From 3a6d863c139a2b01d6052c8b89fcc1fe38cf8bd2 Mon Sep 17 00:00:00 2001 From: "norris%netscape.com" Date: Sun, 29 Aug 1999 21:58:42 +0000 Subject: [PATCH] * clean up nsScriptSecurityManager * remove nsJSSecurityManager * save principals in nsIChannels and nsIDocuments git-svn-id: svn://10.0.0.236/trunk@45080 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/caps/idl/nsIPrincipal.idl | 21 +- mozilla/caps/idl/nsIScriptSecurityManager.idl | 23 +- mozilla/caps/include/nsCaps.h | 3 - mozilla/caps/include/nsCodebasePrincipal.h | 32 +- mozilla/caps/include/nsJSPrincipals.h | 2 +- mozilla/caps/include/nsPrincipalArray.h | 4 +- .../caps/include/nsScriptSecurityManager.h | 47 +- mozilla/caps/src/nsCCapsManager.cpp | 5 +- mozilla/caps/src/nsCaps.cpp | 7 - mozilla/caps/src/nsCertificatePrincipal.cpp | 23 +- mozilla/caps/src/nsCodebasePrincipal.cpp | 181 +- mozilla/caps/src/nsJSPrincipals.cpp | 32 +- mozilla/caps/src/nsPrincipalManager.cpp | 13 +- mozilla/caps/src/nsPrivilegeManager.cpp | 4 + mozilla/caps/src/nsScriptSecurityManager.cpp | 760 ++---- mozilla/caps/src/nsTarget.cpp | 2 +- mozilla/caps/src/nsUserTarget.cpp | 4 +- .../chrome/src/nsChromeProtocolHandler.cpp | 20 + mozilla/content/base/public/nsIDocument.h | 6 + mozilla/content/base/src/nsDocument.cpp | 7 + mozilla/content/base/src/nsDocument.h | 7 + .../events/src/nsEventListenerManager.cpp | 11 +- .../xul/document/src/nsXULDocument.cpp | 17 + mozilla/dom/macbuild/dom.toc | 1 - .../dom/public/nsIScriptGlobalObjectData.h | 5 +- mozilla/dom/src/base/Makefile.in | 1 - mozilla/dom/src/base/makefile.win | 2 - mozilla/dom/src/base/nsGlobalWindow.cpp | 109 +- mozilla/dom/src/base/nsGlobalWindow.h | 7 +- mozilla/dom/src/base/nsJSEnvironment.cpp | 73 +- mozilla/dom/src/base/nsJSEnvironment.h | 1 + mozilla/dom/src/base/nsJSSecurityManager.cpp | 2285 ----------------- mozilla/dom/src/base/nsJSSecurityManager.h | 150 -- mozilla/layout/base/public/nsIDocument.h | 6 + mozilla/layout/base/src/nsDocument.cpp | 7 + mozilla/layout/base/src/nsDocument.h | 7 + .../events/src/nsEventListenerManager.cpp | 11 +- .../forms/src/nsGfxAutoTextControlFrame.cpp | 9 +- mozilla/modules/libpref/src/win/winpref.js | 55 +- mozilla/netwerk/base/public/nsIChannel.idl | 8 + .../netwerk/base/src/nsInputStreamChannel.cpp | 13 + .../netwerk/base/src/nsSocketTransport.cpp | 13 + .../protocol/file/src/nsFileChannel.cpp | 21 +- .../netwerk/protocol/file/src/nsFileChannel.h | 1 + .../netwerk/protocol/ftp/src/nsFTPChannel.cpp | 14 + .../protocol/http/src/nsHTTPChannel.cpp | 13 + .../chrome/src/nsChromeProtocolHandler.cpp | 20 + mozilla/rdf/content/src/nsXULDocument.cpp | 17 + 48 files changed, 790 insertions(+), 3290 deletions(-) delete mode 100644 mozilla/dom/src/base/nsJSSecurityManager.cpp delete mode 100644 mozilla/dom/src/base/nsJSSecurityManager.h diff --git a/mozilla/caps/idl/nsIPrincipal.idl b/mozilla/caps/idl/nsIPrincipal.idl index 4b32837ee39..ce849f101ca 100644 --- a/mozilla/caps/idl/nsIPrincipal.idl +++ b/mozilla/caps/idl/nsIPrincipal.idl @@ -15,7 +15,7 @@ * Copyright (C) 1999 Netscape Communications Corporation. All Rights * Reserved. */ -/*defines interfaces for codebase and certificate principals*/ +/* Defines interfaces for codebase and certificate principals */ #include "nsISupports.idl" interface nsIURI; %{C++ @@ -26,19 +26,8 @@ struct JSPrincipals; [uuid(ff9313d0-25e1-11d2-8160-006008119d7a)] interface nsIPrincipal : nsISupports { - const short PrincipalType_Unknown=0; - const short PrincipalType_CodebaseExact=1; - const short PrincipalType_CodebaseRegex=2; - const short PrincipalType_Certificate=3; - const short PrincipalType_CertificateFingerPrint=4; - const short PrincipalType_CertificateKey=5; - const short PrincipalType_CertificateChain=6; - - void ToJSPrincipal(out JSPrincipals jsprin); - void GetType(out short type); - void IsSecure(out boolean result); + void GetJSPrincipals(out JSPrincipals jsprin); void ToString(out string result); - void HashCode(out unsigned long code); void Equals(in nsIPrincipal other, out boolean result); }; @@ -49,10 +38,8 @@ interface nsIPrincipal : nsISupports { [uuid(829fe440-25e1-11d2-8160-006008119d7a)] interface nsICodebasePrincipal : nsIPrincipal { - void GetURLString(out string ppCodeBaseURL); - void GetURL(out nsIURI url); - void IsCodebaseExact(out boolean result); - void IsCodebaseRegex(out boolean result); + void GetURI(out nsIURI url); + void SameOrigin(in nsIPrincipal other, out boolean result); }; %{C++ diff --git a/mozilla/caps/idl/nsIScriptSecurityManager.idl b/mozilla/caps/idl/nsIScriptSecurityManager.idl index 4795f2be5aa..5674e5b96ff 100644 --- a/mozilla/caps/idl/nsIScriptSecurityManager.idl +++ b/mozilla/caps/idl/nsIScriptSecurityManager.idl @@ -38,11 +38,13 @@ struct JSObject; [uuid(58df5780-8006-11d2-bd91-00805f8ae3f4)] interface nsIScriptSecurityManager : nsISupports { + // NB TODO: Change to string representation const short SCRIPT_SECURITY_ALL_ACCESS = 0 << 0; const short SCRIPT_SECURITY_NO_ACCESS = 1 << 0; const short SCRIPT_SECURITY_SAME_DOMAIN_ACCESS = 1 << 1; const short SCRIPT_SECURITY_SIGNED_ACCESS = 1 << 2; + // NB TODO: Move to Capabilities manager const short eJSTarget_UniversalBrowserRead=0; const short eJSTarget_UniversalBrowserWrite=1; const short eJSTarget_UniversalSendMail=2; @@ -53,26 +55,9 @@ interface nsIScriptSecurityManager : nsISupports const short eJSTarget_UniversalDialerAccess=7; const short eJSTarget_Max=8; - void NewJSPrincipals(in nsIURI aURL, in nsString aName, out nsIPrincipal aPrincipal); - void CheckScriptAccess(in nsIScriptContext cx, in voidStar obj, [const] in string prop, out boolean res); - void GetSubjectOriginURL(in JSContext cx, out string origin); - void GetObjectOriginURL(in JSContext cx, in JSObject obj, out string origin); - void CheckPermissions(in JSContext cx, in JSObject obj, in short target, out boolean res); - void GetContainerPrincipals(in JSContext cx, in JSObject container, out nsIPrincipal prin); + void CheckScriptAccess(in nsIScriptContext cx, in voidStar obj, + [const] in string prop, out boolean res); void CanAccessTarget(in JSContext cx, in short target, out boolean res); - void GetPrincipalsFromStackFrame(in JSContext cx, out JSPrincipals prins); -/* - void GetCompilationPrincipals(in nsIScriptContext cx, in nsIScriptGlobalObject go, in JSPrincipals prins, out JSPrincipals resultprins); - void CheckContainerAccess(in JSContext cx, in JSObject obj, in short target, out boolean res); - void SetContainerPrincipals(in JSContext cx, in JSObject container, in JSPrincipals prins); - void CanCaptureEvent(in JSContext cx, in JSFunction func, in JSObject eventTarget, out boolean res); - void SetExternalCapture(in JSContext cx, in JSPrincipals prins, in boolean abool); - void CheckSetParentSlot(in JSContext cx, in JSObject obj, in jsval aVp, out boolean res); - void SetDocumentDomain(in JSContext cx, in JSPrincipals prins, in nsString aNewDomain, out boolean res); - void DestroyPrincipalsList(in JSContext cx, in nsJSPrincipalsList list); - void RegisterPrincipals(in nsIScriptContext aContext, in nsIScriptGlobalObject aGlobal, in JSPrincipals principals, - in nsString aName, in nsString aSrc, out JSPrincipals aPrincipals); -*/ }; %{C++ diff --git a/mozilla/caps/include/nsCaps.h b/mozilla/caps/include/nsCaps.h index 5f36a570f9a..d1dc43871d7 100644 --- a/mozilla/caps/include/nsCaps.h +++ b/mozilla/caps/include/nsCaps.h @@ -64,9 +64,6 @@ nsCapsNewPrincipal(PRInt16 * principalType, void * key, PR_EXTERN(const char *) nsCapsPrincipalToString(nsIPrincipal * principal); -PR_EXTERN(PRBool) -nsCapsIsCodebaseExact(nsIPrincipal * principal); - PR_EXTERN(const char *) nsCapsPrincipalGetVendor(nsIPrincipal * principal); diff --git a/mozilla/caps/include/nsCodebasePrincipal.h b/mozilla/caps/include/nsCodebasePrincipal.h index e95105c6ee4..1ff2e5fd9de 100644 --- a/mozilla/caps/include/nsCodebasePrincipal.h +++ b/mozilla/caps/include/nsCodebasePrincipal.h @@ -30,25 +30,23 @@ class nsCodebasePrincipal : public nsICodebasePrincipal { public: + + NS_DEFINE_STATIC_CID_ACCESSOR(NS_CODEBASEPRINCIPAL_CID) + + NS_DECL_ISUPPORTS + NS_DECL_NSIPRINCIPAL + NS_DECL_NSICODEBASEPRINCIPAL + + nsCodebasePrincipal(); + + NS_IMETHOD + Init(nsIURI *uri); - NS_DEFINE_STATIC_CID_ACCESSOR(NS_CODEBASEPRINCIPAL_CID) - - NS_DECL_ISUPPORTS - NS_DECL_NSIPRINCIPAL - NS_DECL_NSICODEBASEPRINCIPAL - - nsCodebasePrincipal(); - - NS_IMETHOD - Init(PRInt16 type, nsIURI * uri); - - virtual ~nsCodebasePrincipal(void); - + virtual ~nsCodebasePrincipal(void); + protected: - nsIURI * itsURL; - PRInt16 itsType; - nsJSPrincipals itsJSPrincipals; - + nsIURI *itsURI; + nsJSPrincipals itsJSPrincipals; }; #endif // _NS_CODEBASE_PRINCIPAL_H_ diff --git a/mozilla/caps/include/nsJSPrincipals.h b/mozilla/caps/include/nsJSPrincipals.h index f6bbd0cc734..31f76ac572d 100644 --- a/mozilla/caps/include/nsJSPrincipals.h +++ b/mozilla/caps/include/nsJSPrincipals.h @@ -25,7 +25,7 @@ struct nsJSPrincipals : JSPrincipals { public: nsJSPrincipals(); - nsresult Init(nsIPrincipal * prin); + nsresult Init(char *prin); ~nsJSPrincipals(void); nsIPrincipal *nsIPrincipalPtr; diff --git a/mozilla/caps/include/nsPrincipalArray.h b/mozilla/caps/include/nsPrincipalArray.h index c349dc91f87..23e421f0d5a 100644 --- a/mozilla/caps/include/nsPrincipalArray.h +++ b/mozilla/caps/include/nsPrincipalArray.h @@ -57,8 +57,8 @@ public: PRUint32 HashValue(void) const { PRUint32 * code = 0; - itsPrincipal->HashCode(code); - return *code; + //itsPrincipal->HashCode(code); + return 0; } PRBool Equals(const nsHashKey * aKey) const { diff --git a/mozilla/caps/include/nsScriptSecurityManager.h b/mozilla/caps/include/nsScriptSecurityManager.h index deb62674859..fbf588ade2a 100644 --- a/mozilla/caps/include/nsScriptSecurityManager.h +++ b/mozilla/caps/include/nsScriptSecurityManager.h @@ -31,24 +31,35 @@ class nsScriptSecurityManager : public nsIScriptSecurityManager { public: - nsScriptSecurityManager(); - virtual ~nsScriptSecurityManager(); - - NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID) - - NS_DECL_ISUPPORTS - NS_DECL_NSISCRIPTSECURITYMANAGER - - static nsScriptSecurityManager * - GetScriptSecurityManager(); - + nsScriptSecurityManager(); + virtual ~nsScriptSecurityManager(); + + NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID) + + NS_DECL_ISUPPORTS + NS_DECL_NSISCRIPTSECURITYMANAGER + + static nsScriptSecurityManager * + GetScriptSecurityManager(); + private: - char * GetCanonicalizedOrigin(JSContext *cx, const char* aUrlString); - NS_IMETHOD GetOriginFromSourceURL(nsIURI * origin, char * * result); - PRBool SameOrigins(JSContext *aCx, const char* aOrigin1, const char* aOrigin2); - PRInt32 CheckForPrivilege(JSContext *cx, char *prop_name, int priv_code); - char* FindOriginURL(JSContext *aCx, JSObject *aGlobal); - char* AddSecPolicyPrefix(JSContext *cx, char *pref_str); - char* GetSitePolicy(const char *org); + NS_IMETHOD + GetSubjectPrincipal(JSContext *aCx, nsIPrincipal **result); + + NS_IMETHOD + GetObjectPrincipal(JSContext *aCx, JSObject *aObj, nsIPrincipal **result); + + NS_IMETHOD + CheckPermissions(JSContext *aCx, JSObject *aObj, PRInt16 aTarget, + PRBool* result); + PRInt32 + GetSecurityLevel(JSContext *cx, char *prop_name, int priv_code); + + char * + AddSecPolicyPrefix(JSContext *cx, char *pref_str); + + char * + GetSitePolicy(const char *org); }; + #endif /*_NS_SCRIPT_SECURITY_MANAGER_H_*/ diff --git a/mozilla/caps/src/nsCCapsManager.cpp b/mozilla/caps/src/nsCCapsManager.cpp index 8550b975ebf..975d2fa130c 100644 --- a/mozilla/caps/src/nsCCapsManager.cpp +++ b/mozilla/caps/src/nsCCapsManager.cpp @@ -55,9 +55,10 @@ nsCCapsManager::GetPrincipalManager(nsIPrincipalManager * * iprinMan) } NS_IMETHODIMP -nsCCapsManager::GetPrivilegeManager(nsIPrivilegeManager * * privMan) +nsCCapsManager::GetPrivilegeManager(nsIPrivilegeManager **privMan) { - * privMan = (nsIPrivilegeManager *)nsPrivilegeManager::GetPrivilegeManager(); + *privMan = (nsIPrivilegeManager *) + nsPrivilegeManager::GetPrivilegeManager(); return NS_OK; } diff --git a/mozilla/caps/src/nsCaps.cpp b/mozilla/caps/src/nsCaps.cpp index bc3116f5c3c..074b78efdfb 100644 --- a/mozilla/caps/src/nsCaps.cpp +++ b/mozilla/caps/src/nsCaps.cpp @@ -192,13 +192,6 @@ nsCapsPrincipalToString(class nsIPrincipal *principal) return prinStr; } -PR_IMPLEMENT(PRBool) -nsCapsIsCodebaseExact(class nsIPrincipal *principal) -{ - PRInt16 prinType; - principal->GetType(& prinType); - return (prinType == (PRInt16) nsIPrincipal::PrincipalType_CodebaseExact) ? PR_TRUE : PR_FALSE; -} /* PR_IMPLEMENT(const char *) nsCapsPrincipalGetVendor(class nsIPrincipal *principal) diff --git a/mozilla/caps/src/nsCertificatePrincipal.cpp b/mozilla/caps/src/nsCertificatePrincipal.cpp index 9113ef736ac..1ceb43d3bb1 100644 --- a/mozilla/caps/src/nsCertificatePrincipal.cpp +++ b/mozilla/caps/src/nsCertificatePrincipal.cpp @@ -66,40 +66,19 @@ nsCertificatePrincipal::GetFingerPrint(char * * fingerPrint) NS_IMETHODIMP -nsCertificatePrincipal::ToJSPrincipal(JSPrincipals * * jsprin) +nsCertificatePrincipal::GetJSPrincipals(JSPrincipals **jsprin) { // *jsprin = NS_STATIC_CAST(JSPrincipals *,this); return NS_OK; } -NS_IMETHODIMP -nsCertificatePrincipal::GetType(PRInt16 * type) -{ - type = & this->itsType; - return NS_OK; -} - -NS_IMETHODIMP -nsCertificatePrincipal::IsSecure(PRBool * result) -{ - *result = (this->itsType == (PRInt16)nsIPrincipal::PrincipalType_Unknown) ? PR_FALSE : PR_TRUE; - return NS_OK; -} - NS_IMETHODIMP nsCertificatePrincipal::ToString(char **result) { return NS_OK; } -NS_IMETHODIMP -nsCertificatePrincipal::HashCode(PRUint32 * code) -{ - code=0; - return NS_OK; -} - NS_IMETHODIMP nsCertificatePrincipal::Equals(nsIPrincipal * other, PRBool * result) { diff --git a/mozilla/caps/src/nsCodebasePrincipal.cpp b/mozilla/caps/src/nsCodebasePrincipal.cpp index 0fb12c58a11..c504ff7cfb4 100644 --- a/mozilla/caps/src/nsCodebasePrincipal.cpp +++ b/mozilla/caps/src/nsCodebasePrincipal.cpp @@ -15,128 +15,151 @@ * Copyright (C) 1998 Netscape Communications Corporation. All Rights * Reserved. */ -/* describes principals by thier orginating uris*/ +/* Describes principals by thier orginating uris */ #include "nsCodebasePrincipal.h" #include "nsIComponentManager.h" #include "nsIServiceManager.h" #include "nsIURL.h" +#include "nsCOMPtr.h" #include "nsXPIDLString.h" static NS_DEFINE_IID(kICodebasePrincipalIID, NS_ICODEBASEPRINCIPAL_IID); +static char gFileScheme[] = "file"; NS_IMPL_ISUPPORTS(nsCodebasePrincipal, kICodebasePrincipalIID); NS_IMETHODIMP -nsCodebasePrincipal::ToJSPrincipal(JSPrincipals * * jsprin) +nsCodebasePrincipal::GetJSPrincipals(JSPrincipals **jsprin) { - if (itsJSPrincipals.refcount == 0) { - NS_ADDREF(this); + if (itsJSPrincipals.nsIPrincipalPtr == nsnull) { + itsJSPrincipals.nsIPrincipalPtr = this; + NS_ADDREF(itsJSPrincipals.nsIPrincipalPtr); + // matching release in nsDestroyJSPrincipals } *jsprin = &itsJSPrincipals; + JSPRINCIPALS_HOLD(cx, *jsprin); return NS_OK; -/* - char * cb; - this->GetURLString(& cb); - * jsprin = NS_STATIC_CAST(JSPrincipals *,this); - (* jsprin)->codebase = PL_strdup(cb); - return NS_OK; - */ } NS_IMETHODIMP -nsCodebasePrincipal::GetURLString(char **cburl) +nsCodebasePrincipal::GetURI(nsIURI **uri) { - return itsURL->GetSpec(cburl); + *uri = itsURI; + NS_ADDREF(*uri); + return NS_OK; } NS_IMETHODIMP -nsCodebasePrincipal::GetURL(nsIURI * * url) +nsCodebasePrincipal::ToString(char **result) { - return itsURL->Clone(url); + // NB TODO + return NS_OK; } NS_IMETHODIMP -nsCodebasePrincipal::IsCodebaseExact(PRBool * result) +nsCodebasePrincipal::Equals(nsIPrincipal *other, PRBool *result) { - * result = (this->itsType == nsIPrincipal::PrincipalType_CodebaseExact) ? PR_TRUE : PR_FALSE; - return NS_OK; + *result = PR_FALSE; + if (this == other) { + *result = PR_TRUE; + return NS_OK; + } + nsCOMPtr otherCodebase; + if (!NS_SUCCEEDED(other->QueryInterface( + NS_GET_IID(nsICodebasePrincipal), + (void **) getter_AddRefs(otherCodebase)))) + { + *result = PR_FALSE; + return NS_OK; + } + nsCOMPtr otherURI; + if (!NS_SUCCEEDED(otherCodebase->GetURI(getter_AddRefs(otherURI)))) { + return NS_ERROR_FAILURE; + } + if (!itsURI || !NS_SUCCEEDED(otherURI->Equals(itsURI, result))) { + return NS_ERROR_FAILURE; + } + return NS_OK; } + NS_IMETHODIMP -nsCodebasePrincipal::IsCodebaseRegex(PRBool * result) +nsCodebasePrincipal::SameOrigin(nsIPrincipal *other, PRBool *result) { - * result = (itsType == nsIPrincipal::PrincipalType_CodebaseRegex) ? PR_TRUE : PR_FALSE; - return NS_OK; -} + *result = PR_FALSE; + if (this == other) { + *result = PR_TRUE; + return NS_OK; + } + nsCOMPtr otherCodebase; + if (!NS_SUCCEEDED(other->QueryInterface( + NS_GET_IID(nsICodebasePrincipal), + (void **) getter_AddRefs(otherCodebase)))) + { + return NS_OK; + } + nsCOMPtr otherURI; + if (!NS_SUCCEEDED(otherCodebase->GetURI(getter_AddRefs(otherURI)))) { + return NS_ERROR_FAILURE; + } + char *scheme1 = nsnull; + nsresult rv = otherURI->GetScheme(&scheme1); + char *scheme2 = nsnull; + if (NS_SUCCEEDED(rv)) + rv = itsURI->GetScheme(&scheme2); + if (NS_SUCCEEDED(rv) && PL_strcmp(scheme1, scheme2) == 0) { -NS_IMETHODIMP -nsCodebasePrincipal::GetType(PRInt16 * type) -{ - * type = itsType; - return NS_OK; -} - -NS_IMETHODIMP -nsCodebasePrincipal::IsSecure(PRBool * result) -{ -// if ((0 == memcmp("https:", itsKey, strlen("https:"))) || -// (0 == memcmp("file:", itsKey, strlen("file:")))) -// return PR_TRUE; - return PR_FALSE; -} - -NS_IMETHODIMP -nsCodebasePrincipal::ToString(char * * result) -{ - return NS_OK; -} - -NS_IMETHODIMP -nsCodebasePrincipal::HashCode(PRUint32 * code) -{ - (* code) = 0; - return NS_OK; -} - -NS_IMETHODIMP -nsCodebasePrincipal::Equals(nsIPrincipal * other, PRBool * result) -{ - PRInt16 oType = 0; - other->GetType(& oType); - (* result) = (itsType == oType) ? PR_TRUE : PR_FALSE; - if ((* result) != PR_TRUE) return NS_OK; - nsICodebasePrincipal * cbother; - nsXPIDLCString oCodebase, myCodebase; - other->QueryInterface(NS_GET_IID(nsICodebasePrincipal),(void * *)& cbother); - cbother->GetURLString(getter_Copies(oCodebase)); - this->GetURLString(getter_Copies(myCodebase)); - (* result) = (PL_strcmp(myCodebase, oCodebase) == 0) ? PR_TRUE : PR_FALSE; - return NS_OK; + if (PL_strcmp(scheme1, gFileScheme) == 0) { + // All file: urls are considered to have the same origin. + *result = PR_TRUE; + } else { + // Need to check the host + char *host1 = nsnull; + rv = otherURI->GetHost(&host1); + char *host2 = nsnull; + if (NS_SUCCEEDED(rv)) + rv = itsURI->GetHost(&host2); + *result = NS_SUCCEEDED(rv) && PL_strcmp(host1, host2) == 0; + if (*result) { + int port1; + rv = otherURI->GetPort(&port1); + int port2; + if (NS_SUCCEEDED(rv)) + rv = itsURI->GetPort(&port2); + *result = NS_SUCCEEDED(rv) && port1 == port2; + } + if (host1) nsCRT::free(host1); + if (host2) nsCRT::free(host2); + } + } + if (scheme1) nsCRT::free(scheme1); + if (scheme2) nsCRT::free(scheme2); + return NS_OK; } nsCodebasePrincipal::nsCodebasePrincipal() { - NS_INIT_ISUPPORTS(); - itsURL = nsnull; + NS_INIT_ISUPPORTS(); + itsURI = nsnull; } NS_IMETHODIMP -nsCodebasePrincipal::Init(PRInt16 type, nsIURI *uri) +nsCodebasePrincipal::Init(nsIURI *uri) { - nsresult result; - NS_ADDREF(this); - this->itsType = type; - if (!NS_SUCCEEDED(result = uri->Clone(&itsURL))) return result; - if (!NS_SUCCEEDED(result = itsJSPrincipals.Init(this))) { - NS_RELEASE(itsURL); - return result; - } - return NS_OK; + char *codebase; + if (!NS_SUCCEEDED(uri->GetSpec(&codebase))) + return NS_ERROR_FAILURE; + if (!NS_SUCCEEDED(itsJSPrincipals.Init(codebase))) + return NS_ERROR_FAILURE; + NS_ADDREF(this); + itsURI = uri; + NS_ADDREF(itsURI); + return NS_OK; } nsCodebasePrincipal::~nsCodebasePrincipal(void) { - if (itsURL) - NS_RELEASE(itsURL); + if (itsURI) + NS_RELEASE(itsURI); } diff --git a/mozilla/caps/src/nsJSPrincipals.cpp b/mozilla/caps/src/nsJSPrincipals.cpp index c08fcd617b3..07ef78415b7 100644 --- a/mozilla/caps/src/nsJSPrincipals.cpp +++ b/mozilla/caps/src/nsJSPrincipals.cpp @@ -21,25 +21,27 @@ #include "nsXPIDLString.h" PR_STATIC_CALLBACK(void *) -nsGetPrincipalArray(JSContext * cx, struct JSPrincipals * prin) { +nsGetPrincipalArray(JSContext *cx, struct JSPrincipals *prin) +{ return nsnull; } PR_STATIC_CALLBACK(JSBool) -nsGlobalPrivilegesEnabled(JSContext * cx , struct JSPrincipals *jsprin) { +nsGlobalPrivilegesEnabled(JSContext *cx , struct JSPrincipals *jsprin) +{ return JS_TRUE; } PR_STATIC_CALLBACK(void) -nsDestroyJSPrincipals(JSContext * cx, struct JSPrincipals * jsprin) { - nsJSPrincipals * nsjsprin = (nsJSPrincipals *)jsprin; - nsIPrincipal *p = nsjsprin->nsIPrincipalPtr; - NS_IF_RELEASE(p); +nsDestroyJSPrincipals(JSContext *cx, struct JSPrincipals *jsprin) { + nsJSPrincipals *nsjsprin = (nsJSPrincipals *)jsprin; + NS_IF_RELEASE(nsjsprin->nsIPrincipalPtr); // The nsIPrincipal that we release owns the JSPrincipal struct, // so we don't need to worry about "codebase" } -nsJSPrincipals::nsJSPrincipals() { +nsJSPrincipals::nsJSPrincipals() +{ codebase = nsnull; getPrincipalArray = nsGetPrincipalArray; globalPrivilegesEnabled = nsGlobalPrivilegesEnabled; @@ -49,20 +51,14 @@ nsJSPrincipals::nsJSPrincipals() { } nsresult -nsJSPrincipals::Init(nsIPrincipal * prin) { - nsXPIDLCString cb; - nsICodebasePrincipal * cbprin; - prin->QueryInterface(NS_GET_IID(nsICodebasePrincipal),(void * *)& cbprin); - cbprin->GetURLString(getter_Copies(cb)); - nsIPrincipalPtr = prin; - codebase = PL_strdup(cb); - if (!codebase) - return NS_ERROR_OUT_OF_MEMORY; - NS_ADDREF(nsIPrincipalPtr); +nsJSPrincipals::Init(char *aCodebase) +{ + codebase = aCodebase; return NS_OK; } -nsJSPrincipals::~nsJSPrincipals() { +nsJSPrincipals::~nsJSPrincipals() +{ if (codebase) PL_strfree(codebase); if (nsIPrincipalPtr) diff --git a/mozilla/caps/src/nsPrincipalManager.cpp b/mozilla/caps/src/nsPrincipalManager.cpp index 1b7c0f959d4..daa10358c51 100644 --- a/mozilla/caps/src/nsPrincipalManager.cpp +++ b/mozilla/caps/src/nsPrincipalManager.cpp @@ -104,7 +104,7 @@ nsPrincipalManager::CreateCodebasePrincipal(const char * codebaseURL, nsIURI * u nsCodebasePrincipal * codebasePrin; compMan->CreateInstance(NS_CODEBASEPRINCIPAL_PROGID, nsnull, NS_GET_IID(nsICodebasePrincipal),(void * *)& codebasePrin); if (codebasePrin == nsnull) return NS_ERROR_OUT_OF_MEMORY; - rv = codebasePrin->Init(nsIPrincipal::PrincipalType_CodebaseExact, url); + rv = codebasePrin->Init(url); if (!NS_SUCCEEDED(rv)) { NS_RELEASE(codebasePrin); return rv; @@ -116,9 +116,11 @@ nsPrincipalManager::CreateCodebasePrincipal(const char * codebaseURL, nsIURI * u NS_IMETHODIMP nsPrincipalManager::CreateCertificatePrincipal(const unsigned char * * certChain, PRUint32 * certChainLengths, PRUint32 noOfCerts, nsIPrincipal * * prin) { - * prin = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate,certChain, certChainLengths, noOfCerts); +#if 0 + * prin = new nsCertificatePrincipal(certChainLengths, noOfCerts); if (!prin) return NS_ERROR_OUT_OF_MEMORY; (* prin)->AddRef(); +#endif return NS_OK; } @@ -126,6 +128,7 @@ nsPrincipalManager::CreateCertificatePrincipal(const unsigned char * * certChain NS_IMETHODIMP nsPrincipalManager::CanExtendTrust(nsIPrincipalArray * from, nsIPrincipalArray * to, PRBool * result) { +#if 0 if ((from == NULL) || (to == NULL)) { * result = PR_FALSE; return NS_OK; @@ -163,6 +166,10 @@ nsPrincipalManager::CanExtendTrust(nsIPrincipalArray * from, nsIPrincipalArray * } * result = (codebaseCount == 1) ? PR_TRUE : PR_FALSE; return NS_OK; +#else + *result = PR_FALSE; + return NS_OK; +#endif } NS_IMETHODIMP @@ -371,10 +378,12 @@ nsPrincipalManager::Init() if(NS_FAILED(rv)) return rv; rv = compMgr->CreateInstance(NS_PRINCIPALARRAY_PROGID, nsnull,NS_GET_IID(nsIPrincipalArray), (void * *)& theUnknownPrincipalArray); if(NS_FAILED(rv)) return rv; +/* theUnsignedPrincipal = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate, UNSIGNED_PRINCIPAL_KEY); theUnsignedPrincipalArray->AddPrincipalArrayElement(theUnsignedPrincipal); theUnknownPrincipal = new nsCertificatePrincipal(nsIPrincipal::PrincipalType_Certificate, UNKNOWN_PRINCIPAL_KEY); theUnknownPrincipalArray->AddPrincipalArrayElement(theUnknownPrincipal); +*/ return NS_OK; } diff --git a/mozilla/caps/src/nsPrivilegeManager.cpp b/mozilla/caps/src/nsPrivilegeManager.cpp index a45bdfe35ec..d0cc01eb252 100755 --- a/mozilla/caps/src/nsPrivilegeManager.cpp +++ b/mozilla/caps/src/nsPrivilegeManager.cpp @@ -294,6 +294,9 @@ PRBool nsPrivilegeManager::EnablePrincipalPrivilegeHelper(nsIScriptContext * context, nsITarget *target, PRInt32 callerDepth, nsIPrincipal * preferredPrin, void * data, nsITarget *impersonator) { +#if 1 + return PR_FALSE; +#else nsIPrincipalArray* callerPrinArray; nsIPrincipal * useThisPrin = NULL; /* Get the registered target */ @@ -358,6 +361,7 @@ nsPrivilegeManager::EnablePrincipalPrivilegeHelper(nsIScriptContext * context, n PRBool result; AskPermission(useThisPrin, target, data,& result); return result; +#endif } diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 89df5a6f4c6..98e811f4849 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -26,6 +26,8 @@ #endif #include "nspr.h" #include "plstr.h" +#include "nsCOMPtr.h" +#include "nsJSPrincipals.h" #include "nsCRT.h" #include "nsXPIDLString.h" @@ -36,7 +38,9 @@ static NS_DEFINE_IID(kIScriptSecurityManagerIID, NS_ISCRIPTSECURITYMANAGER_IID); NS_IMPL_ISUPPORTS(nsScriptSecurityManager, kIScriptSecurityManagerIID); -static nsString gUnknownOriginStr("[unknown origin]"); +static char gUnknownOrigin[] = "[unknown origin]"; +static char gFileScheme[] = "file"; +static nsString gUnknownOriginStr(gUnknownOrigin); static nsString gFileUrlPrefix("file:"); static char accessErrorMessage[] = @@ -44,7 +48,7 @@ static char accessErrorMessage[] = nsScriptSecurityManager::nsScriptSecurityManager(void) { - NS_INIT_REFCNT(); + NS_INIT_REFCNT(); } nsScriptSecurityManager::~nsScriptSecurityManager(void) @@ -55,190 +59,226 @@ nsScriptSecurityManager::~nsScriptSecurityManager(void) nsScriptSecurityManager * nsScriptSecurityManager::GetScriptSecurityManager() { - static nsScriptSecurityManager * ssecMan = NULL; + static nsScriptSecurityManager *ssecMan = NULL; if (!ssecMan) ssecMan = new nsScriptSecurityManager(); return ssecMan; } -NS_IMETHODIMP -nsScriptSecurityManager::NewJSPrincipals(nsIURI *aURL, nsString *aName, - nsIPrincipal **result) -{ -// nsJSPrincipalsData * pdata; - PRBool needUnlock = PR_FALSE; -#ifdef CERT_PRINS - void *zip = nsnull; //ns_zip_t - if (aURL) { - char *fn = nsnull; - if (NET_IsLocalFileURL(archive->address)) { - char* pathPart = ParseURL(archive->address, GET_PATH_PART); - fn = WH_FileName(pathPart, xpURL); - PR_Free(pathPart); - } - else if (archive->cache_file && NET_ChangeCacheFileLock(archive, TRUE)) { - fn = WH_FileName(archive->cache_file, xpCache); - needUnlock = PR_TRUE; - } - if (fn) { -#ifdef XP_MAC - /* - * Unfortunately, ns_zip_open wants a Unix-style name. Convert - * Mac path to a Unix-style path. This code is copied from - * appletStubs.c. - */ - OSErr ConvertMacPathToUnixPath(const char *macPath, char **unixPath); - char *unixPath = nsnull; - if (ConvertMacPathToUnixPath(fn, &unixPath) == 0) - zip = ns_zip_open(unixPath); - PR_FREEIF(unixPath); -#else - zip = ns_zip_open(fn); -#endif - pdata->zip = zip; - PR_Free(fn); - } - } -#endif - nsresult rv; - nsXPIDLCString codebaseStr; - if (!NS_SUCCEEDED(rv = GetOriginFromSourceURL(aURL, getter_Copies(codebaseStr)))) - return rv; - if (!codebaseStr) { - return NS_ERROR_FAILURE; - } - NS_WITH_SERVICE(nsIPrincipalManager, prinMan, NS_PRINCIPALMANAGER_PROGID, &rv); - if (NS_SUCCEEDED(rv)) - rv = prinMan->CreateCodebasePrincipal(codebaseStr, aURL, result); - return rv; -} NS_IMETHODIMP nsScriptSecurityManager::CheckScriptAccess(nsIScriptContext *aContext, void *aObj, const char *aProp, PRBool *aResult) { - *aResult = PR_FALSE; - JSContext* cx = (JSContext*)aContext->GetNativeContext(); - PRInt32 secLevel = CheckForPrivilege(cx, (char *) aProp, nsnull); - switch (secLevel) { + *aResult = PR_FALSE; + JSContext *cx = (JSContext *)aContext->GetNativeContext(); + PRInt32 secLevel = GetSecurityLevel(cx, (char *) aProp, nsnull); + switch (secLevel) { case SCRIPT_SECURITY_ALL_ACCESS: - *aResult = PR_TRUE; - return NS_OK; + *aResult = PR_TRUE; + return NS_OK; case SCRIPT_SECURITY_SAME_DOMAIN_ACCESS: - return CheckPermissions(cx, (JSObject *) aObj, eJSTarget_Max, aResult); + return CheckPermissions(cx, (JSObject *) aObj, eJSTarget_Max, aResult); default: - // Default is no access - *aResult = PR_FALSE; - return NS_OK; - } + // Default is no access + *aResult = PR_FALSE; + return NS_OK; + } } NS_IMETHODIMP -nsScriptSecurityManager::GetSubjectOriginURL(JSContext *aCx, char * * aOrigin) +nsScriptSecurityManager::CanAccessTarget(JSContext *aCx, PRInt16 aTarget, + PRBool *aReturn) { -// Get origin from script of innermost interpreted frame. - JSPrincipals * principals; - JSStackFrame * fp; - JSScript * script; -#ifdef OJI - JSStackFrame * pFrameToStartLooking = *JVM_GetStartJSFrameFromParallelStack(); - JSStackFrame * pFrameToEndLooking = JVM_GetEndJSFrameFromParallelStack(pFrameToStartLooking); - if (pFrameToStartLooking == nsnull) { - pFrameToStartLooking = JS_FrameIterator(aCx,& pFrameToStartLooking); - if (pFrameToStartLooking == nsnull) { - // There are no frames or scripts at this point. - pFrameToEndLooking = nsnull; +#if 0 + JSPrincipals *principals; + *aReturn = PR_TRUE; + GetSubjectPrincipal(aCx, &principals); + if ((nsCapsGetRegistrationModeFlag()) && principals && + (NET_URL_Type(principals->codebase) == FILE_TYPE_URL)) + { + return NS_OK; + } else if (principals && !principals->globalPrivilegesEnabled(aCx, principals)) { + *aReturn = PR_FALSE; + } + // only if signed scripts + else if (!this->PrincipalsCanAccessTarget(aCx, aTarget)) { + *aReturn = PR_FALSE; } - } #else - JSStackFrame * pFrameToStartLooking = JS_FrameIterator(aCx, &fp); - JSStackFrame * pFrameToEndLooking = nsnull; + *aReturn = PR_FALSE; #endif - fp = pFrameToStartLooking; - while (fp != pFrameToEndLooking) { - script = JS_GetFrameScript(aCx, fp); - if (script) { - principals = JS_GetScriptPrincipals(aCx, script); - * aOrigin = principals ? (char *)principals->codebase : (char *)JS_GetScriptFilename(aCx, script); - return (* aOrigin) ? NS_OK : NS_ERROR_OUT_OF_MEMORY; - } - fp = JS_FrameIterator(aCx, &fp); - } + return NS_OK; +} + +NS_IMETHODIMP +nsScriptSecurityManager::GetSubjectPrincipal(JSContext *aCx, + nsIPrincipal **result) +{ + // Get principals from innermost frame of JavaScript or Java. + JSPrincipals *principals; + JSStackFrame *fp; + JSScript *script; #ifdef OJI - principals = JVM_GetJavaPrincipalsFromStack(pFrameToStartLooking); - if (principals) { - *aOrigin = principals->codebase; - return (* aOrigin) ? NS_OK : NS_ERROR_OUT_OF_MEMORY; - } + JSStackFrame *pFrameToStartLooking = + *JVM_GetStartJSFrameFromParallelStack(); + JSStackFrame *pFrameToEndLooking = + JVM_GetEndJSFrameFromParallelStack(pFrameToStartLooking); + if (pFrameToStartLooking == nsnull) { + pFrameToStartLooking = JS_FrameIterator(aCx, &pFrameToStartLooking); + if (pFrameToStartLooking == nsnull) { + // There are no frames or scripts at this point. + pFrameToEndLooking = nsnull; + } + } +#else + JSStackFrame *pFrameToStartLooking = JS_FrameIterator(aCx, &fp); + JSStackFrame *pFrameToEndLooking = nsnull; #endif - /* - * Not called from either JS or Java. We must be called - * from the interpreter. Get the origin from the decoder. - */ - // NB TODO: Does this ever happen? - return this->GetObjectOriginURL(aCx, ::JS_GetGlobalObject(aCx), aOrigin); + fp = pFrameToStartLooking; + while (fp != pFrameToEndLooking) { + script = JS_GetFrameScript(aCx, fp); + if (script) { + principals = JS_GetScriptPrincipals(aCx, script); + if (principals) { + nsJSPrincipals *nsJSPrin = (nsJSPrincipals *) principals; + *result = nsJSPrin->nsIPrincipalPtr; + NS_ADDREF(*result); + return NS_OK; + } else { + return NS_ERROR_FAILURE; + } + } + fp = JS_FrameIterator(aCx, &fp); + } +#ifdef OJI + principals = JVM_GetJavaPrincipalsFromStack(pFrameToStartLooking); + if (principals && principals->codebase) { + // create new principals + nsresult rv; + NS_WITH_SERVICE(nsIPrincipalManager, prinMan, + NS_PRINCIPALMANAGER_PROGID, &rv); + if (NS_SUCCEEDED(rv)) + rv = prinMan->CreateCodebasePrincipal(principals->codebase, + nsnull, result); + if (NS_SUCCEEDED(rv)) + return NS_OK; + } +#endif + // Couldn't find principals. + return NS_ERROR_FAILURE; } -NS_IMETHODIMP -nsScriptSecurityManager::GetObjectOriginURL(JSContext *aCx, JSObject *aObj, - char **aOrigin) -{ - nsresult rv; - JSObject *parent; - while (parent = ::JS_GetParent(aCx, aObj)) - aObj = parent; - nsIPrincipal *prin; - if (!NS_SUCCEEDED(rv = GetContainerPrincipals(aCx, aObj, & prin))) - return rv; - nsICodebasePrincipal *cbprin; - rv = prin->QueryInterface(NS_GET_IID(nsICodebasePrincipal), (void **) &cbprin); - if (!NS_SUCCEEDED(rv)) - return rv; - if (!NS_SUCCEEDED(rv = cbprin->GetURLString(aOrigin))) - return rv; - return (*aOrigin) ? NS_OK : NS_ERROR_OUT_OF_MEMORY; -} NS_IMETHODIMP -nsScriptSecurityManager::GetOriginFromSourceURL(nsIURI *url, char **result) +nsScriptSecurityManager::GetObjectPrincipal(JSContext *aCx, JSObject *aObj, + nsIPrincipal **result) { - nsXPIDLCString tempChars; - nsresult rv; - if (!NS_SUCCEEDED(rv = url->GetScheme(getter_Copies(tempChars)))) - return rv; - nsAutoString buffer(tempChars); - // NB TODO: what about file: urls and about:blank? - buffer.Append("://"); - if (!NS_SUCCEEDED(rv = url->GetHost(getter_Copies(tempChars)))) - return rv; - buffer.Append(tempChars); - if (!NS_SUCCEEDED(rv = url->GetPath(getter_Copies(tempChars)))) - return rv; - buffer.Append(tempChars); - if (buffer.Length() == 0 || buffer.EqualsIgnoreCase(gUnknownOriginStr)) + JSObject *parent; + while (parent = JS_GetParent(aCx, aObj)) + aObj = parent; + + nsISupports *supports = (nsISupports *) JS_GetPrivate(aCx, aObj); + nsCOMPtr globalData; + if (!supports || NS_FAILED(supports->QueryInterface( + NS_GET_IID(nsIScriptGlobalObjectData), + (void **) getter_AddRefs(globalData)))) + { return NS_ERROR_FAILURE; - *result = buffer.ToNewCString(); - return *result ? NS_OK : NS_ERROR_OUT_OF_MEMORY; + } + if (NS_FAILED(globalData->GetPrincipal(result))) { + return NS_ERROR_FAILURE; + } + NS_ADDREF(*result); + return NS_OK; } +NS_IMETHODIMP +nsScriptSecurityManager::CheckPermissions(JSContext *aCx, JSObject *aObj, + PRInt16 aTarget, PRBool* aReturn) +{ + nsCOMPtr subject; + if (NS_FAILED(GetSubjectPrincipal(aCx, getter_AddRefs(subject)))) + return NS_ERROR_FAILURE; + + nsCOMPtr object; + if (NS_FAILED(GetObjectPrincipal(aCx, aObj, getter_AddRefs(object)))) + return NS_ERROR_FAILURE; + + nsCOMPtr subjectCodebase; + if (NS_FAILED(subject->QueryInterface( + NS_GET_IID(nsICodebasePrincipal), + (void **) getter_AddRefs(subjectCodebase)))) + { + return NS_ERROR_FAILURE; + } + if (NS_FAILED(subjectCodebase->SameOrigin(object, aReturn))) + return NS_ERROR_FAILURE; + + if (*aReturn) + return NS_OK; + + /* + ** If we failed the origin tests it still might be the case that we + ** are a signed script and have permissions to do this operation. + ** Check for that here + */ + if (aTarget != eJSTarget_Max) { + PRBool canAccess; + CanAccessTarget(aCx, aTarget, &canAccess); + if (canAccess) { + *aReturn = PR_TRUE; + return NS_OK; + } + } + + nsCOMPtr uri; + if (NS_FAILED(subjectCodebase->GetURI(getter_AddRefs(uri)))) + return NS_ERROR_FAILURE; + + char *spec; + if (NS_FAILED(uri->GetSpec(&spec))) + return NS_ERROR_FAILURE; + + JS_ReportError(aCx, accessErrorMessage, spec); + nsCRT::free(spec); + *aReturn = PR_FALSE; + return NS_OK; +} + + PRInt32 -nsScriptSecurityManager::CheckForPrivilege(JSContext *cx, char *prop_name, - int priv_code) +nsScriptSecurityManager::GetSecurityLevel(JSContext *cx, char *prop_name, + int priv_code) { if (prop_name == nsnull) return SCRIPT_SECURITY_NO_ACCESS; char *tmp_prop_name = AddSecPolicyPrefix(cx, prop_name); if (tmp_prop_name == nsnull) return SCRIPT_SECURITY_NO_ACCESS; - PRInt32 secLevel = SCRIPT_SECURITY_NO_ACCESS; + PRInt32 secLevel; + char *secLevelString; nsIPref *mPrefs; nsServiceManager::GetService(kPrefServiceCID, NS_GET_IID(nsIPref), - (nsISupports**) &mPrefs); - if (NS_OK == mPrefs->GetIntPref(tmp_prop_name, &secLevel)) { + (nsISupports**) &mPrefs); + if (NS_SUCCEEDED(mPrefs->CopyCharPref(tmp_prop_name, &secLevelString)) && + secLevelString) + { PR_FREEIF(tmp_prop_name); + if (PL_strcmp(secLevelString, "sameOrigin") == 0) + secLevel = SCRIPT_SECURITY_SAME_DOMAIN_ACCESS; + else if (PL_strcmp(secLevelString, "all") == 0) + secLevel = SCRIPT_SECURITY_ALL_ACCESS; + else if (PL_strcmp(secLevelString, "none") == 0) + secLevel = SCRIPT_SECURITY_NO_ACCESS; + else + secLevel = SCRIPT_SECURITY_NO_ACCESS; + // NB TODO: what about signed scripts? + PR_Free(secLevelString); return secLevel; } + // If no preference is defined for this property, allow access. // This violates the rule of a safe default, but means we don't have // to specify the large majority of unchecked properties, only the @@ -247,357 +287,111 @@ nsScriptSecurityManager::CheckForPrivilege(JSContext *cx, char *prop_name, return SCRIPT_SECURITY_ALL_ACCESS; } -NS_IMETHODIMP -nsScriptSecurityManager::CheckPermissions(JSContext *aCx, JSObject *aObj, - PRInt16 aTarget, PRBool* aReturn) -{ - nsXPIDLCString subjectOrigin; - nsXPIDLCString objectOrigin; - nsresult rv = GetSubjectOriginURL(aCx, getter_Copies(subjectOrigin)); - if (!NS_SUCCEEDED(rv)) - return rv; - /* - ** Hold onto reference to the running decoder's principals - ** in case a call to GetObjectOriginURL ends up - ** dropping a reference due to an origin changing - ** underneath us. - */ - rv = GetObjectOriginURL(aCx, aObj, getter_Copies(objectOrigin)); - if (rv != NS_OK || !subjectOrigin || !objectOrigin) { - *aReturn = PR_FALSE; - return NS_OK; - } - /* Now see whether the origin methods and servers match. */ - if (this->SameOrigins(aCx, subjectOrigin, objectOrigin)) { - * aReturn = PR_TRUE; - return NS_OK; - } - /* - ** If we failed the origin tests it still might be the case that we - ** are a signed script and have permissions to do this operation. - ** Check for that here - */ - if (aTarget != eJSTarget_Max) { - PRBool canAccess; - this->CanAccessTarget(aCx, aTarget, &canAccess); - if (canAccess) { - *aReturn = PR_TRUE; - return