When getting codebase principals, install the passed-in codebase on them even
if they come from the hashtable. Bug 269270, r=dveditz, sr=jst.
This commit is contained in:
Родитель
abee485516
Коммит
4ebb372bf8
|
@ -51,7 +51,7 @@ interface nsIURI;
|
|||
[ptr] native JSContext(JSContext);
|
||||
[ptr] native JSPrincipals(JSPrincipals);
|
||||
|
||||
[scriptable, uuid(fb9ddeb9-26f9-46b8-85d5-3978aaee05aa)]
|
||||
[scriptable, uuid(635c413b-47c3-4ee1-87c8-e7919cc65f5a)]
|
||||
interface nsIPrincipal : nsISerializable
|
||||
{
|
||||
/**
|
||||
|
@ -71,12 +71,14 @@ interface nsIPrincipal : nsISerializable
|
|||
* fingerprint or the origin. subjectName is a name that identifies the
|
||||
* entity this principal represents (may be empty). grantedList and
|
||||
* deniedList are space-separated lists of capabilities which were
|
||||
* explicitly granted or denied by a pref.
|
||||
* explicitly granted or denied by a pref. isTrusted is a boolean that
|
||||
* indicates whether this is a codebaseTrusted certificate.
|
||||
*/
|
||||
[noscript] void getPreferences(out string prefBranch, out string id,
|
||||
out string subjectName,
|
||||
out string grantedList,
|
||||
out string deniedList);
|
||||
out string deniedList,
|
||||
out boolean isTrusted);
|
||||
|
||||
/**
|
||||
* Returns whether the other principal is equivalent to this principal.
|
||||
|
|
|
@ -139,7 +139,8 @@ nsNullPrincipal::Init()
|
|||
NS_IMETHODIMP
|
||||
nsNullPrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aSubjectName,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
char** aGrantedList, char** aDeniedList,
|
||||
PRBool* aIsTrusted)
|
||||
{
|
||||
// The null principal should never be written to preferences.
|
||||
*aPrefName = nsnull;
|
||||
|
@ -147,6 +148,7 @@ nsNullPrincipal::GetPreferences(char** aPrefName, char** aID,
|
|||
*aSubjectName = nsnull;
|
||||
*aGrantedList = nsnull;
|
||||
*aDeniedList = nsnull;
|
||||
*aIsTrusted = PR_FALSE;
|
||||
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
|
|
@ -730,7 +730,8 @@ AppendCapability(nsHashKey *aKey, void *aData, void *capListPtr)
|
|||
NS_IMETHODIMP
|
||||
nsPrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aSubjectName,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
char** aGrantedList, char** aDeniedList,
|
||||
PRBool* aIsTrusted)
|
||||
{
|
||||
if (mPrefName.IsEmpty()) {
|
||||
if (mCert) {
|
||||
|
@ -749,6 +750,7 @@ nsPrincipal::GetPreferences(char** aPrefName, char** aID,
|
|||
*aSubjectName = nsnull;
|
||||
*aGrantedList = nsnull;
|
||||
*aDeniedList = nsnull;
|
||||
*aIsTrusted = mTrusted;
|
||||
|
||||
char *prefName = nsnull;
|
||||
char *id = nsnull;
|
||||
|
|
|
@ -1853,13 +1853,17 @@ nsScriptSecurityManager::DoGetCertificatePrincipal(const nsACString& aCertFinger
|
|||
nsXPIDLCString subjectName;
|
||||
nsXPIDLCString granted;
|
||||
nsXPIDLCString denied;
|
||||
PRBool isTrusted;
|
||||
rv = fromTable->GetPreferences(getter_Copies(prefName),
|
||||
getter_Copies(id),
|
||||
getter_Copies(subjectName),
|
||||
getter_Copies(granted),
|
||||
getter_Copies(denied));
|
||||
getter_Copies(denied),
|
||||
&isTrusted);
|
||||
// XXXbz assert something about subjectName and aSubjectName here?
