diff --git a/mozilla/caps/include/nsCodebasePrincipal.h b/mozilla/caps/include/nsCodebasePrincipal.h index 02795ccf9a5..710c54a6809 100644 --- a/mozilla/caps/include/nsCodebasePrincipal.h +++ b/mozilla/caps/include/nsCodebasePrincipal.h @@ -80,12 +80,14 @@ public: nsresult InitFromPersistent(const char* aPrefName, const char* aID, - const char* aGrantedList, const char* aDeniedList); + const char* aGrantedList, const char* aDeniedList, + PRBool aTrusted); virtual ~nsCodebasePrincipal(void); protected: nsCOMPtr mURI; + PRBool mTrusted; }; #endif // _NS_CODEBASE_PRINCIPAL_H_ diff --git a/mozilla/caps/src/nsCodebasePrincipal.cpp b/mozilla/caps/src/nsCodebasePrincipal.cpp index 5b640615bc5..068da13d520 100644 --- a/mozilla/caps/src/nsCodebasePrincipal.cpp +++ b/mozilla/caps/src/nsCodebasePrincipal.cpp @@ -105,28 +105,32 @@ NS_IMETHODIMP nsCodebasePrincipal::CanEnableCapability(const char *capability, PRInt16 *result) { - // check to see if the codebase principal pref is enabled. - static char pref[] = "signed.applets.codebase_principal_support"; - nsresult rv; - nsCOMPtr prefs(do_GetService("@mozilla.org/preferences;1", &rv)); - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - PRBool enabled; - if (NS_FAILED(prefs->GetBoolPref(pref, &enabled)) || !enabled) - { - // Deny unless subject is executing from file: or resource: - PRBool isFile = PR_FALSE; - PRBool isRes = PR_FALSE; + // Either this principal must be preconfigured as a trusted source + // (mTrusted), or else the codebase principal pref must be enabled + if (!mTrusted) + { + static char pref[] = "signed.applets.codebase_principal_support"; + nsresult rv; + nsCOMPtr prefs(do_GetService("@mozilla.org/preferences;1", &rv)); + if (NS_FAILED(rv)) + return NS_ERROR_FAILURE; + PRBool enabled; + if (NS_FAILED(prefs->GetBoolPref(pref, &enabled)) || !enabled) + { + // Deny unless subject is executing from file: or resource: + PRBool isFile = PR_FALSE; + PRBool isRes = PR_FALSE; - if (NS_FAILED(mURI->SchemeIs("file", &isFile)) || - NS_FAILED(mURI->SchemeIs("resource", &isRes)) || - (!isFile && !isRes)) - { - *result = nsIPrincipal::ENABLE_DENIED; - return NS_OK; + if (NS_FAILED(mURI->SchemeIs("file", &isFile)) || + NS_FAILED(mURI->SchemeIs("resource", &isRes)) || + (!isFile && !isRes)) + { + *result = nsIPrincipal::ENABLE_DENIED; + return NS_OK; + } } } - rv = nsBasePrincipal::CanEnableCapability(capability, result); + nsBasePrincipal::CanEnableCapability(capability, result); if (*result == nsIPrincipal::ENABLE_UNKNOWN) *result = ENABLE_WITH_USER_PERMISSION; return NS_OK; @@ -265,7 +269,7 @@ nsCodebasePrincipal::Write(nsIObjectOutputStream* aStream) // Constructor, Destructor, initialization // ///////////////////////////////////////////// -nsCodebasePrincipal::nsCodebasePrincipal() +nsCodebasePrincipal::nsCodebasePrincipal() : mTrusted(PR_FALSE) { NS_INIT_ISUPPORTS(); } @@ -289,7 +293,8 @@ nsCodebasePrincipal::Init(nsIURI *uri) // This method overrides nsBasePrincipal::InitFromPersistent nsresult nsCodebasePrincipal::InitFromPersistent(const char* aPrefName, const char* aURLStr, - const char* aGrantedList, const char* aDeniedList) + const char* aGrantedList, const char* aDeniedList, + PRBool aTrusted) { nsresult rv; nsCOMPtr uri; @@ -298,6 +303,8 @@ nsCodebasePrincipal::InitFromPersistent(const char* aPrefName, const char* aURLS if (NS_FAILED(rv)) return rv; if (NS_FAILED(Init(uri))) return NS_ERROR_FAILURE; + // XXX: Add check for trusted = SSL only here? + mTrusted = aTrusted; return nsBasePrincipal::InitFromPersistent(aPrefName, aURLStr, aGrantedList, aDeniedList); diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 09dd3020b04..4bea5798a6b 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -2301,13 +2301,18 @@ nsScriptSecurityManager::InitPrincipals(PRUint32 aPrefCount, const char** aPrefN nsISecurityPref* aSecurityPref) { /* This is the principal preference syntax: - * capability.principal.[codebase|certificate]..[id|granted|denied] + * capability.principal.[codebase|codebaseTrusted|certificate]..[id|granted|denied] * For example: * user_pref("capability.principal.certificate.p1.id","12:34:AB:CD"); * user_pref("capability.principal.certificate.p1.granted","Capability1 Capability2"); * user_pref("capability.principal.certificate.p1.denied","Capability3"); */ + /* codebaseTrusted means a codebase principal that can enable capabilities even if + * codebase principals are disabled. Don't use trustedCodebase except with unspoofable + * URLs such as HTTPS URLs. + */ + static const char idSuffix[] = ".id"; for (PRUint32 c = 0; c < aPrefCount; c++) { @@ -2349,6 +2354,7 @@ nsScriptSecurityManager::InitPrincipals(PRUint32 aPrefCount, const char** aPrefN //-- Create a principal based on the prefs static const char certificateName[] = "capability.principal.certificate"; static const char codebaseName[] = "capability.principal.codebase"; + static const char codebaseTrustedName[] = "capability.principal.codebaseTrusted"; nsCOMPtr principal; if (PL_strncmp(aPrefNames[c], certificateName, sizeof(certificateName)-1) == 0) @@ -2362,13 +2368,16 @@ nsScriptSecurityManager::InitPrincipals(PRUint32 aPrefCount, const char** aPrefN NS_RELEASE(certificate); } } else if(PL_strncmp(aPrefNames[c], codebaseName, - sizeof(codebaseName)-1) == 0) + sizeof(codebaseName)-1) == 0) { nsCodebasePrincipal *codebase = new nsCodebasePrincipal(); if (codebase) { NS_ADDREF(codebase); + PRBool trusted = (PL_strncmp(aPrefNames[c], codebaseTrustedName, + sizeof(codebaseTrustedName)-1) == 0); if (NS_SUCCEEDED(codebase->InitFromPersistent(aPrefNames[c], id, - grantedList, deniedList))) + grantedList, deniedList, + trusted))) principal = do_QueryInterface((nsBasePrincipal*)codebase); NS_RELEASE(codebase); }