NS_OK; - } - } - - JS_ReportError(aCx, accessErrorMessage, (const char*)subjectOrigin); - *aReturn = PR_FALSE; - return NS_OK; -} - -NS_IMETHODIMP -nsScriptSecurityManager::GetContainerPrincipals(JSContext *aCx, - JSObject *container, - nsIPrincipal **result) -{ - nsresult rv; - *result = nsnull; - - // Need to check that the origin hasn't changed underneath us - char *originUrl = FindOriginURL(aCx, container); - if (!originUrl) - return NS_ERROR_FAILURE; - nsISupports * tmp; - nsIScriptGlobalObjectData * globalData; - tmp = (nsISupports *)JS_GetPrivate(aCx, container); - if (tmp == nsnull || (rv = tmp->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void * *)& globalData)) != NS_OK) - { - delete originUrl; - return rv; - } - globalData->GetPrincipal(result); - if (* result) { - nsICodebasePrincipal * cbprin; - nsXPIDLCString cbStr; - (* result)->QueryInterface(NS_GET_IID(nsICodebasePrincipal),(void * *)& cbprin); - cbprin->GetURLString(getter_Copies(cbStr)); - if (this->SameOrigins(aCx, originUrl, cbStr)) { - delete originUrl; - return NS_OK; - } -#ifdef THREADING_ISSUES -// nsJSPrincipalsData * data; -// data = (nsJSPrincipalsData*)*aPrincipals; -// if (data->codebaseBeforeSettingDomain && -// this->SameOrigins(aCx, originUrl, data->codebaseBeforeSettingDomain)) { - /* document.domain was set, so principals are okay */ -// delete originUrl; -// return NS_OK; -// } - /* Principals have changed underneath us. Remove them. */ -// globalData->SetPrincipals(nsnull); -#endif - } - /* Create new principals and return them. */ - //why should we create a new principal, removing this -// nsAutoString originUrlStr(originUrl); -// if (!NS_SUCCEEDED(this->NewJSPrincipals(nsnull, nsnull, &originUrlStr, aPrincipals))) { -// delete originUrl; -// return NS_ERROR_FAILURE; -// } -// globalData->SetPrincipals((void*)*aPrincipals); - delete originUrl; - return NS_OK; -} - -PRBool -nsScriptSecurityManager::SameOrigins(JSContext * aCx, const char * aOrigin1, const char * aOrigin2) -{ - if ((aOrigin1 == nsnull) || (aOrigin2 == nsnull) || (PL_strlen(aOrigin1) == 0) || (PL_strlen(aOrigin2) == 0)) - return PR_FALSE; - // Shouldn't return true if both origin1 and origin2 are unknownOriginStr. - nsString * tmp = new nsString(aOrigin1); - if (gUnknownOriginStr.EqualsIgnoreCase(*tmp)) - { - delete tmp; - return PR_FALSE; - } - delete tmp; - if (PL_strcmp(aOrigin1, aOrigin2) == 0) return PR_TRUE; - nsString * cmp1 = new nsString(this->GetCanonicalizedOrigin(aCx, aOrigin1)); - nsString * cmp2 = new nsString(this->GetCanonicalizedOrigin(aCx, aOrigin2)); - - PRBool result = PR_FALSE; - // Either the strings are equal or they are both file: uris. - if (cmp1 && cmp2 && - (*cmp1 == *cmp2 || - (cmp1->Find(gFileUrlPrefix) == 0 && cmp2->Find(gFileUrlPrefix) == 0))) - { - result = PR_TRUE; - } - delete cmp1; - delete cmp2; - return result; -} - -char * -nsScriptSecurityManager::GetCanonicalizedOrigin(JSContext* aCx, const char * aUrlString) -{ - nsString * buffer; - nsIURL * url; - nsresult rv; - nsXPIDLCString tmp; - char * origin; - NS_WITH_SERVICE(nsIComponentManager, compMan,kComponentManagerCID,&rv); - if (!NS_SUCCEEDED(rv)) return nsnull; - rv = compMan->CreateInstance(kURLCID,NULL,NS_GET_IID(nsIURL),(void * *)& url); - if (!NS_SUCCEEDED(rv)) return nsnull; - rv = url->SetSpec((char*) aUrlString); - if (!NS_SUCCEEDED(rv)) return nsnull; - url->GetScheme(getter_Copies(tmp)); - buffer = new nsString(tmp); - url->GetHost(getter_Copies(tmp)); - // I dont understand this part enuf but shouldn't there be a separator here? - buffer->Append(tmp); - if (!buffer) { - JS_ReportOutOfMemory(aCx); - return nsnull; - } - origin = buffer->ToNewCString(); - delete buffer; - return origin; -} - -char* -nsScriptSecurityManager::FindOriginURL(JSContext * aCx, JSObject * aGlobal) -{ - nsISupports * tmp1, * tmp2; - nsIScriptGlobalObjectData* globalData = nsnull; - nsIURI *origin = nsnull; - tmp1 = (nsISupports *)JS_GetPrivate(aCx, aGlobal); - if (nsnull != tmp1 && - NS_OK == tmp1->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void**)&globalData)) { - globalData->GetOrigin(&origin); - } - if (origin == nsnull) { - // does this ever happen? - /* Must be a new, empty window? Use running origin. */ - tmp2 = (nsISupports*)JS_GetPrivate(aCx, JS_GetGlobalObject(aCx)); - /* Compare running and current to avoid infinite recursion. */ - if (tmp1 == tmp2) { - nsAutoString urlString = "[unknown origin]"; - NS_IF_RELEASE(globalData); - return urlString.ToNewCString(); - } else if (nsnull != tmp2 && NS_OK == tmp2->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void**)&globalData)) { - globalData->GetOrigin(&origin); - } - } - if (origin != nsnull) { - nsXPIDLCString spec; - origin->GetSpec(getter_Copies(spec)); - nsAutoString urlString(spec); - NS_IF_RELEASE(globalData); - return urlString.ToNewCString(); - } - NS_IF_RELEASE(globalData); - - // return an empty string - nsAutoString urlString(""); - return urlString.ToNewCString(); -} char * nsScriptSecurityManager::AddSecPolicyPrefix(JSContext *cx, char *pref_str) { - const char *subjectOrigin = "";//GetSubjectOriginURL(cx); - char *policy_str, *retval = 0; - if ((policy_str = this->GetSitePolicy(subjectOrigin)) == 0) { - /* No site-specific policy. Get global policy name. */ - nsIPref * mPrefs; - nsServiceManager::GetService(kPrefServiceCID,NS_GET_IID(nsIPref), (nsISupports**)&mPrefs); - if (NS_OK != mPrefs->CopyCharPref("javascript.security_policy", &policy_str)) - policy_str = PL_strdup("default"); - } - if (policy_str) { //why can't this be default? && PL_strcasecmp(policy_str, "default") != 0) { - retval = PR_sprintf_append(NULL, "js_security.%s.%s", policy_str, pref_str); - PR_Free(policy_str); - } - - return retval; -} - -NS_IMETHODIMP -nsScriptSecurityManager::CanAccessTarget(JSContext *aCx, PRInt16 aTarget, PRBool* aReturn) -{ - JSPrincipals *principals; - * aReturn = PR_TRUE; - this->GetPrincipalsFromStackFrame(aCx, &principals); -#if 0 - if ((nsCapsGetRegistrationModeFlag()) && principals && (NET_URL_Type(principals->codebase) == FILE_TYPE_URL)) { - return NS_OK; - } - else -#endif - if (principals && !principals->globalPrivilegesEnabled(aCx, principals)) { - *aReturn = PR_FALSE; - } -#if 0 - // only if signed scripts - else if (!this->PrincipalsCanAccessTarget(aCx, aTarget)) { - *aReturn = PR_FALSE; - } -#else - *aReturn = PR_FALSE; -#endif - return NS_OK; -} - -NS_IMETHODIMP -nsScriptSecurityManager::GetPrincipalsFromStackFrame(JSContext *aCx, JSPrincipals** aPrincipals) -{ -//* Get principals from script of innermost interpreted frame. - JSStackFrame * fp; - JSScript * script; -#ifdef OJI - JSStackFrame * pFrameToStartLooking = *JVM_GetStartJSFrameFromParallelStack(); - JSStackFrame * pFrameToEndLooking = JVM_GetEndJSFrameFromParallelStack(pFrameToStartLooking); - if (pFrameToStartLooking == nsnull) { - pFrameToStartLooking = JS_FrameIterator(aCx, &pFrameToStartLooking); - if (pFrameToStartLooking == nsnull) { - /* - ** There are no frames or scripts at this point. - */ - pFrameToEndLooking = nsnull; + const char *subjectOrigin = "";//GetSubjectOriginURL(cx); + char *policy_str, *retval = 0; + if ((policy_str = GetSitePolicy(subjectOrigin)) == 0) { + /* No site-specific policy. Get global policy name. */ + nsIPref * mPrefs; + nsServiceManager::GetService(kPrefServiceCID,NS_GET_IID(nsIPref), (nsISupports**)&mPrefs); + if (NS_OK != mPrefs->CopyCharPref("javascript.security_policy", &policy_str)) + policy_str = PL_strdup("default"); } - } -#else - JSStackFrame * pFrameToStartLooking = JS_FrameIterator(aCx, &fp); - JSStackFrame * pFrameToEndLooking = nsnull; -#endif - - fp = pFrameToStartLooking; - while ((fp = JS_FrameIterator(aCx, &fp)) != pFrameToEndLooking) { - script = JS_GetFrameScript(aCx, fp); - if (script) { - * aPrincipals = JS_GetScriptPrincipals(aCx, script); - return NS_OK; + if (policy_str) { //why can't this be default? && PL_strcasecmp(policy_str, "default") != 0) { + retval = PR_sprintf_append(NULL, "security.policy.%s.%s", policy_str, pref_str); + PR_Free(policy_str); } - } -#ifdef OJI - * aPrincipals = JVM_GetJavaPrincipalsFromStack(pFrameToStartLooking); - return NS_OK; -#endif - * aPrincipals = nsnull; - return NS_OK; + + return retval; } + char * nsScriptSecurityManager::GetSitePolicy(const char *org) { - char *sitepol, *sp, *nextsp, *orghost = 0, *retval = 0, *prot, *bar, *end, *match = 0; - int splen, matlen; - nsIURL * url; - nsresult rv; - nsIPref * mPrefs; - NS_WITH_SERVICE(nsIComponentManager, compMan,kComponentManagerCID,&rv); - if (!NS_SUCCEEDED(rv)) return nsnull; - rv = compMan->CreateInstance(kURLCID,NULL,NS_GET_IID(nsIURL),(void**)&url); - if (!NS_SUCCEEDED(rv)) return nsnull; - nsServiceManager::GetService(kPrefServiceCID,NS_GET_IID(nsIPref), (nsISupports * *)& mPrefs); - if (NS_OK != mPrefs->CopyCharPref("js_security.site_policy", &sitepol)) return 0; - /* Site policy comprises text of the form site1-policy,site2-policy,siteNpolicy - * where each site-policy is site|policy and policy is presumed to be one of strict/moderate/default - * site may be either a URL or a hostname. In the former case we do a prefix match with the origin URL; in the latter case - * we just compare hosts. Process entry by entry. Take longest match, to account for - * cases like: * http://host/|moderate,http://host/dir/|strict - */ - for (sp = sitepol; sp != 0; sp = nextsp) { - if ((nextsp = strchr(sp, ',')) != 0) *nextsp++ = '\0'; - if ((bar = strchr(sp, '|')) == 0) continue; /* no | for this entry */ - *bar = '\0'; - /* Isolate host, then policy. */ - sp += strspn(sp, " "); /* skip leading spaces */ - end = sp + strcspn(sp, " |"); /* skip up to space or | */ - *end = '\0'; - if ((splen = end-sp) == 0) continue; /* no URL or hostname */ - /* Check whether this is long enough. */ - if (match != 0 && matlen >= splen) continue; /* Nope. New shorter than old. */ - /* Check which case, URL or hostname, we're dealing with. */ - rv = url->SetSpec(sp); - if (!NS_SUCCEEDED(rv)) return nsnull; - url->GetScheme(& prot); - if (prot != 0 && *prot != '\0') { - /* URL case. Do prefix match, make sure we're at proper boundaries. */ - if (PL_strncmp(org, sp, splen) != 0 || (org[splen] != '\0' /* exact match */ - && sp[splen-1] != '/' /* site policy ends with / */ - && org[splen] != '/' /* site policy doesn't, but org does */ - )) { - nsCRT::free(prot); - continue; /* no match */ - } + char *sitepol, *sp, *nextsp, *orghost = 0, *retval = 0, *prot, *bar, *end, *match = 0; + int splen, matlen; + nsIURL *url; + nsresult rv; + nsIPref *mPrefs; + NS_WITH_SERVICE(nsIComponentManager, compMan, kComponentManagerCID, &rv); + if (NS_FAILED(rv)) + return nsnull; + rv = compMan->CreateInstance(kURLCID,NULL, NS_GET_IID(nsIURL), (void**) &url); + if (NS_FAILED(rv)) + return nsnull; + nsServiceManager::GetService(kPrefServiceCID, NS_GET_IID(nsIPref), + (nsISupports **) &mPrefs); + if (NS_OK != mPrefs->CopyCharPref("security.policy.site_policy", &sitepol)) + return nsnull; + /* Site policy comprises text of the form site1-policy,site2-policy,siteNpolicy + * where each site-policy is site|policy and policy is presumed to be one of strict/moderate/default + * site may be either a URL or a hostname. In the former case we do a prefix match with the origin URL; in the latter case + * we just compare hosts. Process entry by entry. Take longest match, to account for + * cases like: * http://host/|moderate,http://host/dir/|strict + */ + for (sp = sitepol; sp != 0; sp = nextsp) { + if ((nextsp = strchr(sp, ',')) != 0) *nextsp++ = '\0'; + if ((bar = strchr(sp, '|')) == 0) + continue; /* no | for this entry */ + *bar = '\0'; + /* Isolate host, then policy. */ + sp += strspn(sp, " "); /* skip leading spaces */ + end = sp + strcspn(sp, " |"); /* skip up to space or | */ + *end = '\0'; + if ((splen = end-sp) == 0) + continue; /* no URL or hostname */ + /* Check whether this is long enough. */ + if (match != 0 && matlen >= splen) + continue; /* Nope. New shorter than old. */ + /* Check which case, URL or hostname, we're dealing with. */ + rv = url->SetSpec(sp); + if (NS_FAILED(rv)) + return nsnull; + url->GetScheme(& prot); + if (prot != 0 && *prot != '\0') { + /* URL case. Do prefix match, make sure we're at proper boundaries. */ + if (PL_strncmp(org, sp, splen) != 0 || (org[splen] != '\0' /* exact match */ + && sp[splen-1] != '/' /* site policy ends with / */ + && org[splen] != '/' /* site policy doesn't, but org does */ + )) + { + nsCRT::free(prot); + continue; /* no match */ + } + } else { + /* Host-only case. */ + PR_FREEIF(prot); + rv = url->SetSpec((char *)org); + if (NS_FAILED(rv)) + return nsnull; + url->GetHost(& orghost); + if (orghost == 0) + return nsnull; /* out of mem */ + if (PL_strcasecmp(orghost, sp) != 0) + continue; /* no match */ + } + /* Had a match. Remember