mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Changes to support liveconnect security using ProxyJNI

This commit is contained in:
sudu%netscape.com 1998-11-02 23:11:38 +00:00
Родитель 7734927e89
Коммит a4f7620f28
18 изменённых файлов: 403 добавлений и 242 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

25
js/src/liveconnect/jsj_JSObject.c
Просмотреть файл

@ -584,7 +584,8 @@ done:
JSJavaThreadState *
jsj_enter_js(JNIEnv *jEnv, jobject java_wrapper_obj,
JSContext **cxp, JSObject **js_objp, JavaToJSSavedState* saved_state)
JSContext **cxp, JSObject **js_objp, JavaToJSSavedState* saved_state,
void **pNSIPrincipaArray, int numPrincipals, void *pNSISecurityContext)
{
JSContext *cx;
char *err_msg;
@ -596,7 +597,11 @@ jsj_enter_js(JNIEnv *jEnv, jobject java_wrapper_obj,
/* Invoke callback, presumably used to implement concurrency constraints */
if (JSJ_callbacks->enter_js_from_java) {
#ifdef OJI
if (!JSJ_callbacks->enter_js_from_java(jEnv, &err_msg, pNSIPrincipaArray, numPrincipals, pNSISecurityContext))
#else
if (!JSJ_callbacks->enter_js_from_java(jEnv, &err_msg))
#endif
goto entry_failure;
}
@ -753,7 +758,7 @@ Java_netscape_javascript_JSObject_getMember(JNIEnv *jEnv,
jboolean is_copy;
JSJavaThreadState *jsj_env;
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state);
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state, NULL, 0, NULL);
if (!jsj_env)
return NULL;
@ -806,7 +811,7 @@ Java_netscape_javascript_JSObject_getSlot(JNIEnv *jEnv,
jobject member;
JSJavaThreadState *jsj_env;
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state);
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state, NULL, 0, NULL);
if (!jsj_env)
return NULL;
@ -844,7 +849,7 @@ Java_netscape_javascript_JSObject_setMember(JNIEnv *jEnv,
jboolean is_copy;
JSJavaThreadState *jsj_env;
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state);
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state, NULL, 0, NULL);
if (!jsj_env)
return;
@ -890,7 +895,7 @@ Java_netscape_javascript_JSObject_setSlot(JNIEnv *jEnv,
JavaToJSSavedState saved_state;
JSJavaThreadState *jsj_env;
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state);
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state, NULL, 0, NULL);
if (!jsj_env)
return;
@ -921,7 +926,7 @@ Java_netscape_javascript_JSObject_removeMember(JNIEnv *jEnv,
jboolean is_copy;
JSJavaThreadState *jsj_env;
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state);
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state, NULL, 0, NULL);
if (!jsj_env)
return;
@ -969,7 +974,7 @@ Java_netscape_javascript_JSObject_call(JNIEnv *jEnv, jobject java_wrapper_obj,
jobject result;
JSJavaThreadState *jsj_env;
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state);
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state, NULL, 0, NULL);
if (!jsj_env)
return NULL;
@ -1059,7 +1064,7 @@ Java_netscape_javascript_JSObject_eval(JNIEnv *jEnv,
jobject result;
JSJavaThreadState *jsj_env;
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state);
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state, NULL, 0, NULL);
if (!jsj_env)
return NULL;
@ -1120,7 +1125,7 @@ Java_netscape_javascript_JSObject_toString(JNIEnv *jEnv,
JavaToJSSavedState saved_state;
JSJavaThreadState *jsj_env;
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state);
jsj_env = jsj_enter_js(jEnv, java_wrapper_obj, &cx, &js_obj, &saved_state, NULL, 0, NULL);
if (!jsj_env)
return NULL;
@ -1157,7 +1162,7 @@ Java_netscape_javascript_JSObject_getWindow(JNIEnv *jEnv,
jobject java_obj;
JSJavaThreadState *jsj_env;
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state);
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state, NULL, 0, NULL);
if (!jsj_env)
return NULL;

5
js/src/liveconnect/jsj_method.c
Просмотреть файл

@ -491,6 +491,11 @@ jsj_ReflectJavaMethods(JSContext *cx, JNIEnv *jEnv,
method_name_jstr = (*jEnv)->CallObjectMethod(jEnv, java_method, jlrMethod_getName);
ok = add_java_method_to_class_descriptor(cx, jEnv, class_descriptor, method_name_jstr, java_method,
reflect_only_static_methods, JS_FALSE);
/*
** Try to prevent overflow of local ref table via proxy JNI.
*/
(*jEnv)->DeleteLocalRef(jEnv, method_name_jstr);
(*jEnv)->DeleteLocalRef(jEnv, java_method);
if (!ok)
return JS_FALSE;
}

3
js/src/liveconnect/jsj_private.h
Просмотреть файл

@ -322,7 +322,8 @@ jsj_ConvertJavaObjectToJSBoolean(JSContext *cx, JNIEnv *jEnv,
jobject java_obj, jsval *vp);
extern JSJavaThreadState *
jsj_enter_js(JNIEnv *jEnv, jobject java_wrapper_obj,
JSContext **cxp, JSObject **js_objp, JavaToJSSavedState* saved_state);
JSContext **cxp, JSObject **js_objp, JavaToJSSavedState* saved_state,
void **pNSIPrincipaArray, int numPrincipals, void *pNSISecurityContext);
extern JSBool
jsj_exit_js(JSContext *cx, JSJavaThreadState *jsj_env, JavaToJSSavedState* original_state);

