mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 22:01:30 +00:00
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
This commit is contained in:
parent
6d6fb5d462
commit
ba4bfdba03
@ -139,8 +139,7 @@ PRUint32 nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin;
|
||||
|
||||
static
|
||||
nsresult
|
||||
GetPrincipalDomainOrigin(nsIPrincipal* aPrincipal,
|
||||
nsACString& aOrigin)
|
||||
GetOriginFromURI(nsIURI* aURI, nsACString& aOrigin)
|
||||
{
|
||||
if (nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin > 1) {
|
||||
// Allow a single recursive call to GetPrincipalDomainOrigin, since that
|
||||
@ -151,16 +150,8 @@ GetPrincipalDomainOrigin(nsIPrincipal* aPrincipal,
|
||||
}
|
||||
|
||||
nsAutoInPrincipalDomainOriginSetter autoSetter;
|
||||
aOrigin.Truncate();
|
||||
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
aPrincipal->GetDomain(getter_AddRefs(uri));
|
||||
if (!uri) {
|
||||
aPrincipal->GetURI(getter_AddRefs(uri));
|
||||
}
|
||||
NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED);
|
||||
|
||||
uri = NS_GetInnermostURI(uri);
|
||||
nsCOMPtr<nsIURI> uri = NS_GetInnermostURI(aURI);
|
||||
NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED);
|
||||
|
||||
nsCAutoString hostPort;
|
||||
@ -182,6 +173,22 @@ GetPrincipalDomainOrigin(nsIPrincipal* aPrincipal,
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
static
|
||||
nsresult
|
||||
GetPrincipalDomainOrigin(nsIPrincipal* aPrincipal,
|
||||
nsACString& aOrigin)
|
||||
{
|
||||
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
aPrincipal->GetDomain(getter_AddRefs(uri));
|
||||
if (!uri) {
|
||||
aPrincipal->GetURI(getter_AddRefs(uri));
|
||||
}
|
||||
NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED);
|
||||
|
||||
return GetOriginFromURI(uri, aOrigin);
|
||||
}
|
||||
|
||||
// Inline copy of JS_GetPrivate() for better inlining and optimization
|
||||
// possibilities. Also doesn't take a cx argument as it's not
|
||||
// needed. We access the private data only on objects whose private
|
||||
@ -831,35 +838,81 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
|
||||
|
||||
NS_ConvertUTF8toUTF16 className(classInfoData.GetName());
|
||||
nsCAutoString subjectOrigin;
|
||||
nsCAutoString subjectDomain;
|
||||
if (!nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin) {
|
||||
GetPrincipalDomainOrigin(subjectPrincipal, subjectOrigin);
|
||||
nsCOMPtr<nsIURI> uri, domain;
|
||||
subjectPrincipal->GetURI(getter_AddRefs(uri));
|
||||
// Subject can't be system if we failed the security
|
||||
// check, so |uri| is non-null.
|
||||
NS_ASSERTION(uri, "How did that happen?");
|
||||
GetOriginFromURI(uri, subjectOrigin);
|
||||
subjectPrincipal->GetDomain(getter_AddRefs(domain));
|
||||
if (domain) {
|
||||
GetOriginFromURI(domain, subjectDomain);
|
||||
}
|
||||
} else {
|
||||
subjectOrigin.AssignLiteral("the security manager");
|
||||
}
|
||||
NS_ConvertUTF8toUTF16 subjectOriginUnicode(subjectOrigin);
|
||||
NS_ConvertUTF8toUTF16 subjectDomainUnicode(subjectDomain);
|
||||
|
||||
nsCAutoString objectOrigin;
|
||||
nsCAutoString objectDomain;
|
||||
if (!nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin &&
|
||||
objectPrincipal) {
|
||||
GetPrincipalDomainOrigin(objectPrincipal, objectOrigin);
|
||||
nsCOMPtr<nsIURI> uri, domain;
|
||||
objectPrincipal->GetURI(getter_AddRefs(uri));
|
||||
if (uri) { // Object principal might be system
|
||||
GetOriginFromURI(uri, objectOrigin);
|
||||
}
|
||||
objectPrincipal->GetDomain(getter_AddRefs(domain));
|
||||
if (domain) {
|
||||
GetOriginFromURI(domain, objectDomain);
|
||||
}
|
||||
}
|
||||
NS_ConvertUTF8toUTF16 objectOriginUnicode(objectOrigin);
|
||||
|
||||
NS_ConvertUTF8toUTF16 objectDomainUnicode(objectDomain);
|
||||
|
||||
nsXPIDLString errorMsg;
|
||||
const PRUnichar *formatStrings[] =
|
||||
{
|
||||
subjectOriginUnicode.get(),
|
||||
className.get(),
|
||||
JSValIDToString(cx, aProperty),
|
||||
objectOriginUnicode.get()
|
||||
objectOriginUnicode.get(),
|
||||
subjectDomainUnicode.get(),
|
||||
objectDomainUnicode.get()
|
||||
};
|
||||
|
||||
PRUint32 length = NS_ARRAY_LENGTH(formatStrings);
|
||||
|
||||
// XXXbz Our localization system is stupid and can't handle not showing
|
||||
// some strings that get passed in. Which means that we have to get
|
||||
// our length precisely right: it has to be exactly the number of
|
||||
// strings our format string wants. This means we'll have to move
|
||||
// strings in the array as needed, sadly...
