mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-26 06:11:37 +00:00
removed some enums and migrated them into nsPrivilege, nsIPrivilege and
nsPrivilegemanager. cleaning up some old code from the security module and refining their api's and such like.
This commit is contained in:
parent
f8f082ef18
commit
d00edf950d
@ -21,7 +21,7 @@ VPATH = @srcdir@
|
||||
|
||||
include $(DEPTH)/config/autoconf.mk
|
||||
|
||||
DIRS = idl public include src
|
||||
DIRS = idl public include src
|
||||
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
|
||||
|
@ -1,3 +1,4 @@
|
||||
nsIPrincipal.idl
|
||||
nsIScriptSecurityManager.idl
|
||||
nsICapsSecurityCallbacks.idl
|
||||
nsICapsSecurityCallbacks.idl
|
||||
nsIPrivilege.idl
|
||||
|
@ -15,19 +15,20 @@
|
||||
# Copyright (C) 1999 Netscape Communications Corporation. All Rights
|
||||
# Reserved.
|
||||
|
||||
DEPTH = ../..
|
||||
topsrcdir = @top_srcdir@
|
||||
srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
DEPTH = ../..
|
||||
topsrcdir = @top_srcdir@
|
||||
srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
|
||||
include $(DEPTH)/config/autoconf.mk
|
||||
|
||||
MODULE = caps
|
||||
|
||||
XPIDLSRCS = \
|
||||
nsIScriptSecurityManager.idl \
|
||||
nsICapsSecurityCallbacks.idl \
|
||||
nsIPrincipal.idl \
|
||||
$(NULL)
|
||||
nsIScriptSecurityManager.idl \
|
||||
nsICapsSecurityCallbacks.idl \
|
||||
nsIPrincipal.idl \
|
||||
nsIPrivilege.idl \
|
||||
$(NULL)
|
||||
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
|
@ -20,10 +20,10 @@ DEPTH=..\..
|
||||
MODULE=caps
|
||||
|
||||
XPIDLSRCS= \
|
||||
.\nsIScriptSecurityManager.idl \
|
||||
.\nsIScriptSecurityManager.idl \
|
||||
.\nsICapsSecurityCallbacks.idl \
|
||||
.\nsIPrincipal.idl \
|
||||
$(NULL)
|
||||
.\nsIPrincipal.idl \
|
||||
.\nsIPrivilege.idl \
|
||||
$(NULL)
|
||||
|
||||
include <$(DEPTH)\config\rules.mak>
|
||||
|
||||
|
45
caps/idl/nsIPrivilege.idl
Normal file
45
caps/idl/nsIPrivilege.idl
Normal file
@ -0,0 +1,45 @@
|
||||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.0 (the "NPL"); you may not use this file except in
|
||||
* compliance with the NPL. You may obtain a copy of the NPL at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the NPL is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
|
||||
* for the specific language governing rights and limitations under the
|
||||
* NPL.
|
||||
*
|
||||
* The Initial Developer of this code under the NPL is Netscape
|
||||
* Communications Corporation. Portions created by Netscape are
|
||||
* Copyright (C) 1999 Netscape Communications Corporation. All Rights
|
||||
* Reserved.
|
||||
*/
|
||||
#include "nsISupports.idl"
|
||||
|
||||
[uuid(0bbbb636-3e11-11d3-ba10-0060b0f199a2)]
|
||||
interface nsIPrivilege : nsISupports
|
||||
{
|
||||
const short PrivilegeState_Blank = 0;
|
||||
const short PrivilegeState_Forbidden = 1;
|
||||
const short PrivilegeState_Allowed = 2;
|
||||
const short PrivilegeState_NumberOfPrivileges = 3;
|
||||
|
||||
const short PrivilegeDuration_Blank = 0;
|
||||
const short PrivilegeDuration_Scope = 1;
|
||||
const short PrivilegeDuration_Session = 2;
|
||||
const short PrivilegeDuration_Forever = 3;
|
||||
const short PrivilegeDuration_NumberOfDurations = 4;
|
||||
|
||||
void GetState(out short state);
|
||||
void SetState(in short state);
|
||||
void GetDuration(out short duration);
|
||||
void SetDuration(in short duration);
|
||||
void SameState(in nsIPrivilege other, out boolean res);
|
||||
void SameDuration(in nsIPrivilege other, out boolean res);
|
||||
void IsAllowed(out boolean result);
|
||||
void IsForbidden(out boolean result);
|
||||
void IsBlank(out boolean result);
|
||||
void ToString(out string result);
|
||||
void Equals(in nsIPrivilege priv, out boolean res);
|
||||
};
|
@ -1,7 +1,6 @@
|
||||
admin.h
|
||||
jpermission.h
|
||||
nsCaps.h
|
||||
nsCapsEnums.h
|
||||
nsCCapsManager.h
|
||||
nsCCapsManagerFactory.h
|
||||
nsCertificatePrincipal.h
|
||||
@ -17,9 +16,3 @@ nsUserDialogHelper.h
|
||||
nsUserTarget.h
|
||||
nsZig.h
|
||||
nsZip.h
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -23,26 +23,25 @@ VPATH = @srcdir@
|
||||
|
||||
include $(DEPTH)/config/autoconf.mk
|
||||
|
||||
EXPORTS = \
|
||||
admin.h \
|
||||
jpermission.h \
|
||||
nsCaps.h \
|
||||
nsCapsEnums.h \
|
||||
nsCCapsManager.h \
|
||||
nsCCapsManagerFactory.h \
|
||||
nsCertificatePrincipal.h \
|
||||
nsCodebasePrincipal.h \
|
||||
nsLoadZig.h \
|
||||
nsPrincipalTools.h \
|
||||
nsPrivilege.h \
|
||||
nsPrivilegeManager.h \
|
||||
nsPrivilegeTable.h \
|
||||
nsSystemPrivilegeTable.h \
|
||||
nsTarget.h \
|
||||
nsUserDialogHelper.h \
|
||||
nsUserTarget.h \
|
||||
nsZig.h \
|
||||
nsZip.h
|
||||
EXPORTS = \
|
||||
admin.h \
|
||||
jpermission.h \
|
||||
nsCaps.h \
|
||||
nsCCapsManager.h \
|
||||
nsCCapsManagerFactory.h \
|
||||
nsCertificatePrincipal.h \
|
||||
nsCodebasePrincipal.h \
|
||||
nsLoadZig.h \
|
||||
nsPrincipalTools.h \
|
||||
nsPrivilege.h \
|
||||
nsPrivilegeManager.h \
|
||||
nsPrivilegeTable.h \
|
||||
nsSystemPrivilegeTable.h \
|
||||
nsTarget.h \
|
||||
nsUserDialogHelper.h \
|
||||
nsUserTarget.h \
|
||||
nsZig.h \
|
||||
nsZip.h
|
||||
|
||||
EXPORTS := $(addprefix $(srcdir)/, $(EXPORTS))
|
||||
|
||||
|
@ -29,25 +29,24 @@ IGNORE_MANIFEST=1
|
||||
MODULE=caps
|
||||
DEPTH=..\..
|
||||
EXPORTS= \
|
||||
admin.h \
|
||||
jpermission.h \
|
||||
nsCaps.h \
|
||||
nsCapsEnums.h \
|
||||
nsCCapsManager.h \
|
||||
nsCCapsManagerFactory.h \
|
||||
nsCertificatePrincipal.h \
|
||||
nsCodebasePrincipal.h \
|
||||
nsLoadZig.h \
|
||||
nsPrincipalTools.h \
|
||||
nsPrivilege.h \
|
||||
nsPrivilegeManager.h \
|
||||
nsPrivilegeTable.h \
|
||||
nsSystemPrivilegeTable.h \
|
||||
nsTarget.h \
|
||||
nsUserDialogHelper.h \
|
||||
nsUserTarget.h \
|
||||
nsZig.h \
|
||||
nsZip.h
|
||||
admin.h \
|
||||
jpermission.h \
|
||||
nsCaps.h \
|
||||
nsCCapsManager.h \
|
||||
nsCCapsManagerFactory.h \
|
||||
nsCertificatePrincipal.h \
|
||||
nsCodebasePrincipal.h \
|
||||
nsLoadZig.h \
|
||||
nsPrincipalTools.h \
|
||||
nsPrivilege.h \
|
||||
nsPrivilegeManager.h \
|
||||
nsPrivilegeTable.h \
|
||||
nsSystemPrivilegeTable.h \
|
||||
nsTarget.h \
|
||||
nsUserDialogHelper.h \
|
||||
nsUserTarget.h \
|
||||
nsZig.h \
|
||||
nsZip.h
|
||||
|
||||
include <$(DEPTH)/config/rules.mak>
|
||||
|
||||
|
@ -16,10 +16,11 @@
|
||||
* Reserved.
|
||||
*/
|
||||
|
||||
#ifndef _NS_CCAPS_MANANGER_H_
|
||||
#ifndef _NS_CCAPS_MANAGER_H_
|
||||
#define _NS_CCAPS_MANAGER_H_
|
||||
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIPrivilege.h"
|
||||
#include "nsISupports.h"
|
||||
#include "nsICapsManager.h"
|
||||
#include "nsAgg.h"
|
||||
@ -47,7 +48,7 @@ NS_IMETHOD
|
||||
CreateCodebasePrincipal(const char *codebaseURL, nsIPrincipal** prin);
|
||||
|
||||
NS_IMETHOD
|
||||
CreateCertPrincipal(const unsigned char **certChain, PRUint32 *certChainLengths, PRUint32 noOfCerts, nsIPrincipal** prin);
|
||||
CreateCertificatePrincipal(const unsigned char **certChain, PRUint32 *certChainLengths, PRUint32 noOfCerts, nsIPrincipal** prin);
|
||||
|
||||
/**
|
||||
* Creates a CodeSourcePrincipal, which has both nsICodebasePrincipal
|
||||
@ -70,7 +71,7 @@ CreateCodeSourcePrincipal(const unsigned char **certChain, PRUint32 *certChainLe
|
||||
* @param state - the return value is passed in this parameter.
|
||||
*/
|
||||
NS_IMETHOD
|
||||
GetPermission(nsIPrincipal * prin, nsTarget * target, nsPermission * state);
|
||||
GetPermission(nsIPrincipal * prin, nsTarget * target, PRInt16 * privilegeState);
|
||||
|
||||
/**
|
||||
* Set the permission state for given principal and target. This wouldn't
|
||||
@ -82,7 +83,7 @@ GetPermission(nsIPrincipal * prin, nsTarget * target, nsPermission * state);
|
||||
* and target parameters.
|
||||
*/
|
||||
NS_IMETHOD
|
||||
SetPermission(nsIPrincipal * prin, nsTarget* target, nsPermission state);
|
||||
SetPermission(nsIPrincipal * prin, nsTarget* target, PRInt16 * privilegeState);
|
||||
|
||||
/**
|
||||
* Prompts the user if they want to grant permission for the given principal and
|
||||
@ -94,7 +95,7 @@ SetPermission(nsIPrincipal * prin, nsTarget* target, nsPermission state);
|
||||
* target
|
||||
*/
|
||||
NS_IMETHOD
|
||||
AskPermission(nsIPrincipal * prin, nsTarget * target, nsPermission * result);
|
||||
AskPermission(nsIPrincipal * prin, nsTarget * target, PRInt16 * privilegeState);
|
||||
|
||||
|
||||
|
||||
@ -113,7 +114,7 @@ NS_IMETHOD
|
||||
Initialize(PRBool * result);
|
||||
|
||||
NS_IMETHOD
|
||||
InitializeFrameWalker(nsICapsSecurityCallbacks* aInterface);
|
||||
InitializeFrameWalker(nsICapsSecurityCallbacks * aInterface);
|
||||
|
||||
/**
|
||||
* Registers the given Principal with the system.
|
||||
@ -185,7 +186,7 @@ DisablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRB
|
||||
* This is a first cut. I need to talk to joki. We should get rid of void* parameters.
|
||||
*/
|
||||
NS_IMETHOD
|
||||
ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetComparisonType *result);
|
||||
ComparePrincipalArray(void* prin1Array, void* prin2Array, PRInt16 * comparisonType);
|
||||
|
||||
NS_IMETHOD
|
||||
IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *result);
|
||||
@ -193,21 +194,6 @@ IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *result);
|
||||
NS_IMETHOD
|
||||
CanExtendTrust(void* fromPrinArray, void* toPrinArray, PRBool *result);
|
||||
|
||||
|
||||
/* interfaces for nsIPrincipal object, may be we should move some of them to nsIprincipal */
|
||||
/*
|
||||
NS_IMETHOD
|
||||
NewPrincipal(PRInt16 prinType, void* key, PRUint32 key_len, void *zig, nsIPrincipal* *result);
|
||||
|
||||
NS_IMETHOD
|
||||
IsCodebaseExact(nsIPrincipal* principal, PRBool *result);
|
||||
|
||||
NS_IMETHOD
|
||||
ToString(nsIPrincipal* principal, char* *result);
|
||||
|
||||
NS_IMETHOD
|
||||
GetVendor(nsIPrincipal* principal, char* *result);
|
||||
*/
|
||||
NS_IMETHOD
|
||||
CreateMixedPrincipalArray(void *zig, char* name, const char* codebase, void** result);
|
||||
|
||||
@ -250,12 +236,6 @@ GetNSPrincipal(nsIPrincipal * pNSIPrincipal, nsIPrincipal ** ppNSPRincipal);
|
||||
NS_METHOD
|
||||
GetNSPrincipalArray(nsPrincipalArray* prinArray, nsPrincipalArray* *pPrincipalArray);
|
||||
|
||||
nsPermission
|
||||
ConvertPrivilegeToPermission(nsPrivilege *pNSPrivilege);
|
||||
|
||||
nsPrivilege *
|
||||
ConvertPermissionToPrivilege(nsPermission state);
|
||||
|
||||
void
|
||||
SetSystemPrivilegeManager();
|
||||
|
||||
|
@ -20,14 +20,14 @@
|
||||
#define _NS_CAPS_H_
|
||||
|
||||
#include "prtypes.h"
|
||||
#include "nsCapsEnums.h"
|
||||
PR_BEGIN_EXTERN_C
|
||||
|
||||
class nsTarget;
|
||||
class nsIPrincipal;
|
||||
class nsIPrivilege;
|
||||
class nsPrivilegeTable;
|
||||
|
||||
struct nsPrivilegeManager;
|
||||
struct nsPrivilege;
|
||||
struct NSJSJavaFrameWrapper;
|
||||
|
||||
/* wrappers for nsPrivilegeManager object */
|
||||
@ -52,7 +52,7 @@ nsCapsDisablePrivilege(void* context, class nsTarget *target, PRInt32 callerDept
|
||||
PR_EXTERN(void*)
|
||||
nsCapsGetClassPrincipalsFromStack(void* context, PRInt32 callerDepth);
|
||||
|
||||
PR_EXTERN(nsSetComparisonType)
|
||||
PR_EXTERN(PRInt16)
|
||||
nsCapsComparePrincipalArray(void* prin1Array, void* prin2Array);
|
||||
|
||||
PR_EXTERN(void*)
|
||||
@ -99,12 +99,12 @@ nsCapsFindTarget(char *name);
|
||||
|
||||
|
||||
/* wrappers for nsPrivilege object */
|
||||
PR_EXTERN(nsPermissionState)
|
||||
nsCapsGetPermission(struct nsPrivilege *privilege);
|
||||
PR_EXTERN(PRInt16)
|
||||
nsCapsGetPermission(class nsIPrivilege * privilege);
|
||||
|
||||
|
||||
/* wrappers for nsPrivilegeTable object */
|
||||
PR_EXTERN(nsPrivilege *)
|
||||
PR_EXTERN(nsIPrivilege *)
|
||||
nsCapsGetPrivilege(nsPrivilegeTable * annotation, class nsTarget * target);
|
||||
|
||||
/* Methods for stack walking */
|
||||
|
@ -1,24 +0,0 @@
|
||||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.0 (the "NPL"); you may not use this file except in
|
||||
* compliance with the NPL. You may obtain a copy of the NPL at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the NPL is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
|
||||
* for the specific language governing rights and limitations under the
|
||||
* NPL.
|
||||
*
|
||||
* The Initial Developer of this code under the NPL is Netscape
|
||||
* Communications Corporation. Portions created by Netscape are
|
||||
* Copyright (C) 1998 Netscape Communications Corporation. All Rights
|
||||
* Reserved.
|
||||
*/
|
||||
|
||||
#ifndef _NS_CAPS_ENUMS_H_
|
||||
#define _NS_CAPS_ENUMS_H_
|
||||
|
||||
#include "nsCapsPublicEnums.h"
|
||||
|
||||
#endif /* _NS_CAPS_ENUMS_H_ */
|
@ -19,103 +19,55 @@
|
||||
#ifndef _NS_PRIVILEGE_H_
|
||||
#define _NS_PRIVILEGE_H_
|
||||
|
||||
#include "nsIPrivilege.h"
|
||||
#include "prtypes.h"
|
||||
//#include "nsCaps.h"
|
||||
#include "nsCapsEnums.h"
|
||||
|
||||
PRBool nsPrivilegeInitialize(void);
|
||||
|
||||
struct nsPrivilege {
|
||||
class nsPrivilege : public nsIPrivilege {
|
||||
|
||||
public:
|
||||
/* Public Field Accessors */
|
||||
nsPermissionState itsPerm;
|
||||
|
||||
nsDurationState itsDuration;
|
||||
NS_DECL_ISUPPORTS
|
||||
|
||||
/* Public Methods */
|
||||
nsPrivilege(nsPermissionState perm, nsDurationState duration);
|
||||
NS_IMETHOD
|
||||
GetState(PRInt16 * state);
|
||||
|
||||
NS_IMETHOD
|
||||
SetState(PRInt16 state);
|
||||
|
||||
NS_IMETHOD
|
||||
GetDuration(PRInt16 * duration);
|
||||
|
||||
NS_IMETHOD
|
||||
SetDuration(PRInt16 duration);
|
||||
|
||||
NS_IMETHOD
|
||||
SameState(nsIPrivilege * other, PRBool * result);
|
||||
|
||||
NS_IMETHOD
|
||||
SameDuration(nsIPrivilege * other, PRBool * result);
|
||||
|
||||
NS_IMETHOD
|
||||
IsAllowed(PRBool * result);
|
||||
|
||||
NS_IMETHOD
|
||||
IsForbidden(PRBool * result);
|
||||
|
||||
NS_IMETHOD
|
||||
IsBlank(PRBool * result);
|
||||
|
||||
NS_IMETHOD
|
||||
ToString(char * * result);
|
||||
|
||||
NS_IMETHOD
|
||||
Equals(nsIPrivilege * perm, PRBool * res);
|
||||
|
||||
nsPrivilege(PRInt16 state, PRInt16 duration);
|
||||
virtual ~nsPrivilege(void);
|
||||
|
||||
static nsPrivilege * findPrivilege(nsPermissionState permission, nsDurationState duration);
|
||||
|
||||
static nsPermissionState add(nsPermissionState perm1, nsPermissionState perm2);
|
||||
|
||||
static nsPrivilege * add(nsPrivilege *privilege1, nsPrivilege *privilege2);
|
||||
|
||||
PRBool samePermission(nsPrivilege *privilege);
|
||||
|
||||
PRBool samePermission(nsPermissionState perm);
|
||||
|
||||
PRBool sameDuration(nsPrivilege *privilege);
|
||||
|
||||
PRBool sameDuration(nsDurationState duration);
|
||||
|
||||
PRBool isAllowed(void);
|
||||
|
||||
PRBool isAllowedForever(void);
|
||||
|
||||
PRBool isForbidden(void);
|
||||
|
||||
PRBool isForbiddenForever(void);
|
||||
|
||||
PRBool isBlank(void);
|
||||
|
||||
nsPermissionState getPermission(void);
|
||||
|
||||
nsDurationState getDuration(void);
|
||||
|
||||
static nsPrivilege * findPrivilege(char *privStr);
|
||||
|
||||
char * toString(void);
|
||||
|
||||
private:
|
||||
|
||||
/* Private Field Accessors */
|
||||
char *itsString;
|
||||
|
||||
static PRBool theInited;
|
||||
|
||||
/* Private Methods */
|
||||
protected:
|
||||
PRInt16 itsState;
|
||||
PRInt16 itsDuration;
|
||||
char * itsString;
|
||||
};
|
||||
|
||||
/**
|
||||
* add() method takes two permissions and returns a new permission.
|
||||
* Permission addition follows these rules:
|
||||
* <pre>
|
||||
* ALLOWED + ALLOWED = ALLOWED 1 + 1 = 1
|
||||
* ALLOWED + BLANK = ALLOWED 1 + 2 = 1
|
||||
* BLANK + BLANK = BLANK 2 + 2 = 2
|
||||
* ALLOWED + FORBIDDEN = FORBIDDEN 1 + 0 = 0
|
||||
* BLANK + FORBIDDEN = FORBIDDEN 2 + 0 = 0
|
||||
* FORBIDDEN + FORBIDDEN = FORBIDDEN 0 + 0 = 0
|
||||
* </pre>
|
||||
*
|
||||
* @return the permission that results from the above rules
|
||||
* <p>
|
||||
* Note: there are two versions of add(). One adds two Privilege
|
||||
* objects. The other just adds permissions (as returned by
|
||||
* <a href="#getPermission">getPermission()</a>).
|
||||
*/
|
||||
/* XXX: Whenever you change the value of FORBIDDEN, ALLOWED and BLANK
|
||||
* make sure they obey the laws mentioned in add() method.
|
||||
*/
|
||||
inline nsPermissionState nsPrivilege::add(nsPermissionState p1, nsPermissionState p2)
|
||||
{
|
||||
if (p1 < p2)
|
||||
return p1;
|
||||
else
|
||||
return p2;
|
||||
}
|
||||
|
||||
inline nsPrivilege * nsPrivilege::add(nsPrivilege *p1, nsPrivilege *p2)
|
||||
{
|
||||
if (p1->itsPerm < p2->itsPerm)
|
||||
return p1;
|
||||
else
|
||||
return p2;
|
||||
}
|
||||
|
||||
|
||||
#endif /* _NS_PRIVILEGE_H_ */
|
||||
|
@ -28,10 +28,9 @@
|
||||
#include "nsTarget.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsPrincipalTools.h"
|
||||
#include "nsPrivilege.h"
|
||||
#include "nsIPrivilege.h"
|
||||
#include "nsPrivilegeTable.h"
|
||||
#include "nsSystemPrivilegeTable.h"
|
||||
#include "nsCapsEnums.h"
|
||||
|
||||
extern PRBool nsCaps_lock(void);
|
||||
extern void nsCaps_unlock(void);
|
||||
@ -45,11 +44,26 @@ PRBool nsPrivilegeManagerInitialize(void);
|
||||
struct nsPrivilegeManager {
|
||||
|
||||
public:
|
||||
/* Public Methods */
|
||||
|
||||
enum { SetComparisonType_ProperSubset=-1 };
|
||||
enum { SetComparisonType_Equal=0 };
|
||||
enum { SetComparisonType_NoSubset=1 };
|
||||
|
||||
nsPrivilegeManager(void);
|
||||
virtual ~nsPrivilegeManager(void);
|
||||
|
||||
static nsIPrivilege *
|
||||
FindPrivilege(PRInt16 privState, PRInt16 privDuration);
|
||||
|
||||
static nsIPrivilege *
|
||||
FindPrivilege(nsIPrivilege * perm);
|
||||
|
||||
static nsIPrivilege *
|
||||
FindPrivilege(char * privStr);
|
||||
|
||||
static nsIPrivilege *
|
||||
Add(nsIPrivilege * privilege1, nsIPrivilege * privilege2);
|
||||
|
||||
void
|
||||
RegisterSystemPrincipal(nsIPrincipal * principal);
|
||||
|
||||
@ -64,24 +78,24 @@ IsPrivilegeEnabled(nsTarget *target, PRInt32 callerDepth);
|
||||
|
||||
PRBool
|
||||
IsPrivilegeEnabled(void* context, nsTarget *target,
|
||||
PRInt32 callerDepth);
|
||||
PRInt32 callerDepth);
|
||||
|
||||
PRBool
|
||||
EnablePrivilege(nsTarget *target, PRInt32 callerDepth);
|
||||
EnablePrivilege(nsTarget * target, PRInt32 callerDepth);
|
||||
|
||||
PRBool
|
||||
EnablePrivilege(void* context, nsTarget *target, PRInt32 callerDepth);
|
||||
EnablePrivilege(void * context, nsTarget * target, PRInt32 callerDepth);
|
||||
|
||||
PRBool
|
||||
EnablePrivilege(nsTarget *target, nsIPrincipal *preferredPrincipal,
|
||||
PRInt32 callerDepth);
|
||||
EnablePrivilege(nsTarget * target, nsIPrincipal * preferredPrincipal,
|
||||
PRInt32 callerDepth);
|
||||
|
||||
PRBool
|
||||
EnablePrivilege(void* context, nsTarget *target, nsIPrincipal * preferredPrincipal,
|
||||
PRInt32 callerDepth);
|
||||
PRInt32 callerDepth);
|
||||
|
||||
PRBool
|
||||
RevertPrivilege(nsTarget *target, PRInt32 callerDepth);
|
||||
RevertPrivilege(nsTarget * target, PRInt32 callerDepth);
|
||||
|
||||
PRBool
|
||||
RevertPrivilege(void* context, nsTarget *target, PRInt32 callerDepth);
|
||||
@ -90,7 +104,7 @@ PRBool
|
||||
DisablePrivilege(nsTarget *target, PRInt32 callerDepth);
|
||||
|
||||
PRBool
|
||||
DisablePrivilege(void* context, nsTarget *target, PRInt32 callerDepth);
|
||||
DisablePrivilege(void * context, nsTarget *target, PRInt32 callerDepth);
|
||||
|
||||
PRBool
|
||||
EnablePrincipalPrivilegeHelper(nsTarget *target, PRInt32 callerDepth,
|
||||
@ -121,32 +135,30 @@ PRBool
|
||||
AskPermission(nsIPrincipal * useThisPrin, nsTarget* target, void* data);
|
||||
|
||||
void
|
||||
SetPermission(nsIPrincipal * useThisPrin, nsTarget * target, nsPrivilege * newPrivilege);
|
||||
SetPermission(nsIPrincipal * useThisPrin, nsTarget * target, nsIPrivilege * newPrivilege);
|
||||
|
||||
void
|
||||
RegisterPrincipalAndSetPrivileges(nsIPrincipal * principal, nsTarget * target, nsPrivilege * newPrivilege);
|
||||
RegisterPrincipalAndSetPrivileges(nsIPrincipal * principal, nsTarget * target, nsIPrivilege * newPrivilege);
|
||||
|
||||
void
|
||||
UpdatePrivilegeTable(nsTarget *target, nsPrivilegeTable * privTable, nsPrivilege * newPrivilege);
|
||||
UpdatePrivilegeTable(nsTarget *target, nsPrivilegeTable * privTable, nsIPrivilege * newPrivilege);
|
||||
|
||||
PRBool
|
||||
CheckPrivilegeGranted(nsTarget *target, PRInt32 callerDepth);
|
||||
|
||||
PRBool
|
||||
CheckPrivilegeGranted(void* context, nsTarget *target,
|
||||
PRInt32 callerDepth);
|
||||
CheckPrivilegeGranted(void* context, nsTarget *target, PRInt32 callerDepth);
|
||||
|
||||
PRBool
|
||||
CheckPrivilegeGranted(nsTarget *target, nsIPrincipal * principal, void *data);
|
||||
CheckPrivilegeGranted(nsTarget * target, nsIPrincipal * principal, void *data);
|
||||
|
||||
PRBool
|
||||
CheckPrivilegeGranted(nsTarget *target, PRInt32 callerDepth, void *data);
|
||||
CheckPrivilegeGranted(nsTarget * target, PRInt32 callerDepth, void * data);
|
||||
|
||||
PRBool
|
||||
CheckPrivilegeGranted(void * context, nsTarget * target,
|
||||
PRInt32 callerDepth, void * data);
|
||||
CheckPrivilegeGranted(void * context, nsTarget * target, PRInt32 callerDepth, void * data);
|
||||
|
||||
nsPrivilege *
|
||||
nsIPrivilege *
|
||||
GetPrincipalPrivilege(nsTarget * target, nsIPrincipal * prin, void * data);
|
||||
|
||||
static nsPrivilegeManager *
|
||||
@ -170,7 +182,7 @@ GetUnsignedPrincipal(void);
|
||||
static nsIPrincipal *
|
||||
GetUnknownPrincipal(void);
|
||||
|
||||
nsSetComparisonType
|
||||
PRInt16
|
||||
ComparePrincipalArray(nsPrincipalArray * prin1Array, nsPrincipalArray * prin2Array);
|
||||
|
||||
nsPrincipalArray *
|
||||
@ -201,7 +213,6 @@ RemovePrincipal(char *prinName);
|
||||
PRBool
|
||||
RemovePrincipalsPrivilege(char *prinName, char *targetName);
|
||||
|
||||
|
||||
void
|
||||
Remove(nsIPrincipal *prin, nsTarget *target);
|
||||
|
||||
@ -241,14 +252,14 @@ static PRBool theInited;
|
||||
/* Private Methods */
|
||||
|
||||
void
|
||||
AddToPrinNameToPrincipalTable(nsIPrincipal *prin);
|
||||
AddToPrincipalNameToPrincipalTable(nsIPrincipal * prin);
|
||||
|
||||
PRBool
|
||||
EnablePrivilegePrivate(void* context, nsTarget *target, nsIPrincipal *preferredPrincipal,
|
||||
PRInt32 callerDepth);
|
||||
PRInt32 callerDepth);
|
||||
|
||||
nsPermissionState
|
||||
GetPrincipalPrivilege(nsTarget *target, nsPrincipalArray* callerPrinArray, void * data);
|
||||
PRInt16
|
||||
GetPrincipalPrivilege(nsTarget * target, nsPrincipalArray * callerPrinArray, void * data);
|
||||
|
||||
PRBool
|
||||
IsPermissionGranted(nsTarget *target, nsPrincipalArray* callerPrinArray, void *data);
|
||||
@ -256,7 +267,7 @@ IsPermissionGranted(nsTarget *target, nsPrincipalArray* callerPrinArray, void *d
|
||||
|
||||
/* The following methods are used to save and load the persistent store */
|
||||
void
|
||||
Save(nsIPrincipal *prin, nsTarget *target, nsPrivilege *newPrivilege);
|
||||
Save(nsIPrincipal * prin, nsTarget * target, nsIPrivilege * newPrivilege);
|
||||
|
||||
void
|
||||
Load(void);
|
||||
|
@ -23,7 +23,7 @@
|
||||
#include "nsHashtable.h"
|
||||
#include "nsCaps.h"
|
||||
#include "nsTarget.h"
|
||||
#include "nsPrivilege.h"
|
||||
#include "nsIPrivilege.h"
|
||||
|
||||
class nsPrivilegeTable {
|
||||
|
||||
@ -36,11 +36,11 @@ public:
|
||||
|
||||
PRBool IsEmpty(void);
|
||||
|
||||
virtual nsPrivilege * Get(nsTarget * t);
|
||||
virtual nsIPrivilege * Get(nsTarget * t);
|
||||
|
||||
nsPrivilege * Put(nsTarget * a, nsPrivilege * priv);
|
||||
nsIPrivilege * Put(nsTarget * a, nsIPrivilege * priv);
|
||||
|
||||
nsPrivilege * Remove(nsTarget * key);
|
||||
nsIPrivilege * Remove(nsTarget * key);
|
||||
|
||||
nsPrivilegeTable * Clone(void);
|
||||
|
||||
|
@ -20,7 +20,7 @@
|
||||
#define _NS_SYSTEM_PRIVILEGE_TABLE_H_
|
||||
|
||||
#include "nsTarget.h"
|
||||
#include "nsPrivilege.h"
|
||||
#include "nsIPrivilege.h"
|
||||
#include "nsPrivilegeTable.h"
|
||||
#include "nsCom.h"
|
||||
|
||||
@ -32,7 +32,7 @@ public:
|
||||
/* Public Methods */
|
||||
nsSystemPrivilegeTable(void);
|
||||
|
||||
virtual nsPrivilege * get(nsTarget *a);
|
||||
virtual nsIPrivilege * Get(nsTarget * a);
|
||||
};
|
||||
|
||||
#endif /* _NS_SYSTEM_PRIVILEGE_TABLE_H_ */
|
||||
|
@ -26,7 +26,7 @@
|
||||
#include "nsVector.h"
|
||||
//#include "nsCaps.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsPrivilege.h"
|
||||
#include "nsIPrivilege.h"
|
||||
#include "nsUserDialogHelper.h"
|
||||
|
||||
typedef nsVector nsTargetArray;
|
||||
@ -89,15 +89,15 @@ public:
|
||||
|
||||
static nsTarget * FindTarget(char * name, nsIPrincipal *prin);
|
||||
|
||||
nsPrivilege * CheckPrivilegeEnabled(nsTargetArray* prinArray, void *data);
|
||||
nsIPrivilege * CheckPrivilegeEnabled(nsTargetArray* prinArray, void *data);
|
||||
|
||||
nsPrivilege * CheckPrivilegeEnabled(nsTargetArray* prinArray);
|
||||
nsIPrivilege * CheckPrivilegeEnabled(nsTargetArray* prinArray);
|
||||
|
||||
nsPrivilege * CheckPrivilegeEnabled(nsIPrincipal *p, void *data);
|
||||
nsIPrivilege * CheckPrivilegeEnabled(nsIPrincipal *p, void *data);
|
||||
|
||||
virtual nsPrivilege * EnablePrivilege(nsIPrincipal *prin, void *data);
|
||||
virtual nsIPrivilege * EnablePrivilege(nsIPrincipal *prin, void *data);
|
||||
|
||||
nsPrivilege * GetPrincipalPrivilege(nsIPrincipal *prin, void *data);
|
||||
nsIPrivilege * GetPrincipalPrivilege(nsIPrincipal *prin, void *data);
|
||||
|
||||
nsTargetArray* GetFlattenedTargetArray(void);
|
||||
|
||||
|
@ -72,7 +72,7 @@ public:
|
||||
{
|
||||
}
|
||||
|
||||
nsPrivilege * EnablePrivilege(nsIPrincipal * prin, void *data);
|
||||
nsIPrivilege * EnablePrivilege(nsIPrincipal * prin, void *data);
|
||||
|
||||
private:
|
||||
|
||||
|
Binary file not shown.
