mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

* clean up nsScriptSecurityManager 

* remove nsJSSecurityManager
* save principals in nsIChannels and nsIDocuments
This commit is contained in:
norris%netscape.com 1999-08-29 21:58:42 +00:00
Родитель 32e0969f1c
Коммит 59b4dc8374
48 изменённых файлов: 778 добавлений и 3801 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

21
caps/idl/nsIPrincipal.idl
Просмотреть файл

@ -15,7 +15,7 @@
* Copyright (C) 1999 Netscape Communications Corporation. All Rights
* Reserved.
*/
/*defines interfaces for codebase and certificate principals*/
/* Defines interfaces for codebase and certificate principals */
#include "nsISupports.idl"
interface nsIURI;
%{C++
@ -26,19 +26,8 @@ struct JSPrincipals;
[uuid(ff9313d0-25e1-11d2-8160-006008119d7a)]
interface nsIPrincipal : nsISupports {
const short PrincipalType_Unknown=0;
const short PrincipalType_CodebaseExact=1;
const short PrincipalType_CodebaseRegex=2;
const short PrincipalType_Certificate=3;
const short PrincipalType_CertificateFingerPrint=4;
const short PrincipalType_CertificateKey=5;
const short PrincipalType_CertificateChain=6;
void ToJSPrincipal(out JSPrincipals jsprin);
void GetType(out short type);
void IsSecure(out boolean result);
void GetJSPrincipals(out JSPrincipals jsprin);
void ToString(out string result);
void HashCode(out unsigned long code);
void Equals(in nsIPrincipal other, out boolean result);
};
@ -49,10 +38,8 @@ interface nsIPrincipal : nsISupports {
[uuid(829fe440-25e1-11d2-8160-006008119d7a)]
interface nsICodebasePrincipal : nsIPrincipal {
void GetURLString(out string ppCodeBaseURL);
void GetURL(out nsIURI url);
void IsCodebaseExact(out boolean result);
void IsCodebaseRegex(out boolean result);
void GetURI(out nsIURI url);
void SameOrigin(in nsIPrincipal other, out boolean result);
};
%{C++

23
caps/idl/nsIScriptSecurityManager.idl
Просмотреть файл

@ -38,11 +38,13 @@ struct JSObject;
[uuid(58df5780-8006-11d2-bd91-00805f8ae3f4)]
interface nsIScriptSecurityManager : nsISupports
{
// NB TODO: Change to string representation
const short SCRIPT_SECURITY_ALL_ACCESS = 0 << 0;
const short SCRIPT_SECURITY_NO_ACCESS = 1 << 0;
const short SCRIPT_SECURITY_SAME_DOMAIN_ACCESS = 1 << 1;
const short SCRIPT_SECURITY_SIGNED_ACCESS = 1 << 2;
// NB TODO: Move to Capabilities manager
const short eJSTarget_UniversalBrowserRead=0;
const short eJSTarget_UniversalBrowserWrite=1;
const short eJSTarget_UniversalSendMail=2;
@ -53,26 +55,9 @@ interface nsIScriptSecurityManager : nsISupports
const short eJSTarget_UniversalDialerAccess=7;
const short eJSTarget_Max=8;
void NewJSPrincipals(in nsIURI aURL, in nsString aName, out nsIPrincipal aPrincipal);
void CheckScriptAccess(in nsIScriptContext cx, in voidStar obj, [const] in string prop, out boolean res);
void GetSubjectOriginURL(in JSContext cx, out string origin);
void GetObjectOriginURL(in JSContext cx, in JSObject obj, out string origin);
void CheckPermissions(in JSContext cx, in JSObject obj, in short target, out boolean res);
void GetContainerPrincipals(in JSContext cx, in JSObject container, out nsIPrincipal prin);
void CheckScriptAccess(in nsIScriptContext cx, in voidStar obj,
[const] in string prop, out boolean res);
void CanAccessTarget(in JSContext cx, in short target, out boolean res);
void GetPrincipalsFromStackFrame(in JSContext cx, out JSPrincipals prins);
/*
void GetCompilationPrincipals(in nsIScriptContext cx, in nsIScriptGlobalObject go, in JSPrincipals prins, out JSPrincipals resultprins);
void CheckContainerAccess(in JSContext cx, in JSObject obj, in short target, out boolean res);
void SetContainerPrincipals(in JSContext cx, in JSObject container, in JSPrincipals prins);
void CanCaptureEvent(in JSContext cx, in JSFunction func, in JSObject eventTarget, out boolean res);
void SetExternalCapture(in JSContext cx, in JSPrincipals prins, in boolean abool);
void CheckSetParentSlot(in JSContext cx, in JSObject obj, in jsval aVp, out boolean res);
void SetDocumentDomain(in JSContext cx, in JSPrincipals prins, in nsString aNewDomain, out boolean res);
void DestroyPrincipalsList(in JSContext cx, in nsJSPrincipalsList list);
void RegisterPrincipals(in nsIScriptContext aContext, in nsIScriptGlobalObject aGlobal, in JSPrincipals principals,
in nsString aName, in nsString aSrc, out JSPrincipals aPrincipals);
*/
};
%{C++

146
caps/include/nsCaps.h
Просмотреть файл

@ -1,146 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All Rights
* Reserved.
*/
#ifndef _NS_CAPS_H_
#define _NS_CAPS_H_
#include "prtypes.h"
PR_BEGIN_EXTERN_C
class nsTarget;
class nsIPrincipal;
class nsIPrivilege;
class nsPrivilegeTable;
class nsPrivilegeManager;
struct NSJSJavaFrameWrapper;
/* wrappers for nsPrivilegeManager object */
//PR_IMPLEMENT(PRBool)
//nsCapsInitialize();
PR_EXTERN(PRBool)
nsCapsRegisterPrincipal(class nsIPrincipal * principal);
PR_EXTERN(PRBool)
nsCapsEnablePrivilege(void* context, class nsITarget * target, PRInt32 callerDepth);
PR_EXTERN(PRBool)
nsCapsIsPrivilegeEnabled(void* context, class nsITarget * target, PRInt32 callerDepth);
PR_EXTERN(PRBool)
nsCapsRevertPrivilege(void* context, class nsITarget * target, PRInt32 callerDepth);
PR_EXTERN(PRBool)
nsCapsDisablePrivilege(void* context, class nsITarget * target, PRInt32 callerDepth);
PR_EXTERN(void*)
nsCapsGetClassPrincipalsFromStack(void* context, PRInt32 callerDepth);
PR_EXTERN(PRBool)
nsCapsCanExtendTrust(void* from, void* to);
/* wrappers for nsPrincipal object */
PR_EXTERN(class nsIPrincipal *)
nsCapsNewPrincipal(PRInt16 * principalType, void * key,
PRUint32 key_len, void *zig);
PR_EXTERN(const char *)
nsCapsPrincipalToString(nsIPrincipal * principal);
PR_EXTERN(PRBool)
nsCapsIsCodebaseExact(nsIPrincipal * principal);
PR_EXTERN(const char *)
nsCapsPrincipalGetVendor(nsIPrincipal * principal);
PR_EXTERN(void *)
nsCapsNewPrincipalArray(PRUint32 count);
/* wrappers for nsITarget object */
PR_EXTERN(class nsITarget *)
nsCapsFindTarget(char * name);
/* wrappers for nsPrivilege object */
PR_EXTERN(PRInt16)
nsCapsGetPermission(class nsIPrivilege * privilege);
/* wrappers for nsPrivilegeTable object */
PR_EXTERN(nsIPrivilege *)
nsCapsGetPrivilege(nsPrivilegeTable * annotation, class nsITarget * target);
/* Methods for stack walking */
extern struct NSJSJavaFrameWrapper * (*nsCapsNewNSJSJavaFrameWrapperCallback)(void *);
PR_EXTERN(void)
setNewNSJSJavaFrameWrapperCallback(struct NSJSJavaFrameWrapper * (*fp)(void *));
extern void (*nsCapsFreeNSJSJavaFrameWrapperCallback)(struct NSJSJavaFrameWrapper *);
PR_EXTERN(void)
setFreeNSJSJavaFrameWrapperCallback(void (*fp)(struct NSJSJavaFrameWrapper *));
extern void (*nsCapsGetStartFrameCallback)(struct NSJSJavaFrameWrapper *);
PR_EXTERN(void)
setGetStartFrameCallback(void (*fp)(struct NSJSJavaFrameWrapper *));
extern PRBool (*nsCapsIsEndOfFrameCallback)(struct NSJSJavaFrameWrapper *);
PR_EXTERN(void)
setIsEndOfFrameCallback(PRBool (*fp)(struct NSJSJavaFrameWrapper *));
extern PRBool (*nsCapsIsValidFrameCallback)(struct NSJSJavaFrameWrapper *);
PR_EXTERN(void)
setIsValidFrameCallback(PRBool (*fp)(struct NSJSJavaFrameWrapper *));
extern void * (*nsCapsGetNextFrameCallback)(struct NSJSJavaFrameWrapper *, int *);
PR_EXTERN(void)
setGetNextFrameCallback(void * (*fp)(struct NSJSJavaFrameWrapper *, int *));
extern void * (*nsCapsGetPrincipalArrayCallback)(struct NSJSJavaFrameWrapper *);
PR_EXTERN(void)
setOJIGetPrincipalArrayCallback(void * (*fp)(struct NSJSJavaFrameWrapper *));
extern void * (*nsCapsGetAnnotationCallback)(struct NSJSJavaFrameWrapper *);
PR_EXTERN(void)
setOJIGetAnnotationCallback(void * (*fp)(struct NSJSJavaFrameWrapper *));
extern void * (*nsCapsSetAnnotationCallback)(struct NSJSJavaFrameWrapper *, void *);
PR_EXTERN(void)
setOJISetAnnotationCallback(void * (*fp)(struct NSJSJavaFrameWrapper *, void *));
/*
* Registration flag is set when the communicator
* starts with argument '-reg_mode'. The following
* functions provide API to enable and disable the flag.
* Current state of the flag can be obtained using
* nsGetRegistrationModeFlag().
*/
void
nsCapsEnableRegistrationModeFlag(void);
void
nsCapsDisableRegistrationModeFlag(void);
PRBool
nsCapsGetRegistrationModeFlag(void);
PR_END_EXTERN_C
#endif /* _NS_CAPS_H_ */

32
caps/include/nsCodebasePrincipal.h
Просмотреть файл

@ -30,25 +30,23 @@
class nsCodebasePrincipal : public nsICodebasePrincipal {
public:
NS_DEFINE_STATIC_CID_ACCESSOR(NS_CODEBASEPRINCIPAL_CID)
NS_DECL_ISUPPORTS
NS_DECL_NSIPRINCIPAL
NS_DECL_NSICODEBASEPRINCIPAL
nsCodebasePrincipal();
NS_IMETHOD
Init(nsIURI *uri);
NS_DEFINE_STATIC_CID_ACCESSOR(NS_CODEBASEPRINCIPAL_CID)
NS_DECL_ISUPPORTS
NS_DECL_NSIPRINCIPAL
NS_DECL_NSICODEBASEPRINCIPAL
nsCodebasePrincipal();
NS_IMETHOD
Init(PRInt16 type, nsIURI * uri);
virtual ~nsCodebasePrincipal(void);
virtual ~nsCodebasePrincipal(void);
protected:
nsIURI * itsURL;
PRInt16 itsType;
nsJSPrincipals itsJSPrincipals;
nsIURI *itsURI;
nsJSPrincipals itsJSPrincipals;
};
#endif // _NS_CODEBASE_PRINCIPAL_H_

2
caps/include/nsJSPrincipals.h
Просмотреть файл

@ -25,7 +25,7 @@ struct nsJSPrincipals : JSPrincipals {
public:
nsJSPrincipals();
nsresult Init(nsIPrincipal * prin);
nsresult Init(char *prin);
~nsJSPrincipals(void);
nsIPrincipal *nsIPrincipalPtr;

75
caps/include/nsPrincipalArray.h
Просмотреть файл

@ -1,75 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1999 Netscape Communications Corporation. All Rights
* Reserved.
*/
/*used to pass principals through xpcom in arrays*/
#ifndef _NS_PRINCIPAL_ARRAY_H_
#define _NS_PRINCIPAL_ARRAY_H_
#include "nsIPrincipalArray.h"
#include "nsIPrincipal.h"
#include "nsVector.h"
#include "nsHashtable.h"
#define NS_PRINCIPALARRAY_CID \
{ 0x7ff2a4c0, 0x4bff, 0x17d3, \
{ 0xba, 0x18, 0x42, 0x60, 0xbb, 0xf1, 0x99, 0xa2 }}
NS_DEFINE_STATIC_CID_ACCESSOR(NS_PRINCIPALARRAY_CID)
class nsPrincipalArray : public nsIPrincipalArray {
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIPRINCIPALARRAY
nsPrincipalArray(void);
nsPrincipalArray(PRUint32 count);
void
Init(PRUint32 count);
virtual ~nsPrincipalArray();
private:
nsVector * itsArray;
};
class PrincipalKey: public nsHashKey {
public:
nsIPrincipal * itsPrincipal;
PrincipalKey(nsIPrincipal * prin) {
itsPrincipal = prin;
}
PRUint32 HashValue(void) const {
PRUint32 * code = 0;
itsPrincipal->HashCode(code);
return *code;
}
PRBool Equals(const nsHashKey * aKey) const {
PRBool result = PR_FALSE;
itsPrincipal->Equals(((const PrincipalKey *) aKey)->itsPrincipal,& result);
return result;
}
nsHashKey * Clone(void) const {
return new PrincipalKey(itsPrincipal);
}
};
#endif /* _NS_PRINCIPAL_ARRAY_H_ */

47
caps/include/nsScriptSecurityManager.h
Просмотреть файл

@ -31,24 +31,35 @@
class nsScriptSecurityManager : public nsIScriptSecurityManager {
public:
nsScriptSecurityManager();
virtual ~nsScriptSecurityManager();
NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
NS_DECL_ISUPPORTS
NS_DECL_NSISCRIPTSECURITYMANAGER
static nsScriptSecurityManager *
GetScriptSecurityManager();
nsScriptSecurityManager();
virtual ~nsScriptSecurityManager();
NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
NS_DECL_ISUPPORTS
NS_DECL_NSISCRIPTSECURITYMANAGER
static nsScriptSecurityManager *
GetScriptSecurityManager();
private:
char * GetCanonicalizedOrigin(JSContext *cx, const char* aUrlString);
NS_IMETHOD GetOriginFromSourceURL(nsIURI * origin, char * * result);
PRBool SameOrigins(JSContext *aCx, const char* aOrigin1, const char* aOrigin2);
PRInt32 CheckForPrivilege(JSContext *cx, char *prop_name, int priv_code);
char* FindOriginURL(JSContext *aCx, JSObject *aGlobal);
char* AddSecPolicyPrefix(JSContext *cx, char *pref_str);
char* GetSitePolicy(const char *org);
NS_IMETHOD
GetSubjectPrincipal(JSContext *aCx, nsIPrincipal **result);
NS_IMETHOD
GetObjectPrincipal(JSContext *aCx, JSObject *aObj, nsIPrincipal **result);
NS_IMETHOD
CheckPermissions(JSContext *aCx, JSObject *aObj, PRInt16 aTarget,
PRBool* result);
PRInt32
GetSecurityLevel(JSContext *cx, char *prop_name, int priv_code);
char *
AddSecPolicyPrefix(JSContext *cx, char *pref_str);
char *
GetSitePolicy(const char *org);
};
#endif /*_NS_SCRIPT_SECURITY_MANAGER_H_*/

