Bug 1502774 - Part 2: Remove XPCOM component registrations for auth module classes r=valentin

Depends on D10025

Differential Revision: https://phabricator.services.mozilla.com/D10026

--HG--
extra : moz-landing-system : lando

extensions/auth/moz.build

@@ -26,6 +26,7 @@ else:
 
 LOCAL_INCLUDES += [
     '/netwerk/dns', # For nsDNSService2.h
+    '/security/manager/ssl',
 ]
 
 FINAL_LIBRARY = 'xul'

extensions/auth/nsAuthFactory.cpp

@@ -3,206 +3,76 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/ModuleUtils.h"
-#include "nsAuth.h"
+#include "nsCRT.h"
+#include "nsIAuthModule.h"
 
 //-----------------------------------------------------------------------------
-
-#define NS_NEGOTIATEAUTH_CID                       \
-{ /* 96ec4163-efc8-407a-8735-007fb26be4e8 */       \
-  0x96ec4163,                                      \
-  0xefc8,                                          \
-  0x407a,                                          \
-  {0x87, 0x35, 0x00, 0x7f, 0xb2, 0x6b, 0xe4, 0xe8} \
-}
-#define NS_GSSAUTH_CID                             \
-{ /* dc8e21a0-03e4-11da-8cd6-0800200c9a66 */       \
-  0xdc8e21a0,                                      \
-  0x03e4,                                          \
-  0x11da,                                          \
-  {0x8c, 0xd6, 0x08, 0x00, 0x20, 0x0c, 0x9a, 0x66} \
-}
-
 #include "nsAuthGSSAPI.h"
-
 #if defined( USE_SSPI )
 #include "nsAuthSSPI.h"
-
-static nsresult
-nsSysNTLMAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
-{
-  if (outer)
-    return NS_ERROR_NO_AGGREGATION;
-
-  nsAuthSSPI *auth = new nsAuthSSPI(PACKAGE_TYPE_NTLM);
-  if (!auth)
-    return NS_ERROR_OUT_OF_MEMORY;
-
-  NS_ADDREF(auth);
-  nsresult rv = auth->QueryInterface(iid, result);
-  NS_RELEASE(auth);
-  return rv;
-}
-
-static nsresult
-nsKerbSSPIAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
-{
-  if (outer)
-    return NS_ERROR_NO_AGGREGATION;
-
-  nsAuthSSPI *auth = new nsAuthSSPI(PACKAGE_TYPE_KERBEROS);
-  if (!auth)
-    return NS_ERROR_OUT_OF_MEMORY;
-
-  NS_ADDREF(auth);
-  nsresult rv = auth->QueryInterface(iid, result);
-  NS_RELEASE(auth);
-  return rv;
-}
-
-#define NS_SYSNTLMAUTH_CID                         \
-{ /* dc195987-6e9a-47bc-b1fd-ab895d398833 */       \
-  0xdc195987,                                      \
-  0x6e9a,                                          \
-  0x47bc,                                          \
-  {0xb1, 0xfd, 0xab, 0x89, 0x5d, 0x39, 0x88, 0x33} \
-}
-
-#define NS_NEGOTIATEAUTHSSPI_CID                   \
-{ /* 78d3b0c0-0241-11da-8cd6-0800200c9a66 */       \
-  0x78d3b0c0,                                      \
-  0x0241,                                          \
-  0x11da,                                          \
-  {0x8c, 0xd6, 0x08, 0x00, 0x20, 0x0c, 0x9a, 0x66} \
-}
-
-#define NS_KERBAUTHSSPI_CID                        \
-{ /* 8c3a0e20-03e5-11da-8cd6-0800200c9a66 */       \
-  0x8c3a0e20,                                      \
-  0x03e5,                                          \
-  0x11da,                                          \
-  {0x8c, 0xd6, 0x08, 0x00, 0x20, 0x0c, 0x9a, 0x66} \
-}
-
 #else
-
-#define NS_SAMBANTLMAUTH_CID                       \
-{ /* bc54f001-6eb0-4e32-9f49-7e064d8e70ef */       \
-  0xbc54f001,                                      \
-  0x6eb0,                                          \
-  0x4e32,                                          \
-  {0x9f, 0x49, 0x7e, 0x06, 0x4d, 0x8e, 0x70, 0xef} \
-}
-
 #include "nsAuthSambaNTLM.h"
-static nsresult
-nsSambaNTLMAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
-{
-  if (outer)
-    return NS_ERROR_NO_AGGREGATION;
-
-  RefPtr<nsAuthSambaNTLM> auth = new nsAuthSambaNTLM();
-  if (!auth)
-    return NS_ERROR_OUT_OF_MEMORY;
-
-  nsresult rv = auth->SpawnNTLMAuthHelper();
-  if (NS_FAILED(rv)) {
-    // Failure here probably means that cached credentials were not available
-    return rv;
-  }
-
-  return auth->QueryInterface(iid, result);
-}
-
 #endif
-
-static nsresult
-nsKerbGSSAPIAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
-{
-  if (outer)
-    return NS_ERROR_NO_AGGREGATION;
-
-  nsAuthGSSAPI *auth = new nsAuthGSSAPI(PACKAGE_TYPE_KERBEROS);
-  if (!auth)
-    return NS_ERROR_OUT_OF_MEMORY;
-
-  NS_ADDREF(auth);
-  nsresult rv = auth->QueryInterface(iid, result);
-  NS_RELEASE(auth);
-  return rv;
-}
-
-static nsresult
-nsGSSAPIAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
-{
-  if (outer)
-    return NS_ERROR_NO_AGGREGATION;
-
-  nsAuthGSSAPI *auth = new nsAuthGSSAPI(PACKAGE_TYPE_NEGOTIATE);
-  if (!auth)
-    return NS_ERROR_OUT_OF_MEMORY;
-
-  NS_ADDREF(auth);
-  nsresult rv = auth->QueryInterface(iid, result);
-  NS_RELEASE(auth);
-  return rv;
-}
-
-
-#if defined( USE_SSPI )
-NS_GENERIC_FACTORY_CONSTRUCTOR(nsAuthSSPI)
-#endif
-
-#define NS_AUTHSASL_CID                            \
-{ /* 815e42e0-72cc-480f-934b-148e33c228a6 */       \
-  0x815e42e0,                                      \
-  0x72cc,                                          \
-  0x480f,                                          \
-  {0x93, 0x4b, 0x14, 0x8e, 0x33, 0xc2, 0x28, 0xa6} \
-}
-
 #include "nsAuthSASL.h"
-NS_GENERIC_FACTORY_CONSTRUCTOR(nsAuthSASL)
-
-NS_DEFINE_NAMED_CID(NS_GSSAUTH_CID);
-NS_DEFINE_NAMED_CID(NS_NEGOTIATEAUTH_CID);
-#if defined( USE_SSPI )
-NS_DEFINE_NAMED_CID(NS_NEGOTIATEAUTHSSPI_CID);
-NS_DEFINE_NAMED_CID(NS_KERBAUTHSSPI_CID);
-NS_DEFINE_NAMED_CID(NS_SYSNTLMAUTH_CID);
-#else
-NS_DEFINE_NAMED_CID(NS_SAMBANTLMAUTH_CID);
-#endif
-NS_DEFINE_NAMED_CID(NS_AUTHSASL_CID);
-
+#include "nsNTLMAuthModule.h"
+#include "nsNSSComponent.h"
 
 static const mozilla::Module::CIDEntry kAuthCIDs[] = {
-  { &kNS_GSSAUTH_CID, false, nullptr, nsKerbGSSAPIAuthConstructor },
-  { &kNS_NEGOTIATEAUTH_CID, false, nullptr, nsGSSAPIAuthConstructor },
-#if defined( USE_SSPI )
-  { &kNS_NEGOTIATEAUTHSSPI_CID, false, nullptr, nsAuthSSPIConstructor },
-  { &kNS_KERBAUTHSSPI_CID, false, nullptr, nsKerbSSPIAuthConstructor },
-  { &kNS_SYSNTLMAUTH_CID, false, nullptr, nsSysNTLMAuthConstructor },
-#else
-  { &kNS_SAMBANTLMAUTH_CID, false, nullptr, nsSambaNTLMAuthConstructor },
-#endif
-  { &kNS_AUTHSASL_CID, false, nullptr, nsAuthSASLConstructor },
   { nullptr }
 };
 
 static const mozilla::Module::ContractIDEntry kAuthContracts[] = {
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-gss", &kNS_GSSAUTH_CID },
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate-gss", &kNS_NEGOTIATEAUTH_CID },
-#if defined( USE_SSPI )
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate-sspi", &kNS_NEGOTIATEAUTHSSPI_CID },
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-sspi", &kNS_KERBAUTHSSPI_CID },
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm", &kNS_SYSNTLMAUTH_CID },
-#elif !defined(XP_MACOSX)
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm", &kNS_SAMBANTLMAUTH_CID },
-#endif
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "sasl-gssapi", &kNS_AUTHSASL_CID },
   { nullptr }
 };
 
+// static
+already_AddRefed<nsIAuthModule>
+nsIAuthModule::CreateInstance(const char* aType)
+{
+  nsCOMPtr<nsIAuthModule> auth;
+  if (!nsCRT::strcmp(aType, "kerb-gss")) {
+    auth = new nsAuthGSSAPI(PACKAGE_TYPE_KERBEROS);
+  } else if (!nsCRT::strcmp(aType, "negotiate-gss")) {
+    auth = new nsAuthGSSAPI(PACKAGE_TYPE_NEGOTIATE);
+#if defined( USE_SSPI )
+  } else if (!nsCRT::strcmp(aType, "negotiate-sspi")) {
+    auth = new nsAuthSSPI();
+  } else if (!nsCRT::strcmp(aType, "kerb-sspi")) {
+    auth = new nsAuthSSPI(PACKAGE_TYPE_KERBEROS);
+  } else if (!nsCRT::strcmp(aType, "sys-ntlm")) {
+    auth = new nsAuthSSPI(PACKAGE_TYPE_NTLM);
+#elif !defined(XP_MACOSX)
+  } else if (!nsCRT::strcmp(aType, "sys-ntlm")) {
+    RefPtr<nsAuthSambaNTLM> sambaAuth = new nsAuthSambaNTLM();
+
+    nsresult rv = sambaAuth->SpawnNTLMAuthHelper();
+    if (NS_FAILED(rv)) {
+      // Failure here probably means that cached credentials were not available
+      return nullptr;
+    }
+
+    auth = sambaAuth.forget();
+#endif
+  } else if (!nsCRT::strcmp(aType, "sasl-gssapi")) {
+    auth = new nsAuthSASL();
+  } else if (!nsCRT::strcmp(aType, "ntlm") &&
+    XRE_IsParentProcess() &&
+    EnsureNSSInitializedChromeOrContent()) {
+    RefPtr<nsNTLMAuthModule> ntlmAuth = new nsNTLMAuthModule();
+
+    nsresult rv = ntlmAuth->InitTest();
+    if (NS_FAILED(rv)) {
+      return nullptr;
+    }
+
+    auth = ntlmAuth.forget();
+  } else {
+    return nullptr;
+  }
+
+  return auth.forget();
+}
+
 //-----------------------------------------------------------------------------
 mozilla::LazyLogModule gNegotiateLog("negotiateauth");
 

extensions/auth/nsAuthSASL.cpp

@@ -43,19 +43,17 @@ nsAuthSASL::Init(const char *serviceName,
     serviceFlags |= REQ_MUTUAL_AUTH;
 
     // Find out whether we should be trying SSPI or not
-    const char *contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-gss";
+    const char *authType = "kerb-gss";
 
     nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
     if (prefs) {
         bool val;
         rv = prefs->GetBoolPref(kNegotiateAuthSSPI, &val);
         if (NS_SUCCEEDED(rv) && val)
-            contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-sspi";
+            authType = "kerb-sspi";
     }
 
-    mInnerModule = do_CreateInstance(contractID, &rv);
-    // if we can't create the GSSAPI module, then bail
-    NS_ENSURE_SUCCESS(rv, rv);
+    MOZ_ALWAYS_TRUE(mInnerModule = nsIAuthModule::CreateInstance(authType));
 
     mInnerModule->Init(serviceName, serviceFlags, nullptr, nullptr, nullptr);
 

extensions/auth/nsAuthSSPI.h

@@ -39,7 +39,7 @@ private:
 
     void Reset();
 
-    typedef TimeStamp MS_TimeStamp;
+    typedef ::TimeStamp MS_TimeStamp;
 
 private:
     nsresult MakeSN(const char *principal, nsCString &result);

extensions/auth/nsHttpNegotiateAuth.cpp

@@ -154,13 +154,14 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel *authChannel,
                                        nsISupports **continuationState,
                                        bool *identityInvalid)
 {
-    nsIAuthModule *module = (nsIAuthModule *) *continuationState;
+    nsIAuthModule *rawModule = (nsIAuthModule *) *continuationState;
 
     *identityInvalid = false;
-    if (module)
+    if (rawModule)
         return NS_OK;
 
     nsresult rv;
+    nsCOMPtr<nsIAuthModule> module;
 
     nsCOMPtr<nsIURI> uri;
     rv = authChannel->GetURI(getter_AddRefs(uri));
@@ -215,31 +216,25 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel *authChannel,
     //
     service.InsertLiteral("HTTP@", 0);
 
-    const char *contractID;
+    const char *authType;
     if (TestBoolPref(kNegotiateAuthSSPI)) {
 	   LOG(("  using negotiate-sspi\n"));
-	   contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate-sspi";
+	   authType = "negotiate-sspi";
     }
     else {
 	   LOG(("  using negotiate-gss\n"));
-	   contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate-gss";
+	   authType = "negotiate-gss";
     }
 
-    rv = CallCreateInstance(contractID, &module);
-
-    if (NS_FAILED(rv)) {
-        LOG(("  Failed to load Negotiate Module \n"));
-        return rv;
-    }
+    MOZ_ALWAYS_TRUE(module = nsIAuthModule::CreateInstance(authType));
 
     rv = module->Init(service.get(), req_flags, nullptr, nullptr, nullptr);
 
     if (NS_FAILED(rv)) {
-        NS_RELEASE(module);
         return rv;
     }
 
-    *continuationState = module;
+    module.forget(continuationState);
     return NS_OK;
 }
 

netwerk/base/nsIAuthModule.idl

@@ -133,13 +133,14 @@ interface nsIAuthModule : nsISupports
                 in unsigned long   aInTokenLength,
                 out voidPtr        aOutToken,
                 out unsigned long  aOutTokenLength);
-};
 
 %{C++
-/**
- * nsIAuthModule implementations are registered under the following contract
- * ID prefix:
- */
-#define NS_AUTH_MODULE_CONTRACTID_PREFIX \
-    "@mozilla.org/network/auth-module;1?name="
+    /**
+     * Create a new instance of an auth module.
+     *
+     * @param aType
+     *        The type of the auth module to be constructed.
+     */
+    static already_AddRefed<nsIAuthModule> CreateInstance(const char* aType);
 %}
+};

netwerk/protocol/http/nsHttpNTLMAuth.cpp

@@ -186,7 +186,7 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel *channel,
     // If native NTLM auth apis are available and enabled through prefs,
     // try to use them.
     if (PL_strcasecmp(challenge, "NTLM") == 0) {
-        nsCOMPtr<nsISupports> module;
+        nsCOMPtr<nsIAuthModule> module;
 
         // Check to see if we should default to our generic NTLM auth module
         // through UseGenericNTLM. (We use native auth by default if the
@@ -201,7 +201,7 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel *channel,
                 // Try logging in with the user's default credentials. If
                 // successful, |identityInvalid| is false, which will trigger
                 // a default credentials attempt once we return.
-                module = do_CreateInstance(NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm");
+                module = nsIAuthModule::CreateInstance("sys-ntlm");
             }
 #ifdef XP_WIN
             else {
@@ -210,7 +210,7 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel *channel,
                 // Note, for servers that use LMv1 a weak hash of the user's password
                 // will be sent. We rely on windows internal apis to decide whether
                 // we should support this older, less secure version of the protocol.
-                module = do_CreateInstance(NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm");
+                module = nsIAuthModule::CreateInstance("sys-ntlm");
                 *identityInvalid = true;
             }
 #endif // XP_WIN
@@ -238,7 +238,7 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel *channel,
             // Use our internal NTLM implementation. Note, this is less secure,
             // see bug 520607 for details.
             LOG(("Trying to fall back on internal ntlm auth.\n"));
-            module = do_CreateInstance(NS_AUTH_MODULE_CONTRACTID_PREFIX "ntlm");
+            module = nsIAuthModule::CreateInstance("ntlm");
 
             mUseNative = false;
 
@@ -254,7 +254,7 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel *channel,
 
         // A non-null continuation state implies that we failed to authenticate.
         // Blow away the old authentication state, and use the new one.
-        module.swap(*continuationState);
+        module.forget(continuationState);
     }
     return NS_OK;
 }

security/manager/ssl/nsNSSModule.cpp

@@ -23,7 +23,6 @@
 #include "nsNSSCertificateDB.h"
 #include "nsNSSComponent.h"
 #include "nsNSSVersion.h"
-#include "nsNTLMAuthModule.h"
 #include "nsNetCID.h"
 #include "nsPK11TokenDB.h"
 #include "nsPKCS11Slot.h"
@@ -144,7 +143,6 @@ NS_DEFINE_NAMED_CID(NS_CERTTREE_CID);
 #endif
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
-NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID);
 NS_DEFINE_NAMED_CID(NS_CONTENTSIGNATUREVERIFIER_CID);
@@ -183,8 +181,6 @@ static const mozilla::Module::CIDEntry kNSSCIDs[] = {
     Constructor<nsCryptoHash, nullptr, ProcessRestriction::AnyProcess> },
   { &kNS_CRYPTO_HMAC_CID, false, nullptr,
     Constructor<nsCryptoHMAC, nullptr, ProcessRestriction::AnyProcess> },
-  { &kNS_NTLMAUTHMODULE_CID, false, nullptr,
-    Constructor<nsNTLMAuthModule, &nsNTLMAuthModule::InitTest> },
   { &kNS_KEYMODULEOBJECT_CID, false, nullptr,
     Constructor<nsKeyObject, nullptr, ProcessRestriction::AnyProcess> },
   { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr,
@@ -239,7 +235,6 @@ static const mozilla::Module::ContractIDEntry kNSSContracts[] = {
   { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID },
   { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID },
   { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },
-  { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
   { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID },
   { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID },
   { NS_CONTENTSIGNATUREVERIFIER_CONTRACTID, &kNS_CONTENTSIGNATUREVERIFIER_CID },

security/manager/ssl/nsNTLMAuthModule.h

@@ -31,14 +31,4 @@ private:
   bool mNTLMNegotiateSent;
 };
 
-#define NS_NTLMAUTHMODULE_CONTRACTID \
-  NS_AUTH_MODULE_CONTRACTID_PREFIX "ntlm"
-#define NS_NTLMAUTHMODULE_CID \
-{ /* a4e5888f-4fe4-4632-8e7e-745196ea7c70 */       \
-  0xa4e5888f,                                      \
-  0x4fe4,                                          \
-  0x4632,                                          \
-  {0x8e, 0x7e, 0x74, 0x51, 0x96, 0xea, 0x7c, 0x70} \
-}
-
 #endif // nsNTLMAuthModule_h__