@ -1,3 +1 @@
|
||||
nsICapsManager.h
|
||||
nsCapsPublicEnums.h
|
||||
|
||||
|
@ -23,10 +23,9 @@ VPATH = @srcdir@
|
||||
|
||||
include $(DEPTH)/config/autoconf.mk
|
||||
|
||||
EXPORTS = \
|
||||
nsICapsManager.h \
|
||||
nsCapsPublicEnums.h \
|
||||
$(NULL)
|
||||
EXPORTS = \
|
||||
nsICapsManager.h \
|
||||
$(NULL)
|
||||
|
||||
EXPORTS := $(addprefix $(srcdir)/, $(EXPORTS))
|
||||
|
||||
|
@ -29,8 +29,8 @@ IGNORE_MANIFEST=1
|
||||
MODULE=caps
|
||||
DEPTH=..\..
|
||||
EXPORTS= \
|
||||
nsICapsManager.h \
|
||||
nsCapsPublicEnums.h
|
||||
nsICapsManager.h
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -1,79 +0,0 @@
|
||||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/*
|
||||
* The contents of this file are subject to the Netscape Public License
|
||||
* Version 1.0 (the "NPL"); you may not use this file except in
|
||||
* compliance with the NPL. You may obtain a copy of the NPL at
|
||||
* http://www.mozilla.org/NPL/
|
||||
*
|
||||
* Software distributed under the NPL is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
|
||||
* for the specific language governing rights and limitations under the
|
||||
* NPL.
|
||||
*
|
||||
* The Initial Developer of this code under the NPL is Netscape
|
||||
* Communications Corporation. Portions created by Netscape are
|
||||
* Copyright (C) 1998 Netscape Communications Corporation. All Rights
|
||||
* Reserved.
|
||||
*/
|
||||
|
||||
#ifndef _NS_CAPS_PUBLIC_ENUMS_H_
|
||||
#define _NS_CAPS_PUBLIC_ENUMS_H_
|
||||
|
||||
|
||||
enum nsPermission {
|
||||
nsPermission_Unknown,
|
||||
nsPermission_AllowedSession,
|
||||
nsPermission_DeniedSession,
|
||||
nsPermission_AllowedForever,
|
||||
nsPermission_DeniedForever
|
||||
};
|
||||
|
||||
/**
|
||||
* number of possible permissions (allowed, forbidden, or blank)
|
||||
*
|
||||
* The code in nsPrivilegeInitialize assumes that nsPermissionState
|
||||
* are ordered sequentially from 0 to N.
|
||||
*
|
||||
*/
|
||||
typedef enum nsPermissionState {
|
||||
nsPermissionState_Forbidden = 0,
|
||||
nsPermissionState_Allowed,
|
||||
nsPermissionState_Blank,
|
||||
nsPermissionState_NumberOfPermissions
|
||||
} nsPermissionState;
|
||||
|
||||
/**
|
||||
* number of possible durations (scope, session, or forever)
|
||||
*
|
||||
* The code in nsPrivilegeInitialize assumes that nsDurationState
|
||||
* are ordered sequentially from 0 to N.
|
||||
*
|
||||
*/
|
||||
typedef enum nsDurationState {
|
||||
nsDurationState_Scope=0,
|
||||
nsDurationState_Session,
|
||||
nsDurationState_Forever,
|
||||
nsDurationState_NumberOfDurations
|
||||
} nsDurationState;
|
||||
|
||||
|
||||
typedef enum nsSetComparisonType {
|
||||
nsSetComparisonType_ProperSubset=-1,
|
||||
nsSetComparisonType_Equal=0,
|
||||
nsSetComparisonType_NoSubset=1
|
||||
} nsSetComparisonType;
|
||||
|
||||
|
||||
/* The following should match what is in nsJVM plugin's java security code */
|
||||
/*
|
||||
typedef enum nsPrincipalType {
|
||||
nsPrincipalType_Unknown=-1,
|
||||
nsPrincipalType_CodebaseExact=10,
|
||||
nsPrincipalType_CodebaseRegexp,
|
||||
nsPrincipalType_Cert,
|
||||
nsPrincipalType_CertFingerPrint,
|
||||
nsPrincipalType_CertKey,
|
||||
nsPrincipalType_CertChain
|
||||
} nsPrincipalType;
|
||||
*/
|
||||
#endif /* _NS_CAPS_PUBLIC_ENUMS_H_ */
|
@ -16,13 +16,12 @@
|
||||
* Reserved.
|
||||
*/
|
||||
|
||||
#ifndef nsICapsManager_h___
|
||||
#define nsICapsManager_h___
|
||||
#ifndef _NS_ICAPS_MANAGER_H_
|
||||
#define _NS_ICAPS_MANAGER_H_
|
||||
|
||||
#include "nsISupports.h"
|
||||
#include "nsIFactory.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsCapsPublicEnums.h"
|
||||
#include "nsTarget.h"
|
||||
//class nsITarget;
|
||||
class nsICapsSecurityCallbacks;
|
||||
@ -48,7 +47,7 @@ public:
|
||||
* @param prin - the return value is passed in this parameter.
|
||||
*/
|
||||
NS_IMETHOD
|
||||
CreateCodebasePrincipal(const char *codebaseURL, nsIPrincipal** prin) = 0;
|
||||
CreateCodebasePrincipal(const char *codebaseURL, nsIPrincipal * * prin) = 0;
|
||||
|
||||
/**
|
||||
* Initializes the Certificate principal with the certificate data. I am
|
||||
@ -64,27 +63,7 @@ public:
|
||||
* @param prin - the return value is passed in this parameter.
|
||||
*/
|
||||
NS_IMETHOD
|
||||
CreateCertPrincipal(const unsigned char **certChain, PRUint32 *certChainLengths, PRUint32 noOfCerts, nsIPrincipal** prin) = 0;
|
||||
|
||||
|
||||
/**
|
||||
* Creates a CodeSourcePrincipal, which has both nsICodebasePrincipal
|
||||
* and nsICertPrincipal
|
||||
*
|
||||
*
|
||||
* @param certChain - An array of pointers, with each pointer
|
||||
* pointing to a certificate data.
|
||||
* @param certChainLengths - An array of intergers. Each integer indicates
|
||||
* the length of the cert that is in CertChain
|
||||
* parametr.
|
||||
* @param noOfCerts - the number of certifcates that are in the certChain array
|
||||
* @param codebaseURL - the codebase URL
|
||||
* @param prin - the return value is passed in this parameter.
|
||||
*/
|
||||
/*
|
||||
NS_IMETHOD
|
||||
CreateCodeSourcePrincipal(const unsigned char **certChain, PRUint32 *certChainLengths, PRUint32 noOfCerts, const char *codebaseURL, nsIPrincipal** prin) = 0;
|
||||
*/
|
||||
CreateCertificatePrincipal(const unsigned char * * certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts, nsIPrincipal * * prin) = 0;
|
||||
|
||||
/**
|
||||
* Returns the permission for given principal and target
|
||||
@ -94,7 +73,7 @@ public:
|
||||
* @param state - the return value is passed in this parameter.
|
||||
*/
|
||||
NS_IMETHOD
|
||||
GetPermission(nsIPrincipal* prin, nsTarget * target, nsPermission *state) = 0;
|
||||
GetPermission(nsIPrincipal* prin, nsTarget * target, PRInt16 * privilegeState) = 0;
|
||||
|
||||
/**
|
||||
* Set the permission state for given principal and target. This wouldn't
|
||||
@ -106,7 +85,7 @@ public:
|
||||
* and target parameters.
|
||||
*/
|
||||
NS_IMETHOD
|
||||
SetPermission(nsIPrincipal* prin, nsTarget * target, nsPermission state) = 0;
|
||||
SetPermission(nsIPrincipal* prin, nsTarget * target, PRInt16 * privilegeState) = 0;
|
||||
|
||||
/**
|
||||
* Prompts the user if they want to grant permission for the given principal and
|
||||
@ -118,8 +97,7 @@ public:
|
||||
* target
|
||||
*/
|
||||
NS_IMETHOD
|
||||
AskPermission(nsIPrincipal* prin, nsTarget * target, nsPermission *result) = 0;
|
||||
|
||||
AskPermission(nsIPrincipal* prin, nsTarget * target, PRInt16 * privilegeState) = 0;
|
||||
|
||||
/*
|
||||
* All of the following methods are used by JS (the code located
|
||||
@ -149,6 +127,7 @@ public:
|
||||
* @param prin - is either certificate principal or codebase principal
|
||||
* @param result - is true if principal was successfully registered with the system
|
||||
*/
|
||||
//NEED TO FIGURE THIS SUCKER OUT ARIEL
|
||||
// NS_IMETHOD
|
||||
// RegisterPrincipal(nsIPrincipal* prin, PRBool *result) = 0;
|
||||
|
||||
@ -213,7 +192,7 @@ public:
|
||||
* This is a first cut. I need to talk to joki. We should get rid of void* parameters.
|
||||
*/
|
||||
NS_IMETHOD
|
||||
ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetComparisonType *result) = 0;
|
||||
ComparePrincipalArray(void* prin1Array, void* prin2Array, PRInt16 * comparisonType) = 0;
|
||||
|
||||
NS_IMETHOD
|
||||
IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *result) = 0;
|
||||
@ -226,19 +205,10 @@ public:
|
||||
/*
|
||||
NS_IMETHOD
|
||||
NewPrincipal(nsPrincipalType type, void* key, PRUint32 key_len, void *zig, nsIPrincipal* *result) = 0;
|
||||
|
||||
NS_IMETHOD
|
||||
IsCodebaseExact(nsIPrincipal* principal, PRBool *result) = 0;
|
||||
*/
|
||||
NS_IMETHOD
|
||||
CreateMixedPrincipalArray(void *zig, char* name, const char* codebase, void** result) = 0;
|
||||
/*
|
||||
NS_IMETHOD
|
||||
ToString(nsIPrincipal* principal, char* *result) = 0;
|
||||
|
||||
NS_IMETHOD
|
||||
GetVendor(nsIPrincipal* principal, char* *result) = 0;
|
||||
*/
|
||||
NS_IMETHOD
|
||||
NewPrincipalArray(PRUint32 count, void* *result) = 0;
|
||||
|
||||
|
@ -23,38 +23,38 @@ include $(DEPTH)/config/autoconf.mk
|
||||
|
||||
include $(topsrcdir)/config/config.mk
|
||||
|
||||
MODULE = caps
|
||||
MODULE = caps
|
||||
|
||||
LIBRARY_NAME = caps
|
||||
LIBRARY_NAME = caps
|
||||
|
||||
CPPSRCS = \
|
||||
admin.cpp \
|
||||
nsCaps.cpp \
|
||||
nsCCapsManager.cpp \
|
||||
nsCCapsManagerFactory.cpp \
|
||||
nsCertificatePrincipal.cpp \
|
||||
nsCodebasePrincipal.cpp \
|
||||
nsPrivilege.cpp \
|
||||
nsPrivilegeManager.cpp \
|
||||
nsPrivilegeTable.cpp \
|
||||
nsSystemPrivilegeTable.cpp \
|
||||
nsTarget.cpp \
|
||||
nsUserDialogHelper.cpp \
|
||||
nsUserTarget.cpp \
|
||||
nsZig.cpp \
|
||||
$(NULL)
|
||||
CPPSRCS = \
|
||||
admin.cpp \
|
||||
nsCaps.cpp \
|
||||
nsCCapsManager.cpp \
|
||||
nsCCapsManagerFactory.cpp \
|
||||
nsCertificatePrincipal.cpp \
|
||||
nsCodebasePrincipal.cpp \
|
||||
nsPrivilege.cpp \
|
||||
nsPrivilegeManager.cpp \
|
||||
nsPrivilegeTable.cpp \
|
||||
nsSystemPrivilegeTable.cpp \
|
||||
nsTarget.cpp \
|
||||
nsUserDialogHelper.cpp \
|
||||
nsUserTarget.cpp \
|
||||
nsZig.cpp \
|
||||
$(NULL)
|
||||
|
||||
REQUIRES = nspr xpcom security layer js jar pref img util rdf caps
|
||||
REQUIRES = nspr xpcom security layer js jar pref img util rdf caps
|
||||
|
||||
ifndef MOZ_NATIVE_ZLIB
|
||||
REQUIRES += zlib
|
||||
endif
|
||||
|
||||
CSRCS = \
|
||||
jpermission.c \
|
||||
nsLoadZig.c \
|
||||
nsZip.c \
|
||||
$(NULL)
|
||||
CSRCS= \
|
||||
jpermission.c \
|
||||
nsLoadZig.c \
|
||||
nsZip.c \
|
||||
$(NULL)
|
||||
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
|
||||
|
@ -52,8 +52,7 @@ C_OBJS= \
|
||||
.\$(OBJDIR)\jpermission.obj \
|
||||
.\$(OBJDIR)\nsLoadZig.obj \
|
||||
.\$(OBJDIR)\nsZip.obj \
|
||||
$(NULL)
|
||||
|
||||
$(NULL)
|
||||
|
||||
CPP_OBJS= \
|
||||
.\$(OBJDIR)\admin.obj \
|
||||
@ -62,16 +61,15 @@ CPP_OBJS= \
|
||||
.\$(OBJDIR)\nsCCapsManagerFactory.obj \
|
||||
.\$(OBJDIR)\nsCertificatePrincipal.obj \
|
||||
.\$(OBJDIR)\nsCodebasePrincipal.obj \
|
||||
.\$(OBJDIR)\nsUserDialogHelper.obj \
|
||||
.\$(OBJDIR)\nsPrivilege.obj \
|
||||
.\$(OBJDIR)\nsPrivilegeManager.obj \
|
||||
.\$(OBJDIR)\nsPrivilegeTable.obj \
|
||||
.\$(OBJDIR)\nsSystemPrivilegeTable.obj \
|
||||
.\$(OBJDIR)\nsTarget.obj \
|
||||
.\$(OBJDIR)\nsUserDialogHelper.obj \
|
||||
.\$(OBJDIR)\nsUserTarget.obj \
|
||||
.\$(OBJDIR)\nsZig.obj \
|
||||
$(NULL)
|
||||
|
||||
$(NULL)
|
||||
|
||||
#//------------------------------------------------------------------------
|
||||
#//
|
||||
@ -104,10 +102,10 @@ LINCS= $(LINCS) \
|
||||
$(NULL)
|
||||
|
||||
LLIBS = \
|
||||
$(LIBNSPR) \
|
||||
$(LIBNSPR) \
|
||||
$(DIST)\lib\xpcom.lib \
|
||||
$(DIST)\lib\xplib.lib \
|
||||
$(DIST)\lib\zlib.lib \
|
||||
$(DIST)\lib\xplib.lib \
|
||||
$(DIST)\lib\zlib.lib \
|
||||
$(NULL)
|
||||
|
||||
|
||||
|
@ -16,7 +16,6 @@
|
||||
* Reserved.