482
caps/src/nsCCapsManager.cpp
Просмотреть файл

@ -1,482 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1999 Netscape Communications Corporation. All Rights
* Reserved.
*/
#include "nsIComponentManager.h"
#include "nsCCapsManager.h"
#include "nsCodebasePrincipal.h"
#include "nsCertificatePrincipal.h"
#include "nsPrincipalArray.h"
#include "nsCaps.h"
#include "nsICapsSecurityCallbacks.h"
#include "secnav.h"
#ifdef MOZ_SECURITY
#include "navhook.h"
#include "jarutil.h"
#endif /* MOZ_SECURITY */
#define ALL_JAVA_PERMISSION "AllJavaPermission"
static NS_DEFINE_CID(kCCapsManagerCID, NS_CCAPSMANAGER_CID);
static NS_DEFINE_IID(kICapsManagerIID, NS_ICAPSMANAGER_IID);
NS_IMPL_ISUPPORTS(nsCCapsManager, kICapsManagerIID);
nsCCapsManager *
nsCCapsManager::GetSecurityManager()
{
static nsCCapsManager * capsMan = NULL;
if (!capsMan)
capsMan = new nsCCapsManager();
return capsMan;
}
NS_IMETHODIMP
nsCCapsManager::GetPrincipalManager(nsIPrincipalManager * * iprinMan)
{
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
* iprinMan = (nsIPrincipalManager *)prinMan;
return NS_OK;
}
NS_IMETHODIMP
nsCCapsManager::GetPrivilegeManager(nsIPrivilegeManager * * privMan)
{
* privMan = (nsIPrivilegeManager *)nsPrivilegeManager::GetPrivilegeManager();
return NS_OK;
}
NS_IMETHODIMP
nsCCapsManager::CreateCodebasePrincipal(const char * codebaseURL, nsIPrincipal * * prin)
{
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
return prinMan->CreateCodebasePrincipal(codebaseURL, nsnull, prin);
}
NS_IMETHODIMP
nsCCapsManager::CreateCertificatePrincipal(const unsigned char **certChain, PRUint32 * certChainLengths,
PRUint32 noOfCerts, nsIPrincipal** prin)
{
nsPrincipalManager * prinMan;
nsPrincipalManager::GetPrincipalManager(& prinMan);
return prinMan->CreateCertificatePrincipal(certChain,certChainLengths,noOfCerts,prin);
}
NS_IMETHODIMP
nsCCapsManager::GetPermission(nsIPrincipal * prin, nsITarget * ignoreTarget, PRInt16 * privilegeState)
{
* privilegeState = nsIPrivilege::PrivilegeState_Blank;
nsITarget * target = nsTarget::FindTarget(ALL_JAVA_PERMISSION);
if( target == NULL ) return NS_OK;
if (nsPrivilegeManager::GetPrivilegeManager() != NULL) {
nsIPrivilege * privilege;
nsPrivilegeManager::GetPrivilegeManager()->GetPrincipalPrivilege(target, prin, NULL, & privilege);
// ARIEL WORK ON THIS SHIT
// * privilegeState = this->ConvertPrivilegeToPermission(privilege);
}
return NS_OK;
}
NS_IMETHODIMP
nsCCapsManager::SetPermission(nsIPrincipal * prin, nsITarget * ignoreTarget, PRInt16 privilegeState)
{
nsITarget * target = nsTarget::FindTarget(ALL_JAVA_PERMISSION);
if(target == NULL ) return NS_OK;
// if (privilegeManager != NULL) {
// WORK ON THIS ARIEL
// nsPrivilege* privilege = this->ConvertPermissionToPrivilege(privilegeState);
// privilegeManager->SetPermission(prin, target, privilegeState);
// }
return NS_OK;
}
NS_IMETHODIMP
nsCCapsManager::AskPermission(nsIPrincipal * prin, nsITarget * ignoreTarget, PRInt16 * privilegeState)
{
nsITarget * target = nsTarget::FindTarget(ALL_JAVA_PERMISSION);
if( target == NULL ) {
* privilegeState = nsIPrivilege::PrivilegeState_Blank;
return NS_OK;
}
if (nsPrivilegeManager::GetPrivilegeManager() != NULL) {
PRBool perm;
nsPrivilegeManager::GetPrivilegeManager()->AskPermission(prin, target, NULL, & perm);
nsIPrivilege * privilege;
nsPrivilegeManager::GetPrivilegeManager()->GetPrincipalPrivilege(target, prin, NULL,& privilege);
// * privilegeState = ConvertPrivilegeToPermission(privilege);
}
return NS_OK;
}
/**
* Initializes the capabilities subsytem (ie setting the system principal, initializing
* privilege Manager, creating the capsManager factory etc
*
* @param result - is true if principal was successfully registered with the system
*/
NS_IMETHODIMP
nsCCapsManager::Initialize(PRBool * result)
{
// * result = nsCapsInitialize();
return NS_OK;
}
NS_IMETHODIMP
nsCCapsManager::InitializeFrameWalker(nsICapsSecurityCallbacks* aInterface)
{
return NS_OK;
}
NS_IMETHODIMP
nsCCapsManager::RegisterPrincipal(nsIPrincipal * prin)
{
return NS_OK;
}
/**
* Prompts the user if they want to grant permission for the principal located
* at the given stack depth for the given target.
*
* @param context - is the parameter JS needs to determinte the principal
* @param targetName - is the name of the target.
* @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the
* principal
* @param ret_val - is true if user has given permission for the given principal and
* target
*/
NS_IMETHODIMP
nsCCapsManager::EnablePrivilege(nsIScriptContext * context, const char* targetName, PRInt32 callerDepth, PRBool * ret_val)
{
nsITarget *target = nsTarget::FindTarget((char*)targetName);
if( target == NULL )
{
* ret_val = PR_FALSE;
return NS_OK;
}
// if (privilegeManager != NULL)
// ret_val = privilegeManager->EnablePrivilege(context, target, NULL, callerDepth, ret_val);
return NS_OK;
}
NS_IMETHODIMP
nsCCapsManager::IsPrivilegeEnabled(nsIScriptContext * context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
{
nsITarget *target = nsTarget::FindTarget((char*)targetName);
if( target == NULL )
{
* ret_val = PR_FALSE;
return NS_OK;
}
nsPrivilegeManager::GetPrivilegeManager()->IsPrivilegeEnabled(context, target, callerDepth, ret_val);
return NS_OK;
}
NS_IMETHODIMP
nsCCapsManager::RevertPrivilege(nsIScriptContext * context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
{
nsITarget *target = nsTarget::FindTarget((char*)targetName);
if( target == NULL ) {
* ret_val = PR_FALSE;
return NS_OK;
}
nsPrivilegeManager::GetPrivilegeManager()->RevertPrivilege(context, target, callerDepth,ret_val);
return NS_OK;
}
NS_IMETHODIMP
nsCCapsManager::DisablePrivilege(nsIScriptContext * context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val)
{
nsITarget *target = nsTarget::FindTarget((char*)targetName);
if( target == NULL ) {
* ret_val = PR_FALSE;
return NS_OK;
}
nsPrivilegeManager::GetPrivilegeManager()->DisablePrivilege(context, target, callerDepth,ret_val);
return NS_OK;
}
//XXX: todo: This method is covered by to nsIPrincipal object, should not be part of caps
//XXX: nsPrincipal struct if deprecated, access as nsIPrincipal
//do not use IsCodebaseExact, Tostring, or any other of the principal specific objects from here
/*
* CreateMixedPrincipalArray take codebase and ZIG file information and returns a
* pointer to an array of nsIPrincipal objects.
*/
/*
NS_METHOD
nsCCapsManager::CreateMixedPrincipalArray(void *aZig, const char * name, const char* codebase, nsIPrincipalArray * * result)
{
*result = NULL;
PRBool hasCodebase;
int i;
PRUint32 count;
nsIPrincipal *principal;
hasCodebase = (PRBool)codebase;
count = codebase ? 1 : 0;
#if 0
SOBITEM *item;
ZIG_Context * zig_aCx = NULL;
ZIG *zig = (ZIG*)aZig;
if (zig && name) {
if ((zig_aCx = SOB_find(zig, name, ZIG_SIGN)) != NULL) {
int zig_count=0;
while (SOB_find_next(zig_aCx, &item) >= 0) zig_count++;
SOB_find_end(zig_aCx);
count += zig_count;
} else zig = NULL;
}
#endif
if (count == 0) return NS_OK;
NewPrincipalArray(count, result);
if (*result == NULL) return NS_ERROR_FAILURE;
#if 0
if (zig && ((zig_aCx = SOB_find(zig, name, ZIG_SIGN)) == NULL)) return NS_ERROR_FAILURE;
i = 0;
while (zig && SOB_find_next(zig_aCx, &item) >= 0) {
FINGERZIG *fingPrint;
fingPrint = (FINGERZIG *) item->data;
this->NewPrincipal(nsPrincipal::PrincipalType_CertificateKey, fingPrint->key,
fingPrint->length, zig, &principal);
RegisterPrincipal(principal, NULL);
SetPrincipalArrayElement(*result, i++, principal);
}
if (zig) SOB_find_end(zig_aCx);
#endif
if (codebase) {
this->NewPrincipal(nsIPrincipal::PrincipalType_CodebaseExact, (void*)codebase,
PL_strlen(codebase), NULL, &principal);
RegisterPrincipal(principal, NULL);
SetPrincipalArrayElement(*result, i++, principal);
}
return NS_OK;
}
*/
/* The following interfaces will replace all of the following old calls.
* nsCapsGetPermission(struct nsPrivilege *privilege)
* nsCapsGetPrivilege(struct nsPrivilegeTable *annotation, struct nsITarget *target)
*/
NS_IMETHODIMP
nsCCapsManager::IsAllowed(void *annotation, const char * targetName, PRBool * ret_val)
{
nsITarget *target = nsTarget::FindTarget((char *)targetName);
if( target == NULL ) {
*ret_val = PR_FALSE;
return NS_OK;
}
nsIPrivilege * pNSPrivilege = nsCapsGetPrivilege((nsPrivilegeTable * )annotation, target);
if (pNSPrivilege == NULL) {
*ret_val = PR_FALSE;
return NS_OK;
}
// ARIEL WORK ON THIS
// PRInt16 privilegeState = nsCapsGetPermission(pNSPrivilege);
// *ret_val = (privilegeState == nsIPrivilege::PrivilegeState_Allowed);
return NS_OK;
}
nsCCapsManager::nsCCapsManager()
{
NS_INIT_REFCNT();
NS_ADDREF(this);
}
nsCCapsManager::~nsCCapsManager()
{
}
/*
void
nsCCapsManager::CreateNSPrincipalArray(nsIPrincipalArray* prinArray,
nsIPrincipalArray* *pPrincipalArray)
{
//prin arrays will either be removed, or updated to use the nsIPrincipal Object
nsIPrincipal* pNSIPrincipal;
nsPrincipal *pNSPrincipal = NULL;
PRUint32 count = prinArray->GetSize();
nsPrincipalArray *newPrinArray = new nsPrincipalArray();
newPrinArray->SetSize(count, 1);
*pPrincipalArray = NULL;
for (PRUint32 index = 0; index < count; index++) {
pNSPrincipal = (nsPrincipal *)prinArray->Get(index);
if (pNSPrincipal->isCodebase()) {
pNSIPrincipal = (nsIPrincipal*)new nsCodebasePrincipal(pNSPrincipal);
} else {
pNSIPrincipal = (nsIPrincipal*)new nsCertificatePrincipal(pNSPrincipal);
}
newPrinArray->Set(index, pNSIPrincipal);
}
*pPrincipalArray = newPrinArray;
}
*/
/*
NS_METHOD
nsCCapsManager::GetNSPrincipalArray(nsPrincipalArray* prinArray,
nsPrincipalArray* *pPrincipalArray)
{
nsIPrincipal* pNSIPrincipal;
nsIPrincipal *pNSPrincipal = NULL;
nsresult result = NS_OK;
PRUint32 count = prinArray->GetSize();
nsPrincipalArray *newPrinArray = new nsPrincipalArray();
newPrinArray->SetSize(count, 1);
*pPrincipalArray = NULL;
for (PRUint32 index = 0; index < count; index++) {
pNSIPrincipal = (nsIPrincipal*)prinArray->Get(index);
// result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal);
if( result != NS_OK)
{
nsCapsFreePrincipalArray(newPrinArray);
return result;
}
// newPrinArray->Set(index, pNSPrincipal);
}
*pPrincipalArray = newPrinArray;
return result;
return NS_OK;
}
*/
/*
NS_METHOD
nsCCapsManager::GetNSPrincipal(nsIPrincipal* pNSIPrincipal, nsPrincipal **ppNSPrincipal)
{
nsISupports *pNSISupports = NULL;
nsPrincipal *pNSPrincipal = NULL;
*ppNSPrincipal = NULL;
if ( pNSIPrincipal == NULL )
{
return NS_ERROR_NULL_POINTER;
}
NS_DEFINE_IID(kICertificatePrincipalIID, NS_ICERTIFICATEPRINCIPAL_IID);
NS_DEFINE_IID(kICodebasePrincipalIID, NS_ICODEBASEPRINCIPAL_IID);
// NS_DEFINE_IID(kICodeSourcePrincipalIID, NS_ICODESOURCEPRINCIPAL_IID);
if (pNSIPrincipal->QueryInterface(kICodeSourcePrincipalIID,
(void**)&pNSISupports) == NS_OK)
{
nsCCodeSourcePrincipal *pNSCCodeSourcePrincipal = (nsCCodeSourcePrincipal *)pNSIPrincipal;
nsICertificatePrincipal *pNSICertPrincipal = pNSCCodeSourcePrincipal->GetCertPrincipal();
nsICodebasePrincipal *pNSICodebasePrincipal = pNSCCodeSourcePrincipal->GetCodebasePrincipal();
PRBool bIsTrusted = PR_FALSE;
if(pNSICertPrincipal != NULL )
{
pNSICertPrincipal->IsSecure(&bIsTrusted);
}
if (bIsTrusted)
{
nsCertificatePrincipal *pNSCCertPrincipal = (nsCertificatePrincipal *)pNSICertPrincipal;
// peer object is deprecated, no longer use nsPrincipal object
// pNSPrincipal = pNSCCertPrincipal->GetPeer();
pNSCCertPrincipal->Release();
}
else
if(pNSICodebasePrincipal != NULL )
{
nsCodebasePrincipal *pNSCCodebasePrincipal = (nsCodebasePrincipal *)pNSICodebasePrincipal;
// peer object is deprecated, no longer use nsPrincipal object
// pNSPrincipal = pNSCCodebasePrincipal->GetPeer();
pNSCCodebasePrincipal->Release();
}
else
{
return NS_ERROR_NULL_POINTER;
}
}
else
if (pNSIPrincipal->QueryInterface(kICertificatePrincipalIID,
(void**)&pNSISupports) == NS_OK)
{
nsCertificatePrincipal *pNSCCertPrincipal = (nsCertificatePrincipal *)pNSIPrincipal;
// peer object is deprecated, no longer use nsPrincipal object
// pNSPrincipal = pNSCCertPrincipal->GetPeer();
pNSCCertPrincipal->Release();
}
else
if (pNSIPrincipal->QueryInterface(kICodebasePrincipalIID,
(void**)&pNSISupports) == NS_OK)
{
nsCodebasePrincipal *pNSCCodebasePrincipal =
(nsCodebasePrincipal *)pNSIPrincipal;
// peer object is deprecated, no longer use nsPrincipal object
// pNSPrincipal = pNSCCodebasePrincipal->GetPeer();
pNSCCodebasePrincipal->Release();
}
else
{
return NS_ERROR_NO_INTERFACE;
}
*ppNSPrincipal = pNSPrincipal;
return NS_OK;
}
*/
/*
nsPermission
nsCCapsManager::ConvertPrivilegeToPermission(nsPrivilege * pNSPrivilege)
{
if(pNSPrivilege->isAllowedForever())
return nsPermission_AllowedForever;
if(pNSPrivilege->isForbiddenForever())
return nsPermission_DeniedForever;
if(pNSPrivilege->isAllowed())
return nsPermission_AllowedSession;
if(pNSPrivilege->isForbidden())
return nsPermission_DeniedSession;
return nsPermission_Unknown;
}
nsPrivilege *
nsCCapsManager::ConvertPermissionToPrivilege(nsPermission state)
{
nsPermissionState permission;
nsDurationState duration;
switch (state) {
case nsPermission_AllowedForever:
permission = nsPermissionState_Allowed;
duration = nsDurationState_Forever;
break;
case nsPermission_DeniedForever:
permission = nsPermissionState_Forbidden;
duration = nsDurationState_Forever;
break;
case nsPermission_AllowedSession:
permission = nsPermissionState_Allowed;
duration = nsDurationState_Session;
break;
case nsPermission_DeniedSession:
permission = nsPermissionState_Forbidden;
duration = nsDurationState_Session;
break;
default:
permission = nsPermissionState_Forbidden;
duration = nsDurationState_Session;
break;
}
return nsPrivilege::findPrivilege(permission, duration);
}
*/

