VC ActiveX实现安全接口

CActiveXCtrl.h 头文件

#pragma once

#include <objsafe.h> 

// CActiveXCtrl.h : CCActiveXCtrl ActiveX 控件类的声明。

// CCActiveXCtrl : 有关实现的信息，请参阅 CActiveXCtrl.cpp。



class CCActiveXCtrl : public COleControl
{
	DECLARE_DYNCREATE(CCActiveXCtrl)

// 构造函数
public:
	CCActiveXCtrl();

// 重写
public:
	virtual void OnDraw(CDC* pdc, const CRect& rcBounds, const CRect& rcInvalid);
	virtual void DoPropExchange(CPropExchange* pPX);
	virtual void OnResetState();

// 实现
protected:
	~CCActiveXCtrl();

	//去掉安全警告 BEGIN
	DECLARE_INTERFACE_MAP()
		BEGIN_INTERFACE_PART(ObjectSafety, IObjectSafety)
		STDMETHOD(GetInterfaceSafetyOptions)(REFIID riid, DWORD __RPC_FAR *pdwSupportedOptions, DWORD __RPC_FAR *pdwEnabledOptions);
		STDMETHOD(SetInterfaceSafetyOptions)(REFIID riid, DWORD dwOptionSetMask, DWORD dwEnabledOptions);
	END_INTERFACE_PART(ObjectSafety)
	//去掉安全警告 END

	DECLARE_OLECREATE_EX(CCActiveXCtrl)    // 类工厂和 guid
	DECLARE_OLETYPELIB(CCActiveXCtrl)      // GetTypeInfo
	DECLARE_PROPPAGEIDS(CCActiveXCtrl)     // 属性页 ID
	DECLARE_OLECTLTYPE(CCActiveXCtrl)		// 类型名称和杂项状态

// 消息映射
	DECLARE_MESSAGE_MAP()

// 调度映射
	DECLARE_DISPATCH_MAP()

// 事件映射
	DECLARE_EVENT_MAP()
	
};

CActiveXCtrl.Cpp文件

// CActiveXCtrl.cpp : CCActiveXCtrl ActiveX 控件类的实现。

#include "stdafx.h"
#include "CActiveXCtrl.h"


#ifdef _DEBUG
#define new DEBUG_NEW
#endif


IMPLEMENT_DYNCREATE(CCActiveXCtrl, COleControl)

//去掉安全警告 BEGIN
BEGIN_INTERFACE_MAP(CCActiveXCtrl, COleControl)
    INTERFACE_PART(CCActiveXCtrl, IID_IObjectSafety, ObjectSafety)
END_INTERFACE_MAP()

// Implementation of IObjectSafety
STDMETHODIMP CCActiveXCtrl::XObjectSafety::GetInterfaceSafetyOptions(
    REFIID riid,
    DWORD __RPC_FAR *pdwSupportedOptions,
    DWORD __RPC_FAR *pdwEnabledOptions)
{
    METHOD_PROLOGUE_EX(CCActiveXCtrl, ObjectSafety);
	if (!pdwSupportedOptions || !pdwEnabledOptions)
    {
		return E_POINTER;
	}
    *pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA;
    *pdwEnabledOptions = 0;
    if (NULL == pThis->GetInterface(&riid))
    {
		TRACE("Requested interface is not supported.\n");
        return E_NOINTERFACE;
	}
    // What interface is being checked out anyhow?
    OLECHAR szGUID[39];
    int i = StringFromGUID2(riid, szGUID, 39);
    if (riid == IID_IDispatch)
    {
		// Client wants to know if object is safe for scripting
        *pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
        return S_OK;
	}
	else if (riid == IID_IPersistPropertyBag
            || riid == IID_IPersistStreamInit
            || riid == IID_IPersistStorage
            || riid == IID_IPersistMemory)
    {
        // Those are the persistence interfaces COleControl derived controls support
		// as indicated in AFXCTL.H
        // Client wants to know if object is safe for initializing from persistent data
        *pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_DATA;
        return S_OK;
	}
    else
    {
		// Find out what interface this is, and decide what options to enable
        TRACE("We didn't account for the safety of this interface, and it's one we support\n");
        return E_NOINTERFACE;
	}
}

STDMETHODIMP CCActiveXCtrl::XObjectSafety::SetInterfaceSafetyOptions(
    REFIID riid,
    DWORD dwOptionSetMask,
    DWORD dwEnabledOptions)
{
	METHOD_PROLOGUE_EX(CCActiveXCtrl, ObjectSafety);
    OLECHAR szGUID[39];
    // What is this interface anyway?
    // We can do a quick lookup in the registry under HKEY_CLASSES_ROOT\Interface
    int i = StringFromGUID2(riid, szGUID, 39);
    if (0 == dwOptionSetMask && 0 == dwEnabledOptions)
    {
        // the control certainly supports NO requests through the specified interface
        // so it"s safe to return S_OK even if the interface isn"t supported.
        return S_OK;
    }

    // Do we support the specified interface?
    if (NULL == pThis->GetInterface(&riid))
    {
        TRACE1("%s is not support.\n", szGUID);
        return E_FAIL;
    }

    if (riid == IID_IDispatch)
    {
        TRACE("Client asking if it's safe to call through IDispatch.\n");
            TRACE("In other words, is the control safe for scripting?\n");
        if (INTERFACESAFE_FOR_UNTRUSTED_CALLER == dwOptionSetMask && INTERFACESAFE_FOR_UNTRUSTED_CALLER == dwEnabledOptions)
        {
            return S_OK;
        }
        else
        {
            return E_FAIL;
        }
    }
    else if (riid == IID_IPersistPropertyBag
        || riid == IID_IPersistStreamInit
        || riid == IID_IPersistStorage
        || riid == IID_IPersistMemory)
    {
        TRACE("Client asking if it's safe to call through IPersist*.\n");
            TRACE("In other words, is the control safe for initializing from persistent data?\n");
        if (INTERFACESAFE_FOR_UNTRUSTED_DATA == dwOptionSetMask && INTERFACESAFE_FOR_UNTRUSTED_DATA == dwEnabledOptions)
        {
            return NOERROR;
        }
        else
        {
            return E_FAIL;
        }
    }
    else
    {
        TRACE1("We didn\"t account for the safety of %s, and it\"s one we support\n", szGUID);
        return E_FAIL;
    }
}

STDMETHODIMP_(ULONG) CCActiveXCtrl::XObjectSafety::AddRef()
{
    METHOD_PROLOGUE_EX_(CCActiveXCtrl, ObjectSafety)
	return (ULONG)pThis->ExternalAddRef();
}

STDMETHODIMP_(ULONG) CCActiveXCtrl::XObjectSafety::Release()
{
    METHOD_PROLOGUE_EX_(CCActiveXCtrl, ObjectSafety)
    return (ULONG)pThis->ExternalRelease();
}

STDMETHODIMP CCActiveXCtrl::XObjectSafety::QueryInterface(REFIID iid, LPVOID* ppvObj)
{
	METHOD_PROLOGUE_EX_(CCActiveXCtrl, ObjectSafety)
    return (HRESULT)pThis->ExternalQueryInterface(&iid, ppvObj);
}
//去掉安全警告 END