|
||||
if (nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin ||
|
||||
!objectPrincipal) {
|
||||
stringName.AppendLiteral("OnlySubject");
|
||||
--length;
|
||||
length -= 3;
|
||||
} else {
|
||||
// default to a length that doesn't include the domains, then
|
||||
// increase it as needed.
|
||||
length -= 2;
|
||||
if (!subjectDomainUnicode.IsEmpty()) {
|
||||
stringName.AppendLiteral("SubjectDomain");
|
||||
length += 1;
|
||||
}
|
||||
if (!objectDomainUnicode.IsEmpty()) {
|
||||
stringName.AppendLiteral("ObjectDomain");
|
||||
length += 1;
|
||||
if (length != NS_ARRAY_LENGTH(formatStrings)) {
|
||||
// We have an object domain but not a subject domain.
|
||||
// Scoot our string over one slot. See the XXX comment
|
||||
// above for why we need to do this.
|
||||
formatStrings[length-1] = formatStrings[length];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// We need to keep our existing failure rv and not override it
|
||||
|
@ -43,9 +43,106 @@ EnableCapabilityQuery = A script from "%S" is requesting enhanced abilities that
|
||||
EnableCapabilityDenied = A script from "%S" was denied %S privileges.
|
||||
CheckLoadURIError = Security Error: Content at %S may not load or link to %S.
|
||||
CheckSameOriginError = Security Error: Content at %S may not load data from %S.
|
||||
GetPropertyDeniedOrigins = Permission denied for <%S> to get property %S.%S from <%S>.
|
||||
SetPropertyDeniedOrigins = Permission denied for <%S> to set property %S.%S on <%S>.
|
||||
CallMethodDeniedOrigins = Permission denied for <%S> to call method %S.%S on <%S>.
|
||||
|
||||
# LOCALIZATION NOTE (GetPropertyDeniedOrigins):
|
||||
# %1$S is the origin of the script which was denied access.
|
||||
# %2$S is the origin of the object access was denied to.
|
||||
# %3$S is the type of object it was.
|
||||
# %4$S is the property of that object that access was denied for.
|
||||
GetPropertyDeniedOrigins = Permission denied for <%1$S> to get property %2$S.%3$S from <%4$S>.
|
||||
# LOCALIZATION NOTE (GetPropertyDeniedOriginsSubjectDomain):
|
||||
# %1$S is the origin of the script which was denied access.
|
||||
# %2$S is the origin of the object access was denied to.
|
||||
# %3$S is the type of object it was.
|
||||
# %4$S is the property of that object that access was denied for.
|
||||
# %5$S is the value of document.domain for the script which was denied access;
|
||||
# don't translate "document.domain".
|
||||
GetPropertyDeniedOriginsSubjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to get property %2$S.%3$S from <%4$S> (document.domain has not been set).
|
||||
# LOCALIZATION NOTE (GetPropertyDeniedOriginsObjectDomain):
|
||||
# %1$S is the origin of the script which was denied access.
|
||||
# %2$S is the origin of the object access was denied to.
|
||||
# %3$S is the type of object it was.
|
||||
# %4$S is the property of that object that access was denied for.
|
||||
# %5$S is the value of document.domain for the object being accessed;
|
||||
# don't translate "document.domain".
|
||||
GetPropertyDeniedOriginsObjectDomain = Permission denied for <%1$S> (document.domain has not been set) to get property %2$S.%3$S from <%4$S> (document.domain=<%5$S>).
|
||||
# LOCALIZATION NOTE (GetPropertyDeniedOriginsSubjectDomainObjectDomain):
|
||||
# %1$S is the origin of the script which was denied access.
|
||||
# %2$S is the origin of the object access was denied to.
|
||||
# %3$S is the type of object it was.
|
||||
# %4$S is the property of that object that access was denied for.
|
||||
# %5$S is the value of document.domain for the script which was denied access;
|
||||
# don't translate "document.domain"
|
||||
# %6$S is the value of document.domain for the object being accessed;
|
||||
# don't translate "document.domain".
|
||||
GetPropertyDeniedOriginsSubjectDomainObjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to get property %2$S.%3$S from <%4$S> (document.domain=<%6$S>).
|
||||
|
||||
# LOCALIZATION NOTE (SetPropertyDeniedOrigins):
|
||||
# %1$S is the origin of the script which was denied access.
|
||||
# %2$S is the origin of the object access was denied to.
|
||||
# %3$S is the type of object it was.
|
||||
# %4$S is the property of that object that access was denied for.
|
||||
SetPropertyDeniedOrigins = Permission denied for <%1$S> to set property %2$S.%3$S on <%4$S>.
