Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-24 05:11:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

includes updates to codbase matching security checks currently turned off

Browse Source 
but in place.  redefined the script security manager in caps and it is
now generating codebase principals.
This commit is contained in:
arielb%netscape.com 1999-08-20 09:51:02 +00:00
parent 624deb671b
commit 1b252b2e3b
48 changed files with 2102 additions and 1888 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
caps/idl/nsICapsManager.idl
View File

@ -28,15 +28,18 @@ interface nsIScriptContext;
[uuid(7cb78236-47b0-11d3-ba17-0060b0f199a2)]
interface nsICapsManager : nsISupports {
void GetPrincipalManager(out nsIPrincipalManager prinMan);
void GetPrivilegeManager(out nsIPrivilegeManager privMan);
void CreateCodebasePrincipal([const] in string codebaseURL, out nsIPrincipal prin);
%{C++
/*
void GetPrincipalManager(out nsIPrincipalManager prinMan);
void GetPrivilegeManager(out nsIPrivilegeManager privMan);
void CreateCodebasePrincipal([const] in string codebaseURL, out nsIPrincipal prin);
NS_IMETHOD
CreateCertificatePrincipal(const unsigned char * * certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts, nsIPrincipal * * prin) = 0;
*/
%}
void GetPermission(in nsIPrincipal prin, in nsITarget target, out short privilegeState);

62
caps/idl/nsIPrincipal.idl
View File

@ -17,37 +17,55 @@
*/
/*defines interfaces for codebase and certificate principals*/
#include "nsISupports.idl"
interface nsIURI;
%{C++
struct JSPrincipals;
%}
[ptr] native JSPrincipals(JSPrincipals);
[uuid(ff9313d0-25e1-11d2-8160-006008119d7a)]
interface nsIPrincipal : nsISupports {
const short PrincipalType_Unknown=0;
const short PrincipalType_CodebaseExact=1;
const short PrincipalType_CodebaseRegex=2;
const short PrincipalType_Certificate=3;
const short PrincipalType_CertificateFingerPrint=4;
const short PrincipalType_CertificateKey=5;
const short PrincipalType_CertificateChain=6;
const short PrincipalType_Unknown=0;
const short PrincipalType_CodebaseExact=1;
const short PrincipalType_CodebaseRegex=2;
const short PrincipalType_Certificate=3;
const short PrincipalType_CertificateFingerPrint=4;
const short PrincipalType_CertificateKey=5;
const short PrincipalType_CertificateChain=6;
void GetType(out short type);
void IsSecure(out boolean result);
void ToString(out string result);
void HashCode(out unsigned long code);
void Equals(in nsIPrincipal other, out boolean result);
void ToJSPrincipal(out JSPrincipals jsprin);
void GetType(out short type);
void IsSecure(out boolean result);
void ToString(out string result);
void HashCode(out unsigned long code);
void Equals(in nsIPrincipal other, out boolean result);
};
[uuid(c29fe440-25e1-11d2-8160-006008119d7a)]
%{C++
#define NS_CODEBASEPRINCIPAL_PROGID "component://netscape/codebaseprincipal"
#define NS_CODEBASEPRINCIPAL_CLASSNAME "codebaseprincipal"
%}
[uuid(829fe440-25e1-11d2-8160-006008119d7a)]
interface nsICodebasePrincipal : nsIPrincipal {
void GetURL(out string ppCodeBaseURL);
void IsCodebaseExact(out boolean result);
void IsCodebaseRegex(out boolean result);
void GetURLString(out string ppCodeBaseURL);
void GetURL(out nsIURI url);
void IsCodebaseExact(out boolean result);
void IsCodebaseRegex(out boolean result);
};
%{C++
#define NS_CERTIFICATEPRINCIPAL_PROGID "component://netscape/codebaseprincipal"
#define NS_CERTIFICATEPRINCIPAL_CLASSNAME "codebaseprincipal"
%}
[uuid(ebfefcd0-25e1-11d2-8160-006008119d7a)]
interface nsICertificatePrincipal : nsIPrincipal {
void GetPublicKey(out string publicKey);
void GetCompanyName(out string ppCompanyName);
void GetCertificateAuthority(out string ppCertAuthority);
void GetSerialNumber(out string ppSerialNumber);
void GetExpirationDate(out string ppExpDate);
void GetFingerPrint(out string ppFingerPrint);
void GetPublicKey(out string publicKey);
void GetCompanyName(out string ppCompanyName);
void GetCertificateAuthority(out string ppCertAuthority);
void GetSerialNumber(out string ppSerialNumber);
void GetExpirationDate(out string ppExpDate);
void GetFingerPrint(out string ppFingerPrint);
};

7
caps/idl/nsIPrincipalArray.idl
View File

@ -39,4 +39,9 @@ interface nsIPrincipalArray : nsISupports
void SetPrincipalArrayElement(in unsigned long index, in nsIPrincipal principal);
void GetPrincipalArraySize(out unsigned long result);
};
};
%{C++
#define NS_PRINCIPALARRAY_PROGID "component://netscape/principalarray"
#define NS_PRINCIPALARRAY_CLASSNAME "principalarray"
%}

7
caps/idl/nsIPrincipalManager.idl
View File

@ -20,13 +20,13 @@
#include "nsIPrincipal.idl"
#include "nsITarget.idl"
#include "nsIPrincipalArray.idl"
interface nsIURI;
interface nsIScriptContext;
[uuid(dc7d0bb0-25e1-11d2-8160-006008119d7a)]
interface nsIPrincipalManager : nsISupports
{
void CreateCodebasePrincipal([const] in string codebaseURL, out nsIPrincipal prin);
void CreateCodebasePrincipal([const] in string codebaseURL, in nsIURI uri, out nsIPrincipal prin);
%{C++
NS_IMETHOD
@ -45,9 +45,6 @@ interface nsIPrincipalManager : nsISupports
};
%{C++
#define NS_PRINCIPALMANAGER_CID \
{ 0x7ee2a4c0, 0x4b91, 0x11d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
#define NS_PRINCIPALMANAGER_PROGID "component://netscape/principalmanager"
#define NS_PRINCIPALMANAGER_CLASSNAME "principalmanager"
%}

3
caps/idl/nsIPrivilegeManager.idl
View File

@ -46,9 +46,6 @@ interface nsIPrivilegeManager : nsISupports
};
%{C++
#define NS_PRIVILEGEMANAGER_CID \
{ 0x422e8544, 0x4b91, 0x11d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
#define NS_PRIVILEGEMANAGER_PROGID "component://netscape/privilegemanager"
#define NS_PRIVILEGEMANAGER_CLASSNAME "privilegemanager"
%}

28
caps/idl/nsIScriptSecurityManager.idl
View File

@ -16,11 +16,11 @@
* Reserved.
*/
#include "nsISupports.idl"
#include "nsIPrincipal.idl"
[ptr] native nsJSPrincipalsList(nsJSPrincipalsList);
[ptr] native JSContext(JSContext);
[ptr] native JSObject(JSObject);
[ptr] native JSPrincipals(JSPrincipals);
[ptr] native JSFunction(JSFunction);
[ptr] native jsval(jsval);
@ -31,6 +31,8 @@ interface nsIURI;
%{C++
struct nsJSPrincipalsList;
struct JSContext;
struct JSObject;
%}
[uuid(58df5780-8006-11d2-bd91-00805f8ae3f4)]
@ -41,7 +43,6 @@ interface nsIScriptSecurityManager : nsISupports
const short SCRIPT_SECURITY_SAME_DOMAIN_ACCESS = 1 << 1;
const short SCRIPT_SECURITY_SIGNED_ACCESS = 1 << 2;
const short eJSTarget_UniversalBrowserRead=0;
const short eJSTarget_UniversalBrowserWrite=1;
const short eJSTarget_UniversalSendMail=2;
@ -52,26 +53,29 @@ interface nsIScriptSecurityManager : nsISupports
const short eJSTarget_UniversalDialerAccess=7;
const short eJSTarget_Max=8;
void Init();
void NewJSPrincipals(in nsIURI aURL, in nsString aName, out nsIPrincipal aPrincipal);
void CheckScriptAccess(in nsIScriptContext cx, in voidStar obj, [const] in string prop, out boolean res);
void GetSubjectOriginURL(in JSContext cx, out nsString origin);
void GetObjectOriginURL(in JSContext cx, in JSObject obj, out nsString origin);
void GetPrincipalsFromStackFrame(in JSContext cx, out JSPrincipals prins);
void GetCompilationPrincipals(in nsIScriptContext cx, in nsIScriptGlobalObject go, in JSPrincipals prins, out JSPrincipals resultprins);
void CanAccessTarget(in JSContext cx, in short target, out boolean res);
void GetSubjectOriginURL(in JSContext cx, out string origin);
void GetObjectOriginURL(in JSContext cx, in JSObject obj, out string origin);
void CheckPermissions(in JSContext cx, in JSObject obj, in short target, out boolean res);
void GetContainerPrincipals(in JSContext cx, in JSObject container, out nsIPrincipal prin);
void CanAccessTarget(in JSContext cx, in short target, out boolean res);
void GetPrincipalsFromStackFrame(in JSContext cx, out JSPrincipals prins);
/*
void GetCompilationPrincipals(in nsIScriptContext cx, in nsIScriptGlobalObject go, in JSPrincipals prins, out JSPrincipals resultprins);
void CheckContainerAccess(in JSContext cx, in JSObject obj, in short target, out boolean res);
void GetContainerPrincipals(in JSContext cx, in JSObject container, out JSPrincipals prins);
void SetContainerPrincipals(in JSContext cx, in JSObject container, in JSPrincipals prins);
void CanCaptureEvent(in JSContext cx, in JSFunction func, in JSObject eventTarget, out boolean res);
void SetExternalCapture(in JSContext cx, in JSPrincipals prins, in boolean abool);
void CheckSetParentSlot(in JSContext cx, in JSObject obj, in jsval aVp, out boolean res);
void SetDocumentDomain(in JSContext cx, in JSPrincipals prins, in nsString aNewDomain, out boolean res);
void DestroyPrincipalsList(in JSContext cx, in nsJSPrincipalsList list);
void NewJSPrincipals(in nsIURI aURL, in nsString aName, in nsString aCodebase, out JSPrincipals aPrincipals);
void RegisterPrincipals(in nsIScriptContext aContext, in nsIScriptGlobalObject aGlobal, in JSPrincipals principals,
in nsString aName, in nsString aSrc, out JSPrincipals aPrincipals);
*/
};
%{C++
extern "C" NS_DOM nsresult NS_NewScriptSecurityManager(nsIScriptSecurityManager ** aInstancePtrResult);
%}
#define NS_SCRIPTSECURITYMANAGER_PROGID "component://netscape/scriptsecuritymanager"
#define NS_SCRIPTSECURITYMANAGER_CLASSNAME "scriptsecuritymanager"
%}

2
caps/include/MANIFEST
View File

@ -4,11 +4,13 @@ nsCaps.h
nsCCapsManager.h
nsCertificatePrincipal.h
nsCodebasePrincipal.h
nsJSPrincipals.h
nsPrincipalArray.h
nsPrincipalManager.h
nsPrivilege.h
nsPrivilegeManager.h
nsPrivilegeTable.h
nsScriptSecurityManager.h
nsSystemPrivilegeTable.h
nsTarget.h
nsUserDialogHelper.h

32
caps/include/Makefile.in
View File

@ -23,21 +23,23 @@ VPATH = @srcdir@
include $(DEPTH)/config/autoconf.mk
EXPORTS = \
admin.h \
jpermission.h \
nsCaps.h \
nsCCapsManager.h \
nsCertificatePrincipal.h \
nsCodebasePrincipal.h \
nsPrincipalArray.h \
nsPrincipalManager.h \
nsPrivilege.h \
nsPrivilegeManager.h \
nsPrivilegeTable.h \
nsSystemPrivilegeTable.h \
nsTarget.h \
nsUserDialogHelper.h \
EXPORTS = \
admin.h \
jpermission.h \
nsCaps.h \
nsCCapsManager.h \
nsCertificatePrincipal.h \
nsCodebasePrincipal.h \
nsJSPrincipals.h \
nsPrincipalArray.h \
nsPrincipalManager.h \
nsPrivilege.h \
nsPrivilegeManager.h \
nsPrivilegeTable.h \
nsScriptSecurityManager.h \
nsSystemPrivilegeTable.h \
nsTarget.h \
nsUserDialogHelper.h \
nsUserTarget.h

2
caps/include/makefile.win
View File

@ -35,11 +35,13 @@ EXPORTS= \
nsCCapsManager.h \
nsCertificatePrincipal.h \
nsCodebasePrincipal.h \
nsJSPrincipals.h \
nsPrincipalArray.h \
nsPrincipalManager.h \
nsPrivilege.h \
nsPrivilegeManager.h \
nsPrivilegeTable.h \
nsScriptSecurityManager.h \
nsSystemPrivilegeTable.h \
nsTarget.h \
nsUserDialogHelper.h \

11
caps/include/nsCertificatePrincipal.h
View File

@ -18,11 +18,19 @@
/*describes principals for use with signed scripts*/
#ifndef _NS_CERTIFICATE_PRINCIPAL_H_
#define _NS_CERTIFICATE_PRINCIPAL_H_
#include "jsapi.h"
#include "nsVector.h"
#include "nsIPrincipal.h"
#define NS_CERTIFICATEPRINCIPALMANAGER_CID \
{ 0x7ee2a4c0, 0x4b91, 0x11d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
class nsCertificatePrincipal : public nsICertificatePrincipal {
public:
NS_DEFINE_STATIC_CID_ACCESSOR(NS_CERTIFICATEPRINCIPALMANAGER_CID)
NS_DECL_ISUPPORTS
NS_IMETHOD
@ -43,6 +51,9 @@ public:
NS_IMETHOD
GetFingerPrint(char ** fp);
NS_IMETHOD
ToJSPrincipal(JSPrincipals * * jsprin);
NS_IMETHOD
GetType(PRInt16 * type);

63
caps/include/nsCodebasePrincipal.h
View File

@ -19,43 +19,64 @@
#ifndef _NS_CODEBASE_PRINCIPAL_H_
#define _NS_CODEBASE_PRINCIPAL_H_
#include "jsapi.h"
#include "nsIPrincipal.h"
#include "nsIURI.h"
#include "nsJSPrincipals.h"
#define NS_CODEBASEPRINCIPAL_CID \
{ 0x7ee2a400, 0x0b91, 0xaad3, \
{ 0xba, 0x18, 0xd7, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
class nsCodebasePrincipal : public nsICodebasePrincipal {
public:
NS_DECL_ISUPPORTS
NS_DEFINE_STATIC_CID_ACCESSOR(NS_CODEBASEPRINCIPAL_CID)
NS_IMETHOD
GetURL(char ** cburl);
NS_DECL_ISUPPORTS
NS_IMETHOD
IsCodebaseExact(PRBool * result);
nsCodebasePrincipal();
NS_IMETHOD
IsCodebaseRegex(PRBool * result);
NS_IMETHOD
Init(PRInt16 type, nsIURI * uri);
NS_IMETHOD
GetType(PRInt16 * type);
virtual ~nsCodebasePrincipal(void);
NS_IMETHOD
IsSecure(PRBool * result);
NS_IMETHOD
GetURLString(char ** cburl);
NS_IMETHOD
GetURL(nsIURI * * url);
NS_IMETHOD
ToString(char ** result);
NS_IMETHOD
IsCodebaseExact(PRBool * result);
NS_IMETHOD
HashCode(PRUint32 * code);
NS_IMETHOD
IsCodebaseRegex(PRBool * result);
NS_IMETHOD
Equals(nsIPrincipal * other, PRBool * result);
NS_IMETHOD
ToJSPrincipal(JSPrincipals * * jsprin);
NS_IMETHOD
GetType(PRInt16 * type);
nsCodebasePrincipal(PRInt16 type, const char *codebaseURL);
virtual ~nsCodebasePrincipal(void);
NS_IMETHOD
IsSecure(PRBool * result);
NS_IMETHOD
ToString(char ** result);
NS_IMETHOD
HashCode(PRUint32 * code);
NS_IMETHOD
Equals(nsIPrincipal * other, PRBool * result);
protected:
const char * itsCodeBaseURL;
PRInt16 itsType;
nsIURI * itsURL;
PRInt16 itsType;
nsJSPrincipals itsJSPrincipals;
};
#endif // _NS_CODEBASE_PRINCIPAL_H_

35
caps/include/nsJSPrincipals.h Normal file
View File

@ -0,0 +1,35 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All Rights
* Reserved.
*/
/* describes principals by their orginating uris*/
#ifndef _NS_JSPRINCIPALS_H_
#define _NS_JSPRINCIPALS_H_
#include "jsapi.h"
#include "nsIPrincipal.h"
struct nsJSPrincipals : JSPrincipals {
public:
nsJSPrincipals();
nsresult Init(nsIPrincipal * prin);
~nsJSPrincipals(void);
nsIPrincipal *nsIPrincipalPtr;
};
#endif /* _NS_JSPRINCIPALS_H_ */

4
caps/include/nsPrincipalArray.h
View File

@ -24,6 +24,10 @@
#include "nsVector.h"
#include "nsHashtable.h"
#define NS_PRINCIPALARRAY_CID \
{ 0x7ff2a4c0, 0x4bff, 0x17d3, \
{ 0xba, 0x18, 0x42, 0x60, 0xbb, 0xf1, 0x99, 0xa2 }}
NS_DEFINE_STATIC_CID_ACCESSOR(NS_PRINCIPALARRAY_CID)
class nsPrincipalArray : public nsIPrincipalArray {
public:

16
caps/include/nsPrincipalManager.h
View File

@ -22,19 +22,25 @@
#include "nsIPrincipalManager.h"
#include "nsHashtable.h"
#define NS_PRINCIPALMANAGER_CID \
{ 0x7ee2a4c0, 0x4b91, 0x11d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
class nsPrincipalManager : public nsIPrincipalManager {
public:
NS_DEFINE_STATIC_CID_ACCESSOR(NS_PRINCIPALMANAGER_CID)
NS_DECL_ISUPPORTS
static nsPrincipalManager *
GetPrincipalManager();
static nsresult
GetPrincipalManager(nsPrincipalManager * * prinMan);
virtual ~nsPrincipalManager(void);
NS_IMETHOD
CreateCodebasePrincipal(const char *codebaseURL, nsIPrincipal * * prin);
CreateCodebasePrincipal(const char *codebaseURL, nsIURI * url, nsIPrincipal * * prin);
NS_IMETHOD
CreateCertificatePrincipal(const unsigned char * * certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts, nsIPrincipal * * prin);
@ -95,7 +101,9 @@ public:
private:
nsPrincipalManager(void);
nsPrincipalManager(void);
NS_IMETHODIMP
Init();
nsHashtable * itsPrinNameToPrincipalTable;
};

6
caps/include/nsPrivilegeManager.h
View File

@ -35,6 +35,10 @@
#include "nsPrivilegeTable.h"
#include "nsSystemPrivilegeTable.h"
#define NS_PRIVILEGEMANAGER_CID \
{ 0x422e8544, 0x4b91, 0x11d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
extern PRBool nsCaps_lock(void);
extern void nsCaps_unlock(void);
@ -49,6 +53,8 @@ public:
nsHashtable * itsPrinToPrivTable;
nsHashtable * itsPrinToMacroTargetPrivTable;
NS_DEFINE_STATIC_CID_ACCESSOR(NS_PRIVILEGEMANAGER_CID)
NS_DECL_ISUPPORTS
static nsPrivilegeManager *

61
caps/include/nsScriptSecurityManager.h Normal file
View File

@ -0,0 +1,61 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-1999 Netscape Communications Corporation. All Rights
* Reserved.
*/
#ifndef _NS_SCRIPT_SECURITY_MANAGER_H_
#define _NS_SCRIPT_SECURITY_MANAGER_H_
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsIURI.h"
#include "jsapi.h"
#include "jsdbgapi.h"
#include "nsIScriptContext.h"
#define NS_SCRIPTSECURITYMANAGER_CID \
{ 0x7ee2a4c0, 0x4b93, 0x17d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
class nsScriptSecurityManager : public nsIScriptSecurityManager {
public:
nsScriptSecurityManager();
virtual ~nsScriptSecurityManager();
NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
NS_DECL_ISUPPORTS
static nsScriptSecurityManager *
GetScriptSecurityManager();
NS_IMETHOD CheckScriptAccess(nsIScriptContext* aContext, void* aObj, const char* aProp, PRBool* aResult);
NS_IMETHOD GetSubjectOriginURL(JSContext *aCx, char** aOrigin);
NS_IMETHOD GetObjectOriginURL(JSContext *aCx, JSObject *object, char** aOrigin);
NS_IMETHOD NewJSPrincipals(nsIURI *aURL, nsString* aName, nsIPrincipal * * aPrin);
NS_IMETHOD CheckPermissions(JSContext *aCx, JSObject *aObj, short target, PRBool* aReturn);
NS_IMETHOD GetContainerPrincipals(JSContext *aCx, JSObject *aContainer, nsIPrincipal * * result);
NS_IMETHOD GetPrincipalsFromStackFrame(JSContext *aCx, JSPrincipals** aPrincipals);
NS_IMETHOD CanAccessTarget(JSContext *aCx, PRInt16 target, PRBool* aReturn);
private:
char * GetCanonicalizedOrigin(JSContext *cx, const char* aUrlString);
NS_IMETHOD GetOriginFromSourceURL(nsIURI * origin, char * * result);
PRBool SameOrigins(JSContext *aCx, const char* aOrigin1, const char* aOrigin2);
PRInt32 CheckForPrivilege(JSContext *cx, char *prop_name, int priv_code);
char* FindOriginURL(JSContext *aCx, JSObject *aGlobal);
char* AddSecPolicyPrefix(JSContext *cx, char *pref_str);
char* GetSitePolicy(const char *org);
};
#endif /*_NS_SCRIPT_SECURITY_MANAGER_H_*/

1
caps/public/.cvsignore
View File

@ -1 +0,0 @@
Makefile

6
caps/src/Makefile.in
View File

@ -27,17 +27,19 @@ LIBRARY_NAME = caps
IS_COMPONENT = 1
CPPSRCS = \
CPPSRCS = \
admin.cpp \
nsCaps.cpp \
nsCCapsManager.cpp \
nsCertificatePrincipal.cpp \
nsCodebasePrincipal.cpp \
nsJSPrincipals.cpp \
nsPrincipalArray.cpp \
nsPrincipalManager.cpp \
nsPrivilege.cpp \
nsPrivilegeManager.cpp \
nsPrivilegeTable.cpp \
nsScriptSecurityManager.cpp \
nsSecurityManagerFactory.cpp \
nsSystemPrivilegeTable.cpp \
nsTarget.cpp \
@ -53,7 +55,7 @@ EXTRA_DSO_LDOPTS = \
$(NSPR_LIBS) \
$(NULL)
CSRCS = \
CSRCS = \
jpermission.c \
$(NULL)

10
caps/src/admin.cpp
View File

@ -41,14 +41,12 @@ extern "C" {
PR_PUBLIC_API(const char *)
java_netscape_security_getPrincipals(const char *charSetName)
{
const char * prins = nsPrincipalManager::GetPrincipalManager()->GetAllPrincipalsString();
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
const char * prins = prinMan->GetAllPrincipalsString();
PRBool test_admin_api = PR_FALSE;
if (test_admin_api) {
char *a1;
char *a2;
char *a3;
char * a1, * a2, * a3;
java_netscape_security_getPrivilegeDescs(NULL, "raman tenneti", &a1, &a2, &a3);
java_netscape_security_removePrivilege(NULL, "raman tenneti", "Reading, modification, or deletion of any of your files");
java_netscape_security_removePrincipal(NULL, "raman tenneti");

7
caps/src/makefile.win
View File

@ -58,11 +58,13 @@ CPP_OBJS= \
.\$(OBJDIR)\nsCCapsManager.obj \
.\$(OBJDIR)\nsCertificatePrincipal.obj \
.\$(OBJDIR)\nsCodebasePrincipal.obj \
.\$(OBJDIR)\nsJSPrincipals.obj \
.\$(OBJDIR)\nsPrincipalArray.obj \
.\$(OBJDIR)\nsPrincipalManager.obj \
.\$(OBJDIR)\nsPrivilege.obj \
.\$(OBJDIR)\nsPrivilegeManager.obj \
.\$(OBJDIR)\nsPrivilegeTable.obj \
.\$(OBJDIR)\nsScriptSecurityManager.obj \
.\$(OBJDIR)\nsSecurityManagerFactory.obj \
.\$(OBJDIR)\nsSystemPrivilegeTable.obj \
.\$(OBJDIR)\nsTarget.obj \
@ -77,7 +79,6 @@ CPP_OBJS= \
#//
#//------------------------------------------------------------------------
#//------------------------------------------------------------------------
#//
#// Define any local options for the make tools
@ -86,6 +87,7 @@ CPP_OBJS= \
#//------------------------------------------------------------------------
LINCS= $(LINCS) \
-I$(PUBLIC)\js \
-I$(XPDIST)\public\js \
-I$(PUBLIC)\nspr \
-I$(PUBLIC)\xpcom \
-I$(PUBLIC)\security \
@ -97,6 +99,7 @@ LINCS= $(LINCS) \
-I$(DEPTH)\lib\libstyle \
-I$(PUBLIC)\caps \
-I$(PUBLIC)\public \
-I$(PUBLIC)\xpconnect \
# -I$(PUBLIC)\rdf \
$(NULL)
@ -104,6 +107,8 @@ LLIBS = \
$(LIBNSPR) \
$(DIST)\lib\xpcom.lib \
$(DIST)\lib\xplib.lib \
$(DIST)\lib\js3250.lib \
$(DIST)\lib\oji.lib \
$(DIST)\lib\zlib.lib \
$(NULL)

14
caps/src/nsCCapsManager.cpp
View File

@ -46,9 +46,11 @@ nsCCapsManager::GetSecurityManager()
}
NS_IMETHODIMP
nsCCapsManager::GetPrincipalManager(nsIPrincipalManager * * prinMan)
nsCCapsManager::GetPrincipalManager(nsIPrincipalManager * * iprinMan)
{
* prinMan = (nsIPrincipalManager *)nsPrincipalManager::GetPrincipalManager();
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
* iprinMan = (nsIPrincipalManager *)prinMan;
return NS_OK;
}
@ -62,14 +64,18 @@ nsCCapsManager::GetPrivilegeManager(nsIPrivilegeManager * * privMan)
NS_IMETHODIMP
nsCCapsManager::CreateCodebasePrincipal(const char * codebaseURL, nsIPrincipal * * prin)
{
return nsPrincipalManager::GetPrincipalManager()->CreateCodebasePrincipal(codebaseURL, prin);
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
return prinMan->CreateCodebasePrincipal(codebaseURL, nsnull, prin);
}
NS_IMETHODIMP
nsCCapsManager::CreateCertificatePrincipal(const unsigned char **certChain, PRUint32 * certChainLengths,
PRUint32 noOfCerts, nsIPrincipal** prin)
{
return nsPrincipalManager::GetPrincipalManager()->CreateCertificatePrincipal(certChain,certChainLengths,noOfCerts,prin);
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
return prinMan->CreateCertificatePrincipal(certChain,certChainLengths,noOfCerts,prin);
}
NS_IMETHODIMP

13
caps/src/nsCaps.cpp
View File

@ -86,9 +86,10 @@ nsCapsInitialize()
PR_IMPLEMENT(PRBool)
nsCapsRegisterPrincipal(class nsIPrincipal *principal)
{
nsPrincipalManager * nsPrinManager = nsPrincipalManager::GetPrincipalManager();
if(nsPrinManager == NULL) return PR_FALSE;
nsPrinManager->RegisterPrincipal(principal);
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
if(prinMan == NULL) return PR_FALSE;
prinMan->RegisterPrincipal(principal);
return PR_TRUE;
}
@ -139,7 +140,8 @@ nsCapsDisablePrivilege(void* context, class nsITarget * target, PRInt32 callerDe
PR_IMPLEMENT(void*)
nsCapsGetClassPrincipalsFromStack(void* context, PRInt32 callerDepth)
{
nsPrincipalManager * nsPrinManager = nsPrincipalManager::GetPrincipalManager();
nsPrincipalManager * nsPrinManager;
nsPrincipalManager::GetPrincipalManager(& nsPrinManager);
return (nsPrinManager == NULL) ? NULL
: (void *)nsPrinManager->GetClassPrincipalsFromStack((nsIScriptContext *)context, callerDepth);
}
@ -163,7 +165,8 @@ nsCapsGetClassPrincipalsFromStack(void* context, PRInt32 callerDepth)
PR_IMPLEMENT(PRBool)
nsCapsCanExtendTrust(void* from, void* to)
{
nsPrincipalManager * nsPrinManager = nsPrincipalManager::GetPrincipalManager();
nsPrincipalManager * nsPrinManager;
nsPrincipalManager::GetPrincipalManager(& nsPrinManager);
PRBool result = PR_FALSE;
if (nsPrinManager != NULL) nsPrinManager->CanExtendTrust((nsIPrincipalArray *)from, (nsIPrincipalArray *)to,& result);
return result;

9
caps/src/nsCertificatePrincipal.cpp
View File

@ -64,6 +64,15 @@ nsCertificatePrincipal::GetFingerPrint(char * * fingerPrint)
return (itsFingerPrint == NULL) ? NS_ERROR_ILLEGAL_VALUE : NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::ToJSPrincipal(JSPrincipals * * jsprin)
{
// *jsprin = NS_STATIC_CAST(JSPrincipals *,this);
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::GetType(PRInt16 * type)
{

85
caps/src/nsCodebasePrincipal.cpp
View File

@ -17,17 +17,42 @@
*/
/* describes principals by thier orginating uris*/
#include "nsCodebasePrincipal.h"
#include "nsIComponentManager.h"
#include "nsIServiceManager.h"
#include "xp.h"
#include "nsIURL.h"
static NS_DEFINE_IID(kICodebasePrincipalIID, NS_ICODEBASEPRINCIPAL_IID);
NS_IMPL_ISUPPORTS(nsCodebasePrincipal, kICodebasePrincipalIID);
NS_IMETHODIMP
nsCodebasePrincipal::GetURL(char **cburl)
nsCodebasePrincipal::ToJSPrincipal(JSPrincipals * * jsprin)
{
* cburl = (char *)itsCodeBaseURL;
return NS_OK;
if (itsJSPrincipals.refcount == 0) {
NS_ADDREF(this);
}
*jsprin = &itsJSPrincipals;
return NS_OK;
/*
char * cb;
this->GetURLString(& cb);
* jsprin = NS_STATIC_CAST(JSPrincipals *,this);
(* jsprin)->codebase = PL_strdup(cb);
return NS_OK;
*/
}
NS_IMETHODIMP
nsCodebasePrincipal::GetURLString(char **cburl)
{
return itsURL->GetSpec(cburl);
}
NS_IMETHODIMP
nsCodebasePrincipal::GetURL(nsIURI * * url)
{
return itsURL->Clone(url);
}
NS_IMETHODIMP
@ -54,11 +79,9 @@ nsCodebasePrincipal::GetType(PRInt16 * type)
NS_IMETHODIMP
nsCodebasePrincipal::IsSecure(PRBool * result)
{
/*
if ((0 == memcmp("https:", itsKey, strlen("https:"))) ||
(0 == memcmp("file:", itsKey, strlen("file:"))))
return PR_TRUE;
*/
// if ((0 == memcmp("https:", itsKey, strlen("https:"))) ||
// (0 == memcmp("file:", itsKey, strlen("file:"))))
// return PR_TRUE;
return PR_FALSE;
}
@ -71,32 +94,48 @@ nsCodebasePrincipal::ToString(char * * result)
NS_IMETHODIMP
nsCodebasePrincipal::HashCode(PRUint32 * code)
{
code=0;
(* code) = 0;
return NS_OK;
}
NS_IMETHODIMP
nsCodebasePrincipal::Equals(nsIPrincipal * other, PRBool * result)
{
PRInt16 oType = 0;
// char ** oCodeBase;
other->GetType(& oType);
* result = (itsType == oType) ? PR_TRUE : PR_FALSE;
//XXXariel fix this
// if (* result) {
// nsICodebasePrincipal * cbother = (nsCodebasePrincipal)other;
// cbother->GetURL(& oCodeBase);
// }
// * result = (itsCodebase == oCodeBase) ? PR_TRUE : PR_FALSE;
return NS_OK;
PRInt16 oType = 0;
other->GetType(& oType);
(* result) = (itsType == oType) ? PR_TRUE : PR_FALSE;
if ((* result) != PR_TRUE) return NS_OK;
nsICodebasePrincipal * cbother;
char * oCodebase = nsnull, * myCodebase = nsnull;
other->QueryInterface(NS_GET_IID(nsICodebasePrincipal),(void * *)& cbother);
cbother->GetURLString(& oCodebase);
this->GetURLString(& myCodebase);
(* result) = (PL_strcmp(myCodebase, oCodebase) == 0) ? PR_TRUE : PR_FALSE;
return NS_OK;
}
nsCodebasePrincipal::nsCodebasePrincipal(PRInt16 type, const char * codeBaseURL)
nsCodebasePrincipal::nsCodebasePrincipal()
{
this->itsType = type;
this->itsCodeBaseURL = codeBaseURL;
NS_INIT_ISUPPORTS();
itsURL = nsnull;
}
NS_IMETHODIMP
nsCodebasePrincipal::Init(PRInt16 type, nsIURI *uri)
{
nsresult result;
NS_ADDREF(this);
this->itsType = type;
if (!NS_SUCCEEDED(result = uri->Clone(&itsURL))) return result;
if (!NS_SUCCEEDED(result = itsJSPrincipals.Init(this))) {
NS_RELEASE(itsURL);
return result;
}
return NS_OK;
}
nsCodebasePrincipal::~nsCodebasePrincipal(void)
{
if (itsURL)
NS_RELEASE(itsURL);
}