policy and length of host/URL match. */ + match = bar; + matlen = splen; } - else { - /* Host-only case. */ - PR_FREEIF(prot); - rv = url->SetSpec((char *)org); - if (!NS_SUCCEEDED(rv)) return nsnull; - url->GetHost(& orghost); - if (orghost == 0) return 0; /* out of mem */ - if (PL_strcasecmp(orghost, sp) != 0) continue; /* no match */ + if (match != 0) { + /* Longest hostname or URL match. Get policy. + ** match points to |. + ** Skip spaces after | and after policy name. + */ + ++match; + sp = match + strspn(match, " "); + end = sp + strcspn(sp, " "); + *end = '\0'; + if (sp != end) + retval = PL_strdup(sp); } - /* Had a match. Remember policy and length of host/URL match. */ - match = bar; - matlen = splen; - } - if (match != 0) { - /* Longest hostname or URL match. Get policy. - ** match points to |. - ** Skip spaces after | and after policy name. - */ - ++match; - sp = match + strspn(match, " "); - end = sp + strcspn(sp, " "); - *end = '\0'; - if (sp != end) retval = PL_strdup(sp); - } - - nsCRT::free(orghost); - PR_FREEIF(sitepol); - return retval; + + nsCRT::free(orghost); + PR_FREEIF(sitepol); + return retval; } diff --git a/mozilla/caps/src/nsTarget.cpp b/mozilla/caps/src/nsTarget.cpp index a913109e073..52163a6ad9a 100755 --- a/mozilla/caps/src/nsTarget.cpp +++ b/mozilla/caps/src/nsTarget.cpp @@ -946,7 +946,7 @@ NS_IMETHODIMP nsTarget::HashCode(PRUint32 * code) { PRUint32 prinCode = 0; - if (itsPrincipal != NULL) itsPrincipal->HashCode(& prinCode); + //if (itsPrincipal != NULL) itsPrincipal->HashCode(& prinCode); * code = PL_HashString(itsName) + prinCode; return NS_OK; } diff --git a/mozilla/caps/src/nsUserTarget.cpp b/mozilla/caps/src/nsUserTarget.cpp index bad36c9d9d1..a45c46747d3 100755 --- a/mozilla/caps/src/nsUserTarget.cpp +++ b/mozilla/caps/src/nsUserTarget.cpp @@ -46,8 +46,7 @@ nsUserTarget::~nsUserTarget(void) NS_IMETHODIMP nsUserTarget::EnablePrivilege(nsIPrincipal * prin, void * data, nsIPrivilege * * result) { - PRInt16 prinType; - prin->GetType(& prinType); +#if 0 PRInt16 privState = nsIPrivilege::PrivilegeState_Allowed; PRInt16 privDuration = nsIPrivilege::PrivilegeDuration_Session; if ((nsCapsGetRegistrationModeFlag()) && (prin != NULL)) { @@ -59,5 +58,6 @@ nsUserTarget::EnablePrivilege(nsIPrincipal * prin, void * data, nsIPrivilege * * } } * result = nsPrivilegeManager::FindPrivilege(privState, privDuration); +#endif return NS_OK; } diff --git a/mozilla/chrome/src/nsChromeProtocolHandler.cpp b/mozilla/chrome/src/nsChromeProtocolHandler.cpp index 5fd3250a8db..8437f2858af 100644 --- a/mozilla/chrome/src/nsChromeProtocolHandler.cpp +++ b/mozilla/chrome/src/nsChromeProtocolHandler.cpp @@ -23,7 +23,10 @@ #include "nsIComponentManager.h" #include "nsIServiceManager.h" #include "nsIIOService.h" +#include "nsIChannel.h" #include "nsIChromeRegistry.h" +#include "nsCOMPtr.h" +#include "nsIPrincipalManager.h" static NS_DEFINE_CID(kStandardURLCID, NS_STANDARDURL_CID); static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID); @@ -170,6 +173,23 @@ nsChromeProtocolHandler::NewChannel(const char* verb, nsIURI* uri, rv = serv->NewChannelFromURI(verb, chromeURI, aGroup, eventSinkGetter, result); + + // Create a special principal for chrome and set the creator property + // of the result + if (NS_SUCCEEDED(rv)) { + NS_WITH_SERVICE(nsIPrincipalManager, prinMan, + NS_PRINCIPALMANAGER_PROGID, &rv); + if (NS_FAILED(rv)) + return NS_ERROR_FAILURE; + nsCOMPtr principal; + if (NS_FAILED(prinMan->CreateCodebasePrincipal(nsnull, chromeURI, + getter_AddRefs(principal)))) + { + return NS_ERROR_FAILURE; + } + (*result)->SetPrincipal(principal); + } + NS_RELEASE(chromeURI); return rv; } diff --git a/mozilla/content/base/public/nsIDocument.h b/mozilla/content/base/public/nsIDocument.h index 67032c4f60c..0198c465f04 100644 --- a/mozilla/content/base/public/nsIDocument.h +++ b/mozilla/content/base/public/nsIDocument.h @@ -53,6 +53,7 @@ class nsILineBreaker; class nsIWordBreaker; class nsIDOMSelection; class nsIChannel; +class nsIPrincipal; // IID for the nsIDocument interface #define NS_IDOCUMENT_IID \ @@ -108,6 +109,11 @@ public: */ virtual nsIURI* GetDocumentURL() const = 0; + /** + * Return the principal responsible for this document. + */ + virtual nsIPrincipal* GetDocumentPrincipal() const = 0; + /** * Return the LoadGroup for the document. May return null. */ diff --git a/mozilla/content/base/src/nsDocument.cpp b/mozilla/content/base/src/nsDocument.cpp index bfa0c822f4c..49d153a7f4a 100644 --- a/mozilla/content/base/src/nsDocument.cpp +++ b/mozilla/content/base/src/nsDocument.cpp @@ -891,6 +891,7 @@ nsDocument::Reset(nsIURI *aURL) #ifdef NECKO (void)aChannel->GetURI(&mDocumentURL); + aChannel->GetPrincipal(&mPrincipal); // (void)aChannel->GetLoadGroup(&mDocumentLoadGroup); mDocumentLoadGroup = aLoadGroup; NS_ADDREF(mDocumentLoadGroup); @@ -939,6 +940,12 @@ nsIURI* nsDocument::GetDocumentURL() const return mDocumentURL; } +nsIPrincipal* nsDocument::GetDocumentPrincipal() const +{ + NS_IF_ADDREF(mPrincipal); + return mPrincipal; +} + NS_IMETHODIMP nsDocument::GetContentType(nsString& aContentType) const { diff --git a/mozilla/content/base/src/nsDocument.h b/mozilla/content/base/src/nsDocument.h index ab549013c45..739fd7c7c1a 100644 --- a/mozilla/content/base/src/nsDocument.h +++ b/mozilla/content/base/src/nsDocument.h @@ -32,6 +32,7 @@ #include "nsIJSScriptObject.h" #include "nsIContent.h" #include "nsGenericDOMNodeList.h" +#include "nsIPrincipal.h" class nsIEventListenerManager; class nsDOMStyleSheetCollection; @@ -134,6 +135,11 @@ public: */ virtual nsIURI* GetDocumentURL() const; + /** + * Return the principal responsible for this document. + */ + virtual nsIPrincipal* GetDocumentPrincipal() const; + /** * Return the content (mime) type of this document. */ @@ -449,6 +455,7 @@ protected: nsIArena* mArena; nsString* mDocumentTitle; nsIURI* mDocumentURL; + nsIPrincipal* mPrincipal; nsILoadGroup* mDocumentLoadGroup; nsString mCharacterSet; nsIDocument* mParentDocument; diff --git a/mozilla/content/events/src/nsEventListenerManager.cpp b/mozilla/content/events/src/nsEventListenerManager.cpp index 29796e9795a..9c02cb960fb 100644 --- a/mozilla/content/events/src/nsEventListenerManager.cpp +++ b/mozilla/content/events/src/nsEventListenerManager.cpp @@ -433,8 +433,8 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte JSObject *mScriptObject; nsIScriptGlobalObject *global; nsIScriptGlobalObjectData *globalData; - nsIPrincipal * prin = nsnull; - JSPrincipals * jsprin = nsnull; + nsIPrincipal *prin = nsnull; + JSPrincipals *jsprin = nsnull; global = aContext->GetGlobalObject(); if (global && NS_SUCCEEDED(global->QueryInterface(kIScriptGlobalObjectDataIID, (void**)&globalData))) { if (NS_FAILED(globalData->GetPrincipal(& prin))) { @@ -442,12 +442,12 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte NS_RELEASE(globalData); return NS_ERROR_FAILURE; } - prin->ToJSPrincipal(& jsprin); + prin->GetJSPrincipals(&jsprin); NS_RELEASE(globalData); } NS_IF_RELEASE(global); + JSContext *mJSContext = (JSContext*)aContext->GetNativeContext(); if (NS_OK == aScriptObjectOwner->GetScriptObject(aContext, (void**)&mScriptObject)) { - JSContext* mJSContext = (JSContext*)aContext->GetNativeContext(); nsString mName, mLowerName; char* mCharName; aName->ToString(mName); @@ -457,9 +457,12 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte JS_CompileUCFunctionForPrincipals(mJSContext, mScriptObject, jsprin, mCharName, 1, mEventArgv, (jschar*)aFunc.GetUnicode(), aFunc.Length(), nsnull, 0); delete[] mCharName; + JSPRINCIPALS_DROP(mJSContext, jsprin); return SetJSEventListener(aContext, mScriptObject, aIID); } } + if (jsprin) + JSPRINCIPALS_DROP(mJSContext, jsprin); return NS_ERROR_FAILURE; } diff --git a/mozilla/content/xul/document/src/nsXULDocument.cpp b/mozilla/content/xul/document/src/nsXULDocument.cpp index f958570f2ba..1f291e01327 100644 --- a/mozilla/content/xul/document/src/nsXULDocument.cpp +++ b/mozilla/content/xul/document/src/nsXULDocument.cpp @@ -61,6 +61,7 @@ #include "nsIParser.h" #include "nsIPresContext.h" #include "nsIPresShell.h" +#include "nsIPrincipal.h" #include "nsIContentViewer.h" #include "nsIRDFCompositeDataSource.h" #include "nsIRDFContainerUtils.h" @@ -438,6 +439,8 @@ public: virtual nsIURI* GetDocumentURL() const; + virtual nsIPrincipal* GetDocumentPrincipal() const; + virtual nsILoadGroup* GetDocumentLoadGroup() const; NS_IMETHOD GetBaseURL(nsIURI*& aURL) const; @@ -765,6 +768,7 @@ protected: nsAutoString mDocumentTitle; nsCOMPtr mDocumentURL; // [OWNER] ??? compare with loader nsCOMPtr mDocumentLoadGroup; // [OWNER] leads to loader + nsCOMPtr mDocumentPrincipal; // [OWNER] nsCOMPtr mRootResource; // [OWNER] nsCOMPtr mRootContent; // [OWNER] nsIDocument* mParentDocument; // [WEAK] @@ -1130,6 +1134,10 @@ XULDocumentImpl::PrepareToLoad( nsCOMPtr* created_parser, mDocumentTitle.Truncate(); mDocumentURL = syntheticURL; + + rv = aChannel->GetPrincipal(getter_AddRefs(mDocumentPrincipal)); + if (NS_FAILED(rv)) return rv; + #ifdef NECKO mDocumentLoadGroup = aLoadGroup; #else @@ -1345,6 +1353,15 @@ XULDocumentImpl::GetDocumentURL() const return result; } +nsIPrincipal* +XULDocumentImpl::GetDocumentPrincipal() const +{ + nsIPrincipal* result = mDocumentPrincipal; + NS_IF_ADDREF(result); + return result; +} + + nsILoadGroup* XULDocumentImpl::GetDocumentLoadGroup() const { diff --git a/mozilla/dom/macbuild/dom.toc b/mozilla/dom/macbuild/dom.toc index 7a388cb2fd9..ae1c2b752fb 100644 --- a/mozilla/dom/macbuild/dom.toc +++ b/mozilla/dom/macbuild/dom.toc @@ -4,7 +4,6 @@ mozilla/dom/src/base/nsGlobalWindow.cpp mozilla/dom/src/base/nsJSEnvironment.cpp mozilla/dom/src/base/nsJSLocation.cpp mozilla/dom/src/base/nsJSNavigator.cpp -mozilla/dom/src/base/nsJSSecurityManager.cpp mozilla/dom/src/base/nsJSUtils.cpp mozilla/dom/src/base/nsJSWindow.cpp mozilla/dom/src/base/nsJSWindowCollection.cpp diff --git a/mozilla/dom/public/nsIScriptGlobalObjectData.h b/mozilla/dom/public/nsIScriptGlobalObjectData.h index 58b227975ba..7cf5f92af37 100644 --- a/mozilla/dom/public/nsIScriptGlobalObjectData.h +++ b/mozilla/dom/public/nsIScriptGlobalObjectData.h @@ -35,9 +35,8 @@ public: NS_DEFINE_STATIC_IID_ACCESSOR(NS_ISCRIPTGLOBALOBJECTDATA_IID) - NS_IMETHOD GetPrincipal(nsIPrincipal * * aPrincipal) = 0; - NS_IMETHOD SetPrincipal(nsIPrincipal * aPrincipal) = 0; - NS_IMETHOD GetOrigin(nsIURI * * aOrigin) = 0; + NS_IMETHOD GetPrincipal(nsIPrincipal **aPrincipal) = 0; + NS_IMETHOD SetPrincipal(nsIPrincipal *aPrincipal) = 0; }; #endif //nsIScriptGlobalObjectData_h__ diff --git a/mozilla/dom/src/base/Makefile.in b/mozilla/dom/src/base/Makefile.in index b3196e0647c..f17c9aba394 100644 --- a/mozilla/dom/src/base/Makefile.in +++ b/mozilla/dom/src/base/Makefile.in @@ -38,7 +38,6 @@ CPPSRCS = \ nsGlobalWindow.cpp \ nsLocation.cpp \ nsDOMWindowList.cpp \ - nsJSSecurityManager.cpp \ nsJSUtils.cpp \ nsScreen.cpp \ nsJSScreen.cpp \ diff --git a/mozilla/dom/src/base/makefile.win b/mozilla/dom/src/base/makefile.win index 04e2bc84856..b7c5934dfd5 100644 --- a/mozilla/dom/src/base/makefile.win +++ b/mozilla/dom/src/base/makefile.win @@ -33,7 +33,6 @@ CPPSRCS = \ nsGlobalWindow.cpp \ nsLocation.cpp \ nsDOMWindowList.cpp \ - nsJSSecurityManager.cpp \ nsJSUtils.cpp \ nsScreen.cpp \ nsJSScreen.cpp \ @@ -64,7 +63,6 @@ CPP_OBJS= \ .\$(OBJDIR)\nsJSLocation.obj \ .\$(OBJDIR)\nsDOMWindowList.obj \ .\$(OBJDIR)\nsJSWindowCollection.obj \ - .\$(OBJDIR)\nsJSSecurityManager.obj \ .\$(OBJDIR)\nsJSUtils.obj \ .\$(OBJDIR)\nsScreen.obj \ .\$(OBJDIR)\nsJSScreen.obj \ diff --git a/mozilla/dom/src/base/nsGlobalWindow.cpp b/mozilla/dom/src/base/nsGlobalWindow.cpp index c68b7dfb469..46635bec5eb 100644 --- a/mozilla/dom/src/base/nsGlobalWindow.cpp +++ b/mozilla/dom/src/base/nsGlobalWindow.cpp @@ -83,6 +83,8 @@ static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID); #include "nsMimeTypeArray.h" #include "nsPluginArray.h" +#include "nsIPrincipalManager.h" + #include "jsapi.h" static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID); @@ -1694,11 +1696,12 @@ GlobalWindowImpl::RunTimeout(nsTimeoutImpl *aTimeout) timeout->lineno, nsAutoString(""), &isundefined); #endif JSPrincipals * jsprin; - timeout->principal->ToJSPrincipal(& jsprin); + timeout->principal->GetJSPrincipals(&jsprin); JS_EvaluateUCScriptForPrincipals(cx, (JSObject *)mScriptObject, jsprin, JS_GetStringChars(timeout->expr), JS_GetStringLength(timeout->expr), timeout->filename, timeout->lineno, &result); + JSPRINCIPALS_DROP(cx, jsprin); } else { PRInt64 lateness64; @@ -1816,7 +1819,7 @@ GlobalWindowImpl::SetTimeoutOrInterval(JSContext *cx, PRInt64 now, delta; nsIPrincipal * principal; - if (NS_FAILED(GetPrincipal(& principal))) { + if (NS_FAILED(GetPrincipal(&principal))) { return NS_ERROR_FAILURE; } if (argc < 2) { @@ -2916,91 +2919,45 @@ GlobalWindowImpl::ReleaseEvent(const nsString& aType) } NS_IMETHODIMP -GlobalWindowImpl::GetPrincipal(nsIPrincipal * * prin) +GlobalWindowImpl::GetPrincipal(nsIPrincipal **result) { if (!mPrincipal) { - if (mContext) { - nsIScriptSecurityManager * secMan = nsnull; - mContext->GetSecurityManager(&secMan); - if (secMan) { - nsIURI * origin; - if (NS_SUCCEEDED(this->GetOrigin(& origin))) secMan->NewJSPrincipals(origin, nsnull, & mPrincipal); - NS_RELEASE(secMan); - } + nsCOMPtr doc; + if (!mDocument || NS_FAILED(mDocument->QueryInterface(kIDocumentIID, + (void **) getter_AddRefs(doc)))) + { + return NS_ERROR_FAILURE; } - if (!mPrincipal) return NS_ERROR_FAILURE; - if (mContext) NS_ADDREF(mPrincipal); + + mPrincipal = doc->GetDocumentPrincipal(); + if (!mPrincipal) { + nsCOMPtr uri = doc->GetDocumentURL(); + if (!uri) + return NS_ERROR_FAILURE; + + nsresult rv; + NS_WITH_SERVICE(nsIPrincipalManager, prinMan, + NS_PRINCIPALMANAGER_PROGID, &rv); + if (NS_FAILED(rv)) + return NS_ERROR_FAILURE; + + if (NS_FAILED(prinMan->CreateCodebasePrincipal(nsnull, uri, &mPrincipal))) + return NS_ERROR_FAILURE; + } + NS_ADDREF(mPrincipal); } - * prin = mPrincipal; + *result = mPrincipal; + NS_ADDREF(*result); return NS_OK; } NS_IMETHODIMP -GlobalWindowImpl::SetPrincipal(nsIPrincipal * aPrin) +GlobalWindowImpl::SetPrincipal(nsIPrincipal *aPrin) { NS_IF_RELEASE(mPrincipal); mPrincipal = aPrin; - if (mPrincipal) NS_ADDREF(mPrincipal); - return NS_OK; -} - -NS_IMETHODIMP -GlobalWindowImpl::GetOrigin(nsIURI * * aOrigin) -{ - nsIDocument* doc; - if (mDocument && NS_OK == mDocument->QueryInterface(kIDocumentIID, (void * *)&doc)) { - nsIURI* docURL = doc->GetDocumentURL(); - if (docURL) * aOrigin = docURL; - // else return error code - NS_RELEASE(doc); - } -#if 0 - //Old code from 4.0 to show what funcitonality needs replicating - History_entry *he; - const char *address; - JSContext *aCx; - MochaDecoder *decoder; - - he = SHIST_GetCurrent(&context->hist); - if (he) { - address = he->wysiwyg_url; - if (!address) - address = he->address; - switch (NET_URL_Type(address)) { - case MOCHA_TYPE_URL: - /* This type cannot name the true origin (server) of JS code. */ - break; - case VIEW_SOURCE_TYPE_URL: - NS_ASSERTION(0, "Invalid url type"); - default: - return address; - } - } - - if (context->grid_parent) { - address = FindCreatorURL(context->grid_parent); - if (address) - return address; - } - - aCx = context->mocha_context; - if (aCx) { - decoder = JS_GetPrivate(aCx, JS_GetGlobalObject(aCx)); - if (decoder && decoder->opener) { - /* self.opener property is valid, check its MWContext. */ - MochaDecoder *opener = JS_GetPrivate(aCx, decoder->opener); - if (!opener->visited) { - opener->visited = PR_TRUE; - address = opener->window_context - ? FindCreatorURL(opener->window_context) - : nsnull; - opener->visited = PR_FALSE; - if (address) - return address; - } - } - } -#endif + if (mPrincipal) + NS_ADDREF(mPrincipal); return NS_OK; } diff --git a/mozilla/dom/src/base/nsGlobalWindow.h b/mozilla/dom/src/base/nsGlobalWindow.h index 5e73ebf2cba..c9e786b6abc 100644 --- a/mozilla/dom/src/base/nsGlobalWindow.h +++ b/mozilla/dom/src/base/nsGlobalWindow.h @@ -207,9 +207,8 @@ public: virtual void Finalize(JSContext *aContext); // nsIScriptGlobalObjectData interface - NS_IMETHOD GetPrincipal(nsIPrincipal * * prin); - NS_IMETHOD SetPrincipal(nsIPrincipal * prin); - NS_IMETHOD GetOrigin(nsIURI** aOrigin); + NS_IMETHOD GetPrincipal(nsIPrincipal **prin); + NS_IMETHOD SetPrincipal(nsIPrincipal *prin); friend void nsGlobalWindow_RunTimeout(nsITimer *aTimer, void *aClosure); @@ -251,7 +250,7 @@ protected: HistoryImpl *mHistory; nsIWebShell *mWebShell; nsIDOMWindow *mOpener; - nsIPrincipal * mPrincipal; + nsIPrincipal *mPrincipal; BarPropImpl *mMenubar; BarPropImpl *mToolbar; diff --git a/mozilla/dom/src/base/nsJSEnvironment.cpp b/mozilla/dom/src/base/nsJSEnvironment.cpp index ca16aed535a..9313f81386e 100644 --- a/mozilla/dom/src/base/nsJSEnvironment.cpp +++ b/mozilla/dom/src/base/nsJSEnvironment.cpp @@ -30,7 +30,6 @@ #include "nsIDOMNodeList.h" #include "nsIDOMHTMLImageElement.h" #include "nsIDOMHTMLOptionElement.h" -#include "nsJSSecurityManager.h" #include "nsIScriptSecurityManager.h" #include "nsIScriptNameSetRegistry.h" #include "nsIScriptNameSpaceManager.h" @@ -39,6 +38,7 @@ #include "nsIXPConnect.h" #include "nsIXPCSecurityManager.h" #include "nsIJSContextStack.h" +#include "nsCOMPtr.h" #if defined(OJI) #include "nsIJVMManager.h" @@ -100,6 +100,7 @@ nsJSContext::nsJSContext(JSRuntime *aRuntime) mNameSpaceManager = nsnull; mIsInitialized = PR_FALSE; mNumEvaluations = 0; + mSecurityManager = nsnull; } nsJSContext::~nsJSContext() @@ -128,31 +129,26 @@ nsJSContext::EvaluateString(const nsString& aScript, nsString& aRetValue, PRBool* aIsUndefined) { - jsval val; - nsIScriptGlobalObject *global = GetGlobalObject(); - nsIScriptGlobalObjectData *globalData; - nsIPrincipal * prin = nsnull; - nsresult rv = NS_OK; - if (global && NS_SUCCEEDED(global->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void**)&globalData))) { - if (NS_FAILED(globalData->GetPrincipal(& prin))) { - NS_RELEASE(global); - NS_RELEASE(globalData); - return NS_ERROR_FAILURE; - } - NS_RELEASE(globalData); - } - NS_IF_RELEASE(global); + nsCOMPtr globalData; + nsCOMPtr principal; + nsCOMPtr global = GetGlobalObject(); + if (!global || NS_FAILED(global->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), + (void**) getter_AddRefs(globalData)))) + { + return NS_ERROR_FAILURE; + } + if (NS_FAILED(globalData->GetPrincipal(getter_AddRefs(principal)))) + return NS_ERROR_FAILURE; + nsresult rv; NS_WITH_SERVICE(nsIJSContextStack, stack, "nsThreadJSContextStack", &rv); - if (NS_FAILED(rv)) { - return rv; - } - rv = stack->Push(mContext); - if (NS_FAILED(rv)) { - return rv; - } - JSPrincipals * jsprin; - prin->ToJSPrincipal(& jsprin); + if (NS_FAILED(rv)) + return NS_ERROR_FAILURE; + if (NS_FAILED(stack->Push(mContext))) + return NS_ERROR_FAILURE; + JSPrincipals *jsprin; + principal->GetJSPrincipals(&jsprin); + jsval val; PRBool ret = ::JS_EvaluateUCScriptForPrincipals(mContext, JS_GetGlobalObject(mContext), jsprin, @@ -161,6 +157,7 @@ nsJSContext::EvaluateString(const nsString& aScript, aURL, aLineNo, &val); + JSPRINCIPALS_DROP(mContext, jsprin); if (ret) { *aIsUndefined = JSVAL_IS_VOID(val); JSString* jsstring = JS_ValueToString(mContext, val); @@ -172,8 +169,10 @@ nsJSContext::EvaluateString(const nsString& aScript, ScriptEvaluated(); - rv = stack->Pop(nsnull); - return rv; + if (NS_FAILED(stack->Pop(nsnull))) + return NS_ERROR_FAILURE; + + return NS_OK; } NS_IMETHODIMP_(nsIScriptGlobalObject*) @@ -378,16 +377,20 @@ nsJSContext::GetNameSpaceManager(nsIScriptNameSpaceManager** aInstancePtr) } NS_IMETHODIMP -nsJSContext::GetSecurityManager(nsIScriptSecurityManager * * aInstancePtr) +nsJSContext::GetSecurityManager(nsIScriptSecurityManager **aInstancePtr) { - nsresult ret; - NS_WITH_SERVICE(nsIScriptSecurityManager, secManager,NS_SCRIPTSECURITYMANAGER_PROGID,& ret); - if (NS_OK == ret) - { - *aInstancePtr = secManager; - NS_ADDREF(* aInstancePtr); - } - return ret; + if (!mSecurityManager) { + nsresult ret; + NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, + NS_SCRIPTSECURITYMANAGER_PROGID, &ret); + if (NS_FAILED(ret)) + return NS_ERROR_FAILURE; + mSecurityManager = securityManager; + NS_ADDREF(mSecurityManager); + } + *aInstancePtr = mSecurityManager; + NS_ADDREF(*aInstancePtr); + return NS_OK; } nsJSEnvironment *nsJSEnvironment::sTheEnvironment = nsnull; diff --git a/mozilla/dom/src/base/nsJSEnvironment.h b/mozilla/dom/src/base/nsJSEnvironment.h index 117c83c5a85..eefa23cb89c 100644 --- a/mozilla/dom/src/base/nsJSEnvironment.h +++ b/mozilla/dom/src/base/nsJSEnvironment.h @@ -30,6 +30,7 @@ private: nsIScriptNameSpaceManager* mNameSpaceManager; PRBool mIsInitialized; PRUint32 mNumEvaluations; + nsIScriptSecurityManager *mSecurityManager; public: nsJSContext(JSRuntime *aRuntime); diff --git a/mozilla/dom/src/base/nsJSSecurityManager.cpp b/mozilla/dom/src/base/nsJSSecurityManager.cpp deleted file mode 100644 index dc83619bdad..00000000000 --- a/mozilla/dom/src/base/nsJSSecurityManager.cpp +++ /dev/null @@ -1,2285 +0,0 @@ -/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- - * - * The contents of this file are subject to the Netscape Public License - * Version 1.0 (the "NPL"); you may not use this file except in - * compliance with the NPL. You may obtain a copy of the NPL at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the NPL is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL - * for the specific language governing rights and limitations under the - * NPL. - * - * The Initial Developer of this code under the NPL is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1998-1999 Netscape Communications Corporation. All Rights - * Reserved. - */ - -#include "nsJSSecurityManager.h" -#include "nsCCapsManager.h" -#include "nsIPrincipalManager.h" -#include "nsIServiceManager.h" -#ifdef OJI -#include "jvmmgr.h" -#endif -#include "nsIScriptObjectOwner.h" -#include "nspr.h" -#include "plstr.h" -#include "nsPrivilegeManager.h" -#include "nsIScriptGlobalObject.h" -#include "nsIScriptGlobalObjectData.h" -#include "nsIPref.h" -#include "nsIURL.h" - -static NS_DEFINE_IID(kIXPCSecurityManagerIID, NS_IXPCSECURITYMANAGER_IID); -static NS_DEFINE_IID(kIScriptObjectOwnerIID, NS_ISCRIPTOBJECTOWNER_IID); -static NS_DEFINE_IID(kICapsSecurityCallbacksIID, NS_ICAPSSECURITYCALLBACKS_IID); - -static NS_DEFINE_CID(kComponentManagerCID, NS_COMPONENTMANAGER_CID); -static NS_DEFINE_CID(kURLCID, NS_STANDARDURL_CID); -static NS_DEFINE_CID(kPrefServiceCID, NS_PREF_CID); - -static nsString gUnknownOriginStr("[unknown origin]"); -static nsString gFileUrlPrefix("file:"); - -static nsString gFileDoubleSlashUrlPrefix("file://"); -static char * targetStrings[] = { - "UniversalBrowserRead", - "UniversalBrowserWrite", - "UniversalSendMail", - "UniversalFileRead", - "UniversalFileWrite", - "UniversalPreferencesRead", - "UniversalPreferencesWrite", - "UniversalDialerAccess", - "Max", - "AccountSetup", - /* See Target.java for more targets */ -}; -/* -extern "C" NS_DOM nsresult -NS_NewScriptSecurityManager(nsIScriptSecurityManager ** aInstancePtrResult) -{ - nsIScriptSecurityManager* it = new nsJSSecurityManager(); - if (nsnull == it) return NS_ERROR_OUT_OF_MEMORY; - nsresult ret = it->QueryInterface(kIScriptSecurityManagerIID, (void **) aInstancePtrResult); - if (NS_FAILED(ret)) return ret; - if (NS_FAILED(ret)) NS_RELEASE(*aInstancePtrResult); - return ret; -} -*/ -nsJSSecurityManager::nsJSSecurityManager() -{ - NS_INIT_REFCNT(); - nsServiceManager::GetService(kPrefServiceCID, NS_GET_IID(nsIPref), (nsISupports**)&mPrefs); -} - -nsJSSecurityManager::~nsJSSecurityManager() -{ - nsServiceManager::ReleaseService(kPrefServiceCID, mPrefs); -// NS_IF_RELEASE(mCapsManager); -} - -NS_IMETHODIMP -nsJSSecurityManager::QueryInterface(REFNSIID aIID, void** aInstancePtr) -{ - if (nsnull == aInstancePtr) return NS_ERROR_NULL_POINTER; - /* - if (aIID.Equals(kICapsSecurityCallbacksIID)) { - *aInstancePtr = (void*)(nsICapsSecurityCallbacks*)this; - NS_ADDREF_THIS(); - return NS_OK; - } - */ - if (aIID.Equals(kIXPCSecurityManagerIID)) { - *aInstancePtr = (void*)(nsIXPCSecurityManager*)this; - NS_ADDREF_THIS(); - return NS_OK; - } - return NS_NOINTERFACE; -} - -NS_IMPL_ADDREF(nsJSSecurityManager) -NS_IMPL_RELEASE(nsJSSecurityManager) - -PR_STATIC_CALLBACK(void *) -GetPrincipalArray(JSContext *aCx, struct JSPrincipals *aPrincipals); - -PR_STATIC_CALLBACK(void) -DestroyJSPrincipals(JSContext *aCx, JSPrincipals *aPrincipals); - -PR_STATIC_CALLBACK(PRBool) -GlobalPrivilegesEnabled(JSContext *aCx, JSPrincipals *aPrincipals); - -static nsJSPrincipalsData unknownPrincipals = { - { - gUnknownOriginStr.ToNewCString(), - GetPrincipalArray, - GlobalPrivilegesEnabled, - 0, - DestroyJSPrincipals - }, - nsnull -}; - -//JSPrincipal callback -PR_STATIC_CALLBACK(void) -DestroyJSPrincipals(JSContext *aCx, JSPrincipals *aPrincipals) -{ - if (aPrincipals != nsnull && aPrincipals != (JSPrincipals*)&unknownPrincipals) { - nsJSPrincipalsData* data = (nsJSPrincipalsData*)aPrincipals; - if (aPrincipals->codebase) delete aPrincipals->codebase; - if (data->principalsArrayRef != nsnull) { - /* XXX: raman: Should we free up the principals that are in that array also? */ - ((nsIPrincipalArray *)data->principalsArrayRef)->FreePrincipalArray(); - } - //XXX - if (data->name) delete data->name; - //data->untransformed - //data->transformed - if (data->codebaseBeforeSettingDomain) delete data->codebaseBeforeSettingDomain; - if (data->zip) - //ns_zip_close(data->zip); - if (data->url) NS_RELEASE(data->url); - PR_Free(data); - } -} - -//JSPrincipal callback -PR_STATIC_CALLBACK(void *) -GetPrincipalArray(JSContext *aCx, struct JSPrincipals *aPrincipals) -{ - nsJSPrincipalsData *data = (nsJSPrincipalsData *)aPrincipals; -/* - //Get array of principals - if (data->principalsArrayRef == nsnull) { - nsICapsManager * capsMan; - nsresult res = nsServiceManager::GetService(kCCapsManagerCID, kICapsManagerIID, (nsISupports**)& capsMan); - if ((NS_OK == res) && (nsnull != capsMan)) { - nsIPrincipalManager * prinMan; - capsMan->GetPrincipalManager(& prinMan); -// prinMan->CreateMixedPrincipalArray(nsnull, nsnull, aPrincipals->codebase, (nsIPrincipalArray * *)&(data->principalsArrayRef)); - NS_RELEASE(capsMan); - } - } -*/ - return data->principalsArrayRef; -} - - -//JSPrincipal callback -PR_STATIC_CALLBACK(PRBool) -GlobalPrivilegesEnabled(JSContext *aCx, JSPrincipals *aPrincipals) -{ - nsJSPrincipalsData *data = (nsJSPrincipalsData *) aPrincipals; - return (PRBool)(nsnull != data->principalsArrayRef || gUnknownOriginStr.Equals(aPrincipals->codebase)); -} - - - -NS_IMETHODIMP -nsJSSecurityManager::CanCreateWrapper(JSContext * aJSContext, const nsIID & aIID, nsISupports * aObj) -{ - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::CanCreateInstance(JSContext * aJSContext, const nsCID & aCID) -{ - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::CanGetService(JSContext * aJSContext, const nsCID & aCID) -{ - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::CanCallMethod(JSContext * aJSContext, - const nsIID & aIID, - nsISupports *aObj, - nsIInterfaceInfo *aInterfaceInfo, - PRUint16 aMethodIndex, - const jsid aName) -{ - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::CanGetProperty(JSContext * aJSContext, - const nsIID & aIID, - nsISupports *aObj, - nsIInterfaceInfo *aInterfaceInfo, - PRUint16 aMethodIndex, - const jsid aName) -{ - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::CanSetProperty(JSContext * aJSContext, - const nsIID & aIID, - nsISupports *aObj, - nsIInterfaceInfo *aInterfaceInfo, - PRUint16 aMethodIndex, - const jsid aName) -{ - return NS_OK; -} - - - - - - - - - - - - - - - - - - - - -#if 0 -// Later: used for signed scripts - -NS_IMETHODIMP -nsJSSecurityManager::FreeNSJSJavaFrameWrapper(struct nsFrameWrapper *aWrapper) -{ - PR_FREEIF(aWrapper); - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::GetStartFrame(struct nsFrameWrapper *aWrapper) -{ - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::IsEndOfFrame(struct nsFrameWrapper *aWrapper, PRBool* aReturn) -{ - *aReturn = PR_FALSE; - - if ((aWrapper == nsnull) || (aWrapper->iterator == nsnull)) { - *aReturn = PR_TRUE; - } - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::IsValidFrame(struct nsFrameWrapper *aWrapper, PRBool* aReturn) -{ - *aReturn = (aWrapper->iterator != nsnull); - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::NewNSJSJavaFrameWrapper(void *aContext, struct nsFrameWrapper ** aWrapper) -{ - struct nsFrameWrapper *result; - - result = (struct nsFrameWrapper *)PR_MALLOC(sizeof(struct nsFrameWrapper)); - if (result == nsnull) { - return NS_ERROR_FAILURE; - } - - result->iterator = (void*)NewJSFrameIterator(aContext); - *aWrapper = result; - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::GetNextFrame(struct nsFrameWrapper *aWrapper, int *aDepth, void** aReturn) -{ - nsJSFrameIterator *iterator; - if (aWrapper->iterator == nsnull) { - return NS_ERROR_FAILURE; - } - iterator = (nsJSFrameIterator*)(aWrapper->iterator); - - if (!NextJSFrame(&iterator)) { - return NS_ERROR_FAILURE; - } - - (*aDepth)++; - *aReturn = aWrapper->iterator; - return NS_OK; -} - -PRBool -nsJSSecurityManager::NextJSFrame(struct nsJSFrameIterator **aIterator) -{ - nsJSFrameIterator *iterator = *aIterator; - PRBool result = NextJSJavaFrame(iterator); - if (!result) { - if (iterator->intersect) - ((nsIPrincipalArray *)(* aIterator)->intersect)->FreePrincipalArray(); - PR_Free(iterator); - * aIterator = nsnull; - } - return result; -} - -nsJSFrameIterator * -nsJSSecurityManager::NewJSFrameIterator(void *aContext) -{ - JSContext *aCx = (JSContext *)aContext; - nsJSFrameIterator *result; - void *array; - - result = (nsJSFrameIterator*)PR_MALLOC(sizeof(nsJSFrameIterator)); - if (result == nsnull) { - return nsnull; - } - - if (aCx == nsnull) { - return nsnull; - } - - result->fp = nsnull; - result->cx = aCx; - result->fp = JS_FrameIterator(aCx, &result->fp); - array = result->fp - ? JS_GetFramePrincipalArray(aCx, result->fp) - : nsnull; - result->intersect = array; - result->sawEmptyPrincipals = - (result->intersect == nsnull && result->fp && - JS_GetFrameScript(aCx, result->fp)) - ? PR_TRUE : PR_FALSE; - - return result; -} - -NS_IMETHODIMP -nsJSSecurityManager::OJIGetPrincipalArray(struct nsFrameWrapper *aWrapper, void** aReturn) -{ - nsJSFrameIterator *iterator; - if (aWrapper->iterator == nsnull) { - return NS_ERROR_FAILURE; - } - iterator = (nsJSFrameIterator*)(aWrapper->iterator); - *aReturn = ::JS_GetFramePrincipalArray(iterator->cx, iterator->fp); - return NS_OK; -} - -PRBool -nsJSSecurityManager::NextJSJavaFrame(struct nsJSFrameIterator *aIterator) -{ - nsIPrincipalArray * current; - nsIPrincipalArray * previous; - if (aIterator->fp == 0) return PR_FALSE; - current = (nsIPrincipalArray *)JS_GetFramePrincipalArray(aIterator->cx, aIterator->fp); - if (current == nsnull) { - if (JS_GetFrameScript(aIterator->cx, aIterator->fp)) - aIterator->sawEmptyPrincipals = PR_TRUE; - } else { - nsIPrincipalArray * arrayIntersect; - if (aIterator->intersect) { - previous = (nsIPrincipalArray *)aIterator->intersect; - current->IntersectPrincipalArray(previous,& arrayIntersect); - /* XXX: raman: should we do a free the previous principal Array */ - ((nsIPrincipalArray *)aIterator->intersect)->FreePrincipalArray(); - } - aIterator->intersect = current; - } - aIterator->fp = JS_FrameIterator(aIterator->cx, &aIterator->fp); - return aIterator->fp != nsnull; -} - -NS_IMETHODIMP -nsJSSecurityManager::OJIGetAnnotation(struct nsFrameWrapper *aWrapper, void** aReturn) -{ - nsJSFrameIterator *iterator; - void *annotation; - void *current; - - if (aWrapper->iterator == nsnull) { - return NS_ERROR_FAILURE; - } - iterator = (nsJSFrameIterator*)(aWrapper->iterator); - - annotation = JS_GetFrameAnnotation(iterator->cx, iterator->fp); - if (annotation == nsnull) - return NS_ERROR_FAILURE; - - current = JS_GetFramePrincipalArray(iterator->cx, iterator->fp); - - if (iterator->sawEmptyPrincipals || current == nsnull || - (iterator->intersect /*&& - !CanExtendTrust(iterator->cx, current, iterator->intersect)*/)) - return NS_ERROR_FAILURE; - - *aReturn = annotation; - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::OJISetAnnotation(struct nsFrameWrapper *aWrapper, void *aPrivTable, void** aReturn) -{ - if (aWrapper->iterator) { - nsJSFrameIterator *iterator = (nsJSFrameIterator*)(aWrapper->iterator); - JS_SetFrameAnnotation(iterator->cx, iterator->fp, aPrivTable); - } - *aReturn = aPrivTable; - return NS_OK; -} - - -/* - * If given principals can access the given target, return true. Otherwise - * return false. The script must already have explicitly requested access - * to the given target. - */ -PRBool -nsJSSecurityManager::PrincipalsCanAccessTarget(JSContext *aCx, PRInt16 aTarget) -{ - nsPrivilegeTable * annotation; - JSStackFrame *fp; - void *annotationRef; - nsIPrincipalArray * principalArray = nsnull; -#ifdef OJI - JSStackFrame *pFrameToStartLooking = *JVM_GetStartJSFrameFromParallelStack(); - JSStackFrame *pFrameToEndLooking = JVM_GetEndJSFrameFromParallelStack(pFrameToStartLooking); - PRBool bCalledFromJava = (pFrameToEndLooking != nsnull); - if (pFrameToStartLooking == nsnull) { - pFrameToStartLooking = JS_FrameIterator(aCx, &pFrameToStartLooking); - if (pFrameToStartLooking == nsnull) { -// There are no frames or scripts at this point. - pFrameToEndLooking = nsnull; - } - } -#else - JSStackFrame *pFrameToStartLooking = JS_FrameIterator(aCx, &fp); - JSStackFrame *pFrameToEndLooking = nsnull; -#endif - - /* Map eJSTarget to nsTarget */ - NS_ASSERTION(aTarget >= 0, "No target in PrincipalsCanAccessTarget"); - //NS_ASSERTION(aTarget < sizeof(targetStrings)/sizeof(targetStrings[0]), ""); - - /* Find annotation */ - annotationRef = nsnull; - principalArray = nsnull; - fp = pFrameToStartLooking; - while ((fp = JS_FrameIterator(aCx, &fp)) != pFrameToEndLooking) { - nsIPrincipalArray * current; - if (JS_GetFrameScript(aCx, fp) == nsnull) continue; - current = (nsIPrincipalArray *)JS_GetFramePrincipalArray(aCx, fp); - if (current == nsnull) return PR_FALSE; - annotationRef = (void *) JS_GetFrameAnnotation(aCx, fp); - if (annotationRef) { - if (principalArray != nsnull) { - PRBool canExtend; - nsresult rv; - NS_WITH_SERVICE(nsIPrincipalManager, prinMan,NS_PRINCIPALMANAGER_PROGID,&rv); - prinMan->CanExtendTrust(current, principalArray, & canExtend); - if (!canExtend) return PR_FALSE; - break; - } - } - if (principalArray != nsnull) current->IntersectPrincipalArray(principalArray,& principalArray); - else principalArray = current; - } - if (annotationRef) annotation = (nsPrivilegeTable *)annotationRef; - else { -#ifdef OJI - /* - * Call from Java into JS. Just call the Java routine for checking - * privileges. - */ - if (nsnull == pFrameToEndLooking) { - if (principalArray) { - /* - * Must check that the principals that signed the Java applet are - * a subset of the principals that signed this script. - */ - void *javaPrincipals = JVM_GetJavaPrincipalsFromStackAsNSVector(pFrameToStartLooking); - - //if (!CanExtendTrust(aCx, javaPrincipals, principalArray)) { - // return PR_FALSE; - //} - } - /* - * XXX sudu: TODO: Setup the parameters representing a target. - */ - return JVM_NSISecurityContextImplies(pFrameToStartLooking, targetStrings[aTarget], NULL); - } -#endif /* OJI */ - // No annotation in stack - return PR_FALSE; - } - - // Now find permission for (annotation, target) pair. - PRBool allowed; - //mCapsManager->IsAllowed(annotation, targetStrings[aTarget], &allowed); - - return allowed; -} - - - -/* This array must be kept in sync with nsIScriptSecurityManager.idl */ - - -#if JS_SECURITY_OBJ -/* - -static char access_error_message[] = - "access disallowed from scripts at %s to documents at another domain"; -static char container_error_message[] = - "script at '%s' is not signed by sufficient principals to access " - "signed container"; - -static char enablePrivilegeStr[] = "enablePrivilege"; -static char isPrivilegeEnabledStr[] = "isPrivilegeEnabled"; -static char disablePrivilegeStr[] = "disablePrivilege"; -static char revertPrivilegeStr[] = "revertPrivilege"; - -//XXX what about the PREXTERN? -typedef PRBool -(*nsCapsFn)(void* context, struct nsTarget *target, PRInt32 callerDepth); - -static JSBool -callCapsCode(JSContext *aCx, JSObject *obj, uintN argc, jsval *argv, - jsval *rval, nsCapsFn fn, char *name) -{ - JSString *str; - char *cstr; - struct nsTarget *target; - - if (argc == 0 || !JSVAL_IS_STRING(argv[0])) { - JS_ReportError(aCx, "String argument expected for %s.", name); - return JS_FALSE; - } - // We don't want to use JS_ValueToString because we want to be able - // to have an object to represent a target in subsequent versions. - // XXX but then use of an object will cause errors here.... - str = JSVAL_TO_STRING(argv[0]); - if (!str) - return JS_FALSE; - - cstr = JS_GetStringBytes(str); - if (cstr == nsnull) - return JS_FALSE; - - target = nsCapsFindTarget(cstr); - if (target == nsnull) - return JS_FALSE; - // stack depth of 1: first frame is for the native function called - if (!