7
caps/src/nsCaps.cpp
Просмотреть файл

@ -192,13 +192,6 @@ nsCapsPrincipalToString(class nsIPrincipal *principal)
return prinStr;
}
PR_IMPLEMENT(PRBool)
nsCapsIsCodebaseExact(class nsIPrincipal *principal)
{
PRInt16 prinType;
principal->GetType(& prinType);
return (prinType == (PRInt16) nsIPrincipal::PrincipalType_CodebaseExact) ? PR_TRUE : PR_FALSE;
}
/*
PR_IMPLEMENT(const char *)
nsCapsPrincipalGetVendor(class nsIPrincipal *principal)

23
caps/src/nsCertificatePrincipal.cpp
Просмотреть файл

@ -66,40 +66,19 @@ nsCertificatePrincipal::GetFingerPrint(char * * fingerPrint)
NS_IMETHODIMP
nsCertificatePrincipal::ToJSPrincipal(JSPrincipals * * jsprin)
nsCertificatePrincipal::GetJSPrincipals(JSPrincipals **jsprin)
{
// *jsprin = NS_STATIC_CAST(JSPrincipals *,this);
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::GetType(PRInt16 * type)
{
type = & this->itsType;
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::IsSecure(PRBool * result)
{
*result = (this->itsType == (PRInt16)nsIPrincipal::PrincipalType_Unknown) ? PR_FALSE : PR_TRUE;
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::ToString(char **result)
{
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::HashCode(PRUint32 * code)
{
code=0;
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
{

181
caps/src/nsCodebasePrincipal.cpp
Просмотреть файл

@ -15,128 +15,151 @@
* Copyright (C) 1998 Netscape Communications Corporation. All Rights
* Reserved.
*/
/* describes principals by thier orginating uris*/
/* Describes principals by thier orginating uris */
#include "nsCodebasePrincipal.h"
#include "nsIComponentManager.h"
#include "nsIServiceManager.h"
#include "nsIURL.h"
#include "nsCOMPtr.h"
#include "nsXPIDLString.h"
static NS_DEFINE_IID(kICodebasePrincipalIID, NS_ICODEBASEPRINCIPAL_IID);
static char gFileScheme[] = "file";
NS_IMPL_ISUPPORTS(nsCodebasePrincipal, kICodebasePrincipalIID);
NS_IMETHODIMP
nsCodebasePrincipal::ToJSPrincipal(JSPrincipals * * jsprin)
nsCodebasePrincipal::GetJSPrincipals(JSPrincipals **jsprin)
{
if (itsJSPrincipals.refcount == 0) {
NS_ADDREF(this);
if (itsJSPrincipals.nsIPrincipalPtr == nsnull) {
itsJSPrincipals.nsIPrincipalPtr = this;
NS_ADDREF(itsJSPrincipals.nsIPrincipalPtr);
// matching release in nsDestroyJSPrincipals
}
*jsprin = &itsJSPrincipals;
JSPRINCIPALS_HOLD(cx, *jsprin);
return NS_OK;
/*
char * cb;
this->GetURLString(& cb);
* jsprin = NS_STATIC_CAST(JSPrincipals *,this);
(* jsprin)->codebase = PL_strdup(cb);
return NS_OK;
*/
}
NS_IMETHODIMP
nsCodebasePrincipal::GetURLString(char **cburl)
nsCodebasePrincipal::GetURI(nsIURI **uri)
{
return itsURL->GetSpec(cburl);
*uri = itsURI;
NS_ADDREF(*uri);
return NS_OK;
}
NS_IMETHODIMP
nsCodebasePrincipal::GetURL(nsIURI * * url)
nsCodebasePrincipal::ToString(char **result)
{
return itsURL->Clone(url);
// NB TODO
return NS_OK;
}
NS_IMETHODIMP
nsCodebasePrincipal::IsCodebaseExact(PRBool * result)
nsCodebasePrincipal::Equals(nsIPrincipal *other, PRBool *result)
{
* result = (this->itsType == nsIPrincipal::PrincipalType_CodebaseExact) ? PR_TRUE : PR_FALSE;
return NS_OK;
*result = PR_FALSE;
if (this == other) {
*result = PR_TRUE;
return NS_OK;
}
nsCOMPtr<nsICodebasePrincipal> otherCodebase;
if (!NS_SUCCEEDED(other->QueryInterface(
NS_GET_IID(nsICodebasePrincipal),
(void **) getter_AddRefs(otherCodebase))))
{
*result = PR_FALSE;
return NS_OK;
}
nsCOMPtr<nsIURI> otherURI;
if (!NS_SUCCEEDED(otherCodebase->GetURI(getter_AddRefs(otherURI)))) {
return NS_ERROR_FAILURE;
}
if (!itsURI || !NS_SUCCEEDED(otherURI->Equals(itsURI, result))) {
return NS_ERROR_FAILURE;
}
return NS_OK;
}
NS_IMETHODIMP
nsCodebasePrincipal::IsCodebaseRegex(PRBool * result)
nsCodebasePrincipal::SameOrigin(nsIPrincipal *other, PRBool *result)
{
* result = (itsType == nsIPrincipal::PrincipalType_CodebaseRegex) ? PR_TRUE : PR_FALSE;
return NS_OK;
}
*result = PR_FALSE;
if (this == other) {
*result = PR_TRUE;
return NS_OK;
}
nsCOMPtr<nsICodebasePrincipal> otherCodebase;
if (!NS_SUCCEEDED(other->QueryInterface(
NS_GET_IID(nsICodebasePrincipal),
(void **) getter_AddRefs(otherCodebase))))
{
return NS_OK;
}
nsCOMPtr<nsIURI> otherURI;
if (!NS_SUCCEEDED(otherCodebase->GetURI(getter_AddRefs(otherURI)))) {
return NS_ERROR_FAILURE;
}
char *scheme1 = nsnull;
nsresult rv = otherURI->GetScheme(&scheme1);
char *scheme2 = nsnull;
if (NS_SUCCEEDED(rv))
rv = itsURI->GetScheme(&scheme2);
if (NS_SUCCEEDED(rv) && PL_strcmp(scheme1, scheme2) == 0) {
NS_IMETHODIMP
nsCodebasePrincipal::GetType(PRInt16 * type)
{
* type = itsType;
return NS_OK;
}
NS_IMETHODIMP
nsCodebasePrincipal::IsSecure(PRBool * result)
{
// if ((0 == memcmp("https:", itsKey, strlen("https:"))) ||
// (0 == memcmp("file:", itsKey, strlen("file:"))))
// return PR_TRUE;
return PR_FALSE;
}
NS_IMETHODIMP
nsCodebasePrincipal::ToString(char * * result)
{
return NS_OK;
}
NS_IMETHODIMP
nsCodebasePrincipal::HashCode(PRUint32 * code)
{
(* code) = 0;
return NS_OK;
}
NS_IMETHODIMP
nsCodebasePrincipal::Equals(nsIPrincipal * other, PRBool * result)
{
PRInt16 oType = 0;
other->GetType(& oType);
(* result) = (itsType == oType) ? PR_TRUE : PR_FALSE;
if ((* result) != PR_TRUE) return NS_OK;
nsICodebasePrincipal * cbother;
nsXPIDLCString oCodebase, myCodebase;
other->QueryInterface(NS_GET_IID(nsICodebasePrincipal),(void * *)& cbother);
cbother->GetURLString(getter_Copies(oCodebase));
this->GetURLString(getter_Copies(myCodebase));
(* result) = (PL_strcmp(myCodebase, oCodebase) == 0) ? PR_TRUE : PR_FALSE;
return NS_OK;
if (PL_strcmp(scheme1, gFileScheme) == 0) {
// All file: urls are considered to have the same origin.
*result = PR_TRUE;
} else {
// Need to check the host
char *host1 = nsnull;
rv = otherURI->GetHost(&host1);
char *host2 = nsnull;
if (NS_SUCCEEDED(rv))
rv = itsURI->GetHost(&host2);
*result = NS_SUCCEEDED(rv) && PL_strcmp(host1, host2) == 0;
if (*result) {
int port1;
rv = otherURI->GetPort(&port1);
int port2;
if (NS_SUCCEEDED(rv))
rv = itsURI->GetPort(&port2);
*result = NS_SUCCEEDED(rv) && port1 == port2;
}
if (host1) nsCRT::free(host1);
if (host2) nsCRT::free(host2);
}
}
if (scheme1) nsCRT::free(scheme1);
if (scheme2) nsCRT::free(scheme2);
return NS_OK;
}
nsCodebasePrincipal::nsCodebasePrincipal()
{
NS_INIT_ISUPPORTS();
itsURL = nsnull;
NS_INIT_ISUPPORTS();
itsURI = nsnull;
}
NS_IMETHODIMP
nsCodebasePrincipal::Init(PRInt16 type, nsIURI *uri)
nsCodebasePrincipal::Init(nsIURI *uri)
{
nsresult result;
NS_ADDREF(this);
this->itsType = type;
if (!NS_SUCCEEDED(result = uri->Clone(&itsURL))) return result;
if (!NS_SUCCEEDED(result = itsJSPrincipals.Init(this))) {
NS_RELEASE(itsURL);
return result;
}
return NS_OK;
char *codebase;
if (!NS_SUCCEEDED(uri->GetSpec(&codebase)))
return NS_ERROR_FAILURE;
if (!NS_SUCCEEDED(itsJSPrincipals.Init(codebase)))
return NS_ERROR_FAILURE;
NS_ADDREF(this);
itsURI = uri;
NS_ADDREF(itsURI);
return NS_OK;
}
nsCodebasePrincipal::~nsCodebasePrincipal(void)
{
if (itsURL)
NS_RELEASE(itsURL);
if (itsURI)
NS_RELEASE(itsURI);
}

32
caps/src/nsJSPrincipals.cpp
Просмотреть файл

@ -21,25 +21,27 @@
#include "nsXPIDLString.h"
PR_STATIC_CALLBACK(void *)
nsGetPrincipalArray(JSContext * cx, struct JSPrincipals * prin) {
nsGetPrincipalArray(JSContext *cx, struct JSPrincipals *prin)
{
return nsnull;
}
PR_STATIC_CALLBACK(JSBool)
nsGlobalPrivilegesEnabled(JSContext * cx , struct JSPrincipals *jsprin) {
nsGlobalPrivilegesEnabled(JSContext *cx , struct JSPrincipals *jsprin)
{
return JS_TRUE;
}
PR_STATIC_CALLBACK(void)
nsDestroyJSPrincipals(JSContext * cx, struct JSPrincipals * jsprin) {
nsJSPrincipals * nsjsprin = (nsJSPrincipals *)jsprin;
nsIPrincipal *p = nsjsprin->nsIPrincipalPtr;
NS_IF_RELEASE(p);
nsDestroyJSPrincipals(JSContext *cx, struct JSPrincipals *jsprin) {
nsJSPrincipals *nsjsprin = (nsJSPrincipals *)jsprin;
NS_IF_RELEASE(nsjsprin->nsIPrincipalPtr);
// The nsIPrincipal that we release owns the JSPrincipal struct,
// so we don't need to worry about "codebase"
}
nsJSPrincipals::nsJSPrincipals() {
nsJSPrincipals::nsJSPrincipals()
{
codebase = nsnull;
getPrincipalArray = nsGetPrincipalArray;
globalPrivilegesEnabled = nsGlobalPrivilegesEnabled;
@ -49,20 +51,14 @@ nsJSPrincipals::nsJSPrincipals() {
}
nsresult
nsJSPrincipals::Init(nsIPrincipal * prin) {
nsXPIDLCString cb;
nsICodebasePrincipal * cbprin;
prin->QueryInterface(NS_GET_IID(nsICodebasePrincipal),(void * *)& cbprin);
cbprin->GetURLString(getter_Copies(cb));
nsIPrincipalPtr = prin;
codebase = PL_strdup(cb);
if (!codebase)
return NS_ERROR_OUT_OF_MEMORY;
NS_ADDREF(nsIPrincipalPtr);
nsJSPrincipals::Init(char *aCodebase)
{
codebase = aCodebase;
return NS_OK;
}
nsJSPrincipals::~nsJSPrincipals() {
nsJSPrincipals::~nsJSPrincipals()
{
if (codebase)
PL_strfree(codebase);
if (nsIPrincipalPtr)

13
caps/src/nsPrincipalManager.cpp
Просмотреть файл

@ -104,7 +104,7 @@ nsPrincipalManager::CreateCodebasePrincipal(const char * codebaseURL, nsIURI * u
nsCodebasePrincipal * codebasePrin;
compMan->CreateInstance(NS_CODEBASEPRINCIPAL_PROGID, nsnull, NS_GET_IID(nsICodebasePrincipal),(void * *)& codebasePrin);
if (codebasePrin == nsnull) return NS_ERROR_OUT_OF_MEMORY;
rv = codebasePrin->Init(nsIPrincipal::PrincipalType_CodebaseExact, url);
rv = codebasePrin->Init(url);
if (!NS_SUCCEEDED(rv)) {
NS_RELEASE(codebasePrin);
return rv;
@ -116,9 +116,11 @@ nsPrincipalManager::CreateCodebasePrincipal(const char * codebaseURL, nsIURI * u
NS_IMETHODIMP
nsPrincipalManager::CreateCertificatePrincipal(const unsigned char * * certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts, nsIPrincipal * * prin)
{
* prin = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate,certChain, certChainLengths, noOfCerts);
#if 0
* prin = new nsCertificatePrincipal(certChainLengths, noOfCerts);
if (!prin) return NS_ERROR_OUT_OF_MEMORY;
(* prin)->AddRef();
#endif
return NS_OK;
}
@ -126,6 +128,7 @@ nsPrincipalManager::CreateCertificatePrincipal(const unsigned char * * certChain
NS_IMETHODIMP
nsPrincipalManager::CanExtendTrust(nsIPrincipalArray * from, nsIPrincipalArray * to, PRBool * result)
{
#if 0
if ((from == NULL) || (to == NULL)) {
* result = PR_FALSE;
return NS_OK;
@ -163,6 +166,10 @@ nsPrincipalManager::CanExtendTrust(nsIPrincipalArray * from, nsIPrincipalArray *
}
* result = (codebaseCount == 1) ? PR_TRUE : PR_FALSE;
return NS_OK;
#else
*result = PR_FALSE;
return NS_OK;
#endif
}
NS_IMETHODIMP
@ -371,10 +378,12 @@ nsPrincipalManager::Init()
if(NS_FAILED(rv)) return rv;
rv = compMgr->CreateInstance(NS_PRINCIPALARRAY_PROGID, nsnull,NS_GET_IID(nsIPrincipalArray), (void * *)& theUnknownPrincipalArray);
if(NS_FAILED(rv)) return rv;
/*
theUnsignedPrincipal = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate, UNSIGNED_PRINCIPAL_KEY);
theUnsignedPrincipalArray->AddPrincipalArrayElement(theUnsignedPrincipal);
theUnknownPrincipal = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate, UNKNOWN_PRINCIPAL_KEY);
theUnknownPrincipalArray->AddPrincipalArrayElement(theUnknownPrincipal);
*/
return NS_OK;
}

1056
caps/src/nsPrivilegeManager.cpp
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