72
caps/src/nsJSPrincipals.cpp Normal file
View File

@ -0,0 +1,72 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1999 Netscape Communications Corporation. All Rights
* Reserved.
*/
#include "nsCodebasePrincipal.h"
#include "nsJSPrincipals.h"
#include "xp.h"
#include "plstr.h"
PR_STATIC_CALLBACK(void *)
nsGetPrincipalArray(JSContext * cx, struct JSPrincipals * prin) {
return nsnull;
}
PR_STATIC_CALLBACK(JSBool)
nsGlobalPrivilegesEnabled(JSContext * cx , struct JSPrincipals *jsprin) {
return JS_TRUE;
}
PR_STATIC_CALLBACK(void)
nsDestroyJSPrincipals(JSContext * cx, struct JSPrincipals * jsprin) {
nsJSPrincipals * nsjsprin = (nsJSPrincipals *)jsprin;
nsIPrincipal *p = nsjsprin->nsIPrincipalPtr;
NS_IF_RELEASE(p);
// The nsIPrincipal that we release owns the JSPrincipal struct,
// so we don't need to worry about "codebase"
}
nsJSPrincipals::nsJSPrincipals() {
codebase = nsnull;
getPrincipalArray = nsGetPrincipalArray;
globalPrivilegesEnabled = nsGlobalPrivilegesEnabled;
refcount = 0;
destroy = nsDestroyJSPrincipals;
nsIPrincipalPtr = nsnull;
}
nsresult
nsJSPrincipals::Init(nsIPrincipal * prin) {
char * cb;
nsICodebasePrincipal * cbprin;
prin->QueryInterface(NS_GET_IID(nsICodebasePrincipal),(void * *)& cbprin);
cbprin->GetURLString(& cb);
nsIPrincipalPtr = prin;
codebase = PL_strdup(cb);
if (!codebase)
return NS_ERROR_OUT_OF_MEMORY;
NS_ADDREF(nsIPrincipalPtr);
return NS_OK;
}
nsJSPrincipals::~nsJSPrincipals() {
if (codebase)
PL_strfree(codebase);
if (nsIPrincipalPtr)
NS_RELEASE(nsIPrincipalPtr);
}

104
caps/src/nsPrincipalManager.cpp
View File

@ -28,6 +28,9 @@
#include "nsCertificatePrincipal.h"
#include "nsCodebasePrincipal.h"
#include "nsPrivilegeManager.h"
#include "nsIServiceManager.h"
#include "nsIComponentManager.h"
#include "nsIURL.h"
#define UNSIGNED_PRINCIPAL_KEY "4a:52:4f:53:4b:49:4e:44"
#define UNKNOWN_PRINCIPAL_KEY "52:4f:53:4b:49:4e:44:4a"
@ -44,6 +47,8 @@ static PRBool RDF_RemovePrincipal(nsIPrincipal * prin);
static PRBool GetPrincipalString(nsHashKey * aKey, void * aData, void * closure);
static NS_DEFINE_IID(kIPrincipalManagerIID, NS_IPRINCIPALMANAGER_IID);
static NS_DEFINE_CID(kComponentManagerCID, NS_COMPONENTMANAGER_CID);
static NS_DEFINE_CID(kURLCID, NS_STANDARDURL_CID);
NS_IMPL_ISUPPORTS(nsPrincipalManager, kIPrincipalManagerIID);
@ -82,18 +87,36 @@ nsPrincipalManager::HasSystemPrincipal(nsIPrincipalArray * prinArray)
}
NS_IMETHODIMP
nsPrincipalManager::CreateCodebasePrincipal(const char * codebaseURL, nsIPrincipal * * prin) {
* prin = new nsCodebasePrincipal(nsIPrincipal::PrincipalType_CodebaseExact, codebaseURL);
if (prin == NULL) return NS_ERROR_OUT_OF_MEMORY;
(* prin)->AddRef();
return NS_OK;
nsPrincipalManager::CreateCodebasePrincipal(const char * codebaseURL, nsIURI * url, nsIPrincipal * * prin)
{
nsresult rv;
if (!codebaseURL && !url) return NS_ERROR_FAILURE;
NS_WITH_SERVICE(nsIComponentManager, compMan, kComponentManagerCID, &rv);
if (!url) {
if (!NS_SUCCEEDED(rv)) return rv;
rv = compMan->CreateInstance(kURLCID, nsnull, NS_GET_IID(nsIURL), (void **) &url);
if (!NS_SUCCEEDED(rv)) return rv;
if (!NS_SUCCEEDED(rv = url->SetSpec((char *) codebaseURL))) {
NS_RELEASE(url);
return rv;
}
}
nsCodebasePrincipal * codebasePrin;
compMan->CreateInstance(NS_CODEBASEPRINCIPAL_PROGID, nsnull, NS_GET_IID(nsICodebasePrincipal),(void * *)& codebasePrin);
if (codebasePrin == nsnull) return NS_ERROR_OUT_OF_MEMORY;
rv = codebasePrin->Init(nsIPrincipal::PrincipalType_CodebaseExact, url);
if (!NS_SUCCEEDED(rv)) {
NS_RELEASE(codebasePrin);
return rv;
}
* prin = codebasePrin;
return NS_OK;
}
NS_IMETHODIMP
nsPrincipalManager::CreateCertificatePrincipal(const unsigned char * * certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts, nsIPrincipal * * prin)
{
* prin = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate,
certChain, certChainLengths, noOfCerts);
* prin = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate,certChain, certChainLengths, noOfCerts);
if (!prin) return NS_ERROR_OUT_OF_MEMORY;
(* prin)->AddRef();
return NS_OK;
@ -190,11 +213,10 @@ nsPrincipalManager::GetMyPrincipals(PRInt32 callerDepth)
nsIPrincipalArray *
nsPrincipalManager::GetMyPrincipals(nsIScriptContext * context, PRInt32 callerDepth)
{
return nsPrincipalManager::GetPrincipalManager()->GetClassPrincipalsFromStack(context, callerDepth);
// return this->GetClassPrincipalsFromStack(context, callerDepth);
return NULL;
}
nsIPrincipal *
nsPrincipalManager::GetPrincipalFromString(char * prinName)
{
@ -327,39 +349,55 @@ nsPrincipalManager::UnregisterPrincipal(nsIPrincipal * prin, PRBool * result)
NS_IMETHODIMP
nsPrincipalManager::NewPrincipalArray(PRUint32 count, nsIPrincipalArray * * result)
{
* result = (nsIPrincipalArray *) new nsPrincipalArray(count);
return NS_OK;
* result = (nsIPrincipalArray *) new nsPrincipalArray(count);
return NS_OK;
}
nsPrincipalManager::nsPrincipalManager(void)
{
NS_INIT_REFCNT();
NS_ADDREF(this);
nsCaps_lock();
itsPrinNameToPrincipalTable = new nsHashtable();
theUnsignedPrincipal = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate, UNSIGNED_PRINCIPAL_KEY);
theUnsignedPrincipalArray = new nsPrincipalArray();
theUnsignedPrincipalArray->AddPrincipalArrayElement(theUnsignedPrincipal);
theUnknownPrincipal = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate, UNKNOWN_PRINCIPAL_KEY);
theUnknownPrincipalArray = new nsPrincipalArray();
theUnknownPrincipalArray->AddPrincipalArrayElement(theUnknownPrincipal);
nsCaps_unlock();
NS_INIT_ISUPPORTS();
}
NS_IMETHODIMP
nsPrincipalManager::Init()
{
nsresult rv;
NS_ADDREF(this);
itsPrinNameToPrincipalTable = new nsHashtable();
if(itsPrinNameToPrincipalTable == NULL) return NS_ERROR_OUT_OF_MEMORY;
NS_WITH_SERVICE(nsIComponentManager, compMgr, kComponentManagerCID,& rv);
if (NS_FAILED(rv)) return rv;
rv = compMgr->CreateInstance(NS_PRINCIPALARRAY_PROGID, nsnull,NS_GET_IID(nsIPrincipalArray), (void * *)& theUnsignedPrincipalArray);
if(NS_FAILED(rv)) return rv;
rv = compMgr->CreateInstance(NS_PRINCIPALARRAY_PROGID, nsnull,NS_GET_IID(nsIPrincipalArray), (void * *)& theUnknownPrincipalArray);
if(NS_FAILED(rv)) return rv;
theUnsignedPrincipal = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate, UNSIGNED_PRINCIPAL_KEY);
theUnsignedPrincipalArray->AddPrincipalArrayElement(theUnsignedPrincipal);
theUnknownPrincipal = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate, UNKNOWN_PRINCIPAL_KEY);
theUnknownPrincipalArray->AddPrincipalArrayElement(theUnknownPrincipal);
return NS_OK;
}
nsPrincipalManager::~nsPrincipalManager(void) {
nsCaps_lock();
if (itsPrinNameToPrincipalTable) delete itsPrinNameToPrincipalTable;
nsCaps_unlock();
if (itsPrinNameToPrincipalTable) delete itsPrinNameToPrincipalTable;
NS_IF_RELEASE(theUnsignedPrincipalArray);
NS_IF_RELEASE(theUnknownPrincipalArray);
}
nsPrincipalManager *
nsPrincipalManager::GetPrincipalManager()
nsresult
nsPrincipalManager::GetPrincipalManager(nsPrincipalManager * * result)
{
static nsPrincipalManager * prinMan = NULL;
if(!prinMan) prinMan = new nsPrincipalManager();
return prinMan;
static nsPrincipalManager * prinMan = NULL;
if(!prinMan)
{
prinMan = new nsPrincipalManager();
if(prinMan == NULL) return NS_ERROR_OUT_OF_MEMORY;
nsresult rv = prinMan->Init();
(* result) = prinMan;
return rv;
}
(* result) = prinMan;
return NS_OK;
}
static PRBool

36
caps/src/nsPrivilegeManager.cpp
View File

@ -38,9 +38,7 @@ static PRMonitor * caps_lock = NULL;
* a void * as argument and it passed that argument as a parameter to the
* callback function.
*/
char * gForever;
char * gSession;
char * gDenied;
char * gForever, * gSession, * gDenied;
nsPrivilegeTable * gPrivilegeTable;
static PRBool RDF_RemovePrincipalsPrivilege(nsIPrincipal * prin, nsITarget * target);
@ -302,7 +300,9 @@ nsPrivilegeManager::EnablePrincipalPrivilegeHelper(nsIScriptContext * context, n
/* Get the registered target */
nsITarget *targ = nsTarget::FindTarget(target);
if (targ != target) return PR_FALSE;
callerPrinArray = nsPrincipalManager::GetPrincipalManager()->GetClassPrincipalsFromStack((nsIScriptContext *)context, callerDepth);
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
callerPrinArray = prinMan->GetClassPrincipalsFromStack((nsIScriptContext *)context, callerDepth);
if (preferredPrin != NULL) {
nsIPrincipal * callerPrin;
PRUint32 i;
@ -454,7 +454,9 @@ void
nsPrivilegeManager::RegisterPrincipalAndSetPrivileges(nsIPrincipal * prin, nsITarget * target, nsIPrivilege * newPrivilege)
{
nsPrivilegeTable *privTable;
nsPrincipalManager::GetPrincipalManager()->RegisterPrincipal(prin);
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
prinMan->RegisterPrincipal(prin);
//Store the list of targets for which the user has given privilege
PrincipalKey prinKey(prin);
nsCaps_lock();
@ -520,8 +522,9 @@ nsPrivilegeManager::CheckPrivilegeGranted(nsITarget *target, PRInt32 callerDepth
NS_IMETHODIMP
nsPrivilegeManager::CheckPrivilegeGranted(nsIScriptContext * context, nsITarget * target, PRInt32 callerDepth, void * data, PRBool * result)
{
nsIPrincipalArray * callerPrinArray =
nsPrincipalManager::GetPrincipalManager()->GetClassPrincipalsFromStack((nsIScriptContext *)context, callerDepth);
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
nsIPrincipalArray * callerPrinArray = prinMan->GetClassPrincipalsFromStack((nsIScriptContext *)context, callerDepth);
PRInt16 privilegeState = this->GetPrincipalPrivilege(target, callerPrinArray, data);
* result = (privilegeState == nsIPrivilege::PrivilegeState_Allowed) ? PR_TRUE : PR_FALSE;
return NS_OK;
@ -547,10 +550,10 @@ nsPrivilegeManager::GetTargetsWithPrivileges(char *prinName, char** forever, cha
{
/* Admin UI */
nsCaps_lock();
*forever = gForever = NULL;
*session = gSession = NULL;
*denied = gDenied = NULL;
nsIPrincipal * prin = nsPrincipalManager::GetPrincipalManager()->GetPrincipalFromString(prinName);
* forever = gForever = * session = gSession = * denied = gDenied = NULL;
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
nsIPrincipal * prin = prinMan->GetPrincipalFromString(prinName);
if (prin == NULL) {
nsCaps_unlock();
return;
@ -575,7 +578,8 @@ nsPrivilegeManager::GetTargetsWithPrivileges(char *prinName, char** forever, cha
PRBool
nsPrivilegeManager::RemovePrincipal(char * prinName)
{
nsPrincipalManager * itsPrincipalManager = nsPrincipalManager::GetPrincipalManager();
nsPrincipalManager * itsPrincipalManager;
nsPrincipalManager::GetPrincipalManager(& itsPrincipalManager);
nsCaps_lock();
nsIPrincipal * prin = itsPrincipalManager->GetPrincipalFromString(prinName);
if (prin == NULL) {
@ -591,7 +595,9 @@ NS_IMETHODIMP
nsPrivilegeManager::RemovePrincipalsPrivilege(const char * prinName, const char * targetDesc, PRBool * result)
{
/* Admin UI */
nsIPrincipal * prin = nsPrincipalManager::GetPrincipalManager()->GetPrincipalFromString((char *)prinName);
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
nsIPrincipal * prin = prinMan->GetPrincipalFromString((char *)prinName);
if (prin == NULL) {
* result = PR_FALSE;
return NS_OK;
@ -996,7 +1002,9 @@ void
nsPrivilegeManager::Save(nsIPrincipal * prin, nsITarget *target, nsIPrivilege *newPrivilege)
{
PRBool eq;
prin->Equals(nsPrincipalManager::GetPrincipalManager()->GetSystemPrincipal(),& eq);
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
prin->Equals(prinMan->GetSystemPrincipal(),& eq);
if (eq) return;
#ifdef ENABLE_RDF
nsCaps_lock();

