When getting codebase principals, install the passed-in codebase on them even

if they come from the hashtable.  Bug 269270, r=dveditz, sr=jst.
This commit is contained in:
bzbarsky%mit.edu 2007-02-09 04:52:44 +00:00
Родитель abee485516
Коммит 4ebb372bf8
5 изменённых файлов: 72 добавлений и 15 удалений

Просмотреть файл

@ -51,7 +51,7 @@ interface nsIURI;
[ptr] native JSContext(JSContext);
[ptr] native JSPrincipals(JSPrincipals);
[scriptable, uuid(fb9ddeb9-26f9-46b8-85d5-3978aaee05aa)]
[scriptable, uuid(635c413b-47c3-4ee1-87c8-e7919cc65f5a)]
interface nsIPrincipal : nsISerializable
{
/**
@ -71,12 +71,14 @@ interface nsIPrincipal : nsISerializable
* fingerprint or the origin. subjectName is a name that identifies the
* entity this principal represents (may be empty). grantedList and
* deniedList are space-separated lists of capabilities which were
* explicitly granted or denied by a pref.
* explicitly granted or denied by a pref. isTrusted is a boolean that
* indicates whether this is a codebaseTrusted certificate.
*/
[noscript] void getPreferences(out string prefBranch, out string id,
out string subjectName,
out string grantedList,
out string deniedList);
out string deniedList,
out boolean isTrusted);
/**
* Returns whether the other principal is equivalent to this principal.

Просмотреть файл

@ -139,7 +139,8 @@ nsNullPrincipal::Init()
NS_IMETHODIMP
nsNullPrincipal::GetPreferences(char** aPrefName, char** aID,
char** aSubjectName,
char** aGrantedList, char** aDeniedList)
char** aGrantedList, char** aDeniedList,
PRBool* aIsTrusted)
{
// The null principal should never be written to preferences.
*aPrefName = nsnull;
@ -147,6 +148,7 @@ nsNullPrincipal::GetPreferences(char** aPrefName, char** aID,
*aSubjectName = nsnull;
*aGrantedList = nsnull;
*aDeniedList = nsnull;
*aIsTrusted = PR_FALSE;
return NS_ERROR_FAILURE;
}

Просмотреть файл

@ -730,7 +730,8 @@ AppendCapability(nsHashKey *aKey, void *aData, void *capListPtr)
NS_IMETHODIMP
nsPrincipal::GetPreferences(char** aPrefName, char** aID,
char** aSubjectName,
char** aGrantedList, char** aDeniedList)
char** aGrantedList, char** aDeniedList,
PRBool* aIsTrusted)
{
if (mPrefName.IsEmpty()) {
if (mCert) {
@ -749,6 +750,7 @@ nsPrincipal::GetPreferences(char** aPrefName, char** aID,
*aSubjectName = nsnull;
*aGrantedList = nsnull;
*aDeniedList = nsnull;
*aIsTrusted = mTrusted;
char *prefName = nsnull;
char *id = nsnull;