|
||||
*/
|
||||
#include "nsIComponentManager.h"
|
||||
#include "nsCapsEnums.h"
|
||||
#include "nsCCapsManager.h"
|
||||
#include "nsCodebasePrincipal.h"
|
||||
#include "nsCertificatePrincipal.h"
|
||||
@ -75,7 +74,7 @@ nsCCapsManager::CreateCodebasePrincipal(const char *codebaseURL,
|
||||
}
|
||||
|
||||
NS_METHOD
|
||||
nsCCapsManager::CreateCertPrincipal(const unsigned char **certChain,
|
||||
nsCCapsManager::CreateCertificatePrincipal(const unsigned char **certChain,
|
||||
PRUint32 *certChainLengths,
|
||||
PRUint32 noOfCerts,
|
||||
nsIPrincipal** prin)
|
||||
@ -92,29 +91,6 @@ nsCCapsManager::CreateCertPrincipal(const unsigned char **certChain,
|
||||
*prin = (nsIPrincipal *)pNSCCertPrincipal;
|
||||
return NS_OK;
|
||||
}
|
||||
//code source prins are deprecated, use codebase of certificate prins instead
|
||||
/*
|
||||
NS_METHOD
|
||||
nsCCapsManager::CreateCodeSourcePrincipal(const unsigned char **certChain,
|
||||
PRUint32 *certChainLengths,
|
||||
PRUint32 noOfCerts,
|
||||
const char *codebaseURL,
|
||||
nsIPrincipal** prin)
|
||||
{
|
||||
nsresult result = NS_OK;
|
||||
nsCCodeSourcePrincipal *pNSCCodeSourcePrincipal =
|
||||
new nsCCodeSourcePrincipal(certChain, certChainLengths, noOfCerts,
|
||||
codebaseURL, &result);
|
||||
if (pNSCCodeSourcePrincipal == NULL)
|
||||
{
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
pNSCCodeSourcePrincipal->AddRef();
|
||||
*prin = (nsIPrincipal *)pNSCCodeSourcePrincipal;
|
||||
return NS_OK;
|
||||
}
|
||||
*/
|
||||
|
||||
|
||||
/**
|
||||
* Returns the permission for given principal and target
|
||||
@ -124,15 +100,16 @@ nsCCapsManager::CreateCodeSourcePrincipal(const unsigned char **certChain,
|
||||
* @param state - the return value is passed in this parameter.
|
||||
*/
|
||||
NS_METHOD
|
||||
nsCCapsManager::GetPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, nsPermission * state)
|
||||
nsCCapsManager::GetPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, PRInt16 * privilegeState)
|
||||
{
|
||||
*state = nsPermission_Unknown;
|
||||
* privilegeState = nsIPrivilege::PrivilegeState_Blank;
|
||||
nsTarget * target = nsTarget::FindTarget(ALL_JAVA_PERMISSION);
|
||||
nsresult result = NS_OK;
|
||||
if( target == NULL ) return NS_OK;
|
||||
if (privilegeManager != NULL) {
|
||||
nsPrivilege* privilege = privilegeManager->GetPrincipalPrivilege(target, prin, NULL);
|
||||
* state = this->ConvertPrivilegeToPermission(privilege);
|
||||
nsIPrivilege * privilege = privilegeManager->GetPrincipalPrivilege(target, prin, NULL);
|
||||
// ARIEL WORK ON THIS SHIT
|
||||
// * privilegeState = this->ConvertPrivilegeToPermission(privilege);
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
@ -147,13 +124,14 @@ nsCCapsManager::GetPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, nsPe
|
||||
* and target parameters.
|
||||
*/
|
||||
NS_METHOD
|
||||
nsCCapsManager::SetPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, nsPermission state)
|
||||
nsCCapsManager::SetPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, PRInt16 * privilegeState)
|
||||
{
|
||||
nsTarget * target = nsTarget::FindTarget(ALL_JAVA_PERMISSION);
|
||||
if(target == NULL ) return NS_OK;
|
||||
if (privilegeManager != NULL) {
|
||||
nsPrivilege* privilege = this->ConvertPermissionToPrivilege(state);
|
||||
privilegeManager->SetPermission(prin, target, privilege);
|
||||
// WORK ON THIS ARIEL
|
||||
// nsPrivilege* privilege = this->ConvertPermissionToPrivilege(privilegeState);
|
||||
// privilegeManager->SetPermission(prin, target, privilegeState);
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
@ -168,17 +146,17 @@ nsCCapsManager::SetPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, nsPe
|
||||
* target
|
||||
*/
|
||||
NS_METHOD
|
||||
nsCCapsManager::AskPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, nsPermission * state)
|
||||
nsCCapsManager::AskPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, PRInt16 * privilegeState)
|
||||
{
|
||||
nsTarget *target = nsTarget::FindTarget(ALL_JAVA_PERMISSION);
|
||||
if( target == NULL ) {
|
||||
*state = nsPermission_Unknown;
|
||||
* privilegeState = nsIPrivilege::PrivilegeState_Blank;
|
||||
return NS_OK;
|
||||
}
|
||||
if (privilegeManager != NULL) {
|
||||
privilegeManager->AskPermission(prin, target, NULL);
|
||||
nsPrivilege * privilege = privilegeManager->GetPrincipalPrivilege(target, prin, NULL);
|
||||
*state = ConvertPrivilegeToPermission(privilege);
|
||||
nsIPrivilege * privilege = privilegeManager->GetPrincipalPrivilege(target, prin, NULL);
|
||||
// * privilegeState = ConvertPrivilegeToPermission(privilege);
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
@ -325,15 +303,14 @@ nsCCapsManager::DisablePrivilege(void* context, const char* targetName, PRInt32
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
||||
/* XXX: Some of the arguments for the following interfaces may change.
|
||||
* This is a first cut. I need to talk to joki. We should get rid of void* parameters.
|
||||
*/
|
||||
NS_METHOD
|
||||
nsCCapsManager::ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetComparisonType *ret_val)
|
||||
nsCCapsManager::ComparePrincipalArray(void* prin1Array, void* prin2Array, PRInt16 * comparisonType)
|
||||
{
|
||||
nsresult result = NS_OK;
|
||||
*ret_val = nsSetComparisonType_NoSubset;
|
||||
* comparisonType = nsPrivilegeManager::SetComparisonType_NoSubset;
|
||||
if (privilegeManager != NULL) {
|
||||
nsPrincipalArray * newPrin1Array=NULL;
|
||||
nsPrincipalArray * newPrin2Array=NULL;
|
||||
@ -341,7 +318,7 @@ nsCCapsManager::ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetC
|
||||
if (result != NS_OK) return result;
|
||||
result = GetNSPrincipalArray((nsPrincipalArray*) prin2Array, &newPrin2Array);
|
||||
if (result != NS_OK) return result;
|
||||
*ret_val = privilegeManager->ComparePrincipalArray(newPrin1Array, newPrin2Array);
|
||||
* comparisonType = privilegeManager->ComparePrincipalArray(newPrin1Array, newPrin2Array);
|
||||
nsCapsFreePrincipalArray(newPrin1Array);
|
||||
nsCapsFreePrincipalArray(newPrin2Array);
|
||||
}
|
||||
@ -373,7 +350,6 @@ NS_METHOD
|
||||
nsCCapsManager::CanExtendTrust(void * fromPrinArray, void * toPrinArray, PRBool * ret_val)
|
||||
{
|
||||
nsresult result = NS_OK;
|
||||
*ret_val = nsSetComparisonType_NoSubset;
|
||||
if (privilegeManager != NULL) {
|
||||
nsPrincipalArray *newPrin1Array=NULL;
|
||||
nsPrincipalArray *newPrin2Array=NULL;
|
||||
@ -410,52 +386,6 @@ nsCCapsManager::NewPrincipal(PRInt16 *principalType, void* key, PRUint32 key_len
|
||||
//XXX: nsPrincipal struct if deprecated, access as nsIPrincipal
|
||||
//do not use IsCodebaseExact, Tostring, or any other of the principal specific objects from here
|
||||
|
||||
/*
|
||||
NS_METHOD
|
||||
nsCCapsManager::IsCodebaseExact(nsIPrincipal * pNSIPrincipal, PRBool *ret_val)
|
||||
{
|
||||
nsresult result = NS_OK;
|
||||
nsPrincipal *pNSPrincipal = NULL;
|
||||
*ret_val = PR_FALSE;
|
||||
result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
|
||||
if( result != NS_OK) {
|
||||
return result;
|
||||
}
|
||||
*ret_val = pNSPrincipal->isCodebaseExact();
|
||||
return NS_OK;
|
||||
}
|
||||
*/
|
||||
|
||||
/*
|
||||
NS_METHOD
|
||||
nsCCapsManager::ToString(nsIPrincipal* prin, char* *ret_val)
|
||||
{
|
||||
nsresult result = NS_OK;
|
||||
nsIPrincipal *temp = NULL;
|
||||
*ret_val = NULL;
|
||||
result = GetNSPrincipal(prin, &temp);
|
||||
if( result != NS_OK) return result;
|
||||
*ret_val = temp->ToString();
|
||||
return NS_OK;
|
||||
}
|
||||
*/
|
||||
|
||||
/*
|
||||
NS_METHOD
|
||||
nsCCapsManager::GetVendor(nsIPrincipal* pNSIPrincipal, char* *ret_val)
|
||||
{
|
||||
nsresult result = NS_OK;
|
||||
nsPrincipal *pNSPrincipal = NULL;
|
||||
*ret_val = NULL;
|
||||
result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
|
||||
if( result != NS_OK) {
|
||||
return result;
|
||||
}
|
||||
*ret_val = pNSPrincipal->getVendor();
|
||||
return NS_OK;
|
||||
}
|
||||
*/
|
||||
|
||||
NS_METHOD
|
||||
nsCCapsManager::NewPrincipalArray(PRUint32 count, void* *ret_val)
|
||||
{
|
||||
@ -570,13 +500,14 @@ nsCCapsManager::IsAllowed(void *annotation, char* targetName, PRBool *ret_val)
|
||||
*ret_val = PR_FALSE;
|
||||
return NS_OK;
|
||||
}
|
||||
struct nsPrivilege * pNSPrivilege = nsCapsGetPrivilege((nsPrivilegeTable * )annotation, target);
|
||||
nsIPrivilege * pNSPrivilege = nsCapsGetPrivilege((nsPrivilegeTable * )annotation, target);
|
||||
if (pNSPrivilege == NULL) {
|
||||
*ret_val = PR_FALSE;
|
||||
return NS_OK;
|
||||
}
|
||||
nsPermissionState perm = nsCapsGetPermission(pNSPrivilege);
|
||||
*ret_val = (perm == nsPermissionState_Allowed);
|
||||
// ARIEL WORK ON THIS
|
||||
// PRInt16 privilegeState = nsCapsGetPermission(pNSPrivilege);
|
||||
// *ret_val = (privilegeState == nsIPrivilege::PrivilegeState_Allowed);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -724,7 +655,7 @@ nsCCapsManager::GetNSPrincipal(nsIPrincipal* pNSIPrincipal, nsPrincipal **ppNSPr
|
||||
return NS_OK;
|
||||
}
|
||||
*/
|
||||
|
||||
/*
|
||||
nsPermission
|
||||
nsCCapsManager::ConvertPrivilegeToPermission(nsPrivilege * pNSPrivilege)
|
||||
{
|
||||
@ -770,7 +701,7 @@ nsCCapsManager::ConvertPermissionToPrivilege(nsPermission state)
|
||||
}
|
||||
return nsPrivilege::findPrivilege(permission, duration);
|
||||
}
|
||||
|
||||
*/
|
||||
void
|
||||
nsCCapsManager::SetSystemPrivilegeManager()
|
||||
{
|
||||
|
@ -23,8 +23,9 @@
|
||||
#include "prlog.h"
|
||||
#include "nsCaps.h"
|
||||
#include "nsPrivilegeManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsCertificatePrincipal.h"
|
||||
#include "nsPrivilege.h"
|
||||
#include "nsIPrivilege.h"
|
||||
#include "nsPrivilegeTable.h"
|
||||
#include "nsTarget.h"
|
||||
#include "nsCCapsManager.h"
|
||||
@ -73,7 +74,7 @@ nsCapsInitialize()
|
||||
nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
|
||||
if (nsPrivManager == NULL) {
|
||||
nsPrivilegeManagerInitialize();
|
||||
nsPrivilegeInitialize();
|
||||
// nsPrivilegeInitialize();
|
||||
nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
|
||||
}
|
||||
PR_ASSERT(nsPrivManager != NULL);