599
caps/src/nsScriptSecurityManager.cpp Normal file
View File

@ -0,0 +1,599 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-1999 Netscape Communications Corporation. All Rights
* Reserved.
*/
#include "nsScriptSecurityManager.h"
#include "nsIServiceManager.h"
#include "nsIPrincipalManager.h"
#include "nsIScriptGlobalObjectData.h"
#include "nsIPref.h"
#include "nsIURL.h"
#ifdef OJI
#include "jvmmgr.h"
#endif
#include "nspr.h"
#include "plstr.h"
static NS_DEFINE_CID(kPrefServiceCID, NS_PREF_CID);
static NS_DEFINE_CID(kURLCID, NS_STANDARDURL_CID);
static NS_DEFINE_CID(kComponentManagerCID, NS_COMPONENTMANAGER_CID);
static NS_DEFINE_IID(kIScriptSecurityManagerIID, NS_ISCRIPTSECURITYMANAGER_IID);
NS_IMPL_ISUPPORTS(nsScriptSecurityManager, kIScriptSecurityManagerIID);
static nsString gUnknownOriginStr("[unknown origin]");
static nsString gFileUrlPrefix("file:");
static char accessErrorMessage[] =
"access disallowed from scripts at %s to documents at another domain";
nsScriptSecurityManager::nsScriptSecurityManager(void)
{
NS_INIT_REFCNT();
}
nsScriptSecurityManager::~nsScriptSecurityManager(void)
{
// nsServiceManager::ReleaseService(kPrefServiceCID, mPrefs);
}
nsScriptSecurityManager *
nsScriptSecurityManager::GetScriptSecurityManager()
{
static nsScriptSecurityManager * ssecMan = NULL;
if (!ssecMan)
ssecMan = new nsScriptSecurityManager();
return ssecMan;
}
NS_IMETHODIMP
nsScriptSecurityManager::NewJSPrincipals(nsIURI *aURL, nsString *aName,
nsIPrincipal **result)
{
// nsJSPrincipalsData * pdata;
PRBool needUnlock = PR_FALSE;
#ifdef CERT_PRINS
void *zip = nsnull; //ns_zip_t
if (aURL) {
char *fn = nsnull;
if (NET_IsLocalFileURL(archive->address)) {
char* pathPart = ParseURL(archive->address, GET_PATH_PART);
fn = WH_FileName(pathPart, xpURL);
PR_Free(pathPart);
}
else if (archive->cache_file && NET_ChangeCacheFileLock(archive, TRUE)) {
fn = WH_FileName(archive->cache_file, xpCache);
needUnlock = PR_TRUE;
}
if (fn) {
#ifdef XP_MAC
/*
* Unfortunately, ns_zip_open wants a Unix-style name. Convert
* Mac path to a Unix-style path. This code is copied from
* appletStubs.c.
*/
OSErr ConvertMacPathToUnixPath(const char *macPath, char **unixPath);
char *unixPath = nsnull;
if (ConvertMacPathToUnixPath(fn, &unixPath) == 0)
zip = ns_zip_open(unixPath);
PR_FREEIF(unixPath);
#else
zip = ns_zip_open(fn);
#endif
pdata->zip = zip;
PR_Free(fn);
}
}
#endif
nsresult rv;
char *codebaseStr = NULL;
if (!NS_SUCCEEDED(rv = GetOriginFromSourceURL(aURL, &codebaseStr)))
return rv;
if (!codebaseStr) {
return NS_ERROR_FAILURE;
}
NS_WITH_SERVICE(nsIPrincipalManager, prinMan, NS_PRINCIPALMANAGER_PROGID, &rv);
if (NS_SUCCEEDED(rv))
rv = prinMan->CreateCodebasePrincipal(codebaseStr, aURL, result);
return rv;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckScriptAccess(nsIScriptContext *aContext,
void *aObj, const char *aProp,
PRBool *aResult)
{
*aResult = PR_FALSE;
JSContext* cx = (JSContext*)aContext->GetNativeContext();
PRInt32 secLevel = CheckForPrivilege(cx, (char *) aProp, nsnull);
switch (secLevel) {
case SCRIPT_SECURITY_ALL_ACCESS:
*aResult = PR_TRUE;
return NS_OK;
case SCRIPT_SECURITY_SAME_DOMAIN_ACCESS:
return CheckPermissions(cx, (JSObject *) aObj, eJSTarget_Max, aResult);
default:
// Default is no access
*aResult = PR_FALSE;
return NS_OK;
}
}
NS_IMETHODIMP
nsScriptSecurityManager::GetSubjectOriginURL(JSContext *aCx, char * * aOrigin)
{
// Get origin from script of innermost interpreted frame.
JSPrincipals * principals;
JSStackFrame * fp;
JSScript * script;
#ifdef OJI
JSStackFrame * pFrameToStartLooking = *JVM_GetStartJSFrameFromParallelStack();
JSStackFrame * pFrameToEndLooking = JVM_GetEndJSFrameFromParallelStack(pFrameToStartLooking);
if (pFrameToStartLooking == nsnull) {
pFrameToStartLooking = JS_FrameIterator(aCx,& pFrameToStartLooking);
if (pFrameToStartLooking == nsnull) {
// There are no frames or scripts at this point.
pFrameToEndLooking = nsnull;
}
}
#else
JSStackFrame * pFrameToStartLooking = JS_FrameIterator(aCx, &fp);
JSStackFrame * pFrameToEndLooking = nsnull;
#endif
fp = pFrameToStartLooking;
while (fp != pFrameToEndLooking) {
script = JS_GetFrameScript(aCx, fp);
if (script) {
principals = JS_GetScriptPrincipals(aCx, script);
* aOrigin = principals ? (char *)principals->codebase : (char *)JS_GetScriptFilename(aCx, script);
return (* aOrigin) ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
fp = JS_FrameIterator(aCx, &fp);
}
#ifdef OJI
principals = JVM_GetJavaPrincipalsFromStack(pFrameToStartLooking);
if (principals) {
*aOrigin = principals->codebase;
return (* aOrigin) ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
#endif
/*
* Not called from either JS or Java. We must be called
* from the interpreter. Get the origin from the decoder.
*/
// NB TODO: Does this ever happen?
return this->GetObjectOriginURL(aCx, ::JS_GetGlobalObject(aCx), aOrigin);
}
NS_IMETHODIMP
nsScriptSecurityManager::GetObjectOriginURL(JSContext *aCx, JSObject *aObj,
char **aOrigin)
{
nsresult rv;
JSObject *parent;
while (parent = ::JS_GetParent(aCx, aObj))
aObj = parent;
nsIPrincipal *prin;
if (!NS_SUCCEEDED(rv = GetContainerPrincipals(aCx, aObj, & prin)))
return rv;
nsICodebasePrincipal *cbprin;
rv = prin->QueryInterface(NS_GET_IID(nsICodebasePrincipal), (void **) &cbprin);
if (!NS_SUCCEEDED(rv))
return rv;
if (!NS_SUCCEEDED(rv = cbprin->GetURLString(aOrigin)))
return rv;
return (*aOrigin) ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsScriptSecurityManager::GetOriginFromSourceURL(nsIURI *url, char **result)
{
char *tempChars;
nsresult rv;
if (!NS_SUCCEEDED(rv = url->GetScheme(&tempChars)))
return rv;
nsAutoString buffer(tempChars);
// NB TODO: what about file: urls and about:blank?
buffer.Append("://");
if (!NS_SUCCEEDED(rv = url->GetHost(&tempChars)))
return rv;
buffer.Append(tempChars);
if (!NS_SUCCEEDED(rv = url->GetPath(&tempChars)))
return rv;
buffer.Append(tempChars);
if (buffer.Length() == 0 || buffer.EqualsIgnoreCase(gUnknownOriginStr))
return NS_ERROR_FAILURE;
*result = buffer.ToNewCString();
return *result ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
PRInt32
nsScriptSecurityManager::CheckForPrivilege(JSContext *cx, char *prop_name,
int priv_code)
{
if (prop_name == nsnull)
return SCRIPT_SECURITY_NO_ACCESS;
char *tmp_prop_name = AddSecPolicyPrefix(cx, prop_name);
if (tmp_prop_name == nsnull)
return SCRIPT_SECURITY_NO_ACCESS;
PRInt32 secLevel = SCRIPT_SECURITY_NO_ACCESS;
nsIPref *mPrefs;
nsServiceManager::GetService(kPrefServiceCID, NS_GET_IID(nsIPref),
(nsISupports**) &mPrefs);
if (NS_OK == mPrefs->GetIntPref(tmp_prop_name, &secLevel)) {
PR_FREEIF(tmp_prop_name);
return secLevel;
}
// If no preference is defined for this property, allow access.
// This violates the rule of a safe default, but means we don't have
// to specify the large majority of unchecked properties, only the
// minority of checked ones.
PR_FREEIF(tmp_prop_name);
return SCRIPT_SECURITY_ALL_ACCESS;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckPermissions(JSContext *aCx, JSObject *aObj,
PRInt16 aTarget, PRBool* aReturn)
{
char *subjectOrigin = nsnull;
char *objectOrigin = nsnull;
nsresult rv = GetSubjectOriginURL(aCx, &subjectOrigin);
if (!NS_SUCCEEDED(rv))
return rv;
/*
** Hold onto reference to the running decoder's principals
** in case a call to GetObjectOriginURL ends up
** dropping a reference due to an origin changing
** underneath us.
*/
rv = GetObjectOriginURL(aCx, aObj, &objectOrigin);
if (rv != NS_OK || !subjectOrigin || !objectOrigin) {
*aReturn = PR_FALSE;
return NS_OK;
}
/* Now see whether the origin methods and servers match. */
if (this->SameOrigins(aCx, subjectOrigin, objectOrigin)) {
* aReturn = PR_TRUE;
return NS_OK;
}
/*
** If we failed the origin tests it still might be the case that we
** are a signed script and have permissions to do this operation.
** Check for that here
*/
if (aTarget != eJSTarget_Max) {
PRBool canAccess;
this->CanAccessTarget(aCx, aTarget, &canAccess);
if (canAccess) {
*aReturn = PR_TRUE;
return NS_OK;
}
}
JS_ReportError(aCx, accessErrorMessage, subjectOrigin);
*aReturn = PR_FALSE;
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::GetContainerPrincipals(JSContext *aCx,
JSObject *container,
nsIPrincipal **result)
{
nsresult rv;
*result = nsnull;
// Need to check that the origin hasn't changed underneath us
char *originUrl = FindOriginURL(aCx, container);
if (!originUrl)
return NS_ERROR_FAILURE;
nsISupports * tmp;
nsIScriptGlobalObjectData * globalData;
tmp = (nsISupports *)JS_GetPrivate(aCx, container);
if (tmp == nsnull || (rv = tmp->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void * *)& globalData)) != NS_OK)
{
delete originUrl;
return rv;
}
globalData->GetPrincipal(result);
if (* result) {
nsICodebasePrincipal * cbprin;
char * cbStr;
(* result)->QueryInterface(NS_GET_IID(nsICodebasePrincipal),(void * *)& cbprin);
cbprin->GetURLString(& cbStr);
if (this->SameOrigins(aCx, originUrl, cbStr)) {
delete originUrl;
return NS_OK;
}
#ifdef THREADING_ISSUES
// nsJSPrincipalsData * data;
// data = (nsJSPrincipalsData*)*aPrincipals;
// if (data->codebaseBeforeSettingDomain &&
// this->SameOrigins(aCx, originUrl, data->codebaseBeforeSettingDomain)) {
/* document.domain was set, so principals are okay */
// delete originUrl;
// return NS_OK;
// }
/* Principals have changed underneath us. Remove them. */
// globalData->SetPrincipals(nsnull);
#endif
}
/* Create new principals and return them. */
//why should we create a new principal, removing this
// nsAutoString originUrlStr(originUrl);
// if (!NS_SUCCEEDED(this->NewJSPrincipals(nsnull, nsnull, &originUrlStr, aPrincipals))) {
// delete originUrl;
// return NS_ERROR_FAILURE;
// }
// globalData->SetPrincipals((void*)*aPrincipals);
delete originUrl;
return NS_OK;
}
PRBool
nsScriptSecurityManager::SameOrigins(JSContext * aCx, const char * aOrigin1, const char * aOrigin2)
{
if ((aOrigin1 == nsnull) || (aOrigin2 == nsnull) || (PL_strlen(aOrigin1) == 0) || (PL_strlen(aOrigin2) == 0))
return PR_FALSE;
// Shouldn't return true if both origin1 and origin2 are unknownOriginStr.
nsString * tmp = new nsString(aOrigin1);
if (gUnknownOriginStr.EqualsIgnoreCase(*tmp))
{
delete tmp;
return PR_FALSE;
}
delete tmp;
if (PL_strcmp(aOrigin1, aOrigin2) == 0) return PR_TRUE;
nsString * cmp1 = new nsString(this->GetCanonicalizedOrigin(aCx, aOrigin1));
nsString * cmp2 = new nsString(this->GetCanonicalizedOrigin(aCx, aOrigin2));
PRBool result = PR_FALSE;
// Either the strings are equal or they are both file: uris.
if (cmp1 && cmp2 &&
(*cmp1 == *cmp2 ||
(cmp1->Find(gFileUrlPrefix) == 0 && cmp2->Find(gFileUrlPrefix) == 0)))
{
result = PR_TRUE;
}
delete cmp1;
delete cmp2;
return result;
}
char *
nsScriptSecurityManager::GetCanonicalizedOrigin(JSContext* aCx, const char * aUrlString)
{
nsString * buffer;
nsIURL * url;
nsresult rv;
char * origin = (char *)aUrlString;
NS_WITH_SERVICE(nsIComponentManager, compMan,kComponentManagerCID,&rv);
if (!NS_SUCCEEDED(rv)) return nsnull;
rv = compMan->CreateInstance(kURLCID,NULL,NS_GET_IID(nsIURL),(void * *)& url);
if (!NS_SUCCEEDED(rv)) return nsnull;
rv = url->SetSpec(origin);
if (!NS_SUCCEEDED(rv)) return nsnull;
url->GetScheme(& origin);
buffer = new nsString(origin);
url->GetHost(& origin);
buffer->Append(origin);
if (!buffer) {
JS_ReportOutOfMemory(aCx);
return nsnull;
}
origin = buffer->ToNewCString();
delete buffer;
return origin;
}
char*
nsScriptSecurityManager::FindOriginURL(JSContext * aCx, JSObject * aGlobal)
{
nsISupports * tmp1, * tmp2;
nsIScriptGlobalObjectData* globalData = nsnull;
nsIURI *origin = nsnull;
tmp1 = (nsISupports *)JS_GetPrivate(aCx, aGlobal);
if (nsnull != tmp1 &&
NS_OK == tmp1->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void**)&globalData)) {
globalData->GetOrigin(&origin);
}
if (origin == nsnull) {
// does this ever happen?
/* Must be a new, empty window? Use running origin. */
tmp2 = (nsISupports*)JS_GetPrivate(aCx, JS_GetGlobalObject(aCx));
/* Compare running and current to avoid infinite recursion. */
if (tmp1 == tmp2) {
nsAutoString urlString = "[unknown origin]";
NS_IF_RELEASE(globalData);
return urlString.ToNewCString();
} else if (nsnull != tmp2 && NS_OK == tmp2->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void**)&globalData)) {
globalData->GetOrigin(&origin);
}
}
if (origin != nsnull) {
char *spec;
origin->GetSpec(&spec);
nsAutoString urlString(spec);
NS_IF_RELEASE(globalData);
return urlString.ToNewCString();
}
NS_IF_RELEASE(globalData);
// return an empty string
nsAutoString urlString("");
return urlString.ToNewCString();
}
char *
nsScriptSecurityManager::AddSecPolicyPrefix(JSContext *cx, char *pref_str)
{
const char *subjectOrigin = "";//GetSubjectOriginURL(cx);
char *policy_str, *retval = 0;
if ((policy_str = this->GetSitePolicy(subjectOrigin)) == 0) {
/* No site-specific policy. Get global policy name. */
nsIPref * mPrefs;
nsServiceManager::GetService(kPrefServiceCID,NS_GET_IID(nsIPref), (nsISupports**)&mPrefs);
if (NS_OK != mPrefs->CopyCharPref("javascript.security_policy", &policy_str))
policy_str = PL_strdup("default");
}
if (policy_str) { //why can't this be default? && PL_strcasecmp(policy_str, "default") != 0) {
retval = PR_sprintf_append(NULL, "js_security.%s.%s", policy_str, pref_str);
PR_Free(policy_str);
}
return retval;
}
NS_IMETHODIMP
nsScriptSecurityManager::CanAccessTarget(JSContext *aCx, PRInt16 aTarget, PRBool* aReturn)
{
JSPrincipals *principals;
* aReturn = PR_TRUE;
this->GetPrincipalsFromStackFrame(aCx, &principals);
#if 0
if ((nsCapsGetRegistrationModeFlag()) && principals && (NET_URL_Type(principals->codebase) == FILE_TYPE_URL)) {
return NS_OK;
}
else
#endif
if (principals && !principals->globalPrivilegesEnabled(aCx, principals)) {
*aReturn = PR_FALSE;
}
#if 0
// only if signed scripts
else if (!this->PrincipalsCanAccessTarget(aCx, aTarget)) {
*aReturn = PR_FALSE;
}
#else
*aReturn = PR_FALSE;
#endif
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::GetPrincipalsFromStackFrame(JSContext *aCx, JSPrincipals** aPrincipals)
{
//* Get principals from script of innermost interpreted frame.
JSStackFrame * fp;
JSScript * script;
#ifdef OJI
JSStackFrame * pFrameToStartLooking = *JVM_GetStartJSFrameFromParallelStack();
JSStackFrame * pFrameToEndLooking = JVM_GetEndJSFrameFromParallelStack(pFrameToStartLooking);
if (pFrameToStartLooking == nsnull) {
pFrameToStartLooking = JS_FrameIterator(aCx, &pFrameToStartLooking);
if (pFrameToStartLooking == nsnull) {
/*
** There are no frames or scripts at this point.
*/
pFrameToEndLooking = nsnull;
}
}
#else
JSStackFrame * pFrameToStartLooking = JS_FrameIterator(aCx, &fp);
JSStackFrame * pFrameToEndLooking = nsnull;
#endif
fp = pFrameToStartLooking;
while ((fp = JS_FrameIterator(aCx, &fp)) != pFrameToEndLooking) {
script = JS_GetFrameScript(aCx, fp);
if (script) {
* aPrincipals = JS_GetScriptPrincipals(aCx, script);
return NS_OK;
}
}
#ifdef OJI
* aPrincipals = JVM_GetJavaPrincipalsFromStack(pFrameToStartLooking);
return NS_OK;
#endif
* aPrincipals = nsnull;
return NS_OK;
}
char *
nsScriptSecurityManager::GetSitePolicy(const char *org)
{
char *sitepol, *sp, *nextsp, *orghost = 0, *retval = 0, *prot, *bar, *end, *match = 0;
int splen, matlen;
nsIURL * url;
nsresult rv;
nsIPref * mPrefs;
NS_WITH_SERVICE(nsIComponentManager, compMan,kComponentManagerCID,&rv);
if (!NS_SUCCEEDED(rv)) return nsnull;
rv = compMan->CreateInstance(kURLCID,NULL,NS_GET_IID(nsIURL),(void**)&url);
if (!NS_SUCCEEDED(rv)) return nsnull;
nsServiceManager::GetService(kPrefServiceCID,NS_GET_IID(nsIPref), (nsISupports * *)& mPrefs);
if (NS_OK != mPrefs->CopyCharPref("js_security.site_policy", &sitepol)) return 0;
/* Site policy comprises text of the form site1-policy,site2-policy,siteNpolicy
* where each site-policy is site|policy and policy is presumed to be one of strict/moderate/default
* site may be either a URL or a hostname. In the former case we do a prefix match with the origin URL; in the latter case
* we just compare hosts. Process entry by entry. Take longest match, to account for
* cases like: * http://host/|moderate,http://host/dir/|strict
*/
for (sp = sitepol; sp != 0; sp = nextsp) {
if ((nextsp = strchr(sp, ',')) != 0) *nextsp++ = '\0';
if ((bar = strchr(sp, '|')) == 0) continue; /* no | for this entry */
*bar = '\0';
/* Isolate host, then policy. */
sp += strspn(sp, " "); /* skip leading spaces */
end = sp + strcspn(sp, " |"); /* skip up to space or | */
*end = '\0';
if ((splen = end-sp) == 0) continue; /* no URL or hostname */
/* Check whether this is long enough. */
if (match != 0 && matlen >= splen) continue; /* Nope. New shorter than old. */
/* Check which case, URL or hostname, we're dealing with. */
rv = url->SetSpec(sp);
if (!NS_SUCCEEDED(rv)) return nsnull;
url->GetScheme(& prot);
if (prot != 0 && *prot != '\0') {
/* URL case. Do prefix match, make sure we're at proper boundaries. */
if (PL_strncmp(org, sp, splen) != 0 || (org[splen] != '\0' /* exact match */
&& sp[splen-1] != '/' /* site policy ends with / */
&& org[splen] != '/' /* site policy doesn't, but org does */
)) {
PR_Free(prot);
continue; /* no match */
}
}
else {
/* Host-only case. */
PR_FREEIF(prot);
rv = url->SetSpec((char *)org);
if (!NS_SUCCEEDED(rv)) return nsnull;
url->GetHost(& orghost);
if (orghost == 0) return 0; /* out of mem */
if (PL_strcasecmp(orghost, sp) != 0) continue; /* no match */
}
/* Had a match. Remember policy and length of host/URL match. */
match = bar;
matlen = splen;
}
if (match != 0) {
/* Longest hostname or URL match. Get policy.
** match points to |.
** Skip spaces after | and after policy name.
*/
++match;
sp = match + strspn(match, " ");
end = sp + strcspn(sp, " ");
*end = '\0';
if (sp != end) retval = PL_strdup(sp);
}
PR_FREEIF(orghost);
PR_FREEIF(sitepol);
return retval;
}

91
caps/src/nsSecurityManagerFactory.cpp
View File

@ -27,13 +27,45 @@
#include "nsPrincipalManager.h"
#include "nsIPrivilegeManager.h"
#include "nsPrivilegeManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsCodebasePrincipal.h"
static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID);
//static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID);
static NS_DEFINE_CID(kComponentManagerCID, NS_COMPONENTMANAGER_CID);
static NS_DEFINE_CID(kGenericFactoryCID, NS_GENERICFACTORY_CID);
static NS_DEFINE_CID(kCCapsManagerCID, NS_CCAPSMANAGER_CID);
static NS_DEFINE_CID(kPrivilegeManagerCID, NS_PRIVILEGEMANAGER_CID);
static NS_DEFINE_CID(kPrincipalManagerCID, NS_PRINCIPALMANAGER_CID);
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCodebasePrincipal)
static NS_IMETHODIMP
Construct_nsIScriptSecurityManager(nsISupports * aOuter, REFNSIID aIID, void * * aResult)
{
nsresult rv;
nsISupports *obj;
if(!aResult)
{
rv = NS_ERROR_NULL_POINTER;
goto done;
}
*aResult = NULL;
if(aOuter)
{
rv = NS_ERROR_NO_AGGREGATION;
goto done;
}
obj = nsScriptSecurityManager::GetScriptSecurityManager();
if(!obj)
{
rv = NS_ERROR_OUT_OF_MEMORY;
goto done;
}
rv = obj->QueryInterface(aIID, aResult);
NS_ASSERTION(NS_SUCCEEDED(rv), "unable to find correct interface");
done:
return rv;
}
static NS_IMETHODIMP
Construct_nsISecurityManager(nsISupports * aOuter, REFNSIID aIID, void * * aResult)
@ -96,26 +128,14 @@ Construct_nsIPrincipalManager(nsISupports * aOuter, REFNSIID aIID, void * * aRes
{
nsresult rv;
nsISupports * obj;
if(!aResult)
{
rv = NS_ERROR_NULL_POINTER;
goto done;
}
if(!aResult) return NS_ERROR_NULL_POINTER;
*aResult = NULL;
if(aOuter)
{
rv = NS_ERROR_NO_AGGREGATION;
goto done;
}
obj = nsPrincipalManager::GetPrincipalManager();
if(!obj)
{
rv = NS_ERROR_OUT_OF_MEMORY;
goto done;
}
if(aOuter) return NS_ERROR_NO_AGGREGATION;
rv = nsPrincipalManager::GetPrincipalManager((nsPrincipalManager * *)& obj);
if(!obj) return NS_ERROR_OUT_OF_MEMORY;
if(NS_FAILED(rv)) return rv;
rv = obj->QueryInterface(aIID, aResult);
NS_ASSERTION(NS_SUCCEEDED(rv), "unable to find correct interface");
done:
return rv;
}
@ -128,13 +148,14 @@ NSGetFactory(nsISupports * aServMgr, const nsCID & aClass, const char * aClassNa
NS_WITH_SERVICE1(nsIComponentManager, compMgr, aServMgr, kComponentManagerCID,& rv);
if (NS_FAILED(rv)) return rv;
nsIGenericFactory * factory;
rv = compMgr->CreateInstance(kGenericFactoryCID, nsnull, nsIGenericFactory::GetIID(), (void * *)& factory);
rv = compMgr->CreateInstance(kGenericFactoryCID, nsnull,NS_GET_IID(nsIGenericFactory), (void * *)& factory);
if (NS_FAILED(rv)) return rv;
if(aClass.Equals(kCCapsManagerCID)) rv = factory->SetConstructor(Construct_nsISecurityManager);
else if(aClass.Equals(kPrivilegeManagerCID)) rv = factory->SetConstructor(Construct_nsIPrivilegeManager);
else if(aClass.Equals(kPrincipalManagerCID)) rv = factory->SetConstructor(Construct_nsIPrincipalManager);
else
{
else if(aClass.Equals(nsPrivilegeManager::GetCID())) rv = factory->SetConstructor(Construct_nsIPrivilegeManager);
else if(aClass.Equals(nsPrincipalManager::GetCID())) rv = factory->SetConstructor(Construct_nsIPrincipalManager);
else if(aClass.Equals(nsScriptSecurityManager::GetCID())) rv = factory->SetConstructor(Construct_nsIScriptSecurityManager);
else if(aClass.Equals(nsCodebasePrincipal::GetCID())) rv = factory->SetConstructor(nsCodebasePrincipalConstructor);
else {
NS_ASSERTION(0, "incorrectly registered");
rv = NS_ERROR_NO_INTERFACE;
}
@ -164,8 +185,10 @@ NSRegisterSelf(nsISupports * aServMgr, const char * aPath)
NS_WITH_SERVICE1(nsIComponentManager, compMgr, aServMgr, kComponentManagerCID,& rv);
if (NS_FAILED(rv)) return rv;
rv = compMgr->RegisterComponent(kCCapsManagerCID,NS_CCAPSMANAGER_CLASSNAME,NS_CCAPSMANAGER_PROGID, aPath, PR_TRUE, PR_TRUE);
rv = compMgr->RegisterComponent(kPrivilegeManagerCID,NS_PRIVILEGEMANAGER_CLASSNAME,NS_PRIVILEGEMANAGER_PROGID, aPath, PR_TRUE, PR_TRUE);
rv = compMgr->RegisterComponent(kPrincipalManagerCID,NS_PRINCIPALMANAGER_CLASSNAME,NS_PRINCIPALMANAGER_PROGID, aPath, PR_TRUE, PR_TRUE);
rv = compMgr->RegisterComponent(nsPrivilegeManager::GetCID(),NS_PRIVILEGEMANAGER_CLASSNAME,NS_PRIVILEGEMANAGER_PROGID, aPath, PR_TRUE, PR_TRUE);
rv = compMgr->RegisterComponent(nsPrincipalManager::GetCID(),NS_PRINCIPALMANAGER_CLASSNAME,NS_PRINCIPALMANAGER_PROGID, aPath, PR_TRUE, PR_TRUE);
rv = compMgr->RegisterComponent(nsScriptSecurityManager::GetCID(),NS_SCRIPTSECURITYMANAGER_CLASSNAME,NS_SCRIPTSECURITYMANAGER_PROGID, aPath, PR_TRUE, PR_TRUE);
rv = compMgr->RegisterComponent(nsCodebasePrincipal::GetCID(),NS_CODEBASEPRINCIPAL_CLASSNAME,NS_CODEBASEPRINCIPAL_PROGID, aPath, PR_TRUE, PR_TRUE);
return rv;
}
extern "C" NS_EXPORT nsresult
@ -175,10 +198,12 @@ NSUnregisterSelf(nsISupports * aServMgr, const char * aPath)
#ifdef DEBUG
printf("*** Unregistering Security***\n");
#endif
NS_WITH_SERVICE1(nsIComponentManager, compMgr, aServMgr, kComponentManagerCID,& rv);
if (NS_FAILED(rv)) return rv;
rv = compMgr->UnregisterComponent(kCCapsManagerCID, aPath);
rv = compMgr->UnregisterComponent(kPrivilegeManagerCID, aPath);
rv = compMgr->UnregisterComponent(kPrincipalManagerCID, aPath);
return rv;
NS_WITH_SERVICE1(nsIComponentManager, compMgr, aServMgr, kComponentManagerCID,& rv);
if (NS_FAILED(rv)) return rv;
rv = compMgr->UnregisterComponent(kCCapsManagerCID, aPath);
rv = compMgr->UnregisterComponent(nsPrivilegeManager::GetCID(), aPath);
rv = compMgr->UnregisterComponent(nsPrincipalManager::GetCID(), aPath);
rv = compMgr->UnregisterComponent(nsScriptSecurityManager::GetCID(), aPath);
rv = compMgr->UnregisterComponent(nsCodebasePrincipal::GetCID(), aPath);
return rv;
}

3
caps/src/nsTarget.cpp
View File

@ -707,7 +707,8 @@ nsTarget::RegisterTarget(void * context, nsITarget * * targetResult)
return NS_OK;
}
nsPrivilegeManager * privMgr = nsPrivilegeManager::GetPrivilegeManager();
nsPrincipalManager * prinMgr = nsPrincipalManager::GetPrincipalManager();
nsPrincipalManager * prinMgr;
nsPrincipalManager::GetPrincipalManager(& prinMgr);
PRBool cmp = PR_FALSE;
prinMgr->CheckMatchPrincipal((nsIScriptContext *)context, itsPrincipal, 1,& cmp);
if ((privMgr != NULL) && (context != NULL) && !cmp) {

16
caps/src/nsUserDialogHelper.cpp
View File

@ -16,18 +16,6 @@
* Reserved.
*/
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
#include "nsUserDialogHelper.h"
#include "xp.h"
#include "xpgetstr.h"
#include "prprf.h"
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
/*
* This is a c++ header, which includes other c++ headers. It needs to
@ -37,6 +25,10 @@ extern "C" {
* isnt this file a .c file ?
*
*/
#include "nsUserDialogHelper.h"
#include "xp.h"
#include "xpgetstr.h"
#include "prprf.h"
#include "nsTarget.h"
#ifdef __cplusplus

16
content/events/src/nsEventListenerManager.cpp
View File

@ -433,33 +433,29 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte
JSObject *mScriptObject;
nsIScriptGlobalObject *global;
nsIScriptGlobalObjectData *globalData;
JSPrincipals* principals = nsnull;
nsIPrincipal * prin = nsnull;
JSPrincipals * jsprin = nsnull;
global = aContext->GetGlobalObject();
if (global && NS_SUCCEEDED(global->QueryInterface(kIScriptGlobalObjectDataIID, (void**)&globalData))) {
if (NS_FAILED(globalData->GetPrincipals((void**)&principals))) {
if (NS_FAILED(globalData->GetPrincipal(& prin))) {
NS_RELEASE(global);
NS_RELEASE(globalData);
return NS_ERROR_FAILURE;
}
prin->ToJSPrincipal(& jsprin);
NS_RELEASE(globalData);
}
NS_IF_RELEASE(global);
if (NS_OK == aScriptObjectOwner->GetScriptObject(aContext, (void**)&mScriptObject)) {
JSContext* mJSContext = (JSContext*)aContext->GetNativeContext();
nsString mName, mLowerName;
char* mCharName;
aName->ToString(mName);
mName.ToLowerCase(mLowerName);
mCharName = mLowerName.ToNewCString();
if (nsnull != mCharName) {
JS_CompileUCFunctionForPrincipals(mJSContext, mScriptObject, principals, mCharName,
1, mEventArgv, (jschar*)aFunc.GetUnicode(), aFunc.Length(),
nsnull, 0);
JS_CompileUCFunctionForPrincipals(mJSContext, mScriptObject, jsprin, mCharName,
1, mEventArgv, (jschar*)aFunc.GetUnicode(), aFunc.Length(), nsnull, 0);
delete[] mCharName;
return SetJSEventListener(aContext, mScriptObject, aIID);
}

2
dom/public/nsIScriptContext.h
View File

@ -41,7 +41,7 @@ class nsIScriptNameSpaceManager;
*/
class nsIScriptContext : public nsISupports {
public:
static const nsIID& GetIID() { static nsIID iid = NS_ISCRIPTCONTEXT_IID; return iid; }
NS_DEFINE_STATIC_IID_ACCESSOR(NS_ISCRIPTCONTEXT_IID)
/**
* Execute a script.

2
dom/public/nsIScriptContextOwner.h
View File

@ -38,7 +38,7 @@ class nsIScriptContext;
class nsIScriptContextOwner : public nsISupports {
public:
static const nsIID& GetIID() { static nsIID iid = NS_ISCRIPTCONTEXTOWNER_IID; return iid; }
NS_DEFINE_STATIC_IID_ACCESSOR(NS_ISCRIPTCONTEXTOWNER_IID)
/**
* Returns a script context. The assumption is that the

2
dom/public/nsIScriptEventListener.h
View File

@ -35,7 +35,7 @@ class nsIDOMEventListener;
class nsIScriptEventListener : public nsISupports {
public:
static const nsIID& GetIID() { static nsIID iid = NS_ISCRIPTEVENTLISTENER_IID; return iid; }
NS_DEFINE_STATIC_IID_ACCESSOR(NS_ISCRIPTEVENTLISTENER_IID)
/**
* Checks equality of internal script function pointer with the one passed in.

2
dom/public/nsIScriptGlobalObject.h
View File

@ -41,7 +41,7 @@ class nsIDOMWindow;
class nsIScriptGlobalObject : public nsISupports {
public:
static const nsIID& GetIID() { static nsIID iid = NS_ISCRIPTGLOBALOBJECT_IID; return iid; }
NS_DEFINE_STATIC_IID_ACCESSOR(NS_ISCRIPTGLOBALOBJECT_IID)
NS_IMETHOD_(void) SetContext(nsIScriptContext *aContext)=0;
NS_IMETHOD_(void) GetContext(nsIScriptContext **aContext)=0;

13
dom/public/nsIScriptGlobalObjectData.h
View File

@ -20,21 +20,24 @@
#define nsIScriptGlobalObjectData_h__
#include "nsISupports.h"
#include "nsString.h"
#include "nsIURI.h"
#include "nsIPrincipal.h"
#define NS_ISCRIPTGLOBALOBJECTDATA_IID \
{ 0x98485f80, 0x9615, 0x11d2, \
{ 0xbd, 0x92, 0x00, 0x80, 0x5f, 0x8a, 0xe3, 0xf4} }
/**
* JS Global Object information.
*/
class nsIScriptGlobalObjectData : public nsISupports {
public:
NS_IMETHOD GetPrincipals(void** aPrincipals) = 0;
NS_IMETHOD SetPrincipals(void* aPrincipals) = 0;
NS_IMETHOD GetOrigin(nsString* aOrigin) = 0;
NS_DEFINE_STATIC_IID_ACCESSOR(NS_ISCRIPTGLOBALOBJECTDATA_IID)
NS_IMETHOD GetPrincipal(nsIPrincipal * * aPrincipal) = 0;
NS_IMETHOD SetPrincipal(nsIPrincipal * aPrincipal) = 0;
NS_IMETHOD GetOrigin(nsIURI * * aOrigin) = 0;
};
#endif //nsIScriptGlobalObjectData_h__

3
dom/public/nsIScriptObjectOwner.h
View File

@ -42,8 +42,7 @@ class nsIScriptContext;
*/
class nsIScriptObjectOwner : public nsISupports {
public:
static const nsIID& GetIID() { static nsIID iid = NS_ISCRIPTOBJECTOWNER_IID; return iid; }
NS_DEFINE_STATIC_IID_ACCESSOR(NS_ISCRIPTOBJECTOWNER_IID)
/**
* Return the script object associated with this object.
* Create a script object if not present.

142
dom/src/base/nsGlobalWindow.cpp
View File

@ -86,9 +86,6 @@ static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);
#include "jsapi.h"
static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID);
static NS_DEFINE_IID(kIScriptGlobalObjectIID, NS_ISCRIPTGLOBALOBJECT_IID);
static NS_DEFINE_IID(kIScriptGlobalObjectDataIID, NS_ISCRIPTGLOBALOBJECTDATA_IID);
static NS_DEFINE_IID(kIScriptObjectOwnerIID, NS_ISCRIPTOBJECTOWNER_IID);
static NS_DEFINE_IID(kIScriptEventListenerIID, NS_ISCRIPTEVENTLISTENER_IID);
static NS_DEFINE_IID(kIDOMWindowIID, NS_IDOMWINDOW_IID);
static NS_DEFINE_IID(kIDOMNavigatorIID, NS_IDOMNAVIGATOR_IID);
@ -107,7 +104,6 @@ static NS_DEFINE_IID(kIDOMEventCapturerIID, NS_IDOMEVENTCAPTURER_IID);
static NS_DEFINE_IID(kIDOMEventReceiverIID, NS_IDOMEVENTRECEIVER_IID);
static NS_DEFINE_IID(kIDOMEventTargetIID, NS_IDOMEVENTTARGET_IID);
static NS_DEFINE_IID(kIBrowserWindowIID, NS_IBROWSER_WINDOW_IID);
static NS_DEFINE_IID(kIScriptContextOwnerIID, NS_ISCRIPTCONTEXTOWNER_IID);
static NS_DEFINE_IID(kIDocumentIID, NS_IDOCUMENT_IID);
static NS_DEFINE_IID(kIDocumentViewerIID, NS_IDOCUMENT_VIEWER_IID);
#ifndef NECKO
@ -137,7 +133,7 @@ GlobalWindowImpl::GlobalWindowImpl()
mLocation = nsnull;
mFrames = nsnull;
mOpener = nsnull;
mPrincipals = nsnull;
mPrincipal = nsnull;
mTimeouts = nsnull;
mTimeoutInsertionPoint = nsnull;
@ -152,10 +148,6 @@ GlobalWindowImpl::GlobalWindowImpl()
GlobalWindowImpl::~GlobalWindowImpl()
{
if (mPrincipals && mContext) {
JSPRINCIPALS_DROP((JSContext*)mContext->GetNativeContext(), mPrincipals);
}
NS_IF_RELEASE(mContext);
NS_IF_RELEASE(mDocument);
NS_IF_RELEASE(mNavigator);
@ -170,6 +162,7 @@ GlobalWindowImpl::~GlobalWindowImpl()
NS_IF_RELEASE(mLocation);
NS_IF_RELEASE(mFrames);
NS_IF_RELEASE(mOpener);
NS_IF_RELEASE(mPrincipal);
NS_IF_RELEASE(mListenerManager);
}
@ -184,17 +177,17 @@ GlobalWindowImpl::QueryInterface(const nsIID& aIID,
if (nsnull == aInstancePtrResult) {
return NS_ERROR_NULL_POINTER;
}
if (aIID.Equals(kIScriptObjectOwnerIID)) {
if (aIID.Equals(NS_GET_IID(nsIScriptObjectOwner))) {
*aInstancePtrResult = (void*) ((nsIScriptObjectOwner*)this);
AddRef();
return NS_OK;
}
if (aIID.Equals(kIScriptGlobalObjectIID)) {
if (aIID.Equals(NS_GET_IID(nsIScriptGlobalObject))) {
*aInstancePtrResult = (void*) ((nsIScriptGlobalObject*)this);
AddRef();
return NS_OK;
}
if (aIID.Equals(kIScriptGlobalObjectDataIID)) {
if (aIID.Equals(NS_GET_IID(nsIScriptGlobalObjectData))) {
*aInstancePtrResult = (void*) ((nsIScriptGlobalObjectData*)this);
AddRef();
return NS_OK;
@ -326,9 +319,9 @@ GlobalWindowImpl::SetNewDocument(nsIDOMDocument *aDocument)
}
//XXX Should this be outside the about:blank clearscope exception?
if (mPrincipals && mContext) {
JSPRINCIPALS_DROP((JSContext *)mContext->GetNativeContext(), mPrincipals);
mPrincipals = nsnull;
if (nsnull != mPrincipal)
{
NS_RELEASE(mPrincipal);
}
if (nsnull != mDocument) {
@ -1157,7 +1150,7 @@ GlobalWindowImpl::Confirm(JSContext *cx, jsval *argv, PRUint32 argc, PRBool* aRe
if (nsnull != rootContainer) {
#ifdef NECKO
nsIPrompt *prompter;
if (NS_OK == (ret = rootContainer->QueryInterface(nsIPrompt::GetIID(), (void**)&prompter))) {
if (NS_OK == (ret = rootContainer->QueryInterface(NS_GET_IID(nsIPrompt), (void**)&prompter))) {
ret = prompter->Confirm(str.GetUnicode(), aReturn);
NS_RELEASE(prompter);
}
@ -1203,7 +1196,7 @@ GlobalWindowImpl::Prompt(JSContext *cx, jsval *argv, PRUint32 argc, nsString& aR
if (nsnull != rootContainer) {
#ifdef NECKO
nsIPrompt *prompter;
if (NS_OK == (ret = rootContainer->QueryInterface(nsIPrompt::GetIID(), (void**)&prompter))) {
if (NS_OK == (ret = rootContainer->QueryInterface(NS_GET_IID(nsIPrompt), (void**)&prompter))) {
PRBool b;
PRUnichar* uniResult = nsnull;
ret = prompter->Prompt(str.GetUnicode(), initial.GetUnicode(), &uniResult, &b);
@ -1677,11 +1670,9 @@ GlobalWindowImpl::RunTimeout(nsTimeoutImpl *aTimeout)
for (timeout = mTimeouts; timeout != &dummy_timeout; timeout = next) {
next = timeout->next;
/* Hold the timeout in case expr or funobj releases its doc. */
HoldTimeout(timeout);
mRunningTimeout = timeout;
NS_WITH_SERVICE(nsIJSContextStack, stack, "nsThreadJSContextStack", &rv);
if (NS_FAILED(rv)) {
NS_RELEASE(temp);
@ -1691,7 +1682,6 @@ GlobalWindowImpl::RunTimeout(nsTimeoutImpl *aTimeout)
rv = stack->Push(cx);
// XXX Should check for rv. If failed, then what?
if (timeout->expr) {
/* Evaluate the timeout expression. */
#if 0
@ -1703,14 +1693,12 @@ GlobalWindowImpl::RunTimeout(nsTimeoutImpl *aTimeout)
timeout->filename,
timeout->lineno, nsAutoString(""), &isundefined);
#endif
JS_EvaluateUCScriptForPrincipals(cx,
(JSObject *)mScriptObject,
timeout->principals,
JS_GetStringChars(timeout->expr),
JS_GetStringLength(timeout->expr),
timeout->filename,
timeout->lineno,
&result);
JSPrincipals * jsprin;
timeout->principal->ToJSPrincipal(& jsprin);
JS_EvaluateUCScriptForPrincipals(cx, (JSObject *)mScriptObject,
jsprin, JS_GetStringChars(timeout->expr),
JS_GetStringLength(timeout->expr), timeout->filename,
timeout->lineno, &result);
}
else {
PRInt64 lateness64;
@ -1722,14 +1710,11 @@ GlobalWindowImpl::RunTimeout(nsTimeoutImpl *aTimeout)
LL_L2I(lateness, lateness64);
lateness = PR_IntervalToMilliseconds(lateness);
timeout->argv[timeout->argc] = INT_TO_JSVAL((jsint)lateness);
JS_CallFunctionValue(cx, (JSObject *)mScriptObject,
OBJECT_TO_JSVAL(timeout->funobj),
JS_CallFunctionValue(cx, (JSObject *)mScriptObject, OBJECT_TO_JSVAL(timeout->funobj),
timeout->argc + 1, timeout->argv, &result);
}
tempContext->ScriptEvaluated();
rv = stack->Pop(nsnull);
mRunningTimeout = nsnull;
/* If the temporary reference is the only one that is keeping
the timeout around, the document was released and we should
@ -1803,7 +1788,6 @@ GlobalWindowImpl::RunTimeout(nsTimeoutImpl *aTimeout)
InsertTimeoutIntoList(mTimeoutInsertionPoint, timeout);
}
}
/* Take the dummy timeout off the head of the list */
mTimeouts = dummy_timeout.next;
mTimeoutInsertionPoint = nsnull;
@ -1830,12 +1814,11 @@ GlobalWindowImpl::SetTimeoutOrInterval(JSContext *cx,
nsTimeoutImpl *timeout, **insertion_point;
jsdouble interval;
PRInt64 now, delta;
JSPrincipals* principals;
nsIPrincipal * principal;
if (NS_FAILED(GetPrincipals((void**)&principals))) {
if (NS_FAILED(GetPrincipal(& principal))) {
return NS_ERROR_FAILURE;
}
if (argc < 2) {
JS_ReportError(cx, "Function %s requires at least 2 parameters",
aIsInterval ? kSetIntervalStr : kSetTimeoutStr);
@ -1910,13 +1893,10 @@ GlobalWindowImpl::SetTimeoutOrInterval(JSContext *cx,
timeout->argc++;
}
}
timeout->principals = principals;
timeout->principal = principal;
LL_I2L(now, PR_IntervalNow());
LL_D2L(delta, PR_MillisecondsToInterval((PRUint32)interval));
LL_ADD(timeout->when, now, delta);
nsresult err = NS_NewTimer(&timeout->timer);
if (NS_OK != err) {
DropTimeout(timeout);
@ -1929,10 +1909,8 @@ GlobalWindowImpl::SetTimeoutOrInterval(JSContext *cx,
DropTimeout(timeout);
return err;
}
timeout->window = this;
NS_ADDREF(this);
insertion_point = (mTimeoutInsertionPoint == NULL)
? &mTimeouts
: mTimeoutInsertionPoint;
@ -2124,11 +2102,11 @@ GlobalWindowImpl::AttachArguments(nsIDOMWindow *aWindow, jsval *argv, PRUint32 a
JSContext *jsContext;
nsIScriptContext *scriptContext;
if (NS_SUCCEEDED(aWindow->QueryInterface(kIScriptGlobalObjectIID, (void **)&scriptGlobal))) {
if (NS_SUCCEEDED(aWindow->QueryInterface(NS_GET_IID(nsIScriptGlobalObject), (void **)&scriptGlobal))) {
scriptGlobal->GetContext(&scriptContext);
if (scriptContext) {
jsContext = (JSContext *) scriptContext->GetNativeContext();
if (NS_SUCCEEDED(aWindow->QueryInterface(kIScriptObjectOwnerIID, (void**)&owner))) {
if (NS_SUCCEEDED(aWindow->QueryInterface(NS_GET_IID(nsIScriptObjectOwner), (void**)&owner))) {
owner->GetScriptObject(scriptContext, (void **) &scriptObject);
args = JS_NewArrayObject(jsContext, argc, argv);
if (args) {
@ -2372,7 +2350,7 @@ GlobalWindowImpl::ReadyOpenedWebShell(nsIWebShell *aWebShell, nsIDOMWindow **aDO
nsresult res;
*aDOMWindow = nsnull;
res = aWebShell->QueryInterface(kIScriptContextOwnerIID, (void**)&newContextOwner);
res = aWebShell->QueryInterface(NS_GET_IID(nsIScriptContextOwner), (void**)&newContextOwner);
if (NS_SUCCEEDED(res)) {
res = newContextOwner->GetScriptGlobalObject(&newGlobalObject);
if (NS_SUCCEEDED(res)) {
@ -2609,8 +2587,7 @@ GlobalWindowImpl::GetProperty(JSContext *aContext, jsval aID, jsval *aVp)
if (NS_OK == GetLocation(&location)) {
if (location != nsnull) {
nsIScriptObjectOwner *owner = nsnull;
if (NS_OK == location->QueryInterface(kIScriptObjectOwnerIID,
(void**)&owner)) {
if (NS_OK == location->QueryInterface(NS_GET_IID(nsIScriptObjectOwner), (void**)&owner)) {
JSObject *object = nsnull;
nsIScriptContext *script_cx = (nsIScriptContext *)JS_GetContextPrivate(aContext);
if (NS_OK == owner->GetScriptObject(script_cx, (void**)&object)) {
@ -2735,11 +2712,11 @@ GlobalWindowImpl::Resolve(JSContext *aContext, jsval aID)
JSObject *childObj;
//We found a subframe of the right name. The rest of this is to get its script object.
nsIScriptContextOwner *contextOwner;
if (NS_SUCCEEDED(child->QueryInterface(kIScriptContextOwnerIID, (void**)&contextOwner))) {
if (NS_SUCCEEDED(child->QueryInterface(NS_GET_IID(nsIScriptContextOwner), (void**)&contextOwner))) {
nsIScriptGlobalObject *childGlobalObj;
if (NS_SUCCEEDED(contextOwner->GetScriptGlobalObject(&childGlobalObj))) {
nsIScriptObjectOwner *objOwner;
if (NS_SUCCEEDED(childGlobalObj->QueryInterface(kIScriptObjectOwnerIID, (void**)&objOwner))) {
if (NS_SUCCEEDED(childGlobalObj->QueryInterface(NS_GET_IID(nsIScriptObjectOwner), (void**)&objOwner))) {
nsIScriptContext *scriptContext;
childGlobalObj->GetContext(&scriptContext);
if (scriptContext) {
@ -2939,75 +2916,44 @@ GlobalWindowImpl::ReleaseEvent(const nsString& aType)
}
NS_IMETHODIMP
GlobalWindowImpl::GetPrincipals(void** aPrincipals)
GlobalWindowImpl::GetPrincipal(nsIPrincipal * * prin)
{
if (!mPrincipals) {
if (!mPrincipal) {
if (mContext) {
nsIScriptSecurityManager* secMan = nsnull;
nsIScriptSecurityManager * secMan = nsnull;
mContext->GetSecurityManager(&secMan);
if (secMan) {
nsAutoString codebase;
if (NS_SUCCEEDED(GetOrigin(&codebase))) {
secMan->NewJSPrincipals(nsnull, nsnull, &codebase, &mPrincipals);
}
nsIURI * origin;
if (NS_SUCCEEDED(this->GetOrigin(& origin))) secMan->NewJSPrincipals(origin, nsnull, & mPrincipal);
NS_RELEASE(secMan);
}
}
if (!mPrincipals) {
return NS_ERROR_FAILURE;
}
if (mContext) {
JSPRINCIPALS_HOLD((JSContext *)mContext->GetNativeContext(), mPrincipals);
}
if (!mPrincipal) return NS_ERROR_FAILURE;
if (mContext) NS_ADDREF(mPrincipal);
}
*aPrincipals = (void*)mPrincipals;
* prin = mPrincipal;
return NS_OK;
}
NS_IMETHODIMP
GlobalWindowImpl::SetPrincipals(void* aPrincipals)
GlobalWindowImpl::SetPrincipal(nsIPrincipal * aPrin)
{
if (mPrincipals && mContext) {
JSPRINCIPALS_DROP((JSContext *)mContext->GetNativeContext(), mPrincipals);
}
mPrincipals = (JSPrincipals*)aPrincipals;
if (mPrincipals && mContext) {
JSPRINCIPALS_HOLD((JSContext *)mContext->GetNativeContext(), mPrincipals);
}
NS_IF_RELEASE(mPrincipal);
mPrincipal = aPrin;
if (mPrincipal) NS_ADDREF(mPrincipal);
return NS_OK;
}
NS_IMETHODIMP
GlobalWindowImpl::GetOrigin(nsString* aOrigin)
GlobalWindowImpl::GetOrigin(nsIURI * * aOrigin)
{
nsIDocument* doc;
if (mDocument && NS_OK == mDocument->QueryInterface(kIDocumentIID, (void**)&doc)) {
if (mDocument && NS_OK == mDocument->QueryInterface(kIDocumentIID, (void * *)&doc)) {
nsIURI* docURL = doc->GetDocumentURL();
if (docURL) {
#ifdef NECKO
char* str;
docURL->GetSpec(&str);
#else
PRUnichar* str;
docURL->ToString(&str);
#endif
*aOrigin = str;
#ifdef NECKO
nsCRT::free(str);
#else
delete [] str;
#endif
NS_RELEASE(docURL);
}
if (docURL) * aOrigin = docURL;
// else return error code
NS_RELEASE(doc);
}
#if 0
//Old code from 4.0 to show what funcitonality needs replicating
History_entry *he;
@ -3072,7 +3018,7 @@ NS_NewScriptGlobalObject(nsIScriptGlobalObject **aResult)
return NS_ERROR_OUT_OF_MEMORY;
}
return global->QueryInterface(kIScriptGlobalObjectIID, (void **)aResult);
return global->QueryInterface(NS_GET_IID(nsIScriptGlobalObject), (void **)aResult);
}
@ -3105,7 +3051,7 @@ NavigatorImpl::QueryInterface(const nsIID& aIID,
if (nsnull == aInstancePtrResult) {
return NS_ERROR_NULL_POINTER;
}
if (aIID.Equals(kIScriptObjectOwnerIID)) {
if (aIID.Equals(NS_GET_IID(nsIScriptObjectOwner))) {
*aInstancePtrResult = (void*) ((nsIScriptObjectOwner*)this);
AddRef();
return NS_OK;

