FAILED(hres) || policy != URLPOLICY_ALLOW) { - IUnknown_Release(obj); - return NULL; + if(FAILED(hres) || policy != URLPOLICY_ALLOW) { + IUnknown_Release(obj); + return NULL; + } }
hres = IUnknown_QueryInterface(obj, &IID_IObjectWithSite, (void**)&obj_site); @@ -150,7 +154,8 @@ static HRESULT ActiveXObject_value(script_ctx_t *ctx, vdisp_t *jsthis, WORD flag return E_NOTIMPL; }
- if(ctx->safeopt != (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER)) { + if(ctx->safeopt != (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER) + && ctx->safeopt != INTERFACE_USES_DISPEX) { FIXME("Unsupported safeopt %x\n", ctx->safeopt); return E_NOTIMPL; } diff --git a/dlls/jscript/tests/activex.c b/dlls/jscript/tests/activex.c index faf73d3..c6080b0 100644 --- a/dlls/jscript/tests/activex.c +++ b/dlls/jscript/tests/activex.c @@ -188,8 +188,8 @@ static HRESULT WINAPI DispatchEx_QueryInterface(IDispatchEx *iface, REFIID riid, }else if(IsEqualGUID(&IID_IObjectWithSite, riid)) { CHECK_EXPECT(QI_IObjectWithSite); *ppv = object_with_site; - }else { - return E_NOINTERFACE; + }else if(IsEqualGUID(&IID_IObjectSafety, riid)) { + ok(0, "Unexpected IID_IObjectSafety query\n"); }
return *ppv ? S_OK : E_NOINTERFACE; @@ -662,10 +662,10 @@ static const IActiveScriptSiteVtbl ActiveScriptSiteVtbl = {
static IActiveScriptSite ActiveScriptSite = { &ActiveScriptSiteVtbl };
-static void set_safety_options(IUnknown *unk) +static void set_safety_options(IUnknown *unk, BOOL use_sec_mgr) { IObjectSafety *safety; - DWORD supported, enabled; + DWORD supported, enabled, options_all, options_set; HRESULT hres;
hres = IUnknown_QueryInterface(unk, &IID_IObjectSafety, (void**)&safety); @@ -673,18 +673,20 @@ static void set_safety_options(IUnknown *unk) if(FAILED(hres)) return;
- hres = IObjectSafety_SetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse, - INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER, - INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER); + options_all = INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER; + if(use_sec_mgr) + options_set = options_all; + else + options_set = INTERFACE_USES_DISPEX; + + hres = IObjectSafety_SetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse, options_all, options_set); ok(hres == S_OK, "SetInterfaceSafetyOptions failed: %08x\n", hres);
supported = enabled = 0xdeadbeef; hres = IObjectSafety_GetInterfaceSafetyOptions(safety, &IID_IActiveScriptParse, &supported, &enabled); ok(hres == S_OK, "GetInterfaceSafetyOptions failed: %08x\n", hres); - ok(supported == (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER), - "supported=%x\n", supported); - ok(enabled == (INTERFACESAFE_FOR_UNTRUSTED_DATA|INTERFACE_USES_DISPEX|INTERFACE_USES_SECURITY_MANAGER), - "enabled=%x\n", enabled); + ok(supported == options_all, "supported=%x, expected %x\n", supported, options_all); + ok(enabled == options_set, "enabled=%x, expected %x\n", enabled, options_set);
IObjectSafety_Release(safety); } @@ -701,7 +703,7 @@ static void _parse_script_a(unsigned line, IActiveScriptParse *parser, const cha ok_(__FILE__,line)(hres == S_OK, "ParseScriptText failed: %08x\n", hres); }
-static IActiveScriptParse *create_script(BOOL skip_tests) +static IActiveScriptParse *create_script(BOOL skip_tests, BOOL use_sec_mgr) { IActiveScriptParse *parser; IActiveScript *script; @@ -725,7 +727,7 @@ static IActiveScriptParse *create_script(BOOL skip_tests) return NULL;
if(!skip_tests) - set_safety_options((IUnknown*)script); + set_safety_options((IUnknown*)script, use_sec_mgr);
hres = IActiveScript_QueryInterface(script, &IID_IActiveScriptParse, (void**)&parser); ok(hres == S_OK, "Could not get IActiveScriptParse: %08x\n", hres); @@ -804,7 +806,7 @@ static void test_ActiveXObject(void) IActiveScriptParse *parser; IDispatchEx *proc;
- parser = create_script(FALSE); + parser = create_script(FALSE, TRUE);
SET_EXPECT(Host_QS_SecMgr); SET_EXPECT(ProcessUrlAction); @@ -849,7 +851,7 @@ static void test_ActiveXObject(void) IDispatchEx_Release(proc); IUnknown_Release(parser);
- parser = create_script(FALSE); + parser = create_script(FALSE, TRUE); proc = parse_procedure_a(parser, "(new ActiveXObject('Wine.Test')).reportSuccess();");
SET_EXPECT(Host_QS_SecMgr); @@ -871,7 +873,7 @@ static void test_ActiveXObject(void) IDispatchEx_Release(proc); IUnknown_Release(parser);
- parser = create_script(FALSE); + parser = create_script(FALSE, TRUE); QS_SecMgr_hres = E_NOINTERFACE;
SET_EXPECT(Host_QS_SecMgr); @@ -880,7 +882,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
- parser = create_script(FALSE); + parser = create_script(FALSE, TRUE); ProcessUrlAction_hres = E_FAIL;
SET_EXPECT(Host_QS_SecMgr); @@ -891,7 +893,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
- parser = create_script(FALSE); + parser = create_script(FALSE, TRUE); ProcessUrlAction_policy = URLPOLICY_DISALLOW;
SET_EXPECT(Host_QS_SecMgr); @@ -902,7 +904,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
- parser = create_script(FALSE); + parser = create_script(FALSE, TRUE); CreateInstance_hres = E_FAIL;
SET_EXPECT(Host_QS_SecMgr); @@ -915,7 +917,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
- parser = create_script(FALSE); + parser = create_script(FALSE, TRUE); QueryCustomPolicy_hres = E_FAIL;
SET_EXPECT(Host_QS_SecMgr); @@ -930,7 +932,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
- parser = create_script(FALSE); + parser = create_script(FALSE, TRUE); QueryCustomPolicy_psize = 6;
SET_EXPECT(Host_QS_SecMgr); @@ -949,7 +951,7 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
- parser = create_script(FALSE); + parser = create_script(FALSE, TRUE); QueryCustomPolicy_policy = URLPOLICY_DISALLOW;
SET_EXPECT(Host_QS_SecMgr); @@ -985,7 +987,19 @@ static void test_ActiveXObject(void)
IUnknown_Release(parser);
- parser = create_script(FALSE); + parser = create_script(FALSE, FALSE); + + SET_EXPECT(CreateInstance); + SET_EXPECT(QI_IObjectWithSite); + SET_EXPECT(reportSuccess); + parse_script_a(parser, "(new ActiveXObject('Wine.Test')).reportSuccess();"); + CHECK_CALLED(CreateInstance); + CHECK_CALLED(QI_IObjectWithSite); + CHECK_CALLED(reportSuccess); + + IUnknown_Release(parser); + + parser = create_script(FALSE, TRUE); object_with_site = &ObjectWithSite;
SET_EXPECT(Host_QS_SecMgr); @@ -1071,7 +1085,7 @@ static BOOL check_jscript(void) BSTR str; HRESULT hres;
- parser = create_script(TRUE); + parser = create_script(TRUE, TRUE); if(!parser) return FALSE;
-
Alexandre Julliard