|
||||
@ -97,16 +98,16 @@ nsCapsInitialize()
|
||||
PR_IMPLEMENT(PRBool)
|
||||
nsCapsRegisterPrincipal(class nsIPrincipal *principal)
|
||||
{
|
||||
nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
|
||||
nsPrivilegeManager * nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
|
||||
if(nsPrivManager == NULL) return PR_FALSE;
|
||||
nsPrivManager->RegisterPrincipal(principal);
|
||||
return PR_TRUE;
|
||||
}
|
||||
|
||||
PR_IMPLEMENT(PRBool)
|
||||
nsCapsEnablePrivilege(void* context, class nsTarget *target, PRInt32 callerDepth)
|
||||
nsCapsEnablePrivilege(void * context, class nsTarget * target, PRInt32 callerDepth)
|
||||
{
|
||||
nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
|
||||
nsPrivilegeManager * nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
|
||||
return (nsPrivManager == NULL) ? PR_FALSE : nsPrivManager->EnablePrivilege(context, target, callerDepth);
|
||||
}
|
||||
|
||||
@ -139,11 +140,11 @@ nsCapsGetClassPrincipalsFromStack(void* context, PRInt32 callerDepth)
|
||||
: (void *)nsPrivManager->GetClassPrincipalsFromStack(context, callerDepth);
|
||||
}
|
||||
|
||||
PR_IMPLEMENT(nsSetComparisonType)
|
||||
nsCapsComparePrincipalArray(void* prin1Array, void* prin2Array)
|
||||
PR_IMPLEMENT(PRInt16)
|
||||
nsCapsComparePrincipalArray(void * prin1Array, void * prin2Array)
|
||||
{
|
||||
nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
|
||||
return (nsPrivManager == NULL) ? nsSetComparisonType_NoSubset
|
||||
nsPrivilegeManager * nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
|
||||
return (nsPrivManager == NULL) ? nsPrivilegeManager::SetComparisonType_NoSubset
|
||||
: nsPrivManager->ComparePrincipalArray((nsPrincipalArray*)prin1Array, (nsPrincipalArray*)prin2Array);
|
||||
}
|
||||
|
||||
@ -190,7 +191,7 @@ nsCapsIsCodebaseExact(class nsIPrincipal *principal)
|
||||
principal->GetType(& prinType);
|
||||
return (prinType == (PRInt16) nsIPrincipal::PrincipalType_CodebaseExact) ? PR_TRUE : PR_FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
PR_IMPLEMENT(const char *)
|
||||
nsCapsPrincipalGetVendor(class nsIPrincipal *principal)
|
||||
{
|
||||
@ -198,7 +199,7 @@ nsCapsPrincipalGetVendor(class nsIPrincipal *principal)
|
||||
//return principal->getVendor();
|
||||
return NULL;
|
||||
}
|
||||
|
||||
*/
|
||||
PR_EXTERN(void *)
|
||||
nsCapsNewPrincipalArray(PRUint32 count)
|
||||
{
|
||||
@ -247,17 +248,19 @@ nsCapsFindTarget(char *name)
|
||||
}
|
||||
|
||||
/* wrappers for nsPrivilege object */
|
||||
PR_IMPLEMENT(nsPermissionState)
|
||||
nsCapsGetPermission(struct nsPrivilege *privilege)
|
||||
PR_IMPLEMENT(PRInt16)
|
||||
nsCapsGetPermission(nsIPrivilege * privilege)
|
||||
{
|
||||
return privilege->getPermission();
|
||||
PRInt16 privState;
|
||||
privilege->GetState(& privState);
|
||||
return privState;
|
||||
}
|
||||
|
||||
/* wrappers for nsPrivilegeTable object */
|
||||
PR_IMPLEMENT(struct nsPrivilege *)
|
||||
nsCapsGetPrivilege(nsPrivilegeTable * annotation, class nsTarget *target)
|
||||
PR_IMPLEMENT(nsIPrivilege *)
|
||||
nsCapsGetPrivilege(nsPrivilegeTable * annotation, class nsTarget * target)
|
||||
{
|
||||
return annotation->Get(target);
|
||||
return annotation->Get(target);
|
||||
}
|
||||
|
||||
|
||||
@ -361,3 +364,4 @@ nsCapsGetRegistrationModeFlag(void)
|
||||
}
|
||||
|
||||
PR_END_EXTERN_C
|
||||
|
||||
|
@ -19,213 +19,163 @@
|
||||
#include "nsPrivilege.h"
|
||||
#include "xp.h"
|
||||
|
||||
static nsPrivilege *thePrivilegeCache[nsPermissionState_NumberOfPermissions][nsDurationState_NumberOfDurations];
|
||||
static NS_DEFINE_IID(kIPrivilegeIID, NS_IPRIVILEGE_IID);
|
||||
|
||||
NS_IMPL_ISUPPORTS(nsPrivilege, kIPrivilegeIID);
|
||||
|
||||
//
|
||||
// PUBLIC METHODS
|
||||
//
|
||||
|
||||
nsPrivilege::nsPrivilege(nsPermissionState perm, nsDurationState duration)
|
||||
NS_IMETHODIMP
|
||||
nsPrivilege::GetState(PRInt16 * state)
|
||||
{
|
||||
itsPerm=perm;
|
||||
itsDuration=duration;
|
||||
itsString = NULL;
|
||||
* state = itsState;
|
||||
return (itsState) ? NS_OK : NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrivilege::SetState(PRInt16 state)
|
||||
{
|
||||
itsState=state;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrivilege::GetDuration(PRInt16 * duration)
|
||||
{
|
||||
* duration = itsDuration;
|
||||
return (itsDuration) ? NS_OK : NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrivilege::SetDuration(PRInt16 duration)
|
||||
{
|
||||
itsDuration=duration;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrivilege::SameState(nsIPrivilege * other, PRBool * result)
|
||||
{
|
||||
nsresult rv;
|
||||
PRInt16 * myState;
|
||||
rv = this->GetState(myState);
|
||||
PRInt16 * otherState;
|
||||
rv = other->GetState(otherState);
|
||||
* result = (otherState == myState) ? PR_TRUE : PR_FALSE;
|
||||
return rv;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrivilege::SameDuration(nsIPrivilege * other, PRBool * result)
|
||||
{
|
||||
nsresult rv;
|
||||
PRInt16 * myDur;
|
||||
rv = this->GetState(myDur);
|
||||
PRInt16 * otherDur;
|
||||
rv = other->GetState(otherDur);
|
||||
* result = (otherDur == myDur) ? PR_TRUE : PR_FALSE;
|
||||
return rv;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrivilege::IsAllowed(PRBool * result)
|
||||
{
|
||||
nsresult rv;
|
||||
PRInt16 * myState;
|
||||
rv = this->GetState(myState);
|
||||
* result = (myState == (PRInt16 *)nsIPrivilege::PrivilegeState_Allowed) ? PR_TRUE : PR_FALSE;
|
||||
return rv;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrivilege::IsForbidden(PRBool * result)
|
||||
{
|
||||
nsresult rv;
|
||||
PRInt16 * myState;
|
||||
rv = this->GetState(myState);
|
||||
* result = (myState == (PRInt16 *)nsIPrivilege::PrivilegeState_Forbidden) ? PR_TRUE : PR_FALSE;
|
||||
return rv;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrivilege::IsBlank(PRBool * result)
|
||||
{
|
||||
nsresult rv;
|
||||
PRInt16 * myState;
|
||||
rv = this->GetState(myState);
|
||||
* result = (myState == (PRInt16 *)nsIPrivilege::PrivilegeState_Blank) ? PR_TRUE : PR_FALSE;
|
||||
return rv;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrivilege::ToString(char * * result)
|
||||
{
|
||||
char * privStr = NULL;
|
||||
char * durStr = NULL;
|
||||
if (itsString != NULL) {
|
||||
result=&itsString;
|
||||
return NS_OK;
|
||||
}
|
||||
PRInt16 temp;
|
||||
this->GetState(& temp);
|
||||
switch(temp) {
|
||||
case nsIPrivilege::PrivilegeState_Allowed:
|
||||
privStr = "allowed";
|
||||
break;
|
||||
case nsIPrivilege::PrivilegeState_Forbidden:
|
||||
privStr = "forbidden";
|
||||
break;
|
||||
case nsIPrivilege::PrivilegeState_Blank:
|
||||
privStr = "blank";
|
||||
break;
|
||||
default:
|
||||
PR_ASSERT(FALSE);
|
||||
privStr = "error";
|
||||
break;
|
||||
}
|
||||
this->GetDuration(& temp);
|
||||
switch(temp) {
|
||||
case nsIPrivilege::PrivilegeDuration_Scope:
|
||||
durStr = " in scope";
|
||||
break;
|
||||
case nsIPrivilege::PrivilegeDuration_Session:
|
||||
durStr = " in session";
|
||||
break;
|
||||
case nsIPrivilege::PrivilegeDuration_Forever:
|
||||
durStr = " forever";
|
||||
break;
|
||||
case nsIPrivilege::PrivilegeDuration_Blank:
|
||||
privStr = "blank";
|
||||
break;
|
||||
default:
|
||||
PR_ASSERT(FALSE);
|
||||
privStr = "error";
|
||||
break;
|
||||
}
|
||||
itsString = new char[strlen(privStr) + strlen(durStr) + 1];
|
||||
XP_STRCPY(itsString, privStr);
|
||||
XP_STRCAT(itsString, durStr);
|
||||
result = & itsString;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsPrivilege::Equals(nsIPrivilege * other, PRBool * result)
|
||||
{
|
||||
nsresult rv;
|
||||
PRBool * sameState, * sameDuration;
|
||||
rv = this->SameState(other, sameState);
|
||||
rv = this->SameDuration(other, sameDuration);
|
||||
*result = (sameState && sameDuration) ? PR_TRUE : PR_FALSE;
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsPrivilege::nsPrivilege(PRInt16 state, PRInt16 duration)
|
||||
{
|
||||
itsState = state;
|
||||
itsDuration = duration;
|
||||
itsString = NULL;
|
||||
}
|
||||
|
||||
nsPrivilege::~nsPrivilege(void)
|
||||
{
|
||||
if (itsString)
|
||||
delete []itsString;
|
||||
}
|
||||
|
||||
nsPrivilege * nsPrivilege::findPrivilege(nsPermissionState permission, nsDurationState duration)
|
||||
{
|
||||
return thePrivilegeCache[permission][duration];
|
||||
}
|
||||
|
||||
PRBool nsPrivilege::samePermission(nsPrivilege *p)
|
||||
{
|
||||
if (p->itsPerm == itsPerm)
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
PRBool nsPrivilege::samePermission(nsPermissionState perm)
|
||||
{
|
||||
if (itsPerm == perm)
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
PRBool nsPrivilege::sameDuration(nsPrivilege *p)
|
||||
{
|
||||
if (p->itsDuration == itsDuration)
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
PRBool nsPrivilege::sameDuration(nsDurationState duration)
|
||||
{
|
||||
if (itsDuration == duration)
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
PRBool nsPrivilege::isAllowed(void)
|
||||
{
|
||||
if (itsPerm == nsPermissionState_Allowed)
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
PRBool nsPrivilege::isAllowedForever(void)
|
||||
{
|
||||
if ((itsPerm == nsPermissionState_Allowed) &&
|
||||
(itsDuration == nsDurationState_Forever))
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
PRBool nsPrivilege::isForbidden(void)
|
||||
{
|
||||
if (itsPerm == nsPermissionState_Forbidden)
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
PRBool nsPrivilege::isForbiddenForever(void)
|
||||
{
|
||||
if ((itsPerm == nsPermissionState_Forbidden) &&
|
||||
(itsDuration == nsDurationState_Forever))
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
PRBool nsPrivilege::isBlank(void)
|
||||
{
|
||||
if (itsPerm == nsPermissionState_Blank)
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
nsPermissionState nsPrivilege::getPermission(void)
|
||||
{
|
||||
return itsPerm;
|
||||
}
|
||||
|
||||
nsDurationState nsPrivilege::getDuration(void)
|
||||
{
|
||||
return itsDuration;
|
||||
}
|
||||
|
||||
/* The following function is used to restore the privilege from persistent store.
|
||||
* This does the reverse of toString method.
|
||||
*/
|
||||
nsPrivilege * nsPrivilege::findPrivilege(char *privStr)
|
||||
{
|
||||
nsPermissionState permission;
|
||||
nsDurationState duration;
|
||||
if (XP_STRCMP(privStr, "allowed in scope") == 0) {
|
||||
permission = nsPermissionState_Allowed;
|
||||
duration = nsDurationState_Scope;
|
||||
} else if (XP_STRCMP(privStr, "allowed in session") == 0) {
|
||||
permission = nsPermissionState_Allowed;
|
||||
duration = nsDurationState_Session;
|
||||
} else if (XP_STRCMP(privStr, "allowed forever") == 0) {
|
||||
permission = nsPermissionState_Allowed;
|
||||
duration = nsDurationState_Forever;
|
||||
} else if (XP_STRCMP(privStr, "forbidden forever") == 0) {
|
||||
permission = nsPermissionState_Forbidden;
|
||||
duration = nsDurationState_Forever;
|
||||
} else if (XP_STRCMP(privStr, "forbidden in session") == 0) {
|
||||
permission = nsPermissionState_Forbidden;
|
||||
duration = nsDurationState_Session;
|
||||
} else if (XP_STRCMP(privStr, "forbidden in scope") == 0) {
|
||||
permission = nsPermissionState_Forbidden;
|
||||
duration = nsDurationState_Scope;
|
||||
} else if (XP_STRCMP(privStr, "blank forever") == 0) {
|
||||
permission = nsPermissionState_Blank;
|
||||
duration = nsDurationState_Forever;
|
||||
} else if (XP_STRCMP(privStr, "blank in session") == 0) {
|
||||
permission = nsPermissionState_Blank;
|
||||
duration = nsDurationState_Session;
|
||||
} else if (XP_STRCMP(privStr, "blank in scope") == 0) {
|
||||
permission = nsPermissionState_Blank;
|
||||
duration = nsDurationState_Scope;
|
||||
} else {
|
||||
permission = nsPermissionState_Blank;
|
||||
duration = nsDurationState_Scope;
|
||||
}
|
||||
return findPrivilege(permission, duration);
|
||||
}
|
||||
|
||||
|
||||
char * nsPrivilege::toString(void)
|
||||
{
|
||||
char *permStr=NULL;
|
||||
char *durStr=NULL;
|
||||
if (itsString != NULL)
|
||||
return itsString;
|
||||
|
||||
switch(itsPerm) {
|
||||
case nsPermissionState_Allowed:
|
||||
permStr = "allowed";
|
||||
break;
|
||||
case nsPermissionState_Forbidden:
|
||||
permStr = "forbidden";
|
||||
break;
|
||||
case nsPermissionState_Blank:
|
||||
permStr = "blank";
|
||||
break;
|
||||
default:
|
||||
PR_ASSERT(FALSE);
|
||||
permStr = "blank";
|
||||
break;
|
||||
}
|
||||
|
||||
switch(itsDuration) {
|
||||
case nsDurationState_Scope:
|
||||
durStr = " in scope";
|
||||
break;
|
||||
case nsDurationState_Session:
|
||||
durStr = " in session";
|
||||
break;
|
||||
case nsDurationState_Forever:
|
||||
durStr = " forever";
|
||||
break;
|
||||
default:
|
||||
PR_ASSERT(FALSE);
|
||||
permStr = "blank";
|
||||
break;
|
||||
}
|
||||
|
||||
itsString = new char[strlen(permStr) + strlen(durStr) + 1];
|
||||
XP_STRCPY(itsString, permStr);
|
||||
XP_STRCAT(itsString, durStr);
|
||||
return itsString;
|
||||
}
|
||||
|
||||
|
||||
|
||||
//
|
||||
// PRIVATE METHODS
|
||||
//
|
||||
|
||||
PRBool nsPrivilegeInitialize(void)
|
||||
{
|
||||
nsPermissionState perm;
|
||||
nsDurationState duration;
|
||||
for (int i = 0; i < nsPermissionState_NumberOfPermissions; i++)
|
||||
for(int j = 0; j < nsDurationState_NumberOfDurations; j++) {
|
||||
/* This code assumes that nsPermissionState and nsDurationState
|
||||
* are ordered sequentially from 0 to N
|
||||
*/
|
||||
perm = (nsPermissionState)i;
|
||||
duration = (nsDurationState)j;
|
||||
thePrivilegeCache[i][j] = new nsPrivilege(perm, duration);
|
||||
}
|
||||
return PR_TRUE;
|
||||
}
|
||||
|
||||
PRBool nsPrivilege::theInited = nsPrivilegeInitialize();
|
||||
if(itsString) delete [] itsString;
|
||||
}
|
@ -30,13 +30,16 @@
|
||||
#include "jsec2rdf.h"
|
||||
#endif /* ENABLE_RDF */
|
||||
|
||||
|
||||
|
||||
|
||||
static nsPrivilegeManager * thePrivilegeManager = NULL;
|
||||
static nsIPrincipal * theSystemPrincipal = NULL;
|
||||
static nsIPrincipal * theUnsignedPrincipal;
|
||||
static nsPrincipalArray * theUnsignedPrincipalArray;
|
||||
static nsIPrincipal * theUnknownPrincipal;
|
||||
static nsPrincipalArray * theUnknownPrincipalArray;
|
||||
|
||||
static nsPrincipalArray * theUnsignedPrincipalArray;
|
||||
static nsIPrivilege * thePrivilegeCache[nsIPrivilege::PrivilegeState_NumberOfPrivileges][nsIPrivilege::PrivilegeDuration_NumberOfDurations];
|
||||
static PRMonitor *caps_lock = NULL;
|
||||
|
||||
/* We could avoid the following globals if nsHashTable's Enumerate accepted
|
||||
@ -74,6 +77,23 @@ CMGetBoolPref(char * pref_name)
|
||||
}
|
||||
PR_END_EXTERN_C
|
||||
|
||||
PRBool
|
||||
nsPrivilegeInitialize(void)
|
||||
{
|
||||
PRInt16 privState;
|
||||
PRInt16 durationState;
|
||||
for (int i = 0; i < nsIPrivilege::PrivilegeState_NumberOfPrivileges; i++) {
|
||||
for(int j = 0; j < nsIPrivilege::PrivilegeDuration_NumberOfDurations; j++) {
|
||||
privState = (PRInt16) i;
|
||||
durationState = (PRInt16) j;
|
||||
thePrivilegeCache[i][j] = new nsPrivilege(privState, durationState);
|
||||
}
|
||||
}
|
||||
return PR_TRUE;
|
||||
}
|
||||
|
||||
PRBool theInited = nsPrivilegeInitialize();
|
||||
|
||||
PRBool
|
||||
nsCaps_lock(void)
|
||||
{
|
||||
@ -93,8 +113,6 @@ nsCaps_unlock(void)
|
||||
}
|
||||
|
||||
|
||||
// PUBLIC METHODS
|
||||
|
||||
|
||||
nsPrivilegeManager::nsPrivilegeManager(void)
|
||||
{
|
||||
@ -114,8 +132,72 @@ nsPrivilegeManager::~nsPrivilegeManager(void)
|
||||
nsCaps_unlock();
|
||||
}
|
||||
|
||||
nsIPrivilege *
|
||||
nsPrivilegeManager::FindPrivilege(PRInt16 privState, PRInt16 privDuration) {
|
||||
return thePrivilegeCache[privState][privDuration];
|
||||
}
|
||||
|
||||
nsIPrivilege *
|
||||
nsPrivilegeManager::FindPrivilege(nsIPrivilege * priv)
|
||||
{
|
||||
PRInt16 privState;
|
||||
PRInt16 privDuration;
|
||||
priv->GetState(& privState);
|
||||
priv->GetDuration(& privDuration);
|
||||
return nsPrivilegeManager::FindPrivilege(privState, privDuration);
|
||||
}
|
||||
|
||||
nsIPrivilege *
|
||||
nsPrivilegeManager::FindPrivilege(char * privStr)
|
||||
{
|
||||
PRInt16 privState;
|
||||
PRInt16 privDuration;
|
||||
if (XP_STRCMP(privStr, "allowed in scope") == 0) {
|
||||
privState = nsIPrivilege::PrivilegeState_Allowed;
|
||||
privDuration = nsIPrivilege::PrivilegeDuration_Scope;
|
||||
} else if (XP_STRCMP(privStr, "allowed in session") == 0) {
|
||||
privState = nsIPrivilege::PrivilegeState_Allowed;
|
||||
privDuration = nsIPrivilege::PrivilegeDuration_Session;
|
||||
} else if (XP_STRCMP(privStr, "allowed forever") == 0) {
|
||||
privState = nsIPrivilege::PrivilegeState_Allowed;
|
||||
privDuration = nsIPrivilege::PrivilegeDuration_Forever;
|
||||
} else if (XP_STRCMP(privStr, "forbidden forever") == 0) {
|
||||
privState = nsIPrivilege::PrivilegeState_Forbidden;
|
||||
privDuration = nsIPrivilege::PrivilegeDuration_Forever;
|
||||
} else if (XP_STRCMP(privStr, "forbidden in session") == 0) {
|
||||
privState = nsIPrivilege::PrivilegeState_Forbidden;
|
||||
privDuration = nsIPrivilege::PrivilegeDuration_Session;
|
||||
} else if (XP_STRCMP(privStr, "forbidden in scope") == 0) {
|
||||
privState = nsIPrivilege::PrivilegeState_Forbidden;
|
||||
privDuration = nsIPrivilege::PrivilegeDuration_Scope;
|
||||
} else if (XP_STRCMP(privStr, "blank forever") == 0) {
|
||||
privState = nsIPrivilege::PrivilegeState_Blank;
|
||||
privDuration = nsIPrivilege::PrivilegeDuration_Forever;
|
||||
} else if (XP_STRCMP(privStr, "blank in session") == 0) {
|
||||
privState = nsIPrivilege::PrivilegeState_Blank;
|
||||
privDuration = nsIPrivilege::PrivilegeDuration_Session;
|
||||
} else if (XP_STRCMP(privStr, "blank in scope") == 0) {
|
||||
privState = nsIPrivilege::PrivilegeState_Blank;
|
||||
privDuration = nsIPrivilege::PrivilegeDuration_Scope;
|
||||
} else {
|
||||
privState = nsIPrivilege::PrivilegeState_Blank;
|
||||
privDuration = nsIPrivilege::PrivilegeDuration_Scope;
|
||||
}
|
||||
return nsPrivilegeManager::FindPrivilege(privState, privDuration);
|
||||
}
|
||||
|
||||
nsIPrivilege *
|
||||
nsPrivilegeManager::Add(nsIPrivilege * priv1, nsIPrivilege * priv2) {
|
||||
nsresult rv;
|
||||
PRInt16 * p1state;
|
||||
PRInt16 * p2state;
|
||||
rv = priv1->GetState(p1state);
|
||||
rv = priv2->GetState(p2state);
|
||||
return (p1state < p2state) ? priv1 : priv2;
|
||||
}
|
||||
|
||||
void
|
||||
nsPrivilegeManager::AddToPrinNameToPrincipalTable(nsIPrincipal * prin)
|
||||
nsPrivilegeManager::AddToPrincipalNameToPrincipalTable(nsIPrincipal * prin)
|
||||
{
|
||||
char *prinName;
|
||||
prin->ToString(&prinName);
|
||||
@ -127,7 +209,6 @@ nsPrivilegeManager::AddToPrinNameToPrincipalTable(nsIPrincipal * prin)
|
||||
nsCaps_unlock();
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
nsPrivilegeManager::RegisterSystemPrincipal(nsIPrincipal * prin)
|
||||
{
|
||||
@ -159,7 +240,7 @@ nsPrivilegeManager::RegisterPrincipal(nsIPrincipal * prin)
|
||||
if (NULL == itsPrinToMacroTargetPrivTable->Get(&prinKey)) {
|
||||
itsPrinToMacroTargetPrivTable->Put(&prinKey, new nsPrivilegeTable());
|
||||
}
|
||||
this->AddToPrinNameToPrincipalTable(prin);
|
||||
this->AddToPrincipalNameToPrincipalTable(prin);
|
||||
nsCaps_unlock();
|
||||
}
|
||||
|
||||
@ -221,8 +302,7 @@ nsPrivilegeManager::EnablePrivilege(void* context, nsTarget * target, PRInt32 ca
|
||||
}
|
||||
|
||||
PRBool
|
||||
nsPrivilegeManager::EnablePrivilege(nsTarget *target,
|
||||
nsIPrincipal * preferredPrincipal,
|
||||
nsPrivilegeManager::EnablePrivilege(nsTarget * target, nsIPrincipal * preferredPrincipal,
|
||||
PRInt32 callerDepth)
|
||||
{
|
||||
return this->EnablePrivilegePrivate(NULL, target, preferredPrincipal, callerDepth);
|
||||
@ -236,8 +316,7 @@ nsPrivilegeManager::EnablePrivilege(void* context, nsTarget * target, nsIPrincip
|
||||
}
|
||||
|
||||
PRBool
|
||||
nsPrivilegeManager::RevertPrivilege(nsTarget *target,
|
||||
PRInt32 callerDepth)
|
||||
nsPrivilegeManager::RevertPrivilege(nsTarget * target, PRInt32 callerDepth)
|
||||
{
|
||||
return this->RevertPrivilege(NULL, target, callerDepth);
|
||||
}
|
||||
@ -249,7 +328,7 @@ nsPrivilegeManager::RevertPrivilege(void* context, nsTarget * target, PRInt32 ca
|
||||
if (targ != target) return PR_FALSE;
|
||||
nsPrivilegeTable *privTable = this->GetPrivilegeTableFromStack(context, callerDepth, PR_TRUE);
|
||||
nsCaps_lock();
|
||||
privTable->Put(target, nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Scope));
|
||||
privTable->Put(target, nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Scope));
|
||||
nsCaps_unlock();
|
||||
return PR_TRUE;
|
||||
}
|
||||
@ -268,7 +347,7 @@ nsPrivilegeManager::DisablePrivilege(void * context, nsTarget * target, PRInt32
|
||||
if (targ != target) return PR_FALSE;
|
||||
nsPrivilegeTable *privTable = this->GetPrivilegeTableFromStack(context, callerDepth, PR_TRUE);
|
||||
nsCaps_lock();
|
||||
privTable->Put(target, nsPrivilege::findPrivilege(nsPermissionState_Forbidden, nsDurationState_Scope));
|
||||
privTable->Put(target, nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Forbidden, nsIPrivilege::PrivilegeDuration_Scope));
|
||||
nsCaps_unlock();
|
||||
return PR_TRUE;
|
||||
}
|
||||
@ -367,7 +446,7 @@ nsPrivilegeManager::EnableScopePrivilegeHelper(void* context, nsTarget *target,
|
||||
nsIPrincipal * prefPrin)
|
||||
{
|
||||
nsPrivilegeTable *privTable;
|
||||
nsPrivilege * allowedScope;
|
||||
nsIPrivilege * allowedScope;
|
||||
PRBool res;
|
||||
|
||||
nsTarget * targ = nsTarget::FindTarget(target);
|
||||
@ -383,7 +462,7 @@ nsPrivilegeManager::EnableScopePrivilegeHelper(void* context, nsTarget *target,
|
||||
if (privTable == NULL) privTable = new nsPrivilegeTable();
|
||||
}
|
||||
|
||||
allowedScope = nsPrivilege::findPrivilege(nsPermissionState_Allowed, nsDurationState_Scope);
|
||||
allowedScope = nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Allowed, nsIPrivilege::PrivilegeDuration_Scope);
|
||||
this->UpdatePrivilegeTable(target, privTable, allowedScope);
|
||||
return privTable;
|
||||
}
|
||||
@ -391,9 +470,10 @@ nsPrivilegeManager::EnableScopePrivilegeHelper(void* context, nsTarget *target,
|
||||
PRBool
|
||||
nsPrivilegeManager::AskPermission(nsIPrincipal * useThisPrin, nsTarget * target, void * data)
|
||||
{
|
||||
/*
|
||||
PRBool ret_val = PR_FALSE;
|
||||
nsPrivilege* newPrivilege = NULL;
|
||||
/* Get the Lock to display the dialog */
|
||||
// Get the Lock to display the dialog
|
||||
nsCaps_lock();
|
||||
nsPrincipalArray* callerPrinArray = new nsPrincipalArray();
|
||||
callerPrinArray->Add(useThisPrin);
|
||||
@ -408,15 +488,15 @@ nsPrivilegeManager::AskPermission(nsIPrincipal * useThisPrin, nsTarget * target,
|
||||
// That is user should be prompted again when this applet
|
||||
// performs the same privileged operation
|
||||
//
|
||||
if ((!newPrivilege->isAllowed()) &&
|
||||
(newPrivilege->getDuration() == nsDurationState_Session)) {
|
||||
if ((!newPrivilege->IsAllowed()) &&
|
||||
(newPrivilege->GetDuration() == nsIPrivilege::PrivilegeDuration_Session)) {
|
||||
// "User didn't grant the " + target->getName() + " privilege.";
|
||||
ret_val = PR_FALSE;
|
||||
goto done;
|
||||
}
|
||||
this->SetPermission(useThisPrin, target, newPrivilege);
|
||||
// if newPrivilege is FORBIDDEN then throw an exception
|
||||
if (newPrivilege->isForbidden()) {
|
||||
if (newPrivilege->IsForbidden()) {
|
||||
// "User didn't grant the " + target->getName() + " privilege.";
|
||||
ret_val = PR_FALSE;
|
||||
goto done;
|
||||
@ -427,14 +507,13 @@ nsPrivilegeManager::AskPermission(nsIPrincipal * useThisPrin, nsTarget * target,
|
||||
done:
|
||||
delete callerPrinArray;
|
||||
nsCaps_unlock();
|
||||
*/
|
||||
return PR_TRUE;
|
||||
|
||||
}
|
||||
|
||||
void
|
||||
nsPrivilegeManager::SetPermission(nsIPrincipal * useThisPrin,
|
||||
nsTarget *target,
|
||||
nsPrivilege *newPrivilege)
|
||||
nsPrivilegeManager::SetPermission(nsIPrincipal * useThisPrin, nsTarget * target, nsIPrivilege * newPrivilege)
|
||||
{
|
||||
/*
|
||||
registerPrincipalAndSetPrivileges(useThisPrin, target, newPrivilege);
|
||||
@ -460,12 +539,10 @@ nsPrivilegeManager::SetPermission(nsIPrincipal * useThisPrin,
|
||||
|
||||
void
|
||||
nsPrivilegeManager::RegisterPrincipalAndSetPrivileges(nsIPrincipal * prin, nsTarget *target,
|
||||
