Add security support for javascript: uris.

1999-09-15 20:58:41 +00:00 · 1999-09-15 20:58:41 +00:00 · 9acf604770
--- a/caps/idl/nsIScriptSecurityManager.idl
+++ b/caps/idl/nsIScriptSecurityManager.idl
@ -40,6 +40,8 @@ interface nsIScriptSecurityManager : nsISupports

    boolean CheckURI(in nsIScriptContext cx, in nsIURI uri);

+    nsIPrincipal GetSubjectPrincipal();
+
    nsIPrincipal GetSystemPrincipal();

    nsIPrincipal CreateCodebasePrincipal(in nsIURI aURI);
--- a/caps/include/nsPrincipalManager.h
+++ b/caps/include/nsPrincipalManager.h
@ -1,93 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/*
- * The contents of this file are subject to the Netscape Public License
- * Version 1.0 (the "NPL"); you may not use this file except in
- * compliance with the NPL.  You may obtain a copy of the NPL at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the NPL is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
- * for the specific language governing rights and limitations under the
- * NPL.
- *
- * The Initial Developer of this code under the NPL is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1999 Netscape Communications Corporation.  All Rights
- * Reserved.
- */
-/*creates, registers, and performs logical operations on principals*/
-#ifndef _NS_PRINCIPAL_MANAGER_H_
-#define _NS_PRINCIPAL_MANAGER_H_
-
-#include "nsIPrincipalManager.h"
-#include "nsHashtable.h"
-
-#define NS_PRINCIPALMANAGER_CID \
-{ 0x7ee2a4c0, 0x4b91, 0x11d3, \
-{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
-
-class nsPrincipalManager : public nsIPrincipalManager {
-
-public:
-
-  NS_DEFINE_STATIC_CID_ACCESSOR(NS_PRINCIPALMANAGER_CID)
-
-	NS_DECL_ISUPPORTS
-    NS_DECL_NSIPRINCIPALMANAGER
-
-	static nsresult
-	GetPrincipalManager(nsPrincipalManager * * prinMan);
-
-	virtual ~nsPrincipalManager(void);
-
-	NS_IMETHOD
-	CreateCertificatePrincipal(const unsigned char * * certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts, nsIPrincipal * * prin);
-
-	void 
-	RegisterSystemPrincipal(nsIPrincipal * principal);
-
-	static nsIPrincipalArray *
-	GetMyPrincipals(PRInt32 callerDepth);
-
-	static nsIPrincipalArray *
-	GetMyPrincipals(nsIScriptContext * context, PRInt32 callerDepth);
-
-	nsIPrincipal * 
-	GetPrincipalFromString(char * prinName);
-	
-	static nsIPrincipal * 
-	GetSystemPrincipal(void);
-
-	static PRBool 
-	HasSystemPrincipal(nsIPrincipalArray * prinArray);
-
-	static nsIPrincipal * 
-	GetUnsignedPrincipal(void);
-
-	static nsIPrincipal * 
-	GetUnknownPrincipal(void);
-
-	const char * 
-	GetAllPrincipalsString(void);
-
-	void 
-	AddToPrincipalNameToPrincipalTable(nsIPrincipal * prin);
-
-	void
-	RemoveFromPrincipalNameToPrincipalTable(nsIPrincipal * prin);
-
-	nsIPrincipalArray * 
-	GetClassPrincipalsFromStack(PRInt32 callerDepth);
-
-	nsIPrincipalArray * 
-	GetClassPrincipalsFromStack(nsIScriptContext * context, PRInt32 callerDepth);
-
-
-private:
-  nsPrincipalManager(void);
-  NS_IMETHODIMP
-  Init();
-	nsHashtable * itsPrinNameToPrincipalTable;
-};
-
-#endif /* _NS_PRINCIPAL_MANAGER_H_*/
--- a/caps/src/admin.cpp
+++ b/caps/src/admin.cpp
@ -1,83 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/*
- * The contents of this file are subject to the Netscape Public License
- * Version 1.0 (the "NPL"); you may not use this file except in
- * compliance with the NPL.  You may obtain a copy of the NPL at
- * http://www.mozilla.org/NPL/
- *
- * Software distributed under the NPL is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
- * for the specific language governing rights and limitations under the
- * NPL.
- *
- * The Initial Developer of this code under the NPL is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1999 Netscape Communications Corporation.  All Rights
- * Reserved.
- */
-/*native java calls from oji into security system*/
-
-//	nsresult rv;
-//	NS_WITH_SERVICE(nsIPrincipalManager, observer, "component://netscape/observer-service",& rv);
-
-#include "prtypes.h"
-#include "prmem.h"
-#include "prmon.h"
-#include "prlog.h"
-#include "admin.h"
-#include "nsPrivilegeManager.h"
-#include "nsPrincipalManager.h"
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-#if 0
-/* 
- *             A D M I N   U I   A P I 
- *
- * All of the following methods are used by admin API (the code located
- * in security/lib/nav area).
- */
-
-PR_PUBLIC_API(const char *)
-java_netscape_security_getPrincipals(const char *charSetName)
-{
-  nsPrincipalManager * prinMan;
-  nsPrincipalManager::GetPrincipalManager(& prinMan);
-	const char * prins = prinMan->GetAllPrincipalsString();
-	PRBool test_admin_api = PR_FALSE;
-	if (test_admin_api) {
-		char * a1, * a2, * a3;
-		java_netscape_security_getPrivilegeDescs(NULL, "raman tenneti", &a1, &a2, &a3);
-		java_netscape_security_removePrivilege(NULL, "raman tenneti", "Reading, modification, or deletion of any of your files");
-		java_netscape_security_removePrincipal(NULL, "raman tenneti");
-	}
-	return prins;
-}
-
-PR_PUBLIC_API(PRBool)
-java_netscape_security_removePrincipal(const char * charSetName, char * prinName)
-{
-	return nsPrivilegeManager::GetPrivilegeManager()->RemovePrincipal(prinName);
-}
-
-PR_PUBLIC_API(void)
-java_netscape_security_getPrivilegeDescs(const char * charSetName, char * prinName, char * * forever, char * * session, char * * denied)
-{
-	nsPrivilegeManager::GetPrivilegeManager()->GetTargetsWithPrivileges(prinName, forever, session, denied);
-}
-
-PR_PUBLIC_API(PRBool)
-java_netscape_security_removePrivilege(const char * charSetName, char * prinName, char * targetName)
-{
-	PRBool result;
-	nsPrivilegeManager::GetPrivilegeManager()->RemovePrincipalsPrivilege(prinName, targetName,& result);
-	return result;
-
-}
-#endif
-
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif /* __cplusplus */
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@ -31,6 +31,7 @@
 #include "nsCodebasePrincipal.h"
 #include "nsCRT.h"
 #include "nsXPIDLString.h"
+#include "nsIJSContextStack.h"

 static NS_DEFINE_CID(kPrefServiceCID, NS_PREF_CID);
 static NS_DEFINE_CID(kURLCID, NS_STANDARDURL_CID);
@ -185,6 +186,21 @@ nsScriptSecurityManager::CheckURI(nsIScriptContext *aContext,
 }


+NS_IMETHODIMP
+nsScriptSecurityManager::GetSubjectPrincipal(nsIPrincipal **result)
+{
+    // Get JSContext from stack.
+    nsresult rv;
+    NS_WITH_SERVICE(nsIJSContextStack, stack, "nsThreadJSContextStack", 
+                    &rv);
+    if (NS_FAILED(rv))
+        return NS_ERROR_FAILURE;
+    JSContext *cx;
+    if (NS_FAILED(stack->Peek(&cx)))
+        return NS_ERROR_FAILURE;
+    return GetSubjectPrincipal(cx, result);
+}
+
 NS_IMETHODIMP
 nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal **result)
 {
--- a/dom/public/nsIScriptContext.h
+++ b/dom/public/nsIScriptContext.h
@ -27,6 +27,7 @@ class nsIScriptGlobalObject;
 class nsIScriptSecurityManager;
 class nsIScriptNameSpaceManager;
 class nsIScriptContextOwner;
+class nsIPrincipal;

 #define NS_ISCRIPTCONTEXT_IID \
 { /* 8f6bca7d-ce42-11d1-b724-00600891d8c9 */ \
@ -60,6 +61,13 @@ public:
                            nsString& aRetValue,
                            PRBool* aIsUndefined) = 0;

+  NS_IMETHOD EvaluateString(const nsString& aScript, 
+                            nsIPrincipal *principal,
+                            const char *aURL,
+                            PRUint32 aLineNo,
+                            nsString& aRetValue,
+                            PRBool* aIsUndefined) = 0;
+
  /**
   * Return the global object.
   *
--- a/dom/src/base/nsJSEnvironment.cpp
+++ b/dom/src/base/nsJSEnvironment.cpp
@ -139,7 +139,20 @@ nsJSContext::EvaluateString(const nsString& aScript,
  }
  if (NS_FAILED(globalData->GetPrincipal(getter_AddRefs(principal)))) 
    return NS_ERROR_FAILURE;
-	
+
+  return EvaluateString(aScript, principal, aURL, aLineNo, aRetValue, aIsUndefined);
+}
+
+  
+NS_IMETHODIMP
+nsJSContext::EvaluateString(const nsString& aScript, 
+                            nsIPrincipal *principal,
+                            const char *aURL,
+                            PRUint32 aLineNo,
+                            nsString& aRetValue,
+                            PRBool* aIsUndefined)
+{
+
  nsresult rv;
  NS_WITH_SERVICE(nsIJSContextStack, stack, "nsThreadJSContextStack", &rv);
  if (NS_FAILED(rv)) 
--- a/dom/src/base/nsJSEnvironment.h
+++ b/dom/src/base/nsJSEnvironment.h
@ -23,6 +23,7 @@

 class nsIScriptSecurityManager;
 class nsIScriptNameSpaceManager;
+class nsIPrincipal;

 class nsJSContext : public nsIScriptContext {
 private:
@ -44,6 +45,12 @@ public:
                                  PRUint32 aLineNo,
                                  nsString& aRetValue,
                                  PRBool* aIsUndefined);
+  NS_IMETHOD       EvaluateString(const nsString& aScript, 
+                                  nsIPrincipal *principal,
+                                  const char *aURL,
+                                  PRUint32 aLineNo,
+                                  nsString& aRetValue,
+                                  PRBool* aIsUndefined);
  NS_IMETHOD_(nsIScriptGlobalObject*)    GetGlobalObject();
  NS_IMETHOD_(void*)                     GetNativeContext();
  NS_IMETHOD     InitClasses();
--- a/dom/src/jsurl/nsJSProtocolHandler.cpp
+++ b/dom/src/jsurl/nsJSProtocolHandler.cpp
@ -31,6 +31,11 @@
 #include "nsIScriptContext.h"
 #include "nsIScriptContextOwner.h"
 #include "nsJSProtocolHandler.h"
+#include "nsCOMPtr.h"
+#include "nsIPrincipal.h"
+#include "jsapi.h"
+#include "nsIJSContextStack.h"
+#include "nsIScriptSecurityManager.h"

 static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);
 static NS_DEFINE_CID(kSimpleURICID, NS_SIMPLEURI_CID);
@ -70,6 +75,17 @@ public:
        NS_ADDREF(mURI);
        mEventSinkGetter = eventSinkGetter;
        NS_IF_ADDREF(mEventSinkGetter);
+
+        // Get principal of currently executing code, save for execution
+        nsresult result;
+        NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, 
+                        NS_SCRIPTSECURITYMANAGER_PROGID, &result);
+        if (NS_FAILED(result)) 
+            return NS_ERROR_FAILURE;
+        if (NS_FAILED(securityManager->GetSubjectPrincipal(
+                        getter_AddRefs(mPrincipal))))
+            return NS_ERROR_FAILURE;
+
        return NS_OK;
    }

@ -137,8 +153,8 @@ public:
        // Finally, we have everything needed to evaluate the expression.
        nsAutoString ret;
        PRBool isUndefined;
-        rv = scriptContext->EvaluateString(nsString(jsExpr), nsnull, 0, ret,
-                                           &isUndefined);
+        rv = scriptContext->EvaluateString(nsString(jsExpr), mPrincipal,
+                                           nsnull, 0, ret, &isUndefined);
        nsCRT::free(jsExpr);
        if (NS_FAILED(rv)) {
            rv = NS_ERROR_MALFORMED_URI;
@ -162,12 +178,13 @@ public:
    }

 protected:
-    char*               mVerb;
-    nsIURI*             mURI;
-    nsIEventSinkGetter* mEventSinkGetter;
-    char*               mResult;
-    PRUint32            mLength;
-    PRUint32            mReadCursor;
+    char*                   mVerb;
+    nsIURI*                 mURI;
+    nsIEventSinkGetter*     mEventSinkGetter;
+    char*                   mResult;
+    PRUint32                mLength;
+    PRUint32                mReadCursor;
+    nsCOMPtr<nsIPrincipal>  mPrincipal;
 };

 NS_IMPL_ISUPPORTS(nsJSInputStream, NS_GET_IID(nsIInputStream));