зеркало из https://github.com/mozilla/gecko-dev.git
493 строки
15 KiB
C++
493 строки
15 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set sw=2 ts=8 et tw=80 : */
|
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "nsHttp.h"
|
|
#include "mozilla/net/NeckoParent.h"
|
|
#include "mozilla/net/HttpChannelParent.h"
|
|
#include "mozilla/net/CookieServiceParent.h"
|
|
#include "mozilla/net/WyciwygChannelParent.h"
|
|
#include "mozilla/net/FTPChannelParent.h"
|
|
#include "mozilla/net/WebSocketChannelParent.h"
|
|
#include "mozilla/net/RemoteOpenFileParent.h"
|
|
#include "mozilla/dom/ContentParent.h"
|
|
#include "mozilla/dom/TabParent.h"
|
|
#include "mozilla/dom/network/TCPSocketParent.h"
|
|
#include "mozilla/dom/network/TCPServerSocketParent.h"
|
|
#include "mozilla/ipc/URIUtils.h"
|
|
#include "mozilla/LoadContext.h"
|
|
#include "mozilla/AppProcessChecker.h"
|
|
#include "nsPrintfCString.h"
|
|
#include "nsHTMLDNSPrefetch.h"
|
|
#include "nsIAppsService.h"
|
|
#include "nsEscape.h"
|
|
#include "RemoteOpenFileParent.h"
|
|
|
|
using mozilla::dom::ContentParent;
|
|
using mozilla::dom::TabParent;
|
|
using mozilla::net::PTCPSocketParent;
|
|
using mozilla::dom::TCPSocketParent;
|
|
using mozilla::net::PTCPServerSocketParent;
|
|
using mozilla::dom::TCPServerSocketParent;
|
|
using IPC::SerializedLoadContext;
|
|
|
|
namespace mozilla {
|
|
namespace net {
|
|
|
|
// C++ file contents
|
|
NeckoParent::NeckoParent()
|
|
{
|
|
// Init HTTP protocol handler now since we need atomTable up and running very
|
|
// early (IPDL argument handling for PHttpChannel constructor needs it) so
|
|
// normal init (during 1st Http channel request) isn't early enough.
|
|
nsCOMPtr<nsIProtocolHandler> proto =
|
|
do_GetService("@mozilla.org/network/protocol;1?name=http");
|
|
|
|
if (UsingNeckoIPCSecurity()) {
|
|
// cache values for core/packaged apps basepaths
|
|
nsAutoString corePath, webPath;
|
|
nsCOMPtr<nsIAppsService> appsService = do_GetService(APPS_SERVICE_CONTRACTID);
|
|
if (appsService) {
|
|
appsService->GetCoreAppsBasePath(corePath);
|
|
appsService->GetWebAppsBasePath(webPath);
|
|
}
|
|
// corePath may be empty: we don't use it for all build types
|
|
MOZ_ASSERT(!webPath.IsEmpty());
|
|
|
|
LossyCopyUTF16toASCII(corePath, mCoreAppsBasePath);
|
|
LossyCopyUTF16toASCII(webPath, mWebAppsBasePath);
|
|
}
|
|
}
|
|
|
|
NeckoParent::~NeckoParent()
|
|
{
|
|
}
|
|
|
|
static PBOverrideStatus
|
|
PBOverrideStatusFromLoadContext(const SerializedLoadContext& aSerialized)
|
|
{
|
|
if (!aSerialized.IsNotNull() && aSerialized.IsPrivateBitValid()) {
|
|
return aSerialized.mUsePrivateBrowsing ?
