mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 83536. 

Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
This commit is contained in:
caillon%returnzero.com 2003-07-24 05:15:20 +00:00
Родитель ef99140d6d
Коммит 9c22160a4b
68 изменённых файлов: 1812 добавлений и 1965 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
caps/idl/Makefile.in
Просмотреть файл

@ -32,9 +32,6 @@ GRE_MODULE = 1
XPIDLSRCS = \
nsIScriptSecurityManager.idl \
nsIPrincipal.idl \
nsICodebasePrincipal.idl \
nsICertificatePrincipal.idl \
nsIAggregatePrincipal.idl \
nsISignatureVerifier.idl \
nsISecurityCheckedComponent.idl \
$(NULL)

0
caps/idl/nsIAggregatePrincipal.idl
Просмотреть файл

0
caps/idl/nsICertificatePrincipal.idl
Просмотреть файл

0
caps/idl/nsICodebasePrincipal.idl
Просмотреть файл

110
caps/idl/nsIPrincipal.idl
Просмотреть файл

@ -16,10 +16,12 @@
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1999-2000
* Portions created by the Initial Developer are Copyright (C) 1999-2003
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Mitchell Stoltz <mstoltz@netscape.com>
* Christopher A. Aillon <christopher@aillon.com>
*
*
* Alternatively, the contents of this file may be used under the terms of
@ -44,41 +46,109 @@
struct JSPrincipals;
%}
interface nsIURI;
[ptr] native JSPrincipals(JSPrincipals);
[uuid(ff9313d0-25e1-11d2-8160-006008119d7a)]
interface nsIPrincipal : nsISerializable {
// Values of capabilities for each principal. Order is
// significant: if an operation is performed on a set
// of capabilities, the minimum is computed.
interface nsIPrincipal : nsISerializable
{
/**
* Values of capabilities for each principal. Order is
* significant: if an operation is performed on a set
* of capabilities, the minimum is computed.
*/
const short ENABLE_DENIED = 1;
const short ENABLE_UNKNOWN = 2;
const short ENABLE_WITH_USER_PERMISSION = 3;
const short ENABLE_GRANTED = 4;
string ToString();
string ToUserVisibleString();
void GetPreferences(out string prefName, out string id,
/**
* Returns the security preferences associated with this principal.
* prefBranch will be set to the pref branch to which these preferences
* pertain. id is a pseudo-unique identifier, pertaining to either the
* certificateID or the origin. grantedList and deniedList are
* space-separated lists of capabilities which were explicitly granted
* or denied by a pref.
*/
void getPreferences(out string prefBranch, out string id,
out string grantedList, out string deniedList);
boolean Equals(in nsIPrincipal other);
/**
* Returns whether the other principal is equivalent to this principal.
* Principals are considered equal if they are the same principal,
* they have the same origin, or have the same certificate ID
*/
boolean equals(in nsIPrincipal other);
unsigned long HashValue();
/**
* Returns a hash value for the principal.
*/
readonly attribute unsigned long hashValue;
JSPrincipals GetJSPrincipals();
/**
* Returns the JS equivalent of the principal.
* @see JSPrincipals.h
*/
readonly attribute JSPrincipals jsPrincipals;
short CanEnableCapability(in string capability);
/**
* The domain security policy of the principal.
*/
// XXXcaa should this be here? The script security manager is the only
// thing that should care about this. Wouldn't storing this data in one
// of the hashtables in nsScriptSecurityManager be better?
attribute voidPtr securityPolicy;
void SetCanEnableCapability(in string capability, in short canEnable);
// XXXcaa probably should be turned into {get|set}CapabilityFlags
short canEnableCapability(in string capability);
void setCanEnableCapability(in string capability, in short canEnable);
boolean isCapabilityEnabled(in string capability, in voidPtr annotation);
void enableCapability(in string capability, inout voidPtr annotation);
void revertCapability(in string capability, inout voidPtr annotation);
void disableCapability(in string capability, inout voidPtr annotation);
boolean IsCapabilityEnabled(in string capability, in voidPtr annotation);
/**
* The codebase URI to which this principal pertains. This is
* generally the document URI. Setting this will reset the domain
* to null.
*/
attribute nsIURI URI;
void EnableCapability(in string capability, inout voidPtr annotation);
/**
* The domain URI to which this principal pertains.
* This is congruent with HTMLDocument.domain, and may be null.
* Setting this has no effect on the URI.
*/
attribute nsIURI domain;
void RevertCapability(in string capability, inout voidPtr annotation);
/**
* The origin of this principal's domain, if non-null, or its
* codebase URI otherwise. An origin is defined as:
* scheme + host + port.
*/
// XXXcaa this should probably be turned into an nsIURI.
// The system principal's origin should be some caps namespace
// with a chrome URI. All of chrome should probably be the same.
readonly attribute string origin;
void DisableCapability(in string capability, inout voidPtr annotation);
/**
* Whether this principal is associated with a certificate.
*/
readonly attribute boolean hasCertificate;
/**
* The fingerprint ID of this principal's certificate.
* Throws if there is no certificate associated with this principal.
*/
// XXXcaa kaie says this may not be unique. We should probably
// consider using something else for this....
attribute string certificateID;
/**
* The common name for the certificate.
* This pertains to the certificate authority organization.
* Throws if there is no certificate associated with this principal.
*/
attribute string commonName;
};

19
caps/idl/nsIScriptSecurityManager.idl
Просмотреть файл

@ -134,23 +134,22 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
* executing script. Will return null if there is no script
* currently executing.
*/
nsIPrincipal getSubjectPrincipal();
[noscript] nsIPrincipal getSubjectPrincipal();
/**
* Return the all-powerful system principal.
*/
nsIPrincipal getSystemPrincipal();
[noscript] nsIPrincipal getSystemPrincipal();
/**
* Return a principal that can be QI'd to nsICertificatePrincipal.
* Return a principal with the specified certificate ID.
*/
nsIPrincipal getCertificatePrincipal(in string CertID);
[noscript] nsIPrincipal getCertificatePrincipal(in string CertID);
/**
* Return a principal that can be QI'd to nsICodebasePrincipal and
* has the same origin as aURI.
* Return a principal that has the same origin as aURI.
*/
nsIPrincipal getCodebasePrincipal(in nsIURI aURI);
[noscript] nsIPrincipal getCodebasePrincipal(in nsIURI aURI);
///////////////// Capabilities API /////////////////////
/**
@ -159,13 +158,13 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
* necessary. Returns nsIPrincipal::ENABLE_GRANTED or
* nsIPrincipal::ENABLE_DENIED based on user's choice.
*/
void requestCapability(in nsIPrincipal principal, in string capability,
out short result);
[noscript] short requestCapability(in nsIPrincipal principal,
in string capability);
/**
* Return true if the currently executing script has 'capability' enabled.
*/
boolean IsCapabilityEnabled(in string capability);
boolean isCapabilityEnabled(in string capability);
/**
* Enable 'capability' in the innermost frame of the currently executing

6
caps/include/Makefile.in
Просмотреть файл

@ -29,13 +29,7 @@ include $(DEPTH)/config/autoconf.mk
MODULE = caps
EXPORTS = \
nsBasePrincipal.h \
nsSystemPrincipal.h \
nsCertificatePrincipal.h \
nsCodebasePrincipal.h \
nsAggregatePrincipal.h \
nsJSPrincipals.h \
nsScriptSecurityManager.h \
$(NULL)
include $(topsrcdir)/config/rules.mk

0
caps/include/nsAggregatePrincipal.h
Просмотреть файл

0
caps/include/nsBasePrincipal.h
Просмотреть файл

0
caps/include/nsCertificatePrincipal.h
Просмотреть файл

0
caps/include/nsCodebasePrincipal.h
Просмотреть файл

9
caps/include/nsJSPrincipals.h
Просмотреть файл

@ -36,8 +36,9 @@
*
* ***** END LICENSE BLOCK ***** */
/* describes principals by their orginating uris*/
#ifndef _NS_JSPRINCIPALS_H_
#define _NS_JSPRINCIPALS_H_
#ifndef nsJSPrincipals_h__
#define nsJSPrincipals_h__
#include "jsapi.h"
#include "nsIPrincipal.h"
@ -47,8 +48,8 @@ struct nsJSPrincipals : JSPrincipals {
nsresult Init(char *prin);
~nsJSPrincipals(void);
nsIPrincipal *nsIPrincipalPtr;
nsIPrincipal *nsIPrincipalPtr; // [WEAK] it owns us.
};
#endif /* _NS_JSPRINCIPALS_H_ */
#endif /* nsJSPrincipals_h__ */

128
caps/include/nsPrincipal.h Executable file
Просмотреть файл

@ -0,0 +1,128 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2003
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Christopher A. Aillon <christopher@aillon.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef nsPrincipal_h__
#define nsPrincipal_h__
#include "nsAutoPtr.h"
#include "nsCOMPtr.h"
#include "nsVoidArray.h"
#include "nsHashtable.h"
#include "nsJSPrincipals.h"
class nsIObjectInputStream;
class nsIObjectOutputStream;
class nsPrincipal : public nsIPrincipal
{
public:
nsPrincipal();
nsPrincipal(nsIURI *aURI);
protected:
virtual ~nsPrincipal();
public:
// Our refcount is managed by mJSPrincipals. Use this macro to avoid
// an extra refcount member.
NS_DECL_ISUPPORTS_INHERITED
protected:
// XXXcaa Probably unnecessary. See bug 143559.
NS_DECL_OWNINGTHREAD
public:
NS_DECL_NSIPRINCIPAL
NS_DECL_NSISERIALIZABLE
nsresult InitFromPersistent(const char* aPrefName,
const char* aToken,
const char* aGrantedList,
const char* aDeniedList,
PRBool aIsCert = PR_FALSE,
PRBool aTrusted = PR_FALSE);
enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled };
nsresult SetCapability(const char *capability, void **annotation,
AnnotationValue value);
static const char sInvalid[];
protected:
nsJSPrincipals mJSPrincipals;
nsVoidArray mAnnotations;
nsHashtable mCapabilities;
nsCString mPrefName;
static PRInt32 sCapabilitiesOrdinal;
// XXXcaa This is a semi-hack. The best solution here is to keep
// a reference to an interface here, except there is no interface
// that we can use yet.
struct Certificate
{
Certificate(const char* aCertID, const char* aName)
: certificateID(aCertID),
commonName(aName)
{
};
nsCString certificateID;
nsCString commonName;
};
// Keep this is a pointer, even though it may slightly increase the
// cost of keeping a certificate, this is a good tradeoff though since
// it is very rare that we actually have a certificate.
nsAutoPtr<Certificate> mCert;
void* mSecurityPolicy;
nsCOMPtr<nsIURI> mCodebase;
nsCOMPtr<nsIURI> mDomain;
PRUint8 mType;
PRPackedBool mTrusted;
};
#define NS_PRINCIPAL_CLASSNAME "principal"
#define NS_PRINCIPAL_CONTRACTID "@mozilla.org/principal;1"
#define NS_PRINCIPAL_CID \
{ 0x36102b6b, 0x7b62, 0x451a, \
{ 0xa1, 0xc8, 0xa0, 0xd4, 0x56, 0xc9, 0x2d, 0xc5 }}
#endif // nsPrincipal_h__

121
caps/include/nsScriptSecurityManager.h
Просмотреть файл

@ -22,6 +22,7 @@
* Contributor(s):
* Norris Boyd <nboyd@atg.com>
* Mitch Stoltz <mstoltz@netscape.com>
* Christopher A. Aillon <christopher@aillon.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
@ -37,14 +38,15 @@
*
* ***** END LICENSE BLOCK ***** */
#ifndef _NS_SCRIPT_SECURITY_MANAGER_H_
#define _NS_SCRIPT_SECURITY_MANAGER_H_
#ifndef nsScriptSecurityManager_h__
#define nsScriptSecurityManager_h__
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "jsapi.h"
#include "jsdbgapi.h"
#include "nsIXPCSecurityManager.h"
#include "nsInterfaceHashtable.h"
#include "nsHashtable.h"
#include "nsCOMPtr.h"
#include "nsIPrefService.h"
@ -57,42 +59,85 @@
class nsIDocShell;
class nsString;
class nsIClassInfo;
class nsIIOService;
class nsIXPConnect;
class nsSystemPrincipal;
struct ClassPolicy;
#if defined(DEBUG_mstoltz) || defined(DEBUG_caillon)
#define DEBUG_CAPS_HACKER
#endif
#ifdef DEBUG_CAPS_HACKER
#define DEBUG_CAPS_CheckPropertyAccessImpl
#define DEBUG_CAPS_LookupPolicy
#define DEBUG_CAPS_CheckComponentPermissions
#endif
#if 0
#define DEBUG_CAPS_CanCreateWrapper
#define DEBUG_CAPS_CanCreateInstance
#define DEBUG_CAPS_CanGetService
#endif
/////////////////////
// nsIPrincipalKey //
// PrincipalKey //
/////////////////////
class nsIPrincipalKey : public nsHashKey {
class NS_COM PrincipalKey : public PLDHashEntryHdr
{
public:
nsIPrincipalKey(nsIPrincipal* key) {
mKey = key;
NS_IF_ADDREF(mKey);
typedef const nsIPrincipal* KeyType;
typedef const nsIPrincipal* KeyTypePointer;
PrincipalKey(const nsIPrincipal* key)
: mKey(NS_CONST_CAST(nsIPrincipal*, key))
{
}
~nsIPrincipalKey(void) {
NS_IF_RELEASE(mKey);
PrincipalKey(const PrincipalKey& toCopy)
: mKey(toCopy.mKey)
{
}
PRUint32 HashCode(void) const {
PRUint32 hash;
mKey->HashValue(&hash);
return hash;
~PrincipalKey()
{
}
PRBool Equals(const nsHashKey* aKey) const {
KeyType GetKey() const
{
return mKey;
}
KeyTypePointer GetKeyPointer() const
{
return mKey;
}
PRBool KeyEquals(KeyTypePointer aKey) const
{
PRBool eq;
mKey->Equals(((nsIPrincipalKey*) aKey)->mKey, &eq);
mKey->Equals(NS_CONST_CAST(nsIPrincipal*, aKey),
&eq);
return eq;
}
nsHashKey *Clone(void) const {
return new nsIPrincipalKey(mKey);
static KeyTypePointer KeyToPointer(KeyType aKey)
{
return aKey;
}
protected:
nsIPrincipal* mKey;
static PLDHashNumber HashKey(KeyTypePointer aKey)
{
PRUint32 hash;
NS_CONST_CAST(nsIPrincipal*, aKey)->GetHashValue(&hash);
return PLDHashNumber(hash);
}
enum { ALLOW_MEMMOVE = PR_TRUE };
private:
nsCOMPtr<nsIPrincipal> mKey;
};
////////////////////
@ -213,9 +258,12 @@ class DomainPolicy : public PLDHashTable
public:
DomainPolicy() : mWildcardPolicy(nsnull),
mRefCount(0)
{
static PLDHashTableOps domainPolicyOps =
}
PRBool Init()
{
static const PLDHashTableOps domainPolicyOps =
{
PL_DHashAllocTable,
PL_DHashFreeTable,
@ -228,7 +276,7 @@ public:
InitClassPolicyEntry
};
PL_DHashTableInit(this, &domainPolicyOps, nsnull,
return PL_DHashTableInit(this, &domainPolicyOps, nsnull,
sizeof(ClassPolicy), 16);
}
@ -397,7 +445,7 @@ private:
nsresult
CheckComponentPermissions(JSContext *cx, const nsCID &aCID);
#endif
#ifdef DEBUG_mstoltz
#ifdef DEBUG_CAPS_HACKER
void
PrintPolicyDB();
#endif
@ -408,8 +456,8 @@ private:
inline void
JSEnabledPrefChanged(nsISecurityPref* aSecurityPref);
static const char* sJSEnabledPrefName;
static const char* sJSMailEnabledPrefName;
static const char sJSEnabledPrefName[];
static const char sJSMailEnabledPrefName[];
nsObjectHashtable* mOriginToPolicyMap;
DomainPolicy* mDefaultPolicy;
@ -417,20 +465,21 @@ private:
nsCOMPtr<nsIPrefBranch> mPrefBranch;
nsCOMPtr<nsISecurityPref> mSecurityPref;
nsIPrincipal* mSystemPrincipal;
nsCOMPtr<nsIPrincipal> mSystemPrincipal;
nsCOMPtr<nsIPrincipal> mSystemCertificate;
nsSupportsHashtable* mPrincipals;
PRBool mIsJavaScriptEnabled;
PRBool mIsMailJavaScriptEnabled;
PRBool mIsWritingPrefs;
nsInterfaceHashtable<PrincipalKey, nsIPrincipal> mPrincipals;
nsCOMPtr<nsIThreadJSContextStack> mJSContextStack;
PRBool mNameSetRegistered;
PRBool mPolicyPrefsChanged;
PRPackedBool mIsJavaScriptEnabled;
PRPackedBool mIsMailJavaScriptEnabled;
PRPackedBool mIsWritingPrefs;
PRPackedBool mPolicyPrefsChanged;
#ifdef XPC_IDISPATCH_SUPPORT
PRBool mXPCDefaultGrantAll;
static const char* sXPCDefaultGrantAllName;
PRPackedBool mXPCDefaultGrantAll;
static const char sXPCDefaultGrantAllName[];
#endif
static nsIIOService* sIOService;
static nsIXPConnect* sXPConnect;
};
#endif /*_NS_SCRIPT_SECURITY_MANAGER_H_*/
#endif // nsScriptSecurityManager_h__

