From 80d1745e6596e6cb60864f946b02b684fa43f336 Mon Sep 17 00:00:00 2001 From: "raman%netscape.com" Date: Mon, 23 Nov 1998 00:27:00 +0000 Subject: [PATCH] XP_COM interfaces for JS calls into CAPS --- caps/include/nsCCapsManager.h | 146 +++++++++ caps/include/nsCCertPrincipal.h | 2 + caps/include/nsCCodebasePrincipal.h | 2 + caps/include/nsCapsEnums.h | 71 ----- caps/public/MANIFEST | 1 + caps/public/Makefile | 30 -- caps/public/Makefile.in | 3 +- caps/public/makefile.win | 3 +- caps/public/nsCapsPublicEnums.h | 81 +++++ caps/public/nsICapsManager.h | 142 ++++++++- caps/src/nsCCapsManager.cpp | 445 +++++++++++++++++++++++++++- caps/src/nsCCertPrincipal.cpp | 5 + caps/src/nsCCodebasePrincipal.cpp | 5 + 13 files changed, 810 insertions(+), 126 deletions(-) create mode 100644 caps/public/nsCapsPublicEnums.h diff --git a/caps/include/nsCCapsManager.h b/caps/include/nsCCapsManager.h index 011135cfe8e..ebbf05d0927 100644 --- a/caps/include/nsCCapsManager.h +++ b/caps/include/nsCCapsManager.h @@ -97,14 +97,160 @@ public: NS_IMETHOD AskPermission(nsIPrincipal* prin, nsITarget* target, nsPermission *result); + + + /* + * All of the following methods are used by JS (the code located + * in lib/libmocha area). + */ + + /** + * Initializes the capabilities subsytem (ie setting the system principal, initializing + * privilege Manager, creating the capsManager factory etc + * + * @param result - is true if principal was successfully registered with the system + */ + NS_IMETHOD + Initialize(PRBool *result); + + /** + * Registers the given Principal with the system. + * + * @param prin - is either certificate principal or codebase principal + * @param result - is true if principal was successfully registered with the system + */ + NS_IMETHOD + RegisterPrincipal(nsIPrincipal* prin, PRBool *result); + + /** + * Prompts the user if they want to grant permission for the principal located + * at the given stack depth for the given target. + * + * @param context - is the parameter JS needs to determinte the principal + * @param targetName - is the name of the target. + * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the + * principal + * @param result - is true if user has given permission for the given principal and + * target + */ + NS_IMETHOD + EnablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result); + + /** + * Returns if the user granted permission for the principal located at the given + * stack depth for the given target. + * + * @param context - is the parameter JS needs to determinte the principal + * @param targetName - is the name of the target. + * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the + * principal + * @param result - is true if user has given permission for the given principal and + * target + */ + NS_IMETHOD + IsPrivilegeEnabled(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result); + + /** + * Reverts the permission (granted/denied) user gave for the principal located + * at the given stack depth for the given target. + * + * @param context - is the parameter JS needs to determinte the principal + * @param targetName - is the name of the target. + * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the + * principal + * @param result - is true if user has given permission for the given principal and + * target + */ + NS_IMETHOD + RevertPrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result); + + /** + * Disable permissions for the principal located at the given stack depth for the + * given target. + * + * @param context - is the parameter JS needs to determinte the principal + * @param targetName - is the name of the target. + * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the + * principal + * @param result - is true if user has given permission for the given principal and + * target + */ + NS_IMETHOD + DisablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result); + + + /* XXX: Some of the arguments for the following interfaces may change. + * This is a first cut. I need to talk to joki. We should get rid of void* parameters. + */ + NS_IMETHOD + ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetComparisonType *result); + + NS_IMETHOD + IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *result); + + NS_IMETHOD + CanExtendTrust(void* fromPrinArray, void* toPrinArray, PRBool *result); + + + /* interfaces for nsIPrincipal object, may be we should move some of them to nsIprincipal */ + + NS_IMETHOD + NewPrincipal(nsPrincipalType type, void* key, PRUint32 key_len, void *zig, nsIPrincipal* *result); + + NS_IMETHOD + IsCodebaseExact(nsIPrincipal* principal, PRBool *result); + + NS_IMETHOD + ToString(nsIPrincipal* principal, char* *result); + + NS_IMETHOD + GetVendor(nsIPrincipal* principal, char* *result); + + NS_IMETHOD + NewPrincipalArray(PRUint32 count, void* *result); + + NS_IMETHOD + FreePrincipalArray(void *prinArray); + + NS_IMETHOD + GetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* *result); + + NS_IMETHOD + SetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* principal); + + NS_IMETHOD + GetPrincipalArraySize(void *prinArrayArg, PRUint32 *result); + + /* The following interfaces will replace all of the following old calls. + * + * nsCapsGetPermission(struct nsPrivilege *privilege) + * nsCapsGetPrivilege(struct nsPrivilegeTable *annotation, struct nsTarget *target) + * + */ + NS_IMETHOD + IsAllowed(void *annotation, char* target, PRBool *result); + + /* XXX: TODO: We need to set up the JS frame walking callbacks */ + + + //////////////////////////////////////////////////////////////////////////// // from nsCCapsManager: nsCCapsManager(nsISupports *aOuter); virtual ~nsCCapsManager(void); + + void + CreateNSPrincipalArray(nsPrincipalArray* prinArray, + nsPrincipalArray* *pPrincipalArray); + NS_METHOD GetNSPrincipal(nsIPrincipal* pNSIPrincipal, nsPrincipal **ppNSPRincipal); + NS_METHOD + nsCCapsManager::GetNSPrincipalArray(nsPrincipalArray* prinArray, + nsPrincipalArray* *pPrincipalArray); + nsPermission ConvertPrivilegeToPermission(nsPrivilege *pNSPrivilege); diff --git a/caps/include/nsCCertPrincipal.h b/caps/include/nsCCertPrincipal.h index 0782b76729e..70b454e8f96 100644 --- a/caps/include/nsCCertPrincipal.h +++ b/caps/include/nsCCertPrincipal.h @@ -105,6 +105,8 @@ public: //////////////////////////////////////////////////////////////////////////// // from nsCCertPrincipal: nsCCertPrincipal(const unsigned char **certChain, PRUint32 *certChainLengths, PRUint32 noOfCerts, nsresult *result); + nsCCertPrincipal(nsPrincipal *pNSPrincipal); + virtual ~nsCCertPrincipal(void); nsPrincipal *GetPeer(void); diff --git a/caps/include/nsCCodebasePrincipal.h b/caps/include/nsCCodebasePrincipal.h index 78871f2d602..ea9831bd46e 100644 --- a/caps/include/nsCCodebasePrincipal.h +++ b/caps/include/nsCCodebasePrincipal.h @@ -51,6 +51,8 @@ public: // from nsCCodebasePrincipal: nsCCodebasePrincipal(const char *codebaseURL, nsresult *result); + nsCCodebasePrincipal(nsPrincipal *pNSPrincipal); + virtual ~nsCCodebasePrincipal(void); nsPrincipal *GetPeer(void); diff --git a/caps/include/nsCapsEnums.h b/caps/include/nsCapsEnums.h index e8504a74e26..e69de29bb2d 100644 --- a/caps/include/nsCapsEnums.h +++ b/caps/include/nsCapsEnums.h @@ -1,71 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* - * The contents of this file are subject to the Netscape Public License - * Version 1.0 (the "NPL"); you may not use this file except in - * compliance with the NPL. You may obtain a copy of the NPL at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the NPL is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL - * for the specific language governing rights and limitations under the - * NPL. - * - * The Initial Developer of this code under the NPL is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998 Netscape Communications Corporation. All Rights - * Reserved. - */ - -#ifndef _NS_CAPS_ENUMS_H_ -#define _NS_CAPS_ENUMS_H_ - -typedef enum nsSetComparisonType { - nsSetComparisonType_ProperSubset=-1, - nsSetComparisonType_Equal=0, - nsSetComparisonType_NoSubset=1 -} nsSetComparisonType; - -/** - * number of possible permissions (allowed, forbidden, or blank) - * - * The code in nsPrivilegeInitialize assumes that nsPermissionState - * are ordered sequentially from 0 to N. - * - */ -typedef enum nsPermissionState { - nsPermissionState_Forbidden = 0, - nsPermissionState_Allowed, - nsPermissionState_Blank, - nsPermissionState_NumberOfPermissions -} nsPermissionState; - -/** - * number of possible durations (scope, session, or forever) - * - * The code in nsPrivilegeInitialize assumes that nsDurationState - * are ordered sequentially from 0 to N. - * - */ -typedef enum nsDurationState { - nsDurationState_Scope=0, - nsDurationState_Session, - nsDurationState_Forever, - nsDurationState_NumberOfDurations -} nsDurationState; - - -/* The following should match what is in nsJVM plugin's java security code */ -typedef enum nsPrincipalType { - nsPrincipalType_Unknown=-1, - nsPrincipalType_CodebaseExact=10, - nsPrincipalType_CodebaseRegexp, - nsPrincipalType_Cert, - nsPrincipalType_CertFingerPrint, - nsPrincipalType_CertKey, - /* CertChain principal is being added for Javasoft's JVM. They will pass the - * whole chain to the nsPrincipal constructor. - */ - nsPrincipalType_CertChain -} nsPrincipalType; - -#endif /* _NS_CAPS_ENUMS_H_ */ diff --git a/caps/public/MANIFEST b/caps/public/MANIFEST index 3df9fa19a8e..ee600b67f55 100644 --- a/caps/public/MANIFEST +++ b/caps/public/MANIFEST @@ -3,3 +3,4 @@ nsICertPrincipal.h nsICodebasePrincipal.h nsICodeSourcePrincipal.h nsIPrincipal.h +nsCapsPublicEnums.h diff --git a/caps/public/Makefile b/caps/public/Makefile index 30c2f1ebedb..e69de29bb2d 100644 --- a/caps/public/Makefile +++ b/caps/public/Makefile @@ -1,30 +0,0 @@ -#!gmake -# The contents of this file are subject to the Netscape Public License -# Version 1.0 (the "NPL"); you may not use this file except in -# compliance with the NPL. You may obtain a copy of the NPL at -# http://www.mozilla.org/NPL/ -# -# Software distributed under the NPL is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL -# for the specific language governing rights and limitations under the -# NPL. -# -# The Initial Developer of this code under the NPL is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1998 Netscape Communications Corporation. All Rights -# Reserved. - -MODULE = caps - -DEPTH = ../.. - -EXPORTS = nsIPrincipal.h \ - nsICodebasePrincipal.h \ - nsICertPrincipal.h \ - nsICapsManager.h \ - nsICodeSourcePrincipal.h - - - -include $(DEPTH)/config/rules.mk - diff --git a/caps/public/Makefile.in b/caps/public/Makefile.in index 6d1912fe4ba..a4b9f9f6ada 100644 --- a/caps/public/Makefile.in +++ b/caps/public/Makefile.in @@ -27,7 +27,8 @@ EXPORTS = nsIPrincipal.h \ nsICodebasePrincipal.h \ nsICertPrincipal.h \ nsICapsManager.h \ - nsICodeSourcePrincipal.h + nsICodeSourcePrincipal.h \ + nsCapsPublicEnums.h EXPORTS := $(addprefix $(srcdir)/, $(EXPORTS)) diff --git a/caps/public/makefile.win b/caps/public/makefile.win index 06241458316..49bb028d775 100644 --- a/caps/public/makefile.win +++ b/caps/public/makefile.win @@ -33,7 +33,8 @@ EXPORTS= \ nsICodebasePrincipal.h \ nsICertPrincipal.h \ nsICapsManager.h \ - nsICodeSourcePrincipal.h + nsICodeSourcePrincipal.h \ + nsCapsPublicEnums.h include <$(DEPTH)/config/rules.mak> diff --git a/caps/public/nsCapsPublicEnums.h b/caps/public/nsCapsPublicEnums.h new file mode 100644 index 00000000000..bbb46894114 --- /dev/null +++ b/caps/public/nsCapsPublicEnums.h @@ -0,0 +1,81 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * The contents of this file are subject to the Netscape Public License + * Version 1.0 (the "NPL"); you may not use this file except in + * compliance with the NPL. You may obtain a copy of the NPL at + * http://www.mozilla.org/NPL/ + * + * Software distributed under the NPL is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL + * for the specific language governing rights and limitations under the + * NPL. + * + * The Initial Developer of this code under the NPL is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1998 Netscape Communications Corporation. All Rights + * Reserved. + */ + +#ifndef _NS_CAPS_PUBLIC_ENUMS_H_ +#define _NS_CAPS_PUBLIC_ENUMS_H_ + + +enum nsPermission { + nsPermission_Unknown, + nsPermission_AllowedSession, + nsPermission_DeniedSession, + nsPermission_AllowedForever, + nsPermission_DeniedForever +}; + +/** + * number of possible permissions (allowed, forbidden, or blank) + * + * The code in nsPrivilegeInitialize assumes that nsPermissionState + * are ordered sequentially from 0 to N. + * + */ +typedef enum nsPermissionState { + nsPermissionState_Forbidden = 0, + nsPermissionState_Allowed, + nsPermissionState_Blank, + nsPermissionState_NumberOfPermissions +} nsPermissionState; + +/** + * number of possible durations (scope, session, or forever) + * + * The code in nsPrivilegeInitialize assumes that nsDurationState + * are ordered sequentially from 0 to N. + * + */ +typedef enum nsDurationState { + nsDurationState_Scope=0, + nsDurationState_Session, + nsDurationState_Forever, + nsDurationState_NumberOfDurations +} nsDurationState; + + +typedef enum nsSetComparisonType { + nsSetComparisonType_ProperSubset=-1, + nsSetComparisonType_Equal=0, + nsSetComparisonType_NoSubset=1 +} nsSetComparisonType; + + +/* The following should match what is in nsJVM plugin's java security code */ +typedef enum nsPrincipalType { + nsPrincipalType_Unknown=-1, + nsPrincipalType_CodebaseExact=10, + nsPrincipalType_CodebaseRegexp, + nsPrincipalType_Cert, + nsPrincipalType_CertFingerPrint, + nsPrincipalType_CertKey, + /* CertChain principal is being added for Javasoft's JVM. They will pass the + * whole chain to the nsPrincipal constructor. + */ + nsPrincipalType_CertChain +} nsPrincipalType; + +#endif /* _NS_CAPS_PUBLIC_ENUMS_H_ */ diff --git a/caps/public/nsICapsManager.h b/caps/public/nsICapsManager.h index 20fe65c0129..1cbd42e5279 100644 --- a/caps/public/nsICapsManager.h +++ b/caps/public/nsICapsManager.h @@ -22,18 +22,12 @@ #include "nsISupports.h" #include "nsIFactory.h" #include "nsIPrincipal.h" +#include "nsCapsPublicEnums.h" class nsITarget; #define NS_ALL_PRIVILEGES ((nsITarget*)NULL) -enum nsPermission { - nsPermission_Unknown, - nsPermission_AllowedSession, - nsPermission_DeniedSession, - nsPermission_AllowedForever, - nsPermission_DeniedForever -}; /** * The nsICapsManager interface is used to construct and manage principals. @@ -123,6 +117,140 @@ public: NS_IMETHOD AskPermission(nsIPrincipal* prin, nsITarget* target, nsPermission *result) = 0; + + /* + * All of the following methods are used by JS (the code located + * in lib/libmocha area). + */ + + /** + * Initializes the capabilities subsytem (ie setting the system principal, initializing + * privilege Manager, creating the capsManager factory etc + * + * @param result - is true if principal was successfully registered with the system + */ + NS_IMETHOD + Initialize(PRBool *result) = 0; + + /** + * Registers the given Principal with the system. + * + * @param prin - is either certificate principal or codebase principal + * @param result - is true if principal was successfully registered with the system + */ + NS_IMETHOD + RegisterPrincipal(nsIPrincipal* prin, PRBool *result) = 0; + + /** + * Prompts the user if they want to grant permission for the principal located + * at the given stack depth for the given target. + * + * @param context - is the parameter JS needs to determinte the principal + * @param targetName - is the name of the target. + * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the + * principal + * @param result - is true if user has given permission for the given principal and + * target + */ + NS_IMETHOD + EnablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result) = 0; + + /** + * Returns if the user granted permission for the principal located at the given + * stack depth for the given target. + * + * @param context - is the parameter JS needs to determinte the principal + * @param targetName - is the name of the target. + * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the + * principal + * @param result - is true if user has given permission for the given principal and + * target + */ + NS_IMETHOD + IsPrivilegeEnabled(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result) = 0; + + /** + * Reverts the permission (granted/denied) user gave for the principal located + * at the given stack depth for the given target. + * + * @param context - is the parameter JS needs to determinte the principal + * @param targetName - is the name of the target. + * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the + * principal + * @param result - is true if user has given permission for the given principal and + * target + */ + NS_IMETHOD + RevertPrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result) = 0; + + /** + * Disable permissions for the principal located at the given stack depth for the + * given target. + * + * @param context - is the parameter JS needs to determinte the principal + * @param targetName - is the name of the target. + * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the + * principal + * @param result - is true if user has given permission for the given principal and + * target + */ + NS_IMETHOD + DisablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *result) = 0; + + + /* XXX: Some of the arguments for the following interfaces may change. + * This is a first cut. I need to talk to joki. We should get rid of void* parameters. + */ + NS_IMETHOD + ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetComparisonType *result) = 0; + + NS_IMETHOD + IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *result) = 0; + + NS_IMETHOD + CanExtendTrust(void* fromPrinArray, void* toPrinArray, PRBool *result) = 0; + + + /* interfaces for nsIPrincipal object, may be we should move some of them to nsIprincipal */ + + NS_IMETHOD + NewPrincipal(nsPrincipalType type, void* key, PRUint32 key_len, void *zig, nsIPrincipal* *result) = 0; + + NS_IMETHOD + IsCodebaseExact(nsIPrincipal* principal, PRBool *result) = 0; + + NS_IMETHOD + ToString(nsIPrincipal* principal, char* *result) = 0; + + NS_IMETHOD + GetVendor(nsIPrincipal* principal, char* *result) = 0; + + NS_IMETHOD + NewPrincipalArray(PRUint32 count, void* *result) = 0; + + NS_IMETHOD + FreePrincipalArray(void *prinArray) = 0; + + NS_IMETHOD + GetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* *result) = 0; + + NS_IMETHOD + SetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* principal) = 0; + + NS_IMETHOD + GetPrincipalArraySize(void *prinArrayArg, PRUint32 *result) = 0; + + /* The following interfaces will replace all of the following old calls. + * + * nsCapsGetPermission(struct nsPrivilege *privilege) + * nsCapsGetPrivilege(struct nsPrivilegeTable *annotation, struct nsTarget *target) + * + */ + NS_IMETHOD + IsAllowed(void *annotation, char* target, PRBool *result) = 0; + + /* XXX: TODO: We need to set up the JS frame walking callbacks */ + }; #define NS_ICAPSMANAGER_IID \ diff --git a/caps/src/nsCCapsManager.cpp b/caps/src/nsCCapsManager.cpp index acd8de2d6dc..c1ec701b51f 100644 --- a/caps/src/nsCCapsManager.cpp +++ b/caps/src/nsCCapsManager.cpp @@ -23,6 +23,7 @@ #include "nsCCodebasePrincipal.h" #include "nsCCertPrincipal.h" #include "nsCCodeSourcePrincipal.h" +#include "nsCaps.h" static NS_DEFINE_CID(kCCapsManagerCID, NS_CCAPSMANAGER_CID); static NS_DEFINE_IID(kICapsManagerIID, NS_ICAPSMANAGER_IID); @@ -135,15 +136,15 @@ nsCCapsManager::GetPermission(nsIPrincipal* pNSIPrincipal, } if (m_pNSPrivilegeManager != NULL) { - nsPrincipal *pNSPrinicipal = NULL; - result = GetNSPrincipal(pNSIPrincipal, &pNSPrinicipal); + nsPrincipal *pNSPrincipal = NULL; + result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal); if( result != NS_OK) { return result; } nsPrivilege* privilege = - m_pNSPrivilegeManager->getPrincipalPrivilege(target, pNSPrinicipal, + m_pNSPrivilegeManager->getPrincipalPrivilege(target, pNSPrincipal, NULL); *state = ConvertPrivilegeToPermission(privilege); } @@ -172,14 +173,14 @@ nsCCapsManager::SetPermission(nsIPrincipal* pNSIPrincipal, } if (m_pNSPrivilegeManager != NULL) { - nsPrincipal *pNSPrinicipal = NULL; - result = GetNSPrincipal(pNSIPrincipal, &pNSPrinicipal); + nsPrincipal *pNSPrincipal = NULL; + result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal); if( result != NS_OK) { return result; } nsPrivilege* privilege = ConvertPermissionToPrivilege(state); - m_pNSPrivilegeManager->SetPermission(pNSPrinicipal, target, privilege); + m_pNSPrivilegeManager->SetPermission(pNSPrincipal, target, privilege); } return NS_OK; } @@ -207,21 +208,381 @@ nsCCapsManager::AskPermission(nsIPrincipal* pNSIPrincipal, } if (m_pNSPrivilegeManager != NULL) { - nsPrincipal *pNSPrinicipal = NULL; - result = GetNSPrincipal(pNSIPrincipal, &pNSPrinicipal); + nsPrincipal *pNSPrincipal = NULL; + result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal); if( result != NS_OK) { return result; } - m_pNSPrivilegeManager->AskPermission(pNSPrinicipal,target, NULL); + m_pNSPrivilegeManager->AskPermission(pNSPrincipal,target, NULL); nsPrivilege* privilege = - m_pNSPrivilegeManager->getPrincipalPrivilege(target, pNSPrinicipal, + m_pNSPrivilegeManager->getPrincipalPrivilege(target, pNSPrincipal, NULL); *state = ConvertPrivilegeToPermission(privilege); } return NS_OK; } +/** + * Initializes the capabilities subsytem (ie setting the system principal, initializing + * privilege Manager, creating the capsManager factory etc + * + * @param result - is true if principal was successfully registered with the system + */ +NS_METHOD +nsCCapsManager::Initialize(PRBool *result) +{ + *result = nsCapsInitialize(); + return NS_OK; +} + +/** + * Registers the given Principal with the system. + * + * @param prin - is either certificate principal or codebase principal + * @param result - is true if principal was successfully registered with the system + */ +NS_METHOD +nsCCapsManager::RegisterPrincipal(nsIPrincipal* pNSIPrincipal, PRBool *ret_val) +{ + nsresult result = NS_OK; + if (m_pNSPrivilegeManager != NULL) + { + nsPrincipal *pNSPrincipal = NULL; + result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal); + if( result != NS_OK) + { + return result; + } + m_pNSPrivilegeManager->registerPrincipal(pNSPrincipal); + } + return NS_OK; +} + +/** + * Prompts the user if they want to grant permission for the principal located + * at the given stack depth for the given target. + * + * @param context - is the parameter JS needs to determinte the principal + * @param targetName - is the name of the target. + * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the + * principal + * @param ret_val - is true if user has given permission for the given principal and + * target + */ +NS_METHOD +nsCCapsManager::EnablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val) +{ + nsTarget *target = nsTarget::findTarget((char*)targetName); + nsresult result = NS_OK; + if( target == NULL ) + { + *ret_val = PR_FALSE; + return NS_OK; + } + if (m_pNSPrivilegeManager != NULL) + { + *ret_val = m_pNSPrivilegeManager->enablePrivilege(context, target, callerDepth); + } + return NS_OK; +} + +/** + * Returns if the user granted permission for the principal located at the given + * stack depth for the given target. + * + * @param context - is the parameter JS needs to determinte the principal + * @param targetName - is the name of the target. + * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the + * principal + * @param ret_val - is true if user has given permission for the given principal and + * target + */ +NS_METHOD +nsCCapsManager::IsPrivilegeEnabled(void* context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val) +{ + nsTarget *target = nsTarget::findTarget((char*)targetName); + nsresult result = NS_OK; + if( target == NULL ) + { + *ret_val = PR_FALSE; + return NS_OK; + } + if (m_pNSPrivilegeManager != NULL) + { + *ret_val = m_pNSPrivilegeManager->isPrivilegeEnabled(context, target, callerDepth); + } + return NS_OK; +} + +/** + * Reverts the permission (granted/denied) user gave for the principal located + * at the given stack depth for the given target. + * + * @param context - is the parameter JS needs to determinte the principal + * @param targetName - is the name of the target. + * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the + * principal + * @param ret_val - is true if user has given permission for the given principal and + * target + */ +NS_METHOD +nsCCapsManager::RevertPrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val) +{ + nsTarget *target = nsTarget::findTarget((char*)targetName); + nsresult result = NS_OK; + if( target == NULL ) + { + *ret_val = PR_FALSE; + return NS_OK; + } + if (m_pNSPrivilegeManager != NULL) + { + *ret_val = m_pNSPrivilegeManager->revertPrivilege(context, target, callerDepth); + } + return NS_OK; +} + +/** + * Disable permissions for the principal located at the given stack depth for the + * given target. + * + * @param context - is the parameter JS needs to determinte the principal + * @param targetName - is the name of the target. + * @param callerDepth - is the depth of JS stack frame, which JS uses to determinte the + * principal + * @param ret_val - is true if user has given permission for the given principal and + * target + */ +NS_METHOD +nsCCapsManager::DisablePrivilege(void* context, const char* targetName, PRInt32 callerDepth, PRBool *ret_val) +{ + nsTarget *target = nsTarget::findTarget((char*)targetName); + nsresult result = NS_OK; + if( target == NULL ) + { + *ret_val = PR_FALSE; + return NS_OK; + } + if (m_pNSPrivilegeManager != NULL) + { + *ret_val = m_pNSPrivilegeManager->disablePrivilege(context, target, callerDepth); + } + return NS_OK; +} + + +/* XXX: Some of the arguments for the following interfaces may change. + * This is a first cut. I need to talk to joki. We should get rid of void* parameters. + */ +NS_METHOD +nsCCapsManager::ComparePrincipalArray(void* prin1Array, void* prin2Array, nsSetComparisonType *ret_val) +{ + nsresult result = NS_OK; + *ret_val = nsSetComparisonType_NoSubset; + if (m_pNSPrivilegeManager != NULL) + { + nsPrincipalArray *newPrin1Array=NULL; + nsPrincipalArray *newPrin2Array=NULL; + result = GetNSPrincipalArray((nsPrincipalArray*) prin1Array, &newPrin1Array); + if (result != NS_OK) { + return result; + } + result = GetNSPrincipalArray((nsPrincipalArray*) prin2Array, &newPrin2Array); + if (result != NS_OK) { + return result; + } + *ret_val = m_pNSPrivilegeManager->comparePrincipalArray(newPrin1Array, newPrin2Array); + nsCapsFreePrincipalArray(newPrin1Array); + nsCapsFreePrincipalArray(newPrin2Array); + } + return NS_OK; +} + +NS_METHOD +nsCCapsManager::IntersectPrincipalArray(void* prin1Array, void* prin2Array, void* *ret_val) +{ + nsresult result = NS_OK; + *ret_val = NULL; + if (m_pNSPrivilegeManager != NULL) + { + nsPrincipalArray *newPrin1Array=NULL; + nsPrincipalArray *newPrin2Array=NULL; + nsPrincipalArray *intersectPrinArray=NULL; + result = GetNSPrincipalArray((nsPrincipalArray*) prin1Array, &newPrin1Array); + if (result != NS_OK) { + return result; + } + result = GetNSPrincipalArray((nsPrincipalArray*) prin2Array, &newPrin2Array); + if (result != NS_OK) { + return result; + } + intersectPrinArray = m_pNSPrivilegeManager->intersectPrincipalArray(newPrin1Array, + newPrin2Array); + CreateNSPrincipalArray(intersectPrinArray, (nsPrincipalArray**)ret_val); + nsCapsFreePrincipalArray(newPrin1Array); + nsCapsFreePrincipalArray(newPrin2Array); + } + return NS_OK; +} + +NS_METHOD +nsCCapsManager::CanExtendTrust(void* fromPrinArray, void* toPrinArray, PRBool *ret_val) +{ + nsresult result = NS_OK; + *ret_val = nsSetComparisonType_NoSubset; + if (m_pNSPrivilegeManager != NULL) + { + nsPrincipalArray *newPrin1Array=NULL; + nsPrincipalArray *newPrin2Array=NULL; + result = GetNSPrincipalArray((nsPrincipalArray*) fromPrinArray, &newPrin1Array); + if (result != NS_OK) { + return result; + } + result = GetNSPrincipalArray((nsPrincipalArray*) toPrinArray, &newPrin2Array); + if (result != NS_OK) { + return result; + } + *ret_val = m_pNSPrivilegeManager->canExtendTrust(newPrin1Array, newPrin2Array); + nsCapsFreePrincipalArray(newPrin1Array); + nsCapsFreePrincipalArray(newPrin2Array); + } + return NS_OK; +} + + +/* interfaces for nsIPrincipal object, may be we should move some of them to nsIprincipal */ + +NS_METHOD +nsCCapsManager::NewPrincipal(nsPrincipalType type, void* key, PRUint32 key_len, void *zig, nsIPrincipal** ret_val) +{ + nsIPrincipal* pNSIPrincipal; + nsPrincipal *pNSPrincipal = new nsPrincipal(type, key, key_len, zig); + if (pNSPrincipal->isCodebase()) { + pNSIPrincipal = (nsIPrincipal*)new nsCCodebasePrincipal(pNSPrincipal); + } else { + pNSIPrincipal = (nsIPrincipal*)new nsCCertPrincipal(pNSPrincipal); + } + *ret_val = pNSIPrincipal; + return NS_OK; +} + +NS_METHOD +nsCCapsManager::IsCodebaseExact(nsIPrincipal* pNSIPrincipal, PRBool *ret_val) +{ + nsresult result = NS_OK; + nsPrincipal *pNSPrincipal = NULL; + *ret_val = PR_FALSE; + result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal); + if( result != NS_OK) { + return result; + } + *ret_val = pNSPrincipal->isCodebaseExact(); + + return NS_OK; +} + +NS_METHOD +nsCCapsManager::ToString(nsIPrincipal* pNSIPrincipal, char* *ret_val) +{ + nsresult result = NS_OK; + nsPrincipal *pNSPrincipal = NULL; + *ret_val = NULL; + result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal); + if( result != NS_OK) { + return result; + } + *ret_val = pNSPrincipal->toString(); + + return NS_OK; +} + +NS_METHOD +nsCCapsManager::GetVendor(nsIPrincipal* pNSIPrincipal, char* *ret_val) +{ + nsresult result = NS_OK; + nsPrincipal *pNSPrincipal = NULL; + *ret_val = NULL; + result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal); + if( result != NS_OK) { + return result; + } + *ret_val = pNSPrincipal->getVendor(); + + return NS_OK; +} + +NS_METHOD +nsCCapsManager::NewPrincipalArray(PRUint32 count, void* *ret_val) +{ + *ret_val = nsCapsNewPrincipalArray(count); + return NS_OK; +} + +NS_METHOD +nsCCapsManager::FreePrincipalArray(void *prinArray) +{ + nsCapsFreePrincipalArray(prinArray); + return NS_OK; +} + +NS_METHOD +nsCCapsManager::GetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* *ret_val) +{ + nsIPrincipal* pNSIPrincipal; + nsPrincipal *pNSPrincipal = (nsPrincipal *)nsCapsGetPrincipalArrayElement(prinArrayArg, index); + if (pNSPrincipal->isCodebase()) { + pNSIPrincipal = (nsIPrincipal*)new nsCCodebasePrincipal(pNSPrincipal); + } else { + pNSIPrincipal = (nsIPrincipal*)new nsCCertPrincipal(pNSPrincipal); + } + *ret_val = pNSIPrincipal; + return NS_OK; +} + +NS_METHOD +nsCCapsManager::SetPrincipalArrayElement(void *prinArrayArg, PRUint32 index, nsIPrincipal* principal) +{ + nsCapsSetPrincipalArrayElement(prinArrayArg, index, principal); + return NS_OK; +} + +NS_METHOD +nsCCapsManager::GetPrincipalArraySize(void *prinArrayArg, PRUint32 *ret_val) +{ + *ret_val = nsCapsGetPrincipalArraySize(prinArrayArg); + return NS_OK; +} + +/* The following interfaces will replace all of the following old calls. + * + * nsCapsGetPermission(struct nsPrivilege *privilege) + * nsCapsGetPrivilege(struct nsPrivilegeTable *annotation, struct nsTarget *target) + * + */ +NS_METHOD +nsCCapsManager::IsAllowed(void *annotation, char* targetName, PRBool *ret_val) +{ + nsTarget *target = nsTarget::findTarget(targetName); + nsresult result = NS_OK; + if( target == NULL ) + { + *ret_val = PR_FALSE; + return