11
js/src/liveconnect/jsjava.h
Просмотреть файл

@ -102,7 +102,11 @@ typedef struct JSJCallbacks {
browser embedding, these are used to maintain the run-to-completion
semantics of JavaScript. It is acceptable for either function pointer
to be NULL. */
#ifdef OJI
JSBool (*enter_js_from_java)(JNIEnv *jEnv, char **errp, void **pNSIPrincipaArray, int numPrincipals, void *pNSISecurityContext);
#else
JSBool (*enter_js_from_java)(JNIEnv *jEnv, char **errp);
#endif
void (*exit_js)(JNIEnv *jEnv);
/* Most LiveConnect errors are signaled by calling JS_ReportError(), but in
@ -259,12 +263,5 @@ JSJ_DisconnectFromJavaVM(JSJavaVM *);
*/
PR_IMPLEMENT(JSBool)
JSJ_ConvertJavaObjectToJSValue(JSContext *cx, jobject java_obj, jsval *vp);
#ifdef OJI
PR_IMPLEMENT(PRBool)
JSJ_NSISecurityContextImplies(void *pNSISecurityContextIN, const char* target, const char* action);
#endif
PR_END_EXTERN_C
#endif /* _JSJAVA_H */

181
js/src/liveconnect/nsCLiveconnect.cpp
Просмотреть файл

@ -52,7 +52,6 @@ PR_END_EXTERN_C
#include "nsCLiveconnect.h"
static NS_DEFINE_IID(kILiveconnectIID, NS_ILIVECONNECT_IID);
static NS_DEFINE_IID(kISecureLiveconnectIID, NS_ISECURELIVECONNECT_IID);
static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID);
@ -77,12 +76,6 @@ nsCLiveconnect::AggregatedQueryInterface(const nsIID& aIID, void** aInstancePtr)
AddRef();
return NS_OK;
}
if (aIID.Equals(kISecureLiveconnectIID))
{
*aInstancePtr = (nsISecureLiveconnect *)this;
AddRef();
return NS_OK;
}
return NS_NOINTERFACE;
}
@ -103,7 +96,8 @@ nsCLiveconnect::AggregatedQueryInterface(const nsIID& aIID, void** aInstancePtr)
* wrapped up as java wrapper netscape.javascript.JSObject.
*/
NS_METHOD
nsCLiveconnect::GetMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, jobject *pjobj)
nsCLiveconnect::GetMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jobject *pjobj)
{
JSContext *cx = NULL;
JSJavaThreadState *jsj_env = NULL;
@ -119,7 +113,7 @@ nsCLiveconnect::GetMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize l
{
return NS_ERROR_FAILURE;
}
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state);
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state, principalsArray, numPrincipals, pNSISecurityContext);
if (!jsj_env)
return NS_ERROR_FAILURE;
@ -156,7 +150,8 @@ done:
* the member.
*/
NS_METHOD
nsCLiveconnect::GetSlot(JNIEnv *jEnv, jsobject obj, jint slot, jobject *pjobj)
nsCLiveconnect::GetSlot(JNIEnv *jEnv, jsobject obj, jint slot, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jobject *pjobj)
{
JSContext *cx = NULL;
JSJavaThreadState *jsj_env = NULL;
@ -172,7 +167,7 @@ nsCLiveconnect::GetSlot(JNIEnv *jEnv, jsobject obj, jint slot, jobject *pjobj)
{
return NS_ERROR_FAILURE;
}
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state);
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state, principalsArray, numPrincipals, pNSISecurityContext);
if (!jsj_env)
return NS_ERROR_FAILURE;
@ -203,7 +198,8 @@ done:
* then a internal mapping is consulted to convert to a NJSObject.
*/
NS_METHOD
nsCLiveconnect::SetMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, jobject java_obj)
nsCLiveconnect::SetMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, jobject java_obj, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext)
{
JSContext *cx = NULL;
JSJavaThreadState *jsj_env = NULL;
@ -217,7 +213,7 @@ nsCLiveconnect::SetMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize l
return NS_ERROR_FAILURE;
}
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state);
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state, principalsArray, numPrincipals, pNSISecurityContext);
if (!jsj_env)
return NS_ERROR_FAILURE;
@ -248,7 +244,8 @@ done:
* then a internal mapping is consulted to convert to a NJSObject.
*/
NS_METHOD
nsCLiveconnect::SetSlot(JNIEnv *jEnv, jsobject obj, jint slot, jobject java_obj)
nsCLiveconnect::SetSlot(JNIEnv *jEnv, jsobject obj, jint slot, jobject java_obj, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext)
{
JSContext *cx = NULL;
JSJavaThreadState *jsj_env = NULL;
@ -261,7 +258,7 @@ nsCLiveconnect::SetSlot(JNIEnv *jEnv, jsobject obj, jint slot, jobject java_obj)
{
return NS_ERROR_FAILURE;
}
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state);
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state, principalsArray, numPrincipals, pNSISecurityContext);
if (!jsj_env)
return NS_ERROR_FAILURE;
@ -283,7 +280,8 @@ done:
* @param name - Name of a member.
*/
NS_METHOD
nsCLiveconnect::RemoveMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length)
nsCLiveconnect::RemoveMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext)
{
JSContext *cx = NULL;
JSJavaThreadState *jsj_env = NULL;
@ -296,7 +294,7 @@ nsCLiveconnect::RemoveMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsiz
{
return NS_ERROR_FAILURE;
}
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state);
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state, principalsArray, numPrincipals, pNSISecurityContext);
if (!jsj_env)
return NS_ERROR_FAILURE;
@ -322,7 +320,8 @@ done:
* @param pjobj - return value.
*/
NS_METHOD
nsCLiveconnect::Call(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, jobjectArray java_args, jobject *pjobj)
nsCLiveconnect::Call(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, jobjectArray java_args, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jobject *pjobj)
{
int i = 0;
int argc = 0;
@ -343,7 +342,7 @@ nsCLiveconnect::Call(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length
{
return NS_ERROR_FAILURE;
}
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state);
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state, principalsArray, numPrincipals, pNSISecurityContext);
if (!jsj_env)
return NS_ERROR_FAILURE;
@ -399,23 +398,59 @@ done:
return NS_OK;
}
/**
* Evaluate a script with a Native JS Object representing scope.
*
* @param jEnv - JNIEnv on which the call is being made.
* @param obj - A Native JS Object.
* @param pNSIPrincipaArray - Array of principals to be used to compare privileges.
* @param numPrincipals - Number of principals being passed.
* @param script - Script to be executed.
* @param pjobj - return value.
*/
NS_METHOD
nsCLiveconnect::Eval(JNIEnv *jEnv, jsobject obj, const char* codebase, const jchar *script, jsize length, jobject *pjobj)
nsCLiveconnect::Eval(JNIEnv *jEnv, jsobject obj, const jchar *script, jsize length, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jobject *pjobj)
{
// sudu: codebase needs to be converted to a nsIPrincipal. Will do this later.
return Eval(jEnv, obj, script, length, NULL, 0, NULL, pjobj);
//return NS_OK;
JSContext *cx = NULL;
JSJavaThreadState *jsj_env = NULL;
JSObject *js_obj = (JSObject *)obj;
jsval js_val;
int dummy_cost = 0;
JSBool dummy_bool = PR_FALSE;
JavaToJSSavedState saved_state = {NULL,NULL};
jobject result = NULL;
const char *codebase = NULL;
JSPrincipals *principals = NULL;
JSBool eval_succeeded = PR_FALSE;
if(jEnv == NULL)
{
return NS_ERROR_FAILURE;
}
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state, principalsArray, numPrincipals, pNSISecurityContext);
if (!jsj_env)
return NS_ERROR_FAILURE;
result = NULL;
if (!script) {
JS_ReportError(cx, "illegal null string eval argument");
goto done;
}
/* Set up security stuff */
principals = NULL;
if (JSJ_callbacks->get_JSPrincipals_from_java_caller)
principals = JSJ_callbacks->get_JSPrincipals_from_java_caller(jEnv, cx, principalsArray, numPrincipals, pNSISecurityContext);
codebase = principals ? (const char *)principals->codebase : NULL;
/* Have the JS engine evaluate the unicode string */
eval_succeeded = JS_EvaluateUCScriptForPrincipals(cx, js_obj, principals,
script, length,
codebase, 0, &js_val);
if (!eval_succeeded)
goto done;
/* Convert result to a subclass of java.lang.Object */
jsj_ConvertJSValueToJavaObject(cx, jEnv, js_val, jsj_get_jlObject_descriptor(cx, jEnv),
&dummy_cost, &result, &dummy_bool);
done:
if (!jsj_exit_js(cx, jsj_env, &saved_state))
return NS_ERROR_FAILURE;
*pjobj = result;
return NS_OK;
}
@ -430,7 +465,8 @@ nsCLiveconnect::Eval(JNIEnv *jEnv, jsobject obj, const char* codebase, const jch
* in which a applet/bean resides.
*/
NS_METHOD
nsCLiveconnect::GetWindow(JNIEnv *jEnv, void *pJavaObject, jsobject *pobj)
nsCLiveconnect::GetWindow(JNIEnv *jEnv, void *pJavaObject, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jsobject *pobj)
{
char *err_msg = NULL;
JSContext *cx = NULL;
@ -443,7 +479,7 @@ nsCLiveconnect::GetWindow(JNIEnv *jEnv, void *pJavaObject, jsobject *pobj)
{
return NS_ERROR_FAILURE;
}
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state);
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state, principalsArray, numPrincipals, pNSISecurityContext);
if (!jsj_env)
return NS_ERROR_FAILURE;
@ -492,62 +528,6 @@ nsCLiveconnect::FinalizeJSObject(JNIEnv *jEnv, jsobject obj)
return NS_OK;
}
////////////////////////////////////////////////////////////////////////////
// from nsISecureLiveconnect:
NS_METHOD
nsCLiveconnect::Eval(JNIEnv *jEnv, jsobject obj, const jchar *script, jsize length, void **pNSIPrincipaArray,
int numPrincipals, void *pNSISecurityContext, jobject *pjobj)
{
JSContext *cx = NULL;
JSJavaThreadState *jsj_env = NULL;
JSObject *js_obj = (JSObject *)obj;
jsval js_val;
int dummy_cost = 0;
JSBool dummy_bool = PR_FALSE;
JavaToJSSavedState saved_state = {NULL,NULL};
jobject result = NULL;
const char *codebase = NULL;
JSPrincipals *principals = NULL;
JSBool eval_succeeded = PR_FALSE;
if(jEnv == NULL)
{
return NS_ERROR_FAILURE;
}
jsj_env = jsj_enter_js(jEnv, NULL, &cx, NULL, &saved_state);
if (!jsj_env)
return NS_ERROR_FAILURE;
result = NULL;
if (!script) {
JS_ReportError(cx, "illegal null string eval argument");
goto done;
}
/* Set up security stuff */
principals = NULL;
if (JSJ_callbacks->get_JSPrincipals_from_java_caller)
principals = JSJ_callbacks->get_JSPrincipals_from_java_caller(jEnv, cx, pNSIPrincipaArray, numPrincipals, pNSISecurityContext);
codebase = principals ? (const char *)principals->codebase : NULL;
/* Have the JS engine evaluate the unicode string */
eval_succeeded = JS_EvaluateUCScriptForPrincipals(cx, js_obj, principals,
script, length,
codebase, 0, &js_val);
if (!eval_succeeded)
goto done;
/* Convert result to a subclass of java.lang.Object */
jsj_ConvertJSValueToJavaObject(cx, jEnv, js_val, jsj_get_jlObject_descriptor(cx, jEnv),
&dummy_cost, &result, &dummy_bool);
done:
if (!jsj_exit_js(cx, jsj_env, &saved_state))
return NS_ERROR_FAILURE;
*pjobj = result;
return NS_OK;
}
////////////////////////////////////////////////////////////////////////////
// from nsCLiveconnect:
@ -564,20 +544,3 @@ nsCLiveconnect::~nsCLiveconnect()
{
}
PR_BEGIN_EXTERN_C
PR_IMPLEMENT(PRBool)
JSJ_NSISecurityContextImplies(void *pNSISecurityContextIN, const char* target, const char* action)
{
nsISecurityContext *pNSISecurityContext = (nsISecurityContext *)pNSISecurityContextIN;
PRBool bAllowedAccess = PR_FALSE;
if (pNSISecurityContext != NULL)
{
pNSISecurityContext->Implies(target, action, &bAllowedAccess);
}
return bAllowedAccess;
}
PR_END_EXTERN_C

40
js/src/liveconnect/nsCLiveconnect.h
Просмотреть файл

@ -16,12 +16,6 @@
* Reserved.
*/
/*
* This file is part of the Java-vendor-neutral implementation of LiveConnect
*
* It contains class definition implementing the public interface.
*
*/
/*
* This file is part of the Java-vendor-neutral implementation of LiveConnect
*
@ -34,7 +28,6 @@
#define nsCLiveconnect_h___
#include "nsILiveconnect.h"
#include "nsISecureLiveconnect.h"
#include "nsAgg.h"
@ -42,8 +35,7 @@
* nsCLiveconnect implements nsILiveconnect interface for navigator.
* This is used by a JVM to implement netscape.javascript.JSObject functionality.
*/
class nsCLiveconnect :public nsILiveconnect
,public nsISecureLiveconnect{
class nsCLiveconnect :public nsILiveconnect {
public:
////////////////////////////////////////////////////////////////////////////
// from nsISupports and AggregatedQueryInterface:
@ -64,7 +56,8 @@ public:
* wrapped up as java wrapper netscape.javascript.JSObject.
*/
NS_IMETHOD
GetMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, jobject *pjobj);
GetMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jobject *pjobj);
/**
* get member of a Native JSObject for a given index.
@ -75,7 +68,8 @@ public:
* the member.
*/
NS_IMETHOD
GetSlot(JNIEnv *jEnv, jsobject obj, jint slot, jobject *pjobj);
GetSlot(JNIEnv *jEnv, jsobject obj, jint slot, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jobject *pjobj);
/**
* set member of a Native JSObject for a given name.
@ -87,7 +81,8 @@ public:
* then a internal mapping is consulted to convert to a NJSObject.
*/
NS_IMETHOD
SetMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, jobject jobj);
SetMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, jobject jobj, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext);
/**
* set member of a Native JSObject for a given index.
@ -99,7 +94,8 @@ public:
* then a internal mapping is consulted to convert to a NJSObject.
*/
NS_IMETHOD
SetSlot(JNIEnv *jEnv, jsobject obj, jint slot, jobject jobj);
SetSlot(JNIEnv *jEnv, jsobject obj, jint slot, jobject jobj, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext);
/**
* remove member of a Native JSObject for a given name.
@ -108,7 +104,8 @@ public:
* @param name - Name of a member.
*/
NS_IMETHOD
RemoveMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length);
RemoveMember(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext);
/**
* call a method of Native JSObject.
@ -119,7 +116,8 @@ public:
* @param pjobj - return value.
*/
NS_IMETHOD
Call(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, jobjectArray jobjArr, jobject *pjobj);
Call(JNIEnv *jEnv, jsobject obj, const jchar *name, jsize length, jobjectArray jobjArr, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jobject *pjobj);
/**
* Evaluate a script with a Native JS Object representing scope.
@ -131,7 +129,8 @@ public:
* @param pjobj - return value.
*/
NS_IMETHOD
Eval(JNIEnv *jEnv, jsobject jsobj, const char* codebase, const jchar* script, jsize length, jobject *pjobj);
Eval(JNIEnv *jEnv, jsobject obj, const jchar *script, jsize length, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jobject *pjobj);
/**
* Get the window object for a plugin instance.
@ -143,7 +142,8 @@ public:
* in which a applet/bean resides.
*/
NS_IMETHOD
GetWindow(JNIEnv *jEnv, void *pJavaObject, jsobject *pobj);
GetWindow(JNIEnv *jEnv, void *pJavaObject, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jsobject *pobj);
/**
* Get the window object for a plugin instance.
@ -154,12 +154,6 @@ public:
NS_IMETHOD
FinalizeJSObject(JNIEnv *jEnv, jsobject obj);
////////////////////////////////////////////////////////////////////////////
// from nsISecureLiveconnect:
NS_IMETHOD
Eval(JNIEnv *jEnv, jsobject obj, const jchar *script, jsize length, void **pNSIPrincipaArray,
int numPrincipals, void *pNSISecurityContext, jobject *pjobj);
////////////////////////////////////////////////////////////////////////////
// from nsCLiveconnect:

28
js/src/liveconnect/nsILiveconnect.h
Просмотреть файл

@ -45,7 +45,8 @@ public:
* wrapped up as java wrapper netscape.javascript.JSObject.
*/
NS_IMETHOD
GetMember(JNIEnv *jEnv, jsobject jsobj, const jchar *name, jsize length, jobject *pjobj) = 0;
GetMember(JNIEnv *jEnv, jsobject jsobj, const jchar *name, jsize length, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jobject *pjobj) = 0;
/**
* get member of a Native JSObject for a given index.
@ -56,7 +57,8 @@ public:
* the member.
*/
NS_IMETHOD
GetSlot(JNIEnv *jEnv, jsobject jsobj, jint slot, jobject *pjobj) = 0;
GetSlot(JNIEnv *jEnv, jsobject jsobj, jint slot, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jobject *pjobj) = 0;
/**
* set member of a Native JSObject for a given name.
@ -68,7 +70,8 @@ public:
* then a internal mapping is consulted to convert to a NJSObject.
*/
NS_IMETHOD
SetMember(JNIEnv *jEnv, jsobject jsobj, const jchar* name, jsize length, jobject jobj) = 0;
SetMember(JNIEnv *jEnv, jsobject jsobj, const jchar* name, jsize length, jobject jobj, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext) = 0;
/**
* set member of a Native JSObject for a given index.
@ -80,7 +83,8 @@ public:
* then a internal mapping is consulted to convert to a NJSObject.
*/
NS_IMETHOD
SetSlot(JNIEnv *jEnv, jsobject jsobj, jint slot, jobject jobj) = 0;
SetSlot(JNIEnv *jEnv, jsobject jsobj, jint slot, jobject jobj, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext) = 0;
/**
* remove member of a Native JSObject for a given name.
@ -89,7 +93,8 @@ public:
* @param name - Name of a member.
*/
NS_IMETHOD
RemoveMember(JNIEnv *jEnv, jsobject jsobj, const jchar* name, jsize length) = 0;
RemoveMember(JNIEnv *jEnv, jsobject jsobj, const jchar* name, jsize length, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext) = 0;
/**
* call a method of Native JSObject.
@ -100,19 +105,21 @@ public:
* @param pjobj - return value.
*/
NS_IMETHOD
Call(JNIEnv *jEnv, jsobject jsobj, const jchar* name, jsize length, jobjectArray jobjArr, jobject *pjobj) = 0;
Call(JNIEnv *jEnv, jsobject jsobj, const jchar* name, jsize length, jobjectArray jobjArr, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jobject *pjobj) = 0;
/**
* Evaluate a script with a Native JS Object representing scope.
*
* @param obj - A Native JS Object.
* @param pNSIPrincipaArray - Array of principals to be used to compare privileges.
* @param principalsArray - Array of principals to be used to compare privileges.
* @param numPrincipals - Number of principals being passed.
* @param script - Script to be executed.
* @param pjobj - return value.
*/
NS_IMETHOD
Eval(JNIEnv *jEnv, jsobject jsobj, const char* codebase, const jchar* script, jsize length, jobject *pjobj) = 0;
NS_IMETHOD
Eval(JNIEnv *jEnv, jsobject obj, const jchar *script, jsize length, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jobject *pjobj) = 0;
/**
* Get the window object for a plugin instance.
@ -124,7 +131,8 @@ public:
* in which a applet/bean resides.
*/
NS_IMETHOD
GetWindow(JNIEnv *jEnv, void *pJavaObject, jsobject *pobj) = 0;
GetWindow(JNIEnv *jEnv, void *pJavaObject, void* principalsArray[],
int numPrincipals, void *pNSISecurityContext, jsobject *pobj) = 0;
/**
* Get the window object for a plugin instance.

1
js/src/liveconnect/nsISecurityContext.h
Просмотреть файл

@ -28,7 +28,6 @@
#define nsISecurityContext_h___
#include "nsISupports.h"
#include "nsIFactory.h"
class nsISecurityContext : public nsISupports {
public:

99
lib/libmocha/lm_taint.c
Просмотреть файл

@ -45,6 +45,9 @@
#include "jsatom.h"
#include "jsscope.h"
#ifdef OJI
#include "jvmmgr.h"
#endif
#include "nsCaps.h"
extern JRIEnv * LJ_JSJ_CurrentEnv(JSContext * cx);
@ -586,20 +589,18 @@ lm_GetPrincipalsFromStackFrame(JSContext *cx)
*/
JSStackFrame *fp;
JSScript *script;
JSStackFrame *pFrameToStartLooking = JVM_GetStartJSFrameFromParallelStack();
JSStackFrame *pFrameToEndLooking = JVM_GetEndJSFrameFromParallelStack(pFrameToStartLooking);
fp = NULL;
while ((fp = JS_FrameIterator(cx, &fp)) != NULL) {
fp = pFrameToStartLooking;
while ((fp = JS_FrameIterator(cx, &fp)) != pFrameToEndLooking) {
script = JS_GetFrameScript(cx, fp);
if (script) {
return JS_GetScriptPrincipals(cx, script);
}
}
#ifdef JAVA
/* =-= sudu: What do we do here for OJI? Ask raman.
*/
if (JSJ_IsCalledFromJava(cx)) {
return LM_GetJSPrincipalsFromJavaCaller(cx, 0);
}
#ifdef OJI
return JVM_GetJavaPrincipalsFromStack(pFrameToStartLooking);
#endif
return NULL;
@ -1508,6 +1509,7 @@ lm_CanAccessTarget(JSContext *cx, JSTarget target)
return JS_TRUE;
}
/* This array must be kept in sync with the JSTarget enum in jsapi.h */
static char *targetStrings[] = {
"UniversalBrowserRead",
@ -1521,6 +1523,35 @@ static char *targetStrings[] = {
/* See Target.java for more targets */
};
int
findTarget(const char *target)
{
int i=0;
for(i=0; i<JSTARGET_MAX; i++)
{
if (XP_STRCMP(target, targetStrings[i]) == 0)
{
return i;
}
}
return -1;
}
/*
** Exported entry point to support nsISecurityContext::Implies method.
*/
JSBool
LM_CanAccessTargetStr(JSContext *cx, const char *target)
{
int intTarget = findTarget(target);
JSTarget jsTarget;
if(intTarget < 0)
{
return PR_FALSE;
}
jsTarget = (JSTarget)intTarget;
return lm_CanAccessTarget(cx, jsTarget);
}
/*
* If given principals can access the given target, return true. Otherwise
@ -1537,6 +1568,8 @@ principalsCanAccessTarget(JSContext *cx, JSTarget target)
JSStackFrame *fp;
void *annotationRef;
void *principalArray = NULL;
JSStackFrame *pFrameToStartLooking = JVM_GetStartJSFrameFromParallelStack();
JSStackFrame *pFrameToEndLooking = JVM_GetEndJSFrameFromParallelStack(pFrameToStartLooking);
setupJSCapsCallbacks();
@ -1548,8 +1581,8 @@ principalsCanAccessTarget(JSContext *cx, JSTarget target)
/* Find annotation */
annotationRef = NULL;
principalArray = NULL;
fp = NULL;
while ((fp = JS_FrameIterator(cx, &fp)) != NULL) {
fp = pFrameToStartLooking;
while ((fp = JS_FrameIterator(cx, &fp)) != pFrameToEndLooking) {
void *current;
if (JS_GetFrameScript(cx, fp) == NULL)
continue;
@ -1574,34 +1607,26 @@ principalsCanAccessTarget(JSContext *cx, JSTarget target)
if (annotationRef) {
annotation = (struct nsPrivilegeTable *)annotationRef;
} else {
#ifdef JAVA
if (JSJ_IsCalledFromJava(cx)) {
/*
* Call from Java into JS. Just call the Java routine for checking
* privileges.
*/
if (principalArray) {
/*
* Must check that the principals that signed the Java applet are
* a subset of the principals that signed this script.
*/
void *javaPrincipals = NULL;
#ifdef OJI
/*
* Call from Java into JS. Just call the Java routine for checking
* privileges.
*/
if (principalArray) {
/*
* Must check that the principals that signed the Java applet are
* a subset of the principals that signed this script.
*/
void *javaPrincipals = JVM_GetJavaPrincipalsFromStack(pFrameToStartLooking);
/* XXX: The following is a LiveConnect call. We need to find
* out from the VM who the principal is (may be get the
* certificate from VM and create a principal from it).
* Pass that principal to canExtendTrust call. Until this is
* fixed deny the privileged operations from Java to JS.
*/
/* XXX: raman: We need to fix this with LiveConnect integration.
* javaPrincipals = nsCapsGetClassPrincipalsFromStack(cx, 0);
*/
if (!canExtendTrust(cx, javaPrincipals, principalArray)) {
return JS_FALSE;
}
}
return (JSBool)nsCapsIsPrivilegeEnabled(cx, capsTarget, 0);
}
if (!canExtendTrust(cx, javaPrincipals, principalArray)) {
return JS_FALSE;
}
}
/*
* XXX sudu: TODO: Setup the parameters representing a target.
*/
return JVM_NSISecurityContextImplies(pFrameToStartLooking, targetStrings[target], NULL);
#endif /* JAVA */
/* No annotation in stack */
return JS_FALSE;

3
lib/libmocha/lm_win.c
Просмотреть файл

@ -43,10 +43,7 @@
#if defined(JAVA)
#include "jsjava.h"
#elif defined (OJI)
/*
#include "np2.h"
#include "jsjava.h"
*/
#include "jvmmgr.h"
#endif

33
modules/oji/public/Makefile
Просмотреть файл

@ -1,33 +0,0 @@
#
# The contents of this file are subject to the Netscape Public License
# Version 1.0 (the "NPL"); you may not use this file except in
# compliance with the NPL. You may obtain a copy of the NPL at
# http://www.mozilla.org/NPL/
#
# Software distributed under the NPL is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
# for the specific language governing rights and limitations under the
# NPL.
#
# The Initial Developer of this code under the NPL is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All Rights
# Reserved.
#
DEPTH = ../../..
MODULE = oji
EXPORTS = \
nsjvm.h \
nsIJRIPlugin.h \
nsIJVMConsole.h \
nsIJVMManager.h \
nsIJVMPlugin.h \
nsIJVMPluginInstance.h \
nsIJVMPluginTagInfo.h \
nsISymantecDebugManager.h \
nsISymantecDebugger.h
include $(DEPTH)/config/rules.mk

5
modules/oji/public/Makefile.in
Просмотреть файл

@ -33,7 +33,10 @@ EXPORTS = \
nsIJVMPluginInstance.h \
nsIJVMPluginTagInfo.h \
nsISymantecDebugManager.h \
nsISymantecDebugger.h
nsISymantecDebugger.h \
nsISecureJNI2.h \
ProxyJNI.h \
nsIThreadManager.h
EXPORTS := $(addprefix $(srcdir)/, $(EXPORTS))

13
modules/oji/public/ProxyJNI.h
Просмотреть файл

@ -28,16 +28,23 @@
#endif
class nsIJVMPlugin;
class nsISecureJNI2;
/**
* Creates a proxy JNIEnv using the given JVM plugin.
* Creates a proxy JNIEnv using the given JVM plugin, and optional native JNIEnv*.
*/
JNIEnv* CreateProxyJNI(nsIJVMPlugin* jvmPlugin);
JNIEnv* CreateProxyJNI(nsIJVMPlugin* jvmPlugin, nsISecureJNI2* secureEnv = NULL);
/**
* Deletes the proxy JNIEnv. Releases the connection
* to the underlying JVM.
*/
void DeleteProxyJNI(JNIEnv* env);
void DeleteProxyJNI(JNIEnv* proxyEnv);
/**
* Returns the secure env associated with the given proxy env.
*/
nsISecureJNI2* GetSecureEnv(JNIEnv* proxyEnv);
#endif /* PROXY_JNI_H */

5
modules/oji/public/makefile.win
Просмотреть файл

@ -30,7 +30,10 @@ EXPORTS = \
nsIJVMPluginInstance.h \
nsIJVMPluginTagInfo.h \
nsISymantecDebugManager.h \
nsISymantecDebugger.h
nsISymantecDebugger.h \
nsISecureJNI2.h \
ProxyJNI.h \
nsIThreadManager.h
include <$(DEPTH)/config/rules.mak>

7
modules/oji/public/nsIJVMManager.h
Просмотреть файл

@ -49,10 +49,15 @@ enum {
// to JVM plugins for browsers that support JVM plugins.
class nsIJVMPlugin;
class nsISecureJNI2;
class nsIJVMManager : public nsISupports {
public:
/**
* Creates a proxy JNI for a given secure environment.
*/
NS_IMETHOD
CreateProxyJNI(nsISecureJNI2* inSecureEnv, JNIEnv** outProxyEnv) = 0;
};
#define NS_IJVMMANAGER_IID \

10
modules/oji/public/nsIJVMPlugin.h
Просмотреть файл

@ -106,17 +106,23 @@ public:
ReleaseJNIEnv(JNIEnv* env) = 0;
/**
* This creates a new secure communication channel with Java.
* This creates a new secure communication channel with Java. The second parameter,
* nativeEnv, if non-NULL, will be the actual thread for Java communication.
* Otherwise, a new thread should be created.
* @param proxyEnv the env to be used by all clients on the browser side
* @return outSecureEnv the secure environment used by the proxyEnv
*/
NS_IMETHOD
GetSecureJNI(JNIEnv* proxyJNI, nsISecureJNI2* *result) = 0;
CreateSecureEnv(JNIEnv* proxyEnv, nsISecureJNI2* *outSecureEnv) = 0;
/**
* Gives time to the JVM from the main event loop of the browser. This is
* necessary when there aren't any plugin instances around, but Java threads exist.
*/
#ifdef XP_MAC
NS_IMETHOD
SpendTime(PRUint32 timeMillis) = 0;
#endif
};
#define NS_IJVMPLUGIN_IID \

108
modules/oji/src/nsCSecurityContext.cpp Normal file
Просмотреть файл

@ -0,0 +1,108 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All Rights
* Reserved.
*/
/*
*
* It contains the implementation providing nsISecurityCOntext XP-COM interface.
* This file snapshots a JS frame before entering into java.
*
*/
#include <stdlib.h>
#include <string.h>
#include "prtypes.h"
#include "jscntxt.h"
#include "jsdbgapi.h"
#include "libmocha.h"
#include "nsCSecurityContext.h"
static NS_DEFINE_IID(kISecurityContextIID, NS_ISECURITYCONTEXT_IID);
static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID);
////////////////////////////////////////////////////////////////////////////
// from nsISupports
// Thes macro expands to the aggregated query interface scheme.
NS_IMPL_ADDREF(nsCSecurityContext);
NS_IMPL_RELEASE(nsCSecurityContext);
NS_METHOD
nsCSecurityContext::QueryInterface(const nsIID& aIID, void** aInstancePtr)
{
if (NULL == aInstancePtr) {
return NS_ERROR_NULL_POINTER;
}
*aInstancePtr = NULL;
if (aIID.Equals(kISecurityContextIID) ||
aIID.Equals(kISupportsIID)) {
*aInstancePtr = (nsISecurityContext*) this;
AddRef();
return NS_OK;
}
return NS_NOINTERFACE;
}
extern PRUintn tlsIndex2_g;
////////////////////////////////////////////////////////////////////////////
// from nsISecurityContext:
NS_METHOD
nsCSecurityContext::Implies(const char* target, const char* action, PRBool *bAllowedAccess)
{
//TODO: for test purpose only. Remove this stuff.
//*bAllowedAccess = PR_TRUE;
//if(1)
// return NS_OK;
if(m_pJStoJavaFrame == NULL)
{
*bAllowedAccess = PR_FALSE;
return NS_OK;
}
JSContext *pJSContext = LM_GetCrippledContext();
PR_SetThreadPrivate(tlsIndex2_g, (void *)m_pJStoJavaFrame);
*bAllowedAccess = LM_CanAccessTargetStr(pJSContext, target);
PR_SetThreadPrivate(tlsIndex2_g, (void *)NULL);
return NS_OK;
}
////////////////////////////////////////////////////////////////////////////
// from nsCSecurityContext:
extern PRUintn tlsIndex3_g;
nsCSecurityContext::nsCSecurityContext()
: m_pJStoJavaFrame(NULL)
{
NS_INIT_REFCNT();
JSContext *pJSCX = (JSContext *)PR_GetThreadPrivate(tlsIndex3_g);
if (pJSCX == NULL)
{
pJSCX = LM_GetCrippledContext();
}
JSStackFrame *fp = NULL;
m_pJStoJavaFrame = JS_FrameIterator(pJSCX, &fp);
}
nsCSecurityContext::~nsCSecurityContext()
{
}

68
modules/oji/src/nsCSecurityContext.h Normal file
Просмотреть файл

@ -0,0 +1,68 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* The contents of this file are subject to the Netscape Public License
* Version 1.0 (the "NPL"); you may not use this file except in
* compliance with the NPL. You may obtain a copy of the NPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the NPL is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
* for the specific language governing rights and limitations under the
* NPL.
*
* The Initial Developer of this code under the NPL is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All Rights
* Reserved.
*/
/*
*
* It contains the class definition to implement nsISecurityContext XP-COM interface.
*
*/
#ifndef nsCSecurityContext_h___
#define nsCSecurityContext_h___
#include "jsdbgapi.h"
#include "nsISecurityContext.h"
/**
* nsCSecurityContext implements nsISecurityContext interface for navigator.
* This is used by a JVM to implement netscape.javascript.JSObject functionality.
*/
class nsCSecurityContext :public nsISecurityContext {
public:
////////////////////////////////////////////////////////////////////////////
// from nsISupports
NS_DECL_ISUPPORTS
////////////////////////////////////////////////////////////////////////////
// from nsISecurityContext:
/**
* Get the security context to be used in LiveConnect.
* This is used for JavaScript <--> Java.
*
* @param target -- Possible target.
* @param action -- Possible action on the target.
* @return -- NS_OK if the target and action is permitted on the security context.
* -- NS_FALSE otherwise.
*/
NS_IMETHOD Implies(const char* target, const char* action, PRBool *bAllowedAccess);
////////////////////////////////////////////////////////////////////////////
// from nsCSecurityContext:
nsCSecurityContext(void);
virtual ~nsCSecurityContext(void);
protected:
JSStackFrame *m_pJStoJavaFrame;
};
#endif // nsCSecurityContext_h___