11
dom/src/base/nsGlobalWindow.h
View File

@ -20,6 +20,7 @@
#include "nscore.h"
#include "nsIFactory.h"
#include "nsIPrincipal.h"
#include "nsISupports.h"
#include "nsIScriptContext.h"
#include "nsIScriptObjectOwner.h"
@ -206,9 +207,9 @@ public:
virtual void Finalize(JSContext *aContext);
// nsIScriptGlobalObjectData interface
NS_IMETHOD GetPrincipals(void** aPrincipals);
NS_IMETHOD SetPrincipals(void* aPrincipals);
NS_IMETHOD GetOrigin(nsString* aOrigin);
NS_IMETHOD GetPrincipal(nsIPrincipal * * prin);
NS_IMETHOD SetPrincipal(nsIPrincipal * prin);
NS_IMETHOD GetOrigin(nsIURI** aOrigin);
friend void nsGlobalWindow_RunTimeout(nsITimer *aTimer, void *aClosure);
@ -250,7 +251,7 @@ protected:
HistoryImpl *mHistory;
nsIWebShell *mWebShell;
nsIDOMWindow *mOpener;
JSPrincipals *mPrincipals;
nsIPrincipal * mPrincipal;
BarPropImpl *mMenubar;
BarPropImpl *mToolbar;
@ -288,7 +289,7 @@ struct nsTimeoutImpl {
PRInt32 interval; /* Non-zero if repetitive timeout */
PRInt64 when; /* nominal time to run this timeout */
JSVersion version; /* Version of JavaScript to execute */
JSPrincipals *principals; /* principals with which to execute */
nsIPrincipal *principal; /* principals with which to execute */
char *filename; /* filename of setTimeout call */
PRUint32 lineno; /* line number of setTimeout call */
nsTimeoutImpl *next;

83
dom/src/base/nsJSEnvironment.cpp
View File

@ -51,7 +51,6 @@ const size_t gStackSize = 8192;
static NS_DEFINE_IID(kIScriptContextIID, NS_ISCRIPTCONTEXT_IID);
static NS_DEFINE_IID(kIScriptObjectOwnerIID, NS_ISCRIPTOBJECTOWNER_IID);
static NS_DEFINE_IID(kIScriptGlobalObjectIID, NS_ISCRIPTGLOBALOBJECT_IID);
static NS_DEFINE_IID(kIScriptGlobalObjectDataIID, NS_ISCRIPTGLOBALOBJECTDATA_IID);
static NS_DEFINE_IID(kIScriptNameSetRegistryIID, NS_ISCRIPTNAMESETREGISTRY_IID);
static NS_DEFINE_IID(kCScriptNameSetRegistryCID, NS_SCRIPT_NAMESET_REGISTRY_CID);
static NS_DEFINE_CID(kXPConnectCID, NS_XPCONNECT_CID);
@ -101,7 +100,6 @@ nsJSContext::nsJSContext(JSRuntime *aRuntime)
mNameSpaceManager = nsnull;
mIsInitialized = PR_FALSE;
mNumEvaluations = 0;
mSecManager = nsnull;
}
nsJSContext::~nsJSContext()
@ -119,7 +117,6 @@ nsJSContext::~nsJSContext()
NS_IF_RELEASE(mNameSpaceManager);
JS_DestroyContext(mContext);
NS_IF_RELEASE(mSecManager);
}
NS_IMPL_ISUPPORTS(nsJSContext, kIScriptContextIID);
@ -134,11 +131,10 @@ nsJSContext::EvaluateString(const nsString& aScript,
jsval val;
nsIScriptGlobalObject *global = GetGlobalObject();
nsIScriptGlobalObjectData *globalData;
JSPrincipals* principals = nsnull;
nsresult rv = NS_OK;
if (global && NS_SUCCEEDED(global->QueryInterface(kIScriptGlobalObjectDataIID, (void**)&globalData))) {
if (NS_FAILED(globalData->GetPrincipals((void**)&principals))) {
nsIPrincipal * prin = nsnull;
nsresult rv = NS_OK;
if (global && NS_SUCCEEDED(global->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void**)&globalData))) {
if (NS_FAILED(globalData->GetPrincipal(& prin))) {
NS_RELEASE(global);
NS_RELEASE(globalData);
return NS_ERROR_FAILURE;
@ -151,21 +147,20 @@ nsJSContext::EvaluateString(const nsString& aScript,
if (NS_FAILED(rv)) {
return rv;
}
rv = stack->Push(mContext);
if (NS_FAILED(rv)) {
return rv;
}
JSPrincipals * jsprin;
prin->ToJSPrincipal(& jsprin);
PRBool ret = ::JS_EvaluateUCScriptForPrincipals(mContext,
JS_GetGlobalObject(mContext),
principals,
jsprin,
(jschar*)aScript.GetUnicode(),
aScript.Length(),
aURL,
aLineNo,
&val);
if (ret) {
*aIsUndefined = JSVAL_IS_VOID(val);
JSString* jsstring = JS_ValueToString(mContext, val);
@ -178,7 +173,6 @@ nsJSContext::EvaluateString(const nsString& aScript,
ScriptEvaluated();
rv = stack->Pop(nsnull);
return rv;
}
@ -301,7 +295,7 @@ nsJSContext::InitClasses()
// Hook up XPConnect
{
nsIXPConnect* xpc;
res = nsServiceManager::GetService(kXPConnectCID, nsIXPConnect::GetIID(), (nsISupports**) &xpc);
res = nsServiceManager::GetService(kXPConnectCID, NS_GET_IID(nsIXPConnect), (nsISupports**) &xpc);
//NS_ASSERTION(NS_SUCCEEDED(res), "unable to get xpconnect");
if (NS_SUCCEEDED(res)) {
res = xpc->AddNewComponentsObject(mContext, JS_GetGlobalObject(mContext));
@ -313,9 +307,7 @@ nsJSContext::InitClasses()
res = NS_OK;
}
}
mIsInitialized = PR_TRUE;
NS_RELEASE(global);
return res;
}
@ -323,25 +315,13 @@ nsJSContext::InitClasses()
NS_IMETHODIMP
nsJSContext::IsContextInitialized()
{
if (mIsInitialized) {
return NS_OK;
}
else {
return NS_COMFALSE;
}
return (mIsInitialized) ? NS_OK : NS_COMFALSE;
}
NS_IMETHODIMP
nsJSContext::AddNamedReference(void *aSlot,
void *aScriptObject,
const char *aName)
nsJSContext::AddNamedReference(void *aSlot, void *aScriptObject, const char *aName)
{
if (::JS_AddNamedRoot(mContext, aSlot, aName)) {
return NS_OK;
}
else {
return NS_ERROR_FAILURE;
}
return (::JS_AddNamedRoot(mContext, aSlot, aName)) ? NS_OK : NS_ERROR_FAILURE;
}
NS_IMETHODIMP
@ -349,12 +329,7 @@ nsJSContext::RemoveReference(void *aSlot, void *aScriptObject)
{
JSObject *obj = (JSObject *)aScriptObject;
if (::JS_RemoveRoot(mContext, aSlot)) {
return NS_OK;
}
else {
return NS_ERROR_FAILURE;
}
return (::JS_RemoveRoot(mContext, aSlot)) ? NS_OK : NS_ERROR_FAILURE;
}
NS_IMETHODIMP
@ -404,19 +379,16 @@ nsJSContext::GetNameSpaceManager(nsIScriptNameSpaceManager** aInstancePtr)
}
NS_IMETHODIMP
nsJSContext::GetSecurityManager(nsIScriptSecurityManager** aInstancePtr)
nsJSContext::GetSecurityManager(nsIScriptSecurityManager * * aInstancePtr)
{
if (mSecManager) {
*aInstancePtr = mSecManager;
NS_ADDREF(*aInstancePtr);
return NS_OK;
}
nsresult ret = NS_NewScriptSecurityManager(&mSecManager);
if (NS_OK == ret) {
*aInstancePtr = mSecManager;
NS_ADDREF(*aInstancePtr);
}
return ret;
nsresult ret;
NS_WITH_SERVICE(nsIScriptSecurityManager, secManager,NS_SCRIPTSECURITYMANAGER_PROGID,& ret);
if (NS_OK == ret)
{
*aInstancePtr = secManager;
NS_ADDREF(* aInstancePtr);
}
return ret;
}
nsJSEnvironment *nsJSEnvironment::sTheEnvironment = nsnull;
@ -487,8 +459,7 @@ extern "C" NS_DOM nsresult NS_CreateScriptContext(nsIScriptGlobalObject *aGlobal
nsresult rv = NS_OK;
nsJSEnvironment *environment = nsJSEnvironment::GetScriptingEnvironment();
*aContext = environment->GetNewContext();
if (! *aContext)
return NS_ERROR_OUT_OF_MEMORY; // XXX
if (! *aContext) return NS_ERROR_OUT_OF_MEMORY; // XXX
// Hook up XPConnect
nsIXPConnect* xpc;
rv = nsServiceManager::GetService(kXPConnectCID, nsIXPConnect::GetIID(), (nsISupports**) &xpc);
@ -509,13 +480,11 @@ extern "C" NS_DOM nsresult NS_CreateScriptContext(nsIScriptGlobalObject *aGlobal
rv=(*aContext)->GetSecurityManager(&mgr);
if (NS_SUCCEEDED(rv))
rv = mgr->QueryInterface(nsIXPCSecurityManager::GetIID(), (void**)&xpcSecurityManager);
// Bind the script context and the global object
(*aContext)->InitContext(aGlobal);
aGlobal->SetContext(*aContext);
// Bind the script context and the global object
(*aContext)->InitContext(aGlobal);
aGlobal->SetContext(*aContext);
if (NS_SUCCEEDED(rv))
xpc->SetSecurityManagerForJSContext(cx, xpcSecurityManager, nsIXPCSecurityManager::HOOK_ALL);
xpc->SetSecurityManagerForJSContext(cx, xpcSecurityManager, nsIXPCSecurityManager::HOOK_ALL);
}
NS_RELEASE(owner);
}

1
dom/src/base/nsJSEnvironment.h
View File

@ -30,7 +30,6 @@ private:
nsIScriptNameSpaceManager* mNameSpaceManager;
PRBool mIsInitialized;
PRUint32 mNumEvaluations;
nsIScriptSecurityManager* mSecManager;
public:
nsJSContext(JSRuntime *aRuntime);

2034
dom/src/base/nsJSSecurityManager.cpp
View File

File diff suppressed because it is too large Load Diff

134
dom/src/base/nsJSSecurityManager.h
View File

@ -53,8 +53,8 @@ typedef struct nsJSPrincipalsData {
JSPrincipals principals;
void* principalsArrayRef;
nsIURI *url;
char* name;
void* zip;
char* name;
void* zip;
uint32 externalCapturePrincipalsCount;
nsString* untransformed;
nsString* transformed;
@ -64,65 +64,28 @@ typedef struct nsJSPrincipalsData {
void* pNSISecurityContext;
} nsJSPrincipalsData;
class nsJSSecurityManager : public nsIScriptSecurityManager,
public nsICapsSecurityCallbacks,
public nsIXPCSecurityManager {
class nsJSSecurityManager : //public nsICapsSecurityCallbacks,
public nsIXPCSecurityManager {
public:
nsJSSecurityManager();
virtual ~nsJSSecurityManager();
NS_DECL_ISUPPORTS
//nsIScriptSecurityManager interface
NS_IMETHOD Init();
NS_IMETHOD CheckScriptAccess(nsIScriptContext* aContext,
void* aObj,
const char* aProp,
PRBool* aResult);
//XXX From lib/libmocha/lm.h
NS_IMETHOD GetSubjectOriginURL(JSContext *aCx, nsString** aOrigin);
NS_IMETHOD GetObjectOriginURL(JSContext *aCx, JSObject *object, nsString** aOrigin);
NS_IMETHOD GetPrincipalsFromStackFrame(JSContext *aCx, JSPrincipals** aPrincipals);
NS_IMETHOD GetCompilationPrincipals(nsIScriptContext *aContext, nsIScriptGlobalObject* aGlobal,
JSPrincipals *aLayoutPrincipals, JSPrincipals** aPrincipals);
NS_IMETHOD CanAccessTarget(JSContext *aCx, PRInt16 target, PRBool* aReturn);
NS_IMETHOD CheckPermissions(JSContext *aCx, JSObject *aObj, short target, PRBool* aReturn);
NS_IMETHOD CheckContainerAccess(JSContext *aCx, JSObject *aObj, PRInt16 aTarget, PRBool* aReturn);
NS_IMETHOD GetContainerPrincipals(JSContext *aCx, JSObject *aContainer, JSPrincipals** aPrincipals);
NS_IMETHOD SetContainerPrincipals(JSContext *aCx, JSObject *aContainer, JSPrincipals* aPrincipals);
NS_IMETHOD CanCaptureEvent(JSContext *aCx, JSFunction *aFun, JSObject *aEventTarget, PRBool* aReturn);
NS_IMETHOD SetExternalCapture(JSContext *aCx, JSPrincipals* aPrincipals, PRBool aBool);
NS_IMETHOD CheckSetParentSlot(JSContext *aCx, JSObject *aObj, jsval *vp, PRBool* aReturn);
NS_IMETHOD SetDocumentDomain(JSContext *aCx, JSPrincipals *principals,
nsString* newDomain, PRBool* aReturn);
NS_IMETHOD DestroyPrincipalsList(JSContext *aCx, nsJSPrincipalsList *list);
//XXX From include/libmocha.h
NS_IMETHOD NewJSPrincipals(nsIURI *aURL, nsString* aName, nsString* aCodebase, JSPrincipals** aPrincipals);
#ifdef DO_JAVA_STUFF
NS_IMETHOD ExtractFromPrincipalsArchive(JSPrincipals *aPrincipals, char *aName,
uint *aLength, char** aReturn);
NS_IMETHOD SetUntransformedSource(JSPrincipals *principals, char *original,
char *transformed, PRBool* aReturn);
NS_IMETHOD GetJSPrincipalsFromJavaCaller(JSContext *aCx, void *principalsArray, void *pNSISecurityContext, JSPrincipals** aPrincipals);
#endif
#if 0
NS_IMETHOD CanAccessTargetStr(JSContext *aCx, const char *target, PRBool* aReturn);
#endif
NS_IMETHOD RegisterPrincipals(nsIScriptContext *aContext, nsIScriptGlobalObject* aGlobal, JSPrincipals *aPrincipals,
nsString* aName, nsString* aSrc, JSPrincipals** aRetPrincipals);
//nsICapsSecurityCallbacks interface
//nsICapsSecurityCallbacks interface
NS_IMETHOD NewNSJSJavaFrameWrapper(void *aContext, struct nsFrameWrapper ** aWrapper);
NS_IMETHOD FreeNSJSJavaFrameWrapper(struct nsFrameWrapper *aWrapper);
NS_IMETHOD GetStartFrame(struct nsFrameWrapper *aWrapper);
NS_IMETHOD IsEndOfFrame(struct nsFrameWrapper *aWrapper, PRBool* aReturn);
NS_IMETHOD IsValidFrame(struct nsFrameWrapper *aWrapper, PRBool* aReturn);
NS_IMETHOD GetNextFrame(struct nsFrameWrapper *aWrapper, int *aDepth, void** aReturn);
NS_IMETHOD OJIGetPrincipalArray(struct nsFrameWrapper *aWrapper, void** aReturn);
NS_IMETHOD OJIGetPrincipalArray(struct nsFrameWrapper *aWrapper, void** aReturn);
NS_IMETHOD OJIGetAnnotation(struct nsFrameWrapper *aWrapper, void** aReturn);
NS_IMETHOD OJISetAnnotation(struct nsFrameWrapper *aWrapper, void *aPrivTable, void** aReturn);
//nsIXPCSecurityManager interface
#endif
//nsIXPCSecurityManager interface
NS_IMETHOD CanCreateWrapper(JSContext * aJSContext, const nsIID & aIID, nsISupports *aObj);
NS_IMETHOD CanCreateInstance(JSContext * aJSContext, const nsCID & aCID);
NS_IMETHOD CanGetService(JSContext * aJSContext, const nsCID & aCID);
@ -132,15 +95,42 @@ public:
PRUint16 aMethodIndex, const jsid aName);
NS_IMETHOD CanSetProperty(JSContext * aJSContext, const nsIID & aIID, nsISupports *aObj, nsIInterfaceInfo *aInterfaceInfo,
PRUint16 aMethodIndex, const jsid aName);
#if 0
NS_IMETHOD GetCompilationPrincipals(nsIScriptContext *aContext, nsIScriptGlobalObject* aGlobal,
JSPrincipals *aLayoutPrincipals, JSPrincipals** aPrincipals);
NS_IMETHOD CheckContainerAccess(JSContext *aCx, JSObject *aObj, PRInt16 aTarget, PRBool* aReturn);
NS_IMETHOD SetContainerPrincipals(JSContext *aCx, JSObject *aContainer, JSPrincipals* aPrincipals);
NS_IMETHOD CanCaptureEvent(JSContext *aCx, JSFunction *aFun, JSObject *aEventTarget, PRBool* aReturn);
NS_IMETHOD SetExternalCapture(JSContext *aCx, JSPrincipals* aPrincipals, PRBool aBool);
NS_IMETHOD CheckSetParentSlot(JSContext *aCx, JSObject *aObj, jsval *vp, PRBool* aReturn);
NS_IMETHOD SetDocumentDomain(JSContext *aCx, JSPrincipals *principals,
nsString* newDomain, PRBool* aReturn);
NS_IMETHOD DestroyPrincipalsList(JSContext *aCx, nsJSPrincipalsList *list);
//XXX From include/libmocha.h
NS_IMETHOD RegisterPrincipals(nsIScriptContext *aContext, nsIScriptGlobalObject* aGlobal, JSPrincipals *aPrincipals,
nsString* aName, nsString* aSrc, JSPrincipals** aRetPrincipals);
#ifdef DO_JAVA_STUFF
NS_IMETHOD ExtractFromPrincipalsArchive(JSPrincipals *aPrincipals, char *aName, uint *aLength, char** aReturn);
NS_IMETHOD SetUntransformedSource(JSPrincipals *principals, char *original, char *transformed, PRBool* aReturn);
NS_IMETHOD GetJSPrincipalsFromJavaCaller(JSContext *aCx, void *principalsArray, void *pNSISecurityContext, JSPrincipals** aPrincipals);
#endif
#if 0
NS_IMETHOD CanAccessTargetStr(JSContext *aCx, const char *target, PRBool* aReturn);
#endif
#endif
private:
nsIPref* mPrefs;
PRBool PrincipalsCanAccessTarget(JSContext *cx, short target);
nsJSFrameIterator* NewJSFrameIterator(void *aContext);
PRBool NextJSFrame(struct nsJSFrameIterator **aIterator);
PRBool NextJSJavaFrame(struct nsJSFrameIterator *aIterator);
#if 0
void PrintToConsole(const char *data);
void PrintPrincipalsToConsole(JSContext *cx, JSPrincipals *principals);
PRUint32 GetPrincipalsCount(JSContext *aCx, JSPrincipals *aPrincipals);
PRBool PrincipalsCanAccessTarget(JSContext *cx, short target);
void InvalidateCertPrincipals(JSContext *cx, JSPrincipals *principals);
//Helper funcs for RegisterPrincipals
#ifdef EARLY_ACCESS_STUFF
PRBool CheckEarlyAccess(MochaDecoder *decoder, JSPrincipals *principals);
#endif
@ -151,46 +141,10 @@ private:
PRBool IsExternalCaptureEnabled(JSContext *cx, JSPrincipals *principals);
PRBool CanExtendTrust(JSContext *cx, void *from, void *to);
char* GetJavaCodebaseFromOrigin(const char *origin);
NS_IMETHOD GetOriginFromSourceURL(nsString* sourceURL, nsString* *result);
char* FindOriginURL(JSContext *aCx, JSObject *aGlobal);
PRBool SameOrigins(JSContext *aCx, const char* aOrigin1, const char* aOrigin2);
PRBool SameOriginsStr(JSContext *aCx, nsString* aOrigin1, nsString* aOrigin2);
nsString* GetCanonicalizedOrigin(JSContext *cx, nsString* aUrlString);
// Glue code for JS stack crawling callbacks
nsJSFrameIterator* NewJSFrameIterator(void *aContext);
PRBool NextJSJavaFrame(struct nsJSFrameIterator *aIterator);
PRBool NextJSFrame(struct nsJSFrameIterator **aIterator);
void InitCaps(void);
//Helper funcs
char* AddSecPolicyPrefix(JSContext *cx, char *pref_str);
char* GetSitePolicy(const char *org);
PRInt32 CheckForPrivilege(JSContext *cx, char *prop_name, int priv_code);
JSBool ContinueOnViolation(JSContext *cx, int pref_code);
JSBool CheckForPrivilegeContinue(JSContext *cx, char *prop_name, int priv_code, int pref_code);
//XXX temporarily
char * ParseURL (const char *url, int parts_requested);
char * SACopy (char *destination, const char *source);
char * SACat (char *destination, const char *source);
//Local vars
nsIPref* mPrefs;
nsICapsManager * mCapsManager;
nsICapsManager * mCapsManager;
#endif
};
//XXX temporarily bit flags for determining what we want to parse from the URL
#define GET_ALL_PARTS 127
#define GET_PASSWORD_PART 64
#define GET_USERNAME_PART 32
#define GET_PROTOCOL_PART 16
#define GET_HOST_PART 8
#define GET_PATH_PART 4
#define GET_HASH_PART 2
#define GET_SEARCH_PART 1
#endif /* nsJSSecurityManager_h___ */

20
dom/src/base/nsLocation.cpp
View File

@ -30,6 +30,7 @@ static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);
#include "prmem.h"
#include "nsCOMPtr.h"
#include "nsJSUtils.h"
#include "nsIScriptSecurityManager.h"
static NS_DEFINE_IID(kIScriptObjectOwnerIID, NS_ISCRIPTOBJECTOWNER_IID);
static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID);
@ -352,7 +353,7 @@ LocationImpl::SetHostname(const nsString& aHostname)
NS_IMETHODIMP
LocationImpl::GetHref(nsString& aHref)
{
PRInt32 index;
// PRInt32 index;
nsresult result = NS_OK;
if (nsnull != mWebShell) {
@ -423,6 +424,23 @@ LocationImpl::SetHrefWithBase(const nsString& aHref,
}
if ((NS_OK == result) && (nsnull != mWebShell)) {
#if 0 // need to find a way to get a JSContext
PRBool ok = PR_FALSE;
nsIScriptContext *scriptCX;
nsIScriptSecurityManager *secMan;
// Check to see if URI is legal.
scriptCX = (nsIScriptContext *)JS_GetContextPrivate(cx);
if (!NS_SUCCEEDED(result = scriptCX->GetSecurityManager(&secMan)) ||
!NS_SUCCEEDED(result = secMan->CheckURI(&newHref, aBase, PR_TRUE, &ok)))
return result;
if (!ok) {
// TODO: report error
return NS_ERROR_FAILURE; // TODO: get security error code
}
#endif
result = mWebShell->LoadURL(newHref.GetUnicode(), nsnull, aReplace);
}

16
layout/events/src/nsEventListenerManager.cpp
View File

@ -433,33 +433,29 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte
JSObject *mScriptObject;
nsIScriptGlobalObject *global;
nsIScriptGlobalObjectData *globalData;
JSPrincipals* principals = nsnull;
nsIPrincipal * prin = nsnull;
JSPrincipals * jsprin = nsnull;
global = aContext->GetGlobalObject();
if (global && NS_SUCCEEDED(global->QueryInterface(kIScriptGlobalObjectDataIID, (void**)&globalData))) {
if (NS_FAILED(globalData->GetPrincipals((void**)&principals))) {
if (NS_FAILED(globalData->GetPrincipal(& prin))) {
NS_RELEASE(global);
NS_RELEASE(globalData);
return NS_ERROR_FAILURE;
}
prin->ToJSPrincipal(& jsprin);
NS_RELEASE(globalData);
}
NS_IF_RELEASE(global);
if (NS_OK == aScriptObjectOwner->GetScriptObject(aContext, (void**)&mScriptObject)) {
JSContext* mJSContext = (JSContext*)aContext->GetNativeContext();
nsString mName, mLowerName;
char* mCharName;
aName->ToString(mName);
mName.ToLowerCase(mLowerName);
mCharName = mLowerName.ToNewCString();
if (nsnull != mCharName) {
JS_CompileUCFunctionForPrincipals(mJSContext, mScriptObject, principals, mCharName,
1, mEventArgv, (jschar*)aFunc.GetUnicode(), aFunc.Length(),
nsnull, 0);
JS_CompileUCFunctionForPrincipals(mJSContext, mScriptObject, jsprin, mCharName,
1, mEventArgv, (jschar*)aFunc.GetUnicode(), aFunc.Length(), nsnull, 0);
delete[] mCharName;
return SetJSEventListener(aContext, mScriptObject, aIID);
}

24
layout/html/forms/src/nsGfxAutoTextControlFrame.cpp
View File

@ -299,28 +299,29 @@ nsresult nsGfxAutoTextControlFrame::BuildScriptEventHandler(nsIScriptContext* aC
{
nsIScriptGlobalObject *global;
nsIScriptGlobalObjectData *globalData;
JSPrincipals* principals = nsnull;
nsIPrincipal * prin = nsnull;
*mScriptObject = nsnull;
global = aContext->GetGlobalObject();
if (global && NS_SUCCEEDED(global->QueryInterface(kIScriptGlobalObjectDataIID, (void**)&globalData)))
{
if (NS_FAILED(globalData->GetPrincipals((void**)&principals)))
if (NS_FAILED(globalData->GetPrincipal(& prin)))
{
NS_RELEASE(global);
NS_RELEASE(globalData);
return NS_ERROR_FAILURE;
}
NS_RELEASE(globalData);
}
NS_IF_RELEASE(global);
JSPrincipals * jsprin;
prin->ToJSPrincipal(& jsprin);
if (NS_OK == aScriptObjectOwner->GetScriptObject(aContext, (void**)mScriptObject))
{
JSContext* mJSContext = (JSContext*)aContext->GetNativeContext();
if (nsnull != aName)
{
JS_CompileUCFunctionForPrincipals(mJSContext, *mScriptObject, principals, aName,
JS_CompileUCFunctionForPrincipals(mJSContext, *mScriptObject, jsprin, aName,
0, nsnull, (jschar*)aFunc.GetUnicode(), aFunc.Length(),
nsnull, 0);
return NS_OK;
@ -333,20 +334,15 @@ nsresult nsGfxAutoTextControlFrame::BuildScriptEventHandler(nsIScriptContext* aC
nsresult nsGfxAutoTextControlFrame::ExecuteScriptEventHandler(PRInt32 handlerID)
{
jsval funval, result;
SetEventHandlers(handlerID);
if (mEvtHdlrContext[handlerID] && mEvtHdlrScript[handlerID])
{
JSContext* mJSContext = (JSContext*)mEvtHdlrContext[handlerID]->GetNativeContext();
if (!JS_LookupProperty(mJSContext, mEvtHdlrScript[handlerID], eventName[handlerID], &funval))
return NS_ERROR_FAILURE;
if (JS_TypeOfValue(mJSContext, funval) != JSTYPE_FUNCTION)
return NS_OK;
return NS_ERROR_FAILURE;
if (JS_TypeOfValue(mJSContext, funval) != JSTYPE_FUNCTION)
return NS_OK;
JS_CallFunctionValue(mJSContext, mEvtHdlrScript[handlerID], funval, 0, nsnull, &result);
}
return NS_OK;
return NS_OK;
}

65
modules/libpref/src/win/winpref.js
View File

@ -152,3 +152,68 @@ pref("netinst.profile.show_profile_wizard", true);
//The following pref is internal to Communicator. Please
//do *not* place it in the docs...
pref("netinst.profile.show_dir_overwrite_msg", true);
/***************************
Security information
***************************/
/* DISABLE FOR NOW
pref("js_security.default.htmlinputelement.value", 2);
pref("js_security.default.htmlimageelement.src", 2);
pref("js_security.default.htmlimageelement.lowsrc", 2);
pref("js_security.default.location.hash", 2);
pref("js_security.default.location.host", 2);
pref("js_security.default.location.hostname", 2);
pref("js_security.default.location.pathname", 2);
pref("js_security.default.location.port", 2);
pref("js_security.default.location.protocol", 2);
pref("js_security.default.location.search", 2);
pref("js_security.default.location.replace", 2);
pref("js_security.default.location.tostring", 2);
pref("js_security.default.location.reload", 2);
pref("js_security.default.location.replace", 2);
pref("js_security.default.htmldocument.anchors", 2);
pref("js_security.default.htmldocument.applets", 2);
pref("js_security.default.htmldocument.cookie", 2);
pref("js_security.default.htmldocument.domain", 2);
pref("js_security.default.htmldocument.getelementbyid", 2);
pref("js_security.default.htmldocument.getelementsbyname", 2);
pref("js_security.default.htmldocument.embeds", 2);
pref("js_security.default.htmldocument.forms", 2);
pref("js_security.default.htmldocument.lastmodified", 2);
pref("js_security.default.htmldocument.links", 2);
pref("js_security.default.htmldocument.referrer", 2);
pref("js_security.default.htmldocument.title", 2);
pref("js_security.default.htmldocument.url", 2);
*/
/*
Need preference names for
document.length
document.<form name> (for each named form)
reflectedJavaClass (for each Java class reflected
into JavaScript using LiveConnect)
Need to protect against write:
htmldocument.images
nshtmldocument.alinkcolor
nshtmldocument.linkcolor
nshtmldocument.vlinkcolor
nshtmldocument.bgcolor
nshtmldocument.fgcolor
nshtmldocument.layers
nshtmldocument.plugins
htmldocument.body
nshtmldocument.alinkcolor
nshtmldocument.linkcolor
nshtmldocument.vlinkcolor
nshtmldocument.bgcolor
nshtmldocument.fgcolor
htmldocument.close
nshtmldocument.getselection
nshtmldocument.nameditem
nshtmldocument.open
nshtmldocument.write
nshtmldocument.writeln
*/