removed some enums and migrated them into nsPrivilege, nsIPrivilege and

nsPrivilegemanager. cleaning up some old code from the security module
and refining their api's and such like.
This commit is contained in:
arielb%netscape.com 1999-07-27 00:50:59 +00:00
parent f8f082ef18
commit d00edf950d
34 changed files with 661 additions and 911 deletions

View File

@ -21,7 +21,7 @@ VPATH = @srcdir@
include $(DEPTH)/config/autoconf.mk
DIRS = idl public include src
DIRS = idl public include src
include $(topsrcdir)/config/rules.mk

View File

@ -1,3 +1,4 @@
nsIPrincipal.idl
nsIScriptSecurityManager.idl
nsICapsSecurityCallbacks.idl
nsICapsSecurityCallbacks.idl
nsIPrivilege.idl

View File

@ -15,19 +15,20 @@
# Copyright (C) 1999 Netscape Communications Corporation. All Rights
# Reserved.
DEPTH = ../..
topsrcdir = @top_srcdir@
srcdir = @srcdir@
VPATH = @srcdir@
DEPTH = ../..
topsrcdir = @top_srcdir@
srcdir = @srcdir@
VPATH = @srcdir@
include $(DEPTH)/config/autoconf.mk
MODULE = caps
XPIDLSRCS = \
nsIScriptSecurityManager.idl \
nsICapsSecurityCallbacks.idl \
nsIPrincipal.idl \
$(NULL)
nsIScriptSecurityManager.idl \
nsICapsSecurityCallbacks.idl \
nsIPrincipal.idl \
nsIPrivilege.idl \
$(NULL)
include $(topsrcdir)/config/rules.mk

View File

@ -20,10 +20,10 @@ DEPTH=..\..
MODULE=caps
XPIDLSRCS= \
.\nsIScriptSecurityManager.idl \
.\nsIScriptSecurityManager.idl \
.\nsICapsSecurityCallbacks.idl \
.\nsIPrincipal.idl \
$(NULL)
.\nsIPrincipal.idl \
.\nsIPrivilege.idl \
$(NULL)
include <$(DEPTH)\config\rules.mak>

45
caps/idl/nsIPrivilege.idl Normal file
View File

@ -0,0 +1,45 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1999 Netscape Communications Corporation. All Rights
* Reserved.
*/
#include "nsISupports.idl"
[uuid(0bbbb636-3e11-11d3-ba10-0060b0f199a2)]
interface nsIPrivilege : nsISupports
{
const short PrivilegeState_Blank = 0;
const short PrivilegeState_Forbidden = 1;
const short PrivilegeState_Allowed = 2;
const short PrivilegeState_NumberOfPrivileges = 3;
const short PrivilegeDuration_Blank = 0;
const short PrivilegeDuration_Scope = 1;
const short PrivilegeDuration_Session = 2;
const short PrivilegeDuration_Forever = 3;
const short PrivilegeDuration_NumberOfDurations = 4;
void GetState(out short state);
void SetState(in short state);
void GetDuration(out short duration);
void SetDuration(in short duration);
void SameState(in nsIPrivilege other, out boolean res);
void SameDuration(in nsIPrivilege other, out boolean res);
void IsAllowed(out boolean result);
void IsForbidden(out boolean result);
void IsBlank(out boolean result);
void ToString(out string result);
void Equals(in nsIPrivilege priv, out boolean res);
};

View File

@ -1,7 +1,6 @@
admin.h
jpermission.h
nsCaps.h
nsCapsEnums.h
nsCCapsManager.h
nsCCapsManagerFactory.h
nsCertificatePrincipal.h
@ -17,9 +16,3 @@ nsUserDialogHelper.h
nsUserTarget.h
nsZig.h
nsZip.h

View File

@ -23,26 +23,25 @@ VPATH = @srcdir@
include $(DEPTH)/config/autoconf.mk
EXPORTS = \
admin.h \
jpermission.h \
nsCaps.h \
nsCapsEnums.h \
nsCCapsManager.h \
nsCCapsManagerFactory.h \
nsCertificatePrincipal.h \
nsCodebasePrincipal.h \
nsLoadZig.h \
nsPrincipalTools.h \
nsPrivilege.h \
nsPrivilegeManager.h \
nsPrivilegeTable.h \
nsSystemPrivilegeTable.h \
nsTarget.h \
nsUserDialogHelper.h \
nsUserTarget.h \
nsZig.h \
nsZip.h
EXPORTS = \
admin.h \
jpermission.h \
nsCaps.h \
nsCCapsManager.h \
nsCCapsManagerFactory.h \
nsCertificatePrincipal.h \
nsCodebasePrincipal.h \
nsLoadZig.h \
nsPrincipalTools.h \
nsPrivilege.h \
nsPrivilegeManager.h \
nsPrivilegeTable.h \
nsSystemPrivilegeTable.h \
nsTarget.h \
nsUserDialogHelper.h \
nsUserTarget.h \
nsZig.h \
nsZip.h
EXPORTS := $(addprefix $(srcdir)/, $(EXPORTS))

View File

@ -29,25 +29,24 @@ IGNORE_MANIFEST=1
MODULE=caps
DEPTH=..\..
EXPORTS= \
admin.h \
jpermission.h \
nsCaps.h \
nsCapsEnums.h \
nsCCapsManager.h \
nsCCapsManagerFactory.h \
nsCertificatePrincipal.h \
nsCodebasePrincipal.h \
nsLoadZig.h \
nsPrincipalTools.h \
nsPrivilege.h \
nsPrivilegeManager.h \
nsPrivilegeTable.h \
nsSystemPrivilegeTable.h \
nsTarget.h \
nsUserDialogHelper.h \
nsUserTarget.h \
nsZig.h \
nsZip.h
admin.h \
jpermission.h \
nsCaps.h \
nsCCapsManager.h \
nsCCapsManagerFactory.h \
nsCertificatePrincipal.h \
nsCodebasePrincipal.h \
nsLoadZig.h \
nsPrincipalTools.h \
nsPrivilege.h \
nsPrivilegeManager.h \
nsPrivilegeTable.h \
nsSystemPrivilegeTable.h \
nsTarget.h \
nsUserDialogHelper.h \
nsUserTarget.h \
nsZig.h \
nsZip.h
include <$(DEPTH)/config/rules.mak>

View File

@ -16,10 +16,11 @@
* Reserved.
*/
#ifndef _NS_CCAPS_MANANGER_H_
#ifndef _NS_CCAPS_MANAGER_H_
#define _NS_CCAPS_MANAGER_H_
#include "nsIPrincipal.h"
#include "nsIPrivilege.h"
#include "nsISupports.h"
#include "nsICapsManager.h"
#include "nsAgg.h"
@ -47,7 +48,7 @@ NS_IMETHOD
CreateCodebasePrincipal(const char *codebaseURL, nsIPrincipal** prin);
NS_IMETHOD
CreateCertPrincipal(const unsigned char **certChain, PRUint32 *certChainLengths, PRUint32 noOfCerts, nsIPrincipal** prin);
CreateCertificatePrincipal(const unsigned char **certChain, PRUint32 *certChainLengths, PRUint32 noOfCerts, nsIPrincipal** prin);
/**
* Creates a CodeSourcePrincipal, which has both nsICodebasePrincipal
@ -70,7 +71,7 @@ CreateCodeSourcePrincipal(const unsigned char **certChain, PRUint32 *certChainLe
* @param state - the return value is passed in this parameter.
*/
NS_IMETHOD
GetPermission(nsIPrincipal * prin, nsTarget * target, nsPermission * state);
GetPermission(nsIPrincipal * prin, nsTarget * target, PRInt16 * privilegeState);
/**
* Set the permission state for given principal and target. This wouldn't
@ -82,7 +83,7 @@ GetPermission(nsIPrincipal * prin, nsTarget * target, nsPermission * state);
* and target parameters.
*/
NS_IMETHOD
SetPermission(nsIPrincipal * prin, nsTarget* target, nsPermission state);
SetPermission(nsIPrincipal * prin, nsTarget* target, PRInt16 * privilegeState);
/**
* Prompts the user if they want to grant permission for the given principal and
@ -94,7 +95,7 @@ SetPermission(nsIPrincipal * prin, nsTarget* target, nsPermission state);
* target
*/
NS_IMETHOD
AskPermission(nsIPrincipal * prin, nsTarget * target, nsPermission * result);
AskPermission(nsIPrincipal * prin, nsTarget * target, PRInt16 * privilegeState);
@ -113,7 +114,7 @@ NS_IMETHOD
Initialize(PRBool * result);
NS_IMETHOD
InitializeFrameWalker(nsICapsSecurityCallbacks* aInterface);
InitializeFrameWalker(nsICapsSecurityCallbacks * aInterface);
/**
* Registers the given Principal with the system.
@ -185,7 +186,7 @@ DisablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRB
* This is a first cut. I need to talk to joki. We should get rid of void* parameters.
*/
NS_IMETHOD
ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetComparisonType *result);
ComparePrincipalArray(void* prin1Array, void* prin2Array, PRInt16 * comparisonType);
NS_IMETHOD
IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *result);
@ -193,21 +194,6 @@ IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *result);
NS_IMETHOD
CanExtendTrust(void* fromPrinArray, void* toPrinArray, PRBool *result);
/* interfaces for nsIPrincipal object, may be we should move some of them to nsIprincipal */
/*
NS_IMETHOD
NewPrincipal(PRInt16 prinType, void* key, PRUint32 key_len, void *zig, nsIPrincipal* *result);
NS_IMETHOD
IsCodebaseExact(nsIPrincipal* principal, PRBool *result);
NS_IMETHOD
ToString(nsIPrincipal* principal, char* *result);
NS_IMETHOD
GetVendor(nsIPrincipal* principal, char* *result);
*/
NS_IMETHOD
CreateMixedPrincipalArray(void *zig, char* name, const char* codebase, void** result);
@ -250,12 +236,6 @@ GetNSPrincipal(nsIPrincipal * pNSIPrincipal, nsIPrincipal ** ppNSPRincipal);
NS_METHOD
GetNSPrincipalArray(nsPrincipalArray* prinArray, nsPrincipalArray* *pPrincipalArray);
nsPermission
ConvertPrivilegeToPermission(nsPrivilege *pNSPrivilege);
nsPrivilege *
ConvertPermissionToPrivilege(nsPermission state);
void
SetSystemPrivilegeManager();

View File

@ -20,14 +20,14 @@
#define _NS_CAPS_H_
#include "prtypes.h"
#include "nsCapsEnums.h"
PR_BEGIN_EXTERN_C
class nsTarget;
class nsIPrincipal;
class nsIPrivilege;
class nsPrivilegeTable;
struct nsPrivilegeManager;
struct nsPrivilege;
struct NSJSJavaFrameWrapper;
/* wrappers for nsPrivilegeManager object */
@ -52,7 +52,7 @@ nsCapsDisablePrivilege(void* context, class nsTarget *target, PRInt32 callerDept
PR_EXTERN(void*)
nsCapsGetClassPrincipalsFromStack(void* context, PRInt32 callerDepth);
PR_EXTERN(nsSetComparisonType)
PR_EXTERN(PRInt16)
nsCapsComparePrincipalArray(void* prin1Array, void* prin2Array);
PR_EXTERN(void*)
@ -99,12 +99,12 @@ nsCapsFindTarget(char *name);
/* wrappers for nsPrivilege object */
PR_EXTERN(nsPermissionState)
nsCapsGetPermission(struct nsPrivilege *privilege);
PR_EXTERN(PRInt16)
nsCapsGetPermission(class nsIPrivilege * privilege);
/* wrappers for nsPrivilegeTable object */
PR_EXTERN(nsPrivilege *)
PR_EXTERN(nsIPrivilege *)
nsCapsGetPrivilege(nsPrivilegeTable * annotation, class nsTarget * target);
/* Methods for stack walking */

View File

@ -1,24 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All Rights
* Reserved.
*/
#ifndef _NS_CAPS_ENUMS_H_
#define _NS_CAPS_ENUMS_H_
#include "nsCapsPublicEnums.h"
#endif /* _NS_CAPS_ENUMS_H_ */