|
|
kPBOverride_Private :
|
|
kPBOverride_NotPrivate;
|
|
}
|
|
return kPBOverride_Unset;
|
|
}
|
|
|
|
const char*
|
|
NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
|
|
PContentParent* aContent,
|
|
uint32_t* aAppId,
|
|
bool* aInBrowserElement)
|
|
{
|
|
*aAppId = NECKO_UNKNOWN_APP_ID;
|
|
*aInBrowserElement = false;
|
|
|
|
if (UsingNeckoIPCSecurity()) {
|
|
if (!aSerialized.IsNotNull()) {
|
|
return "SerializedLoadContext from child is null";
|
|
}
|
|
}
|
|
|
|
const InfallibleTArray<PBrowserParent*>& browsers = aContent->ManagedPBrowserParent();
|
|
for (uint32_t i = 0; i < browsers.Length(); i++) {
|
|
nsRefPtr<TabParent> tabParent = static_cast<TabParent*>(browsers[i]);
|
|
uint32_t appId = tabParent->OwnOrContainingAppId();
|
|
bool inBrowserElement = aSerialized.IsNotNull() ? aSerialized.mIsInBrowserElement
|
|
: tabParent->IsBrowserElement();
|
|
|
|
if (appId == NECKO_UNKNOWN_APP_ID) {
|
|
continue;
|
|
}
|
|
// We may get appID=NO_APP if child frame is neither a browser nor an app
|
|
if (appId == NECKO_NO_APP_ID) {
|
|
if (tabParent->HasOwnApp()) {
|
|
continue;
|
|
}
|
|
if (UsingNeckoIPCSecurity() && tabParent->IsBrowserElement()) {
|
|
// <iframe mozbrowser> which doesn't have an <iframe mozapp> above it.
|
|
// This is not supported now, and we'll need to do a code audit to make
|
|
// sure we can handle it (i.e don't short-circuit using separate
|
|
// namespace if just appID==0)
|
|
continue;
|
|
}
|
|
}
|
|
*aAppId = appId;
|
|
*aInBrowserElement = inBrowserElement;
|
|
return nullptr;
|
|
}
|
|
|
|
if (browsers.Length() != 0) {
|
|
return "App does not have permission";
|
|
}
|
|
|
|
if (!UsingNeckoIPCSecurity()) {
|
|
// We are running xpcshell tests
|
|
if (aSerialized.IsNotNull()) {
|
|
*aAppId = aSerialized.mAppId;
|
|
*aInBrowserElement = aSerialized.mIsInBrowserElement;
|
|
} else {
|
|
*aAppId = NECKO_NO_APP_ID;
|
|
}
|
|
return nullptr;
|
|
}
|
|
|
|
return "ContentParent does not have any PBrowsers";
|
|
}
|
|
|
|
const char *
|
|
NeckoParent::CreateChannelLoadContext(PBrowserParent* aBrowser,
|
|
PContentParent* aContent,
|
|
const SerializedLoadContext& aSerialized,
|
|
nsCOMPtr<nsILoadContext> &aResult)
|
|
{
|
|
uint32_t appId = NECKO_UNKNOWN_APP_ID;
|
|
bool inBrowser = false;
|
|
dom::Element* topFrameElement = nullptr;
|
|
const char* error = GetValidatedAppInfo(aSerialized, aContent, &appId, &inBrowser);
|
|
if (error) {
|
|
return error;
|
|
}
|
|
|
|
if (aBrowser) {
|
|
nsRefPtr<TabParent> tabParent = static_cast<TabParent*>(aBrowser);
|
|
topFrameElement = tabParent->GetOwnerElement();
|
|
}
|
|
|
|
// if !UsingNeckoIPCSecurity(), we may not have a LoadContext to set. This is
|
|
// the common case for most xpcshell tests.