NS_OK; + } + struct nsPrivilege * pNSPrivilege = nsCapsGetPrivilege((struct nsPrivilegeTable *)annotation, + target); + if (pNSPrivilege == NULL) { + *ret_val = PR_FALSE; + return NS_OK; + } + nsPermissionState perm = nsCapsGetPermission(pNSPrivilege); + + *ret_val = (perm == nsPermissionState_Allowed); + return NS_OK; +} + + //////////////////////////////////////////////////////////////////////////// // from nsCCapsManager: @@ -235,12 +596,64 @@ nsCCapsManager::~nsCCapsManager() { } +void +nsCCapsManager::CreateNSPrincipalArray(nsPrincipalArray* prinArray, + nsPrincipalArray* *pPrincipalArray) +{ + nsIPrincipal* pNSIPrincipal; + nsPrincipal *pNSPrincipal = NULL; + + PRUint32 count = prinArray->GetSize(); + nsPrincipalArray *newPrinArray = new nsPrincipalArray(); + newPrinArray->SetSize(count, 1); + *pPrincipalArray = NULL; + + for (PRUint32 index = 0; index < count; index++) { + pNSPrincipal = (nsPrincipal *)prinArray->Get(index); + if (pNSPrincipal->isCodebase()) { + pNSIPrincipal = (nsIPrincipal*)new nsCCodebasePrincipal(pNSPrincipal); + } else { + pNSIPrincipal = (nsIPrincipal*)new nsCCertPrincipal(pNSPrincipal); + } + newPrinArray->Set(index, pNSIPrincipal); + } + *pPrincipalArray = newPrinArray; +} + + +NS_METHOD +nsCCapsManager::GetNSPrincipalArray(nsPrincipalArray* prinArray, + nsPrincipalArray* *pPrincipalArray) +{ + nsIPrincipal* pNSIPrincipal; + nsPrincipal *pNSPrincipal = NULL; + nsresult result = NS_OK; + + PRUint32 count = prinArray->GetSize(); + nsPrincipalArray *newPrinArray = new nsPrincipalArray(); + newPrinArray->SetSize(count, 1); + *pPrincipalArray = NULL; + + for (PRUint32 index = 0; index < count; index++) { + pNSIPrincipal = (nsIPrincipal*)prinArray->Get(index); + result = GetNSPrincipal(pNSIPrincipal, &pNSPrincipal); + if( result != NS_OK) + { + nsCapsFreePrincipalArray(newPrinArray); + return result; + } + newPrinArray->Set(index, pNSPrincipal); + } + *pPrincipalArray = newPrinArray; + return result; +} + NS_METHOD nsCCapsManager::GetNSPrincipal(nsIPrincipal* pNSIPrincipal, nsPrincipal **ppNSPrincipal) { nsISupports *pNSISupports = NULL; - nsPrincipal *pNSPrinicipal = NULL; + nsPrincipal *pNSPrincipal = NULL; *ppNSPrincipal = NULL; if ( pNSIPrincipal == NULL ) @@ -266,14 +679,14 @@ nsCCapsManager::GetNSPrincipal(nsIPrincipal* pNSIPrincipal, if (bIsTrusted) { nsCCertPrincipal *pNSCCertPrincipal = (nsCCertPrincipal *)pNSICertPrincipal; - pNSPrinicipal = pNSCCertPrincipal->GetPeer(); + pNSPrincipal = pNSCCertPrincipal->GetPeer(); pNSCCertPrincipal->Release(); } else if(pNSICodebasePrincipal != NULL ) { nsCCodebasePrincipal *pNSCCodebasePrincipal = (nsCCodebasePrincipal *)pNSICodebasePrincipal; - pNSPrinicipal = pNSCCodebasePrincipal->GetPeer(); + pNSPrincipal = pNSCCodebasePrincipal->GetPeer(); pNSCCodebasePrincipal->Release(); } else @@ -286,7 +699,7 @@ nsCCapsManager::GetNSPrincipal(nsIPrincipal* pNSIPrincipal, (void**)&pNSISupports) == NS_OK) { nsCCertPrincipal *pNSCCertPrincipal = (nsCCertPrincipal *)pNSIPrincipal; - pNSPrinicipal = pNSCCertPrincipal->GetPeer(); + pNSPrincipal = pNSCCertPrincipal->GetPeer(); pNSCCertPrincipal->Release(); } else @@ -295,14 +708,14 @@ nsCCapsManager::GetNSPrincipal(nsIPrincipal* pNSIPrincipal, { nsCCodebasePrincipal *pNSCCodebasePrincipal = (nsCCodebasePrincipal *)pNSIPrincipal; - pNSPrinicipal = pNSCCodebasePrincipal->GetPeer(); + pNSPrincipal = pNSCCodebasePrincipal->GetPeer(); pNSCCodebasePrincipal->Release(); } else { return NS_ERROR_NO_INTERFACE; } - *ppNSPrincipal = pNSPrinicipal; + *ppNSPrincipal = pNSPrincipal; return NS_OK; } diff --git a/caps/src/nsCCertPrincipal.cpp b/caps/src/nsCCertPrincipal.cpp index c72cb38c521..c57500eaecf 100644 --- a/caps/src/nsCCertPrincipal.cpp +++ b/caps/src/nsCCertPrincipal.cpp @@ -193,6 +193,11 @@ nsCCertPrincipal::nsCCertPrincipal(const unsigned char **certChain, *result = NS_OK; } +nsCCertPrincipal::nsCCertPrincipal(nsPrincipal *pNSPrincipal) +{ + m_pNSPrincipal = pNSPrincipal; +} + nsCCertPrincipal::~nsCCertPrincipal(void) { delete m_pNSPrincipal; diff --git a/caps/src/nsCCodebasePrincipal.cpp b/caps/src/nsCCodebasePrincipal.cpp index bdc01bcfd4d..578967c1112 100644 --- a/caps/src/nsCCodebasePrincipal.cpp +++ b/caps/src/nsCCodebasePrincipal.cpp @@ -82,6 +82,11 @@ nsCCodebasePrincipal::nsCCodebasePrincipal(const char *codebaseURL, *result = NS_OK; } +nsCCodebasePrincipal::nsCCodebasePrincipal(nsPrincipal *pNSPrincipal) +{ + m_pNSPrincipal = pNSPrincipal; +} + nsCCodebasePrincipal::~nsCCodebasePrincipal(void) { delete m_pNSPrincipal;