View File

@ -19,103 +19,55 @@
#ifndef _NS_PRIVILEGE_H_
#define _NS_PRIVILEGE_H_
#include "nsIPrivilege.h"
#include "prtypes.h"
//#include "nsCaps.h"
#include "nsCapsEnums.h"
PRBool nsPrivilegeInitialize(void);
struct nsPrivilege {
class nsPrivilege : public nsIPrivilege {
public:
/* Public Field Accessors */
nsPermissionState itsPerm;
nsDurationState itsDuration;
NS_DECL_ISUPPORTS
/* Public Methods */
nsPrivilege(nsPermissionState perm, nsDurationState duration);
NS_IMETHOD
GetState(PRInt16 * state);
NS_IMETHOD
SetState(PRInt16 state);
NS_IMETHOD
GetDuration(PRInt16 * duration);
NS_IMETHOD
SetDuration(PRInt16 duration);
NS_IMETHOD
SameState(nsIPrivilege * other, PRBool * result);
NS_IMETHOD
SameDuration(nsIPrivilege * other, PRBool * result);
NS_IMETHOD
IsAllowed(PRBool * result);
NS_IMETHOD
IsForbidden(PRBool * result);
NS_IMETHOD
IsBlank(PRBool * result);
NS_IMETHOD
ToString(char * * result);
NS_IMETHOD
Equals(nsIPrivilege * perm, PRBool * res);
nsPrivilege(PRInt16 state, PRInt16 duration);
virtual ~nsPrivilege(void);
static nsPrivilege * findPrivilege(nsPermissionState permission, nsDurationState duration);
static nsPermissionState add(nsPermissionState perm1, nsPermissionState perm2);
static nsPrivilege * add(nsPrivilege *privilege1, nsPrivilege *privilege2);
PRBool samePermission(nsPrivilege *privilege);
PRBool samePermission(nsPermissionState perm);
PRBool sameDuration(nsPrivilege *privilege);
PRBool sameDuration(nsDurationState duration);
PRBool isAllowed(void);
PRBool isAllowedForever(void);
PRBool isForbidden(void);
PRBool isForbiddenForever(void);
PRBool isBlank(void);
nsPermissionState getPermission(void);
nsDurationState getDuration(void);
static nsPrivilege * findPrivilege(char *privStr);
char * toString(void);
private:
/* Private Field Accessors */
char *itsString;
static PRBool theInited;
/* Private Methods */
protected:
PRInt16 itsState;
PRInt16 itsDuration;
char * itsString;
};
/**
* add() method takes two permissions and returns a new permission.
* Permission addition follows these rules:
* <pre>
* ALLOWED + ALLOWED = ALLOWED 1 + 1 = 1
* ALLOWED + BLANK = ALLOWED 1 + 2 = 1
* BLANK + BLANK = BLANK 2 + 2 = 2
* ALLOWED + FORBIDDEN = FORBIDDEN 1 + 0 = 0
* BLANK + FORBIDDEN = FORBIDDEN 2 + 0 = 0
* FORBIDDEN + FORBIDDEN = FORBIDDEN 0 + 0 = 0
* </pre>
*
* @return the permission that results from the above rules
* <p>
* Note: there are two versions of add(). One adds two Privilege
* objects. The other just adds permissions (as returned by
* <a href="#getPermission">getPermission()</a>).
*/
/* XXX: Whenever you change the value of FORBIDDEN, ALLOWED and BLANK
* make sure they obey the laws mentioned in add() method.
*/
inline nsPermissionState nsPrivilege::add(nsPermissionState p1, nsPermissionState p2)
{
if (p1 < p2)
return p1;
else
return p2;
}
inline nsPrivilege * nsPrivilege::add(nsPrivilege *p1, nsPrivilege *p2)
{
if (p1->itsPerm < p2->itsPerm)
return p1;
else
return p2;
}
#endif /* _NS_PRIVILEGE_H_ */

View File

@ -28,10 +28,9 @@
#include "nsTarget.h"
#include "nsIPrincipal.h"
#include "nsPrincipalTools.h"
#include "nsPrivilege.h"
#include "nsIPrivilege.h"
#include "nsPrivilegeTable.h"
#include "nsSystemPrivilegeTable.h"
#include "nsCapsEnums.h"
extern PRBool nsCaps_lock(void);
extern void nsCaps_unlock(void);
@ -45,11 +44,26 @@ PRBool nsPrivilegeManagerInitialize(void);
struct nsPrivilegeManager {
public:
/* Public Methods */
enum { SetComparisonType_ProperSubset=-1 };
enum { SetComparisonType_Equal=0 };
enum { SetComparisonType_NoSubset=1 };
nsPrivilegeManager(void);
virtual ~nsPrivilegeManager(void);
static nsIPrivilege *
FindPrivilege(PRInt16 privState, PRInt16 privDuration);
static nsIPrivilege *
FindPrivilege(nsIPrivilege * perm);
static nsIPrivilege *
FindPrivilege(char * privStr);
static nsIPrivilege *
Add(nsIPrivilege * privilege1, nsIPrivilege * privilege2);
void
RegisterSystemPrincipal(nsIPrincipal * principal);
@ -64,24 +78,24 @@ IsPrivilegeEnabled(nsTarget *target, PRInt32 callerDepth);
PRBool
IsPrivilegeEnabled(void* context, nsTarget *target,
PRInt32 callerDepth);
PRInt32 callerDepth);
PRBool
EnablePrivilege(nsTarget *target, PRInt32 callerDepth);
EnablePrivilege(nsTarget * target, PRInt32 callerDepth);
PRBool
EnablePrivilege(void* context, nsTarget *target, PRInt32 callerDepth);
EnablePrivilege(void * context, nsTarget * target, PRInt32 callerDepth);
PRBool
EnablePrivilege(nsTarget *target, nsIPrincipal *preferredPrincipal,
PRInt32 callerDepth);
EnablePrivilege(nsTarget * target, nsIPrincipal * preferredPrincipal,
PRInt32 callerDepth);
PRBool
EnablePrivilege(void* context, nsTarget *target, nsIPrincipal * preferredPrincipal,
PRInt32 callerDepth);
PRInt32 callerDepth);
PRBool
RevertPrivilege(nsTarget *target, PRInt32 callerDepth);
RevertPrivilege(nsTarget * target, PRInt32 callerDepth);
PRBool
RevertPrivilege(void* context, nsTarget *target, PRInt32 callerDepth);
@ -90,7 +104,7 @@ PRBool
DisablePrivilege(nsTarget *target, PRInt32 callerDepth);
PRBool
DisablePrivilege(void* context, nsTarget *target, PRInt32 callerDepth);
DisablePrivilege(void * context, nsTarget *target, PRInt32 callerDepth);
PRBool
EnablePrincipalPrivilegeHelper(nsTarget *target, PRInt32 callerDepth,
@ -121,32 +135,30 @@ PRBool
AskPermission(nsIPrincipal * useThisPrin, nsTarget* target, void* data);
void
SetPermission(nsIPrincipal * useThisPrin, nsTarget * target, nsPrivilege * newPrivilege);
SetPermission(nsIPrincipal * useThisPrin, nsTarget * target, nsIPrivilege * newPrivilege);
void
RegisterPrincipalAndSetPrivileges(nsIPrincipal * principal, nsTarget * target, nsPrivilege * newPrivilege);
RegisterPrincipalAndSetPrivileges(nsIPrincipal * principal, nsTarget * target, nsIPrivilege * newPrivilege);
void
UpdatePrivilegeTable(nsTarget *target, nsPrivilegeTable * privTable, nsPrivilege * newPrivilege);
UpdatePrivilegeTable(nsTarget *target, nsPrivilegeTable * privTable, nsIPrivilege * newPrivilege);
PRBool
CheckPrivilegeGranted(nsTarget *target, PRInt32 callerDepth);
PRBool
CheckPrivilegeGranted(void* context, nsTarget *target,
PRInt32 callerDepth);
CheckPrivilegeGranted(void* context, nsTarget *target, PRInt32 callerDepth);
PRBool
CheckPrivilegeGranted(nsTarget *target, nsIPrincipal * principal, void *data);
CheckPrivilegeGranted(nsTarget * target, nsIPrincipal * principal, void *data);
PRBool
CheckPrivilegeGranted(nsTarget *target, PRInt32 callerDepth, void *data);
CheckPrivilegeGranted(nsTarget * target, PRInt32 callerDepth, void * data);
PRBool
CheckPrivilegeGranted(void * context, nsTarget * target,
PRInt32 callerDepth, void * data);
CheckPrivilegeGranted(void * context, nsTarget * target, PRInt32 callerDepth, void * data);
nsPrivilege *
nsIPrivilege *
GetPrincipalPrivilege(nsTarget * target, nsIPrincipal * prin, void * data);
static nsPrivilegeManager *
@ -170,7 +182,7 @@ GetUnsignedPrincipal(void);
static nsIPrincipal *
GetUnknownPrincipal(void);
nsSetComparisonType
PRInt16
ComparePrincipalArray(nsPrincipalArray * prin1Array, nsPrincipalArray * prin2Array);
nsPrincipalArray *
@ -201,7 +213,6 @@ RemovePrincipal(char *prinName);
PRBool
RemovePrincipalsPrivilege(char *prinName, char *targetName);
void
Remove(nsIPrincipal *prin, nsTarget *target);
@ -241,14 +252,14 @@ static PRBool theInited;
/* Private Methods */
void
AddToPrinNameToPrincipalTable(nsIPrincipal *prin);
AddToPrincipalNameToPrincipalTable(nsIPrincipal * prin);
PRBool
EnablePrivilegePrivate(void* context, nsTarget *target, nsIPrincipal *preferredPrincipal,
PRInt32 callerDepth);
PRInt32 callerDepth);
nsPermissionState
GetPrincipalPrivilege(nsTarget *target, nsPrincipalArray* callerPrinArray, void * data);
PRInt16
GetPrincipalPrivilege(nsTarget * target, nsPrincipalArray * callerPrinArray, void * data);
PRBool
IsPermissionGranted(nsTarget *target, nsPrincipalArray* callerPrinArray, void *data);
@ -256,7 +267,7 @@ IsPermissionGranted(nsTarget *target, nsPrincipalArray* callerPrinArray, void *d
/* The following methods are used to save and load the persistent store */
void
Save(nsIPrincipal *prin, nsTarget *target, nsPrivilege *newPrivilege);
Save(nsIPrincipal * prin, nsTarget * target, nsIPrivilege * newPrivilege);
void
Load(void);

View File

@ -23,7 +23,7 @@
#include "nsHashtable.h"
#include "nsCaps.h"
#include "nsTarget.h"
#include "nsPrivilege.h"
#include "nsIPrivilege.h"
class nsPrivilegeTable {
@ -36,11 +36,11 @@ public:
PRBool IsEmpty(void);
virtual nsPrivilege * Get(nsTarget * t);
virtual nsIPrivilege * Get(nsTarget * t);
nsPrivilege * Put(nsTarget * a, nsPrivilege * priv);
nsIPrivilege * Put(nsTarget * a, nsIPrivilege * priv);
nsPrivilege * Remove(nsTarget * key);
nsIPrivilege * Remove(nsTarget * key);
nsPrivilegeTable * Clone(void);

View File

@ -20,7 +20,7 @@
#define _NS_SYSTEM_PRIVILEGE_TABLE_H_
#include "nsTarget.h"
#include "nsPrivilege.h"
#include "nsIPrivilege.h"
#include "nsPrivilegeTable.h"
#include "nsCom.h"
@ -32,7 +32,7 @@ public:
/* Public Methods */
nsSystemPrivilegeTable(void);
virtual nsPrivilege * get(nsTarget *a);
virtual nsIPrivilege * Get(nsTarget * a);
};
#endif /* _NS_SYSTEM_PRIVILEGE_TABLE_H_ */

View File

@ -26,7 +26,7 @@
#include "nsVector.h"
//#include "nsCaps.h"
#include "nsIPrincipal.h"
#include "nsPrivilege.h"
#include "nsIPrivilege.h"
#include "nsUserDialogHelper.h"
typedef nsVector nsTargetArray;
@ -89,15 +89,15 @@ public:
static nsTarget * FindTarget(char * name, nsIPrincipal *prin);
nsPrivilege * CheckPrivilegeEnabled(nsTargetArray* prinArray, void *data);
nsIPrivilege * CheckPrivilegeEnabled(nsTargetArray* prinArray, void *data);
nsPrivilege * CheckPrivilegeEnabled(nsTargetArray* prinArray);
nsIPrivilege * CheckPrivilegeEnabled(nsTargetArray* prinArray);
nsPrivilege * CheckPrivilegeEnabled(nsIPrincipal *p, void *data);
nsIPrivilege * CheckPrivilegeEnabled(nsIPrincipal *p, void *data);
virtual nsPrivilege * EnablePrivilege(nsIPrincipal *prin, void *data);
virtual nsIPrivilege * EnablePrivilege(nsIPrincipal *prin, void *data);
nsPrivilege * GetPrincipalPrivilege(nsIPrincipal *prin, void *data);
nsIPrivilege * GetPrincipalPrivilege(nsIPrincipal *prin, void *data);
nsTargetArray* GetFlattenedTargetArray(void);

View File

@ -72,7 +72,7 @@ public:
{
}
nsPrivilege * EnablePrivilege(nsIPrincipal * prin, void *data);
nsIPrivilege * EnablePrivilege(nsIPrincipal * prin, void *data);
private:

Binary file not shown.

View File

@ -1,3 +1 @@
nsICapsManager.h
nsCapsPublicEnums.h

View File

@ -23,10 +23,9 @@ VPATH = @srcdir@
include $(DEPTH)/config/autoconf.mk
EXPORTS = \
nsICapsManager.h \
nsCapsPublicEnums.h \
$(NULL)
EXPORTS = \
nsICapsManager.h \
$(NULL)
EXPORTS := $(addprefix $(srcdir)/, $(EXPORTS))

View File

@ -29,8 +29,8 @@ IGNORE_MANIFEST=1
MODULE=caps
DEPTH=..\..
EXPORTS= \
nsICapsManager.h \
nsCapsPublicEnums.h
nsICapsManager.h

View File

@ -1,79 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All Rights
* Reserved.
*/
#ifndef _NS_CAPS_PUBLIC_ENUMS_H_
#define _NS_CAPS_PUBLIC_ENUMS_H_
enum nsPermission {
nsPermission_Unknown,
nsPermission_AllowedSession,
nsPermission_DeniedSession,
nsPermission_AllowedForever,
nsPermission_DeniedForever
};
/**
* number of possible permissions (allowed, forbidden, or blank)
*
* The code in nsPrivilegeInitialize assumes that nsPermissionState
* are ordered sequentially from 0 to N.
*
*/
typedef enum nsPermissionState {
nsPermissionState_Forbidden = 0,
nsPermissionState_Allowed,
nsPermissionState_Blank,
nsPermissionState_NumberOfPermissions
} nsPermissionState;
/**
* number of possible durations (scope, session, or forever)
*
* The code in nsPrivilegeInitialize assumes that nsDurationState
* are ordered sequentially from 0 to N.
*
*/
typedef enum nsDurationState {
nsDurationState_Scope=0,
nsDurationState_Session,
nsDurationState_Forever,
nsDurationState_NumberOfDurations
} nsDurationState;
typedef enum nsSetComparisonType {
nsSetComparisonType_ProperSubset=-1,
nsSetComparisonType_Equal=0,
nsSetComparisonType_NoSubset=1
} nsSetComparisonType;
/* The following should match what is in nsJVM plugin's java security code */
/*
typedef enum nsPrincipalType {
nsPrincipalType_Unknown=-1,
nsPrincipalType_CodebaseExact=10,
nsPrincipalType_CodebaseRegexp,
nsPrincipalType_Cert,
nsPrincipalType_CertFingerPrint,
nsPrincipalType_CertKey,
nsPrincipalType_CertChain
} nsPrincipalType;
*/
#endif /* _NS_CAPS_PUBLIC_ENUMS_H_ */

View File

@ -16,13 +16,12 @@
* Reserved.
*/
#ifndef nsICapsManager_h___
#define nsICapsManager_h___
#ifndef _NS_ICAPS_MANAGER_H_
#define _NS_ICAPS_MANAGER_H_
#include "nsISupports.h"
#include "nsIFactory.h"
#include "nsIPrincipal.h"
#include "nsCapsPublicEnums.h"
#include "nsTarget.h"
//class nsITarget;
class nsICapsSecurityCallbacks;
@ -48,7 +47,7 @@ public:
* @param prin - the return value is passed in this parameter.
*/
NS_IMETHOD
CreateCodebasePrincipal(const char *codebaseURL, nsIPrincipal** prin) = 0;
CreateCodebasePrincipal(const char *codebaseURL, nsIPrincipal * * prin) = 0;
/**
* Initializes the Certificate principal with the certificate data. I am
@ -64,27 +63,7 @@ public:
* @param prin - the return value is passed in this parameter.
*/
NS_IMETHOD
CreateCertPrincipal(const unsigned char **certChain, PRUint32 *certChainLengths, PRUint32 noOfCerts, nsIPrincipal** prin) = 0;
/**
* Creates a CodeSourcePrincipal, which has both nsICodebasePrincipal
* and nsICertPrincipal
*
*
* @param certChain - An array of pointers, with each pointer
* pointing to a certificate data.
* @param certChainLengths - An array of intergers. Each integer indicates
* the length of the cert that is in CertChain
* parametr.
* @param noOfCerts - the number of certifcates that are in the certChain array
* @param codebaseURL - the codebase URL
* @param prin - the return value is passed in this parameter.
*/
/*
NS_IMETHOD
CreateCodeSourcePrincipal(const unsigned char **certChain, PRUint32 *certChainLengths, PRUint32 noOfCerts, const char *codebaseURL, nsIPrincipal** prin) = 0;
*/
CreateCertificatePrincipal(const unsigned char * * certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts, nsIPrincipal * * prin) = 0;
/**
* Returns the permission for given principal and target
@ -94,7 +73,7 @@ public:
* @param state - the return value is passed in this parameter.
*/
NS_IMETHOD
GetPermission(nsIPrincipal* prin, nsTarget * target, nsPermission *state) = 0;
GetPermission(nsIPrincipal* prin, nsTarget * target, PRInt16 * privilegeState) = 0;
/**
* Set the permission state for given principal and target. This wouldn't
@ -106,7 +85,7 @@ public:
* and target parameters.
*/
NS_IMETHOD
SetPermission(nsIPrincipal* prin, nsTarget * target, nsPermission state) = 0;
SetPermission(nsIPrincipal* prin, nsTarget * target, PRInt16 * privilegeState) = 0;
/**
* Prompts the user if they want to grant permission for the given principal and
@ -118,8 +97,7 @@ public:
* target
*/
NS_IMETHOD
AskPermission(nsIPrincipal* prin, nsTarget * target, nsPermission *result) = 0;
AskPermission(nsIPrincipal* prin, nsTarget * target, PRInt16 * privilegeState) = 0;
/*
* All of the following methods are used by JS (the code located
@ -149,6 +127,7 @@ public:
* @param prin - is either certificate principal or codebase principal
* @param result - is true if principal was successfully registered with the system
*/
//NEED TO FIGURE THIS SUCKER OUT ARIEL
// NS_IMETHOD
// RegisterPrincipal(nsIPrincipal* prin, PRBool *result) = 0;
@ -213,7 +192,7 @@ public:
* This is a first cut. I need to talk to joki. We should get rid of void* parameters.
*/
NS_IMETHOD
ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetComparisonType *result) = 0;
ComparePrincipalArray(void* prin1Array, void* prin2Array, PRInt16 * comparisonType) = 0;
NS_IMETHOD
IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *result) = 0;
@ -226,19 +205,10 @@ public:
/*
NS_IMETHOD
NewPrincipal(nsPrincipalType type, void* key, PRUint32 key_len, void *zig, nsIPrincipal* *result) = 0;
NS_IMETHOD
IsCodebaseExact(nsIPrincipal* principal, PRBool *result) = 0;
*/
NS_IMETHOD
CreateMixedPrincipalArray(void *zig, char* name, const char* codebase, void** result) = 0;
/*
NS_IMETHOD
ToString(nsIPrincipal* principal, char* *result) = 0;
NS_IMETHOD
GetVendor(nsIPrincipal* principal, char* *result) = 0;
*/
NS_IMETHOD
NewPrincipalArray(PRUint32 count, void* *result) = 0;

View File

@ -23,38 +23,38 @@ include $(DEPTH)/config/autoconf.mk
include $(topsrcdir)/config/config.mk
MODULE = caps
MODULE = caps
LIBRARY_NAME = caps
LIBRARY_NAME = caps
CPPSRCS = \
admin.cpp \
nsCaps.cpp \
nsCCapsManager.cpp \
nsCCapsManagerFactory.cpp \
nsCertificatePrincipal.cpp \
nsCodebasePrincipal.cpp \
nsPrivilege.cpp \
nsPrivilegeManager.cpp \
nsPrivilegeTable.cpp \
nsSystemPrivilegeTable.cpp \
nsTarget.cpp \
nsUserDialogHelper.cpp \
nsUserTarget.cpp \
nsZig.cpp \
$(NULL)
CPPSRCS = \
admin.cpp \
nsCaps.cpp \
nsCCapsManager.cpp \
nsCCapsManagerFactory.cpp \
nsCertificatePrincipal.cpp \
nsCodebasePrincipal.cpp \
nsPrivilege.cpp \
nsPrivilegeManager.cpp \
nsPrivilegeTable.cpp \
nsSystemPrivilegeTable.cpp \
nsTarget.cpp \
nsUserDialogHelper.cpp \
nsUserTarget.cpp \
nsZig.cpp \
$(NULL)
REQUIRES = nspr xpcom security layer js jar pref img util rdf caps
REQUIRES = nspr xpcom security layer js jar pref img util rdf caps
ifndef MOZ_NATIVE_ZLIB
REQUIRES += zlib
endif
CSRCS = \
jpermission.c \
nsLoadZig.c \
nsZip.c \
$(NULL)
CSRCS= \
jpermission.c \
nsLoadZig.c \
nsZip.c \
$(NULL)
include $(topsrcdir)/config/rules.mk

View File

@ -52,8 +52,7 @@ C_OBJS= \
.\$(OBJDIR)\jpermission.obj \
.\$(OBJDIR)\nsLoadZig.obj \
.\$(OBJDIR)\nsZip.obj \
$(NULL)
$(NULL)
CPP_OBJS= \
.\$(OBJDIR)\admin.obj \
@ -62,16 +61,15 @@ CPP_OBJS= \
.\$(OBJDIR)\nsCCapsManagerFactory.obj \
.\$(OBJDIR)\nsCertificatePrincipal.obj \
.\$(OBJDIR)\nsCodebasePrincipal.obj \
.\$(OBJDIR)\nsUserDialogHelper.obj \
.\$(OBJDIR)\nsPrivilege.obj \
.\$(OBJDIR)\nsPrivilegeManager.obj \
.\$(OBJDIR)\nsPrivilegeTable.obj \
.\$(OBJDIR)\nsSystemPrivilegeTable.obj \
.\$(OBJDIR)\nsTarget.obj \
.\$(OBJDIR)\nsUserDialogHelper.obj \
.\$(OBJDIR)\nsUserTarget.obj \
.\$(OBJDIR)\nsZig.obj \
$(NULL)
$(NULL)
#//------------------------------------------------------------------------
#//
@ -104,10 +102,10 @@ LINCS= $(LINCS) \
$(NULL)
LLIBS = \
$(LIBNSPR) \
$(LIBNSPR) \
$(DIST)\lib\xpcom.lib \
$(DIST)\lib\xplib.lib \
$(DIST)\lib\zlib.lib \
$(DIST)\lib\xplib.lib \
$(DIST)\lib\zlib.lib \
$(NULL)

View File

@ -16,7 +16,6 @@
* Reserved.
*/
#include "nsIComponentManager.h"
#include "nsCapsEnums.h"
#include "nsCCapsManager.h"
#include "nsCodebasePrincipal.h"
#include "nsCertificatePrincipal.h"
@ -75,7 +74,7 @@ nsCCapsManager::CreateCodebasePrincipal(const char *codebaseURL,
}
NS_METHOD
nsCCapsManager::CreateCertPrincipal(const unsigned char **certChain,
nsCCapsManager::CreateCertificatePrincipal(const unsigned char **certChain,
PRUint32 *certChainLengths,
PRUint32 noOfCerts,
nsIPrincipal** prin)
@ -92,29 +91,6 @@ nsCCapsManager::CreateCertPrincipal(const unsigned char **certChain,
*prin = (nsIPrincipal *)pNSCCertPrincipal;
return NS_OK;
}
//code source prins are deprecated, use codebase of certificate prins instead
/*
NS_METHOD
nsCCapsManager::CreateCodeSourcePrincipal(const unsigned char **certChain,
PRUint32 *certChainLengths,
PRUint32 noOfCerts,
const char *codebaseURL,
nsIPrincipal** prin)
{
nsresult result = NS_OK;
nsCCodeSourcePrincipal *pNSCCodeSourcePrincipal =
new nsCCodeSourcePrincipal(certChain, certChainLengths, noOfCerts,
codebaseURL, &result);
if (pNSCCodeSourcePrincipal == NULL)
{
return NS_ERROR_OUT_OF_MEMORY;
}
pNSCCodeSourcePrincipal->AddRef();
*prin = (nsIPrincipal *)pNSCCodeSourcePrincipal;
return NS_OK;
}
*/
/**
* Returns the permission for given principal and target
@ -124,15 +100,16 @@ nsCCapsManager::CreateCodeSourcePrincipal(const unsigned char **certChain,
* @param state - the return value is passed in this parameter.
*/
NS_METHOD
nsCCapsManager::GetPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, nsPermission * state)
nsCCapsManager::GetPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, PRInt16 * privilegeState)
{
*state = nsPermission_Unknown;
* privilegeState = nsIPrivilege::PrivilegeState_Blank;
nsTarget * target = nsTarget::FindTarget(ALL_JAVA_PERMISSION);
nsresult result = NS_OK;
if( target == NULL ) return NS_OK;
if (privilegeManager != NULL) {
nsPrivilege* privilege = privilegeManager->GetPrincipalPrivilege(target, prin, NULL);
* state = this->ConvertPrivilegeToPermission(privilege);
nsIPrivilege * privilege = privilegeManager->GetPrincipalPrivilege(target, prin, NULL);
// ARIEL WORK ON THIS SHIT
// * privilegeState = this->ConvertPrivilegeToPermission(privilege);
}
return NS_OK;
}
@ -147,13 +124,14 @@ nsCCapsManager::GetPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, nsPe
* and target parameters.
*/
NS_METHOD
nsCCapsManager::SetPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, nsPermission state)
nsCCapsManager::SetPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, PRInt16 * privilegeState)
{
nsTarget * target = nsTarget::FindTarget(ALL_JAVA_PERMISSION);
if(target == NULL ) return NS_OK;
if (privilegeManager != NULL) {
nsPrivilege* privilege = this->ConvertPermissionToPrivilege(state);
privilegeManager->SetPermission(prin, target, privilege);
// WORK ON THIS ARIEL
// nsPrivilege* privilege = this->ConvertPermissionToPrivilege(privilegeState);
// privilegeManager->SetPermission(prin, target, privilegeState);
}
return NS_OK;
}
@ -168,17 +146,17 @@ nsCCapsManager::SetPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, nsPe
* target
*/
NS_METHOD
nsCCapsManager::AskPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, nsPermission * state)
nsCCapsManager::AskPermission(nsIPrincipal * prin, nsTarget * ignoreTarget, PRInt16 * privilegeState)
{
nsTarget *target = nsTarget::FindTarget(ALL_JAVA_PERMISSION);
if( target == NULL ) {
*state = nsPermission_Unknown;
* privilegeState = nsIPrivilege::PrivilegeState_Blank;
return NS_OK;
}
if (privilegeManager != NULL) {
privilegeManager->AskPermission(prin, target, NULL);
nsPrivilege * privilege = privilegeManager->GetPrincipalPrivilege(target, prin, NULL);
*state = ConvertPrivilegeToPermission(privilege);
nsIPrivilege * privilege = privilegeManager->GetPrincipalPrivilege(target, prin, NULL);
// * privilegeState = ConvertPrivilegeToPermission(privilege);
}
return NS_OK;
}
@ -325,15 +303,14 @@ nsCCapsManager::DisablePrivilege(void* context, const char* targetName, PRInt32
return NS_OK;
}
/* XXX: Some of the arguments for the following interfaces may change.
* This is a first cut. I need to talk to joki. We should get rid of void* parameters.
*/
NS_METHOD
nsCCapsManager::ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetComparisonType *ret_val)
nsCCapsManager::ComparePrincipalArray(void* prin1Array, void* prin2Array, PRInt16 * comparisonType)
{
nsresult result = NS_OK;
*ret_val = nsSetComparisonType_NoSubset;
* comparisonType = nsPrivilegeManager::SetComparisonType_NoSubset;
if (privilegeManager != NULL) {
nsPrincipalArray * newPrin1Array=NULL;
nsPrincipalArray * newPrin2Array=NULL;
@ -341,7 +318,7 @@ nsCCapsManager::ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetC
if (result != NS_OK) return result;
result = GetNSPrincipalArray((nsPrincipalArray*) prin2Array, &newPrin2Array);
if (result != NS_OK) return result;
*ret_val = privilegeManager->ComparePrincipalArray(newPrin1Array, newPrin2Array);
* comparisonType = privilegeManager->ComparePrincipalArray(newPrin1Array, newPrin2Array);
nsCapsFreePrincipalArray(newPrin1Array);
nsCapsFreePrincipalArray(newPrin2Array);
}
@ -373,7 +350,6 @@ NS_METHOD
nsCCapsManager::CanExtendTrust(void * fromPrinArray, void * toPrinArray, PRBool * ret_val)
{
nsresult result = NS_OK;
*ret_val = nsSetComparisonType_NoSubset;
if (privilegeManager != NULL) {
nsPrincipalArray *newPrin1Array=NULL;
nsPrincipalArray *newPrin2Array=NULL;
@ -410,52 +386,6 @@ nsCCapsManager::NewPrincipal(PRInt16 *principalType, void* key, PRUint32 key_len
//XXX: nsPrincipal struct if deprecated, access as nsIPrincipal
//do not use IsCodebaseExact, Tostring, or any other of the principal specific objects from here
/*
NS_METHOD
nsCCapsManager::IsCodebaseExact(nsIPrincipal * pNSIPrincipal, PRBool *ret_val)
{
nsresult result = NS_OK;
nsPrincipal *pNSPrincipal = NULL;
*ret_val = PR_FALSE;
result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
if( result != NS_OK) {
return result;
}
*ret_val = pNSPrincipal->isCodebaseExact();
return NS_OK;
}
*/
/*
NS_METHOD
nsCCapsManager::ToString(nsIPrincipal* prin, char* *ret_val)
{
nsresult result = NS_OK;
nsIPrincipal *temp = NULL;
*ret_val = NULL;
result = GetNSPrincipal(prin, &temp);
if( result != NS_OK) return result;
*ret_val = temp->ToString();
return NS_OK;
}
*/
/*
NS_METHOD
nsCCapsManager::GetVendor(nsIPrincipal* pNSIPrincipal, char* *ret_val)
{
nsresult result = NS_OK;
nsPrincipal *pNSPrincipal = NULL;
*ret_val = NULL;
result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
if( result != NS_OK) {
return result;
}
*ret_val = pNSPrincipal->getVendor();
return NS_OK;
}
*/
NS_METHOD
nsCCapsManager::NewPrincipalArray(PRUint32 count, void* *ret_val)
{
@ -570,13 +500,14 @@ nsCCapsManager::IsAllowed(void *annotation, char* targetName, PRBool *ret_val)
*ret_val = PR_FALSE;
return NS_OK;
}
struct nsPrivilege * pNSPrivilege = nsCapsGetPrivilege((nsPrivilegeTable * )annotation, target);
nsIPrivilege * pNSPrivilege = nsCapsGetPrivilege((nsPrivilegeTable * )annotation, target);
if (pNSPrivilege == NULL) {
*ret_val = PR_FALSE;
return NS_OK;
}
nsPermissionState perm = nsCapsGetPermission(pNSPrivilege);
*ret_val = (perm == nsPermissionState_Allowed);
// ARIEL WORK ON THIS
// PRInt16 privilegeState = nsCapsGetPermission(pNSPrivilege);
// *ret_val = (privilegeState == nsIPrivilege::PrivilegeState_Allowed);
return NS_OK;
}
@ -724,7 +655,7 @@ nsCCapsManager::GetNSPrincipal(nsIPrincipal* pNSIPrincipal, nsPrincipal **ppNSPr
return NS_OK;
}
*/
/*
nsPermission
nsCCapsManager::ConvertPrivilegeToPermission(nsPrivilege * pNSPrivilege)
{
@ -770,7 +701,7 @@ nsCCapsManager::ConvertPermissionToPrivilege(nsPermission state)
}
return nsPrivilege::findPrivilege(permission, duration);
}
*/
void
nsCCapsManager::SetSystemPrivilegeManager()
{

View File

@ -23,8 +23,9 @@
#include "prlog.h"
#include "nsCaps.h"
#include "nsPrivilegeManager.h"
#include "nsIPrincipal.h"
#include "nsCertificatePrincipal.h"
#include "nsPrivilege.h"
#include "nsIPrivilege.h"
#include "nsPrivilegeTable.h"
#include "nsTarget.h"
#include "nsCCapsManager.h"
@ -73,7 +74,7 @@ nsCapsInitialize()
nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
if (nsPrivManager == NULL) {
nsPrivilegeManagerInitialize();
nsPrivilegeInitialize();
// nsPrivilegeInitialize();
nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
}
PR_ASSERT(nsPrivManager != NULL);
@ -97,16 +98,16 @@ nsCapsInitialize()
PR_IMPLEMENT(PRBool)
nsCapsRegisterPrincipal(class nsIPrincipal *principal)
{
nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
nsPrivilegeManager * nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
if(nsPrivManager == NULL) return PR_FALSE;
nsPrivManager->RegisterPrincipal(principal);
return PR_TRUE;
}
PR_IMPLEMENT(PRBool)
nsCapsEnablePrivilege(void* context, class nsTarget *target, PRInt32 callerDepth)
nsCapsEnablePrivilege(void * context, class nsTarget * target, PRInt32 callerDepth)
{
nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
nsPrivilegeManager * nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
return (nsPrivManager == NULL) ? PR_FALSE : nsPrivManager->EnablePrivilege(context, target, callerDepth);
}
@ -139,11 +140,11 @@ nsCapsGetClassPrincipalsFromStack(void* context, PRInt32 callerDepth)
: (void *)nsPrivManager->GetClassPrincipalsFromStack(context, callerDepth);
}
PR_IMPLEMENT(nsSetComparisonType)
nsCapsComparePrincipalArray(void* prin1Array, void* prin2Array)
PR_IMPLEMENT(PRInt16)
nsCapsComparePrincipalArray(void * prin1Array, void * prin2Array)
{
nsPrivilegeManager *nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
return (nsPrivManager == NULL) ? nsSetComparisonType_NoSubset
nsPrivilegeManager * nsPrivManager = nsPrivilegeManager::GetPrivilegeManager();
return (nsPrivManager == NULL) ? nsPrivilegeManager::SetComparisonType_NoSubset
: nsPrivManager->ComparePrincipalArray((nsPrincipalArray*)prin1Array, (nsPrincipalArray*)prin2Array);
}
@ -190,7 +191,7 @@ nsCapsIsCodebaseExact(class nsIPrincipal *principal)
principal->GetType(& prinType);
return (prinType == (PRInt16) nsIPrincipal::PrincipalType_CodebaseExact) ? PR_TRUE : PR_FALSE;
}
/*
PR_IMPLEMENT(const char *)
nsCapsPrincipalGetVendor(class nsIPrincipal *principal)
{
@ -198,7 +199,7 @@ nsCapsPrincipalGetVendor(class nsIPrincipal *principal)
//return principal->getVendor();
return NULL;
}
*/
PR_EXTERN(void *)
nsCapsNewPrincipalArray(PRUint32 count)
{
@ -247,17 +248,19 @@ nsCapsFindTarget(char *name)
}
/* wrappers for nsPrivilege object */
PR_IMPLEMENT(nsPermissionState)
nsCapsGetPermission(struct nsPrivilege *privilege)
PR_IMPLEMENT(PRInt16)
nsCapsGetPermission(nsIPrivilege * privilege)
{
return privilege->getPermission();
PRInt16 privState;
privilege->GetState(& privState);
return privState;
}
/* wrappers for nsPrivilegeTable object */
PR_IMPLEMENT(struct nsPrivilege *)
nsCapsGetPrivilege(nsPrivilegeTable * annotation, class nsTarget *target)
PR_IMPLEMENT(nsIPrivilege *)
nsCapsGetPrivilege(nsPrivilegeTable * annotation, class nsTarget * target)
{
return annotation->Get(target);
return annotation->Get(target);
}
@ -361,3 +364,4 @@ nsCapsGetRegistrationModeFlag(void)
}
PR_END_EXTERN_C

View File

@ -19,213 +19,163 @@
#include "nsPrivilege.h"
#include "xp.h"
static nsPrivilege *thePrivilegeCache[nsPermissionState_NumberOfPermissions][nsDurationState_NumberOfDurations];
static NS_DEFINE_IID(kIPrivilegeIID, NS_IPRIVILEGE_IID);
NS_IMPL_ISUPPORTS(nsPrivilege, kIPrivilegeIID);
//
// PUBLIC METHODS
//
nsPrivilege::nsPrivilege(nsPermissionState perm, nsDurationState duration)
NS_IMETHODIMP
nsPrivilege::GetState(PRInt16 * state)
{
itsPerm=perm;
itsDuration=duration;
itsString = NULL;
* state = itsState;
return (itsState) ? NS_OK : NS_ERROR_FAILURE;
}
NS_IMETHODIMP
nsPrivilege::SetState(PRInt16 state)
{
itsState=state;
return NS_OK;
}
NS_IMETHODIMP
nsPrivilege::GetDuration(PRInt16 * duration)
{
* duration = itsDuration;
return (itsDuration) ? NS_OK : NS_ERROR_FAILURE;
}
NS_IMETHODIMP
nsPrivilege::SetDuration(PRInt16 duration)
{
itsDuration=duration;
return NS_OK;
}
NS_IMETHODIMP
nsPrivilege::SameState(nsIPrivilege * other, PRBool * result)
{
nsresult rv;
PRInt16 * myState;
rv = this->GetState(myState);
PRInt16 * otherState;
rv = other->GetState(otherState);
* result = (otherState == myState) ? PR_TRUE : PR_FALSE;
return rv;
}
NS_IMETHODIMP
nsPrivilege::SameDuration(nsIPrivilege * other, PRBool * result)
{
nsresult rv;
PRInt16 * myDur;
rv = this->GetState(myDur);
PRInt16 * otherDur;
rv = other->GetState(otherDur);
* result = (otherDur == myDur) ? PR_TRUE : PR_FALSE;
return rv;
}
NS_IMETHODIMP
nsPrivilege::IsAllowed(PRBool * result)
{
nsresult rv;
PRInt16 * myState;
rv = this->GetState(myState);
* result = (myState == (PRInt16 *)nsIPrivilege::PrivilegeState_Allowed) ? PR_TRUE : PR_FALSE;
return rv;
}
NS_IMETHODIMP
nsPrivilege::IsForbidden(PRBool * result)
{
nsresult rv;
PRInt16 * myState;
rv = this->GetState(myState);
* result = (myState == (PRInt16 *)nsIPrivilege::PrivilegeState_Forbidden) ? PR_TRUE : PR_FALSE;
return rv;
}
NS_IMETHODIMP
nsPrivilege::IsBlank(PRBool * result)
{
nsresult rv;
PRInt16 * myState;
rv = this->GetState(myState);
* result = (myState == (PRInt16 *)nsIPrivilege::PrivilegeState_Blank) ? PR_TRUE : PR_FALSE;
return rv;
}
NS_IMETHODIMP
nsPrivilege::ToString(char * * result)
{
char * privStr = NULL;
char * durStr = NULL;
if (itsString != NULL) {
result=&itsString;
return NS_OK;
}
PRInt16 temp;
this->GetState(& temp);
switch(temp) {
case nsIPrivilege::PrivilegeState_Allowed:
privStr = "allowed";
break;
case nsIPrivilege::PrivilegeState_Forbidden:
privStr = "forbidden";
break;
case nsIPrivilege::PrivilegeState_Blank:
privStr = "blank";
break;
default:
PR_ASSERT(FALSE);
privStr = "error";
break;
}
this->GetDuration(& temp);
switch(temp) {
case nsIPrivilege::PrivilegeDuration_Scope:
durStr = " in scope";
break;
case nsIPrivilege::PrivilegeDuration_Session:
durStr = " in session";
break;
case nsIPrivilege::PrivilegeDuration_Forever:
durStr = " forever";
break;
case nsIPrivilege::PrivilegeDuration_Blank:
privStr = "blank";
break;
default:
PR_ASSERT(FALSE);
privStr = "error";
break;
}
itsString = new char[strlen(privStr) + strlen(durStr) + 1];
XP_STRCPY(itsString, privStr);
XP_STRCAT(itsString, durStr);
result = & itsString;
return NS_OK;
}
NS_IMETHODIMP
nsPrivilege::Equals(nsIPrivilege * other, PRBool * result)
{
nsresult rv;
PRBool * sameState, * sameDuration;
rv = this->SameState(other, sameState);
rv = this->SameDuration(other, sameDuration);
*result = (sameState && sameDuration) ? PR_TRUE : PR_FALSE;
return rv;
}
nsPrivilege::nsPrivilege(PRInt16 state, PRInt16 duration)
{
itsState = state;
itsDuration = duration;
itsString = NULL;
}
nsPrivilege::~nsPrivilege(void)
{
if (itsString)
delete []itsString;
}
nsPrivilege * nsPrivilege::findPrivilege(nsPermissionState permission, nsDurationState duration)
{
return thePrivilegeCache[permission][duration];
}
PRBool nsPrivilege::samePermission(nsPrivilege *p)
{
if (p->itsPerm == itsPerm)
return PR_TRUE;
return PR_FALSE;
}
PRBool nsPrivilege::samePermission(nsPermissionState perm)
{
if (itsPerm == perm)
return PR_TRUE;
return PR_FALSE;
}
PRBool nsPrivilege::sameDuration(nsPrivilege *p)
{
if (p->itsDuration == itsDuration)
return PR_TRUE;
return PR_FALSE;
}
PRBool nsPrivilege::sameDuration(nsDurationState duration)
{
if (itsDuration == duration)
return PR_TRUE;
return PR_FALSE;
}
PRBool nsPrivilege::isAllowed(void)
{
if (itsPerm == nsPermissionState_Allowed)
return PR_TRUE;
return PR_FALSE;
}
PRBool nsPrivilege::isAllowedForever(void)
{
if ((itsPerm == nsPermissionState_Allowed) &&
(itsDuration == nsDurationState_Forever))
return PR_TRUE;
return PR_FALSE;
}
PRBool nsPrivilege::isForbidden(void)
{
if (itsPerm == nsPermissionState_Forbidden)
return PR_TRUE;
return PR_FALSE;
}
PRBool nsPrivilege::isForbiddenForever(void)
{
if ((itsPerm == nsPermissionState_Forbidden) &&
(itsDuration == nsDurationState_Forever))
return PR_TRUE;
return PR_FALSE;
}
PRBool nsPrivilege::isBlank(void)
{
if (itsPerm == nsPermissionState_Blank)
return PR_TRUE;
return PR_FALSE;
}
nsPermissionState nsPrivilege::getPermission(void)
{
return itsPerm;
}
nsDurationState nsPrivilege::getDuration(void)
{
return itsDuration;
}
/* The following function is used to restore the privilege from persistent store.
* This does the reverse of toString method.
*/
nsPrivilege * nsPrivilege::findPrivilege(char *privStr)
{
nsPermissionState permission;
nsDurationState duration;
if (XP_STRCMP(privStr, "allowed in scope") == 0) {
permission = nsPermissionState_Allowed;
duration = nsDurationState_Scope;
} else if (XP_STRCMP(privStr, "allowed in session") == 0) {
permission = nsPermissionState_Allowed;
duration = nsDurationState_Session;
} else if (XP_STRCMP(privStr, "allowed forever") == 0) {
permission = nsPermissionState_Allowed;
duration = nsDurationState_Forever;
} else if (XP_STRCMP(privStr, "forbidden forever") == 0) {
permission = nsPermissionState_Forbidden;
duration = nsDurationState_Forever;
} else if (XP_STRCMP(privStr, "forbidden in session") == 0) {
permission = nsPermissionState_Forbidden;
duration = nsDurationState_Session;
} else if (XP_STRCMP(privStr, "forbidden in scope") == 0) {
permission = nsPermissionState_Forbidden;
duration = nsDurationState_Scope;
} else if (XP_STRCMP(privStr, "blank forever") == 0) {
permission = nsPermissionState_Blank;
duration = nsDurationState_Forever;
} else if (XP_STRCMP(privStr, "blank in session") == 0) {
permission = nsPermissionState_Blank;
duration = nsDurationState_Session;
} else if (XP_STRCMP(privStr, "blank in scope") == 0) {
permission = nsPermissionState_Blank;
duration = nsDurationState_Scope;
} else {
permission = nsPermissionState_Blank;
duration = nsDurationState_Scope;
}
return findPrivilege(permission, duration);
}
char * nsPrivilege::toString(void)
{
char *permStr=NULL;
char *durStr=NULL;
if (itsString != NULL)
return itsString;
switch(itsPerm) {
case nsPermissionState_Allowed:
permStr = "allowed";
break;
case nsPermissionState_Forbidden:
permStr = "forbidden";
break;
case nsPermissionState_Blank:
permStr = "blank";
break;
default:
PR_ASSERT(FALSE);
permStr = "blank";
break;
}
switch(itsDuration) {
case nsDurationState_Scope:
durStr = " in scope";
break;
case nsDurationState_Session:
durStr = " in session";
break;
case nsDurationState_Forever:
durStr = " forever";
break;
default:
PR_ASSERT(FALSE);
permStr = "blank";
break;
}
itsString = new char[strlen(permStr) + strlen(durStr) + 1];
XP_STRCPY(itsString, permStr);
XP_STRCAT(itsString, durStr);
return itsString;
}
//
// PRIVATE METHODS
//
PRBool nsPrivilegeInitialize(void)
{
nsPermissionState perm;
nsDurationState duration;
for (int i = 0; i < nsPermissionState_NumberOfPermissions; i++)
for(int j = 0; j < nsDurationState_NumberOfDurations; j++) {
/* This code assumes that nsPermissionState and nsDurationState
* are ordered sequentially from 0 to N
*/
perm = (nsPermissionState)i;
duration = (nsDurationState)j;
thePrivilegeCache[i][j] = new nsPrivilege(perm, duration);
}
return PR_TRUE;
}
PRBool nsPrivilege::theInited = nsPrivilegeInitialize();
if(itsString) delete [] itsString;
}

View File

@ -30,13 +30,16 @@
#include "jsec2rdf.h"
#endif /* ENABLE_RDF */
static nsPrivilegeManager * thePrivilegeManager = NULL;
static nsIPrincipal * theSystemPrincipal = NULL;
static nsIPrincipal * theUnsignedPrincipal;
static nsPrincipalArray * theUnsignedPrincipalArray;
static nsIPrincipal * theUnknownPrincipal;
static nsPrincipalArray * theUnknownPrincipalArray;
static nsPrincipalArray * theUnsignedPrincipalArray;
static nsIPrivilege * thePrivilegeCache[nsIPrivilege::PrivilegeState_NumberOfPrivileges][nsIPrivilege::PrivilegeDuration_NumberOfDurations];
static PRMonitor *caps_lock = NULL;
/* We could avoid the following globals if nsHashTable's Enumerate accepted
@ -74,6 +77,23 @@ CMGetBoolPref(char * pref_name)
}
PR_END_EXTERN_C
PRBool
nsPrivilegeInitialize(void)
{
PRInt16 privState;
PRInt16 durationState;
for (int i = 0; i < nsIPrivilege::PrivilegeState_NumberOfPrivileges; i++) {
for(int j = 0; j < nsIPrivilege::PrivilegeDuration_NumberOfDurations; j++) {
privState = (PRInt16) i;
durationState = (PRInt16) j;
thePrivilegeCache[i][j] = new nsPrivilege(privState, durationState);
}
}
return PR_TRUE;
}
PRBool theInited = nsPrivilegeInitialize();
PRBool
nsCaps_lock(void)
{
@ -93,8 +113,6 @@ nsCaps_unlock(void)
}
// PUBLIC METHODS
nsPrivilegeManager::nsPrivilegeManager(void)
{
@ -114,8 +132,72 @@ nsPrivilegeManager::~nsPrivilegeManager(void)
nsCaps_unlock();
}
nsIPrivilege *
nsPrivilegeManager::FindPrivilege(PRInt16 privState, PRInt16 privDuration) {
return thePrivilegeCache[privState][privDuration];
}
nsIPrivilege *
nsPrivilegeManager::FindPrivilege(nsIPrivilege * priv)
{
PRInt16 privState;
PRInt16 privDuration;
priv->GetState(& privState);
priv->GetDuration(& privDuration);
return nsPrivilegeManager::FindPrivilege(privState, privDuration);
}
nsIPrivilege *
nsPrivilegeManager::FindPrivilege(char * privStr)
{
PRInt16 privState;
PRInt16 privDuration;
if (XP_STRCMP(privStr, "allowed in scope") == 0) {
privState = nsIPrivilege::PrivilegeState_Allowed;
privDuration = nsIPrivilege::PrivilegeDuration_Scope;
} else if (XP_STRCMP(privStr, "allowed in session") == 0) {
privState = nsIPrivilege::PrivilegeState_Allowed;
privDuration = nsIPrivilege::PrivilegeDuration_Session;
} else if (XP_STRCMP(privStr, "allowed forever") == 0) {
privState = nsIPrivilege::PrivilegeState_Allowed;
privDuration = nsIPrivilege::PrivilegeDuration_Forever;
} else if (XP_STRCMP(privStr, "forbidden forever") == 0) {
privState = nsIPrivilege::PrivilegeState_Forbidden;
privDuration = nsIPrivilege::PrivilegeDuration_Forever;
} else if (XP_STRCMP(privStr, "forbidden in session") == 0) {
privState = nsIPrivilege::PrivilegeState_Forbidden;
privDuration = nsIPrivilege::PrivilegeDuration_Session;
} else if (XP_STRCMP(privStr, "forbidden in scope") == 0) {
privState = nsIPrivilege::PrivilegeState_Forbidden;
privDuration = nsIPrivilege::PrivilegeDuration_Scope;
} else if (XP_STRCMP(privStr, "blank forever") == 0) {
privState = nsIPrivilege::PrivilegeState_Blank;
privDuration = nsIPrivilege::PrivilegeDuration_Forever;
} else if (XP_STRCMP(privStr, "blank in session") == 0) {
privState = nsIPrivilege::PrivilegeState_Blank;
privDuration = nsIPrivilege::PrivilegeDuration_Session;
} else if (XP_STRCMP(privStr, "blank in scope") == 0) {
privState = nsIPrivilege::PrivilegeState_Blank;
privDuration = nsIPrivilege::PrivilegeDuration_Scope;
} else {
privState = nsIPrivilege::PrivilegeState_Blank;
privDuration = nsIPrivilege::PrivilegeDuration_Scope;
}
return nsPrivilegeManager::FindPrivilege(privState, privDuration);
}
nsIPrivilege *
nsPrivilegeManager::Add(nsIPrivilege * priv1, nsIPrivilege * priv2) {
nsresult rv;
PRInt16 * p1state;
PRInt16 * p2state;
rv = priv1->GetState(p1state);
rv = priv2->GetState(p2state);
return (p1state < p2state) ? priv1 : priv2;
}
void
nsPrivilegeManager::AddToPrinNameToPrincipalTable(nsIPrincipal * prin)
nsPrivilegeManager::AddToPrincipalNameToPrincipalTable(nsIPrincipal * prin)
{
char *prinName;
prin->ToString(&prinName);
@ -127,7 +209,6 @@ nsPrivilegeManager::AddToPrinNameToPrincipalTable(nsIPrincipal * prin)
nsCaps_unlock();
}
void
nsPrivilegeManager::RegisterSystemPrincipal(nsIPrincipal * prin)
{
@ -159,7 +240,7 @@ nsPrivilegeManager::RegisterPrincipal(nsIPrincipal * prin)
if (NULL == itsPrinToMacroTargetPrivTable->Get(&prinKey)) {
itsPrinToMacroTargetPrivTable->Put(&prinKey, new nsPrivilegeTable());
}
this->AddToPrinNameToPrincipalTable(prin);
this->AddToPrincipalNameToPrincipalTable(prin);
nsCaps_unlock();
}
@ -221,8 +302,7 @@ nsPrivilegeManager::EnablePrivilege(void* context, nsTarget * target, PRInt32 ca
}
PRBool
nsPrivilegeManager::EnablePrivilege(nsTarget *target,
nsIPrincipal * preferredPrincipal,
nsPrivilegeManager::EnablePrivilege(nsTarget * target, nsIPrincipal * preferredPrincipal,
PRInt32 callerDepth)
{
return this->EnablePrivilegePrivate(NULL, target, preferredPrincipal, callerDepth);
@ -236,8 +316,7 @@ nsPrivilegeManager::EnablePrivilege(void* context, nsTarget * target, nsIPrincip
}
PRBool
nsPrivilegeManager::RevertPrivilege(nsTarget *target,
PRInt32 callerDepth)
nsPrivilegeManager::RevertPrivilege(nsTarget * target, PRInt32 callerDepth)
{
return this->RevertPrivilege(NULL, target, callerDepth);
}
@ -249,7 +328,7 @@ nsPrivilegeManager::RevertPrivilege(void* context, nsTarget * target, PRInt32 ca
if (targ != target) return PR_FALSE;
nsPrivilegeTable *privTable = this->GetPrivilegeTableFromStack(context, callerDepth, PR_TRUE);
nsCaps_lock();
privTable->Put(target, nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Scope));
privTable->Put(target, nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Scope));
nsCaps_unlock();
return PR_TRUE;
}
@ -268,7 +347,7 @@ nsPrivilegeManager::DisablePrivilege(void * context, nsTarget * target, PRInt32
if (targ != target) return PR_FALSE;
nsPrivilegeTable *privTable = this->GetPrivilegeTableFromStack(context, callerDepth, PR_TRUE);
nsCaps_lock();
privTable->Put(target, nsPrivilege::findPrivilege(nsPermissionState_Forbidden, nsDurationState_Scope));
privTable->Put(target, nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Forbidden, nsIPrivilege::PrivilegeDuration_Scope));
nsCaps_unlock();
return PR_TRUE;
}
@ -367,7 +446,7 @@ nsPrivilegeManager::EnableScopePrivilegeHelper(void* context, nsTarget *target,
nsIPrincipal * prefPrin)
{
nsPrivilegeTable *privTable;
nsPrivilege * allowedScope;
nsIPrivilege * allowedScope;
PRBool res;
nsTarget * targ = nsTarget::FindTarget(target);
@ -383,7 +462,7 @@ nsPrivilegeManager::EnableScopePrivilegeHelper(void* context, nsTarget *target,
if (privTable == NULL) privTable = new nsPrivilegeTable();
}
allowedScope = nsPrivilege::findPrivilege(nsPermissionState_Allowed, nsDurationState_Scope);
allowedScope = nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Allowed, nsIPrivilege::PrivilegeDuration_Scope);
this->UpdatePrivilegeTable(target, privTable, allowedScope);
return privTable;
}
@ -391,9 +470,10 @@ nsPrivilegeManager::EnableScopePrivilegeHelper(void* context, nsTarget *target,
PRBool
nsPrivilegeManager::AskPermission(nsIPrincipal * useThisPrin, nsTarget * target, void * data)
{
/*
PRBool ret_val = PR_FALSE;
nsPrivilege* newPrivilege = NULL;
/* Get the Lock to display the dialog */
// Get the Lock to display the dialog
nsCaps_lock();
nsPrincipalArray* callerPrinArray = new nsPrincipalArray();
callerPrinArray->Add(useThisPrin);
@ -408,15 +488,15 @@ nsPrivilegeManager::AskPermission(nsIPrincipal * useThisPrin, nsTarget * target,
// That is user should be prompted again when this applet
// performs the same privileged operation
//
if ((!newPrivilege->isAllowed()) &&
(newPrivilege->getDuration() == nsDurationState_Session)) {
if ((!newPrivilege->IsAllowed()) &&
(newPrivilege->GetDuration() == nsIPrivilege::PrivilegeDuration_Session)) {
// "User didn't grant the " + target->getName() + " privilege.";
ret_val = PR_FALSE;
goto done;
}
this->SetPermission(useThisPrin, target, newPrivilege);
// if newPrivilege is FORBIDDEN then throw an exception
if (newPrivilege->isForbidden()) {
if (newPrivilege->IsForbidden()) {
// "User didn't grant the " + target->getName() + " privilege.";
ret_val = PR_FALSE;
goto done;
@ -427,14 +507,13 @@ nsPrivilegeManager::AskPermission(nsIPrincipal * useThisPrin, nsTarget * target,
done:
delete callerPrinArray;
nsCaps_unlock();
*/
return PR_TRUE;
}
void
nsPrivilegeManager::SetPermission(nsIPrincipal * useThisPrin,
nsTarget *target,
nsPrivilege *newPrivilege)
nsPrivilegeManager::SetPermission(nsIPrincipal * useThisPrin, nsTarget * target, nsIPrivilege * newPrivilege)
{
/*
registerPrincipalAndSetPrivileges(useThisPrin, target, newPrivilege);
@ -460,12 +539,10 @@ nsPrivilegeManager::SetPermission(nsIPrincipal * useThisPrin,
void
nsPrivilegeManager::RegisterPrincipalAndSetPrivileges(nsIPrincipal * prin, nsTarget *target,
nsPrivilege *newPrivilege)
nsIPrivilege * newPrivilege)
{
nsPrivilegeTable *privTable;
this->RegisterPrincipal(prin);
//Store the list of targets for which the user has given privilege
PrincipalKey prinKey(prin);
nsCaps_lock();
@ -479,21 +556,16 @@ nsPrivilegeManager::RegisterPrincipalAndSetPrivileges(nsIPrincipal * prin, nsTar
void
nsPrivilegeManager::UpdatePrivilegeTable(nsTarget *target, nsPrivilegeTable *privTable, nsPrivilege *newPrivilege)
nsPrivilegeManager::UpdatePrivilegeTable(nsTarget *target, nsPrivilegeTable *privTable, nsIPrivilege * newPrivilege)
{
nsTargetArray * primitiveTargets = target->GetFlattenedTargetArray();
nsPrivilege * oldPrivilege;
nsPrivilege * privilege;
nsIPrivilege * oldPrivilege, * privilege;
nsTarget * primTarget;
nsCaps_lock();
for (int i = primitiveTargets->GetSize(); i-- > 0;) {
primTarget = (nsTarget *)primitiveTargets->Get(i);
oldPrivilege = privTable->Get(primTarget);
if (oldPrivilege != NULL) {
privilege = nsPrivilege::add(oldPrivilege, newPrivilege);
} else {
privilege = newPrivilege;
}
privilege = (oldPrivilege != NULL) ? nsPrivilegeManager::Add(oldPrivilege, newPrivilege) : newPrivilege;
privTable->Put(primTarget, privilege);
}
nsCaps_unlock();
@ -514,8 +586,10 @@ nsPrivilegeManager::CheckPrivilegeGranted(void* context, nsTarget *target, PRInt
PRBool
nsPrivilegeManager::CheckPrivilegeGranted(nsTarget *target, nsIPrincipal *prin, void *data)
{
nsPrivilege * privilege = this->GetPrincipalPrivilege(target, prin, data);
return (privilege->isAllowed()) ? PR_TRUE : PR_FALSE;
nsIPrivilege * privilege = this->GetPrincipalPrivilege(target, prin, data);
PRBool allowed;
privilege->IsAllowed(& allowed);
return (allowed) ? PR_TRUE : PR_FALSE;
}
PRBool
@ -528,8 +602,8 @@ PRBool
nsPrivilegeManager::CheckPrivilegeGranted(void* context, nsTarget *target, PRInt32 callerDepth, void *data)
{
nsPrincipalArray* callerPrinArray = GetClassPrincipalsFromStack(context, callerDepth);
nsPermissionState privilege = GetPrincipalPrivilege(target, callerPrinArray, data);
return (privilege == nsPermissionState_Allowed) ? PR_TRUE : PR_FALSE;
PRInt16 privilegeState = GetPrincipalPrivilege(target, callerPrinArray, data);
return (privilegeState == nsIPrivilege::PrivilegeState_Allowed) ? PR_TRUE : PR_FALSE;
}
nsPrivilegeManager *
@ -584,7 +658,7 @@ nsPrivilegeManager::GetUnknownPrincipal(void)
return theUnknownPrincipal;
}
nsSetComparisonType
PRInt16
nsPrivilegeManager::ComparePrincipalArray(nsPrincipalArray * p1, nsPrincipalArray * p2)
{
nsHashtable *p2Hashtable = new nsHashtable();
@ -600,16 +674,16 @@ nsPrivilegeManager::ComparePrincipalArray(nsPrincipalArray * p1, nsPrincipalArra
prin = (nsIPrincipal *)p1->Get(i);
PrincipalKey prinKey(prin);
value = (PRBool)p2Hashtable->Get(&prinKey);
if (!value) return nsSetComparisonType_NoSubset;
if (!value) return nsPrivilegeManager::SetComparisonType_NoSubset;
if (value == PR_TRUE) p2Hashtable->Put(&prinKey, (void *)PR_FALSE);
}
for (i = p2->GetSize(); i-- > 0;) {
prin = (nsIPrincipal *)p2->Get(i);
PrincipalKey prinKey(prin);
value = (PRBool)p2Hashtable->Get(&prinKey);
if (value == PR_TRUE) return nsSetComparisonType_ProperSubset;
if (value == PR_TRUE) return nsPrivilegeManager::SetComparisonType_ProperSubset;
}
return nsSetComparisonType_Equal;
return nsPrivilegeManager::SetComparisonType_Equal;
}
nsPrincipalArray*
@ -690,14 +764,13 @@ nsPrivilegeManager::CheckMatchPrincipal(nsIPrincipal * prin, PRInt32 callerDepth
return this->CheckMatchPrincipal(NULL, prin, callerDepth);
}
PRBool
nsPrivilegeManager::CheckMatchPrincipal(void * context, nsIPrincipal * prin, PRInt32 callerDepth)
{
nsPrincipalArray *prinArray = new nsPrincipalArray();
prinArray->Add(prin);
nsPrincipalArray *classPrinArray = this->GetClassPrincipalsFromStack(context, callerDepth);
return (this->ComparePrincipalArray(prinArray, classPrinArray) != nsSetComparisonType_NoSubset) ? PR_TRUE : PR_FALSE;
nsPrincipalArray *prinArray = new nsPrincipalArray();
prinArray->Add(prin);
nsPrincipalArray *classPrinArray = this->GetClassPrincipalsFromStack(context, callerDepth);
return (this->ComparePrincipalArray(prinArray, classPrinArray) != nsPrivilegeManager::SetComparisonType_NoSubset) ? PR_TRUE : PR_FALSE;
}
static PRBool
@ -748,14 +821,15 @@ nsPrivilegeManager::GetPrincipalFromString(char *prinName)
static PRBool
GetPermissionsString(nsHashKey * aKey, void * aData, void * closure)
{
/* Admin UI */
/*
TargetKey *targetKey = (TargetKey *) aKey;
nsTarget *target = targetKey->itsTarget;
nsPrivilege *priv = (nsPrivilege *)aData;
nsIPrivilege * priv = (nsIPrivilege *)aData;
char * desc = target->GetDescription();
if (priv->isAllowedForever()) gForever = PR_sprintf_append(gForever, "<option>%s", desc);
else if (priv->isForbiddenForever()) gDenied = PR_sprintf_append(gDenied, "<option>%s", desc);
else if (priv->isAllowed()) gSession = PR_sprintf_append(gSession, "<option>%s", desc);
*/
return PR_TRUE;
}
@ -876,42 +950,41 @@ nsPrivilegeManager::EnablePrivilegePrivate(void* context, nsTarget *target, nsIP
? PR_FALSE : PR_TRUE;
}
nsPermissionState
nsPrivilegeManager::GetPrincipalPrivilege(nsTarget *target, nsPrincipalArray* callerPrinArray,
void *data)
PRInt16
nsPrivilegeManager::GetPrincipalPrivilege(nsTarget * target, nsPrincipalArray * callerPrinArray, void *data)
{
nsPrivilege *privilege;
nsIPrivilege * privilege;
nsIPrincipal * principal;
PRBool isAllowed = PR_FALSE;
for (int i = callerPrinArray->GetSize(); i-- > 0; ) {
principal = (nsIPrincipal *)callerPrinArray->Get(i);
privilege = this->GetPrincipalPrivilege(target, principal, data);
if (privilege == NULL) continue;
switch(privilege->getPermission()) {
case nsPermissionState_Allowed: isAllowed = PR_TRUE;
case nsPermissionState_Blank: continue;
PRInt16 privilegeState;
privilege->GetState(& privilegeState);
switch(privilegeState) {
case nsIPrivilege::PrivilegeState_Allowed: isAllowed = PR_TRUE;
case nsIPrivilege::PrivilegeState_Blank: continue;
default: PR_ASSERT(FALSE);
case nsPermissionState_Forbidden: return nsPermissionState_Forbidden;
case nsIPrivilege::PrivilegeState_Forbidden: return nsIPrivilege::PrivilegeState_Forbidden;
}
}
return isAllowed ? nsPermissionState_Allowed : nsPermissionState_Blank;
return (isAllowed) ? (PRInt16)nsIPrivilege::PrivilegeState_Allowed : (PRInt16)nsIPrivilege::PrivilegeState_Blank;
}
nsPrivilege *
nsPrivilegeManager::GetPrincipalPrivilege(nsTarget *target,nsIPrincipal * prin, void *data)
nsIPrivilege *
nsPrivilegeManager::GetPrincipalPrivilege(nsTarget *target, nsIPrincipal * prin, void *data)
{
if ( (prin == NULL) || (target == NULL) )
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
if (this->GetSystemPrincipal() == prin)
return nsPrivilege::findPrivilege(nsPermissionState_Allowed, nsDurationState_Session);
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Allowed, nsIPrivilege::PrivilegeDuration_Session);
PrincipalKey prinKey(prin);
nsPrivilegeTable *privTable = (nsPrivilegeTable *) itsPrinToPrivTable->Get(&prinKey);
if (privTable == NULL)
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
nsTarget * tempTarget = nsTarget::FindTarget(target);
if (tempTarget != target)
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
return privTable->Get(target);
}
@ -920,12 +993,12 @@ nsPrivilegeManager::IsPermissionGranted(nsTarget *target,
nsPrincipalArray* callerPrinArray,
void *data)
{
nsPermissionState privilege = this->GetPrincipalPrivilege(target, callerPrinArray, data);
switch(privilege) {
case nsPermissionState_Allowed: return PR_TRUE;
PRInt16 privilegeState = this->GetPrincipalPrivilege(target, callerPrinArray, data);
switch(privilegeState) {
case nsIPrivilege::PrivilegeState_Allowed: return PR_TRUE;
default: PR_ASSERT(PR_FALSE);
case nsPermissionState_Forbidden:
case nsPermissionState_Blank: return PR_FALSE;
case nsIPrivilege::PrivilegeState_Forbidden:
case nsIPrivilege::PrivilegeState_Blank: return PR_FALSE;
}
}
@ -940,6 +1013,7 @@ char *
nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetArray,
PRInt32 callerDepth, void *data)
{
/*
struct NSJSJavaFrameWrapper *wrapper = NULL;
nsTarget *target;
nsPrivilegeTable *annotation;
@ -965,11 +1039,9 @@ nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetA
for ((*nsCapsGetStartFrameCallback)(wrapper);
(!(*nsCapsIsEndOfFrameCallback)(wrapper));
)
{
if ((*nsCapsIsValidFrameCallback)(wrapper)) {
if (depth >= callerDepth) {
scopePerm = nsPermissionState_Blank;
prinPerm = nsPermissionState_Blank;
scopePerm = prinPerm = nsIPrivilege::PrivilegeState_Blank;
for (idx = 0; idx < noOfTargets; idx++) {
target = (nsTarget *)targetArray->Get(idx);
if (!target) {
@ -979,13 +1051,11 @@ nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetA
annotation =(nsPrivilegeTable *) (*nsCapsGetAnnotationCallback)(wrapper);
prinArray = (nsPrincipalArray *) (*nsCapsGetPrincipalArrayCallback)(wrapper);
/*
* When the Registration Mode flag is enabled, we allow secure
* operations if and only iff the principal codebase is 'file:'.
* That means we load files only after recognizing that they
* reside on local harddrive. Any other code is considered as
* dangerous and an exception will be thrown in such cases.
*/
if ((nsCapsGetRegistrationModeFlag()) && (prinArray != NULL)){
noOfPrincipals = prinArray->GetSize();
for (idx=0; idx < noOfPrincipals; idx++){
@ -998,7 +1068,6 @@ nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetA
}
}
}
/*
* frame->annotation holds a PrivilegeTable, describing
* the scope privileges of this frame. We'll check
* if it permits the target, and if so, we just return.
@ -1013,24 +1082,20 @@ nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetA
* insures that we don't have a non-permitted (attacker)
* class somewhere in the call chain between the request
* for scope privilege and the chedk for privilege.
*/
/*
* If there isn't a annotation, then we assume the default
* value of blank and avoid allocating a new annotation.
*/
if (annotation) {
privilege = annotation->Get(target);
PR_ASSERT(privilege != NULL);
perm = privilege->getPermission();
perm = privilege->etPermission();
scopePerm = nsPrivilege::add(perm, scopePerm);
}
if (prinArray != NULL) {
/* XXX: We need to allow sub-classing of Target, so that
XXX: We need to allow sub-classing of Target, so that
* we would call the method on Developer Sub-class'ed Target.
* That would allow us to implement Parameterized targets
* May be checkPrivilegeEnabled should go back into Java.
*/
privilege = target->CheckPrivilegeEnabled(prinArray,data);
PR_ASSERT(privilege != NULL);
perm = privilege->getPermission();
@ -1041,20 +1106,18 @@ nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetA
? saw_non_system_code = PR_TRUE : saw_unsigned_principal = PR_TRUE;
}
}
if (scopePerm == nsPermissionState_Allowed) goto done;
if ((scopePerm == nsPermissionState_Forbidden) ||
if (scopePerm == nsIPrivilege::PrivilegeState_Allowed) goto done;
if ((scopePerm == nsIPrivilege::PrivilegeState_Forbidden) ||
(saw_non_system_code &&
(prinPerm != nsPermissionState_Allowed))) {
(prinPerm != nsIPrivilege::PrivilegeState_Allowed))) {
errMsg = "access to target forbidden";
goto done;
}
}
}
// if (!(* nsCapsGetNextFrameCallback)(wrapper, &depth)) break;
/*
* If we get here, there is no non-blank capability on the stack,
* and there is no ClassLoader, thus give privilege for now
*/
if (saw_non_system_code) {
errMsg = "access to target forbidden. Target was not enabled on stack (stack included non-system code)";
goto done;
@ -1062,13 +1125,13 @@ nsPrivilegeManager::CheckPrivilegeEnabled(void *context, nsTargetArray * targetA
if (CMGetBoolPref("signed.applets.local_classes_have_30_powers")) goto done;
errMsg = "access to target forbidden. Target was not enabled on stack (stack included only system code)";
done:
/*
* If the Registration Mode flag is set and principals have
* 'file:' code base, we set the error message to NULL.
*/
if ((nsCapsGetRegistrationModeFlag()) && !(saw_dangerous_code)) errMsg = NULL;
(*nsCapsFreeNSJSJavaFrameWrapperCallback)(wrapper);
return errMsg;
*/
return NULL;
}
nsPrincipalArray *
@ -1294,7 +1357,7 @@ RDF_RemovePrincipalsPrivilege(nsIPrincipal * prin, nsTarget *target)
/* The following methods are used to save and load the persistent store */
void
nsPrivilegeManager::Save(nsIPrincipal * prin, nsTarget *target, nsPrivilege *newPrivilege)
nsPrivilegeManager::Save(nsIPrincipal * prin, nsTarget *target, nsIPrivilege *newPrivilege)
{
PRBool eq;
prin->Equals(this->GetSystemPrincipal(), &eq);