|
||||
# LOCALIZATION NOTE (SetPropertyDeniedOriginsSubjectDomain):
|
||||
# %1$S is the origin of the script which was denied access.
|
||||
# %2$S is the origin of the object access was denied to.
|
||||
# %3$S is the type of object it was.
|
||||
# %4$S is the property of that object that access was denied for.
|
||||
# %5$S is the value of document.domain for the script which was denied access;
|
||||
# don't translate "document.domain".
|
||||
SetPropertyDeniedOriginsSubjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to set property %2$S.%3$S on <%4$S> (document.domain has not been set).
|
||||
# LOCALIZATION NOTE (SetPropertyDeniedOriginsObjectDomain):
|
||||
# %1$S is the origin of the script which was denied access.
|
||||
# %2$S is the origin of the object access was denied to.
|
||||
# %3$S is the type of object it was.
|
||||
# %4$S is the property of that object that access was denied for.
|
||||
# %5$S is the value of document.domain for the object being accessed;
|
||||
# don't translate "document.domain".
|
||||
SetPropertyDeniedOriginsObjectDomain = Permission denied for <%1$S> (document.domain has not been set) to set property %2$S.%3$S on <%4$S> (document.domain=<%5$S>).
|
||||
# LOCALIZATION NOTE (SetPropertyDeniedOriginsSubjectDomainObjectDomain):
|
||||
# %1$S is the origin of the script which was denied access.
|
||||
# %2$S is the origin of the object access was denied to.
|
||||
# %3$S is the type of object it was.
|
||||
# %4$S is the property of that object that access was denied for.
|
||||
# %5$S is the value of document.domain for the script which was denied access;
|
||||
# don't translate "document.domain"
|
||||
# %6$S is the value of document.domain for the object being accessed;
|
||||
# don't translate "document.domain".
|
||||
SetPropertyDeniedOriginsSubjectDomainObjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to set property %2$S.%3$S on <%4$S> (document.domain=<%6$S>).
|
||||
|
||||
# LOCALIZATION NOTE (CallMethodDeniedOrigins):
|
||||
# %1$S is the origin of the script which was denied access.
|
||||
# %2$S is the origin of the object access was denied to.
|
||||
# %3$S is the type of object it was.
|
||||
# %4$S is the method of that object that access was denied for.
|
||||
CallMethodDeniedOrigins = Permission denied for <%1$S> to call method %2$S.%3$S on <%4$S>.
|
||||
# LOCALIZATION NOTE (CallMethodDeniedOriginsSubjectDomain):
|
||||
# %1$S is the origin of the script which was denied access.
|
||||
# %2$S is the origin of the object access was denied to.
|
||||
# %3$S is the type of object it was.
|
||||
# %4$S is the method of that object that access was denied for.
|
||||
# %5$S is the value of document.domain for the script which was denied access;
|
||||
# don't translate "document.domain".
|
||||
CallMethodDeniedOriginsSubjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to call method %2$S.%3$S on <%4$S> (document.domain has not been set).
|
||||
# LOCALIZATION NOTE (CallMethodDeniedOriginsObjectDomain):
|
||||
# %1$S is the origin of the script which was denied access.
|
||||
# %2$S is the origin of the object access was denied to.
|
||||
# %3$S is the type of object it was.
|
||||
# %4$S is the method of that object that access was denied for.
|
||||
# %5$S is the value of document.domain for the object being accessed;
|
||||
# don't translate "document.domain".
|
||||
CallMethodDeniedOriginsObjectDomain = Permission denied for <%1$S> (document.domain has not been set) to call method %2$S.%3$S on <%4$S> (document.domain=<%5$S>).
|
||||
# LOCALIZATION NOTE (CallMethodDeniedOriginsSubjectDomainObjectDomain):
|
||||
# %1$S is the origin of the script which was denied access.
|
||||
# %2$S is the origin of the object access was denied to.
|
||||
# %3$S is the type of object it was.
|
||||
# %4$S is the method of that object that access was denied for.
|
||||
# %5$S is the value of document.domain for the script which was denied access;
|
||||
# don't translate "document.domain"
|
||||
# %6$S is the value of document.domain for the object being accessed;
|
||||
# don't translate "document.domain".
|
||||
CallMethodDeniedOriginsSubjectDomainObjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to call method %2$S.%3$S on <%4$S> (document.domain=<%6$S>).
|
||||
|
||||
GetPropertyDeniedOriginsOnlySubject = Permission denied for <%S> to get property %S.%S
|
||||
SetPropertyDeniedOriginsOnlySubject = Permission denied for <%S> to set property %S.%S
|
||||
CallMethodDeniedOriginsOnlySubject = Permission denied for <%S> to call method %S.%S
|
||||
|
Loading…
Reference in New Issue
Block a user