|
|
if (aSerialized.IsNotNull()) {
|
|
aResult = new LoadContext(aSerialized, topFrameElement, appId, inBrowser);
|
|
}
|
|
|
|
return nullptr;
|
|
}
|
|
|
|
PHttpChannelParent*
|
|
NeckoParent::AllocPHttpChannelParent(PBrowserParent* aBrowser,
|
|
const SerializedLoadContext& aSerialized,
|
|
const HttpChannelCreationArgs& aOpenArgs)
|
|
{
|
|
nsCOMPtr<nsILoadContext> loadContext;
|
|
const char *error = CreateChannelLoadContext(aBrowser, Manager(),
|
|
aSerialized, loadContext);
|
|
if (error) {
|
|
printf_stderr("NeckoParent::AllocPHttpChannelParent: "
|
|
"FATAL error: %s: KILLING CHILD PROCESS\n",
|
|
error);
|
|
return nullptr;
|
|
}
|
|
PBOverrideStatus overrideStatus = PBOverrideStatusFromLoadContext(aSerialized);
|
|
HttpChannelParent *p = new HttpChannelParent(aBrowser, loadContext, overrideStatus);
|
|
p->AddRef();
|
|
return p;
|
|
}
|
|
|
|
bool
|
|
NeckoParent::DeallocPHttpChannelParent(PHttpChannelParent* channel)
|
|
{
|
|
HttpChannelParent *p = static_cast<HttpChannelParent *>(channel);
|
|
p->Release();
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
NeckoParent::RecvPHttpChannelConstructor(
|
|
PHttpChannelParent* aActor,
|
|
PBrowserParent* aBrowser,
|
|
const SerializedLoadContext& aSerialized,
|
|
const HttpChannelCreationArgs& aOpenArgs)
|
|
{
|
|
HttpChannelParent* p = static_cast<HttpChannelParent*>(aActor);
|
|
return p->Init(aOpenArgs);
|
|
}
|
|
|
|
PFTPChannelParent*
|
|
NeckoParent::AllocPFTPChannelParent(PBrowserParent* aBrowser,
|
|
const SerializedLoadContext& aSerialized,
|
|
const FTPChannelCreationArgs& aOpenArgs)
|
|
{
|
|
nsCOMPtr<nsILoadContext> loadContext;
|
|
const char *error = CreateChannelLoadContext(aBrowser, Manager(),
|
|
aSerialized, loadContext);
|
|
if (error) {
|
|
printf_stderr("NeckoParent::AllocPFTPChannelParent: "
|
|
"FATAL error: %s: KILLING CHILD PROCESS\n",
|
|
error);
|
|
return nullptr;
|
|
}
|
|
PBOverrideStatus overrideStatus = PBOverrideStatusFromLoadContext(aSerialized);
|
|
FTPChannelParent *p = new FTPChannelParent(loadContext, overrideStatus);
|
|
p->AddRef();
|
|
return p;
|
|
}
|
|
|
|
bool
|
|
NeckoParent::DeallocPFTPChannelParent(PFTPChannelParent* channel)
|
|
{
|
|
FTPChannelParent *p = static_cast<FTPChannelParent *>(channel);
|
|
p->Release();
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
NeckoParent::RecvPFTPChannelConstructor(
|
|
PFTPChannelParent* aActor,
|
|
PBrowserParent* aBrowser,
|
|
const SerializedLoadContext& aSerialized,
|
|
const FTPChannelCreationArgs& aOpenArgs)
|
|
{
|
|
FTPChannelParent* p = static_cast<FTPChannelParent*>(aActor);
|
|
return p->Init(aOpenArgs);
|
|
}
|
|
|
|
PCookieServiceParent*
|
|
NeckoParent::AllocPCookieServiceParent()
|
|
{
|
|
return new CookieServiceParent();
|
|
}
|
|
|
|
bool
|
|
NeckoParent::DeallocPCookieServiceParent(PCookieServiceParent* cs)
|
|
{
|
|
delete cs;
|
|
return true;
|
|
}
|
|
|
|
PWyciwygChannelParent*
|
|
NeckoParent::AllocPWyciwygChannelParent()
|
|
{
|
|
WyciwygChannelParent *p = new WyciwygChannelParent();
|
|
p->AddRef();
|
|
return p;
|
|
}
|
|
|
|
bool
|
|
NeckoParent::DeallocPWyciwygChannelParent(PWyciwygChannelParent* channel)
|
|
{
|
|
WyciwygChannelParent *p = static_cast<WyciwygChannelParent *>(channel);
|
|
p->Release();
|
|
return true;
|
|
}
|
|
|
|
PWebSocketParent*
|
|
NeckoParent::AllocPWebSocketParent(PBrowserParent* browser,
|
|
const SerializedLoadContext& serialized)
|
|
{
|
|
nsCOMPtr<nsILoadContext> loadContext;
|
|
const char *error = CreateChannelLoadContext(browser, Manager(),
|
|
serialized, loadContext);
|
|
if (error) {
|
|
printf_stderr("NeckoParent::AllocPWebSocketParent: "
|
|
"FATAL error: %s: KILLING CHILD PROCESS\n",
|
|
error);
|
|
return nullptr;
|
|
}
|
|
|
|
TabParent* tabParent = static_cast<TabParent*>(browser);
|
|
PBOverrideStatus overrideStatus = PBOverrideStatusFromLoadContext(serialized);
|
|
WebSocketChannelParent* p = new WebSocketChannelParent(tabParent, loadContext,
|
|
overrideStatus);
|
|
p->AddRef();
|
|
return p;
|
|
}
|
|
|
|
bool
|
|
NeckoParent::DeallocPWebSocketParent(PWebSocketParent* actor)
|
|
{
|
|
WebSocketChannelParent* p = static_cast<WebSocketChannelParent*>(actor);
|
|
p->Release();
|
|
return true;
|
|
}
|
|
|
|
PTCPSocketParent*
|
|
NeckoParent::AllocPTCPSocketParent()
|
|
{
|
|
TCPSocketParent* p = new TCPSocketParent();
|
|
p->AddIPDLReference();
|
|
return p;
|
|
}
|
|
|
|
bool
|
|
NeckoParent::DeallocPTCPSocketParent(PTCPSocketParent* actor)
|
|
{
|
|
TCPSocketParent* p = static_cast<TCPSocketParent*>(actor);
|
|
p->ReleaseIPDLReference();
|
|
return true;
|
|
}
|
|
|
|
PTCPServerSocketParent*
|
|
NeckoParent::AllocPTCPServerSocketParent(const uint16_t& aLocalPort,
|
|
const uint16_t& aBacklog,
|
|
const nsString& aBinaryType)
|
|
{
|
|
TCPServerSocketParent* p = new TCPServerSocketParent();
|
|
p->AddIPDLReference();
|
|
return p;
|
|
}
|
|
|
|
bool
|
|
NeckoParent::RecvPTCPServerSocketConstructor(PTCPServerSocketParent* aActor,
|
|
const uint16_t& aLocalPort,
|
|
const uint16_t& aBacklog,
|
|
const nsString& aBinaryType)
|
|
{
|
|
return static_cast<TCPServerSocketParent*>(aActor)->
|
|
Init(this, aLocalPort, aBacklog, aBinaryType);
|
|
}
|
|
|
|
bool
|
|
NeckoParent::DeallocPTCPServerSocketParent(PTCPServerSocketParent* actor)
|
|
{
|
|
TCPServerSocketParent* p = static_cast<TCPServerSocketParent*>(actor);
|
|
p->ReleaseIPDLReference();
|
|
return true;
|
|
}
|
|
|
|
PRemoteOpenFileParent*
|
|
NeckoParent::AllocPRemoteOpenFileParent(const URIParams& aURI)
|
|
{
|
|
nsCOMPtr<nsIURI> uri = DeserializeURI(aURI);
|
|
nsCOMPtr<nsIFileURL> fileURL = do_QueryInterface(uri);
|
|
if (!fileURL) {
|
|
return nullptr;
|
|
}
|
|
|
|
// security checks
|
|
if (UsingNeckoIPCSecurity()) {
|
|
nsCOMPtr<nsIAppsService> appsService =
|
|
do_GetService(APPS_SERVICE_CONTRACTID);
|
|
if (!appsService) {
|
|
return nullptr;
|
|
}
|
|
bool haveValidBrowser = false;
|
|
bool hasManage = false;
|
|
nsCOMPtr<mozIApplication> mozApp;
|
|
for (uint32_t i = 0; i < Manager()->ManagedPBrowserParent().Length(); i++) {
|
|
nsRefPtr<TabParent> tabParent =
|
|
static_cast<TabParent*>(Manager()->ManagedPBrowserParent()[i]);
|
|
uint32_t appId = tabParent->OwnOrContainingAppId();
|
|
nsCOMPtr<mozIDOMApplication> domApp;
|
|
nsresult rv = appsService->GetAppByLocalId(appId, getter_AddRefs(domApp));
|
|
if (!domApp) {
|
|
continue;
|
|
}
|
|
mozApp = do_QueryInterface(domApp);
|
|
if (!mozApp) {
|
|
continue;
|
|
}
|
|
hasManage = false;
|
|
rv = mozApp->HasPermission("webapps-manage", &hasManage);
|
|
if (NS_FAILED(rv)) {
|
|
continue;
|
|
}
|
|
haveValidBrowser = true;
|
|
break;
|
|
}
|
|
|
|
if (!haveValidBrowser) {
|
|
return nullptr;
|
|
}
|
|
|
|
nsAutoCString requestedPath;
|
|
fileURL->GetPath(requestedPath);
|
|
NS_UnescapeURL(requestedPath);
|
|
|
|
if (hasManage) {
|
|
// webapps-manage permission means allow reading any application.zip file
|
|
// in either the regular webapps directory, or the core apps directory (if
|
|
// we're using one).