nsPrivilege *newPrivilege)
|
||||
nsIPrivilege * newPrivilege)
|
||||
{
|
||||
nsPrivilegeTable *privTable;
|
||||
|
||||
this->RegisterPrincipal(prin);
|
||||
|
||||
//Store the list of targets for which the user has given privilege
|
||||
PrincipalKey prinKey(prin);
|
||||
nsCaps_lock();
|
||||
@ -479,21 +556,16 @@ nsPrivilegeManager::RegisterPrincipalAndSetPrivileges(nsIPrincipal * prin, nsTar
|
||||
|
||||
|
||||
void
|
||||
nsPrivilegeManager::UpdatePrivilegeTable(nsTarget *target, nsPrivilegeTable *privTable, nsPrivilege *newPrivilege)
|
||||
nsPrivilegeManager::UpdatePrivilegeTable(nsTarget *target, nsPrivilegeTable *privTable, nsIPrivilege * newPrivilege)
|
||||
{
|
||||
nsTargetArray * primitiveTargets = target->GetFlattenedTargetArray();
|
||||
nsPrivilege * oldPrivilege;
|
||||
nsPrivilege * privilege;
|
||||
nsIPrivilege * oldPrivilege, * privilege;
|
||||
nsTarget * primTarget;
|
||||
nsCaps_lock();
|
||||
for (int i = primitiveTargets->GetSize(); i-- > 0;) {
|
||||
primTarget = (nsTarget *)primitiveTargets->Get(i);
|
||||
oldPrivilege = privTable->Get(primTarget);
|
||||
if (oldPrivilege != NULL) {
|
||||
privilege = nsPrivilege::add(oldPrivilege, newPrivilege);
|
||||
} else {
|
||||
privilege = newPrivilege;
|
||||
}
|
||||
privilege = (oldPrivilege != NULL) ? nsPrivilegeManager::Add(oldPrivilege, newPrivilege) : newPrivilege;
|
||||
privTable->Put(primTarget, privilege);
|
||||
}
|
||||
nsCaps_unlock();
|
||||
@ -514,8 +586,10 @@ nsPrivilegeManager::CheckPrivilegeGranted(void* context, nsTarget *target, PRInt
|
||||
PRBool
|
||||
nsPrivilegeManager::CheckPrivilegeGranted(nsTarget *target, nsIPrincipal *prin, void *data)
|
||||
{
|
||||
nsPrivilege * privilege = this->GetPrincipalPrivilege(target, prin, data);
|
||||
return (privilege->isAllowed()) ? PR_TRUE : PR_FALSE;
|
||||
nsIPrivilege * privilege = this->GetPrincipalPrivilege(target, prin, data);
|
||||
PRBool allowed;
|
||||
privilege->IsAllowed(& allowed);
|
||||
return (allowed) ? PR_TRUE : PR_FALSE;
|
||||
}
|
||||
|
||||
PRBool
|
||||
@ -528,8 +602,8 @@ PRBool
|
||||
nsPrivilegeManager::CheckPrivilegeGranted(void* context, nsTarget *target, PRInt32 callerDepth, void *data)
|
||||
{
|
||||
nsPrincipalArray* callerPrinArray = GetClassPrincipalsFromStack(context, callerDepth);
|
||||
nsPermissionState privilege = GetPrincipalPrivilege(target, callerPrinArray, data);
|
||||
return (privilege == nsPermissionState_Allowed) ? PR_TRUE : PR_FALSE;
|
||||
PRInt16 privilegeState = GetPrincipalPrivilege(target, callerPrinArray, data);
|
||||
return (privilegeState == nsIPrivilege::PrivilegeState_Allowed) ? PR_TRUE : PR_FALSE;
|
||||
}
|
||||
|
||||
nsPrivilegeManager *
|
||||
@ -584,7 +658,7 @@ nsPrivilegeManager::GetUnknownPrincipal(void)
|
||||
return theUnknownPrincipal;
|
||||
}
|
||||
|
||||
nsSetComparisonType
|
||||
PRInt16
|
||||
nsPrivilegeManager::ComparePrincipalArray(nsPrincipalArray * p1, nsPrincipalArray * p2)
|
||||
{
|
||||
nsHashtable *p2Hashtable = new nsHashtable();
|
||||
@ -600,16 +674,16 @@ nsPrivilegeManager::ComparePrincipalArray(nsPrincipalArray * p1, nsPrincipalArra
|
||||
prin = (nsIPrincipal *)p1->Get(i);
|
||||
PrincipalKey prinKey(prin);
|
||||
value = (PRBool)p2Hashtable->Get(&prinKey);
|
||||
if (!value) return nsSetComparisonType_NoSubset;
|
||||
if (!value) return nsPrivilegeManager::SetComparisonType_NoSubset;
|
||||
if (value == PR_TRUE) p2Hashtable->Put(&prinKey, (void *)PR_FALSE);
|
||||
}
|
||||
for (i = p2->GetSize(); i-- > 0;) {
|
||||
prin = (nsIPrincipal *)p2->Get(i);
|
||||
PrincipalKey prinKey(prin);
|
||||
value = (PRBool)p2Hashtable->Get(&prinKey);
|
||||
if (value == PR_TRUE) return nsSetComparisonType_ProperSubset;
|
||||
if (value == PR_TRUE) return nsPrivilegeManager::SetComparisonType_ProperSubset;
|
||||
}
|
||||
return nsSetComparisonType_Equal;
|
||||
return nsPrivilegeManager::SetComparisonType_Equal;
|
||||
}
|
||||
|
||||
nsPrincipalArray*
|
||||
@ -690,14 +764,13 @@ nsPrivilegeManager::CheckMatchPrincipal(nsIPrincipal * prin, PRInt32 callerDepth
|
||||
return this->CheckMatchPrincipal(NULL, prin, callerDepth);
|
||||
}
|
||||
|
||||
|
||||
PRBool
|
||||
nsPrivilegeManager::CheckMatchPrincipal(void * context, nsIPrincipal * prin, PRInt32 callerDepth)
|
||||
{
|
||||
nsPrincipalArray *prinArray = new nsPrincipalArray();
|
||||
prinArray->Add(prin);
|
||||
nsPrincipalArray *classPrinArray = this->GetClassPrincipalsFromStack(context, callerDepth);
|
||||
return (this->ComparePrincipalArray(prinArray, classPrinArray) != nsSetComparisonType_NoSubset) ? PR_TRUE : PR_FALSE;
|
||||
nsPrincipalArray *prinArray = new nsPrincipalArray();
|
||||
prinArray->Add(prin);
|
||||
nsPrincipalArray *classPrinArray = this->GetClassPrincipalsFromStack(context, callerDepth);
|
||||
return (this->ComparePrincipalArray(prinArray, classPrinArray) != nsPrivilegeManager::SetComparisonType_NoSubset) ? PR_TRUE : PR_FALSE;
|
||||
}
|
||||
|
||||
static PRBool
|
||||
@ -748,14 +821,15 @@ nsPrivilegeManager::GetPrincipalFromString(char *prinName)
|
||||
static PRBool
|
||||
GetPermissionsString(nsHashKey * aKey, void * aData, void * closure)
|
||||
{
|
||||
/* Admin UI */
|
||||
/*
|
||||
TargetKey *targetKey = (TargetKey *) aKey;
|
||||
nsTarget *target = targetKey->itsTarget;
|
||||
nsPrivilege *priv = (nsPrivilege *)aData;
|
||||
nsIPrivilege * priv = (nsIPrivilege *)aData;
|
||||
char * desc = target->GetDescription();
|
||||
if (priv->isAllowedForever()) gForever = PR_sprintf_append(gForever, "<option>%s", desc);
|
||||
else if (priv->isForbiddenForever()) gDenied = PR_sprintf_append(gDenied, "<option>%s", desc);
|
||||
else if (priv->isAllowed()) gSession = PR_sprintf_append(gSession, "<option>%s", desc);
|
||||
*/
|
||||
return PR_TRUE;
|
||||
}
|
||||
|
||||
@ -876,42 +950,41 @@ nsPrivilegeManager::EnablePrivilegePrivate(void* context, nsTarget *target, nsIP
|
||||
? PR_FALSE : PR_TRUE;
|
||||
}
|
||||
|
||||
|
||||
nsPermissionState
|
||||
nsPrivilegeManager::GetPrincipalPrivilege(nsTarget *target, nsPrincipalArray* callerPrinArray,
|
||||
void *data)
|
||||
PRInt16
|
||||
nsPrivilegeManager::GetPrincipalPrivilege(nsTarget * target, nsPrincipalArray * callerPrinArray, void *data)
|
||||
{
|
||||
nsPrivilege *privilege;
|
||||
nsIPrivilege * privilege;
|
||||
nsIPrincipal * principal;
|
||||
PRBool isAllowed = PR_FALSE;
|
||||
for (int i = callerPrinArray->GetSize(); i-- > 0; ) {
|
||||
principal = (nsIPrincipal *)callerPrinArray->Get(i);
|
||||
privilege = this->GetPrincipalPrivilege(target, principal, data);
|
||||
if (privilege == NULL) continue;
|
||||
switch(privilege->getPermission()) {
|
||||
case nsPermissionState_Allowed: isAllowed = PR_TRUE;
|
||||
case nsPermissionState_Blank: continue;
|
||||
PRInt16 privilegeState;
|
||||
privilege->GetState(& privilegeState);
|
||||
switch(privilegeState) {
|
||||
case nsIPrivilege::PrivilegeState_Allowed: isAllowed = PR_TRUE;
|
||||
case nsIPrivilege::PrivilegeState_Blank: continue;
|
||||
default: PR_ASSERT(FALSE);
|
||||
case nsPermissionState_Forbidden: return nsPermissionState_Forbidden;
|
||||
case nsIPrivilege::PrivilegeState_Forbidden: return nsIPrivilege::PrivilegeState_Forbidden;
|
||||
}
|
||||
}
|
||||
return isAllowed ? nsPermissionState_Allowed : nsPermissionState_Blank;
|
||||
return (isAllowed) ? (PRInt16)nsIPrivilege::PrivilegeState_Allowed : (PRInt16)nsIPrivilege::PrivilegeState_Blank;
|
||||
}
|
||||
|
||||
nsPrivilege *
|
||||
nsPrivilegeManager::GetPrincipalPrivilege(nsTarget *target,nsIPrincipal * prin, void *data)
|
||||
nsIPrivilege *
|
||||
nsPrivilegeManager::GetPrincipalPrivilege(nsTarget *target, nsIPrincipal * prin, void *data)
|
||||
{
|
||||
if ( (prin == NULL) || (target == NULL) )
|
||||
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
|
||||
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
|
||||
if (this->GetSystemPrincipal() == prin)
|
||||
return nsPrivilege::findPrivilege(nsPermissionState_Allowed, nsDurationState_Session);
|
||||
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Allowed, nsIPrivilege::PrivilegeDuration_Session);
|
||||
PrincipalKey prinKey(prin);
|
||||
nsPrivilegeTable *privTable = (nsPrivilegeTable *) itsPrinToPrivTable->Get(&prinKey);
|
||||
if (privTable == NULL)
|
||||
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
|
||||
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
|
||||
nsTarget * tempTarget = nsTarget::FindTarget(target);
|
||||
if (tempTarget != target)
|
||||
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
|
||||
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
|
||||
return privTable->Get(target);
|
||||
}
|
||||
|
||||
@ -920,12 +993,12 @@ nsPrivilegeManager::IsPermissionGranted(nsTarget *target,
|
||||
nsPrincipalArray* callerPrinArray,
|
||||
void *data)
|
||||
{
|
||||
nsPermissionState privilege = this->GetPrincipalPrivilege(target, callerPrinArray, data);
|
||||
switch(privilege) {
|
||||
case nsPermissionState_Allowed: return PR_TRUE;
|
||||
PRInt16 privilegeState = this->GetPrincipalPrivilege(target, callerPrinArray, data);
|
||||
switch(privilegeState) {
|
||||
case nsIPrivilege::PrivilegeState_Allowed: return PR_TRUE;
|
||||
default: PR_ASSERT(PR_FALSE);
|
||||
case nsPermissionState_Forbidden:
|
||||
case nsPermissionState_Blank: return PR_FALSE;
|
||||
case nsIPrivilege::PrivilegeState_Forbidden:
|
||||
case nsIPrivilege::PrivilegeState_Blank: return PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
@ -940,6 +1013,7 @@ char *
|
||||
nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetArray,
|
||||
PRInt32 callerDepth, void *data)
|
||||
{
|
||||
/*
|
||||
struct NSJSJavaFrameWrapper *wrapper = NULL;
|
||||
nsTarget *target;
|
||||
nsPrivilegeTable *annotation;
|
||||
@ -965,11 +1039,9 @@ nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetA
|
||||
for ((*nsCapsGetStartFrameCallback)(wrapper);
|
||||
(!(*nsCapsIsEndOfFrameCallback)(wrapper));
|
||||
)
|
||||
{
|
||||
if ((*nsCapsIsValidFrameCallback)(wrapper)) {
|
||||
if (depth >= callerDepth) {
|
||||
scopePerm = nsPermissionState_Blank;
|
||||
prinPerm = nsPermissionState_Blank;
|
||||
scopePerm = prinPerm = nsIPrivilege::PrivilegeState_Blank;
|
||||
for (idx = 0; idx < noOfTargets; idx++) {
|
||||
target = (nsTarget *)targetArray->Get(idx);
|
||||
if (!target) {
|
||||
@ -979,13 +1051,11 @@ nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetA
|
||||
annotation =(nsPrivilegeTable *) (*nsCapsGetAnnotationCallback)(wrapper);
|
||||
prinArray = (nsPrincipalArray *) (*nsCapsGetPrincipalArrayCallback)(wrapper);
|
||||
|
||||
/*
|
||||
* When the Registration Mode flag is enabled, we allow secure
|
||||
* operations if and only iff the principal codebase is 'file:'.
|
||||
* That means we load files only after recognizing that they
|
||||
* reside on local harddrive. Any other code is considered as
|
||||
* dangerous and an exception will be thrown in such cases.
|
||||
*/
|
||||
if ((nsCapsGetRegistrationModeFlag()) && (prinArray != NULL)){
|
||||
noOfPrincipals = prinArray->GetSize();
|
||||
for (idx=0; idx < noOfPrincipals; idx++){
|
||||
@ -998,7 +1068,6 @@ nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetA
|
||||
}
|
||||
}
|
||||
}
|
||||
/*
|
||||
* frame->annotation holds a PrivilegeTable, describing
|
||||
* the scope privileges of this frame. We'll check
|
||||
* if it permits the target, and if so, we just return.
|
||||
@ -1013,24 +1082,20 @@ nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetA
|
||||
* insures that we don't have a non-permitted (attacker)
|
||||
* class somewhere in the call chain between the request
|
||||
* for scope privilege and the chedk for privilege.
|
||||
*/
|
||||
|
||||
/*
|
||||
* If there isn't a annotation, then we assume the default
|
||||
* value of blank and avoid allocating a new annotation.
|
||||
*/
|
||||
if (annotation) {
|
||||
privilege = annotation->Get(target);
|
||||
PR_ASSERT(privilege != NULL);
|
||||
perm = privilege->getPermission();
|
||||
perm = privilege->etPermission();
|
||||
scopePerm = nsPrivilege::add(perm, scopePerm);
|
||||
}
|
||||
if (prinArray != NULL) {
|
||||
/* XXX: We need to allow sub-classing of Target, so that
|
||||
XXX: We need to allow sub-classing of Target, so that
|
||||
* we would call the method on Developer Sub-class'ed Target.
|
||||
* That would allow us to implement Parameterized targets
|
||||
* May be checkPrivilegeEnabled should go back into Java.
|
||||
*/
|
||||
privilege = target->CheckPrivilegeEnabled(prinArray,data);
|
||||
PR_ASSERT(privilege != NULL);
|
||||
perm = privilege->getPermission();
|
||||
@ -1041,20 +1106,18 @@ nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetA
|
||||
? saw_non_system_code = PR_TRUE : saw_unsigned_principal = PR_TRUE;
|
||||
}
|
||||
}
|
||||
if (scopePerm == nsPermissionState_Allowed) goto done;
|
||||
if ((scopePerm == nsPermissionState_Forbidden) ||
|
||||
if (scopePerm == nsIPrivilege::PrivilegeState_Allowed) goto done;
|
||||
if ((scopePerm == nsIPrivilege::PrivilegeState_Forbidden) ||
|
||||
(saw_non_system_code &&
|
||||
(prinPerm != nsPermissionState_Allowed))) {
|
||||
(prinPerm != nsIPrivilege::PrivilegeState_Allowed))) {
|
||||
errMsg = "access to target forbidden";
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
}
|
||||
// if (!(* nsCapsGetNextFrameCallback)(wrapper, &depth)) break;
|
||||
/*
|
||||
* If we get here, there is no non-blank capability on the stack,
|
||||
* and there is no ClassLoader, thus give privilege for now
|
||||
*/
|
||||
if (saw_non_system_code) {
|
||||
errMsg = "access to target forbidden. Target was not enabled on stack (stack included non-system code)";
|
||||
goto done;
|
||||
@ -1062,13 +1125,13 @@ nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetA
|
||||
if (CMGetBoolPref("signed.applets.local_classes_have_30_powers")) goto done;
|
||||
errMsg = "access to target forbidden. Target was not enabled on stack (stack included only system code)";
|
||||
done:
|
||||
/*
|
||||
* If the Registration Mode flag is set and principals have
|
||||
* 'file:' code base, we set the error message to NULL.
|
||||
*/
|
||||
if ((nsCapsGetRegistrationModeFlag()) && !(saw_dangerous_code)) errMsg = NULL;
|
||||
(*nsCapsFreeNSJSJavaFrameWrapperCallback)(wrapper);
|
||||
return errMsg;
|
||||
*/
|
||||
return NULL;
|
||||
}
|
||||
|
||||
nsPrincipalArray *
|
||||
@ -1294,7 +1357,7 @@ RDF_RemovePrincipalsPrivilege(nsIPrincipal * prin, nsTarget *target)
|
||||
/* The following methods are used to save and load the persistent store */
|
||||
|
||||
void
|
||||
nsPrivilegeManager::Save(nsIPrincipal * prin, nsTarget *target, nsPrivilege *newPrivilege)
|
||||
nsPrivilegeManager::Save(nsIPrincipal * prin, nsTarget *target, nsIPrivilege *newPrivilege)
|
||||
{
|
||||
PRBool eq;
|
||||
prin->Equals(this->GetSystemPrincipal(), &eq);
|
||||
|
@ -19,10 +19,6 @@
|
||||
#include "nsPrivilegeTable.h"
|
||||
#include "nsPrivilegeManager.h"
|
||||
|
||||
//
|
||||
// PUBLIC METHODS
|
||||
//
|
||||
|
||||
nsPrivilegeTable::nsPrivilegeTable(void)
|
||||
{
|
||||
this->itsTable = NULL;
|
||||
@ -32,7 +28,6 @@ nsPrivilegeTable::~nsPrivilegeTable(void)
|
||||
{
|
||||
/* XXX: We need to incr and decr objects that we put into this hashtable.
|
||||
* There is a big memory leak.
|
||||
*
|
||||
* We need to delete all the entries in the privilege Table
|
||||
*/
|
||||
if (this->itsTable) delete this->itsTable;
|
||||
@ -42,44 +37,45 @@ nsPrivilegeTable::~nsPrivilegeTable(void)
|
||||
PRInt32
|
||||
nsPrivilegeTable::Size(void)
|
||||
{
|
||||
return (itsTable != NULL) ? itsTable->Count() : 0;
|
||||
return (this->itsTable != NULL) ? this->itsTable->Count() : 0;
|
||||
}
|
||||
|
||||
PRBool
|
||||
nsPrivilegeTable::IsEmpty(void)
|
||||
{
|
||||
return ((itsTable == NULL) && (itsTable->Count() == 0)) ? PR_TRUE : PR_FALSE;
|
||||
return ((this->itsTable == NULL) && (this->itsTable->Count() == 0)) ? PR_TRUE : PR_FALSE;
|
||||
}
|
||||
|
||||
nsPrivilege *
|
||||
nsIPrivilege *
|
||||
nsPrivilegeTable::Get(nsTarget *target)
|
||||
{
|
||||
if (itsTable == NULL)
|
||||
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
|
||||
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
|
||||
TargetKey targKey(target);
|
||||
nsPrivilege *priv = (nsPrivilege *) itsTable->Get(&targKey);
|
||||
nsIPrivilege * priv = (nsIPrivilege *) this->itsTable->Get(& targKey);
|
||||
return (priv == NULL)
|
||||
? nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session) : priv;
|
||||
? nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session)
|
||||
: priv;
|
||||
}
|
||||
|
||||
nsPrivilege *
|
||||
nsPrivilegeTable::Put(nsTarget * target, nsPrivilege * priv)
|
||||
nsIPrivilege *
|
||||
nsPrivilegeTable::Put(nsTarget * target, nsIPrivilege * priv)
|
||||
{
|
||||
nsCaps_lock();
|
||||
if (itsTable == NULL) this->itsTable = new nsHashtable();
|
||||
TargetKey targKey(target);
|
||||
nsPrivilege *priv2 = (nsPrivilege *)itsTable->Put(&targKey, (void *)priv);
|
||||
nsCaps_unlock();
|
||||
return priv2;
|
||||
nsCaps_lock();
|
||||
if (itsTable == NULL) this->itsTable = new nsHashtable();
|
||||
TargetKey targKey(target);
|
||||
nsIPrivilege * priv2 = (nsIPrivilege *)this->itsTable->Put(& targKey, (void *)priv);
|
||||
nsCaps_unlock();
|
||||
return priv2;
|
||||
}
|
||||
|
||||
nsPrivilege *
|
||||
nsPrivilegeTable::Remove(nsTarget *target)
|
||||
nsIPrivilege *
|
||||
nsPrivilegeTable::Remove(nsTarget * target)
|
||||
{
|
||||
if (itsTable == NULL) return NULL;
|
||||
TargetKey targKey(target);
|
||||
nsCaps_lock();
|
||||
nsPrivilege *priv = (nsPrivilege *)itsTable->Remove(&targKey);
|
||||
nsIPrivilege * priv = (nsIPrivilege *)this->itsTable->Remove(& targKey);
|
||||
nsCaps_unlock();
|
||||
return priv;
|
||||
}
|
||||
@ -87,21 +83,20 @@ nsPrivilegeTable::Remove(nsTarget *target)
|
||||
nsPrivilegeTable *
|
||||
nsPrivilegeTable::Clone(void)
|
||||
{
|
||||
nsCaps_lock();
|
||||
nsPrivilegeTable *newbie = new nsPrivilegeTable();
|
||||
if (itsTable != NULL) newbie->itsTable = itsTable->Clone();
|
||||
nsCaps_unlock();
|
||||
return newbie;
|
||||
nsCaps_lock();
|
||||
nsPrivilegeTable *newbie = new nsPrivilegeTable();
|
||||
if (itsTable != NULL) newbie->itsTable = itsTable->Clone();
|
||||
nsCaps_unlock();
|
||||
return newbie;
|
||||
}
|
||||
|
||||
void
|
||||
nsPrivilegeTable::Clear(void)
|
||||
{
|
||||
/* XXX: free the entries also */
|
||||
nsCaps_lock();
|
||||
delete itsTable;
|
||||
itsTable = NULL;
|
||||
nsCaps_unlock();
|
||||
/* XXX: free the entries also */
|
||||
nsCaps_lock();
|
||||
if (this->itsTable) delete this->itsTable;
|
||||
nsCaps_unlock();
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -17,16 +17,14 @@
|
||||
*/
|
||||
|
||||
#include "nsSystemPrivilegeTable.h"
|
||||
|
||||
//
|
||||
// PUBLIC METHODS
|
||||
//
|
||||
#include "nsPrivilegeManager.h"
|
||||
|
||||
nsSystemPrivilegeTable::nsSystemPrivilegeTable(void) : nsPrivilegeTable()
|
||||
{
|
||||
}
|
||||
|
||||
nsPrivilege * nsSystemPrivilegeTable::get(nsTarget *a)
|
||||
nsIPrivilege *
|
||||
nsSystemPrivilegeTable::Get(nsTarget *a)
|
||||
{
|
||||
return nsPrivilege::findPrivilege(nsPermissionState_Allowed, nsDurationState_Forever);
|
||||
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Allowed, nsIPrivilege::PrivilegeDuration_Forever);
|
||||
}
|
||||
|
@ -770,37 +770,39 @@ nsTarget::FindTarget(char * name, nsIPrincipal * prin)
|
||||
return ret_val;
|
||||
}
|
||||
|
||||
nsPrivilege *
|
||||
//WHAT THE HELL IS VOID * DATA????????????????????????????????????????????????????
|
||||
|
||||
nsIPrivilege *
|
||||
nsTarget::CheckPrivilegeEnabled(nsPrincipalArray * prinArray, void * data)
|
||||
{
|
||||
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
|
||||
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
|
||||
}
|
||||
|
||||
nsPrivilege *
|
||||
nsIPrivilege *
|
||||
nsTarget::CheckPrivilegeEnabled(nsPrincipalArray* prinArray)
|
||||
{
|
||||
return this->CheckPrivilegeEnabled(prinArray, NULL);
|
||||
}
|
||||
|
||||
nsPrivilege *
|
||||
nsIPrivilege *
|
||||
nsTarget::CheckPrivilegeEnabled(nsIPrincipal *p, void *data)
|
||||
{
|
||||
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
|
||||
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
|
||||
}
|
||||
|
||||
nsPrivilege *
|
||||
nsIPrivilege *
|
||||
nsTarget::EnablePrivilege(nsIPrincipal * prin, void *data)
|
||||
{
|
||||
PRBool eq;
|
||||
itsPrincipal->Equals(prin, & eq);
|
||||
return (eq) ? nsPrivilege::findPrivilege(nsPermissionState_Allowed, nsDurationState_Session)
|
||||
: nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
|
||||
return (eq) ? nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Allowed, nsIPrivilege::PrivilegeDuration_Session)
|
||||
: nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
|
||||
}
|
||||
|
||||
nsPrivilege *
|
||||
nsIPrivilege *
|
||||
nsTarget::GetPrincipalPrivilege(nsIPrincipal * prin, void *data)
|
||||
{
|
||||
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
|
||||
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
|
||||
}
|
||||
|
||||
nsTargetArray *
|
||||
|
@ -33,7 +33,7 @@ static PRBool displayUI=PR_FALSE;
|
||||
static nsPermState
|
||||
displayPermissionDialog(char *prinStr, char *targetStr, char *riskStr, PRBool isCert, void *cert)
|
||||
{
|
||||
return nsJSJavaDisplayDialog(prinStr, targetStr, riskStr, isCert, cert);
|
||||
return nsJSJavaDisplayDialog(prinStr, targetStr, riskStr, isCert, cert);
|
||||
|
||||
}
|
||||
|
||||
@ -41,62 +41,25 @@ displayPermissionDialog(char *prinStr, char *targetStr, char *riskStr, PRBool is
|
||||
} /* extern "C" */
|
||||
#endif /* __cplusplus */
|
||||
|
||||
|
||||
//
|
||||
// PUBLIC METHODS
|
||||
//
|
||||
|
||||
nsUserTarget::~nsUserTarget(void)
|
||||
{
|
||||
}
|
||||
|
||||
#define OPTION "<option>"
|
||||
nsPrivilege *
|
||||
nsUserTarget::EnablePrivilege(nsIPrincipal *prin, void *data)
|
||||
nsIPrivilege *
|
||||
nsUserTarget::EnablePrivilege(nsIPrincipal * prin, void *data)
|
||||
{
|
||||
char * riskStr = this->GetRisk();
|
||||
char * desc = this->GetDescription();
|
||||
char * prinStr;
|
||||
prin->ToString(& prinStr);
|
||||
char * targetStr = new char[strlen(OPTION) + strlen(desc) + 1];
|
||||
XP_STRCPY(targetStr, OPTION);
|
||||
XP_STRCAT(targetStr, desc);
|
||||
PRInt16 prinType;
|
||||
prin->GetType(& prinType);
|
||||
// void *cert;
|
||||
// if(prinType == (PRInt16) nsIPrincipal::PrincipalType_Certificate)
|
||||
// cert = ((nsICertificatePrincipal *) prin)->GetCertificate();
|
||||
nsPermState permState = nsPermState_AllowedSession;
|
||||
/*
|
||||
* Check Registration Mode flag and the url code base
|
||||
* to set permission state
|
||||
*/
|
||||
// if ((nsCapsGetRegistrationModeFlag()) && (prin != NULL)) {
|
||||
// if (prinType == (PRInt16) nsIPrincipal::PrincipalType_Codebase) permState = nsPermState_AllowedSession;
|
||||
// } else if (displayUI) {
|
||||
/* set displayUI to TRUE, to enable UI */
|
||||
// nsCaps_lock();
|
||||
// permState = displayPermissionDialog(prinStr, targetStr, riskStr,
|
||||
// isCert, cert);
|
||||
// nsCaps_unlock();
|
||||
// }
|
||||
|
||||
nsPermissionState permVal;
|
||||
nsDurationState durationVal;
|
||||
|
||||
if (permState == nsPermState_AllowedForever) {
|
||||
permVal = nsPermissionState_Allowed;
|
||||
durationVal = nsDurationState_Forever;
|
||||
} else if (permState == nsPermState_AllowedSession) {
|
||||
permVal = nsPermissionState_Allowed;
|
||||
durationVal = nsDurationState_Session;
|
||||
} else if (permState == nsPermState_ForbiddenForever) {
|
||||
permVal = nsPermissionState_Forbidden;
|
||||
durationVal = nsDurationState_Forever;
|
||||
} else {
|
||||
permVal = nsPermissionState_Blank;
|
||||
durationVal = nsDurationState_Session;
|
||||
}
|
||||
delete []targetStr;
|
||||
return nsPrivilege::findPrivilege(permVal, durationVal);
|
||||
PRInt16 privState = nsIPrivilege::PrivilegeState_Allowed;
|
||||
PRInt16 privDuration = nsIPrivilege::PrivilegeDuration_Session;
|
||||
if ((nsCapsGetRegistrationModeFlag()) && (prin != NULL)) {
|
||||
if (prinType == (PRInt16) nsIPrincipal::PrincipalType_CodebaseExact
|
||||
||
|
||||
prinType == (PRInt16) nsIPrincipal::PrincipalType_CodebaseRegex) {
|
||||
privState = nsIPrivilege::PrivilegeState_Allowed;
|
||||
privDuration = nsIPrivilege::PrivilegeDuration_Session;
|
||||
}
|
||||
}
|
||||
return nsPrivilegeManager::FindPrivilege(privState, privDuration);
|
||||
}
|
@ -25,6 +25,7 @@
|
||||
#include "nsIScriptObjectOwner.h"
|
||||
#include "nspr.h"
|
||||
#include "plstr.h"
|
||||
#include "nsPrivilegeManager.h"
|
||||
#include "nsIScriptGlobalObject.h"
|
||||
#include "nsIScriptGlobalObjectData.h"
|
||||
#include "nsIPref.h"
|
||||
@ -492,7 +493,7 @@ nsJSSecurityManager::CanAccessTarget(JSContext *aCx, PRInt16 aTarget, PRBool* aR
|
||||
PRBool
|
||||
nsJSSecurityManager::PrincipalsCanAccessTarget(JSContext *aCx, PRInt16 aTarget)
|
||||
{
|
||||
struct nsPrivilegeTable *annotation;
|
||||
nsPrivilegeTable * annotation;
|
||||
JSStackFrame *fp;
|
||||
void *annotationRef;
|
||||
void *principalArray = nsnull;
|
||||
@ -552,7 +553,7 @@ nsJSSecurityManager::PrincipalsCanAccessTarget(JSContext *aCx, PRInt16 aTarget)
|
||||
}
|
||||
|
||||
if (annotationRef) {
|
||||
annotation = (struct nsPrivilegeTable *)annotationRef;
|
||||
annotation = (nsPrivilegeTable *)annotationRef;
|
||||
}
|
||||
else {
|
||||
#ifdef OJI
|
||||
@ -1909,10 +1910,10 @@ nsJSSecurityManager::PrincipalsEqual(JSContext *aCx, JSPrincipals *aPrinA, JSPri
|
||||
void* arrayA = aPrinA->getPrincipalArray(aCx, aPrinA);
|
||||
void* arrayB = aPrinB->getPrincipalArray(aCx, aPrinB);
|
||||
|
||||
nsSetComparisonType prinCompare;
|
||||
mCapsManager->ComparePrincipalArray(arrayA, arrayB, &prinCompare);
|
||||
PRInt16 comparisonType;
|
||||
mCapsManager->ComparePrincipalArray(arrayA, arrayB, & comparisonType);
|
||||
|
||||
return (PRBool)(nsSetComparisonType_Equal == prinCompare);
|
||||
return (PRBool)(nsPrivilegeManager::SetComparisonType_Equal == comparisonType);
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
|
Loading…
Reference in New Issue
Block a user