48
caps/include/nsSystemPrincipal.h
Просмотреть файл

@ -38,10 +38,11 @@
/* The privileged system principal. */
#ifndef _NS_SYSTEM_PRINCIPAL_H_
#define _NS_SYSTEM_PRINCIPAL_H_
#ifndef nsSystemPrincipal_h__
#define nsSystemPrincipal_h__
#include "nsBasePrincipal.h"
#include "nsIPrincipal.h"
#include "nsJSPrincipals.h"
#define NS_SYSTEMPRINCIPAL_CLASSNAME "systemprincipal"
#define NS_SYSTEMPRINCIPAL_CID \
@ -50,42 +51,23 @@
#define NS_SYSTEMPRINCIPAL_CONTRACTID "@mozilla.org/systemprincipal;1"
class nsSystemPrincipal : public nsBasePrincipal {
class nsSystemPrincipal : public nsIPrincipal
{
public:
NS_DECL_ISUPPORTS
NS_DECL_ISUPPORTS_INHERITED
NS_DECL_NSIPRINCIPAL
NS_DECL_NSISERIALIZABLE
NS_IMETHOD ToString(char **result);
NS_IMETHOD ToUserVisibleString(char **result);
NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result);
NS_IMETHOD HashValue(PRUint32 *result);
NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result);
NS_IMETHOD SetCanEnableCapability(const char *capability,
PRInt16 canEnable);
NS_IMETHOD IsCapabilityEnabled(const char *capability, void * annotation,
PRBool *result);
NS_IMETHOD EnableCapability(const char *capability, void * *annotation);
NS_IMETHOD RevertCapability(const char *capability, void * *annotation);
NS_IMETHOD DisableCapability(const char *capability, void * *annotation);
NS_IMETHOD GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList);
NS_IMETHOD Init();
nsresult Init();
nsSystemPrincipal();
protected:
virtual ~nsSystemPrincipal(void);
nsJSPrincipals mJSPrincipals;
// XXX Probably unnecessary. See bug 143559.
NS_DECL_OWNINGTHREAD
};
#endif // _NS_SYSTEM_PRINCIPAL_H_
#endif // nsSystemPrincipal_h__

5
caps/src/Makefile.in
Просмотреть файл

@ -50,11 +50,8 @@ REQUIRES = xpcom \
$(NULL)
CPPSRCS = \
nsBasePrincipal.cpp \
nsPrincipal.cpp \
nsSystemPrincipal.cpp \
nsCertificatePrincipal.cpp \
nsCodebasePrincipal.cpp \
nsAggregatePrincipal.cpp \
nsJSPrincipals.cpp \
nsScriptSecurityManager.cpp \
nsSecurityManagerFactory.cpp \

479
caps/src/nsAggregatePrincipal.cpp
Просмотреть файл

@ -1,479 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Netscape Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Mitch Stoltz <mstoltz@netscape.com>
*
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the NPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*describes principals which combine one or more principals*/
#include "nsAggregatePrincipal.h"
#include "nsIURI.h"
static NS_DEFINE_IID(kIAggregatePrincipalIID, NS_IAGGREGATEPRINCIPAL_IID);
NS_IMPL_QUERY_INTERFACE5_CI(nsAggregatePrincipal, nsIAggregatePrincipal,
nsICertificatePrincipal, nsICodebasePrincipal,
nsIPrincipal, nsISerializable)
NS_IMPL_CI_INTERFACE_GETTER5(nsAggregatePrincipal, nsIAggregatePrincipal,
nsICertificatePrincipal, nsICodebasePrincipal,
nsIPrincipal, nsISerializable)
NSBASEPRINCIPALS_ADDREF(nsAggregatePrincipal);
NSBASEPRINCIPALS_RELEASE(nsAggregatePrincipal);
//////////////////////////////////////////////////
// Methods implementing nsICertificatePrincipal //
//////////////////////////////////////////////////
NS_IMETHODIMP
nsAggregatePrincipal::GetCertificateID(char** aCertificateID)
{
if (!mCertificate)
{
*aCertificateID = nsnull;
return NS_OK;
}
nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
return certificate->GetCertificateID(aCertificateID);
}
NS_IMETHODIMP
nsAggregatePrincipal::GetCommonName(char** aCommonName)
{
if (!mCertificate)
{
*aCommonName = nsnull;
return NS_OK;
}
nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
return certificate->GetCommonName(aCommonName);
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCommonName(const char* aCommonName)
{
if (!mCertificate)
return NS_ERROR_FAILURE;
nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(mCertificate);
return certificate->SetCommonName(aCommonName);
}
///////////////////////////////////////////////
// Methods implementing nsICodebasePrincipal //
///////////////////////////////////////////////
NS_IMETHODIMP
nsAggregatePrincipal::GetURI(nsIURI** aURI)
{
if (!mCodebase)
{
*aURI = nsnull;
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
return codebase->GetURI(aURI);
}
NS_IMETHODIMP
nsAggregatePrincipal::GetOrigin(char** aOrigin)
{
if (!mCodebase)
{
*aOrigin = nsnull;
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
return codebase->GetOrigin(aOrigin);
}
NS_IMETHODIMP
nsAggregatePrincipal::GetSpec(char** aSpec)
{
if (!mCodebase)
{
*aSpec = nsnull;
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(mCodebase);
return codebase->GetSpec(aSpec);
}
////////////////////////////////////////////////
// Methods implementing nsIAggregatePrincipal //
////////////////////////////////////////////////
NS_IMETHODIMP
nsAggregatePrincipal::GetCertificate(nsIPrincipal** result)
{
*result = mCertificate;
NS_IF_ADDREF(*result);
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::GetCodebase(nsIPrincipal** result)
{
*result = mCodebase;
NS_IF_ADDREF(*result);
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCertificate(nsIPrincipal* aCertificate)
{
nsresult rv;
//-- Make sure this really is a certificate principal
if (aCertificate)
{
nsCOMPtr<nsICertificatePrincipal> tempCertificate =
do_QueryInterface(aCertificate, &rv);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
}
//-- If aCertificate is an aggregate, get its underlying certificate
nsCOMPtr<nsIAggregatePrincipal> agg =
do_QueryInterface(aCertificate, &rv);
if (NS_SUCCEEDED(rv))
{
nsCOMPtr<nsIPrincipal> underlying;
rv = agg->GetCertificate(getter_AddRefs(underlying));
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
mCertificate = underlying.get();
}
else
mCertificate = aCertificate;
// New certificate, so forget cached security policy
mCachedSecurityPolicy = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCodebase(nsIPrincipal* aCodebase)
{
nsresult rv;
nsCOMPtr<nsIPrincipal> newCodebase(aCodebase);
//-- If newCodebase is an aggregate, get its underlying codebase
nsCOMPtr<nsIAggregatePrincipal> agg =
do_QueryInterface(newCodebase, &rv);
if (NS_SUCCEEDED(rv))
{
rv = agg->GetCodebase(getter_AddRefs(newCodebase));
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
}
else
{ //-- Make sure this really is a codebase principal
nsCOMPtr<nsICodebasePrincipal> tempCodebase =
do_QueryInterface(newCodebase, &rv);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
}
mCodebase = newCodebase;
//-- If this is the first codebase set, remember it.
if (!mOriginalCodebase)
mOriginalCodebase = newCodebase;
else
{
mDomainChanged = PR_TRUE;
// Codebase has changed, forget cached security policy
mCachedSecurityPolicy = nsnull;
}
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::GetOriginalCodebase(nsIPrincipal** aOriginalCodebase)
{
NS_ENSURE_ARG_POINTER(aOriginalCodebase);
*aOriginalCodebase = mOriginalCodebase;
NS_IF_ADDREF(*aOriginalCodebase);
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::GetPrimaryChild(nsIPrincipal** aPrimaryChild)
{
//-- If a certificate is present, then that's the PrimaryChild principal.
// Otherwise we use the codebase.
if (mCertificate)
*aPrimaryChild = mCertificate.get();
else if (mCodebase)
*aPrimaryChild = mCodebase.get();
else
{
*aPrimaryChild = nsnull;
return NS_ERROR_FAILURE;
}
NS_IF_ADDREF(*aPrimaryChild);
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::Intersect(nsIPrincipal* other)
{
NS_ASSERTION(mCodebase, "Principal without codebase");
if (mCertificate)
{
PRBool sameCert = PR_FALSE;
if (NS_FAILED(mCertificate->Equals(other, &sameCert)))
return NS_ERROR_FAILURE;
if (!sameCert)
SetCertificate(nsnull);
}
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::SetDomainChanged(PRBool aDomainChanged)
{
mDomainChanged = aDomainChanged;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::GetDomainChanged(PRBool* aDomainChanged)
{
*aDomainChanged = mDomainChanged;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::GetCachedSecurityPolicy(void** aCachedSecurityPolicy)
{
*aCachedSecurityPolicy = mCachedSecurityPolicy;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCachedSecurityPolicy(void* aCachedSecurityPolicy)
{
mCachedSecurityPolicy = aCachedSecurityPolicy;
return NS_OK;
}
///////////////////////////////////////
// Methods implementing nsIPrincipal //
///////////////////////////////////////
NS_IMETHODIMP
nsAggregatePrincipal::ToString(char **result)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->ToString(result);
}
NS_IMETHODIMP
nsAggregatePrincipal::ToUserVisibleString(char **result)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->ToUserVisibleString(result);
}
NS_IMETHODIMP
nsAggregatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
{
*result = PR_FALSE;
if (this == other) {
*result = PR_TRUE;
return NS_OK;
}
if (!other)
return NS_OK;
nsresult rv;
nsCOMPtr<nsIAggregatePrincipal> otherAgg =
do_QueryInterface(other, &rv);
if (NS_FAILED(rv))
return NS_OK;
//-- Two aggregates are equal if both codebase and certificate are equal
PRBool certEqual = PR_TRUE;
if (mCertificate)
{
rv = mCertificate->Equals(other, &certEqual);
if(NS_FAILED(rv)) return rv;
}
PRBool cbEqual = PR_TRUE;
if (mCodebase)
{
rv = mCodebase->Equals(other, &cbEqual);
if(NS_FAILED(rv)) return rv;
}
if (mCertificate || mCodebase) // At least one must be present
*result = certEqual && cbEqual;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::HashValue(PRUint32 *result)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->HashValue(result);
}
NS_IMETHODIMP
nsAggregatePrincipal::CanEnableCapability(const char *capability,
PRInt16 *result)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->CanEnableCapability(capability, result);
}
NS_IMETHODIMP
nsAggregatePrincipal::SetCanEnableCapability(const char *capability,
PRInt16 canEnable)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->SetCanEnableCapability(capability, canEnable);
}
NS_IMETHODIMP
nsAggregatePrincipal::IsCapabilityEnabled(const char *capability, void *annotation,
PRBool *result)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->IsCapabilityEnabled(capability, annotation, result);
}
NS_IMETHODIMP
nsAggregatePrincipal::EnableCapability(const char *capability, void **annotation)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->EnableCapability(capability, annotation);
}
NS_IMETHODIMP
nsAggregatePrincipal::RevertCapability(const char *capability, void **annotation)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->RevertCapability(capability, annotation);
}
NS_IMETHODIMP
nsAggregatePrincipal::DisableCapability(const char *capability, void **annotation)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->DisableCapability(capability, annotation);
}
NS_IMETHODIMP
nsAggregatePrincipal::GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList)
{
nsCOMPtr<nsIPrincipal> PrimaryChild;
if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild))))
return NS_ERROR_FAILURE;
return PrimaryChild->GetPreferences(aPrefName, aID,
aGrantedList, aDeniedList);
}
//////////////////////////////////////////
// Methods implementing nsISerializable //
//////////////////////////////////////////
NS_IMETHODIMP
nsAggregatePrincipal::Read(nsIObjectInputStream* aStream)
{
nsresult rv;
rv = nsBasePrincipal::Read(aStream);
if (NS_FAILED(rv)) return rv;
rv = NS_ReadOptionalObject(aStream, PR_TRUE, getter_AddRefs(mCertificate));
if (NS_FAILED(rv)) return rv;
rv = NS_ReadOptionalObject(aStream, PR_TRUE, getter_AddRefs(mCodebase));
if (NS_FAILED(rv)) return rv;
return NS_OK;
}
NS_IMETHODIMP
nsAggregatePrincipal::Write(nsIObjectOutputStream* aStream)
{
nsresult rv;
rv = nsBasePrincipal::Write(aStream);
if (NS_FAILED(rv)) return rv;
rv = NS_WriteOptionalObject(aStream, mCertificate, PR_TRUE);
if (NS_FAILED(rv)) return rv;
rv = NS_WriteOptionalCompoundObject(aStream, mCodebase, NS_GET_IID(nsIPrincipal), PR_TRUE);
if (NS_FAILED(rv)) return rv;
return NS_OK;
}
/////////////////////////////////////////////
// Constructor, Destructor, initialization //
/////////////////////////////////////////////
nsAggregatePrincipal::nsAggregatePrincipal() : mCachedSecurityPolicy(nsnull),
mDomainChanged(PR_FALSE)
{
}
nsAggregatePrincipal::~nsAggregatePrincipal()
{
}

0
caps/src/nsBasePrincipal.cpp
Просмотреть файл

227
caps/src/nsCertificatePrincipal.cpp
Просмотреть файл

@ -1,227 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Netscape Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Mitch Stoltz <mstoltz@netscape.com>
*
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the NPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*describes principals for use in signed scripts*/
#include "nsCertificatePrincipal.h"
#include "prmem.h"
#include "nsCOMPtr.h"
#include "nsReadableUtils.h"
#include "nsCRT.h"
static NS_DEFINE_IID(kICertificatePrincipalIID, NS_ICERTIFICATEPRINCIPAL_IID);
NS_IMPL_QUERY_INTERFACE3_CI(nsCertificatePrincipal,
nsICertificatePrincipal,
nsIPrincipal,
nsISerializable)
NS_IMPL_CI_INTERFACE_GETTER3(nsCertificatePrincipal,
nsICertificatePrincipal,
nsIPrincipal,
nsISerializable)
NSBASEPRINCIPALS_ADDREF(nsCertificatePrincipal);
NSBASEPRINCIPALS_RELEASE(nsCertificatePrincipal);
//////////////////////////////////////////////////
// Methods implementing nsICertificatePrincipal //
//////////////////////////////////////////////////
NS_IMETHODIMP
nsCertificatePrincipal::GetCertificateID(char** aCertificateID)
{
*aCertificateID = ToNewCString(mCertificateID);
return *aCertificateID ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsCertificatePrincipal::GetCommonName(char** aCommonName)
{
*aCommonName = ToNewCString(mCommonName);
return *aCommonName ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsCertificatePrincipal::SetCommonName(const char* aCommonName)
{
mCommonName = aCommonName;
return NS_OK;
}
///////////////////////////////////////
// Methods implementing nsIPrincipal //
///////////////////////////////////////
NS_IMETHODIMP
nsCertificatePrincipal::CanEnableCapability(const char *capability,
PRInt16 *result)
{
if(NS_FAILED(nsBasePrincipal::CanEnableCapability(capability, result)))
return NS_ERROR_FAILURE;
if (*result == nsIPrincipal::ENABLE_UNKNOWN)
*result = ENABLE_WITH_USER_PERMISSION;
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::ToString(char **result)
{
return GetCertificateID(result);
}
NS_IMETHODIMP
nsCertificatePrincipal::ToUserVisibleString(char **result)
{
return GetCommonName(result);
}
NS_IMETHODIMP
nsCertificatePrincipal::GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList)
{
if (mPrefName.IsEmpty()) {
mPrefName.Assign("capability.principal.certificate.p");
mPrefName.AppendInt(mCapabilitiesOrdinal++);
mPrefName.Append(".id");
}
return nsBasePrincipal::GetPreferences(aPrefName, aID,
aGrantedList, aDeniedList);
}
NS_IMETHODIMP
nsCertificatePrincipal::Equals(nsIPrincipal * other, PRBool * result)
{
*result = PR_FALSE;
if (this == other) {
*result = PR_TRUE;
return NS_OK;
}
if (!other)
return NS_OK;
nsresult rv;
nsCOMPtr<nsICertificatePrincipal> otherCertificate =
do_QueryInterface(other, &rv);
if (NS_FAILED(rv))
return NS_OK;
//-- Compare cert ID's
char* otherID;
rv = otherCertificate->GetCertificateID(&otherID);
if (NS_FAILED(rv))
{
PR_FREEIF(otherID);
return rv;
}
*result = mCertificateID.Equals(otherID);
PR_FREEIF(otherID);
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::HashValue(PRUint32 *result)
{
char* str;
if (NS_FAILED(ToString(&str)) || !str) return NS_ERROR_FAILURE;
*result = nsCRT::HashCode(str, nsnull);
nsCRT::free(str);
return NS_OK;
}
//////////////////////////////////////////
// Methods implementing nsISerializable //
//////////////////////////////////////////
NS_IMETHODIMP
nsCertificatePrincipal::Read(nsIObjectInputStream* aStream)
{
nsresult rv;
rv = nsBasePrincipal::Read(aStream);
if (NS_FAILED(rv)) return rv;
rv = aStream->ReadCString(mCertificateID);
if (NS_FAILED(rv)) return rv;
rv = NS_ReadOptionalCString(aStream, mCommonName);
if (NS_FAILED(rv)) return rv;
return NS_OK;
}
NS_IMETHODIMP
nsCertificatePrincipal::Write(nsIObjectOutputStream* aStream)
{
nsresult rv;
rv = nsBasePrincipal::Write(aStream);
if (NS_FAILED(rv)) return rv;
rv = aStream->WriteStringZ(mCertificateID.get());
if (NS_FAILED(rv)) return rv;
rv = NS_WriteOptionalStringZ(aStream, mCommonName.get());
if (NS_FAILED(rv)) return rv;
return NS_OK;
}
/////////////////////////////////////////////
// Constructor, Destructor, initialization //
/////////////////////////////////////////////
nsresult
nsCertificatePrincipal::InitFromPersistent(const char* aPrefName, const char* aCertID,
const char* aGrantedList, const char* aDeniedList)
{
if (NS_FAILED(Init(aCertID)))
return NS_ERROR_FAILURE;
return nsBasePrincipal::InitFromPersistent(aPrefName, aCertID,
aGrantedList, aDeniedList);
}
NS_IMETHODIMP
nsCertificatePrincipal::Init(const char* aCertificateID)
{
mCertificateID = aCertificateID;
return NS_OK;
}
nsCertificatePrincipal::nsCertificatePrincipal()
{
}
nsCertificatePrincipal::~nsCertificatePrincipal()
{
}

311
caps/src/nsCodebasePrincipal.cpp
Просмотреть файл

@ -1,311 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: NPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Netscape Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1999-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the NPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* Describes principals by their orginating uris */
#include "nsCodebasePrincipal.h"
#include "nsIComponentManager.h"
#include "nsIServiceManager.h"
#include "nsNetUtil.h"
#include "nsIURL.h"
#include "nsIJARURI.h"
#include "nsCOMPtr.h"
#include "nsIPrefBranch.h"
#include "nsIPrefService.h"
#include "nsXPIDLString.h"
#include "nsReadableUtils.h"
#include "nsCRT.h"
#include "nsScriptSecurityManager.h"
NS_IMPL_QUERY_INTERFACE3_CI(nsCodebasePrincipal,
nsICodebasePrincipal,
nsIPrincipal,
nsISerializable)
NS_IMPL_CI_INTERFACE_GETTER3(nsCodebasePrincipal,
nsICodebasePrincipal,
nsIPrincipal,
nsISerializable)
NSBASEPRINCIPALS_ADDREF(nsCodebasePrincipal);
NSBASEPRINCIPALS_RELEASE(nsCodebasePrincipal);
///////////////////////////////////////
// Methods implementing nsIPrincipal //
///////////////////////////////////////
NS_IMETHODIMP
nsCodebasePrincipal::ToString(char **result)
{
*result = nsnull;
PRBool isFile = PR_TRUE;
if(NS_FAILED(mURI->SchemeIs("file", &isFile)))
return NS_ERROR_FAILURE;
if (isFile)
{
nsCOMPtr<nsIURL> url(do_QueryInterface(mURI));
if (url)
{
nsCAutoString directory;
nsresult rv = url->GetDirectory(directory);
if (NS_FAILED(rv))
return rv;
nsCAutoString fileName;
rv = url->GetFileName(fileName);
if (NS_FAILED(rv))
return rv;
*result =
ToNewCString(NS_LITERAL_CSTRING("file://") + directory + fileName);
if (!*result)
return NS_ERROR_OUT_OF_MEMORY;
return NS_OK;
}
}
return GetOrigin(result);
}
NS_IMETHODIMP
nsCodebasePrincipal::ToUserVisibleString(char **result)
{
return ToString(result);
}
NS_IMETHODIMP
nsCodebasePrincipal::GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList)
{
if (mPrefName.IsEmpty())
{
mPrefName.Assign("capability.principal.codebase.p");
mPrefName.AppendInt(mCapabilitiesOrdinal++);
mPrefName.Append(".id");
}
return nsBasePrincipal::GetPreferences(aPrefName, aID,
aGrantedList, aDeniedList);
}
NS_IMETHODIMP
nsCodebasePrincipal::HashValue(PRUint32 *result)
{
nsXPIDLCString spec;
if (NS_FAILED(GetSpec(getter_Copies(spec))))
return NS_ERROR_FAILURE;
*result = nsCRT::HashCode(spec, nsnull);
return NS_OK;
}
NS_IMETHODIMP
nsCodebasePrincipal::CanEnableCapability(const char *capability,
PRInt16 *result)
{
// Either this principal must be preconfigured as a trusted source
// (mTrusted), or else the codebase principal pref must be enabled
if (!mTrusted)
{
static char pref[] = "signed.applets.codebase_principal_support";
nsCOMPtr<nsIPrefBranch> prefBranch(do_GetService(NS_PREFSERVICE_CONTRACTID));
if (!prefBranch)
return NS_ERROR_FAILURE;
PRBool enabled;
if (NS_FAILED(prefBranch->GetBoolPref(pref, &enabled)) || !enabled)
{
// Deny unless subject is executing from file: or resource:
PRBool isFile = PR_FALSE;
PRBool isRes = PR_FALSE;
if (NS_FAILED(mURI->SchemeIs("file", &isFile)) ||
NS_FAILED(mURI->SchemeIs("resource", &isRes)) ||
(!isFile && !isRes))
{
*result = nsIPrincipal::ENABLE_DENIED;
return NS_OK;
}
}
}
nsBasePrincipal::CanEnableCapability(capability, result);
if (*result == nsIPrincipal::ENABLE_UNKNOWN)
*result = ENABLE_WITH_USER_PERMISSION;
return NS_OK;
}
///////////////////////////////////////////////
// Methods implementing nsICodebasePrincipal //
///////////////////////////////////////////////
NS_IMETHODIMP
nsCodebasePrincipal::GetURI(nsIURI **uri)
{
*uri = mURI;
NS_ADDREF(*uri);
return NS_OK;
}
NS_IMETHODIMP
nsCodebasePrincipal::GetOrigin(char **origin)
{
nsresult rv;
nsCAutoString hostPort;
if (NS_SUCCEEDED(mURI->GetHostPort(hostPort)))
{
nsCAutoString scheme;
rv = mURI->GetScheme(scheme);
NS_ENSURE_SUCCESS(rv, rv);
*origin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort);
}
else
{
// Some URIs (e.g., nsSimpleURI) don't support host. Just
// get the full spec.
nsCAutoString spec;
rv = mURI->GetSpec(spec);
NS_ENSURE_SUCCESS(rv, rv);
*origin = ToNewCString(spec);
}
return *origin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsCodebasePrincipal::GetSpec(char **spec)
{
nsCAutoString buf;
nsresult rv = mURI->GetSpec(buf);
if (NS_FAILED(rv)) return rv;
*spec = ToNewCString(buf);
return *spec ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsCodebasePrincipal::Equals(nsIPrincipal *aOther, PRBool *result)
{
if (this == aOther)
{
*result = PR_TRUE;
return NS_OK;
}
*result = PR_FALSE;
if (!aOther)
return NS_OK;
// Get a URI from the other principal
nsCOMPtr<nsICodebasePrincipal> otherCodebase(
do_QueryInterface(aOther));
if (!otherCodebase)
{
// Other principal is not a codebase, so return false
return NS_OK;
}
nsCOMPtr<nsIURI> otherURI;
otherCodebase->GetURI(getter_AddRefs(otherURI));
NS_ENSURE_TRUE(otherURI, NS_ERROR_FAILURE);
return nsScriptSecurityManager::SecurityCompareURIs(mURI,
otherURI,
result);
}
//////////////////////////////////////////
// Methods implementing nsISerializable //
//////////////////////////////////////////
NS_IMETHODIMP
nsCodebasePrincipal::Read(nsIObjectInputStream* aStream)
{
nsresult rv;
rv = nsBasePrincipal::Read(aStream);
if (NS_FAILED(rv)) return rv;
return aStream->ReadObject(PR_TRUE, getter_AddRefs(mURI));
}
NS_IMETHODIMP
nsCodebasePrincipal::Write(nsIObjectOutputStream* aStream)
{
nsresult rv;
rv = nsBasePrincipal::Write(aStream);
if (NS_FAILED(rv)) return rv;
return aStream->WriteCompoundObject(mURI, NS_GET_IID(nsIURI), PR_TRUE);
}
/////////////////////////////////////////////
// Constructor, Destructor, initialization //
/////////////////////////////////////////////
nsCodebasePrincipal::nsCodebasePrincipal() : mTrusted(PR_FALSE)
{
}
nsresult
nsCodebasePrincipal::Init(nsIURI *uri)
{
nsCAutoString codebase;
if (uri == nsnull || NS_FAILED(uri->GetSpec(codebase)))
return NS_ERROR_FAILURE;
if (NS_FAILED(mJSPrincipals.Init(ToNewCString(codebase))))
return NS_ERROR_FAILURE;
// JSPrincipals::Init adopts its input
mURI = uri;
return NS_OK;
}
// This method overrides nsBasePrincipal::InitFromPersistent
nsresult
nsCodebasePrincipal::InitFromPersistent(const char* aPrefName, const char* aURLStr,
const char* aGrantedList, const char* aDeniedList,
PRBool aTrusted)
{
nsresult rv;
nsCOMPtr<nsIURI> uri;
rv = NS_NewURI(getter_AddRefs(uri), nsDependentCString(aURLStr), nsnull);
NS_ASSERTION(NS_SUCCEEDED(rv), "Malformed URI in security.principal preference.");
if (NS_FAILED(rv)) return rv;
if (NS_FAILED(Init(uri))) return NS_ERROR_FAILURE;
// XXX: Add check for trusted = SSL only here?
mTrusted = aTrusted;
return nsBasePrincipal::InitFromPersistent(aPrefName, aURLStr,
aGrantedList, aDeniedList);
}
nsCodebasePrincipal::~nsCodebasePrincipal()
{
}

13
caps/src/nsJSPrincipals.cpp
Просмотреть файл

@ -35,7 +35,10 @@
* the terms of any one of the NPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsCodebasePrincipal.h"
#include "nsString.h"
#include "nsIObjectOutputStream.h"
#include "nsIObjectInputStream.h"
#include "nsJSPrincipals.h"
#include "plstr.h"
#include "nsXPIDLString.h"
@ -138,7 +141,7 @@ nsTranscodeJSPrincipals(JSXDRState *xdr, JSPrincipals **jsprinp)
nsMemory::Free(olddata);
::JS_XDRMemSetData(xdr, data, size);
prin->GetJSPrincipals(jsprinp);
prin->GetJsPrincipals(jsprinp);
}
}
}
@ -185,6 +188,12 @@ nsJSPrincipals::nsJSPrincipals()
nsresult
nsJSPrincipals::Init(char *aCodebase)
{
if (codebase)
{
NS_ERROR("Init called twice!");
return NS_ERROR_UNEXPECTED;
}
codebase = aCodebase;
return NS_OK;
}

796
caps/src/nsPrincipal.cpp Executable file
Просмотреть файл

@ -0,0 +1,796 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2003
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Christopher A. Aillon <christopher@aillon.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nscore.h"
#include "nsScriptSecurityManager.h"
#include "nsString.h"
#include "nsReadableUtils.h"
#include "plstr.h"
#include "nsCRT.h"
#include "nsIURI.h"
#include "nsNetUtil.h"
#include "nsJSPrincipals.h"
#include "nsVoidArray.h"
#include "nsHashtable.h"
#include "nsIObjectInputStream.h"
#include "nsIObjectOutputStream.h"
#include "nsPrincipal.h"
// Static member variables
PRInt32 nsPrincipal::sCapabilitiesOrdinal = 0;
const char nsPrincipal::sInvalid[] = "Invalid";
nsPrincipal::nsPrincipal()
: mCapabilities(7)
{
}
NS_IMPL_QUERY_INTERFACE2_CI(nsPrincipal,
nsIPrincipal,
nsISerializable)
NS_IMPL_CI_INTERFACE_GETTER2(nsPrincipal,
nsIPrincipal,
nsISerializable)
NS_IMETHODIMP_(nsrefcnt)
nsPrincipal::AddRef()
{
NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");
// XXXcaa does this need to be threadsafe? See bug 143559.
nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount);
NS_LOG_ADDREF(this, count, "nsPrincipal", sizeof(*this));
return count;
}
NS_IMETHODIMP_(nsrefcnt)
nsPrincipal::Release()
{
NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release");
nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount);
NS_LOG_RELEASE(this, count, "nsPrincipal");
if (count == 0) {
NS_DELETEXPCOM(this);
}
return count;
}
nsPrincipal::nsPrincipal(nsIURI *aURI)
: mSecurityPolicy(nsnull),
mCodebase(aURI)
{
}
PR_STATIC_CALLBACK(PRBool)
deleteElement(void* aElement, void *aData)
{
nsHashtable *ht = (nsHashtable *) aElement;
delete ht;
return PR_TRUE;
}
nsPrincipal::~nsPrincipal(void)
{
mAnnotations.EnumerateForwards(deleteElement, nsnull);
delete mCert;
}
NS_IMETHODIMP
nsPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
{
if (!mJSPrincipals.nsIPrincipalPtr) {
// Don't addref here, since we are referencing each other.
mJSPrincipals.nsIPrincipalPtr = this;
}
*jsprin = &mJSPrincipals;
// JSPRINCIPALS_HOLD does not use its first argument.
// Just use a dummy cx to save the codesize.
JSPRINCIPALS_HOLD(cx, *jsprin);
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::GetOrigin(char **aOrigin)
{
nsIURI* uri = mDomain ? mDomain : mCodebase;
NS_ASSERTION(uri, "No Domain or Codebase");
nsCAutoString hostPort;
nsresult rv = uri->GetHostPort(hostPort);
if (NS_SUCCEEDED(rv)) {
nsCAutoString scheme;
rv = uri->GetScheme(scheme);
NS_ENSURE_SUCCESS(rv, rv);
*aOrigin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort);
}
else {
// Some URIs (e.g., nsSimpleURI) don't support host. Just
// get the full spec.
nsCAutoString spec;
rv = uri->GetSpec(spec);
NS_ENSURE_SUCCESS(rv, rv);
*aOrigin = ToNewCString(spec);
}
return *aOrigin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsPrincipal::GetSecurityPolicy(void** aSecurityPolicy)
{
*aSecurityPolicy = mSecurityPolicy;
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::SetSecurityPolicy(void* aSecurityPolicy)
{
mSecurityPolicy = aSecurityPolicy;
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::Equals(nsIPrincipal *aOther, PRBool *aResult)
{
*aResult = PR_FALSE;
if (!aOther) {
NS_WARNING("Need a principal to compare this to!");
return NS_OK;
}
if (this != aOther) {
if (mCert) {
PRBool otherHasCert;
aOther->GetHasCertificate(&otherHasCert);
if (!otherHasCert) {
return NS_OK;
}
nsXPIDLCString otherCertID;
aOther->GetCertificateID(getter_Copies(otherCertID));
if (!otherCertID.Equals(mCert->certificateID)) {
return NS_OK;
}
}
// Codebases are equal if they have the same origin.
nsIURI *origin = mDomain ? mDomain : mCodebase;
nsCOMPtr<nsIURI> otherOrigin;
aOther->GetDomain(getter_AddRefs(otherOrigin));
if (!otherOrigin) {
aOther->GetURI(getter_AddRefs(otherOrigin));
}
return nsScriptSecurityManager::SecurityCompareURIs(origin,
otherOrigin,
aResult);
}
*aResult = PR_TRUE;
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::CanEnableCapability(const char *capability, PRInt16 *result)
{
// If this principal is marked invalid, can't enable any capabilities
nsCStringKey invalidKey(sInvalid);
if (mCapabilities.Exists(&invalidKey)) {
*result = nsIPrincipal::ENABLE_DENIED;
return NS_OK;
}
const char *start = capability;
*result = nsIPrincipal::ENABLE_GRANTED;
for(;;) {
const char *space = PL_strchr(start, ' ');
PRInt32 len = space ? space - start : strlen(start);
nsCAutoString capString(start, len);
nsCStringKey key(capString);
PRInt16 value = (PRInt16)NS_PTR_TO_INT32(mCapabilities.Get(&key));
if (value == 0) {
value = nsIPrincipal::ENABLE_UNKNOWN;
}
if (value < *result) {
*result = value;
}
if (!space) {
break;
}
start = space + 1;
}
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::SetCanEnableCapability(const char *capability,
PRInt16 canEnable)
{
// If this principal is marked invalid, can't enable any capabilities
nsCStringKey invalidKey(sInvalid);
if (mCapabilities.Exists(&invalidKey)) {
return NS_OK;
}
if (PL_strcmp(capability, sInvalid) == 0) {
mCapabilities.Reset();
}
const char *start = capability;
for(;;) {
const char *space = PL_strchr(start, ' ');
int len = space ? space - start : strlen(start);
nsCAutoString capString(start, len);
nsCStringKey key(capString);
mCapabilities.Put(&key, NS_INT32_TO_PTR(canEnable));
if (!space) {
break;
}
start = space + 1;
}
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::IsCapabilityEnabled(const char *capability, void *annotation,
PRBool *result)
{
*result = PR_FALSE;
nsHashtable *ht = (nsHashtable *) annotation;
if (!ht) {
return NS_OK;
}
const char *start = capability;
for(;;) {
const char *space = PL_strchr(start, ' ');
int len = space ? space - start : strlen(start);
nsCAutoString capString(start, len);
nsCStringKey key(capString);
*result = (ht->Get(&key) == (void *) AnnotationEnabled);
if (!*result) {
// If any single capability is not enabled, then return false.
return NS_OK;
}
if (!space) {
return NS_OK;
}
start = space + 1;
}
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::EnableCapability(const char *capability, void **annotation)
{
return SetCapability(capability, annotation, AnnotationEnabled);
}
NS_IMETHODIMP
nsPrincipal::DisableCapability(const char *capability, void **annotation)
{
return SetCapability(capability, annotation, AnnotationDisabled);
}
NS_IMETHODIMP
nsPrincipal::RevertCapability(const char *capability, void **annotation)
{
if (*annotation) {
nsHashtable *ht = (nsHashtable *) *annotation;
const char *start = capability;
for(;;) {
const char *space = PL_strchr(start, ' ');
int len = space ? space - start : strlen(start);
nsCAutoString capString(start, len);
nsCStringKey key(capString);
ht->Remove(&key);
if (!space) {
return NS_OK;
}
start = space + 1;
}
}
return NS_OK;
}
nsresult
nsPrincipal::SetCapability(const char *capability, void **annotation,
AnnotationValue value)
{
if (*annotation == nsnull) {
*annotation = new nsHashtable(5);
if (!*annotation) {
return NS_ERROR_OUT_OF_MEMORY;
}
// This object owns its annotations. Save them so we can release
// them when we destroy this object.
mAnnotations.AppendElement(*annotation);
}
const char *start = capability;
for(;;) {
const char *space = PL_strchr(start, ' ');
int len = space ? space - start : strlen(start);
nsCAutoString capString(start, len);
nsCStringKey key(capString);
nsHashtable *ht = (nsHashtable *) *annotation;
ht->Put(&key, (void *) value);
if (!space) {
break;
}
start = space + 1;
}
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::GetHasCertificate(PRBool* aResult)
{
*aResult = (mCert != nsnull);
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::GetURI(nsIURI** aURI)
{
NS_IF_ADDREF(*aURI = mCodebase);
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::SetURI(nsIURI* aURI)
{
mCodebase = aURI;
mDomain = nsnull;
// Codebase has changed, forget cached security policy
mSecurityPolicy = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::SetCertificateID(const char* aID)
{
if (!aID) {
mCert = nsnull;
return NS_OK;
}
if (!mCert) {
mCert = new Certificate(aID, "");
if (!mCert) {
return NS_ERROR_OUT_OF_MEMORY;
}
}
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::GetCertificateID(char** aID)
{
NS_ENSURE_STATE(mCert);
*aID = ToNewCString(mCert->certificateID);
if (!*aID) {
return NS_ERROR_OUT_OF_MEMORY;
}
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::GetCommonName(char** aName)
{
NS_ENSURE_STATE(mCert);
*aName = ToNewCString(mCert->commonName);
if (!*aName) {
return NS_ERROR_OUT_OF_MEMORY;
}
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::SetCommonName(const char* aName)
{
if (!mCert) {
NS_ERROR("You must first initialize the certificate with an ID");
return NS_ERROR_FAILURE;
}
mCert->commonName = aName;
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::GetHashValue(PRUint32* aValue)
{
NS_PRECONDITION(mCert || mCodebase, "Need a cert or codebase");
// If there is a certificate, it takes precendence over the codebase.
if (mCert) {
*aValue = nsCRT::HashCode(mCert->certificateID.get(), nsnull);
}
else {
nsCAutoString str;
mCodebase->GetSpec(str);
*aValue = nsCRT::HashCode(str.get(), nsnull);
}
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::GetDomain(nsIURI** aDomain)
{
NS_IF_ADDREF(*aDomain = mDomain);
return NS_OK;
}
NS_IMETHODIMP
nsPrincipal::SetDomain(nsIURI* aDomain)
{
mDomain = aDomain;
// Domain has changed, forget cached security policy
mSecurityPolicy = nsnull;
return NS_OK;
}
nsresult
nsPrincipal::InitFromPersistent(const char* aPrefName,
const char* aToken,
const char* aGrantedList,
const char* aDeniedList,
PRBool aIsCert,
PRBool aTrusted)
{
NS_PRECONDITION(mCapabilities.Count() == 0,
"mCapabilities was already initialized?");
NS_PRECONDITION(mAnnotations.Count() == 0,
"mAnnotations was already initialized?");
if (aIsCert) {
SetCertificateID(aToken);
}
else {
nsCOMPtr<nsIURI> uri;
nsresult rv = NS_NewURI(getter_AddRefs(uri), aToken, nsnull);
if (NS_FAILED(rv)) {
NS_ERROR("Malformed URI in capability.principal preference.");
return rv;
}
nsCAutoString token;
rv = uri->GetSpec(token);
if (NS_FAILED(rv)) {
return rv;
}
rv = mJSPrincipals.Init(PL_strdup(token.get()));
if (NS_FAILED(rv)) {
return rv;
}
mTrusted = aTrusted;
}
//-- Save the preference name
mPrefName = aPrefName;
const char* ordinalBegin = PL_strpbrk(aPrefName, "1234567890");
if (ordinalBegin) {
PRIntn n = atoi(ordinalBegin);
if (sCapabilitiesOrdinal <= n) {
sCapabilitiesOrdinal = n + 1;
}
}
//-- Store the capabilities
nsresult rv = NS_OK;
if (aGrantedList) {
rv = SetCanEnableCapability(aGrantedList, nsIPrincipal::ENABLE_GRANTED);
}
if (NS_SUCCEEDED(rv) && aDeniedList) {
rv = SetCanEnableCapability(aDeniedList, nsIPrincipal::ENABLE_DENIED);
}
return rv;
}
struct CapabilityList
{
nsCString* granted;
nsCString* denied;
};
PR_STATIC_CALLBACK(PRBool)
AppendCapability(nsHashKey *aKey, void *aData, void *capListPtr)
{
CapabilityList* capList = (CapabilityList*)capListPtr;
PRInt16 value = (PRInt16)NS_PTR_TO_INT32(aData);
nsCStringKey* key = (nsCStringKey *)aKey;
if (value == nsIPrincipal::ENABLE_GRANTED) {
capList->granted->Append(key->GetString(), key->GetStringLength());
capList->granted->Append(' ');
}
else if (value == nsIPrincipal::ENABLE_DENIED) {
capList->denied->Append(key->GetString(), key->GetStringLength());
capList->denied->Append(' ');
}
return PR_TRUE;
}
NS_IMETHODIMP
nsPrincipal::GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList)
{
if (mPrefName.IsEmpty()) {
if (mCert) {
mPrefName.Assign("capability.principal.certificate.p");
}
else {
mPrefName.Assign("capability.principal.codebase.p");
}
mPrefName.AppendInt(sCapabilitiesOrdinal++);
mPrefName.Append(".id");
}
*aPrefName = nsnull;
*aID = nsnull;
*aGrantedList = nsnull;
*aDeniedList = nsnull;
char *prefName = nsnull;
char *id = nsnull;
char *granted = nsnull;
char *denied = nsnull;
//-- Preference name
prefName = ToNewCString(mPrefName);
if (!prefName) {
return NS_ERROR_OUT_OF_MEMORY;
}
//-- ID
nsresult rv;
if (mCert) {
rv = GetCertificateID(&id);
}
else {
rv = GetOrigin(&id);
}
if (NS_FAILED(rv)) {
nsMemory::Free(prefName);
return rv;
}
//-- Capabilities
nsCAutoString grantedListStr, deniedListStr;
CapabilityList capList = CapabilityList();
capList.granted = &grantedListStr;
capList.denied = &deniedListStr;
mCapabilities.Enumerate(AppendCapability, (void*)&capList);
if (!grantedListStr.IsEmpty()) {
grantedListStr.Truncate(grantedListStr.Length() - 1);
granted = ToNewCString(grantedListStr);
if (!granted) {
nsMemory::Free(prefName);
nsMemory::Free(id);
return NS_ERROR_OUT_OF_MEMORY;
}
}
if (!deniedListStr.IsEmpty()) {
deniedListStr.Truncate(deniedListStr.Length() - 1);
denied = ToNewCString(deniedListStr);
if (!denied) {
nsMemory::Free(prefName);
nsMemory::Free(id);
if (granted) {
nsMemory::Free(granted);
}
return NS_ERROR_OUT_OF_MEMORY;
}
}
*aPrefName = prefName;
*aID = id;
*aGrantedList = granted;
*aDeniedList = denied;
return NS_OK;
}
PR_STATIC_CALLBACK(nsresult)
ReadAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey** aKey,
void** aData)
{
nsresult rv;
nsCStringKey* key = new nsCStringKey(aStream, &rv);
if (NS_FAILED(rv)) {
return rv;
}
PRUint32 value;
rv = aStream->Read32(&value);
if (NS_FAILED(rv)) {
delete key;
return rv;
}
*aKey = key;
*aData = (void*) value;
return NS_OK;
}
PR_STATIC_CALLBACK(void)
FreeAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey* aKey,
void* aData)
{
delete aKey;
}
NS_IMETHODIMP
nsPrincipal::Read(nsIObjectInputStream* aStream)
{
PRUint32 annotationCount;
nsresult rv = aStream->Read32(&annotationCount);
if (NS_FAILED(rv)) {
return rv;
}
for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) {
nsHashtable *ht = new nsHashtable(aStream,
ReadAnnotationEntry,
FreeAnnotationEntry,
&rv);
if (!ht) {
return NS_ERROR_OUT_OF_MEMORY;
}
if (NS_FAILED(rv)) {
delete ht;
return rv;
}
if (!mAnnotations.InsertElementAt(NS_REINTERPRET_CAST(void*, ht), i)) {
delete ht;
return NS_ERROR_OUT_OF_MEMORY;
}
}
PRBool hasCapabilities;
rv = aStream->ReadBoolean(&hasCapabilities);
if (NS_SUCCEEDED(rv) && hasCapabilities) {
mCapabilities = nsHashtable(aStream,
ReadAnnotationEntry,
FreeAnnotationEntry,
&rv);
}
if (NS_FAILED(rv)) {
return rv;
}
rv = NS_ReadOptionalCString(aStream, mPrefName);
if (NS_FAILED(rv)) {
return rv;
}
return NS_OK;
}
PR_STATIC_CALLBACK(nsresult)
WriteScalarValue(nsIObjectOutputStream* aStream, void* aData)
{
PRUint32 value = NS_PTR_TO_INT32(aData);
return aStream->Write32(value);
}
NS_IMETHODIMP
nsPrincipal::Write(nsIObjectOutputStream* aStream)
{
PRUint32 annotationCount = PRUint32(mAnnotations.Count());
nsresult rv = aStream->Write32(annotationCount);
if (NS_FAILED(rv)) {
return rv;
}
for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) {
nsHashtable *ht = NS_REINTERPRET_CAST(nsHashtable *, mAnnotations[i]);
rv = ht->Write(aStream, WriteScalarValue);
if (NS_FAILED(rv)) {
return rv;
}
}
PRBool hasCapabilities = (mCapabilities.Count() > 0);
rv = aStream->WriteBoolean(hasCapabilities);
if (NS_SUCCEEDED(rv) && hasCapabilities) {
rv = mCapabilities.Write(aStream, WriteScalarValue);
}
if (NS_FAILED(rv)) {
return rv;
}
rv = NS_WriteOptionalStringZ(aStream, mPrefName.get());
if (NS_FAILED(rv)) {
return rv;
}
return NS_OK;
}

598
caps/src/nsScriptSecurityManager.cpp
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

52
caps/src/nsSecurityManagerFactory.cpp
Просмотреть файл

@ -43,9 +43,7 @@
#include "nsIScriptSecurityManager.h"
#include "nsScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsAggregatePrincipal.h"
#include "nsCertificatePrincipal.h"
#include "nsCodebasePrincipal.h"
#include "nsPrincipal.h"
#include "nsSystemPrincipal.h"
#include "nsIScriptNameSpaceManager.h"
#include "nsIScriptExternalNameSet.h"
@ -235,7 +233,7 @@ netscape_security_invalidate(JSContext *cx, JSObject *obj, uintN argc,
// NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
rv = securityManager->SetCanEnableCapability(principalID,
nsBasePrincipal::Invalid,
nsPrincipal::sInvalid,
nsIPrincipal::ENABLE_GRANTED);
if (NS_FAILED(rv))
return JS_FALSE;
@ -310,17 +308,13 @@ nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsAggregatePrincipal)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertificatePrincipal)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCodebasePrincipal)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsPrincipal)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecurityNameSet)
NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(nsSystemPrincipal,
nsScriptSecurityManager::SystemPrincipalSingletonConstructor)
NS_DECL_CLASSINFO(nsAggregatePrincipal)
NS_DECL_CLASSINFO(nsCertificatePrincipal)
NS_DECL_CLASSINFO(nsCodebasePrincipal)
NS_DECL_CLASSINFO(nsPrincipal)
NS_DECL_CLASSINFO(nsSystemPrincipal)
@ -388,42 +382,16 @@ static const nsModuleComponentInfo capsComponentInfo[] =
nsIClassInfo::MAIN_THREAD_ONLY
},
{ NS_AGGREGATEPRINCIPAL_CLASSNAME,
NS_AGGREGATEPRINCIPAL_CID,
NS_AGGREGATEPRINCIPAL_CONTRACTID,
nsAggregatePrincipalConstructor,
{ NS_PRINCIPAL_CLASSNAME,
NS_PRINCIPAL_CID,
NS_PRINCIPAL_CONTRACTID,
nsPrincipalConstructor,
nsnull,
nsnull,
nsnull,
NS_CI_INTERFACE_GETTER_NAME(nsAggregatePrincipal),
NS_CI_INTERFACE_GETTER_NAME(nsPrincipal),
nsnull,
&NS_CLASSINFO_NAME(nsAggregatePrincipal),
nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
},
{ NS_CERTIFICATEPRINCIPAL_CLASSNAME,
NS_CERTIFICATEPRINCIPAL_CID,
NS_CERTIFICATEPRINCIPAL_CONTRACTID,
nsCertificatePrincipalConstructor,
nsnull,
nsnull,
nsnull,
NS_CI_INTERFACE_GETTER_NAME(nsCertificatePrincipal),
nsnull,
&NS_CLASSINFO_NAME(nsCertificatePrincipal),
nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
},
{ NS_CODEBASEPRINCIPAL_CLASSNAME,
NS_CODEBASEPRINCIPAL_CID,
NS_CODEBASEPRINCIPAL_CONTRACTID,
nsCodebasePrincipalConstructor,
nsnull,
nsnull,
nsnull,
NS_CI_INTERFACE_GETTER_NAME(nsCodebasePrincipal),
nsnull,
&NS_CLASSINFO_NAME(nsCodebasePrincipal),
&NS_CLASSINFO_NAME(nsPrincipal),
nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
},

154
caps/src/nsSystemPrincipal.cpp
Просмотреть файл

@ -47,40 +47,53 @@
#include "nsXPIDLString.h"
#include "nsReadableUtils.h"
#include "nsCRT.h"
#include "nsString.h"
NS_IMPL_QUERY_INTERFACE2_CI(nsSystemPrincipal, nsIPrincipal, nsISerializable)
NS_IMPL_CI_INTERFACE_GETTER2(nsSystemPrincipal, nsIPrincipal, nsISerializable)
NS_IMPL_QUERY_INTERFACE2_CI(nsSystemPrincipal,
nsIPrincipal,
nsISerializable)
NS_IMPL_CI_INTERFACE_GETTER2(nsSystemPrincipal,
nsIPrincipal,
nsISerializable)
NSBASEPRINCIPALS_ADDREF(nsSystemPrincipal);
NSBASEPRINCIPALS_RELEASE(nsSystemPrincipal);
NS_IMETHODIMP_(nsrefcnt)
nsSystemPrincipal::AddRef()
{
NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");
nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount);
NS_LOG_ADDREF(this, count, "nsSystemPrincipal", sizeof(*this));
return count;
}
NS_IMETHODIMP_(nsrefcnt)
nsSystemPrincipal::Release()
{
NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release");
nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount);
NS_LOG_RELEASE(this, count, "nsSystemPrincipal");
if (count == 0) {
NS_DELETEXPCOM(this);
}
return count;
}
///////////////////////////////////////
// Methods implementing nsIPrincipal //
///////////////////////////////////////
NS_IMETHODIMP
nsSystemPrincipal::ToString(char **result)
{
nsAutoString buf;
buf.Assign(NS_LITERAL_STRING("[System]"));
*result = ToNewCString(buf);
return *result ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsSystemPrincipal::ToUserVisibleString(char **result)
{
return ToString(result);
}
NS_IMETHODIMP
nsSystemPrincipal::GetPreferences(char** aPrefName, char** aID,
char** aGrantedList, char** aDeniedList)
{
// The system principal should never be streamed out
*aPrefName = nsnull;
*aID = nsnull;
*aGrantedList = nsnull;
*aDeniedList = nsnull;
return NS_ERROR_FAILURE;
}
@ -92,7 +105,7 @@ nsSystemPrincipal::Equals(nsIPrincipal *other, PRBool *result)
}
NS_IMETHODIMP
nsSystemPrincipal::HashValue(PRUint32 *result)
nsSystemPrincipal::GetHashValue(PRUint32 *result)
{
*result = NS_PTR_TO_INT32(this);
return NS_OK;
@ -127,12 +140,14 @@ nsSystemPrincipal::IsCapabilityEnabled(const char *capability,
NS_IMETHODIMP
nsSystemPrincipal::EnableCapability(const char *capability, void **annotation)
{
*annotation = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::RevertCapability(const char *capability, void **annotation)
{
*annotation = nsnull;
return NS_OK;
}
@ -141,9 +156,104 @@ nsSystemPrincipal::DisableCapability(const char *capability, void **annotation)
{
// Can't disable the capabilities of the system principal.
// XXX might be handy to be able to do so!
*annotation = nsnull;
return NS_ERROR_FAILURE;
}
NS_IMETHODIMP
nsSystemPrincipal::GetURI(nsIURI** aURI)
{
*aURI = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::SetURI(nsIURI* aURI)
{
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetOrigin(char** aOrigin)
{
*aOrigin = ToNewCString(NS_LITERAL_CSTRING("[System]"));
return *aOrigin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsSystemPrincipal::SetCertificateID(const char* aID)
{
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetCertificateID(char** aID)
{
*aID = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetCommonName(char** aName)
{
*aName = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::SetCommonName(const char* aName)
{
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetHasCertificate(PRBool* aResult)
{
*aResult = PR_FALSE;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetDomain(nsIURI** aDomain)
{
*aDomain = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::SetDomain(nsIURI* aDomain)
{
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetSecurityPolicy(void** aSecurityPolicy)
{
*aSecurityPolicy = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::SetSecurityPolicy(void* aSecurityPolicy)
{
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetJsPrincipals(JSPrincipals **jsprin)
{
if (mJSPrincipals.nsIPrincipalPtr == nsnull) {
mJSPrincipals.nsIPrincipalPtr = this;
// No need for a ADDREF since it is a self-reference
}
*jsprin = &mJSPrincipals;
JSPRINCIPALS_HOLD(cx, *jsprin);
return NS_OK;
}
//////////////////////////////////////////
// Methods implementing nsISerializable //
//////////////////////////////////////////
@ -170,7 +280,7 @@ nsSystemPrincipal::nsSystemPrincipal()
{
}
NS_IMETHODIMP
nsresult
nsSystemPrincipal::Init()
{
char *codebase = nsCRT::strdup("[System Principal]");

20
content/base/src/nsDocument.cpp
Просмотреть файл

@ -87,7 +87,7 @@
#include "nsNetUtil.h" // for NS_MakeAbsoluteURI
#include "nsIScriptSecurityManager.h"
#include "nsIAggregatePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIPrivateDOMImplementation.h"
#include "nsIDOMWindowInternal.h"
@ -848,18 +848,22 @@ nsDocument::GetPrincipal(nsIPrincipal **aPrincipal)
NS_IMETHODIMP
nsDocument::AddPrincipal(nsIPrincipal *aNewPrincipal)
{
nsresult rv;
NS_PRECONDITION(aNewPrincipal, "Null principal!");
if (!mPrincipal) {
nsCOMPtr<nsIPrincipal> principal;
rv = GetPrincipal(getter_AddRefs(principal));
nsresult rv = GetPrincipal(getter_AddRefs(principal));
NS_ENSURE_SUCCESS(rv, rv);
}
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
if (NS_SUCCEEDED(rv)) {
rv = agg->Intersect(aNewPrincipal);
if (NS_FAILED(rv))
return rv;
PRBool hasCert;
mPrincipal->GetHasCertificate(&hasCert);
if (hasCert) {
PRBool equal;
mPrincipal->Equals(aNewPrincipal, &equal);
if (!equal) {
mPrincipal->SetCertificateID(nsnull);
}
}
return NS_OK;

7
content/base/src/nsFrameLoader.cpp
Просмотреть файл

@ -59,7 +59,6 @@
#include "nsIWebShell.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIURI.h"
#include "nsNetUtil.h"
@ -191,12 +190,8 @@ nsFrameLoader::LoadFrame()
// If we were called from script, get the referring URL from the script
if (principal) {
nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(principal));
if (codebase) {
rv = codebase->GetURI(getter_AddRefs(referrer));
rv = principal->GetURI(getter_AddRefs(referrer));
NS_ENSURE_SUCCESS(rv, rv);
}
// Pass the script principal to the docshell

2
content/base/src/nsGenericElement.cpp
Просмотреть файл

@ -74,7 +74,7 @@
#include "nsINameSpaceManager.h"
#include "nsContentList.h"
#include "nsDOMError.h"
#include "nsScriptSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsIDOMMutationEvent.h"
#include "nsMutationEvent.h"

1
content/base/src/nsNodeInfoManager.cpp
Просмотреть файл

@ -43,6 +43,7 @@
#include "nsIAtom.h"
#include "nsIDocument.h"
#include "nsIPrincipal.h"
#include "nsIURI.h"
#include "nsISupportsArray.h"
#include "nsContentUtils.h"

4
content/base/src/nsNodeInfoManager.h
Просмотреть файл

@ -42,10 +42,10 @@
#include "nsINodeInfo.h"
#include "nsCOMPtr.h"
#include "plhash.h"
#include "nsIURI.h"
#include "nsIPrincipal.h"
class nsNodeInfo;
class nsIPrincipal;
class nsIURI;
class nsNodeInfoManager : public nsINodeInfoManager

2
content/base/src/nsRange.cpp
Просмотреть файл

@ -61,7 +61,7 @@
#include "nsParserCIID.h"
#include "nsIHTMLFragmentContentSink.h"
#include "nsIEnumerator.h"
#include "nsScriptSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsIScriptGlobalObject.h"
#include "nsIScriptContext.h"
#include "nsIHTMLDocument.h"

10
content/base/src/nsScriptLoader.cpp
Просмотреть файл

@ -868,13 +868,10 @@ nsScriptLoader::OnStreamComplete(nsIStreamLoader* aLoader,
if (channel) {
nsCOMPtr<nsISupports> owner;
channel->GetOwner(getter_AddRefs(owner));
nsCOMPtr<nsIPrincipal> prin;
nsCOMPtr<nsIPrincipal> principal = do_QueryInterface(owner);
if (owner) {
prin = do_QueryInterface(owner, &rv);
}
rv = mDocument->AddPrincipal(prin);
if (principal) {
rv = mDocument->AddPrincipal(principal);
if (NS_FAILED(rv)) {
mPendingRequests.RemoveObject(request);
FireScriptAvailable(rv, request, NS_LITERAL_STRING(""));
@ -883,6 +880,7 @@ nsScriptLoader::OnStreamComplete(nsIStreamLoader* aLoader,
}
}
}
}
// If we're not the first in the pending list, we mark ourselves

1
content/events/src/nsEventListenerManager.h
Просмотреть файл

@ -42,7 +42,6 @@
#include "nsIEventListenerManager.h"
#include "jsapi.h"
#include "nsCOMPtr.h"
#include "nsIPrincipal.h"
#include "nsIDOMEventReceiver.h"
#include "nsIDOM3EventTarget.h"
#include "nsHashtable.h"

17
content/html/document/src/nsHTMLContentSink.cpp
Просмотреть файл

@ -116,8 +116,6 @@
#include "nsVoidArray.h"
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsICodebasePrincipal.h"
#include "nsIAggregatePrincipal.h"
#include "nsTextFragment.h"
#include "nsIScriptGlobalObject.h"
#include "nsIScriptGlobalObjectOwner.h"
@ -5181,25 +5179,16 @@ HTMLContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
return rv;
}
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(docPrincipal, &rv));
// Document principal should always be an aggregate
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIURI> codebaseURI;
docPrincipal->GetURI(getter_AddRefs(codebaseURI));
nsCOMPtr<nsIPrincipal> originalPrincipal;
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
nsCOMPtr<nsICodebasePrincipal> originalCodebase =
do_QueryInterface(originalPrincipal, &rv);
if (NS_FAILED(rv)) {
if (!codebaseURI) {
// Document's principal is not a codebase (may be system), so
// can't set cookies
return NS_OK;
}
nsCOMPtr<nsIURI> codebaseURI;
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
NS_ENSURE_SUCCESS(rv, rv);
char *cookie = ToNewUTF8String(aValue);
nsCOMPtr<nsIScriptGlobalObject> globalObj;
nsCOMPtr<nsIPrompt> prompt;

82
content/html/document/src/nsHTMLDocument.cpp
Просмотреть файл

@ -85,8 +85,7 @@
#include "nsIXPConnect.h"
#include "nsContentList.h"
#include "nsDOMError.h"
#include "nsICodebasePrincipal.h"
#include "nsIAggregatePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsIScrollableView.h"
@ -1896,11 +1895,10 @@ nsHTMLDocument::GetDomainURI(nsIURI **aURI)
if (NS_FAILED(GetPrincipal(getter_AddRefs(principal))))
return;
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
if (!codebase)
return;
codebase->GetURI(aURI);
principal->GetDomain(aURI);
if (!*aURI) {
principal->GetURI(aURI);
}
}
@ -1972,27 +1970,10 @@ nsHTMLDocument::SetDomain(const nsAString& aDomain)
if (NS_FAILED(NS_NewURI(getter_AddRefs(newURI), newURIString)))
return NS_ERROR_FAILURE;
// Get codebase principal
nsresult rv;
nsCOMPtr<nsIScriptSecurityManager> securityManager =
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
nsCOMPtr<nsIPrincipal> newCodebase;
rv = securityManager->GetCodebasePrincipal(newURI,
getter_AddRefs(newCodebase));
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(mPrincipal, &rv);
NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate.");
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
rv = agg->SetCodebase(newCodebase);
nsresult rv = mPrincipal->SetDomain(newURI);
// Bug 13871: Frameset spoofing - note that document.domain was set
if (NS_SUCCEEDED(rv)) {
agg->SetDomainChanged(PR_TRUE);
mDomainWasSet = PR_TRUE;
}
@ -2257,23 +2238,16 @@ nsHTMLDocument::GetCookie(nsAString& aCookie)
if (service) {
// Get a URI from the document principal. We use the original
// codebase in case the codebase was changed by SetDomain
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
// Document principal should always be an aggregate
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIURI> codebaseURI;
mPrincipal->GetURI(getter_AddRefs(codebaseURI));
if (!codebaseURI) {
// Document's principal is not a codebase (may be system), so
// can't set cookies
nsCOMPtr<nsIPrincipal> originalPrincipal;
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
nsCOMPtr<nsICodebasePrincipal> originalCodebase(
do_QueryInterface(originalPrincipal, &rv));
if (NS_FAILED(rv)) {
// Document's principal is not a codebase, so can't get cookies
return NS_OK;
}
nsCOMPtr<nsIURI> codebaseURI;
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
NS_ENSURE_SUCCESS(rv, rv);
nsXPIDLCString cookie;
rv = service->GetCookieString(codebaseURI, mChannel, getter_Copies(cookie));
if (NS_SUCCEEDED(rv) && cookie)
@ -2309,25 +2283,16 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie)
}
}
// Get a URI from the document principal. We use the original
// codebase in case the codebase was changed by SetDomain
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(mPrincipal, &rv));
// Document principal should always be an aggregate
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIURI> codebaseURI;
mPrincipal->GetURI(getter_AddRefs(codebaseURI));
if (!codebaseURI) {
// Document's principal is not a codebase (may be system), so
// can't set cookies
nsCOMPtr<nsIPrincipal> originalPrincipal;
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
nsCOMPtr<nsICodebasePrincipal> originalCodebase(
do_QueryInterface(originalPrincipal, &rv));
if (NS_FAILED(rv)) {
// Document's principal is not a codebase, so can't set cookies
return NS_OK;
}
nsCOMPtr<nsIURI> codebaseURI;
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
NS_ENSURE_SUCCESS(rv, rv);
rv = NS_ERROR_OUT_OF_MEMORY;
char* cookie = ToNewCString(aCookie);
if (cookie) {
@ -2703,19 +2668,12 @@ nsHTMLDocument::ScriptWriteCommon(PRBool aNewlineTerminate)
rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
NS_ENSURE_SUCCESS(rv, rv);
// why is the above code duplicated below???
rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
NS_ENSURE_SUCCESS(rv, rv);
if (subject) {
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(subject);
if (codebase) {
nsCOMPtr<nsIURI> subjectURI;
rv = codebase->GetURI(getter_AddRefs(subjectURI));
NS_ENSURE_SUCCESS(rv, rv);
subject->GetURI(getter_AddRefs(subjectURI));
if (subjectURI) {
mDocumentURL = subjectURI;
mPrincipal = subject;
}
}

28
content/xml/document/src/nsXMLContentSink.cpp
Просмотреть файл

@ -98,8 +98,6 @@
#include "nsIChannel.h"
#include "nsIHttpChannel.h"
#include "nsIPrincipal.h"
#include "nsIAggregatePrincipal.h"
#include "nsICodebasePrincipal.h"
#include "nsXBLAtoms.h"
#include "nsXMLPrettyPrinter.h"
@ -1082,25 +1080,19 @@ nsXMLContentSink::ProcessHeaderData(nsIAtom* aHeader,const nsAString& aValue,nsI
// We use the original codebase in case the codebase was changed by SetDomain
nsCOMPtr<nsIPrincipal> docPrincipal;
rv = mDocument->GetPrincipal(getter_AddRefs(docPrincipal));
if (NS_FAILED(rv)) return rv;
if (!docPrincipal) return NS_OK;
nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(docPrincipal, &rv));
// Document principal should always be an aggregate
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIPrincipal> originalPrincipal;
rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal));
nsCOMPtr<nsICodebasePrincipal> originalCodebase(
do_QueryInterface(originalPrincipal, &rv));
if (NS_FAILED(rv)) {
// Document's principal is not a codebase (may be system), so can't set cookies
return NS_OK;
if (NS_FAILED(rv) || !docPrincipal) {
return rv;
}
nsCOMPtr<nsIURI> codebaseURI;
rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI));
NS_ENSURE_SUCCESS(rv, rv);
docPrincipal->GetURI(getter_AddRefs(codebaseURI));
if (!codebaseURI) {
// Document's principal is not a codebase (may be system), so
// can't set cookies
return NS_OK;
}
nsCOMPtr<nsIScriptGlobalObject> globalObj;
nsCOMPtr<nsIPrompt> prompt;

19
content/xml/document/src/nsXMLDocument.cpp
Просмотреть файл

@ -76,9 +76,8 @@
#include "nsICharsetAlias.h"
#include "nsNetUtil.h"
#include "nsDOMError.h"
#include "nsScriptSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsIAggregatePrincipal.h"
#include "nsLayoutCID.h"
#include "nsDOMAttribute.h"
#include "nsGUIEvent.h"
@ -330,21 +329,7 @@ nsXMLDocument::OnRedirect(nsIHttpChannel *aHttpChannel, nsIChannel *aNewChannel)
return rv;
}
nsCOMPtr<nsIPrincipal> newCodebase;
rv = secMan->GetCodebasePrincipal(newLocation,
getter_AddRefs(newCodebase));
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(mPrincipal, &rv);
NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate.");
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
rv = agg->SetCodebase(newCodebase);
return rv;
return mPrincipal->SetURI(newLocation);
}
NS_IMETHODIMP

2
content/xul/document/src/nsXULDocument.cpp
Просмотреть файл

@ -68,7 +68,7 @@
#include "nsDOMError.h"
#include "nsIBoxObject.h"
#include "nsIChromeRegistry.h"
#include "nsICodebasePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIContentSink.h" // for NS_CONTENT_ID_COUNTER_BASE
#include "nsIScrollableView.h"
#include "nsIContentViewer.h"

8
docshell/base/nsDocShell.cpp
Просмотреть файл

@ -52,7 +52,7 @@
#include "nsIHttpEventSink.h"
#include "nsIUploadChannel.h"
#include "nsISecurityEventSink.h"
#include "nsScriptSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsDocumentCharsetInfoCID.h"
#include "nsICanvasFrame.h"
#include "nsContentPolicyUtils.h" // NS_CheckContentLoadPolicy(...)
@ -105,7 +105,6 @@
#include "nsIWyciwygChannel.h"
// The following are for bug #13871: Prevent frameset spoofing
#include "nsICodebasePrincipal.h"
#include "nsIHTMLDocument.h"
// For reporting errors with the console service.
@ -955,11 +954,8 @@ PRBool ValidateOrigin(nsIDocShellTreeItem* aOriginTreeItem, nsIDocShellTreeItem*
rv = targetDocument->GetPrincipal(getter_AddRefs(targetPrincipal));
NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipal, rv);
nsCOMPtr<nsICodebasePrincipal> targetCodebasePrincipal(do_QueryInterface(targetPrincipal));
NS_ENSURE_TRUE(targetCodebasePrincipal, PR_TRUE);
nsCOMPtr<nsIURI> targetPrincipalURI;
rv = targetCodebasePrincipal->GetURI(getter_AddRefs(targetPrincipalURI));
rv = targetPrincipal->GetURI(getter_AddRefs(targetPrincipalURI));
NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipalURI, PR_TRUE);
// Find out if document.domain was set for HTML documents

8
dom/src/base/nsGlobalWindow.cpp
Просмотреть файл

@ -73,7 +73,6 @@
#include "nsIWidget.h"
#include "nsIBaseWindow.h"
#include "nsICharsetConverterManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIContent.h"
#include "nsIWebBrowserPrint.h"
#include "nsIContentViewerEdit.h"
@ -4668,10 +4667,10 @@ GlobalWindowImpl::OpenInternal(const nsAString& aUrl,
if (sSecMan) {
nsCOMPtr<nsIPrincipal> principal;
sSecMan->GetSubjectPrincipal(getter_AddRefs(principal));
nsCOMPtr<nsICodebasePrincipal> codebasePrin(do_QueryInterface(principal));
if (codebasePrin) {
if (principal) {
nsCOMPtr<nsIURI> subjectURI;
codebasePrin->GetURI(getter_AddRefs(subjectURI));
principal->GetURI(getter_AddRefs(subjectURI));
if (subjectURI) {
nsCOMPtr<nsPIDOMWindow> domReturnPrivate(do_QueryInterface(domReturn));
domReturnPrivate->SetOpenerScriptURL(subjectURI);
}
@ -4679,6 +4678,7 @@ GlobalWindowImpl::OpenInternal(const nsAString& aUrl,
}
}
}
}
return rv;
}

14
dom/src/base/nsJSEnvironment.cpp
Просмотреть файл

@ -628,7 +628,7 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript,
JSPrincipals *jsprin;
nsCOMPtr<nsIPrincipal> principal = aPrincipal;
if (aPrincipal) {
aPrincipal->GetJSPrincipals(&jsprin);
aPrincipal->GetJsPrincipals(&jsprin);
}
else {
nsCOMPtr<nsIScriptGlobalObject> global;
@ -641,7 +641,7 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript,
rv = objPrincipal->GetPrincipal(getter_AddRefs(principal));
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
principal->GetJSPrincipals(&jsprin);
principal->GetJsPrincipals(&jsprin);
}
// From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
@ -806,7 +806,7 @@ nsJSContext::EvaluateString(const nsAString& aScript,
JSPrincipals *jsprin;
nsCOMPtr<nsIPrincipal> principal = aPrincipal;
if (aPrincipal) {
aPrincipal->GetJSPrincipals(&jsprin);
aPrincipal->GetJsPrincipals(&jsprin);
}
else {
nsCOMPtr<nsIScriptGlobalObject> global;
@ -819,7 +819,7 @@ nsJSContext::EvaluateString(const nsAString& aScript,
rv = objPrincipal->GetPrincipal(getter_AddRefs(principal));
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
principal->GetJSPrincipals(&jsprin);
principal->GetJsPrincipals(&jsprin);
}
// From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
@ -919,7 +919,7 @@ nsJSContext::CompileScript(const PRUnichar* aText,
aScopeObject = ::JS_GetGlobalObject(mContext);
JSPrincipals *jsprin;
aPrincipal->GetJSPrincipals(&jsprin);
aPrincipal->GetJsPrincipals(&jsprin);
// From here on, we must JSPRINCIPALS_DROP(jsprin) before returning...
PRBool ok = PR_FALSE;
@ -1093,7 +1093,7 @@ nsJSContext::CompileEventHandler(void *aTarget, nsIAtom *aName,
getter_AddRefs(prin));
NS_ENSURE_SUCCESS(rv, rv);
prin->GetJSPrincipals(&jsprin);
prin->GetJsPrincipals(&jsprin);
NS_ENSURE_TRUE(jsprin, NS_ERROR_NOT_AVAILABLE);
}
@ -1146,7 +1146,7 @@ nsJSContext::CompileFunction(void* aTarget,
nsCOMPtr<nsIPrincipal> prin;
if (NS_FAILED(globalData->GetPrincipal(getter_AddRefs(prin))))
return NS_ERROR_FAILURE;
prin->GetJSPrincipals(&jsprin);
prin->GetJsPrincipals(&jsprin);
}
}

1
dom/src/base/nsLocation.cpp
Просмотреть файл

@ -58,7 +58,6 @@
#include "nsEscape.h"
#include "nsJSUtils.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIDOMWindow.h"
#include "nsIDOMDocument.h"
#include "nsIDocument.h"

32
dom/src/jsurl/nsJSProtocolHandler.cpp
Просмотреть файл

@ -55,7 +55,6 @@
#include "nsIScriptGlobalObjectOwner.h"
#include "nsIPrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIInterfaceRequestor.h"
#include "nsIInterfaceRequestorUtils.h"
#include "nsIStringStream.h"
@ -230,35 +229,24 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel)
if (NS_FAILED(rv))
return rv;
PRBool equals = PR_FALSE;
if ((NS_FAILED(objectPrincipal->Equals(principal, &equals)) || !equals)) {
// If the principals aren't equal
nsCOMPtr<nsIPrincipal> systemPrincipal;
securityManager->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
if (principal.get() != systemPrincipal.get()) {
// and the script to be run does not have the system principal
nsCOMPtr<nsICodebasePrincipal>
objectCodebase(do_QueryInterface(objectPrincipal));
nsXPIDLCString objectOrigin;
rv = objectCodebase->GetOrigin(getter_Copies(objectOrigin));
if (PL_strcmp("about:blank", objectOrigin) != 0) {
// and the target window is not about:blank, then
// don't run the script. Print a message to the console and
// return undefined.
nsCOMPtr<nsIConsoleService>
console(do_GetService("@mozilla.org/consoleservice;1"));
if (principal != systemPrincipal) {
rv = securityManager->CheckSameOriginPrincipal(principal,
objectPrincipal);
if (NS_FAILED(rv)) {
nsCOMPtr<nsIConsoleService> console =
do_GetService("@mozilla.org/consoleservice;1");
if (console) {
// XXX Localize me!
console->LogStringMessage(
NS_LITERAL_STRING("Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.").get());
}
return NS_ERROR_DOM_RETVAL_UNDEFINED;
}
}
}
}
else {
// No owner from channel, use the current URI to generate a principal
rv = securityManager->GetCodebasePrincipal(mURI,
@ -300,9 +288,9 @@ nsresult nsJSThunk::BringUpConsole(nsIDOMWindow *aDomWindow)
nsresult rv;
// First, get the Window Mediator service.
nsCOMPtr<nsIWindowMediator> windowMediator;
nsCOMPtr<nsIWindowMediator> windowMediator =
do_GetService(kWindowMediatorCID, &rv);
windowMediator = do_GetService(kWindowMediatorCID, &rv);
if (NS_FAILED(rv)) return rv;
// Next, find out whether there's a console already open.

2
embedding/browser/activex/src/plugin/LegacyPlugin.cpp
Просмотреть файл

@ -404,7 +404,7 @@ MozAxAutoPushJSContext::MozAxAutoPushJSContext(JSContext *cx,
if (NS_SUCCEEDED(mPushResult))
{
JSPrincipals* jsprinc;
principal->GetJSPrincipals(&jsprinc);
principal->GetJsPrincipals(&jsprinc);
mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx),
jsprinc, "", 0, "", 1);

7
extensions/webservices/schema/src/nsSchemaLoader.cpp
Просмотреть файл

@ -43,7 +43,7 @@
// XPConnect includes
#include "nsIXPConnect.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIPrincipal.h"
// XPCOM includes
#include "nsIServiceManager.h"
@ -813,10 +813,7 @@ nsSchemaLoader::GetResolvedURI(const nsAString& aSchemaURI,
nsCOMPtr<nsIPrincipal> principal;
rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal));
if (NS_SUCCEEDED(rv)) {
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
if (codebase) {
codebase->GetURI(getter_AddRefs(baseURI));
}
principal->GetURI(getter_AddRefs(baseURI));
}
rv = NS_NewURI(aURI, aSchemaURI, nsnull, baseURI);

10
extensions/webservices/security/src/nsWebScriptsAccess.cpp
Просмотреть файл

@ -43,7 +43,7 @@
#include "nsIDOMNodeList.h"
#include "nsIDOMAttr.h"
#include "nsIDOMNamedNodeMap.h"
#include "nsICodebasePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIURL.h"
#include "nsReadableUtils.h"
#include "nsIHttpChannel.h"
@ -260,13 +260,7 @@ nsWebScriptsAccess::GetCodebaseURI(nsIURI** aCodebase)
rv = mSecurityManager->GetSubjectPrincipal(getter_AddRefs(principal));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsICodebasePrincipal> codebase(do_QueryInterface(principal, &rv));
NS_ENSURE_SUCCESS(rv, rv);
rv = codebase->GetURI(aCodebase);
NS_ENSURE_SUCCESS(rv, rv);
return NS_OK;
return principal->GetURI(aCodebase);
}
nsresult

37
extensions/webservices/soap/src/nsHTTPSOAPTransport.cpp
Просмотреть файл

@ -44,7 +44,7 @@
#include "nsIURI.h"
#include "nsNetUtil.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIVariant.h"
#include "nsString.h"
#include "nsSOAPUtils.h"
@ -57,7 +57,6 @@
#include "nsIWebScriptsAccessService.h"
#include "nsMemory.h"
#include "nsIDocument.h"
#include "nsIAggregatePrincipal.h"
nsHTTPSOAPTransport::nsHTTPSOAPTransport()
{
@ -123,23 +122,15 @@ nsresult ChangePrincipal(nsIDOMDocument* aDocument)
rv = secMgr->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIAggregatePrincipal> subjectAgg =
do_QueryInterface(subjectPrincipal, &rv);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIPrincipal> subjectCodebase;
rv = subjectAgg->GetOriginalCodebase(getter_AddRefs(subjectCodebase));
nsCOMPtr<nsIURI> subjectURI;
rv = subjectPrincipal->GetURI(getter_AddRefs(subjectURI));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIPrincipal> targetPrincipal;
rv = targetDoc->GetPrincipal(getter_AddRefs(targetPrincipal));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIAggregatePrincipal> targetAgg =
do_QueryInterface(targetPrincipal, &rv);
NS_ENSURE_SUCCESS(rv, rv);
rv = targetAgg->SetCodebase(subjectCodebase);
rv = targetPrincipal->SetURI(subjectURI);
}
return rv;
}
@ -216,24 +207,20 @@ static nsresult GetTransportURI(nsISOAPCall * aCall, nsAString & aURI)
"SOAP_INVOKE_VERIFY_PRINCIPAL",
"Source-verified message cannot be sent without principal.");
}
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal,&rc);
if (NS_FAILED(rc))
return rc;
if (!codebase) {
nsCOMPtr<nsIURI> uri;
principal->GetURI(getter_AddRefs(uri));
if (!uri) {
return SOAP_EXCEPTION(NS_ERROR_FAILURE,
"SOAP_INVOKE_VERIFY_CODEBASE",
"Source-verified message cannot be sent without codebase.");
"SOAP_INVOKE_VERIFY_URI",
"Source-verified message cannot be sent without URI.");
}
char* str;
rc = codebase->GetSpec(&str);
nsCAutoString spec;
rc = uri->GetSpec(spec);
if (NS_FAILED(rc))
return rc;
CopyASCIItoUCS2(nsDependentCString(str), sourceURI);
nsMemory::Free(str);
CopyASCIItoUCS2(spec, sourceURI);
}
// Adding a header to tell the server that it must understand and verify the source of the call

7
extensions/webservices/wsdl/src/nsWSDLLoader.cpp
Просмотреть файл

@ -40,7 +40,7 @@
// XPConnect includes
#include "nsIXPConnect.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIPrincipal.h"
// XPCOM includes
#include "nsIServiceManager.h"
@ -218,10 +218,7 @@ nsWSDLLoader::GetResolvedURI(const nsAString& aWSDLURI, const char* aMethod,
nsCOMPtr<nsIPrincipal> principal;
rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal));
if (NS_SUCCEEDED(rv)) {
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal);
if (codebase) {
codebase->GetURI(getter_AddRefs(baseURI));
}
principal->GetURI(getter_AddRefs(baseURI));
}
rv = NS_NewURI(aURI, aWSDLURI, nsnull, baseURI);

8
extensions/xmlextras/base/src/nsDOMSerializer.cpp
Просмотреть файл

@ -50,7 +50,6 @@
#include "nsIJSContextStack.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsIURI.h"
nsDOMSerializer::nsDOMSerializer()
@ -156,11 +155,8 @@ nsresult CheckSameOrigin(nsIDOMNode *aRoot)
doc->GetPrincipal(getter_AddRefs(principal));
nsCOMPtr<nsICodebasePrincipal> codebase_principal =
do_QueryInterface(principal);
if (codebase_principal) {
codebase_principal->GetURI(getter_AddRefs(root_uri));
if (principal) {
principal->GetURI(getter_AddRefs(root_uri));
}
if (root_uri) {

2
js/src/liveconnect/nsCLiveconnect.cpp
Просмотреть файл

@ -210,7 +210,7 @@ AutoPushJSContext::AutoPushJSContext(nsISupports* aSecuritySupports,
if (!hasScript)
{
JSPrincipals* jsprinc;
principal->GetJSPrincipals(&jsprinc);
principal->GetJsPrincipals(&jsprinc);
mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx),
jsprinc, "", 0, "", 1);

4
js/src/xpconnect/loader/mozJSComponentLoader.cpp
Просмотреть файл

@ -268,7 +268,7 @@ EvalInSandbox(JSContext *cx, JSObject *obj, uintN argc, jsval *argv,
NS_FAILED(secman->GetCodebasePrincipal(iURL,
getter_AddRefs(principal))) ||
!principal ||
NS_FAILED(principal->GetJSPrincipals(&jsPrincipals)) ||
NS_FAILED(principal->GetJsPrincipals(&jsPrincipals)) ||
!jsPrincipals) {
JS_ReportError(cx, "Can't get principals for evalInSandbox");
return JS_FALSE;
@ -996,7 +996,7 @@ mozJSComponentLoader::GlobalForLocation(const char *aLocation,
nsCOMPtr<nsIScriptObjectPrincipal> backstagePass =
new BackstagePass(mSystemPrincipal);
rv = mSystemPrincipal->GetJSPrincipals(&jsPrincipals);
rv = mSystemPrincipal->GetJsPrincipals(&jsPrincipals);
if (NS_FAILED(rv) || !jsPrincipals)
return nsnull;

2
js/src/xpconnect/loader/mozJSSubScriptLoader.cpp
Просмотреть файл

@ -299,7 +299,7 @@ mozJSSubScriptLoader::LoadSubScript (const PRUnichar * /*url*/
/* we can't hold onto jsPrincipals as a module var because the
* JSPRINCIPALS_DROP macro takes a JSContext, which we won't have in the
* destructor */
rv = mSystemPrincipal->GetJSPrincipals(&jsPrincipals);
rv = mSystemPrincipal->GetJsPrincipals(&jsPrincipals);
if (NS_FAILED(rv) || !jsPrincipals) {
delete[] buf;
return rv;

1
layout/generic/nsFrameFrame.cpp
Просмотреть файл

@ -76,7 +76,6 @@
#include "nsLayoutAtoms.h"
#include "nsIChromeEventHandler.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsXPIDLString.h"
#include "nsIScrollable.h"
#include "nsINameSpaceManager.h"

1
layout/html/document/src/nsFrameFrame.cpp
Просмотреть файл

@ -76,7 +76,6 @@
#include "nsLayoutAtoms.h"
#include "nsIChromeEventHandler.h"
#include "nsIScriptSecurityManager.h"
#include "nsICodebasePrincipal.h"
#include "nsXPIDLString.h"
#include "nsIScrollable.h"
#include "nsINameSpaceManager.h"

19
modules/libjar/nsJARChannel.cpp
Просмотреть файл

@ -22,12 +22,11 @@
#include "nsMimeTypes.h"
#include "nsNetUtil.h"
#include "nsScriptSecurityManager.h"
#include "nsIAggregatePrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsIFileURL.h"
#include "nsIJAR.h"
static NS_DEFINE_CID(kScriptSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
//-----------------------------------------------------------------------------
@ -424,7 +423,7 @@ nsJARChannel::GetOwner(nsISupports **result)
if (cert) {
// Get the codebase principal
nsCOMPtr<nsIScriptSecurityManager> secMan =
do_GetService(kScriptSecurityManagerCID, &rv);
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIPrincipal> codebase;
@ -432,14 +431,20 @@ nsJARChannel::GetOwner(nsISupports **result)
getter_AddRefs(codebase));
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIURI> codebaseURI;
codebase->GetURI(getter_AddRefs(codebaseURI));
nsCOMPtr<nsIURI> domainURI;
codebase->GetDomain(getter_AddRefs(domainURI));
// Join the certificate and the codebase
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(cert, &rv);
rv = cert->SetURI(codebaseURI);
if (NS_FAILED(rv)) return rv;
rv = agg->SetCodebase(codebase);
rv = cert->SetDomain(domainURI);
if (NS_FAILED(rv)) return rv;
mOwner = do_QueryInterface(agg, &rv);
mOwner = do_QueryInterface(cert, &rv);
if (NS_FAILED(rv)) return rv;
NS_ADDREF(*result = mOwner);

6
modules/libpref/src/nsPrefBranch.cpp
Просмотреть файл

@ -46,7 +46,7 @@
#include "nsString.h"
#include "nsReadableUtils.h"
#include "nsXPIDLString.h"
#include "nsScriptSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsIStringBundle.h"
#include "prefapi.h"
#include "prmem.h"
@ -68,8 +68,6 @@ struct PrefCallbackData {
};
static NS_DEFINE_CID(kSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
// Prototypes
extern PrefResult pref_UnlockPref(const char *key);
PR_STATIC_CALLBACK(PLDHashOperator)
@ -897,7 +895,7 @@ nsresult nsPrefBranch::getValidatedPrefName(const char *aPrefName, const char **
{
nsresult rv;
nsCOMPtr<nsIScriptSecurityManager> secMan =
do_GetService(kSecurityManagerCID, &rv);
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
PRBool enabled;
if (NS_FAILED(rv))

5
modules/oji/src/ProxyClassLoader.cpp
Просмотреть файл

@ -45,7 +45,6 @@
#include "nsIServiceManager.h"
#include "nsIJSContextStack.h"
#include "nsIPrincipal.h"
#include "nsICodebasePrincipal.h"
#include "nsIScriptContext.h"
#include "nsIScriptGlobalObject.h"
#include "nsIScriptObjectPrincipal.h"
@ -70,9 +69,7 @@ static nsresult getScriptCodebase(JSContext* cx, nsIURI* *result)
nsCOMPtr<nsIPrincipal> principal;
scriptObjectPrincipal->GetPrincipal(getter_AddRefs(principal));
if (principal) {
nsCOMPtr<nsICodebasePrincipal> codebasePrincipal = do_QueryInterface(principal);
if (codebasePrincipal)
return codebasePrincipal->GetURI(result);
return principal->GetURI(result);
}
}
}

4
modules/oji/src/lcglue.cpp
Просмотреть файл

@ -358,7 +358,7 @@ get_JSPrincipals_from_java_caller_impl(JNIEnv *pJNIEnv, JSContext *pJSContext, v
rv = ssm->GetCodebasePrincipal(codebaseURI, getter_AddRefs(principal));
if (NS_SUCCEEDED(rv)) {
JSPrincipals* jsprincipals;
principal->GetJSPrincipals(&jsprincipals);
principal->GetJsPrincipals(&jsprincipals);
return jsprincipals;
}
}
@ -368,7 +368,7 @@ get_JSPrincipals_from_java_caller_impl(JNIEnv *pJNIEnv, JSContext *pJSContext, v
nsCOMPtr<nsIPrincipal> principal = do_QueryInterface(credentials);
if (principal) {
JSPrincipals* jsprincipals;
principal->GetJSPrincipals(&jsprincipals);
principal->GetJsPrincipals(&jsprincipals);
return jsprincipals;
}
}

56
modules/oji/src/nsCSecurityContext.cpp
Просмотреть файл

@ -54,14 +54,11 @@
// For GetOrigin()
#include "nsCOMPtr.h"
#include "nsJSPrincipals.h"
#include "nsSystemPrincipal.h"
#include "nsCodebasePrincipal.h"
#include "nsCertificatePrincipal.h"
#include "nsScriptSecurityManager.h"
#include "nsIScriptSecurityManager.h"
#include "nsIScriptGlobalObject.h"
#include "nsIServiceManager.h"
#include "nsIScriptObjectPrincipal.h"
#include "nsIPrincipal.h"
#include "nsCRT.h"
#include "nsTraceRefcnt.h"
@ -162,31 +159,19 @@ nsCSecurityContext::GetOrigin(char* buf, int buflen)
}
}
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(m_pPrincipal);
if (!codebase)
return NS_ERROR_FAILURE;
nsXPIDLCString origin;
m_pPrincipal->GetOrigin(getter_Copies(origin));
char* origin=nsnull;
codebase->GetOrigin(&origin);
if (origin) {
PRInt32 originlen = (PRInt32) strlen(origin);
if (!buf || buflen<=originlen) {
if (origin) {
nsCRT::free(origin);
}
if (origin.IsEmpty()) {
return NS_ERROR_FAILURE;
}
// Copy the string into to user supplied buffer. Is there a better
// way to do this?
memcpy(buf,origin,originlen);
buf[originlen]=nsnull; // Gotta terminate it.
nsCRT::free(origin);
} else {
*buf = nsnull;
}
PRInt32 originlen = origin.Length();
memcpy(buf, origin, originlen);
buf[originlen] = nsnull; // Gotta terminate it.
return NS_OK;
}
@ -194,7 +179,7 @@ nsCSecurityContext::GetOrigin(char* buf, int buflen)
NS_METHOD
nsCSecurityContext::GetCertificateID(char* buf, int buflen)
{
nsCOMPtr<nsIPrincipal> principal = NULL;
nsCOMPtr<nsIPrincipal> principal;
// Get the Script Security Manager.
@ -203,27 +188,18 @@ nsCSecurityContext::GetCertificateID(char* buf, int buflen)
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
if (NS_FAILED(rv) || !secMan) return NS_ERROR_FAILURE;
secMan->GetSubjectPrincipal(getter_AddRefs(principal));
nsCOMPtr<nsICertificatePrincipal> cprincipal = do_QueryInterface(principal);
if (!cprincipal)
return NS_ERROR_FAILURE;
char* certificate = nsnull;
cprincipal->GetCertificateID(&certificate);
nsXPIDLCString certificate;
principal->GetCertificateID(getter_Copies(certificate));
if (certificate) {
PRInt32 certlen = (PRInt32) strlen(certificate);
if( buflen<=certlen ) {
nsCRT::free(certificate);
PRInt32 certlen = certificate.Length();
if (buflen <= certlen) {
return NS_ERROR_FAILURE;
}
memcpy(buf,certificate,certlen);
buf[certlen]=nsnull;
nsCRT::free(certificate);
} else {
*buf = nsnull;
}
memcpy(buf, certificate.get(), certlen);
buf[certlen] = nsnull;
return NS_OK;
}

15
modules/oji/src/nsJVMManager.cpp
Просмотреть файл

@ -68,14 +68,10 @@
#include "nspr.h"
#include "plstr.h"
#include "nsCOMPtr.h"
//#include "nsJSPrincipals.h"
//#include "nsSystemPrincipal.h"
//#include "nsCodebasePrincipal.h"
#include "nsCertificatePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsISignatureVerifier.h"
//#include "nsScriptSecurityManager.h"
extern "C" int XP_PROGRESS_STARTING_JAVA;
extern "C" int XP_PROGRESS_STARTING_JAVA_DONE;
@ -971,15 +967,8 @@ nsJVMManager::IsAllPermissionGranted(
rv = secMan->GetCertificatePrincipal(lastFP, &pIPrincipal);
if (NS_FAILED(rv)) return PR_FALSE;
// Get the nsICertificatePrincipal interface so that we can set the
// common name. The common name is a user meaningful string.
nsCOMPtr<nsICertificatePrincipal> pICertificate = do_QueryInterface(pIPrincipal, &rv);
if (NS_FAILED(rv) || !pICertificate) return PR_FALSE;
// Set the common name.
rv = pICertificate->SetCommonName(lastCN);
rv = pIPrincipal->SetCommonName(lastCN);
PRInt16 ret;

19
netwerk/protocol/jar/src/nsJARChannel.cpp
Просмотреть файл

@ -22,12 +22,11 @@
#include "nsMimeTypes.h"
#include "nsNetUtil.h"
#include "nsScriptSecurityManager.h"
#include "nsIAggregatePrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsIFileURL.h"
#include "nsIJAR.h"
static NS_DEFINE_CID(kScriptSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID);
static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
//-----------------------------------------------------------------------------
@ -424,7 +423,7 @@ nsJARChannel::GetOwner(nsISupports **result)
if (cert) {
// Get the codebase principal
nsCOMPtr<nsIScriptSecurityManager> secMan =
do_GetService(kScriptSecurityManagerCID, &rv);
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIPrincipal> codebase;
@ -432,14 +431,20 @@ nsJARChannel::GetOwner(nsISupports **result)
getter_AddRefs(codebase));
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIURI> codebaseURI;
codebase->GetURI(getter_AddRefs(codebaseURI));
nsCOMPtr<nsIURI> domainURI;
codebase->GetDomain(getter_AddRefs(domainURI));
// Join the certificate and the codebase
nsCOMPtr<nsIAggregatePrincipal> agg = do_QueryInterface(cert, &rv);
rv = cert->SetURI(codebaseURI);
if (NS_FAILED(rv)) return rv;
rv = agg->SetCodebase(codebase);
rv = cert->SetDomain(domainURI);
if (NS_FAILED(rv)) return rv;
mOwner = do_QueryInterface(agg, &rv);
mOwner = do_QueryInterface(cert, &rv);
if (NS_FAILED(rv)) return rv;
NS_ADDREF(*result = mOwner);

4
security/manager/ssl/src/nsCrypto.cpp
Просмотреть файл

@ -47,12 +47,12 @@
#include "nsIPrompt.h"
#include "nsIFilePicker.h"
#include "nsJSPrincipals.h"
#include "nsScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsXPIDLString.h"
#include "nsIGenKeypairInfoDlg.h"
#include "nsIDOMCryptoDialogs.h"
#include "jsapi.h"
#include "jsdbgapi.h"
#include <ctype.h>
#include "nsReadableUtils.h"
#include "pk11func.h"
@ -1788,7 +1788,7 @@ nsCryptoRunnable::Run()
nsNSSShutDownPreventionLock locker;
JSPrincipals *principals;
nsresult rv = m_args->m_principals->GetJSPrincipals(&principals);
nsresult rv = m_args->m_principals->GetJsPrincipals(&principals);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;

2
security/manager/ssl/src/nsCrypto.h
Просмотреть файл

@ -28,7 +28,6 @@
#include "nsIDOMPkcs11.h"
#include "nsString.h"
#include "jsapi.h"
#include "nsIPrincipal.h"
#define NS_CRYPTO_CLASSNAME "Crypto JavaScript Class"
#define NS_CRYPTO_CID \
@ -43,6 +42,7 @@
class nsIPSMComponent;
class nsIDOMScriptObjectFactory;
class nsIEventQueue;
class nsIPrincipal;
class nsCRMFObject : public nsIDOMCRMFObject

5
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -58,7 +58,6 @@
#include "nsIWindowWatcher.h"
#include "nsIPrompt.h"
#include "nsProxiedService.h"
#include "nsICertificatePrincipal.h"
#include "nsReadableUtils.h"
#include "nsIDateTimeFormat.h"
#include "prtypes.h"
@ -1461,13 +1460,11 @@ nsNSSComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen,
rv2 = mScriptSecurityManager->GetCertificatePrincipal(fingerprintStr.get(), aPrincipal);
if (NS_FAILED(rv2) || !*aPrincipal) return rv2;
nsCOMPtr<nsICertificatePrincipal> certPrincipal = do_QueryInterface(*aPrincipal, &rv2);
if (NS_FAILED(rv2)) return rv2;
nsAutoString orgName;
rv2 = pCert->GetOrganization(orgName);
if (NS_FAILED(rv2)) return rv2;
NS_LossyConvertUCS2toASCII orgNameStr(orgName);
rv2 = certPrincipal->SetCommonName(orgNameStr.get());
rv2 = (*aPrincipal)->SetCommonName(orgNameStr.get());
if (NS_FAILED(rv2)) return rv2;
}

4
xpinstall/src/CertReader.cpp
Просмотреть файл

@ -42,6 +42,10 @@
#include "nsIServiceManager.h"
#include "nsISignatureVerifier.h"
#include "nsIInputStream.h"
#include "nsIPrincipal.h"
#include "nsIURI.h"
#include "nsPICertNotification.h"
#include "nsNetUtil.h"

11
xpinstall/src/CertReader.h
Просмотреть файл

@ -36,11 +36,12 @@
#include "nsCOMPtr.h"
#include "nsIStreamListener.h"
#include "nsString.h"
#include "nsISignatureVerifier.h"
#include "nsICertificatePrincipal.h"
#include "nsIPrincipal.h"
#include "nsIURI.h"
#include "nsPICertNotification.h"
class nsISignatureVerifier;
class nsIPrincipal;
class nsIURI;
class nsPICertNotification;
class CertReader : public nsIStreamListener
{

6
xpinstall/src/nsSoftwareUpdateRun.cpp
Просмотреть файл

@ -55,7 +55,6 @@
#include "nsIJAR.h"
#include "nsIPrincipal.h"
#include "nsICertificatePrincipal.h"
static NS_DEFINE_CID(kSoftwareUpdateCID, NS_SoftwareUpdate_CID);
static NS_DEFINE_CID(kEventQueueServiceCID, NS_EVENTQUEUESERVICE_CID);
@ -82,8 +81,9 @@ nsresult VerifySigning(nsIZipReader* hZip, nsIPrincipal* aPrincipal)
if (!aPrincipal)
return NS_OK; // not signed, but not an error
nsCOMPtr<nsICertificatePrincipal> cp(do_QueryInterface(aPrincipal));
if (!cp)
PRBool hasCert;
aPrincipal->GetHasCertificate(&hasCert);
if (!hasCert)
return NS_ERROR_FAILURE;
nsCOMPtr<nsIJAR> jar(do_QueryInterface(hZip));

11
xpinstall/src/nsXPITriggerInfo.cpp
Просмотреть файл

@ -1,4 +1,4 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* The contents of this file are subject to the Netscape Public
* License Version 1.1 (the "License"); you may not use this file
@ -27,7 +27,6 @@
#include "nsDebug.h"
#include "nsIServiceManager.h"
#include "nsIEventQueueService.h"
#include "nsICertificatePrincipal.h"
static NS_DEFINE_IID(kEventQueueServiceCID, NS_EVENTQUEUESERVICE_CID);
@ -95,13 +94,15 @@ nsXPITriggerItem::SetPrincipal(nsIPrincipal* aPrincipal)
{
mPrincipal = aPrincipal;
nsCOMPtr<nsICertificatePrincipal> cp(do_QueryInterface(aPrincipal));
if (cp) {
PRBool hasCert;
aPrincipal->GetHasCertificate(&hasCert);
if (hasCert) {
nsXPIDLCString cName;
cp->GetCommonName(getter_Copies(cName));
aPrincipal->GetCommonName(getter_Copies(cName));
mCertName = NS_ConvertUTF8toUCS2(cName);
}
}
//
// nsXPITriggerInfo
//