760
caps/src/nsScriptSecurityManager.cpp
Просмотреть файл

@ -26,6 +26,8 @@
#endif
#include "nspr.h"
#include "plstr.h"
#include "nsCOMPtr.h"
#include "nsJSPrincipals.h"
#include "nsCRT.h"
#include "nsXPIDLString.h"
@ -36,7 +38,9 @@ static NS_DEFINE_IID(kIScriptSecurityManagerIID, NS_ISCRIPTSECURITYMANAGER_IID);
NS_IMPL_ISUPPORTS(nsScriptSecurityManager, kIScriptSecurityManagerIID);
static nsString gUnknownOriginStr("[unknown origin]");
static char gUnknownOrigin[] = "[unknown origin]";
static char gFileScheme[] = "file";
static nsString gUnknownOriginStr(gUnknownOrigin);
static nsString gFileUrlPrefix("file:");
static char accessErrorMessage[] =
@ -44,7 +48,7 @@ static char accessErrorMessage[] =
nsScriptSecurityManager::nsScriptSecurityManager(void)
{
NS_INIT_REFCNT();
NS_INIT_REFCNT();
}
nsScriptSecurityManager::~nsScriptSecurityManager(void)
@ -55,190 +59,226 @@ nsScriptSecurityManager::~nsScriptSecurityManager(void)
nsScriptSecurityManager *
nsScriptSecurityManager::GetScriptSecurityManager()
{
static nsScriptSecurityManager * ssecMan = NULL;
static nsScriptSecurityManager *ssecMan = NULL;
if (!ssecMan)
ssecMan = new nsScriptSecurityManager();
return ssecMan;
}
NS_IMETHODIMP
nsScriptSecurityManager::NewJSPrincipals(nsIURI *aURL, nsString *aName,
nsIPrincipal **result)
{
// nsJSPrincipalsData * pdata;
PRBool needUnlock = PR_FALSE;
#ifdef CERT_PRINS
void *zip = nsnull; //ns_zip_t
if (aURL) {
char *fn = nsnull;
if (NET_IsLocalFileURL(archive->address)) {
char* pathPart = ParseURL(archive->address, GET_PATH_PART);
fn = WH_FileName(pathPart, xpURL);
PR_Free(pathPart);
}
else if (archive->cache_file && NET_ChangeCacheFileLock(archive, TRUE)) {
fn = WH_FileName(archive->cache_file, xpCache);
needUnlock = PR_TRUE;
}
if (fn) {
#ifdef XP_MAC
/*
* Unfortunately, ns_zip_open wants a Unix-style name. Convert
* Mac path to a Unix-style path. This code is copied from
* appletStubs.c.
*/
OSErr ConvertMacPathToUnixPath(const char *macPath, char **unixPath);
char *unixPath = nsnull;
if (ConvertMacPathToUnixPath(fn, &unixPath) == 0)
zip = ns_zip_open(unixPath);
PR_FREEIF(unixPath);
#else
zip = ns_zip_open(fn);
#endif
pdata->zip = zip;
PR_Free(fn);
}
}
#endif
nsresult rv;
nsXPIDLCString codebaseStr;
if (!NS_SUCCEEDED(rv = GetOriginFromSourceURL(aURL, getter_Copies(codebaseStr))))
return rv;
if (!codebaseStr) {
return NS_ERROR_FAILURE;
}
NS_WITH_SERVICE(nsIPrincipalManager, prinMan, NS_PRINCIPALMANAGER_PROGID, &rv);
if (NS_SUCCEEDED(rv))
rv = prinMan->CreateCodebasePrincipal(codebaseStr, aURL, result);
return rv;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckScriptAccess(nsIScriptContext *aContext,
void *aObj, const char *aProp,
PRBool *aResult)
{
*aResult = PR_FALSE;
JSContext* cx = (JSContext*)aContext->GetNativeContext();
PRInt32 secLevel = CheckForPrivilege(cx, (char *) aProp, nsnull);
switch (secLevel) {
*aResult = PR_FALSE;
JSContext *cx = (JSContext *)aContext->GetNativeContext();
PRInt32 secLevel = GetSecurityLevel(cx, (char *) aProp, nsnull);
switch (secLevel) {
case SCRIPT_SECURITY_ALL_ACCESS:
*aResult = PR_TRUE;
return NS_OK;
*aResult = PR_TRUE;
return NS_OK;
case SCRIPT_SECURITY_SAME_DOMAIN_ACCESS:
return CheckPermissions(cx, (JSObject *) aObj, eJSTarget_Max, aResult);
return CheckPermissions(cx, (JSObject *) aObj, eJSTarget_Max, aResult);
default:
// Default is no access
*aResult = PR_FALSE;
return NS_OK;
}
// Default is no access
*aResult = PR_FALSE;
return NS_OK;
}
}
NS_IMETHODIMP
nsScriptSecurityManager::GetSubjectOriginURL(JSContext *aCx, char * * aOrigin)
nsScriptSecurityManager::CanAccessTarget(JSContext *aCx, PRInt16 aTarget,
PRBool *aReturn)
{
// Get origin from script of innermost interpreted frame.
JSPrincipals * principals;
JSStackFrame * fp;
JSScript * script;
#ifdef OJI
JSStackFrame * pFrameToStartLooking = *JVM_GetStartJSFrameFromParallelStack();
JSStackFrame * pFrameToEndLooking = JVM_GetEndJSFrameFromParallelStack(pFrameToStartLooking);
if (pFrameToStartLooking == nsnull) {
pFrameToStartLooking = JS_FrameIterator(aCx,& pFrameToStartLooking);
if (pFrameToStartLooking == nsnull) {
// There are no frames or scripts at this point.
pFrameToEndLooking = nsnull;
#if 0
JSPrincipals *principals;
*aReturn = PR_TRUE;
GetSubjectPrincipal(aCx, &principals);
if ((nsCapsGetRegistrationModeFlag()) && principals &&
(NET_URL_Type(principals->codebase) == FILE_TYPE_URL))
{
return NS_OK;
} else if (principals && !principals->globalPrivilegesEnabled(aCx, principals)) {
*aReturn = PR_FALSE;
}
// only if signed scripts
else if (!this->PrincipalsCanAccessTarget(aCx, aTarget)) {
*aReturn = PR_FALSE;
}
}
#else
JSStackFrame * pFrameToStartLooking = JS_FrameIterator(aCx, &fp);
JSStackFrame * pFrameToEndLooking = nsnull;
*aReturn = PR_FALSE;
#endif
fp = pFrameToStartLooking;
while (fp != pFrameToEndLooking) {
script = JS_GetFrameScript(aCx, fp);
if (script) {
principals = JS_GetScriptPrincipals(aCx, script);
* aOrigin = principals ? (char *)principals->codebase : (char *)JS_GetScriptFilename(aCx, script);
return (* aOrigin) ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
fp = JS_FrameIterator(aCx, &fp);
}
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::GetSubjectPrincipal(JSContext *aCx,
nsIPrincipal **result)
{
// Get principals from innermost frame of JavaScript or Java.
JSPrincipals *principals;
JSStackFrame *fp;
JSScript *script;
#ifdef OJI
principals = JVM_GetJavaPrincipalsFromStack(pFrameToStartLooking);
if (principals) {
*aOrigin = principals->codebase;
return (* aOrigin) ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
JSStackFrame *pFrameToStartLooking =
*JVM_GetStartJSFrameFromParallelStack();
JSStackFrame *pFrameToEndLooking =
JVM_GetEndJSFrameFromParallelStack(pFrameToStartLooking);
if (pFrameToStartLooking == nsnull) {
pFrameToStartLooking = JS_FrameIterator(aCx, &pFrameToStartLooking);
if (pFrameToStartLooking == nsnull) {
// There are no frames or scripts at this point.
pFrameToEndLooking = nsnull;
}
}
#else
JSStackFrame *pFrameToStartLooking = JS_FrameIterator(aCx, &fp);
JSStackFrame *pFrameToEndLooking = nsnull;
#endif
/*
* Not called from either JS or Java. We must be called
* from the interpreter. Get the origin from the decoder.
*/
// NB TODO: Does this ever happen?
return this->GetObjectOriginURL(aCx, ::JS_GetGlobalObject(aCx), aOrigin);
fp = pFrameToStartLooking;
while (fp != pFrameToEndLooking) {
script = JS_GetFrameScript(aCx, fp);
if (script) {
principals = JS_GetScriptPrincipals(aCx, script);
if (principals) {
nsJSPrincipals *nsJSPrin = (nsJSPrincipals *) principals;
*result = nsJSPrin->nsIPrincipalPtr;
NS_ADDREF(*result);
return NS_OK;
} else {
return NS_ERROR_FAILURE;
}
}
fp = JS_FrameIterator(aCx, &fp);
}
#ifdef OJI
principals = JVM_GetJavaPrincipalsFromStack(pFrameToStartLooking);
if (principals && principals->codebase) {
// create new principals
nsresult rv;
NS_WITH_SERVICE(nsIPrincipalManager, prinMan,
NS_PRINCIPALMANAGER_PROGID, &rv);
if (NS_SUCCEEDED(rv))
rv = prinMan->CreateCodebasePrincipal(principals->codebase,
nsnull, result);
if (NS_SUCCEEDED(rv))
return NS_OK;
}
#endif
// Couldn't find principals.
return NS_ERROR_FAILURE;
}
NS_IMETHODIMP
nsScriptSecurityManager::GetObjectOriginURL(JSContext *aCx, JSObject *aObj,
char **aOrigin)
{
nsresult rv;
JSObject *parent;
while (parent = ::JS_GetParent(aCx, aObj))
aObj = parent;
nsIPrincipal *prin;
if (!NS_SUCCEEDED(rv = GetContainerPrincipals(aCx, aObj, & prin)))
return rv;
nsICodebasePrincipal *cbprin;
rv = prin->QueryInterface(NS_GET_IID(nsICodebasePrincipal), (void **) &cbprin);
if (!NS_SUCCEEDED(rv))
return rv;
if (!NS_SUCCEEDED(rv = cbprin->GetURLString(aOrigin)))
return rv;
return (*aOrigin) ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsScriptSecurityManager::GetOriginFromSourceURL(nsIURI *url, char **result)
nsScriptSecurityManager::GetObjectPrincipal(JSContext *aCx, JSObject *aObj,
nsIPrincipal **result)
{
nsXPIDLCString tempChars;
nsresult rv;
if (!NS_SUCCEEDED(rv = url->GetScheme(getter_Copies(tempChars))))
return rv;
nsAutoString buffer(tempChars);
// NB TODO: what about file: urls and about:blank?
buffer.Append("://");
if (!NS_SUCCEEDED(rv = url->GetHost(getter_Copies(tempChars))))
return rv;
buffer.Append(tempChars);
if (!NS_SUCCEEDED(rv = url->GetPath(getter_Copies(tempChars))))
return rv;
buffer.Append(tempChars);
if (buffer.Length() == 0 || buffer.EqualsIgnoreCase(gUnknownOriginStr))
JSObject *parent;
while (parent = JS_GetParent(aCx, aObj))
aObj = parent;
nsISupports *supports = (nsISupports *) JS_GetPrivate(aCx, aObj);
nsCOMPtr<nsIScriptGlobalObjectData> globalData;
if (!supports || NS_FAILED(supports->QueryInterface(
NS_GET_IID(nsIScriptGlobalObjectData),
(void **) getter_AddRefs(globalData))))
{
return NS_ERROR_FAILURE;
*result = buffer.ToNewCString();
return *result ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
if (NS_FAILED(globalData->GetPrincipal(result))) {
return NS_ERROR_FAILURE;
}
NS_ADDREF(*result);
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckPermissions(JSContext *aCx, JSObject *aObj,
PRInt16 aTarget, PRBool* aReturn)
{
nsCOMPtr<nsIPrincipal> subject;
if (NS_FAILED(GetSubjectPrincipal(aCx, getter_AddRefs(subject))))
return NS_ERROR_FAILURE;
nsCOMPtr<nsIPrincipal> object;
if (NS_FAILED(GetObjectPrincipal(aCx, aObj, getter_AddRefs(object))))
return NS_ERROR_FAILURE;
nsCOMPtr<nsICodebasePrincipal> subjectCodebase;
if (NS_FAILED(subject->QueryInterface(
NS_GET_IID(nsICodebasePrincipal),
(void **) getter_AddRefs(subjectCodebase))))
{
return NS_ERROR_FAILURE;
}
if (NS_FAILED(subjectCodebase->SameOrigin(object, aReturn)))
return NS_ERROR_FAILURE;
if (*aReturn)
return NS_OK;
/*
** If we failed the origin tests it still might be the case that we
** are a signed script and have permissions to do this operation.
** Check for that here
*/
if (aTarget != eJSTarget_Max) {
PRBool canAccess;
CanAccessTarget(aCx, aTarget, &canAccess);
if (canAccess) {
*aReturn = PR_TRUE;
return NS_OK;
}
}
nsCOMPtr<nsIURI> uri;
if (NS_FAILED(subjectCodebase->GetURI(getter_AddRefs(uri))))
return NS_ERROR_FAILURE;
char *spec;
if (NS_FAILED(uri->GetSpec(&spec)))
return NS_ERROR_FAILURE;
JS_ReportError(aCx, accessErrorMessage, spec);
nsCRT::free(spec);
*aReturn = PR_FALSE;
return NS_OK;
}
PRInt32
nsScriptSecurityManager::CheckForPrivilege(JSContext *cx, char *prop_name,
int priv_code)
nsScriptSecurityManager::GetSecurityLevel(JSContext *cx, char *prop_name,
int priv_code)
{
if (prop_name == nsnull)
return SCRIPT_SECURITY_NO_ACCESS;
char *tmp_prop_name = AddSecPolicyPrefix(cx, prop_name);
if (tmp_prop_name == nsnull)
return SCRIPT_SECURITY_NO_ACCESS;
PRInt32 secLevel = SCRIPT_SECURITY_NO_ACCESS;
PRInt32 secLevel;
char *secLevelString;
nsIPref *mPrefs;
nsServiceManager::GetService(kPrefServiceCID, NS_GET_IID(nsIPref),
(nsISupports**) &mPrefs);
if (NS_OK == mPrefs->GetIntPref(tmp_prop_name, &secLevel)) {
(nsISupports**) &mPrefs);
if (NS_SUCCEEDED(mPrefs->CopyCharPref(tmp_prop_name, &secLevelString)) &&
secLevelString)
{
PR_FREEIF(tmp_prop_name);
if (PL_strcmp(secLevelString, "sameOrigin") == 0)
secLevel = SCRIPT_SECURITY_SAME_DOMAIN_ACCESS;
else if (PL_strcmp(secLevelString, "all") == 0)
secLevel = SCRIPT_SECURITY_ALL_ACCESS;
else if (PL_strcmp(secLevelString, "none") == 0)
secLevel = SCRIPT_SECURITY_NO_ACCESS;
else
secLevel = SCRIPT_SECURITY_NO_ACCESS;
// NB TODO: what about signed scripts?
PR_Free(secLevelString);
return secLevel;
}
// If no preference is defined for this property, allow access.
// This violates the rule of a safe default, but means we don't have
// to specify the large majority of unchecked properties, only the
@ -247,357 +287,111 @@ nsScriptSecurityManager::CheckForPrivilege(JSContext *cx, char *prop_name,
return SCRIPT_SECURITY_ALL_ACCESS;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckPermissions(JSContext *aCx, JSObject *aObj,
PRInt16 aTarget, PRBool* aReturn)
{
nsXPIDLCString subjectOrigin;
nsXPIDLCString objectOrigin;
nsresult rv = GetSubjectOriginURL(aCx, getter_Copies(subjectOrigin));
if (!NS_SUCCEEDED(rv))
return rv;
/*
** Hold onto reference to the running decoder's principals
** in case a call to GetObjectOriginURL ends up
** dropping a reference due to an origin changing
** underneath us.
*/
rv = GetObjectOriginURL(aCx, aObj, getter_Copies(objectOrigin));
if (rv != NS_OK || !subjectOrigin || !objectOrigin) {
*aReturn = PR_FALSE;
return NS_OK;
}
/* Now see whether the origin methods and servers match. */
if (this->SameOrigins(aCx, subjectOrigin, objectOrigin)) {
* aReturn = PR_TRUE;
return NS_OK;
}
/*
** If we failed the origin tests it still might be the case that we
** are a signed script and have permissions to do this operation.
** Check for that here
*/
if (aTarget != eJSTarget_Max) {
PRBool canAccess;
this->CanAccessTarget(aCx, aTarget, &canAccess);
if (canAccess) {
*aReturn = PR_TRUE;
return NS_OK;
}
}
JS_ReportError(aCx, accessErrorMessage, (const char*)subjectOrigin);
*aReturn = PR_FALSE;
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::GetContainerPrincipals(JSContext *aCx,
JSObject *container,
nsIPrincipal **result)
{
nsresult rv;
*result = nsnull;
// Need to check that the origin hasn't changed underneath us
char *originUrl = FindOriginURL(aCx, container);
if (!originUrl)
return NS_ERROR_FAILURE;
nsISupports * tmp;
nsIScriptGlobalObjectData * globalData;
tmp = (nsISupports *)JS_GetPrivate(aCx, container);
if (tmp == nsnull || (rv = tmp->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void * *)& globalData)) != NS_OK)
{
delete originUrl;
return rv;
}
globalData->GetPrincipal(result);
if (* result) {
nsICodebasePrincipal * cbprin;
nsXPIDLCString cbStr;
(* result)->QueryInterface(NS_GET_IID(nsICodebasePrincipal),(void * *)& cbprin);
cbprin->GetURLString(getter_Copies(cbStr));
if (this->SameOrigins(aCx, originUrl, cbStr)) {
delete originUrl;
return NS_OK;
}
#ifdef THREADING_ISSUES
// nsJSPrincipalsData * data;
// data = (nsJSPrincipalsData*)*aPrincipals;
// if (data->codebaseBeforeSettingDomain &&
// this->SameOrigins(aCx, originUrl, data->codebaseBeforeSettingDomain)) {
/* document.domain was set, so principals are okay */
// delete originUrl;
// return NS_OK;
// }
/* Principals have changed underneath us. Remove them. */
// globalData->SetPrincipals(nsnull);
#endif
}
/* Create new principals and return them. */
//why should we create a new principal, removing this
// nsAutoString originUrlStr(originUrl);
// if (!NS_SUCCEEDED(this->NewJSPrincipals(nsnull, nsnull, &originUrlStr, aPrincipals))) {
// delete originUrl;
// return NS_ERROR_FAILURE;
// }
// globalData->SetPrincipals((void*)*aPrincipals);
delete originUrl;
return NS_OK;
}
PRBool
nsScriptSecurityManager::SameOrigins(JSContext * aCx, const char * aOrigin1, const char * aOrigin2)
{
if ((aOrigin1 == nsnull) || (aOrigin2 == nsnull) || (PL_strlen(aOrigin1) == 0) || (PL_strlen(aOrigin2) == 0))
return PR_FALSE;
// Shouldn't return true if both origin1 and origin2 are unknownOriginStr.
nsString * tmp = new nsString(aOrigin1);
if (gUnknownOriginStr.EqualsIgnoreCase(*tmp))
{
delete tmp;
return PR_FALSE;
}
delete tmp;
if (PL_strcmp(aOrigin1, aOrigin2) == 0) return PR_TRUE;
nsString * cmp1 = new nsString(this->GetCanonicalizedOrigin(aCx, aOrigin1));
nsString * cmp2 = new nsString(this->GetCanonicalizedOrigin(aCx, aOrigin2));
PRBool result = PR_FALSE;
// Either the strings are equal or they are both file: uris.
if (cmp1 && cmp2 &&
(*cmp1 == *cmp2 ||
(cmp1->Find(gFileUrlPrefix) == 0 && cmp2->Find(gFileUrlPrefix) == 0)))
{
result = PR_TRUE;
}
delete cmp1;
delete cmp2;
return result;
}
char *
nsScriptSecurityManager::GetCanonicalizedOrigin(JSContext* aCx, const char * aUrlString)
{
nsString * buffer;
nsIURL * url;
nsresult rv;
nsXPIDLCString tmp;
char * origin;
NS_WITH_SERVICE(nsIComponentManager, compMan,kComponentManagerCID,&rv);
if (!NS_SUCCEEDED(rv)) return nsnull;
rv = compMan->CreateInstance(kURLCID,NULL,NS_GET_IID(nsIURL),(void * *)& url);
if (!NS_SUCCEEDED(rv)) return nsnull;
rv = url->SetSpec((char*) aUrlString);
if (!NS_SUCCEEDED(rv)) return nsnull;
url->GetScheme(getter_Copies(tmp));
buffer = new nsString(tmp);
url->GetHost(getter_Copies(tmp));
// I dont understand this part enuf but shouldn't there be a separator here?
buffer->Append(tmp);
if (!buffer) {
JS_ReportOutOfMemory(aCx);
return nsnull;
}
origin = buffer->ToNewCString();
delete buffer;
return origin;
}
char*
nsScriptSecurityManager::FindOriginURL(JSContext * aCx, JSObject * aGlobal)
{
nsISupports * tmp1, * tmp2;
nsIScriptGlobalObjectData* globalData = nsnull;
nsIURI *origin = nsnull;
tmp1 = (nsISupports *)JS_GetPrivate(aCx, aGlobal);
if (nsnull != tmp1 &&
NS_OK == tmp1->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void**)&globalData)) {
globalData->GetOrigin(&origin);
}
if (origin == nsnull) {
// does this ever happen?
/* Must be a new, empty window? Use running origin. */
tmp2 = (nsISupports*)JS_GetPrivate(aCx, JS_GetGlobalObject(aCx));
/* Compare running and current to avoid infinite recursion. */
if (tmp1 == tmp2) {
nsAutoString urlString = "[unknown origin]";
NS_IF_RELEASE(globalData);
return urlString.ToNewCString();
} else if (nsnull != tmp2 && NS_OK == tmp2->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void**)&globalData)) {
globalData->GetOrigin(&origin);
}
}
if (origin != nsnull) {
nsXPIDLCString spec;
origin->GetSpec(getter_Copies(spec));
nsAutoString urlString(spec);
NS_IF_RELEASE(globalData);
return urlString.ToNewCString();
}
NS_IF_RELEASE(globalData);
// return an empty string
nsAutoString urlString("");
return urlString.ToNewCString();
}
char *
nsScriptSecurityManager::AddSecPolicyPrefix(JSContext *cx, char *pref_str)
{
const char *subjectOrigin = "";//GetSubjectOriginURL(cx);
char *policy_str, *retval = 0;
if ((policy_str = this->GetSitePolicy(subjectOrigin)) == 0) {
/* No site-specific policy. Get global policy name. */
nsIPref * mPrefs;
nsServiceManager::GetService(kPrefServiceCID,NS_GET_IID(nsIPref), (nsISupports**)&mPrefs);
if (NS_OK != mPrefs->CopyCharPref("javascript.security_policy", &policy_str))
policy_str = PL_strdup("default");
}
if (policy_str) { //why can't this be default? && PL_strcasecmp(policy_str, "default") != 0) {
retval = PR_sprintf_append(NULL, "js_security.%s.%s", policy_str, pref_str);
PR_Free(policy_str);
}
return retval;
}
NS_IMETHODIMP
nsScriptSecurityManager::CanAccessTarget(JSContext *aCx, PRInt16 aTarget, PRBool* aReturn)
{
JSPrincipals *principals;
* aReturn = PR_TRUE;
this->GetPrincipalsFromStackFrame(aCx, &principals);
#if 0
if ((nsCapsGetRegistrationModeFlag()) && principals && (NET_URL_Type(principals->codebase) == FILE_TYPE_URL)) {
return NS_OK;
}
else
#endif
if (principals && !principals->globalPrivilegesEnabled(aCx, principals)) {
*aReturn = PR_FALSE;
}
#if 0
// only if signed scripts
else if (!this->PrincipalsCanAccessTarget(aCx, aTarget)) {
*aReturn = PR_FALSE;
}
#else
*aReturn = PR_FALSE;
#endif
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::GetPrincipalsFromStackFrame(JSContext *aCx, JSPrincipals** aPrincipals)
{
//* Get principals from script of innermost interpreted frame.
JSStackFrame * fp;
JSScript * script;
#ifdef OJI
JSStackFrame * pFrameToStartLooking = *JVM_GetStartJSFrameFromParallelStack();
JSStackFrame * pFrameToEndLooking = JVM_GetEndJSFrameFromParallelStack(pFrameToStartLooking);
if (pFrameToStartLooking == nsnull) {
pFrameToStartLooking = JS_FrameIterator(aCx, &pFrameToStartLooking);
if (pFrameToStartLooking == nsnull) {
/*
** There are no frames or scripts at this point.
*/
pFrameToEndLooking = nsnull;
const char *subjectOrigin = "";//GetSubjectOriginURL(cx);
char *policy_str, *retval = 0;
if ((policy_str = GetSitePolicy(subjectOrigin)) == 0) {
/* No site-specific policy. Get global policy name. */
nsIPref * mPrefs;
nsServiceManager::GetService(kPrefServiceCID,NS_GET_IID(nsIPref), (nsISupports**)&mPrefs);
if (NS_OK != mPrefs->CopyCharPref("javascript.security_policy", &policy_str))
policy_str = PL_strdup("default");
}
}
#else
JSStackFrame * pFrameToStartLooking = JS_FrameIterator(aCx, &fp);
JSStackFrame * pFrameToEndLooking = nsnull;
#endif
fp = pFrameToStartLooking;
while ((fp = JS_FrameIterator(aCx, &fp)) != pFrameToEndLooking) {
script = JS_GetFrameScript(aCx, fp);
if (script) {
* aPrincipals = JS_GetScriptPrincipals(aCx, script);
return NS_OK;
if (policy_str) { //why can't this be default? && PL_strcasecmp(policy_str, "default") != 0) {
retval = PR_sprintf_append(NULL, "security.policy.%s.%s", policy_str, pref_str);
PR_Free(policy_str);
}
}
#ifdef OJI
* aPrincipals = JVM_GetJavaPrincipalsFromStack(pFrameToStartLooking);
return NS_OK;
#endif
* aPrincipals = nsnull;
return NS_OK;
return retval;
}
char *
nsScriptSecurityManager::GetSitePolicy(const char *org)
{
char *sitepol, *sp, *nextsp, *orghost = 0, *retval = 0, *prot, *bar, *end, *match = 0;
int splen, matlen;
nsIURL * url;
nsresult rv;
nsIPref * mPrefs;
NS_WITH_SERVICE(nsIComponentManager, compMan,kComponentManagerCID,&rv);
if (!NS_SUCCEEDED(rv)) return nsnull;
rv = compMan->CreateInstance(kURLCID,NULL,NS_GET_IID(nsIURL),(void**)&url);
if (!NS_SUCCEEDED(rv)) return nsnull;
nsServiceManager::GetService(kPrefServiceCID,NS_GET_IID(nsIPref), (nsISupports * *)& mPrefs);
if (NS_OK != mPrefs->CopyCharPref("js_security.site_policy", &sitepol)) return 0;
/* Site policy comprises text of the form site1-policy,site2-policy,siteNpolicy
* where each site-policy is site|policy and policy is presumed to be one of strict/moderate/default
* site may be either a URL or a hostname. In the former case we do a prefix match with the origin URL; in the latter case
* we just compare hosts. Process entry by entry. Take longest match, to account for
* cases like: * http://host/|moderate,http://host/dir/|strict
*/
for (sp = sitepol; sp != 0; sp = nextsp) {
if ((nextsp = strchr(sp, ',')) != 0) *nextsp++ = '\0';
if ((bar = strchr(sp, '|')) == 0) continue; /* no | for this entry */
*bar = '\0';
/* Isolate host, then policy. */
sp += strspn(sp, " "); /* skip leading spaces */
end = sp + strcspn(sp, " |"); /* skip up to space or | */
*end = '\0';
if ((splen = end-sp) == 0) continue; /* no URL or hostname */
/* Check whether this is long enough. */
if (match != 0 && matlen >= splen) continue; /* Nope. New shorter than old. */
/* Check which case, URL or hostname, we're dealing with. */
rv = url->SetSpec(sp);
if (!NS_SUCCEEDED(rv)) return nsnull;
url->GetScheme(& prot);
if (prot != 0 && *prot != '\0') {
/* URL case. Do prefix match, make sure we're at proper boundaries. */
if (PL_strncmp(org, sp, splen) != 0 || (org[splen] != '\0' /* exact match */
&& sp[splen-1] != '/' /* site policy ends with / */
&& org[splen] != '/' /* site policy doesn't, but org does */
)) {
nsCRT::free(prot);
continue; /* no match */
}
char *sitepol, *sp, *nextsp, *orghost = 0, *retval = 0, *prot, *bar, *end, *match = 0;
int splen, matlen;
nsIURL *url;
nsresult rv;
nsIPref *mPrefs;
NS_WITH_SERVICE(nsIComponentManager, compMan, kComponentManagerCID, &rv);
if (NS_FAILED(rv))
return nsnull;
rv = compMan->CreateInstance(kURLCID,NULL, NS_GET_IID(nsIURL), (void**) &url);
if (NS_FAILED(rv))
return nsnull;
nsServiceManager::GetService(kPrefServiceCID, NS_GET_IID(nsIPref),
(nsISupports **) &mPrefs);
if (NS_OK != mPrefs->CopyCharPref("security.policy.site_policy", &sitepol))
return nsnull;
/* Site policy comprises text of the form site1-policy,site2-policy,siteNpolicy
* where each site-policy is site|policy and policy is presumed to be one of strict/moderate/default
* site may be either a URL or a hostname. In the former case we do a prefix match with the origin URL; in the latter case
* we just compare hosts. Process entry by entry. Take longest match, to account for
* cases like: * http://host/|moderate,http://host/dir/|strict
*/
for (sp = sitepol; sp != 0; sp = nextsp) {
if ((nextsp = strchr(sp, ',')) != 0) *nextsp++ = '\0';
if ((bar = strchr(sp, '|')) == 0)
continue; /* no | for this entry */
*bar = '\0';
/* Isolate host, then policy. */
sp += strspn(sp, " "); /* skip leading spaces */
end = sp + strcspn(sp, " |"); /* skip up to space or | */
*end = '\0';
if ((splen = end-sp) == 0)
continue; /* no URL or hostname */
/* Check whether this is long enough. */
if (match != 0 && matlen >= splen)
continue; /* Nope. New shorter than old. */
/* Check which case, URL or hostname, we're dealing with. */
rv = url->SetSpec(sp);
if (NS_FAILED(rv))
return nsnull;
url->GetScheme(& prot);
if (prot != 0 && *prot != '\0') {
/* URL case. Do prefix match, make sure we're at proper boundaries. */
if (PL_strncmp(org, sp, splen) != 0 || (org[splen] != '\0' /* exact match */
&& sp[splen-1] != '/' /* site policy ends with / */
&& org[splen] != '/' /* site policy doesn't, but org does */
))
{
nsCRT::free(prot);
continue; /* no match */
}
} else {
/* Host-only case. */
PR_FREEIF(prot);
rv = url->SetSpec((char *)org);
if (NS_FAILED(rv))
return nsnull;
url->GetHost(& orghost);
if (orghost == 0)
return nsnull; /* out of mem */
if (PL_strcasecmp(orghost, sp) != 0)
continue; /* no match */
}
/* Had a match. Remember policy and length of host/URL match. */
match = bar;
matlen = splen;
}
else {
/* Host-only case. */
PR_FREEIF(prot);
rv = url->SetSpec((char *)org);
if (!NS_SUCCEEDED(rv)) return nsnull;
url->GetHost(& orghost);
if (orghost == 0) return 0; /* out of mem */
if (PL_strcasecmp(orghost, sp) != 0) continue; /* no match */
if (match != 0) {
/* Longest hostname or URL match. Get policy.
** match points to |.
** Skip spaces after | and after policy name.
*/
++match;
sp = match + strspn(match, " ");
end = sp + strcspn(sp, " ");
*end = '\0';
if (sp != end)
retval = PL_strdup(sp);
}
/* Had a match. Remember policy and length of host/URL match. */
match = bar;
matlen = splen;
}
if (match != 0) {
/* Longest hostname or URL match. Get policy.
** match points to |.
** Skip spaces after | and after policy name.
*/
++match;
sp = match + strspn(match, " ");
end = sp + strcspn(sp, " ");
*end = '\0';
if (sp != end) retval = PL_strdup(sp);
}
nsCRT::free(orghost);
PR_FREEIF(sitepol);
return retval;
nsCRT::free(orghost);
PR_FREEIF(sitepol);
return retval;
}

1026
caps/src/nsTarget.cpp
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

63
caps/src/nsUserTarget.cpp
Просмотреть файл

@ -1,63 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All Rights
* Reserved.
*/
#include "nsUserTarget.h"
#include "prtypes.h"
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
#include "jpermission.h"
static PRBool displayUI=PR_FALSE;
static nsPermState
displayPermissionDialog(char *prinStr, char *targetStr, char *riskStr, PRBool isCert, void *cert)
{
return nsJSJavaDisplayDialog(prinStr, targetStr, riskStr, isCert, cert);
}
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
nsUserTarget::~nsUserTarget(void)
{
}
#define OPTION "<option>"
NS_IMETHODIMP
nsUserTarget::EnablePrivilege(nsIPrincipal * prin, void * data, nsIPrivilege * * result)
{
PRInt16 prinType;
prin->GetType(& prinType);
PRInt16 privState = nsIPrivilege::PrivilegeState_Allowed;
PRInt16 privDuration = nsIPrivilege::PrivilegeDuration_Session;
if ((nsCapsGetRegistrationModeFlag()) && (prin != NULL)) {
if (prinType == (PRInt16) nsIPrincipal::PrincipalType_CodebaseExact
||
prinType == (PRInt16) nsIPrincipal::PrincipalType_CodebaseRegex) {
privState = nsIPrivilege::PrivilegeState_Allowed;
privDuration = nsIPrivilege::PrivilegeDuration_Session;
}
}
* result = nsPrivilegeManager::FindPrivilege(privState, privDuration);
return NS_OK;
}

20
chrome/src/nsChromeProtocolHandler.cpp
Просмотреть файл

@ -23,7 +23,10 @@
#include "nsIComponentManager.h"
#include "nsIServiceManager.h"
#include "nsIIOService.h"
#include "nsIChannel.h"
#include "nsIChromeRegistry.h"
#include "nsCOMPtr.h"
#include "nsIPrincipalManager.h"
static NS_DEFINE_CID(kStandardURLCID, NS_STANDARDURL_CID);
static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);
@ -170,6 +173,23 @@ nsChromeProtocolHandler::NewChannel(const char* verb, nsIURI* uri,
rv = serv->NewChannelFromURI(verb, chromeURI, aGroup, eventSinkGetter,
result);
// Create a special principal for chrome and set the creator property
// of the result
if (NS_SUCCEEDED(rv)) {
NS_WITH_SERVICE(nsIPrincipalManager, prinMan,
NS_PRINCIPALMANAGER_PROGID, &rv);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
nsCOMPtr<nsIPrincipal> principal;
if (NS_FAILED(prinMan->CreateCodebasePrincipal(nsnull, chromeURI,
getter_AddRefs(principal))))
{
return NS_ERROR_FAILURE;
}
(*result)->SetPrincipal(principal);
}
NS_RELEASE(chromeURI);
return rv;
}

6
content/base/public/nsIDocument.h
Просмотреть файл

@ -53,6 +53,7 @@ class nsILineBreaker;
class nsIWordBreaker;
class nsIDOMSelection;
class nsIChannel;
class nsIPrincipal;
// IID for the nsIDocument interface
#define NS_IDOCUMENT_IID \
@ -108,6 +109,11 @@ public:
*/
virtual nsIURI* GetDocumentURL() const = 0;
/**
* Return the principal responsible for this document.
*/
virtual nsIPrincipal* GetDocumentPrincipal() const = 0;
/**
* Return the LoadGroup for the document. May return null.
*/

7
content/base/src/nsDocument.cpp
Просмотреть файл

@ -891,6 +891,7 @@ nsDocument::Reset(nsIURI *aURL)
#ifdef NECKO
(void)aChannel->GetURI(&mDocumentURL);
aChannel->GetPrincipal(&mPrincipal);
// (void)aChannel->GetLoadGroup(&mDocumentLoadGroup);
mDocumentLoadGroup = aLoadGroup;
NS_ADDREF(mDocumentLoadGroup);
@ -939,6 +940,12 @@ nsIURI* nsDocument::GetDocumentURL() const
return mDocumentURL;
}
nsIPrincipal* nsDocument::GetDocumentPrincipal() const
{
NS_IF_ADDREF(mPrincipal);
return mPrincipal;
}
NS_IMETHODIMP
nsDocument::GetContentType(nsString& aContentType) const
{

7
content/base/src/nsDocument.h
Просмотреть файл

@ -32,6 +32,7 @@
#include "nsIJSScriptObject.h"
#include "nsIContent.h"
#include "nsGenericDOMNodeList.h"
#include "nsIPrincipal.h"
class nsIEventListenerManager;
class nsDOMStyleSheetCollection;
@ -134,6 +135,11 @@ public:
*/
virtual nsIURI* GetDocumentURL() const;
/**
* Return the principal responsible for this document.
*/
virtual nsIPrincipal* GetDocumentPrincipal() const;
/**
* Return the content (mime) type of this document.
*/
@ -449,6 +455,7 @@ protected:
nsIArena* mArena;
nsString* mDocumentTitle;
nsIURI* mDocumentURL;
nsIPrincipal* mPrincipal;
nsILoadGroup* mDocumentLoadGroup;
nsString mCharacterSet;
nsIDocument* mParentDocument;

11
content/events/src/nsEventListenerManager.cpp
Просмотреть файл

@ -433,8 +433,8 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte
JSObject *mScriptObject;
nsIScriptGlobalObject *global;
nsIScriptGlobalObjectData *globalData;
nsIPrincipal * prin = nsnull;
JSPrincipals * jsprin = nsnull;
nsIPrincipal *prin = nsnull;
JSPrincipals *jsprin = nsnull;
global = aContext->GetGlobalObject();
if (global && NS_SUCCEEDED(global->QueryInterface(kIScriptGlobalObjectDataIID, (void**)&globalData))) {
if (NS_FAILED(globalData->GetPrincipal(& prin))) {
@ -442,12 +442,12 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte
NS_RELEASE(globalData);
return NS_ERROR_FAILURE;
}
prin->ToJSPrincipal(& jsprin);
prin->GetJSPrincipals(&jsprin);
NS_RELEASE(globalData);
}
NS_IF_RELEASE(global);
JSContext *mJSContext = (JSContext*)aContext->GetNativeContext();
if (NS_OK == aScriptObjectOwner->GetScriptObject(aContext, (void**)&mScriptObject)) {
JSContext* mJSContext = (JSContext*)aContext->GetNativeContext();
nsString mName, mLowerName;
char* mCharName;
aName->ToString(mName);
@ -457,9 +457,12 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte
JS_CompileUCFunctionForPrincipals(mJSContext, mScriptObject, jsprin, mCharName,
1, mEventArgv, (jschar*)aFunc.GetUnicode(), aFunc.Length(), nsnull, 0);
delete[] mCharName;
JSPRINCIPALS_DROP(mJSContext, jsprin);
return SetJSEventListener(aContext, mScriptObject, aIID);
}
}
if (jsprin)
JSPRINCIPALS_DROP(mJSContext, jsprin);
return NS_ERROR_FAILURE;
}

17
content/xul/document/src/nsXULDocument.cpp
Просмотреть файл

@ -61,6 +61,7 @@
#include "nsIParser.h"
#include "nsIPresContext.h"
#include "nsIPresShell.h"
#include "nsIPrincipal.h"
#include "nsIContentViewer.h"
#include "nsIRDFCompositeDataSource.h"
#include "nsIRDFContainerUtils.h"
@ -438,6 +439,8 @@ public:
virtual nsIURI* GetDocumentURL() const;
virtual nsIPrincipal* GetDocumentPrincipal() const;
virtual nsILoadGroup* GetDocumentLoadGroup() const;
NS_IMETHOD GetBaseURL(nsIURI*& aURL) const;
@ -765,6 +768,7 @@ protected:
nsAutoString mDocumentTitle;
nsCOMPtr<nsIURI> mDocumentURL; // [OWNER] ??? compare with loader
nsCOMPtr<nsILoadGroup> mDocumentLoadGroup; // [OWNER] leads to loader
nsCOMPtr<nsIPrincipal> mDocumentPrincipal; // [OWNER]
nsCOMPtr<nsIRDFResource> mRootResource; // [OWNER]
nsCOMPtr<nsIContent> mRootContent; // [OWNER]
nsIDocument* mParentDocument; // [WEAK]
@ -1130,6 +1134,10 @@ XULDocumentImpl::PrepareToLoad( nsCOMPtr<nsIParser>* created_parser,
mDocumentTitle.Truncate();
mDocumentURL = syntheticURL;
rv = aChannel->GetPrincipal(getter_AddRefs(mDocumentPrincipal));
if (NS_FAILED(rv)) return rv;
#ifdef NECKO
mDocumentLoadGroup = aLoadGroup;
#else
@ -1345,6 +1353,15 @@ XULDocumentImpl::GetDocumentURL() const
return result;
}
nsIPrincipal*
XULDocumentImpl::GetDocumentPrincipal() const
{
nsIPrincipal* result = mDocumentPrincipal;
NS_IF_ADDREF(result);
return result;
}
nsILoadGroup*
XULDocumentImpl::GetDocumentLoadGroup() const
{

109
dom/macbuild/dom.toc
Просмотреть файл

@ -1,109 +0,0 @@
# target: domDebug.shlb
mozilla/dom/src/base/nsFrameList.cpp
mozilla/dom/src/base/nsGlobalWindow.cpp
mozilla/dom/src/base/nsJSEnvironment.cpp
mozilla/dom/src/base/nsJSLocation.cpp
mozilla/dom/src/base/nsJSNavigator.cpp
mozilla/dom/src/base/nsJSSecurityManager.cpp
mozilla/dom/src/base/nsJSUtils.cpp
mozilla/dom/src/base/nsJSWindow.cpp
mozilla/dom/src/base/nsJSWindowCollection.cpp
mozilla/dom/src/base/nsLocation.cpp
mozilla/dom/src/build/nsDOMFactory.cpp
mozilla/dom/src/build/nsHTMLTagsEnums.cpp
mozilla/dom/src/coreDOM/nsJSAttr.cpp
mozilla/dom/src/coreDOM/nsJSCDATASection.cpp
mozilla/dom/src/coreDOM/nsJSCharacterData.cpp
mozilla/dom/src/coreDOM/nsJSComment.cpp
mozilla/dom/src/coreDOM/nsJSDocument.cpp
mozilla/dom/src/coreDOM/nsJSDocumentFragment.cpp
mozilla/dom/src/coreDOM/nsJSDocumentType.cpp
mozilla/dom/src/coreDOM/nsJSDOMImplementation.cpp
mozilla/dom/src/coreDOM/nsJSElement.cpp
mozilla/dom/src/coreDOM/nsJSEntity.cpp
mozilla/dom/src/coreDOM/nsJSEntityReference.cpp
mozilla/dom/src/coreDOM/nsJSNamedNodeMap.cpp
mozilla/dom/src/coreDOM/nsJSNode.cpp
mozilla/dom/src/coreDOM/nsJSNodeList.cpp
mozilla/dom/src/coreDOM/nsJSNotation.cpp
mozilla/dom/src/coreDOM/nsJSProcessingInstruction.cpp
mozilla/dom/src/coreDOM/nsJSStyleSheet.cpp
mozilla/dom/src/coreDOM/nsJSStyleSheetCollection.cpp
mozilla/dom/src/coreDOM/nsJSText.cpp
mozilla/dom/src/css/nsJSCSS2Properties.cpp
mozilla/dom/src/css/nsJSCSSFontFaceRule.cpp
mozilla/dom/src/css/nsJSCSSMediaRule.cpp
mozilla/dom/src/css/nsJSCSSPageRule.cpp
mozilla/dom/src/css/nsJSCSSRule.cpp
mozilla/dom/src/css/nsJSCSSStyleDeclaration.cpp
mozilla/dom/src/css/nsJSCSSStyleRule.cpp
mozilla/dom/src/css/nsJSCSSStyleRuleCollection.cpp
mozilla/dom/src/css/nsJSCSSStyleSheet.cpp
mozilla/dom/src/events/nsJSEvent.cpp
mozilla/dom/src/events/nsJSEventListener.cpp
mozilla/dom/src/html/nsJSHTMLAnchorElement.cpp
mozilla/dom/src/html/nsJSHTMLAppletElement.cpp
mozilla/dom/src/html/nsJSHTMLAreaElement.cpp
mozilla/dom/src/html/nsJSHTMLBaseElement.cpp
mozilla/dom/src/html/nsJSHTMLBaseFontElement.cpp
mozilla/dom/src/html/nsJSHTMLBlockquoteElement.cpp
mozilla/dom/src/html/nsJSHTMLBodyElement.cpp
mozilla/dom/src/html/nsJSHTMLBRElement.cpp
mozilla/dom/src/html/nsJSHTMLButtonElement.cpp
mozilla/dom/src/html/nsJSHTMLCollection.cpp
mozilla/dom/src/html/nsJSHTMLDirectoryElement.cpp
mozilla/dom/src/html/nsJSHTMLDivElement.cpp
mozilla/dom/src/html/nsJSHTMLDListElement.cpp
mozilla/dom/src/html/nsJSHTMLDocument.cpp
mozilla/dom/src/html/nsJSHTMLElement.cpp
mozilla/dom/src/html/nsJSHTMLFieldSetElement.cpp
mozilla/dom/src/html/nsJSHTMLFontElement.cpp
mozilla/dom/src/html/nsJSHTMLFormElement.cpp
mozilla/dom/src/html/nsJSHTMLFrameElement.cpp
mozilla/dom/src/html/nsJSHTMLFrameSetElement.cpp
mozilla/dom/src/html/nsJSHTMLHeadElement.cpp
mozilla/dom/src/html/nsJSHTMLHeadingElement.cpp
mozilla/dom/src/html/nsJSHTMLHRElement.cpp
mozilla/dom/src/html/nsJSHTMLHtmlElement.cpp
mozilla/dom/src/html/nsJSHTMLIFrameElement.cpp
mozilla/dom/src/html/nsJSHTMLImageElement.cpp
mozilla/dom/src/html/nsJSHTMLInputElement.cpp
mozilla/dom/src/html/nsJSHTMLIsIndexElement.cpp
mozilla/dom/src/html/nsJSHTMLLabelElement.cpp
mozilla/dom/src/html/nsJSHTMLLegendElement.cpp
mozilla/dom/src/html/nsJSHTMLLIElement.cpp
mozilla/dom/src/html/nsJSHTMLLinkElement.cpp
mozilla/dom/src/html/nsJSHTMLMapElement.cpp
mozilla/dom/src/html/nsJSHTMLMenuElement.cpp
mozilla/dom/src/html/nsJSHTMLMetaElement.cpp
mozilla/dom/src/html/nsJSHTMLModElement.cpp
mozilla/dom/src/html/nsJSHTMLObjectElement.cpp
mozilla/dom/src/html/nsJSHTMLOListElement.cpp
mozilla/dom/src/html/nsJSHTMLOptGroupElement.cpp
mozilla/dom/src/html/nsJSHTMLOptionElement.cpp
mozilla/dom/src/html/nsJSHTMLParagraphElement.cpp
mozilla/dom/src/html/nsJSHTMLParamElement.cpp
mozilla/dom/src/html/nsJSHTMLPreElement.cpp
mozilla/dom/src/html/nsJSHTMLQuoteElement.cpp
mozilla/dom/src/html/nsJSHTMLScriptElement.cpp
mozilla/dom/src/html/nsJSHTMLSelectElement.cpp
mozilla/dom/src/html/nsJSHTMLStyleElement.cpp
mozilla/dom/src/html/nsJSHTMLTableCaptionElement.cpp
mozilla/dom/src/html/nsJSHTMLTableCellElement.cpp
mozilla/dom/src/html/nsJSHTMLTableColElement.cpp
mozilla/dom/src/html/nsJSHTMLTableElement.cpp
mozilla/dom/src/html/nsJSHTMLTableRowElement.cpp
mozilla/dom/src/html/nsJSHTMLTableSectionElement.cpp
mozilla/dom/src/html/nsJSHTMLTextAreaElement.cpp
mozilla/dom/src/html/nsJSHTMLTitleElement.cpp
mozilla/dom/src/html/nsJSHTMLUListElement.cpp
mozilla/dom/src/jsurl/jsurl.cpp
mozilla/lib/libpwcac/pwcacapi.c
mozilla/lib/xp/allxpstr.c
mozilla/lib/xp/xp_hash.c
mozilla/lib/xp/xp_list.c
mozilla/lib/xp/xp_qsort.c
mozilla/lib/xp/xp_str.c
mozilla/nsprpub/lib/libc/src/base64.c
mozilla/webshell/tests/viewer/macToBeImplemented.cp
mozilla/webshell/tests/viewer/nsMacFile.cp

5
dom/public/nsIScriptGlobalObjectData.h
Просмотреть файл

@ -35,9 +35,8 @@ public:
NS_DEFINE_STATIC_IID_ACCESSOR(NS_ISCRIPTGLOBALOBJECTDATA_IID)
NS_IMETHOD GetPrincipal(nsIPrincipal * * aPrincipal) = 0;
NS_IMETHOD SetPrincipal(nsIPrincipal * aPrincipal) = 0;
NS_IMETHOD GetOrigin(nsIURI * * aOrigin) = 0;
NS_IMETHOD GetPrincipal(nsIPrincipal **aPrincipal) = 0;
NS_IMETHOD SetPrincipal(nsIPrincipal *aPrincipal) = 0;
};
#endif //nsIScriptGlobalObjectData_h__

1
dom/src/base/Makefile.in
Просмотреть файл

@ -38,7 +38,6 @@ CPPSRCS = \
nsGlobalWindow.cpp \
nsLocation.cpp \
nsDOMWindowList.cpp \
nsJSSecurityManager.cpp \
nsJSUtils.cpp \
nsScreen.cpp \
nsJSScreen.cpp \

2
dom/src/base/makefile.win
Просмотреть файл

@ -33,7 +33,6 @@ CPPSRCS = \
nsGlobalWindow.cpp \
nsLocation.cpp \
nsDOMWindowList.cpp \
nsJSSecurityManager.cpp \
nsJSUtils.cpp \
nsScreen.cpp \
nsJSScreen.cpp \
@ -64,7 +63,6 @@ CPP_OBJS= \
.\$(OBJDIR)\nsJSLocation.obj \
.\$(OBJDIR)\nsDOMWindowList.obj \
.\$(OBJDIR)\nsJSWindowCollection.obj \
.\$(OBJDIR)\nsJSSecurityManager.obj \
.\$(OBJDIR)\nsJSUtils.obj \
.\$(OBJDIR)\nsScreen.obj \
.\$(OBJDIR)\nsJSScreen.obj \

109
dom/src/base/nsGlobalWindow.cpp
Просмотреть файл

@ -83,6 +83,8 @@ static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);
#include "nsMimeTypeArray.h"
#include "nsPluginArray.h"
#include "nsIPrincipalManager.h"
#include "jsapi.h"
static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID);
@ -1694,11 +1696,12 @@ GlobalWindowImpl::RunTimeout(nsTimeoutImpl *aTimeout)
timeout->lineno, nsAutoString(""), &isundefined);
#endif
JSPrincipals * jsprin;
timeout->principal->ToJSPrincipal(& jsprin);
timeout->principal->GetJSPrincipals(&jsprin);
JS_EvaluateUCScriptForPrincipals(cx, (JSObject *)mScriptObject,
jsprin, JS_GetStringChars(timeout->expr),
JS_GetStringLength(timeout->expr), timeout->filename,
timeout->lineno, &result);
JSPRINCIPALS_DROP(cx, jsprin);
}
else {
PRInt64 lateness64;
@ -1816,7 +1819,7 @@ GlobalWindowImpl::SetTimeoutOrInterval(JSContext *cx,
PRInt64 now, delta;
nsIPrincipal * principal;
if (NS_FAILED(GetPrincipal(& principal))) {
if (NS_FAILED(GetPrincipal(&principal))) {
return NS_ERROR_FAILURE;
}
if (argc < 2) {
@ -2916,91 +2919,45 @@ GlobalWindowImpl::ReleaseEvent(const nsString& aType)
}
NS_IMETHODIMP
GlobalWindowImpl::GetPrincipal(nsIPrincipal * * prin)
GlobalWindowImpl::GetPrincipal(nsIPrincipal **result)
{
if (!mPrincipal) {
if (mContext) {
nsIScriptSecurityManager * secMan = nsnull;
mContext->GetSecurityManager(&secMan);
if (secMan) {
nsIURI * origin;
if (NS_SUCCEEDED(this->GetOrigin(& origin))) secMan->NewJSPrincipals(origin, nsnull, & mPrincipal);
NS_RELEASE(secMan);
}
nsCOMPtr<nsIDocument> doc;
if (!mDocument || NS_FAILED(mDocument->QueryInterface(kIDocumentIID,
(void **) getter_AddRefs(doc))))
{
return NS_ERROR_FAILURE;
}
if (!mPrincipal) return NS_ERROR_FAILURE;
if (mContext) NS_ADDREF(mPrincipal);
mPrincipal = doc->GetDocumentPrincipal();
if (!mPrincipal) {
nsCOMPtr<nsIURI> uri = doc->GetDocumentURL();
if (!uri)
return NS_ERROR_FAILURE;
nsresult rv;
NS_WITH_SERVICE(nsIPrincipalManager, prinMan,
NS_PRINCIPALMANAGER_PROGID, &rv);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
if (NS_FAILED(prinMan->CreateCodebasePrincipal(nsnull, uri, &mPrincipal)))
return NS_ERROR_FAILURE;
}
NS_ADDREF(mPrincipal);
}
* prin = mPrincipal;
*result = mPrincipal;
NS_ADDREF(*result);
return NS_OK;
}
NS_IMETHODIMP
GlobalWindowImpl::SetPrincipal(nsIPrincipal * aPrin)
GlobalWindowImpl::SetPrincipal(nsIPrincipal *aPrin)
{
NS_IF_RELEASE(mPrincipal);
mPrincipal = aPrin;
if (mPrincipal) NS_ADDREF(mPrincipal);
return NS_OK;
}
NS_IMETHODIMP
GlobalWindowImpl::GetOrigin(nsIURI * * aOrigin)
{
nsIDocument* doc;
if (mDocument && NS_OK == mDocument->QueryInterface(kIDocumentIID, (void * *)&doc)) {
nsIURI* docURL = doc->GetDocumentURL();
if (docURL) * aOrigin = docURL;
// else return error code
NS_RELEASE(doc);
}
#if 0
//Old code from 4.0 to show what funcitonality needs replicating
History_entry *he;
const char *address;
JSContext *aCx;
MochaDecoder *decoder;
he = SHIST_GetCurrent(&context->hist);
if (he) {
address = he->wysiwyg_url;
if (!address)
address = he->address;
switch (NET_URL_Type(address)) {
case MOCHA_TYPE_URL:
/* This type cannot name the true origin (server) of JS code. */
break;
case VIEW_SOURCE_TYPE_URL:
NS_ASSERTION(0, "Invalid url type");
default:
return address;
}
}
if (context->grid_parent) {
address = FindCreatorURL(context->grid_parent);
if (address)
return address;
}
aCx = context->mocha_context;
if (aCx) {
decoder = JS_GetPrivate(aCx, JS_GetGlobalObject(aCx));
if (decoder && decoder->opener) {
/* self.opener property is valid, check its MWContext. */
MochaDecoder *opener = JS_GetPrivate(aCx, decoder->opener);
if (!opener->visited) {
opener->visited = PR_TRUE;
address = opener->window_context
? FindCreatorURL(opener->window_context)
: nsnull;
opener->visited = PR_FALSE;
if (address)
return address;
}
}
}
#endif
if (mPrincipal)
NS_ADDREF(mPrincipal);
return NS_OK;
}

7
dom/src/base/nsGlobalWindow.h
Просмотреть файл

@ -207,9 +207,8 @@ public:
virtual void Finalize(JSContext *aContext);
// nsIScriptGlobalObjectData interface
NS_IMETHOD GetPrincipal(nsIPrincipal * * prin);
NS_IMETHOD SetPrincipal(nsIPrincipal * prin);
NS_IMETHOD GetOrigin(nsIURI** aOrigin);
NS_IMETHOD GetPrincipal(nsIPrincipal **prin);
NS_IMETHOD SetPrincipal(nsIPrincipal *prin);
friend void nsGlobalWindow_RunTimeout(nsITimer *aTimer, void *aClosure);
@ -251,7 +250,7 @@ protected:
HistoryImpl *mHistory;
nsIWebShell *mWebShell;
nsIDOMWindow *mOpener;
nsIPrincipal * mPrincipal;
nsIPrincipal *mPrincipal;
BarPropImpl *mMenubar;
BarPropImpl *mToolbar;

73
dom/src/base/nsJSEnvironment.cpp
Просмотреть файл

@ -30,7 +30,6 @@
#include "nsIDOMNodeList.h"
#include "nsIDOMHTMLImageElement.h"
#include "nsIDOMHTMLOptionElement.h"
#include "nsJSSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsIScriptNameSetRegistry.h"
#include "nsIScriptNameSpaceManager.h"
@ -39,6 +38,7 @@
#include "nsIXPConnect.h"
#include "nsIXPCSecurityManager.h"
#include "nsIJSContextStack.h"
#include "nsCOMPtr.h"
#if defined(OJI)
#include "nsIJVMManager.h"
@ -100,6 +100,7 @@ nsJSContext::nsJSContext(JSRuntime *aRuntime)
mNameSpaceManager = nsnull;
mIsInitialized = PR_FALSE;
mNumEvaluations = 0;
mSecurityManager = nsnull;
}
nsJSContext::~nsJSContext()
@ -128,31 +129,26 @@ nsJSContext::EvaluateString(const nsString& aScript,
nsString& aRetValue,
PRBool* aIsUndefined)
{
jsval val;
nsIScriptGlobalObject *global = GetGlobalObject();
nsIScriptGlobalObjectData *globalData;
nsIPrincipal * prin = nsnull;
nsresult rv = NS_OK;
if (global && NS_SUCCEEDED(global->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void**)&globalData))) {
if (NS_FAILED(globalData->GetPrincipal(& prin))) {
NS_RELEASE(global);
NS_RELEASE(globalData);
return NS_ERROR_FAILURE;
}
NS_RELEASE(globalData);
}
NS_IF_RELEASE(global);
nsCOMPtr<nsIScriptGlobalObjectData> globalData;
nsCOMPtr<nsIPrincipal> principal;
nsCOMPtr<nsIScriptGlobalObject> global = GetGlobalObject();
if (!global || NS_FAILED(global->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData),
(void**) getter_AddRefs(globalData))))
{
return NS_ERROR_FAILURE;
}
if (NS_FAILED(globalData->GetPrincipal(getter_AddRefs(principal))))
return NS_ERROR_FAILURE;
nsresult rv;
NS_WITH_SERVICE(nsIJSContextStack, stack, "nsThreadJSContextStack", &rv);
if (NS_FAILED(rv)) {
return rv;
}
rv = stack->Push(mContext);
if (NS_FAILED(rv)) {
return rv;
}
JSPrincipals * jsprin;
prin->ToJSPrincipal(& jsprin);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
if (NS_FAILED(stack->Push(mContext)))
return NS_ERROR_FAILURE;
JSPrincipals *jsprin;
principal->GetJSPrincipals(&jsprin);
jsval val;
PRBool ret = ::JS_EvaluateUCScriptForPrincipals(mContext,
JS_GetGlobalObject(mContext),
jsprin,
@ -161,6 +157,7 @@ nsJSContext::EvaluateString(const nsString& aScript,
aURL,
aLineNo,
&val);
JSPRINCIPALS_DROP(mContext, jsprin);
if (ret) {
*aIsUndefined = JSVAL_IS_VOID(val);
JSString* jsstring = JS_ValueToString(mContext, val);
@ -172,8 +169,10 @@ nsJSContext::EvaluateString(const nsString& aScript,
ScriptEvaluated();
rv = stack->Pop(nsnull);
return rv;
if (NS_FAILED(stack->Pop(nsnull)))
return NS_ERROR_FAILURE;
return NS_OK;
}
NS_IMETHODIMP_(nsIScriptGlobalObject*)
@ -378,16 +377,20 @@ nsJSContext::GetNameSpaceManager(nsIScriptNameSpaceManager** aInstancePtr)
}
NS_IMETHODIMP
nsJSContext::GetSecurityManager(nsIScriptSecurityManager * * aInstancePtr)
nsJSContext::GetSecurityManager(nsIScriptSecurityManager **aInstancePtr)
{
nsresult ret;
NS_WITH_SERVICE(nsIScriptSecurityManager, secManager,NS_SCRIPTSECURITYMANAGER_PROGID,& ret);
if (NS_OK == ret)
{
*aInstancePtr = secManager;
NS_ADDREF(* aInstancePtr);
}
return ret;
if (!mSecurityManager) {
nsresult ret;
NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager,
NS_SCRIPTSECURITYMANAGER_PROGID, &ret);
if (NS_FAILED(ret))
return NS_ERROR_FAILURE;
mSecurityManager = securityManager;
NS_ADDREF(mSecurityManager);
}
*aInstancePtr = mSecurityManager;
NS_ADDREF(*aInstancePtr);
return NS_OK;
}
nsJSEnvironment *nsJSEnvironment::sTheEnvironment = nsnull;

1
dom/src/base/nsJSEnvironment.h
Просмотреть файл

@ -30,6 +30,7 @@ private:
nsIScriptNameSpaceManager* mNameSpaceManager;
PRBool mIsInitialized;
PRUint32 mNumEvaluations;
nsIScriptSecurityManager *mSecurityManager;
public:
nsJSContext(JSRuntime *aRuntime);

0
dom/src/base/nsJSSecurityManager.cpp
Просмотреть файл

0
dom/src/base/nsJSSecurityManager.h
Просмотреть файл

6
layout/base/public/nsIDocument.h
Просмотреть файл

@ -53,6 +53,7 @@ class nsILineBreaker;
class nsIWordBreaker;
class nsIDOMSelection;
class nsIChannel;
class nsIPrincipal;
// IID for the nsIDocument interface
#define NS_IDOCUMENT_IID \
@ -108,6 +109,11 @@ public:
*/
virtual nsIURI* GetDocumentURL() const = 0;
/**
* Return the principal responsible for this document.
*/
virtual nsIPrincipal* GetDocumentPrincipal() const = 0;
/**
* Return the LoadGroup for the document. May return null.
*/

7
layout/base/src/nsDocument.cpp
Просмотреть файл

@ -891,6 +891,7 @@ nsDocument::Reset(nsIURI *aURL)
#ifdef NECKO
(void)aChannel->GetURI(&mDocumentURL);
aChannel->GetPrincipal(&mPrincipal);
// (void)aChannel->GetLoadGroup(&mDocumentLoadGroup);
mDocumentLoadGroup = aLoadGroup;
NS_ADDREF(mDocumentLoadGroup);
@ -939,6 +940,12 @@ nsIURI* nsDocument::GetDocumentURL() const
return mDocumentURL;
}
nsIPrincipal* nsDocument::GetDocumentPrincipal() const
{
NS_IF_ADDREF(mPrincipal);
return mPrincipal;
}
NS_IMETHODIMP
nsDocument::GetContentType(nsString& aContentType) const
{

7
layout/base/src/nsDocument.h
Просмотреть файл

@ -32,6 +32,7 @@
#include "nsIJSScriptObject.h"
#include "nsIContent.h"
#include "nsGenericDOMNodeList.h"
#include "nsIPrincipal.h"
class nsIEventListenerManager;
class nsDOMStyleSheetCollection;
@ -134,6 +135,11 @@ public:
*/
virtual nsIURI* GetDocumentURL() const;
/**
* Return the principal responsible for this document.
*/
virtual nsIPrincipal* GetDocumentPrincipal() const;
/**
* Return the content (mime) type of this document.
*/
@ -449,6 +455,7 @@ protected:
nsIArena* mArena;
nsString* mDocumentTitle;
nsIURI* mDocumentURL;
nsIPrincipal* mPrincipal;
nsILoadGroup* mDocumentLoadGroup;
nsString mCharacterSet;
nsIDocument* mParentDocument;

11
layout/events/src/nsEventListenerManager.cpp
Просмотреть файл

@ -433,8 +433,8 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte
JSObject *mScriptObject;
nsIScriptGlobalObject *global;
nsIScriptGlobalObjectData *globalData;
nsIPrincipal * prin = nsnull;
JSPrincipals * jsprin = nsnull;
nsIPrincipal *prin = nsnull;
JSPrincipals *jsprin = nsnull;
global = aContext->GetGlobalObject();
if (global && NS_SUCCEEDED(global->QueryInterface(kIScriptGlobalObjectDataIID, (void**)&globalData))) {
if (NS_FAILED(globalData->GetPrincipal(& prin))) {
@ -442,12 +442,12 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte
NS_RELEASE(globalData);
return NS_ERROR_FAILURE;
}
prin->ToJSPrincipal(& jsprin);
prin->GetJSPrincipals(&jsprin);
NS_RELEASE(globalData);
}
NS_IF_RELEASE(global);
JSContext *mJSContext = (JSContext*)aContext->GetNativeContext();
if (NS_OK == aScriptObjectOwner->GetScriptObject(aContext, (void**)&mScriptObject)) {
JSContext* mJSContext = (JSContext*)aContext->GetNativeContext();
nsString mName, mLowerName;
char* mCharName;
aName->ToString(mName);
@ -457,9 +457,12 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte
JS_CompileUCFunctionForPrincipals(mJSContext, mScriptObject, jsprin, mCharName,
1, mEventArgv, (jschar*)aFunc.GetUnicode(), aFunc.Length(), nsnull, 0);
delete[] mCharName;
JSPRINCIPALS_DROP(mJSContext, jsprin);
return SetJSEventListener(aContext, mScriptObject, aIID);
}
}
if (jsprin)
JSPRINCIPALS_DROP(mJSContext, jsprin);
return NS_ERROR_FAILURE;
}

9
layout/html/forms/src/nsGfxAutoTextControlFrame.cpp
Просмотреть файл

@ -314,20 +314,21 @@ nsresult nsGfxAutoTextControlFrame::BuildScriptEventHandler(nsIScriptContext* aC
NS_RELEASE(globalData);
}
NS_IF_RELEASE(global);
JSPrincipals * jsprin;
prin->ToJSPrincipal(& jsprin);
JSPrincipals *jsprin;
prin->GetJSPrincipals(&jsprin);
JSContext* mJSContext = (JSContext*)aContext->GetNativeContext();
if (NS_OK == aScriptObjectOwner->GetScriptObject(aContext, (void**)mScriptObject))
{
JSContext* mJSContext = (JSContext*)aContext->GetNativeContext();
if (nsnull != aName)
{
JS_CompileUCFunctionForPrincipals(mJSContext, *mScriptObject, jsprin, aName,
0, nsnull, (jschar*)aFunc.GetUnicode(), aFunc.Length(),
nsnull, 0);
JSPRINCIPALS_DROP(mJSContext, jsprin);
return NS_OK;
}
}
JSPRINCIPALS_DROP(mJSContext, jsprin);
return NS_ERROR_FAILURE;
}

55
modules/libpref/src/win/winpref.js
Просмотреть файл

@ -157,36 +157,37 @@ pref("netinst.profile.show_dir_overwrite_msg", true);
Security information
***************************/
/* DISABLE FOR NOW
pref("js_security.default.htmlinputelement.value", 2);
pref("security.policies", "default,chrome");
pref("security.policy.default.htmlinputelement.value", "sameOrigin");
pref("js_security.default.htmlimageelement.src", 2);
pref("js_security.default.htmlimageelement.lowsrc", 2);
pref("security.policy.default.htmlimageelement.src", "sameOrigin");
pref("security.policy.default.htmlimageelement.lowsrc", "sameOrigin");
pref("js_security.default.location.hash", 2);
pref("js_security.default.location.host", 2);
pref("js_security.default.location.hostname", 2);
pref("js_security.default.location.pathname", 2);
pref("js_security.default.location.port", 2);
pref("js_security.default.location.protocol", 2);
pref("js_security.default.location.search", 2);
pref("js_security.default.location.replace", 2);
pref("js_security.default.location.tostring", 2);
pref("js_security.default.location.reload", 2);
pref("js_security.default.location.replace", 2);
pref("security.policy.default.location.hash", "sameOrigin");
pref("security.policy.default.location.host", "sameOrigin");
pref("security.policy.default.location.hostname", "sameOrigin");
pref("security.policy.default.location.pathname", "sameOrigin");
pref("security.policy.default.location.port", "sameOrigin");
pref("security.policy.default.location.protocol", "sameOrigin");
pref("security.policy.default.location.search", "sameOrigin");
pref("security.policy.default.location.replace", "sameOrigin");
pref("security.policy.default.location.tostring", "sameOrigin");
pref("security.policy.default.location.reload", "sameOrigin");
pref("security.policy.default.location.replace", "sameOrigin");
pref("js_security.default.htmldocument.anchors", 2);
pref("js_security.default.htmldocument.applets", 2);
pref("js_security.default.htmldocument.cookie", 2);
pref("js_security.default.htmldocument.domain", 2);
pref("js_security.default.htmldocument.getelementbyid", 2);
pref("js_security.default.htmldocument.getelementsbyname", 2);
pref("js_security.default.htmldocument.embeds", 2);
pref("js_security.default.htmldocument.forms", 2);
pref("js_security.default.htmldocument.lastmodified", 2);
pref("js_security.default.htmldocument.links", 2);
pref("js_security.default.htmldocument.referrer", 2);
pref("js_security.default.htmldocument.title", 2);
pref("js_security.default.htmldocument.url", 2);
pref("security.policy.default.htmldocument.anchors", "sameOrigin");
pref("security.policy.default.htmldocument.applets", "sameOrigin");
pref("security.policy.default.htmldocument.cookie", "sameOrigin");
pref("security.policy.default.htmldocument.domain", "sameOrigin");
pref("security.policy.default.htmldocument.getelementbyid", "sameOrigin");
pref("security.policy.default.htmldocument.getelementsbyname", "sameOrigin");
pref("security.policy.default.htmldocument.embeds", "sameOrigin");
pref("security.policy.default.htmldocument.forms", "sameOrigin");
pref("security.policy.default.htmldocument.lastmodified", "sameOrigin");
pref("security.policy.default.htmldocument.links", "sameOrigin");
pref("security.policy.default.htmldocument.referrer", "sameOrigin");
pref("security.policy.default.htmldocument.title", "sameOrigin");
pref("security.policy.default.htmldocument.url", "sameOrigin");
*/
/*
Need preference names for

8
netwerk/base/public/nsIChannel.idl
Просмотреть файл

@ -24,6 +24,7 @@ interface nsIOutputStream;
interface nsIStreamObserver;
interface nsIStreamListener;
interface nsILoadGroup;
interface nsIPrincipal;
typedef unsigned long nsLoadFlags;
@ -117,6 +118,13 @@ interface nsIChannel : nsIRequest
*/
readonly attribute string ContentType;
/**
* Accesses the principal corresponding to the entity that is
* responsible for this channel. Used by security code to grant
* or diminish privileges to mobile code loaded from this channel.
*/
attribute nsIPrincipal Principal;
/**
* Returns the load group in which the channel is a currently a member.
*/

13
netwerk/base/src/nsInputStreamChannel.cpp
Просмотреть файл

@ -239,4 +239,17 @@ nsInputStreamChannel::GetLoadGroup(nsILoadGroup * *aLoadGroup)
return NS_OK;
}
NS_IMETHODIMP
nsInputStreamChannel::GetPrincipal(nsIPrincipal * *aPrincipal)
{
*aPrincipal = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsInputStreamChannel::SetPrincipal(nsIPrincipal * aPrincipal)
{
return NS_OK;
}
////////////////////////////////////////////////////////////////////////////////

13
netwerk/base/src/nsSocketTransport.cpp
Просмотреть файл

@ -1723,3 +1723,16 @@ nsSocketTransport::GetLoadGroup(nsILoadGroup * *aLoadGroup)
return NS_ERROR_FAILURE;
}
NS_IMETHODIMP
nsSocketTransport::GetPrincipal(nsIPrincipal * *aPrincipal)
{
*aPrincipal = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSocketTransport::SetPrincipal(nsIPrincipal * aPrincipal)
{
return NS_OK;
}

21
netwerk/protocol/file/src/nsFileChannel.cpp
Просмотреть файл

@ -42,6 +42,7 @@
#include "nsEscape.h"
#include "nsIMIMEService.h"
#include "prlog.h"
#include "nsIPrincipal.h"
static NS_DEFINE_CID(kMIMEServiceCID, NS_MIMESERVICE_CID);
@ -78,7 +79,8 @@ nsFileChannel::nsFileChannel()
mBufferInputStream(nsnull), mBufferOutputStream(nsnull),
mStatus(NS_OK), mHandler(nsnull), mSourceOffset(0),
mLoadAttributes(LOAD_NORMAL),
mReadFixedAmount(PR_FALSE), mLoadGroup(nsnull), mRealListener(nsnull)
mReadFixedAmount(PR_FALSE), mLoadGroup(nsnull), mRealListener(nsnull),
mPrincipal(nsnull)
{
NS_INIT_REFCNT();
#if defined(PR_LOGGING)
@ -180,6 +182,7 @@ nsFileChannel::~nsFileChannel()
if (mMonitor)
PR_DestroyMonitor(mMonitor);
NS_IF_RELEASE(mLoadGroup);
NS_IF_RELEASE(mPrincipal);
}
NS_IMETHODIMP
@ -559,6 +562,22 @@ nsFileChannel::GetLoadGroup(nsILoadGroup * *aLoadGroup)
return NS_OK;
}
NS_IMETHODIMP
nsFileChannel::GetPrincipal(nsIPrincipal * *aPrincipal)
{
*aPrincipal = mPrincipal;
NS_IF_ADDREF(*aPrincipal);
return NS_OK;
}
NS_IMETHODIMP
nsFileChannel::SetPrincipal(nsIPrincipal * aPrincipal)
{
NS_IF_RELEASE(mPrincipal);
mPrincipal = aPrincipal;
NS_IF_ADDREF(mPrincipal);
return NS_OK;
}
////////////////////////////////////////////////////////////////////////////////
// nsIRunnable methods:

1
netwerk/protocol/file/src/nsFileChannel.h
Просмотреть файл

@ -123,6 +123,7 @@ protected:
PRMonitor* mMonitor;
PRUint32 mLoadAttributes;
nsILoadGroup* mLoadGroup;
nsIPrincipal* mPrincipal;
nsCOMPtr<nsIStreamListener> mRealListener;

14
netwerk/protocol/ftp/src/nsFTPChannel.cpp
Просмотреть файл

@ -31,6 +31,7 @@
#include "nsILoadGroup.h"
#include "nsIFTPContext.h"
#include "nsIMIMEService.h"
#include "nsIPrincipal.h"
static NS_DEFINE_CID(kMIMEServiceCID, NS_MIMESERVICE_CID);
static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);
@ -381,6 +382,19 @@ nsFTPChannel::GetLoadGroup(nsILoadGroup * *aLoadGroup)
return NS_OK;
}
NS_IMETHODIMP
nsFTPChannel::GetPrincipal(nsIPrincipal * *aPrincipal)
{
*aPrincipal = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsFTPChannel::SetPrincipal(nsIPrincipal * aPrincipal)
{
return NS_OK;
}
////////////////////////////////////////////////////////////////////////////////
// nsIFTPChannel methods:

13
netwerk/protocol/http/src/nsHTTPChannel.cpp
Просмотреть файл

@ -319,6 +319,19 @@ nsHTTPChannel::GetLoadGroup(nsILoadGroup * *aLoadGroup)
return NS_OK;
}
NS_IMETHODIMP
nsHTTPChannel::GetPrincipal(nsIPrincipal * *aPrincipal)
{
*aPrincipal = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsHTTPChannel::SetPrincipal(nsIPrincipal * aPrincipal)
{
return NS_OK;
}
////////////////////////////////////////////////////////////////////////////////
// nsIHTTPChannel methods:

20
rdf/chrome/src/nsChromeProtocolHandler.cpp
Просмотреть файл

@ -23,7 +23,10 @@
#include "nsIComponentManager.h"
#include "nsIServiceManager.h"
#include "nsIIOService.h"
#include "nsIChannel.h"
#include "nsIChromeRegistry.h"
#include "nsCOMPtr.h"
#include "nsIPrincipalManager.h"
static NS_DEFINE_CID(kStandardURLCID, NS_STANDARDURL_CID);
static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);
@ -170,6 +173,23 @@ nsChromeProtocolHandler::NewChannel(const char* verb, nsIURI* uri,
rv = serv->NewChannelFromURI(verb, chromeURI, aGroup, eventSinkGetter,
result);
// Create a special principal for chrome and set the creator property
// of the result
if (NS_SUCCEEDED(rv)) {
NS_WITH_SERVICE(nsIPrincipalManager, prinMan,
NS_PRINCIPALMANAGER_PROGID, &rv);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
nsCOMPtr<nsIPrincipal> principal;
if (NS_FAILED(prinMan->CreateCodebasePrincipal(nsnull, chromeURI,
getter_AddRefs(principal))))
{
return NS_ERROR_FAILURE;
}
(*result)->SetPrincipal(principal);
}
NS_RELEASE(chromeURI);
return rv;
}

17
rdf/content/src/nsXULDocument.cpp
Просмотреть файл

@ -61,6 +61,7 @@
#include "nsIParser.h"
#include "nsIPresContext.h"
#include "nsIPresShell.h"
#include "nsIPrincipal.h"
#include "nsIContentViewer.h"
#include "nsIRDFCompositeDataSource.h"
#include "nsIRDFContainerUtils.h"
@ -438,6 +439,8 @@ public:
virtual nsIURI* GetDocumentURL() const;
virtual nsIPrincipal* GetDocumentPrincipal() const;
virtual nsILoadGroup* GetDocumentLoadGroup() const;
NS_IMETHOD GetBaseURL(nsIURI*& aURL) const;
@ -765,6 +768,7 @@ protected:
nsAutoString mDocumentTitle;
nsCOMPtr<nsIURI> mDocumentURL; // [OWNER] ??? compare with loader
nsCOMPtr<nsILoadGroup> mDocumentLoadGroup; // [OWNER] leads to loader
nsCOMPtr<nsIPrincipal> mDocumentPrincipal; // [OWNER]
nsCOMPtr<nsIRDFResource> mRootResource; // [OWNER]
nsCOMPtr<nsIContent> mRootContent; // [OWNER]
nsIDocument* mParentDocument; // [WEAK]
@ -1130,6 +1134,10 @@ XULDocumentImpl::PrepareToLoad( nsCOMPtr<nsIParser>* created_parser,
mDocumentTitle.Truncate();
mDocumentURL = syntheticURL;
rv = aChannel->GetPrincipal(getter_AddRefs(mDocumentPrincipal));
if (NS_FAILED(rv)) return rv;
#ifdef NECKO
mDocumentLoadGroup = aLoadGroup;
#else
@ -1345,6 +1353,15 @@ XULDocumentImpl::GetDocumentURL() const
return result;
}
nsIPrincipal*
XULDocumentImpl::GetDocumentPrincipal() const
{
nsIPrincipal* result = mDocumentPrincipal;
NS_IF_ADDREF(result);
return result;
}
nsILoadGroup*
XULDocumentImpl::GetDocumentLoadGroup() const
{