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
NS_ASSERTION(!isTrusted, "Shouldn't have isTrusted true here");
|
||||
|
||||
certificate = new nsPrincipal();
|
||||
if (!certificate)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
@ -1869,8 +1873,10 @@ nsScriptSecurityManager::DoGetCertificatePrincipal(const nsACString& aCertFinger
|
|||
granted, denied,
|
||||
aCertificate,
|
||||
PR_TRUE, PR_FALSE);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
certificate->SetURI(aURI);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
certificate->SetURI(aURI);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1922,10 +1928,15 @@ nsScriptSecurityManager::GetCodebasePrincipal(nsIURI *aURI,
|
|||
//-- Check to see if we already have this principal.
|
||||
nsCOMPtr<nsIPrincipal> fromTable;
|
||||
mPrincipals.Get(principal, getter_AddRefs(fromTable));
|
||||
if (fromTable)
|
||||
principal = fromTable;
|
||||
else //-- Check to see if we have a more general principal
|
||||
if (!fromTable)
|
||||
{
|
||||
//-- Check to see if we have a more general principal
|
||||
|
||||
// XXXbz if only GetOrigin returned a URI! Or better yet if the
|
||||
// HashKey function on principals were smarter. As it is, we can
|
||||
// have cases where two principals will have different hashkeys but
|
||||
// test equal via KeyEquals, which is absolutely silly. That's
|
||||
// what we're working around here.
|
||||
nsXPIDLCString originUrl;
|
||||
rv = principal->GetOrigin(getter_Copies(originUrl));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
@ -1936,8 +1947,44 @@ nsScriptSecurityManager::GetCodebasePrincipal(nsIURI *aURI,
|
|||
rv = CreateCodebasePrincipal(newURI, getter_AddRefs(principal2));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
mPrincipals.Get(principal2, getter_AddRefs(fromTable));
|
||||
if (fromTable)
|
||||
principal = fromTable;
|
||||
}
|
||||
|
||||
if (fromTable) {
|
||||
// We found an existing codebase principal. But it might have a
|
||||
// generic codebase for this origin on it. Install our particular
|
||||
// codebase.
|
||||
// XXXbz this is kinda similar to the code in
|
||||
// GetCertificatePrincipal, but just ever so slightly different.
|
||||
// Oh, well.
|
||||
nsXPIDLCString prefName;
|
||||
nsXPIDLCString id;
|
||||
nsXPIDLCString subjectName;
|
||||
nsXPIDLCString granted;
|
||||
nsXPIDLCString denied;
|
||||
PRBool isTrusted;
|
||||
rv = fromTable->GetPreferences(getter_Copies(prefName),
|
||||
getter_Copies(id),
|
||||
getter_Copies(subjectName),
|
||||
getter_Copies(granted),
|
||||
getter_Copies(denied),
|
||||
&isTrusted);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
nsRefPtr<nsPrincipal> codebase = new nsPrincipal();
|
||||
if (!codebase)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
rv = codebase->InitFromPersistent(prefName, id,
|
||||
subjectName, EmptyCString(),
|
||||
granted, denied,
|
||||
nsnull, PR_FALSE,
|
||||
isTrusted);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
codebase->SetURI(aURI);
|
||||
principal = codebase;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2235,11 +2282,13 @@ nsScriptSecurityManager::SavePrincipal(nsIPrincipal* aToSave)
|
|||
nsXPIDLCString subjectName;
|
||||
nsXPIDLCString grantedList;
|
||||
nsXPIDLCString deniedList;
|
||||
PRBool isTrusted;
|
||||
nsresult rv = aToSave->GetPreferences(getter_Copies(idPrefName),
|
||||
getter_Copies(id),
|
||||
getter_Copies(subjectName),
|
||||
getter_Copies(grantedList),
|
||||
getter_Copies(deniedList));
|
||||
getter_Copies(deniedList),
|
||||
&isTrusted);
|
||||
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
|
||||
|
||||
nsCAutoString grantedPrefName;
|
||||
|
|
|
@ -87,7 +87,8 @@ nsSystemPrincipal::Release()
|
|||
NS_IMETHODIMP
|
||||
nsSystemPrincipal::GetPreferences(char** aPrefName, char** aID,
|
||||
char** aSubjectName,
|
||||
char** aGrantedList, char** aDeniedList)
|
||||
char** aGrantedList, char** aDeniedList,
|
||||
PRBool* aIsTrusted)
|
||||
{
|
||||
// The system principal should never be streamed out
|
||||
*aPrefName = nsnull;
|
||||
|
@ -95,6 +96,7 @@ nsSystemPrincipal::GetPreferences(char** aPrefName, char** aID,
|
|||
*aSubjectName = nsnull;
|
||||
*aGrantedList = nsnull;
|
||||
*aDeniedList = nsnull;
|
||||
*aIsTrusted = PR_FALSE;
|
||||
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче