From 0d04dfcd485c8bd1395d1ce370b823fa2d00a872 Mon Sep 17 00:00:00 2001 From: "mstoltz%netscape.com" Date: Thu, 20 Jul 2000 01:16:15 +0000 Subject: [PATCH] fix for 42387, r=dveditz git-svn-id: svn://10.0.0.236/trunk@74510 18797224-902f-48f8-a5cc-f745e15eee43 --- .../caps/include/nsScriptSecurityManager.h | 6 +- mozilla/caps/src/nsScriptSecurityManager.cpp | 61 +++++++++++-------- .../psm-glue/src/nsPSMComponent.cpp | 25 +++++--- .../psm-glue/src/nsSecureBrowserUIImpl.cpp | 20 +++--- .../psm-glue/src/nsSecureBrowserUIImpl.h | 4 +- mozilla/modules/libpref/public/MANIFEST_IDL | 3 +- mozilla/modules/libpref/public/Makefile.in | 2 +- mozilla/modules/libpref/public/makefile.win | 2 +- mozilla/modules/libpref/public/nsIPref.idl | 9 --- .../libpref/public/nsISecurityPref.idl | 45 ++++++++++++++ mozilla/modules/libpref/src/nsPref.cpp | 60 +++++++++++------- 11 files changed, 157 insertions(+), 80 deletions(-) create mode 100644 mozilla/modules/libpref/public/nsISecurityPref.idl diff --git a/mozilla/caps/include/nsScriptSecurityManager.h b/mozilla/caps/include/nsScriptSecurityManager.h index 32d1f344f87..49850a12469 100644 --- a/mozilla/caps/include/nsScriptSecurityManager.h +++ b/mozilla/caps/include/nsScriptSecurityManager.h @@ -45,7 +45,7 @@ #include "nsDOMPropEnums.h" #include "nsCOMPtr.h" -class nsIPref; +class nsISecurityPref; ///////////////////// // nsIPrincipalKey // @@ -163,13 +163,13 @@ private: PrincipalPrefChanged(const char *pref, void *data); nsObjectHashtable *mOriginToPolicyMap; - nsIPref *mPrefs; + nsISecurityPref *mPrefs; nsIPrincipal *mSystemPrincipal; nsCOMPtr mSystemCertificate; nsSupportsHashtable *mPrincipals; PRBool mIsJavaScriptEnabled; PRBool mIsMailJavaScriptEnabled; - PRBool mIsAccessingPrefs; + PRBool mIsWritingPrefs; unsigned char hasDomainPolicyVector[(NS_DOM_PROP_MAX >> 3) + 1]; }; diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 217e83a2de6..9598d73b472 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -25,7 +25,6 @@ #include "nsScriptSecurityManager.h" #include "nsIServiceManager.h" #include "nsIScriptObjectOwner.h" -#include "nsIPref.h" #include "nsIURL.h" #include "nsIJARURI.h" #include "nspr.h" @@ -36,6 +35,7 @@ #include "nsCodebasePrincipal.h" #include "nsCertificatePrincipal.h" #include "nsAggregatePrincipal.h" +#include "nsISecurityPref.h" #include "nsCRT.h" #include "nsXPIDLString.h" #include "nsIJSContextStack.h" @@ -552,7 +552,7 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aFromURI, nsIURI *aURI, case PrefAccess: // Allow access if pref is set NS_ASSERTION(mPrefs,"nsScriptSecurityManager::mPrefs not initialized"); - mPrefs->GetSecBoolPref("security.checkloaduri", &doCheck); + mPrefs->SecurityGetBoolPref("security.checkloaduri", &doCheck); if (!doCheck) return NS_OK; // Otherwise fall through to Deny. @@ -1398,7 +1398,7 @@ nsScriptSecurityManager::nsScriptSecurityManager(void) mSystemPrincipal(nsnull), mPrincipals(nsnull), mIsJavaScriptEnabled(PR_FALSE), mIsMailJavaScriptEnabled(PR_FALSE), - mIsAccessingPrefs(PR_FALSE) + mIsWritingPrefs(PR_FALSE) { NS_INIT_REFCNT(); memset(hasDomainPolicyVector, 0, sizeof(hasDomainPolicyVector)); @@ -1556,10 +1556,10 @@ nsScriptSecurityManager::GetSecurityLevel(nsIPrincipal *principal, PRInt32 secLevel; char *secLevelString; nsresult rv; - rv = mPrefs->CopySecCharPref(prefName, &secLevelString); + rv = mPrefs->SecurityCopyCharPref(prefName, &secLevelString); if (NS_FAILED(rv)) { prefName += (isWrite ? ".write" : ".read"); - rv = mPrefs->CopySecCharPref(prefName, &secLevelString); + rv = mPrefs->SecurityCopyCharPref(prefName, &secLevelString); } if (NS_SUCCEEDED(rv) && secLevelString) { if (PL_strcmp(secLevelString, "sameOrigin") == 0) @@ -1601,7 +1601,7 @@ nsScriptSecurityManager::CheckXPCPermissions(JSContext *aJSContext, PRBool allow = PR_FALSE; //XXX May want to store the value of the pref in a local, // this will help performance when dealing with plugins. - rv = mPrefs->GetSecBoolPref("security.xpconnect.plugin.unrestricted", &allow); + rv = mPrefs->SecurityGetBoolPref("security.xpconnect.plugin.unrestricted", &allow); if (NS_SUCCEEDED(rv) && allow) return NS_OK; } @@ -1732,23 +1732,23 @@ nsScriptSecurityManager::SavePrincipal(nsIPrincipal* aToSave) getter_Copies(deniedPrefName) ); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - mIsAccessingPrefs = PR_TRUE; + mIsWritingPrefs = PR_TRUE; if (grantedList) - mPrefs->SetSecCharPref(grantedPrefName, grantedList); + mPrefs->SecuritySetCharPref(grantedPrefName, grantedList); else - mPrefs->ClearSecUserPref(grantedPrefName); + mPrefs->SecurityClearUserPref(grantedPrefName); if (deniedList) - mPrefs->SetSecCharPref(deniedPrefName, deniedList); + mPrefs->SecuritySetCharPref(deniedPrefName, deniedList); else - mPrefs->ClearSecUserPref(deniedPrefName); + mPrefs->SecurityClearUserPref(deniedPrefName); if (grantedList || deniedList) - mPrefs->SetSecCharPref(idPrefName, id); + mPrefs->SecuritySetCharPref(idPrefName, id); else - mPrefs->ClearSecUserPref(idPrefName); + mPrefs->SecurityClearUserPref(idPrefName); - mIsAccessingPrefs = PR_FALSE; + mIsWritingPrefs = PR_FALSE; return mPrefs->SavePrefFile(); } @@ -1827,7 +1827,7 @@ nsScriptSecurityManager::EnumeratePolicyCallback(const char *prefName, return; } char *s; - if (NS_FAILED(mgr->mPrefs->CopySecCharPref(prefName, &s))) + if (NS_FAILED(mgr->mPrefs->SecurityCopyCharPref(prefName, &s))) return; char *q=s; char *r=s; @@ -1924,7 +1924,7 @@ struct EnumeratePrincipalsInfo { // this struct doesn't own these objects; consider them parameters on // the stack nsSupportsHashtable *ht; - nsIPref *prefs; + nsISecurityPref *prefs; }; void @@ -1946,7 +1946,7 @@ nsScriptSecurityManager::EnumeratePrincipalsCallback(const char *prefName, return; char* id; - if (NS_FAILED(info->prefs->CopySecCharPref(prefName, &id))) + if (NS_FAILED(info->prefs->SecurityCopyCharPref(prefName, &id))) return; nsXPIDLCString grantedPrefName; @@ -1957,10 +1957,21 @@ nsScriptSecurityManager::EnumeratePrincipalsCallback(const char *prefName, return; char* grantedList = nsnull; - info->prefs->CopySecCharPref(grantedPrefName, &grantedList); + info->prefs->SecurityCopyCharPref(grantedPrefName, &grantedList); char* deniedList = nsnull; - info->prefs->CopySecCharPref(deniedPrefName, &deniedList); + info->prefs->SecurityCopyCharPref(deniedPrefName, &deniedList); + //-- Delete prefs if their value is the empty string + if ((!id || id[0] == '\0') || + ((!grantedList || grantedList[0] == '\0') && (!deniedList || deniedList[0] == '\0'))) + { + info->prefs->SecurityClearUserPref(prefName); + info->prefs->SecurityClearUserPref(grantedPrefName); + info->prefs->SecurityClearUserPref(deniedPrefName); + return; + } + + //-- Create a principal based on the prefs static const char certificateName[] = "security.principal.certificate"; static const char codebaseName[] = "security.principal.codebase"; nsCOMPtr principal; @@ -2004,15 +2015,15 @@ nsScriptSecurityManager::JSEnabledPrefChanged(const char *pref, void *data) { nsScriptSecurityManager *secMgr = (nsScriptSecurityManager *) data; - if (NS_FAILED(secMgr->mPrefs->GetSecBoolPref(jsEnabledPrefName, - &secMgr->mIsJavaScriptEnabled))) + if (NS_FAILED(secMgr->mPrefs->SecurityGetBoolPref(jsEnabledPrefName, + &secMgr->mIsJavaScriptEnabled))) { // Default to enabled. secMgr->mIsJavaScriptEnabled = PR_TRUE; } - if (NS_FAILED(secMgr->mPrefs->GetSecBoolPref(jsMailEnabledPrefName, - &secMgr->mIsMailJavaScriptEnabled))) + if (NS_FAILED(secMgr->mPrefs->SecurityGetBoolPref(jsMailEnabledPrefName, + &secMgr->mIsMailJavaScriptEnabled))) { // Default to enabled. secMgr->mIsMailJavaScriptEnabled = PR_TRUE; @@ -2025,7 +2036,7 @@ int PR_CALLBACK nsScriptSecurityManager::PrincipalPrefChanged(const char *pref, void *data) { nsScriptSecurityManager *secMgr = (nsScriptSecurityManager *) data; - if (secMgr->mIsAccessingPrefs) + if (secMgr->mIsWritingPrefs) return 0; char* lastDot = PL_strrchr(pref, '.'); @@ -2063,7 +2074,7 @@ nsScriptSecurityManager::InitFromPrefs() #endif nsresult rv; - NS_WITH_SERVICE(nsIPref, prefs, kPrefServiceCID, &rv); + NS_WITH_SERVICE(nsISecurityPref, prefs, kPrefServiceCID, &rv); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; diff --git a/mozilla/extensions/psm-glue/src/nsPSMComponent.cpp b/mozilla/extensions/psm-glue/src/nsPSMComponent.cpp index 6e44ffa2fb6..837b4ddd997 100644 --- a/mozilla/extensions/psm-glue/src/nsPSMComponent.cpp +++ b/mozilla/extensions/psm-glue/src/nsPSMComponent.cpp @@ -56,6 +56,7 @@ #include "nsICertificatePrincipal.h" #include "nsIProtocolProxyService.h" +#include "nsXPIDLString.h" #define PSM_VERSION_REG_KEY "/Netscape/Personal Security Manager" @@ -887,12 +888,26 @@ nsPSMComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen, SSM_FID_CERT_FINGERPRINT, &fingerprint); if (result != CMTSuccess) return NS_ERROR_FAILURE; + CMTItem common; + result = CMT_GetStringAttribute(controlConnection, certID, + SSM_FID_CERT_COMMON_NAME, &common); + if (result != CMTSuccess) return NS_ERROR_FAILURE; + + //-- Unique cert ID for caps module is common name + fingerprint + nsCAutoString uniqueID; + uniqueID = (char*)common.data; + uniqueID.Append('/'); + uniqueID.Append((char*)fingerprint.data); + nsXPIDLCString uniqueIDChar; + uniqueIDChar = uniqueID.ToNewCString(); + if (!uniqueIDChar) return NS_ERROR_OUT_OF_MEMORY; + //-- Get a principal nsresult rv; NS_WITH_SERVICE(nsIScriptSecurityManager, secMan, NS_SCRIPTSECURITYMANAGER_PROGID, &rv) if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - rv = secMan->GetCertificatePrincipal((char*)fingerprint.data, + rv = secMan->GetCertificatePrincipal(uniqueIDChar, aPrincipal); if (NS_FAILED(rv)) return rv; @@ -901,10 +916,6 @@ nsPSMComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen, nsCOMPtr certificate = do_QueryInterface(*aPrincipal, &rv); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - CMTItem common; - result = CMT_GetStringAttribute(controlConnection, certID, - SSM_FID_CERT_COMMON_NAME, &common); - if (result != CMTSuccess) return NS_ERROR_FAILURE; CMTItem subject; result = CMT_GetStringAttribute(controlConnection, certID, SSM_FID_CERT_SUBJECT_NAME, &subject); @@ -926,10 +937,10 @@ nsPSMComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen, commonName.Append(' '); commonName.Append(orgUnitPos, orgUnitLen); } - char* commonChar = commonName.ToNewCString(); + nsXPIDLCString commonChar; + commonChar = commonName.ToNewCString(); if (!commonChar) return NS_ERROR_OUT_OF_MEMORY; rv = certificate->SetCommonName(commonChar); - Recycle(commonChar); return rv; } diff --git a/mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.cpp b/mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.cpp index c7aa14caeb9..e94d638ad05 100644 --- a/mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.cpp +++ b/mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.cpp @@ -58,7 +58,7 @@ #include "nsINetSupportDialogService.h" #include "nsIPrompt.h" #include "nsICommonDialogs.h" -#include "nsIPref.h" +#include "nsISecurityPref.h" #include "nsIFormSubmitObserver.h" @@ -160,7 +160,7 @@ nsSecureBrowserUIImpl::Init(nsIDOMWindow *window, nsIDOMElement *button, nsIDOME mWindow = window; nsresult rv = nsServiceManager::GetService( kPrefCID, - NS_GET_IID(nsIPref), + NS_GET_IID(nsISecurityPref), getter_AddRefs(mPref)); if (NS_FAILED(rv)) return rv; @@ -518,7 +518,7 @@ nsSecureBrowserUIImpl::CheckProtocolContextSwitch( nsIURI* newURI, nsIURI* oldUR mSecurityButton->RemoveAttribute( NS_ConvertASCIItoUCS2("level") ); mCertificateAuthorityDisplay->SetAttribute( NS_ConvertASCIItoUCS2("value"), NS_ConvertASCIItoUCS2("") ); - if ((mPref->GetBoolPref(LEAVE_SITE_PREF, &boolpref) != 0)) + if ((mPref->SecurityGetBoolPref(LEAVE_SITE_PREF, &boolpref) != 0)) boolpref = PR_TRUE; if (boolpref) @@ -541,7 +541,7 @@ nsSecureBrowserUIImpl::CheckProtocolContextSwitch( nsIURI* newURI, nsIURI* oldUR &outCheckValue); if (!outCheckValue) { - mPref->SetBoolPref(LEAVE_SITE_PREF, PR_FALSE); + mPref->SecuritySetBoolPref(LEAVE_SITE_PREF, PR_FALSE); NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &res); if (NS_FAILED(res)) return res; @@ -552,7 +552,7 @@ nsSecureBrowserUIImpl::CheckProtocolContextSwitch( nsIURI* newURI, nsIURI* oldUR // check to see if we are going from an insecure page to a secure one. else if (isNewSchemeSecure && !isOldSchemeSecure) { - if ((mPref->GetBoolPref(ENTER_SITE_PREF, &boolpref) != 0)) + if ((mPref->SecurityGetBoolPref(ENTER_SITE_PREF, &boolpref) != 0)) boolpref = PR_TRUE; if (boolpref) @@ -576,7 +576,7 @@ nsSecureBrowserUIImpl::CheckProtocolContextSwitch( nsIURI* newURI, nsIURI* oldUR if (!outCheckValue) { - mPref->SetBoolPref(ENTER_SITE_PREF, PR_FALSE); + mPref->SecuritySetBoolPref(ENTER_SITE_PREF, PR_FALSE); NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &res); if (NS_FAILED(res)) return res; @@ -608,7 +608,7 @@ nsSecureBrowserUIImpl::CheckMixedContext(nsIURI* nextURI) if (!mPref) return NS_ERROR_NULL_POINTER; PRBool boolpref; - if ((mPref->GetBoolPref(MIXEDCONTENT_PREF, &boolpref) != 0)) + if ((mPref->SecurityGetBoolPref(MIXEDCONTENT_PREF, &boolpref) != 0)) boolpref = PR_TRUE; if (boolpref && !mMixContentAlertShown) @@ -632,7 +632,7 @@ nsSecureBrowserUIImpl::CheckMixedContext(nsIURI* nextURI) &outCheckValue); if (!outCheckValue) { - mPref->SetBoolPref(MIXEDCONTENT_PREF, PR_FALSE); + mPref->SecuritySetBoolPref(MIXEDCONTENT_PREF, PR_FALSE); NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &rv); if (NS_FAILED(rv)) return rv; @@ -663,7 +663,7 @@ nsSecureBrowserUIImpl::CheckPost(nsIURI *actionURL, PRBool *okayToPost) PRBool boolpref = PR_TRUE; // posting to a non https URL. - mPref->GetBoolPref(INSECURE_SUBMIT_PREF, &boolpref); + mPref->SecurityGetBoolPref(INSECURE_SUBMIT_PREF, &boolpref); if (boolpref) { NS_WITH_SERVICE(nsICommonDialogs, dialog, kCommonDialogsCID, &rv); @@ -691,7 +691,7 @@ nsSecureBrowserUIImpl::CheckPost(nsIURI *actionURL, PRBool *okayToPost) okayToPost); if (!outCheckValue) { - mPref->SetBoolPref(INSECURE_SUBMIT_PREF, PR_FALSE); + mPref->SecuritySetBoolPref(INSECURE_SUBMIT_PREF, PR_FALSE); NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &rv); if (NS_FAILED(rv)) return rv; diff --git a/mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.h b/mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.h index b49b5189299..d76bd78a3f3 100644 --- a/mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.h +++ b/mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.h @@ -35,7 +35,7 @@ #include "nsIStringBundle.h" #include "nsISecureBrowserUI.h" #include "nsIDocShell.h" -#include "nsIPref.h" +#include "nsISecurityPref.h" #include "nsIWebProgressListener.h" #include "nsIFormSubmitObserver.h" #include "nsIURI.h" @@ -76,7 +76,7 @@ protected: nsCOMPtr mSecurityButton; nsCOMPtr mCertificateAuthorityDisplay; nsCOMPtr mOldWebShellObserver; - nsCOMPtr mPref; + nsCOMPtr mPref; nsCOMPtr mStringBundle; nsCOMPtr mCurrentURI; diff --git a/mozilla/modules/libpref/public/MANIFEST_IDL b/mozilla/modules/libpref/public/MANIFEST_IDL index e09d8882c3c..cc560983a31 100644 --- a/mozilla/modules/libpref/public/MANIFEST_IDL +++ b/mozilla/modules/libpref/public/MANIFEST_IDL @@ -2,4 +2,5 @@ # This is a list of local files which get copied to the mozilla:idl directory # -nsIPref.idl \ No newline at end of file +nsIPref.idl +nsISecurityPref.idl diff --git a/mozilla/modules/libpref/public/Makefile.in b/mozilla/modules/libpref/public/Makefile.in index 0f26cda440d..153aa392613 100644 --- a/mozilla/modules/libpref/public/Makefile.in +++ b/mozilla/modules/libpref/public/Makefile.in @@ -28,7 +28,7 @@ include $(DEPTH)/config/autoconf.mk MODULE = pref -XPIDLSRCS = nsIPref.idl +XPIDLSRCS = nsIPref.idl nsISecurityPref.idl EXPORTS = prefldap.h EXPORTS := $(addprefix $(srcdir)/, $(EXPORTS)) diff --git a/mozilla/modules/libpref/public/makefile.win b/mozilla/modules/libpref/public/makefile.win index 7b12052dbfd..c810e1919c7 100644 --- a/mozilla/modules/libpref/public/makefile.win +++ b/mozilla/modules/libpref/public/makefile.win @@ -24,7 +24,7 @@ MODULE=pref DEPTH=..\..\.. EXPORTS=prefldap.h -XPIDLSRCS = .\nsIPref.idl +XPIDLSRCS = .\nsIPref.idl .\nsISecurityPref.idl include <$(DEPTH)\config\config.mak> include <$(DEPTH)\config\rules.mak> diff --git a/mozilla/modules/libpref/public/nsIPref.idl b/mozilla/modules/libpref/public/nsIPref.idl index 4a49d0bb394..439b7c17584 100644 --- a/mozilla/modules/libpref/public/nsIPref.idl +++ b/mozilla/modules/libpref/public/nsIPref.idl @@ -124,15 +124,6 @@ interface nsIPref : nsISupports { nsIFileSpec GetFilePref(in string pref); void SetFilePref(in string pref, in nsIFileSpec value, in boolean setDefault); - /* Security Prefs Access - These are here to support nsScriptSecurityManager and are insecure if used elsewhere. - Please do not call these functions from elsewhere. - */ - [noscript] boolean GetSecBoolPref(in string pref); - [noscript] string CopySecCharPref(in string pref); - [noscript] void SetSecCharPref(in string pref, in string value); - [noscript] void ClearSecUserPref(in string pref_name); - /* pref attributes */ boolean PrefIsLocked(in string pref); diff --git a/mozilla/modules/libpref/public/nsISecurityPref.idl b/mozilla/modules/libpref/public/nsISecurityPref.idl new file mode 100644 index 00000000000..7f5c2afe9ad --- /dev/null +++ b/mozilla/modules/libpref/public/nsISecurityPref.idl @@ -0,0 +1,45 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * The contents of this file are subject to the Netscape Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/NPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is mozilla.org code. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1998 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + */ + +#include "nsIPref.idl" + +/* + * Interface for accessing preferences, bypassing the ususl security check + * on prefs starting with "security". This interface is used by caps and + * psm-glue, which need unchecked access to security prefs. + * *PLEASE* do not call this interface from any other file, as this + * would be insecure. + * + * THIS INTERFACE SHOULD NEVER BE MADE SCRIPTABLE + */ +[uuid(94afd973-8045-4c6c-89e6-75bdced4209e)] +interface nsISecurityPref : nsIPref { + + boolean SecurityGetBoolPref(in string pref); + void SecuritySetBoolPref(in string pref, in boolean value); + string SecurityCopyCharPref(in string pref); + void SecuritySetCharPref(in string pref, in string value); + long SecurityGetIntPref(in string pref); + void SecuritySetIntPref(in string pref, in long value); + void SecurityClearUserPref(in string pref_name); + +}; diff --git a/mozilla/modules/libpref/src/nsPref.cpp b/mozilla/modules/libpref/src/nsPref.cpp index 17c268e3350..726792b7127 100644 --- a/mozilla/modules/libpref/src/nsPref.cpp +++ b/mozilla/modules/libpref/src/nsPref.cpp @@ -33,7 +33,7 @@ * use in OS2 */ -#include "nsIPref.h" +#include "nsISecurityPref.h" #include "nsIFileSpec.h" #include "nsIModule.h" @@ -93,7 +93,7 @@ static NS_DEFINE_CID(kSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID); static NS_DEFINE_CID(kStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID); //======================================================================================== -class nsPref: public nsIPref +class nsPref: public nsISecurityPref //======================================================================================== { NS_DECL_ISUPPORTS @@ -103,6 +103,7 @@ public: /* Use xpidl-generated macro to declare everything required by nsIPref */ NS_DECL_NSIPREF + NS_DECL_NSISECURITYPREF protected: @@ -128,7 +129,7 @@ protected: nsresult useUserPrefFile(); nsresult useLockPrefFile(); nsresult getLockPrefFileInfo(); - nsresult SecurePrefCheck(const char* aPrefName); + inline static nsresult SecurePrefCheck(const char* aPrefName); static nsPref *gInstance; @@ -465,21 +466,21 @@ nsresult nsPref::SecurePrefCheck(const char* aPrefName) //---------------------------------------------------------------------------------------- { static const char securityPrefix[] = "security."; - if (PL_strnstr(aPrefName, securityPrefix, sizeof(securityPrefix)) == 0) - return NS_OK; - - // XXX: Need error reporting somehow. - nsresult rv; - NS_WITH_SERVICE(nsIScriptSecurityManager, secMan, kSecurityManagerCID, &rv); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - PRBool enabled; - rv = secMan->IsCapabilityEnabled("SecurityPreferencesAccess", &enabled); - if (NS_FAILED(rv) || !enabled) - return NS_ERROR_FAILURE; + if ((aPrefName[0] == 's' || aPrefName[0] == 'S') && + PL_strncasecmp(aPrefName, securityPrefix, sizeof(securityPrefix)-1) == 0) + { + nsresult rv; + NS_WITH_SERVICE(nsIScriptSecurityManager, secMan, kSecurityManagerCID, &rv); + if (NS_FAILED(rv)) return NS_ERROR_FAILURE; + PRBool enabled; + rv = secMan->IsCapabilityEnabled("SecurityPreferencesAccess", &enabled); + if (NS_FAILED(rv) || !enabled) + return NS_ERROR_FAILURE; + } return NS_OK; } -NS_IMPL_THREADSAFE_ISUPPORTS(nsPref, NS_GET_IID(nsIPref)); +NS_IMPL_THREADSAFE_ISUPPORTS2(nsPref, nsIPref, nsISecurityPref); //======================================================================================== // nsIPref Implementation @@ -1043,15 +1044,22 @@ NS_IMETHODIMP nsPref::SetFilePref(const char *pref_name, } /* - * Pref access without security check - these are here to support nsScriptSecurityManager. - * Please don't call them from elsewhere. + * Pref access without security check - these are here + * to support nsScriptSecurityManager and psm_glue + * These functions are part of nsISecurityPref, not nsIPref. + * **PLEASE** do not call these functions from elsewhere */ -NS_IMETHODIMP nsPref::GetSecBoolPref(const char *pref, PRBool * return_val) +NS_IMETHODIMP nsPref::SecurityGetBoolPref(const char *pref, PRBool * return_val) { return _convertRes(PREF_GetBoolPref(pref, return_val, PR_FALSE)); } -NS_IMETHODIMP nsPref::CopySecCharPref(const char *pref, char ** return_buf) +NS_IMETHODIMP nsPref::SecuritySetBoolPref(const char *pref, PRBool value) +{ + return _convertRes(PREF_SetBoolPref(pref, value)); +} + +NS_IMETHODIMP nsPref::SecurityCopyCharPref(const char *pref, char ** return_buf) { #if defined(DEBUG_tao_) checkPref("CopyCharPref", pref); @@ -1059,12 +1067,22 @@ NS_IMETHODIMP nsPref::CopySecCharPref(const char *pref, char ** return_buf) return _convertRes(PREF_CopyCharPref(pref, return_buf, PR_FALSE)); } -NS_IMETHODIMP nsPref::SetSecCharPref(const char *pref,const char* value) +NS_IMETHODIMP nsPref::SecuritySetCharPref(const char *pref, const char* value) { return _convertRes(PREF_SetCharPref(pref, value)); } -NS_IMETHODIMP nsPref::ClearSecUserPref(const char *pref_name) +NS_IMETHODIMP nsPref::SecurityGetIntPref(const char *pref, PRInt32 * return_val) +{ + return _convertRes(PREF_GetIntPref(pref, return_val, PR_FALSE)); +} + +NS_IMETHODIMP nsPref::SecuritySetIntPref(const char *pref, PRInt32 value) +{ + return _convertRes(PREF_SetIntPref(pref, value)); +} + +NS_IMETHODIMP nsPref::SecurityClearUserPref(const char *pref_name) { return _convertRes(PREF_ClearUserPref(pref_name)); }