Back to index

lightning-sunbird  0.9+nobinonly
Public Member Functions | Private Member Functions
CDefaultControlSiteSecurityPolicy Class Reference
Inheritance diagram for CDefaultControlSiteSecurityPolicy:
Inheritance graph
[legend]
Collaboration diagram for CDefaultControlSiteSecurityPolicy:
Collaboration graph
[legend]

List of all members.

Public Member Functions

virtual BOOL IsClassSafeToHost (const CLSID &clsid)
virtual BOOL IsClassMarkedSafeForScripting (const CLSID &clsid, BOOL &bClassExists)
virtual BOOL IsObjectSafeForScripting (IUnknown *pObject, const IID &iid)

Private Member Functions

BOOL ClassImplementsCategory (const CLSID &clsid, const CATID &catid, BOOL &bClassExists)

Detailed Description

Definition at line 47 of file ControlSite.cpp.


Member Function Documentation

BOOL CDefaultControlSiteSecurityPolicy::ClassImplementsCategory ( const CLSID &  clsid,
const CATID &  catid,
BOOL bClassExists 
) [private]

Definition at line 61 of file ControlSite.cpp.

{
    bClassExists = FALSE;

    // Test if there is a CLSID entry. If there isn't then obviously
    // the object doesn't exist and therefore doesn't implement any category.
    // In this situation, the function returns REGDB_E_CLASSNOTREG.

    CRegKey key;
    if (key.Open(HKEY_CLASSES_ROOT, _T("CLSID"), KEY_READ) != ERROR_SUCCESS)
    {
        // Must fail if we can't even open this!
        return FALSE;
    }
    LPOLESTR szCLSID = NULL;
    if (FAILED(StringFromCLSID(clsid, &szCLSID)))
    {
        return FALSE;
    }
    USES_CONVERSION;
    CRegKey keyCLSID;
    LONG lResult = keyCLSID.Open(key, W2CT(szCLSID), KEY_READ);
    CoTaskMemFree(szCLSID);
    if (lResult != ERROR_SUCCESS)
    {
        // Class doesn't exist
        return FALSE;
    }
    keyCLSID.Close();

    // CLSID exists, so try checking what categories it implements
    bClassExists = TRUE;
    CComQIPtr<ICatInformation> spCatInfo;
    HRESULT hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER, IID_ICatInformation, (LPVOID*) &spCatInfo);
    if (spCatInfo == NULL)
    {
        // Must fail if we can't open the category manager
        return FALSE;
    }
    
    // See what categories the class implements
    CComQIPtr<IEnumCATID> spEnumCATID;
    if (FAILED(spCatInfo->EnumImplCategoriesOfClass(clsid, &spEnumCATID)))
    {
        // Can't enumerate classes in category so fail
        return FALSE;
    }

    // Search for matching categories
    BOOL bFound = FALSE;
    CATID catidNext = GUID_NULL;
    while (spEnumCATID->Next(1, &catidNext, NULL) == S_OK)
    {
        if (::IsEqualCATID(catid, catidNext))
        {
            return TRUE;
        }
    }
    return FALSE;
}

Here is the caller graph for this function:

BOOL CDefaultControlSiteSecurityPolicy::IsClassMarkedSafeForScripting ( const CLSID &  clsid,
BOOL bClassExists 
) [virtual]

Implements CControlSiteSecurityPolicy.

Definition at line 129 of file ControlSite.cpp.

{
    // Test the category the object belongs to
    return ClassImplementsCategory(clsid, CATID_SafeForScripting, bClassExists);
}

Here is the call graph for this function:

Implements CControlSiteSecurityPolicy.

Definition at line 123 of file ControlSite.cpp.

{
    return TRUE;
}

Implements CControlSiteSecurityPolicy.

Definition at line 136 of file ControlSite.cpp.

{
    if (!pObject) {
        return FALSE;
    }
    // Ask the control if its safe for scripting
    CComQIPtr<IObjectSafety> spObjectSafety = pObject;
    if (!spObjectSafety)
    {
        return FALSE;
    }

    DWORD dwSupported = 0; // Supported options (mask)
    DWORD dwEnabled = 0; // Enabled options

    // Assume scripting via IDispatch
    if (FAILED(spObjectSafety->GetInterfaceSafetyOptions(
            iid, &dwSupported, &dwEnabled)))
    {
        // Interface is not safe or failure.
        return FALSE;
    }

    // Test if safe for scripting
    if (!(dwEnabled & dwSupported) & INTERFACESAFE_FOR_UNTRUSTED_CALLER)
    {
        // Object says it is not set to be safe, but supports unsafe calling,
        // try enabling it and asking again.

        if(!(dwSupported & INTERFACESAFE_FOR_UNTRUSTED_CALLER) ||
            FAILED(spObjectSafety->SetInterfaceSafetyOptions(
               iid, INTERFACESAFE_FOR_UNTRUSTED_CALLER, INTERFACESAFE_FOR_UNTRUSTED_CALLER)) ||
            FAILED(spObjectSafety->GetInterfaceSafetyOptions(
                iid, &dwSupported, &dwEnabled)) ||
            !(dwEnabled & dwSupported) & INTERFACESAFE_FOR_UNTRUSTED_CALLER)
        {
            return FALSE;
        }
    }

    return TRUE;
}

The documentation for this class was generated from the following file: