mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

XP_COM interfaces for JS calls into CAPS

This commit is contained in:
raman%netscape.com 1998-11-23 00:27:00 +00:00
Родитель d21ed0a69d
Коммит 5b7786e40c
13 изменённых файлов: 813 добавлений и 74 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

146
caps/include/nsCCapsManager.h
Просмотреть файл

@ -97,14 +97,160 @@ public:
NS_IMETHOD
AskPermission(nsIPrincipal* prin, nsITarget* target, nsPermission *result);
/*
* All of the following methods are used by JS (the code located
* in lib/libmocha area).
*/
/**
* Initializes the capabilities subsytem (ie setting the system principal, initializing
* privilege Manager, creating the capsManager factory etc
*
* @param result - is true if principal was successfully registered with the system
*/
NS_IMETHOD
Initialize(PRBool *result);
/**
* Registers the given Principal with the system.
*
* @param prin - is either certificate principal or codebase principal
* @param result - is true if principal was successfully registered with the system
*/
NS_IMETHOD
RegisterPrincipal(nsIPrincipal* prin, PRBool *result);
/**
* Prompts the user if they want to grant permission for the principal located
* at the given stack depth for the given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param result - is true if user has given permission for the given principal and
* target
*/
NS_IMETHOD
EnablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result);
/**
* Returns if the user granted permission for the principal located at the given
* stack depth for the given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param result - is true if user has given permission for the given principal and
* target
*/
NS_IMETHOD
IsPrivilegeEnabled(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result);
/**
* Reverts the permission (granted/denied) user gave for the principal located
* at the given stack depth for the given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param result - is true if user has given permission for the given principal and
* target
*/
NS_IMETHOD
RevertPrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result);
/**
* Disable permissions for the principal located at the given stack depth for the
* given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param result - is true if user has given permission for the given principal and
* target
*/
NS_IMETHOD
DisablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result);
/* XXX: Some of the arguments for the following interfaces may change.
* This is a first cut. I need to talk to joki. We should get rid of void* parameters.
*/
NS_IMETHOD
ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetComparisonType *result);
NS_IMETHOD
IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *result);
NS_IMETHOD
CanExtendTrust(void* fromPrinArray, void* toPrinArray, PRBool *result);
/* interfaces for nsIPrincipal object, may be we should move some of them to nsIprincipal */
NS_IMETHOD
NewPrincipal(nsPrincipalType type, void* key, PRUint32 key_len, void *zig, nsIPrincipal* *result);
NS_IMETHOD
IsCodebaseExact(nsIPrincipal* principal, PRBool *result);
NS_IMETHOD
ToString(nsIPrincipal* principal, char* *result);
NS_IMETHOD
GetVendor(nsIPrincipal* principal, char* *result);
NS_IMETHOD
NewPrincipalArray(PRUint32 count, void* *result);
NS_IMETHOD
FreePrincipalArray(void *prinArray);
NS_IMETHOD
GetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* *result);
NS_IMETHOD
SetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* principal);
NS_IMETHOD
GetPrincipalArraySize(void *prinArrayArg, PRUint32 *result);
/* The following interfaces will replace all of the following old calls.
*
* nsCapsGetPermission(struct nsPrivilege *privilege)
* nsCapsGetPrivilege(struct nsPrivilegeTable *annotation, struct nsTarget *target)
*
*/
NS_IMETHOD
IsAllowed(void *annotation, char* target, PRBool *result);
/* XXX: TODO: We need to set up the JS frame walking callbacks */
////////////////////////////////////////////////////////////////////////////
// from nsCCapsManager:
nsCCapsManager(nsISupports *aOuter);
virtual ~nsCCapsManager(void);
void
CreateNSPrincipalArray(nsPrincipalArray* prinArray,
nsPrincipalArray* *pPrincipalArray);
NS_METHOD
GetNSPrincipal(nsIPrincipal* pNSIPrincipal, nsPrincipal **ppNSPRincipal);
NS_METHOD
nsCCapsManager::GetNSPrincipalArray(nsPrincipalArray* prinArray,
nsPrincipalArray* *pPrincipalArray);
nsPermission
ConvertPrivilegeToPermission(nsPrivilege *pNSPrivilege);

2
caps/include/nsCCertPrincipal.h
Просмотреть файл

@ -105,6 +105,8 @@ public:
////////////////////////////////////////////////////////////////////////////
// from nsCCertPrincipal:
nsCCertPrincipal(const unsigned char **certChain, PRUint32 *certChainLengths, PRUint32 noOfCerts, nsresult *result);
nsCCertPrincipal(nsPrincipal *pNSPrincipal);
virtual ~nsCCertPrincipal(void);
nsPrincipal *GetPeer(void);

2
caps/include/nsCCodebasePrincipal.h
Просмотреть файл

@ -51,6 +51,8 @@ public:
// from nsCCodebasePrincipal:
nsCCodebasePrincipal(const char *codebaseURL, nsresult *result);
nsCCodebasePrincipal(nsPrincipal *pNSPrincipal);
virtual ~nsCCodebasePrincipal(void);
nsPrincipal *GetPeer(void);

49
caps/include/nsCapsEnums.h
Просмотреть файл

@ -19,53 +19,6 @@
#ifndef _NS_CAPS_ENUMS_H_
#define _NS_CAPS_ENUMS_H_
typedef enum nsSetComparisonType {
nsSetComparisonType_ProperSubset=-1,
nsSetComparisonType_Equal=0,
nsSetComparisonType_NoSubset=1
} nsSetComparisonType;
/**
* number of possible permissions (allowed, forbidden, or blank)
*
* The code in nsPrivilegeInitialize assumes that nsPermissionState
* are ordered sequentially from 0 to N.
*
*/
typedef enum nsPermissionState {
nsPermissionState_Forbidden = 0,
nsPermissionState_Allowed,
nsPermissionState_Blank,
nsPermissionState_NumberOfPermissions
} nsPermissionState;
/**
* number of possible durations (scope, session, or forever)
*
* The code in nsPrivilegeInitialize assumes that nsDurationState
* are ordered sequentially from 0 to N.
*
*/
typedef enum nsDurationState {
nsDurationState_Scope=0,
nsDurationState_Session,
nsDurationState_Forever,
nsDurationState_NumberOfDurations
} nsDurationState;
/* The following should match what is in nsJVM plugin's java security code */
typedef enum nsPrincipalType {
nsPrincipalType_Unknown=-1,
nsPrincipalType_CodebaseExact=10,
nsPrincipalType_CodebaseRegexp,
nsPrincipalType_Cert,
nsPrincipalType_CertFingerPrint,
nsPrincipalType_CertKey,
/* CertChain principal is being added for Javasoft's JVM. They will pass the
* whole chain to the nsPrincipal constructor.
*/
nsPrincipalType_CertChain
} nsPrincipalType;
#include "nsCapsPublicEnums.h"
#endif /* _NS_CAPS_ENUMS_H_ */

1
caps/public/MANIFEST
Просмотреть файл

@ -3,3 +3,4 @@ nsICertPrincipal.h
nsICodebasePrincipal.h
nsICodeSourcePrincipal.h
nsIPrincipal.h
nsCapsPublicEnums.h

3
caps/public/Makefile
Просмотреть файл

@ -22,7 +22,8 @@ EXPORTS = nsIPrincipal.h \
nsICodebasePrincipal.h \
nsICertPrincipal.h \
nsICapsManager.h \
nsICodeSourcePrincipal.h
nsICodeSourcePrincipal.h \
nsCapsPublicEnums.h

3
caps/public/Makefile.in
Просмотреть файл

@ -27,7 +27,8 @@ EXPORTS = nsIPrincipal.h \
nsICodebasePrincipal.h \
nsICertPrincipal.h \
nsICapsManager.h \
nsICodeSourcePrincipal.h
nsICodeSourcePrincipal.h \
nsCapsPublicEnums.h
EXPORTS := $(addprefix $(srcdir)/, $(EXPORTS))

3
caps/public/makefile.win
Просмотреть файл

@ -33,7 +33,8 @@ EXPORTS= \
nsICodebasePrincipal.h \
nsICertPrincipal.h \
nsICapsManager.h \
nsICodeSourcePrincipal.h
nsICodeSourcePrincipal.h \
nsCapsPublicEnums.h
include <$(DEPTH)/config/rules.mak>

81
caps/public/nsCapsPublicEnums.h Normal file
Просмотреть файл

@ -0,0 +1,81 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All Rights
* Reserved.
*/
#ifndef _NS_CAPS_PUBLIC_ENUMS_H_
#define _NS_CAPS_PUBLIC_ENUMS_H_
enum nsPermission {
nsPermission_Unknown,
nsPermission_AllowedSession,
nsPermission_DeniedSession,
nsPermission_AllowedForever,
nsPermission_DeniedForever
};
/**
* number of possible permissions (allowed, forbidden, or blank)
*
* The code in nsPrivilegeInitialize assumes that nsPermissionState
* are ordered sequentially from 0 to N.
*
*/
typedef enum nsPermissionState {
nsPermissionState_Forbidden = 0,
nsPermissionState_Allowed,
nsPermissionState_Blank,
nsPermissionState_NumberOfPermissions
} nsPermissionState;
/**
* number of possible durations (scope, session, or forever)
*
* The code in nsPrivilegeInitialize assumes that nsDurationState
* are ordered sequentially from 0 to N.
*
*/
typedef enum nsDurationState {
nsDurationState_Scope=0,
nsDurationState_Session,
nsDurationState_Forever,
nsDurationState_NumberOfDurations
} nsDurationState;
typedef enum nsSetComparisonType {
nsSetComparisonType_ProperSubset=-1,
nsSetComparisonType_Equal=0,
nsSetComparisonType_NoSubset=1
} nsSetComparisonType;
/* The following should match what is in nsJVM plugin's java security code */
typedef enum nsPrincipalType {
nsPrincipalType_Unknown=-1,
nsPrincipalType_CodebaseExact=10,
nsPrincipalType_CodebaseRegexp,
nsPrincipalType_Cert,
nsPrincipalType_CertFingerPrint,
nsPrincipalType_CertKey,
/* CertChain principal is being added for Javasoft's JVM. They will pass the
* whole chain to the nsPrincipal constructor.
*/
nsPrincipalType_CertChain
} nsPrincipalType;
#endif /* _NS_CAPS_PUBLIC_ENUMS_H_ */

142
caps/public/nsICapsManager.h
Просмотреть файл

@ -22,18 +22,12 @@
#include "nsISupports.h"
#include "nsIFactory.h"
#include "nsIPrincipal.h"
#include "nsCapsPublicEnums.h"
class nsITarget;
#define NS_ALL_PRIVILEGES ((nsITarget*)NULL)
enum nsPermission {
nsPermission_Unknown,
nsPermission_AllowedSession,
nsPermission_DeniedSession,
nsPermission_AllowedForever,
nsPermission_DeniedForever
};
/**
* The nsICapsManager interface is used to construct and manage principals.
@ -123,6 +117,140 @@ public:
NS_IMETHOD
AskPermission(nsIPrincipal* prin, nsITarget* target, nsPermission *result) = 0;
/*
* All of the following methods are used by JS (the code located
* in lib/libmocha area).
*/
/**
* Initializes the capabilities subsytem (ie setting the system principal, initializing
* privilege Manager, creating the capsManager factory etc
*
* @param result - is true if principal was successfully registered with the system
*/
NS_IMETHOD
Initialize(PRBool *result) = 0;
/**
* Registers the given Principal with the system.
*
* @param prin - is either certificate principal or codebase principal
* @param result - is true if principal was successfully registered with the system
*/
NS_IMETHOD
RegisterPrincipal(nsIPrincipal* prin, PRBool *result) = 0;
/**
* Prompts the user if they want to grant permission for the principal located
* at the given stack depth for the given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param result - is true if user has given permission for the given principal and
* target
*/
NS_IMETHOD
EnablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result) = 0;
/**
* Returns if the user granted permission for the principal located at the given
* stack depth for the given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param result - is true if user has given permission for the given principal and
* target
*/
NS_IMETHOD
IsPrivilegeEnabled(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result) = 0;
/**
* Reverts the permission (granted/denied) user gave for the principal located
* at the given stack depth for the given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param result - is true if user has given permission for the given principal and
* target
*/
NS_IMETHOD
RevertPrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result) = 0;
/**
* Disable permissions for the principal located at the given stack depth for the
* given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param result - is true if user has given permission for the given principal and
* target
*/
NS_IMETHOD
DisablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result) = 0;
/* XXX: Some of the arguments for the following interfaces may change.
* This is a first cut. I need to talk to joki. We should get rid of void* parameters.
*/
NS_IMETHOD
ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetComparisonType *result) = 0;
NS_IMETHOD
IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *result) = 0;
NS_IMETHOD
CanExtendTrust(void* fromPrinArray, void* toPrinArray, PRBool *result) = 0;
/* interfaces for nsIPrincipal object, may be we should move some of them to nsIprincipal */
NS_IMETHOD
NewPrincipal(nsPrincipalType type, void* key, PRUint32 key_len, void *zig, nsIPrincipal* *result) = 0;
NS_IMETHOD
IsCodebaseExact(nsIPrincipal* principal, PRBool *result) = 0;
NS_IMETHOD
ToString(nsIPrincipal* principal, char* *result) = 0;
NS_IMETHOD
GetVendor(nsIPrincipal* principal, char* *result) = 0;
NS_IMETHOD
NewPrincipalArray(PRUint32 count, void* *result) = 0;
NS_IMETHOD
FreePrincipalArray(void *prinArray) = 0;
NS_IMETHOD
GetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* *result) = 0;
NS_IMETHOD
SetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* principal) = 0;
NS_IMETHOD
GetPrincipalArraySize(void *prinArrayArg, PRUint32 *result) = 0;
/* The following interfaces will replace all of the following old calls.
*
* nsCapsGetPermission(struct nsPrivilege *privilege)
* nsCapsGetPrivilege(struct nsPrivilegeTable *annotation, struct nsTarget *target)
*
*/
NS_IMETHOD
IsAllowed(void *annotation, char* target, PRBool *result) = 0;
/* XXX: TODO: We need to set up the JS frame walking callbacks */
};
#define NS_ICAPSMANAGER_IID \

445
caps/src/nsCCapsManager.cpp
Просмотреть файл

@ -23,6 +23,7 @@
#include "nsCCodebasePrincipal.h"
#include "nsCCertPrincipal.h"
#include "nsCCodeSourcePrincipal.h"
#include "nsCaps.h"
static NS_DEFINE_CID(kCCapsManagerCID, NS_CCAPSMANAGER_CID);
static NS_DEFINE_IID(kICapsManagerIID, NS_ICAPSMANAGER_IID);
@ -135,15 +136,15 @@ nsCCapsManager::GetPermission(nsIPrincipal* pNSIPrincipal,
}
if (m_pNSPrivilegeManager != NULL)
{
nsPrincipal *pNSPrinicipal = NULL;
result = GetNSPrincipal(pNSIPrincipal, &pNSPrinicipal);
nsPrincipal *pNSPrincipal = NULL;
result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
if( result != NS_OK)
{
return result;
}
nsPrivilege* privilege =
m_pNSPrivilegeManager->getPrincipalPrivilege(target, pNSPrinicipal,
m_pNSPrivilegeManager->getPrincipalPrivilege(target, pNSPrincipal,
NULL);
*state = ConvertPrivilegeToPermission(privilege);
}
@ -172,14 +173,14 @@ nsCCapsManager::SetPermission(nsIPrincipal* pNSIPrincipal,
}
if (m_pNSPrivilegeManager != NULL)
{
nsPrincipal *pNSPrinicipal = NULL;
result = GetNSPrincipal(pNSIPrincipal, &pNSPrinicipal);
nsPrincipal *pNSPrincipal = NULL;
result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
if( result != NS_OK)
{
return result;
}
nsPrivilege* privilege = ConvertPermissionToPrivilege(state);
m_pNSPrivilegeManager->SetPermission(pNSPrinicipal, target, privilege);
m_pNSPrivilegeManager->SetPermission(pNSPrincipal, target, privilege);
}
return NS_OK;
}
@ -207,21 +208,381 @@ nsCCapsManager::AskPermission(nsIPrincipal* pNSIPrincipal,
}
if (m_pNSPrivilegeManager != NULL)
{
nsPrincipal *pNSPrinicipal = NULL;
result = GetNSPrincipal(pNSIPrincipal, &pNSPrinicipal);
nsPrincipal *pNSPrincipal = NULL;
result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
if( result != NS_OK)
{
return result;
}
m_pNSPrivilegeManager->AskPermission(pNSPrinicipal,target, NULL);
m_pNSPrivilegeManager->AskPermission(pNSPrincipal,target, NULL);
nsPrivilege* privilege =
m_pNSPrivilegeManager->getPrincipalPrivilege(target, pNSPrinicipal,
m_pNSPrivilegeManager->getPrincipalPrivilege(target, pNSPrincipal,
NULL);
*state = ConvertPrivilegeToPermission(privilege);
}
return NS_OK;
}
/**
* Initializes the capabilities subsytem (ie setting the system principal, initializing
* privilege Manager, creating the capsManager factory etc
*
* @param result - is true if principal was successfully registered with the system
*/
NS_METHOD
nsCCapsManager::Initialize(PRBool *result)
{
*result = nsCapsInitialize();
return NS_OK;
}
/**
* Registers the given Principal with the system.
*
* @param prin - is either certificate principal or codebase principal
* @param result - is true if principal was successfully registered with the system
*/
NS_METHOD
nsCCapsManager::RegisterPrincipal(nsIPrincipal* pNSIPrincipal, PRBool *ret_val)
{
nsresult result = NS_OK;
if (m_pNSPrivilegeManager != NULL)
{
nsPrincipal *pNSPrincipal = NULL;
result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
if( result != NS_OK)
{
return result;
}
m_pNSPrivilegeManager->registerPrincipal(pNSPrincipal);
}
return NS_OK;
}
/**
* Prompts the user if they want to grant permission for the principal located
* at the given stack depth for the given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param ret_val - is true if user has given permission for the given principal and
* target
*/
NS_METHOD
nsCCapsManager::EnablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
{
nsTarget *target = nsTarget::findTarget((char*)targetName);
nsresult result = NS_OK;
if( target == NULL )
{
*ret_val = PR_FALSE;
return NS_OK;
}
if (m_pNSPrivilegeManager != NULL)
{
*ret_val = m_pNSPrivilegeManager->enablePrivilege(context, target, callerDepth);
}
return NS_OK;
}
/**
* Returns if the user granted permission for the principal located at the given
* stack depth for the given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param ret_val - is true if user has given permission for the given principal and
* target
*/
NS_METHOD
nsCCapsManager::IsPrivilegeEnabled(void* context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
{
nsTarget *target = nsTarget::findTarget((char*)targetName);
nsresult result = NS_OK;
if( target == NULL )
{
*ret_val = PR_FALSE;
return NS_OK;
}
if (m_pNSPrivilegeManager != NULL)
{
*ret_val = m_pNSPrivilegeManager->isPrivilegeEnabled(context, target, callerDepth);
}
return NS_OK;
}
/**
* Reverts the permission (granted/denied) user gave for the principal located
* at the given stack depth for the given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param ret_val - is true if user has given permission for the given principal and
* target
*/
NS_METHOD
nsCCapsManager::RevertPrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
{
nsTarget *target = nsTarget::findTarget((char*)targetName);
nsresult result = NS_OK;
if( target == NULL )
{
*ret_val = PR_FALSE;
return NS_OK;
}
if (m_pNSPrivilegeManager != NULL)
{
*ret_val = m_pNSPrivilegeManager->revertPrivilege(context, target, callerDepth);
}
return NS_OK;
}
/**
* Disable permissions for the principal located at the given stack depth for the
* given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param ret_val - is true if user has given permission for the given principal and
* target
*/
NS_METHOD
nsCCapsManager::DisablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
{
nsTarget *target = nsTarget::findTarget((char*)targetName);
nsresult result = NS_OK;
if( target == NULL )
{
*ret_val = PR_FALSE;
return NS_OK;
}
if (m_pNSPrivilegeManager != NULL)
{
*ret_val = m_pNSPrivilegeManager->disablePrivilege(context, target, callerDepth);
}
return NS_OK;
}
/* XXX: Some of the arguments for the following interfaces may change.
* This is a first cut. I need to talk to joki. We should get rid of void* parameters.
*/
NS_METHOD
nsCCapsManager::ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetComparisonType *ret_val)
{
nsresult result = NS_OK;
*ret_val = nsSetComparisonType_NoSubset;
if (m_pNSPrivilegeManager != NULL)
{
nsPrincipalArray *newPrin1Array=NULL;
nsPrincipalArray *newPrin2Array=NULL;
result = GetNSPrincipalArray((nsPrincipalArray*) prin1Array, &newPrin1Array);
if (result != NS_OK) {
return result;
}
result = GetNSPrincipalArray((nsPrincipalArray*) prin2Array, &newPrin2Array);
if (result != NS_OK) {
return result;
}
*ret_val = m_pNSPrivilegeManager->comparePrincipalArray(newPrin1Array, newPrin2Array);
nsCapsFreePrincipalArray(newPrin1Array);
nsCapsFreePrincipalArray(newPrin2Array);
}
return NS_OK;
}
NS_METHOD
nsCCapsManager::IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *ret_val)
{
nsresult result = NS_OK;
*ret_val = NULL;
if (m_pNSPrivilegeManager != NULL)
{
nsPrincipalArray *newPrin1Array=NULL;
nsPrincipalArray *newPrin2Array=NULL;
nsPrincipalArray *intersectPrinArray=NULL;
result = GetNSPrincipalArray((nsPrincipalArray*) prin1Array, &newPrin1Array);
if (result != NS_OK) {
return result;
}
result = GetNSPrincipalArray((nsPrincipalArray*) prin2Array, &newPrin2Array);
if (result != NS_OK) {
return result;
}
intersectPrinArray = m_pNSPrivilegeManager->intersectPrincipalArray(newPrin1Array,
newPrin2Array);
CreateNSPrincipalArray(intersectPrinArray, (nsPrincipalArray**)ret_val);
nsCapsFreePrincipalArray(newPrin1Array);
nsCapsFreePrincipalArray(newPrin2Array);
}
return NS_OK;
}
NS_METHOD
nsCCapsManager::CanExtendTrust(void* fromPrinArray, void* toPrinArray, PRBool *ret_val)
{
nsresult result = NS_OK;
*ret_val = nsSetComparisonType_NoSubset;
if (m_pNSPrivilegeManager != NULL)
{
nsPrincipalArray *newPrin1Array=NULL;
nsPrincipalArray *newPrin2Array=NULL;
result = GetNSPrincipalArray((nsPrincipalArray*) fromPrinArray, &newPrin1Array);
if (result != NS_OK) {
return result;
}
result = GetNSPrincipalArray((nsPrincipalArray*) toPrinArray, &newPrin2Array);
if (result != NS_OK) {
return result;
}
*ret_val = m_pNSPrivilegeManager->canExtendTrust(newPrin1Array, newPrin2Array);
nsCapsFreePrincipalArray(newPrin1Array);
nsCapsFreePrincipalArray(newPrin2Array);
}
return NS_OK;
}
/* interfaces for nsIPrincipal object, may be we should move some of them to nsIprincipal */
NS_METHOD
nsCCapsManager::NewPrincipal(nsPrincipalType type, void* key, PRUint32 key_len, void *zig, nsIPrincipal** ret_val)
{
nsIPrincipal* pNSIPrincipal;
nsPrincipal *pNSPrincipal = new nsPrincipal(type, key, key_len, zig);
if (pNSPrincipal->isCodebase()) {
pNSIPrincipal = (nsIPrincipal*)new nsCCodebasePrincipal(pNSPrincipal);
} else {
pNSIPrincipal = (nsIPrincipal*)new nsCCertPrincipal(pNSPrincipal);
}
*ret_val = pNSIPrincipal;
return NS_OK;
}
NS_METHOD
nsCCapsManager::IsCodebaseExact(nsIPrincipal* pNSIPrincipal, PRBool *ret_val)
{
nsresult result = NS_OK;
nsPrincipal *pNSPrincipal = NULL;
*ret_val = PR_FALSE;
result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
if( result != NS_OK) {
return result;
}
*ret_val = pNSPrincipal->isCodebaseExact();
return NS_OK;
}
NS_METHOD
nsCCapsManager::ToString(nsIPrincipal* pNSIPrincipal, char* *ret_val)
{
nsresult result = NS_OK;
nsPrincipal *pNSPrincipal = NULL;
*ret_val = NULL;
result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
if( result != NS_OK) {
return result;
}
*ret_val = pNSPrincipal->toString();
return NS_OK;
}
NS_METHOD
nsCCapsManager::GetVendor(nsIPrincipal* pNSIPrincipal, char* *ret_val)
{
nsresult result = NS_OK;
nsPrincipal *pNSPrincipal = NULL;
*ret_val = NULL;
result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
if( result != NS_OK) {
return result;
}
*ret_val = pNSPrincipal->getVendor();
return NS_OK;
}
NS_METHOD
nsCCapsManager::NewPrincipalArray(PRUint32 count, void* *ret_val)
{
*ret_val = nsCapsNewPrincipalArray(count);
return NS_OK;
}
NS_METHOD
nsCCapsManager::FreePrincipalArray(void *prinArray)
{
nsCapsFreePrincipalArray(prinArray);
return NS_OK;
}
NS_METHOD
nsCCapsManager::GetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* *ret_val)
{
nsIPrincipal* pNSIPrincipal;
nsPrincipal *pNSPrincipal = (nsPrincipal *)nsCapsGetPrincipalArrayElement(prinArrayArg, index);
if (pNSPrincipal->isCodebase()) {
pNSIPrincipal = (nsIPrincipal*)new nsCCodebasePrincipal(pNSPrincipal);
} else {
pNSIPrincipal = (nsIPrincipal*)new nsCCertPrincipal(pNSPrincipal);
}
*ret_val = pNSIPrincipal;
return NS_OK;
}
NS_METHOD
nsCCapsManager::SetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* principal)
{
nsCapsSetPrincipalArrayElement(prinArrayArg, index, principal);
return NS_OK;
}
NS_METHOD
nsCCapsManager::GetPrincipalArraySize(void *prinArrayArg, PRUint32 *ret_val)
{
*ret_val = nsCapsGetPrincipalArraySize(prinArrayArg);
return NS_OK;
}
/* The following interfaces will replace all of the following old calls.
*
* nsCapsGetPermission(struct nsPrivilege *privilege)
* nsCapsGetPrivilege(struct nsPrivilegeTable *annotation, struct nsTarget *target)
*
*/
NS_METHOD
nsCCapsManager::IsAllowed(void *annotation, char* targetName, PRBool *ret_val)
{
nsTarget *target = nsTarget::findTarget(targetName);
nsresult result = NS_OK;
if( target == NULL )
{
*ret_val = PR_FALSE;
return NS_OK;
}
struct nsPrivilege * pNSPrivilege = nsCapsGetPrivilege((struct nsPrivilegeTable *)annotation,
target);
if (pNSPrivilege == NULL) {
*ret_val = PR_FALSE;
return NS_OK;
}
nsPermissionState perm = nsCapsGetPermission(pNSPrivilege);
*ret_val = (perm == nsPermissionState_Allowed);
return NS_OK;
}
////////////////////////////////////////////////////////////////////////////
// from nsCCapsManager:
@ -235,12 +596,64 @@ nsCCapsManager::~nsCCapsManager()
{
}
void
nsCCapsManager::CreateNSPrincipalArray(nsPrincipalArray* prinArray,
nsPrincipalArray* *pPrincipalArray)
{
nsIPrincipal* pNSIPrincipal;
nsPrincipal *pNSPrincipal = NULL;
PRUint32 count = prinArray->GetSize();
nsPrincipalArray *newPrinArray = new nsPrincipalArray();
newPrinArray->SetSize(count, 1);
*pPrincipalArray = NULL;
for (PRUint32 index = 0; index < count; index++) {
pNSPrincipal = (nsPrincipal *)prinArray->Get(index);
if (pNSPrincipal->isCodebase()) {
pNSIPrincipal = (nsIPrincipal*)new nsCCodebasePrincipal(pNSPrincipal);
} else {
pNSIPrincipal = (nsIPrincipal*)new nsCCertPrincipal(pNSPrincipal);
}
newPrinArray->Set(index, pNSIPrincipal);
}
*pPrincipalArray = newPrinArray;
}
NS_METHOD
nsCCapsManager::GetNSPrincipalArray(nsPrincipalArray* prinArray,
nsPrincipalArray* *pPrincipalArray)
{
nsIPrincipal* pNSIPrincipal;
nsPrincipal *pNSPrincipal = NULL;
nsresult result = NS_OK;
PRUint32 count = prinArray->GetSize();
nsPrincipalArray *newPrinArray = new nsPrincipalArray();
newPrinArray->SetSize(count, 1);
*pPrincipalArray = NULL;
for (PRUint32 index = 0; index < count; index++) {
pNSIPrincipal = (nsIPrincipal*)prinArray->Get(index);
result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
if( result != NS_OK)
{
nsCapsFreePrincipalArray(newPrinArray);
return result;
}
newPrinArray->Set(index, pNSPrincipal);
}
*pPrincipalArray = newPrinArray;
return result;
}
NS_METHOD
nsCCapsManager::GetNSPrincipal(nsIPrincipal* pNSIPrincipal,
nsPrincipal **ppNSPrincipal)
{
nsISupports *pNSISupports = NULL;
nsPrincipal *pNSPrinicipal = NULL;
nsPrincipal *pNSPrincipal = NULL;
*ppNSPrincipal = NULL;
if ( pNSIPrincipal == NULL )
@ -266,14 +679,14 @@ nsCCapsManager::GetNSPrincipal(nsIPrincipal* pNSIPrincipal,
if (bIsTrusted)
{
nsCCertPrincipal *pNSCCertPrincipal = (nsCCertPrincipal *)pNSICertPrincipal;
pNSPrinicipal = pNSCCertPrincipal->GetPeer();
pNSPrincipal = pNSCCertPrincipal->GetPeer();
pNSCCertPrincipal->Release();
}
else
if(pNSICodebasePrincipal != NULL )
{
nsCCodebasePrincipal *pNSCCodebasePrincipal = (nsCCodebasePrincipal *)pNSICodebasePrincipal;
pNSPrinicipal = pNSCCodebasePrincipal->GetPeer();
pNSPrincipal = pNSCCodebasePrincipal->GetPeer();
pNSCCodebasePrincipal->Release();
}
else
@ -286,7 +699,7 @@ nsCCapsManager::GetNSPrincipal(nsIPrincipal* pNSIPrincipal,
(void**)&pNSISupports) == NS_OK)
{
nsCCertPrincipal *pNSCCertPrincipal = (nsCCertPrincipal *)pNSIPrincipal;
pNSPrinicipal = pNSCCertPrincipal->GetPeer();
pNSPrincipal = pNSCCertPrincipal->GetPeer();
pNSCCertPrincipal->Release();
}
else
@ -295,14 +708,14 @@ nsCCapsManager::GetNSPrincipal(nsIPrincipal* pNSIPrincipal,
{
nsCCodebasePrincipal *pNSCCodebasePrincipal =
(nsCCodebasePrincipal *)pNSIPrincipal;
pNSPrinicipal = pNSCCodebasePrincipal->GetPeer();
pNSPrincipal = pNSCCodebasePrincipal->GetPeer();
pNSCCodebasePrincipal->Release();
}
else
{
return NS_ERROR_NO_INTERFACE;
}
*ppNSPrincipal = pNSPrinicipal;
*ppNSPrincipal = pNSPrincipal;
return NS_OK;
}

5
caps/src/nsCCertPrincipal.cpp
Просмотреть файл

@ -193,6 +193,11 @@ nsCCertPrincipal::nsCCertPrincipal(const unsigned char **certChain,
*result = NS_OK;
}
nsCCertPrincipal::nsCCertPrincipal(nsPrincipal *pNSPrincipal)
{
m_pNSPrincipal = pNSPrincipal;
}
nsCCertPrincipal::~nsCCertPrincipal(void)
{
delete m_pNSPrincipal;

5
caps/src/nsCCodebasePrincipal.cpp
Просмотреть файл

@ -82,6 +82,11 @@ nsCCodebasePrincipal::nsCCodebasePrincipal(const char *codebaseURL,
*result = NS_OK;
}
nsCCodebasePrincipal::nsCCodebasePrincipal(nsPrincipal *pNSPrincipal)
{
m_pNSPrincipal = pNSPrincipal;
}
nsCCodebasePrincipal::~nsCCodebasePrincipal(void)
{
delete m_pNSPrincipal;