Просмотреть файл

@ -1853,13 +1853,17 @@ nsScriptSecurityManager::DoGetCertificatePrincipal(const nsACString& aCertFinger
nsXPIDLCString subjectName;
nsXPIDLCString granted;
nsXPIDLCString denied;
PRBool isTrusted;
rv = fromTable->GetPreferences(getter_Copies(prefName),
getter_Copies(id),
getter_Copies(subjectName),
getter_Copies(granted),
getter_Copies(denied));
getter_Copies(denied),
&isTrusted);
// XXXbz assert something about subjectName and aSubjectName here?
if (NS_SUCCEEDED(rv)) {
NS_ASSERTION(!isTrusted, "Shouldn't have isTrusted true here");
certificate = new nsPrincipal();
if (!certificate)
return NS_ERROR_OUT_OF_MEMORY;
@ -1869,8 +1873,10 @@ nsScriptSecurityManager::DoGetCertificatePrincipal(const nsACString& aCertFinger
granted, denied,
aCertificate,
PR_TRUE, PR_FALSE);
if (NS_SUCCEEDED(rv))
certificate->SetURI(aURI);
if (NS_FAILED(rv))
return rv;
certificate->SetURI(aURI);
}
}
}
@ -1922,10 +1928,15 @@ nsScriptSecurityManager::GetCodebasePrincipal(nsIURI *aURI,
//-- Check to see if we already have this principal.
nsCOMPtr<nsIPrincipal> fromTable;
mPrincipals.Get(principal, getter_AddRefs(fromTable));
if (fromTable)
principal = fromTable;
else //-- Check to see if we have a more general principal
if (!fromTable)
{
//-- Check to see if we have a more general principal
// XXXbz if only GetOrigin returned a URI! Or better yet if the
// HashKey function on principals were smarter. As it is, we can
// have cases where two principals will have different hashkeys but
// test equal via KeyEquals, which is absolutely silly. That's
// what we're working around here.
nsXPIDLCString originUrl;
rv = principal->GetOrigin(getter_Copies(originUrl));
if (NS_FAILED(rv)) return rv;
@ -1936,8 +1947,44 @@ nsScriptSecurityManager::GetCodebasePrincipal(nsIURI *aURI,
rv = CreateCodebasePrincipal(newURI, getter_AddRefs(principal2));
if (NS_FAILED(rv)) return rv;
mPrincipals.Get(principal2, getter_AddRefs(fromTable));
if (fromTable)
principal = fromTable;
}
if (fromTable) {
// We found an existing codebase principal. But it might have a
// generic codebase for this origin on it. Install our particular
// codebase.
// XXXbz this is kinda similar to the code in
// GetCertificatePrincipal, but just ever so slightly different.
// Oh, well.
nsXPIDLCString prefName;
nsXPIDLCString id;
nsXPIDLCString subjectName;
nsXPIDLCString granted;
nsXPIDLCString denied;
PRBool isTrusted;
rv = fromTable->GetPreferences(getter_Copies(prefName),
getter_Copies(id),
getter_Copies(subjectName),
getter_Copies(granted),
getter_Copies(denied),
&isTrusted);
if (NS_SUCCEEDED(rv)) {
nsRefPtr<nsPrincipal> codebase = new nsPrincipal();
if (!codebase)
return NS_ERROR_OUT_OF_MEMORY;
rv = codebase->InitFromPersistent(prefName, id,
subjectName, EmptyCString(),
granted, denied,
nsnull, PR_FALSE,
isTrusted);
if (NS_FAILED(rv))
return rv;
codebase->SetURI(aURI);
principal = codebase;
}
}
}
@ -2235,11 +2282,13 @@ nsScriptSecurityManager::SavePrincipal(nsIPrincipal* aToSave)
nsXPIDLCString subjectName;
nsXPIDLCString grantedList;
nsXPIDLCString deniedList;
PRBool isTrusted;
nsresult rv = aToSave->GetPreferences(getter_Copies(idPrefName),
getter_Copies(id),
getter_Copies(subjectName),
getter_Copies(grantedList),
getter_Copies(deniedList));
getter_Copies(deniedList),
&isTrusted);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
nsCAutoString grantedPrefName;

Просмотреть файл

@ -87,7 +87,8 @@ nsSystemPrincipal::Release()
NS_IMETHODIMP
nsSystemPrincipal::GetPreferences(char** aPrefName, char** aID,
char** aSubjectName,
char** aGrantedList, char** aDeniedList)
char** aGrantedList, char** aDeniedList,
PRBool* aIsTrusted)
{
// The system principal should never be streamed out
*aPrefName = nsnull;
@ -95,6 +96,7 @@ nsSystemPrincipal::GetPreferences(char** aPrefName, char** aID,
*aSubjectName = nsnull;
*aGrantedList = nsnull;
*aDeniedList = nsnull;
*aIsTrusted = PR_FALSE;
return NS_ERROR_FAILURE;
}