|
|
NS_NAMED_LITERAL_CSTRING(appzip, "/application.zip");
|
|
nsAutoCString pathEnd;
|
|
requestedPath.Right(pathEnd, appzip.Length());
|
|
if (!pathEnd.Equals(appzip)) {
|
|
return nullptr;
|
|
}
|
|
nsAutoCString pathStart;
|
|
requestedPath.Left(pathStart, mWebAppsBasePath.Length());
|
|
if (!pathStart.Equals(mWebAppsBasePath)) {
|
|
if (mCoreAppsBasePath.IsEmpty()) {
|
|
return nullptr;
|
|
}
|
|
requestedPath.Left(pathStart, mCoreAppsBasePath.Length());
|
|
if (!pathStart.Equals(mCoreAppsBasePath)) {
|
|
return nullptr;
|
|
}
|
|
}
|
|
// Finally: make sure there are no "../" in URI.
|
|
// Note: not checking for symlinks (would cause I/O for each path
|
|
// component). So it's up to us to avoid creating symlinks that could
|
|
// provide attack vectors.
|
|
if (PL_strnstr(requestedPath.BeginReading(), "/../",
|
|
requestedPath.Length())) {
|
|
printf_stderr("NeckoParent::AllocPRemoteOpenFile: "
|
|
"FATAL error: requested file URI '%s' contains '/../' "
|
|
"KILLING CHILD PROCESS\n", requestedPath.get());
|
|
return nullptr;
|
|
}
|
|
} else {
|
|
// regular packaged apps can only access their own application.zip file
|
|
nsAutoString basePath;
|
|
nsresult rv = mozApp->GetBasePath(basePath);
|
|
if (NS_FAILED(rv)) {
|
|
return nullptr;
|
|
}
|
|
nsAutoString uuid;
|
|
rv = mozApp->GetId(uuid);
|
|
if (NS_FAILED(rv)) {
|
|
return nullptr;
|
|
}
|
|
nsPrintfCString mustMatch("%s/%s/application.zip",
|
|
NS_LossyConvertUTF16toASCII(basePath).get(),
|
|
NS_LossyConvertUTF16toASCII(uuid).get());
|
|
if (!requestedPath.Equals(mustMatch)) {
|
|
printf_stderr("NeckoParent::AllocPRemoteOpenFile: "
|
|
"FATAL error: app without webapps-manage permission is "
|
|
"requesting file '%s' but is only allowed to open its "
|
|
"own application.zip: KILLING CHILD PROCESS\n",
|
|
requestedPath.get());
|
|
return nullptr;
|
|
}
|
|
}
|
|
}
|
|
|
|
RemoteOpenFileParent* parent = new RemoteOpenFileParent(fileURL);
|
|
return parent;
|
|
}
|
|
|
|
bool
|
|
NeckoParent::RecvPRemoteOpenFileConstructor(PRemoteOpenFileParent* aActor,
|
|
const URIParams& aFileURI)
|
|
{
|
|
return static_cast<RemoteOpenFileParent*>(aActor)->OpenSendCloseDelete();
|
|
}
|
|
|
|
bool
|
|
NeckoParent::DeallocPRemoteOpenFileParent(PRemoteOpenFileParent* actor)
|
|
{
|
|
delete actor;
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
NeckoParent::RecvHTMLDNSPrefetch(const nsString& hostname,
|
|
const uint16_t& flags)
|
|
{
|
|
nsHTMLDNSPrefetch::Prefetch(hostname, flags);
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
NeckoParent::RecvCancelHTMLDNSPrefetch(const nsString& hostname,
|
|
const uint16_t& flags,
|
|
const nsresult& reason)
|
|
{
|
|
nsHTMLDNSPrefetch::CancelPrefetch(hostname, flags, reason);
|
|
return true;
|
|
}
|
|
|
|
}} // mozilla::net
|