View File

@ -19,10 +19,6 @@
#include "nsPrivilegeTable.h"
#include "nsPrivilegeManager.h"
//
// PUBLIC METHODS
//
nsPrivilegeTable::nsPrivilegeTable(void)
{
this->itsTable = NULL;
@ -32,7 +28,6 @@ nsPrivilegeTable::~nsPrivilegeTable(void)
{
/* XXX: We need to incr and decr objects that we put into this hashtable.
* There is a big memory leak.
*
* We need to delete all the entries in the privilege Table
*/
if (this->itsTable) delete this->itsTable;
@ -42,44 +37,45 @@ nsPrivilegeTable::~nsPrivilegeTable(void)
PRInt32
nsPrivilegeTable::Size(void)
{
return (itsTable != NULL) ? itsTable->Count() : 0;
return (this->itsTable != NULL) ? this->itsTable->Count() : 0;
}
PRBool
nsPrivilegeTable::IsEmpty(void)
{
return ((itsTable == NULL) && (itsTable->Count() == 0)) ? PR_TRUE : PR_FALSE;
return ((this->itsTable == NULL) && (this->itsTable->Count() == 0)) ? PR_TRUE : PR_FALSE;
}
nsPrivilege *
nsIPrivilege *
nsPrivilegeTable::Get(nsTarget *target)
{
if (itsTable == NULL)
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
TargetKey targKey(target);
nsPrivilege *priv = (nsPrivilege *) itsTable->Get(&targKey);
nsIPrivilege * priv = (nsIPrivilege *) this->itsTable->Get(& targKey);
return (priv == NULL)
? nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session) : priv;
? nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session)
: priv;
}
nsPrivilege *
nsPrivilegeTable::Put(nsTarget * target, nsPrivilege * priv)
nsIPrivilege *
nsPrivilegeTable::Put(nsTarget * target, nsIPrivilege * priv)
{
nsCaps_lock();
if (itsTable == NULL) this->itsTable = new nsHashtable();
TargetKey targKey(target);
nsPrivilege *priv2 = (nsPrivilege *)itsTable->Put(&targKey, (void *)priv);
nsCaps_unlock();
return priv2;
nsCaps_lock();
if (itsTable == NULL) this->itsTable = new nsHashtable();
TargetKey targKey(target);
nsIPrivilege * priv2 = (nsIPrivilege *)this->itsTable->Put(& targKey, (void *)priv);
nsCaps_unlock();
return priv2;
}
nsPrivilege *
nsPrivilegeTable::Remove(nsTarget *target)
nsIPrivilege *
nsPrivilegeTable::Remove(nsTarget * target)
{
if (itsTable == NULL) return NULL;
TargetKey targKey(target);
nsCaps_lock();
nsPrivilege *priv = (nsPrivilege *)itsTable->Remove(&targKey);
nsIPrivilege * priv = (nsIPrivilege *)this->itsTable->Remove(& targKey);
nsCaps_unlock();
return priv;
}
@ -87,21 +83,20 @@ nsPrivilegeTable::Remove(nsTarget *target)
nsPrivilegeTable *
nsPrivilegeTable::Clone(void)
{
nsCaps_lock();
nsPrivilegeTable *newbie = new nsPrivilegeTable();
if (itsTable != NULL) newbie->itsTable = itsTable->Clone();
nsCaps_unlock();
return newbie;
nsCaps_lock();
nsPrivilegeTable *newbie = new nsPrivilegeTable();
if (itsTable != NULL) newbie->itsTable = itsTable->Clone();
nsCaps_unlock();
return newbie;
}
void
nsPrivilegeTable::Clear(void)
{
/* XXX: free the entries also */
nsCaps_lock();
delete itsTable;
itsTable = NULL;
nsCaps_unlock();
/* XXX: free the entries also */
nsCaps_lock();
if (this->itsTable) delete this->itsTable;
nsCaps_unlock();
}
void

View File

@ -17,16 +17,14 @@
*/
#include "nsSystemPrivilegeTable.h"
//
// PUBLIC METHODS
//
#include "nsPrivilegeManager.h"
nsSystemPrivilegeTable::nsSystemPrivilegeTable(void) : nsPrivilegeTable()
{
}
nsPrivilege * nsSystemPrivilegeTable::get(nsTarget *a)
nsIPrivilege *
nsSystemPrivilegeTable::Get(nsTarget *a)
{
return nsPrivilege::findPrivilege(nsPermissionState_Allowed, nsDurationState_Forever);
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Allowed, nsIPrivilege::PrivilegeDuration_Forever);
}

View File

@ -770,37 +770,39 @@ nsTarget::FindTarget(char * name, nsIPrincipal * prin)
return ret_val;
}
nsPrivilege *
//WHAT THE HELL IS VOID * DATA????????????????????????????????????????????????????
nsIPrivilege *
nsTarget::CheckPrivilegeEnabled(nsPrincipalArray * prinArray, void * data)
{
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
}
nsPrivilege *
nsIPrivilege *
nsTarget::CheckPrivilegeEnabled(nsPrincipalArray* prinArray)
{
return this->CheckPrivilegeEnabled(prinArray, NULL);
}
nsPrivilege *
nsIPrivilege *
nsTarget::CheckPrivilegeEnabled(nsIPrincipal *p, void *data)
{
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
}
nsPrivilege *
nsIPrivilege *
nsTarget::EnablePrivilege(nsIPrincipal * prin, void *data)
{
PRBool eq;
itsPrincipal->Equals(prin, & eq);
return (eq) ? nsPrivilege::findPrivilege(nsPermissionState_Allowed, nsDurationState_Session)
: nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
return (eq) ? nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Allowed, nsIPrivilege::PrivilegeDuration_Session)
: nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
}
nsPrivilege *
nsIPrivilege *
nsTarget::GetPrincipalPrivilege(nsIPrincipal * prin, void *data)
{
return nsPrivilege::findPrivilege(nsPermissionState_Blank, nsDurationState_Session);
return nsPrivilegeManager::FindPrivilege(nsIPrivilege::PrivilegeState_Blank, nsIPrivilege::PrivilegeDuration_Session);
}
nsTargetArray *

View File

@ -33,7 +33,7 @@ static PRBool displayUI=PR_FALSE;
static nsPermState
displayPermissionDialog(char *prinStr, char *targetStr, char *riskStr, PRBool isCert, void *cert)
{
return nsJSJavaDisplayDialog(prinStr, targetStr, riskStr, isCert, cert);
return nsJSJavaDisplayDialog(prinStr, targetStr, riskStr, isCert, cert);
}
@ -41,62 +41,25 @@ displayPermissionDialog(char *prinStr, char *targetStr, char *riskStr, PRBool is
} /* extern "C" */
#endif /* __cplusplus */
//
// PUBLIC METHODS
//
nsUserTarget::~nsUserTarget(void)
{
}
#define OPTION "<option>"
nsPrivilege *
nsUserTarget::EnablePrivilege(nsIPrincipal *prin, void *data)
nsIPrivilege *
nsUserTarget::EnablePrivilege(nsIPrincipal * prin, void *data)
{
char * riskStr = this->GetRisk();
char * desc = this->GetDescription();
char * prinStr;
prin->ToString(& prinStr);
char * targetStr = new char[strlen(OPTION) + strlen(desc) + 1];
XP_STRCPY(targetStr, OPTION);
XP_STRCAT(targetStr, desc);
PRInt16 prinType;
prin->GetType(& prinType);
// void *cert;
// if(prinType == (PRInt16) nsIPrincipal::PrincipalType_Certificate)
// cert = ((nsICertificatePrincipal *) prin)->GetCertificate();
nsPermState permState = nsPermState_AllowedSession;
/*
* Check Registration Mode flag and the url code base
* to set permission state
*/
// if ((nsCapsGetRegistrationModeFlag()) && (prin != NULL)) {
// if (prinType == (PRInt16) nsIPrincipal::PrincipalType_Codebase) permState = nsPermState_AllowedSession;
// } else if (displayUI) {
/* set displayUI to TRUE, to enable UI */
// nsCaps_lock();
// permState = displayPermissionDialog(prinStr, targetStr, riskStr,
// isCert, cert);
// nsCaps_unlock();
// }
nsPermissionState permVal;
nsDurationState durationVal;
if (permState == nsPermState_AllowedForever) {
permVal = nsPermissionState_Allowed;
durationVal = nsDurationState_Forever;
} else if (permState == nsPermState_AllowedSession) {
permVal = nsPermissionState_Allowed;
durationVal = nsDurationState_Session;
} else if (permState == nsPermState_ForbiddenForever) {
permVal = nsPermissionState_Forbidden;
durationVal = nsDurationState_Forever;
} else {
permVal = nsPermissionState_Blank;
durationVal = nsDurationState_Session;
}
delete []targetStr;
return nsPrivilege::findPrivilege(permVal, durationVal);
PRInt16 privState = nsIPrivilege::PrivilegeState_Allowed;
PRInt16 privDuration = nsIPrivilege::PrivilegeDuration_Session;
if ((nsCapsGetRegistrationModeFlag()) && (prin != NULL)) {
if (prinType == (PRInt16) nsIPrincipal::PrincipalType_CodebaseExact
||
prinType == (PRInt16) nsIPrincipal::PrincipalType_CodebaseRegex) {
privState = nsIPrivilege::PrivilegeState_Allowed;
privDuration = nsIPrivilege::PrivilegeDuration_Session;
}
}
return nsPrivilegeManager::FindPrivilege(privState, privDuration);
}

View File

@ -25,6 +25,7 @@
#include "nsIScriptObjectOwner.h"
#include "nspr.h"
#include "plstr.h"
#include "nsPrivilegeManager.h"
#include "nsIScriptGlobalObject.h"
#include "nsIScriptGlobalObjectData.h"
#include "nsIPref.h"
@ -492,7 +493,7 @@ nsJSSecurityManager::CanAccessTarget(JSContext *aCx, PRInt16 aTarget, PRBool* aR
PRBool
nsJSSecurityManager::PrincipalsCanAccessTarget(JSContext *aCx, PRInt16 aTarget)
{
struct nsPrivilegeTable *annotation;
nsPrivilegeTable * annotation;
JSStackFrame *fp;
void *annotationRef;
void *principalArray = nsnull;
@ -552,7 +553,7 @@ nsJSSecurityManager::PrincipalsCanAccessTarget(JSContext *aCx, PRInt16 aTarget)
}
if (annotationRef) {
annotation = (struct nsPrivilegeTable *)annotationRef;
annotation = (nsPrivilegeTable *)annotationRef;
}
else {
#ifdef OJI
@ -1909,10 +1910,10 @@ nsJSSecurityManager::PrincipalsEqual(JSContext *aCx, JSPrincipals *aPrinA, JSPri
void* arrayA = aPrinA->getPrincipalArray(aCx, aPrinA);
void* arrayB = aPrinB->getPrincipalArray(aCx, aPrinB);
nsSetComparisonType prinCompare;
mCapsManager->ComparePrincipalArray(arrayA, arrayB, &prinCompare);
PRInt16 comparisonType;
mCapsManager->ComparePrincipalArray(arrayA, arrayB, & comparisonType);
return (PRBool)(nsSetComparisonType_Equal == prinCompare);
return (PRBool)(nsPrivilegeManager::SetComparisonType_Equal == comparisonType);
}
/*******************************************************************************