(*fn)(aCx, target, 1)) { - //XXX report error, later, throw exception - return JS_FALSE; - } - return JS_TRUE; -} - - -JSBool -lm_netscape_security_isPrivilegeEnabled(JSContext *aCx, JSObject *obj, uintN argc, - jsval *argv, jsval *rval) -{ - return callCapsCode(aCx, obj, argc, argv, rval, nsCapsIsPrivilegeEnabled, - isPrivilegeEnabledStr); -} - -JSBool -lm_netscape_security_enablePrivilege(JSContext *aCx, JSObject *obj, uintN argc, - jsval *argv, jsval *rval) -{ - return callCapsCode(aCx, obj, argc, argv, rval, nsCapsEnablePrivilege, - enablePrivilegeStr); -} - -JSBool -lm_netscape_security_disablePrivilege(JSContext *aCx, JSObject *obj, uintN argc, - jsval *argv, jsval *rval) -{ - return callCapsCode(aCx, obj, argc, argv, rval, nsCapsDisablePrivilege, - disablePrivilegeStr); -} - -JSBool -lm_netscape_security_revertPrivilege(JSContext *aCx, JSObject *obj, uintN argc, - jsval *argv, jsval *rval) -{ - return callCapsCode(aCx, obj, argc, argv, rval, nsCapsRevertPrivilege, - revertPrivilegeStr); -} - -static JSFunctionSpec PrivilegeManager_static_methods[] = { - { isPrivilegeEnabledStr, lm_netscape_security_isPrivilegeEnabled, 1}, - { enablePrivilegeStr, lm_netscape_security_enablePrivilege, 1}, - { disablePrivilegeStr, lm_netscape_security_disablePrivilege, 1}, - { revertPrivilegeStr, lm_netscape_security_revertPrivilege, 1}, - {0} -}; - -JSBool -lm_InitSecurity(MochaDecoder *decoder) -{ - JSContext *aCx; - JSObject *obj; - JSObject *proto; - JSClass *objectClass; - jsval v; - JSObject *securityObj; - - //XXX * "Steal" calls to netscape.security.PrivilegeManager.enablePrivilege, - //et. al. so that code that worked with 4.0 can still work. - - // Find Object.prototype's class by walking up the window object's - // prototype chain. - aCx = decoder->js_context; - obj = decoder->window_object; - while (proto = JS_GetPrototype(aCx, obj)) - obj = proto; - objectClass = JS_GetClass(aCx, obj); - - if (!JS_GetProperty(aCx, decoder->window_object, "netscape", &v)) - return JS_FALSE; - if (JSVAL_IS_OBJECT(v)) { - // "netscape" property of window object exists; must be LiveConnect - // package. Get the "security" property. - obj = JSVAL_TO_OBJECT(v); - if (!JS_GetProperty(aCx, obj, "security", &v) || !JSVAL_IS_OBJECT(v)) - return JS_FALSE; - securityObj = JSVAL_TO_OBJECT(v); - } else { - //define netscape.security object - obj = JS_DefineObject(aCx, decoder->window_object, "netscape", - objectClass, nsnull, 0); - if (obj == nsnull) - return JS_FALSE; - securityObj = JS_DefineObject(aCx, obj, "security", objectClass, - nsnull, 0); - if (securityObj == nsnull) - return JS_FALSE; - } - - // Define PrivilegeManager object with the necessary "static" methods. - obj = JS_DefineObject(aCx, securityObj, "PrivilegeManager", objectClass, - nsnull, 0); - if (obj == nsnull) - return JS_FALSE; - - return JS_DefineFunctions(aCx, obj, PrivilegeManager_static_methods); -} -*/ -#endif //JS_SECURITY_OBJ - - - -//+++ - -NS_IMETHODIMP -nsJSSecurityManager::GetCompilationPrincipals(nsIScriptContext *aContext, - nsIScriptGlobalObject* aGlobal, - JSPrincipals *aLayoutPrincipals, - JSPrincipals** aPrincipals) -{ - JSContext *cx; - *aPrincipals = nsnull; - - cx = (JSContext*)(aContext->GetNativeContext()); - - if (0) {//script from doc.write(decoder->writing_input && lm_writing_context != nsnull) { - /* - * Compiling a script added due to a document.write. - * Get principals from stack frame. We can't just use these - * principals since the document.write code will fail signature - * verification. So just grab the codebase and form a new set - * of principals. - */ - GetPrincipalsFromStackFrame(cx, aPrincipals); - if (*aPrincipals) { - nsAutoString cb((*aPrincipals)->codebase); - NewJSPrincipals(nsnull, nsnull, &cb, aPrincipals); - } else { - nsAutoString cb(gUnknownOriginStr); - NewJSPrincipals(nsnull, nsnull, &cb, aPrincipals); - } - if (*aPrincipals == nsnull) { - JS_ReportOutOfMemory(cx); - return NS_ERROR_FAILURE; - } - InvalidateCertPrincipals(cx, *aPrincipals); - return NS_OK; - } - - if (aLayoutPrincipals) { - *aPrincipals = aLayoutPrincipals; - return NS_OK; - } - - /* - * Just get principals corresponding to the window or layer we're - * currently parsing. - */ - nsIScriptObjectOwner* globalOwner; - JSObject* global = nsnull; - - if (NS_OK == aGlobal->QueryInterface(kIScriptObjectOwnerIID, (void**)&globalOwner)) { - globalOwner->GetScriptObject(aContext, (void**)&global); - } - if (nsnull != global) { - return GetContainerPrincipals(cx, global, aPrincipals); - } - - return NS_ERROR_FAILURE; -} - - - - -NS_IMETHODIMP -nsJSSecurityManager::CheckContainerAccess(JSContext *aCx, JSObject *aObj, - PRInt16 aTarget, PRBool* aReturn) -{ - JSPrincipals *principals; - nsJSPrincipalsData *data; - JSStackFrame *fp; - JSScript *script; - JSPrincipals *subjPrincipals; - nsString* fn = nsnull; - - /* The decoder's js_context isn't in a request, so we should put it - * in one during this call. */ - //XXXJoki, why the begin request? Does it needs to be aObj's cx? - JS_BeginRequest(aCx); - GetContainerPrincipals(aCx, aObj, &principals); - JS_EndRequest(aCx); - - if (principals == nsnull) { -#ifdef EARLY_ACCESS_STUFF - /* - * Attempt to access container before container has any scripts. - * Most of these accesses come from natives when initializing a - * window. Check for that by seeing if we have an executing script. - * If we do, remember the principals of the script that performed - * the access so we can report an error later if need be. - */ - fp = nsnull; - GetPrincipalsFromStackFrame(aCx, &subjPrincipals); - if (subjPrincipals == nsnull) { - *aReturn = PR_TRUE; - return NS_OK; - } - - /* See if subjPrincipals are already on list */ - list = (nsJSPrincipalsList *) decoder->early_access_list; - while (list && list->principals != subjPrincipals) { - list = list->next; - } - if (list == nsnull) { - list = PR_MALLOC(sizeof(*list)); - if (list == nsnull) { - JS_ReportOutOfMemory(aCx); - *aReturn = PR_FALSE; - return NS_ERROR_FAILURE; - } - list->principals = subjPrincipals; - JSPRINCIPALS_HOLD(aCx, list->principals); - list->next = (nsJSPrincipalsList *) decoder->early_access_list; - decoder->early_access_list = list; - } - /* - * XXX - Still possible to modify contents of another page - * even if cross-origin access is disabled by setting to - * about:blank, modifying, and then loading the attackee. - * Similarly with window.open(""). - */ -#endif - *aReturn = PR_TRUE; - return NS_OK; - } - /* - * If object doesn't have signed scripts and cross-origin access - * is enabled, return true. - */ - data = (nsJSPrincipalsData *) principals; - if (data->signedness != HAS_SIGNED_SCRIPTS) {//XXXGlobalAPI && GetCrossOriginEnabled()) { - *aReturn = PR_TRUE; - return NS_OK; - } - - /* Check if user requested lower privileges */ - - if (data->signedness == HAS_SIGNED_SCRIPTS) { - //XXX Do we need CompromisePrincipals?XXX && !GetPrincipalsCompromise(aCx, obj)) { - /* - * We have signed scripts. Must check that the object principals are - * a subset of the the subject principals. - */ - fp = nsnull; - fp = JS_FrameIterator(aCx, &fp); - if (fp == nsnull || (script = JS_GetFrameScript(aCx, fp)) == nsnull) { - /* haven't begun execution yet; allow the r to create functions */ - *aReturn = PR_TRUE; - return NS_OK; - } - subjPrincipals = JS_GetScriptPrincipals(aCx, script); - if (subjPrincipals && - CanExtendTrust(aCx, - principals->getPrincipalArray(aCx, principals), - subjPrincipals->getPrincipalArray(aCx, subjPrincipals))) - { - *aReturn = PR_TRUE; - return NS_OK; - } - GetSubjectOriginURL(aCx, &fn); - if (!fn) { - *aReturn = PR_FALSE; - return NS_OK; - } - if (subjPrincipals && principals) { - PrintToConsole("Principals of script: "); - PrintPrincipalsToConsole(aCx, subjPrincipals); - PrintToConsole("Principals of signed container: "); - PrintPrincipalsToConsole(aCx, principals); - } - char fnChar[128]; - - JS_ReportError(aCx, "Container error message", fn->ToCString(fnChar, 128)); - *aReturn = PR_FALSE; - delete fn; - return NS_ERROR_FAILURE; - } - - /* The signed script has called compromisePrincipals(), so - * we do the weaker origin check. - */ - return CheckPermissions(aCx, aObj, aTarget, aReturn); -} - -NS_IMETHODIMP -nsJSSecurityManager::SetContainerPrincipals(JSContext *aCx, JSObject *aContainer, JSPrincipals *aPrincipals) -{ - //Start from topmost item. - while (nsnull != (aContainer = JS_GetParent(aCx, aContainer))); - - nsISupports *tmp; - nsIScriptGlobalObjectData *globalData; - - tmp = (nsISupports*)JS_GetPrivate(aCx, aContainer); - if (nsnull != tmp && - NS_OK == tmp->QueryInterface(NS_GET_IID(nsIScriptGlobalObjectData), (void**)&globalData)) { - globalData->SetPrincipals((void*)aPrincipals); - } - - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::CanCaptureEvent(JSContext *aCx, JSFunction *aFun, JSObject *aEventTarget, PRBool* aReturn) -{ - JSScript *script; - JSPrincipals *principals; - nsString* origin = nsnull; - - script = JS_GetFunctionScript(aCx, aFun); - if (script == nsnull) { - *aReturn = PR_FALSE; - return NS_OK; - } - principals = JS_GetScriptPrincipals(aCx, script); - if (principals == nsnull) { - *aReturn = PR_FALSE; - return NS_OK; - } - GetObjectOriginURL(aCx, aEventTarget, &origin); - char* originChar; - if (origin) { - originChar = origin->ToNewCString(); - } - if (!originChar) { - if (origin) { - delete origin; - } - *aReturn = PR_FALSE; - return NS_OK; - } - - *aReturn = (PRBool)(this->SameOrigins(aCx, originChar, principals->codebase) || - IsExternalCaptureEnabled(aCx, principals)); - - delete origin; - delete originChar; - return NS_OK; -} - -PRBool -nsJSSecurityManager::IsExternalCaptureEnabled(JSContext *aCx, JSPrincipals *aPrincipals) -{ - nsJSPrincipalsData *data = (nsJSPrincipalsData*)aPrincipals; - - if (data->externalCapturePrincipalsCount == 0) { - return PR_FALSE; - } - else { - PRUint32 count = GetPrincipalsCount(aCx, aPrincipals); - return (PRBool)(data->externalCapturePrincipalsCount == count); - } -} - -NS_IMETHODIMP -nsJSSecurityManager::SetExternalCapture(JSContext *aCx, JSPrincipals *aPrincipals, PRBool aBool) -{ - nsJSPrincipalsData *data = (nsJSPrincipalsData*)aPrincipals; - - if (aBool) { - PRUint32 count = GetPrincipalsCount(aCx, aPrincipals); - data->externalCapturePrincipalsCount = count; - } else { - data->externalCapturePrincipalsCount = 0; - } - - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::CheckSetParentSlot(JSContext *aCx, JSObject *aObj, jsval *aVp, PRBool* aReturn) -{ - JSObject *newParent; - *aReturn = PR_TRUE; - - if (!JSVAL_IS_OBJECT(*aVp)) { - return NS_OK; - } - newParent = JSVAL_TO_OBJECT(*aVp); - if (newParent) { - nsString* oldOrigin = nsnull; - nsString* newOrigin = nsnull; - - GetObjectOriginURL(aCx, aObj, &oldOrigin); - if (!oldOrigin) { - return NS_ERROR_FAILURE; - } - GetObjectOriginURL(aCx, newParent, &newOrigin); - if (!newOrigin) { - delete oldOrigin; - return NS_ERROR_FAILURE; - } - if (!this->SameOrigins(aCx, oldOrigin, newOrigin)) { - delete oldOrigin; - delete newOrigin; - return NS_OK; - } - delete oldOrigin; - delete newOrigin; - } - else { - //Should only be called from window - if (JS_GetParent(aCx, aObj)) { - return NS_OK; - } - JSPrincipals *principals; - GetContainerPrincipals(aCx, aObj, &principals); - if (!principals) { - *aReturn = PR_FALSE; - return NS_ERROR_FAILURE; - } - } - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::SetDocumentDomain(JSContext *aCx, JSPrincipals *aPrincipals, - nsString* aNewDomain, PRBool* aReturn) -{ - nsJSPrincipalsData *data; - nsresult result; - - if (aNewDomain->Equals(aPrincipals->codebase)) { - *aReturn = PR_TRUE; - return NS_OK; - } - data = (nsJSPrincipalsData *) aPrincipals; - if (!data->codebaseBeforeSettingDomain) { - data->codebaseBeforeSettingDomain = aPrincipals->codebase; - } - else { - delete aPrincipals->codebase; - } - - nsString* codebaseStr; - if ((result = GetOriginFromSourceURL(aNewDomain, &codebaseStr)) != NS_OK) - return result; - - if (!codebaseStr) { - return NS_ERROR_FAILURE; - } - - aPrincipals->codebase = codebaseStr->ToNewCString(); - delete codebaseStr; - if (aPrincipals->codebase == nsnull) { - JS_ReportOutOfMemory(aCx); - *aReturn = PR_FALSE; - return NS_ERROR_FAILURE; - } - if (data->principalsArrayRef != nsnull) { - ((nsIPrincipalArray *)data->principalsArrayRef)->FreePrincipalArray(); - data->principalsArrayRef = nsnull; - } - *aReturn = PR_TRUE; - return NS_OK; -} - -NS_IMETHODIMP -nsJSSecurityManager::DestroyPrincipalsList(JSContext *aCx, nsJSPrincipalsList *aList) -{ - //early access stuff - while (aList) { - nsJSPrincipalsList *next = aList->next; - if (aList->principals) - JSPRINCIPALS_DROP(aCx, aList->principals); - PR_Free(aList); - aList = next; - } - return NS_OK; -} - -void -nsJSSecurityManager::PrintToConsole(const char *data) -{ - /* XXX: raman: We should write to JS console when it is ready */ - /* JS_PrintToConsole(data); */ - printf("%s", data); -} - - - - - -void -nsJSSecurityManager::PrintPrincipalsToConsole(JSContext *aCx, JSPrincipals *aPrincipals) -{ - nsIPrincipalArray * principalsArray; - nsIPrincipal *principal; -//cd .. char *vendor; - PRUint32 i, count; - static char emptyStr[] = "\n"; - principalsArray = (nsIPrincipalArray *)aPrincipals->getPrincipalArray(aCx, aPrincipals); - if (principalsArray == nsnull) { - PrintToConsole(emptyStr); - return; - } - PrintToConsole("[\n"); - principalsArray->GetPrincipalArraySize(& count); - for (i = 0; i < count; i++) { - principalsArray->GetPrincipalArrayElement(i, & principal); -// mCapsManager->GetVendor(principal, &vendor); -// if (vendor == nsnull) { -// JS_ReportOutOfMemory(aCx); -// return; -// } -// PrintToConsole(vendor); -// PrintToConsole(",\n"); - } - PrintToConsole("]\n"); -} - -void -nsJSSecurityManager::InvalidateCertPrincipals(JSContext *aCx, JSPrincipals *aPrincipals) -{ - nsJSPrincipalsData *data = (nsJSPrincipalsData*)aPrincipals; - - if (data->principalsArrayRef) { - PrintToConsole("Invalidating certificate principals in "); - PrintPrincipalsToConsole(aCx, aPrincipals); - ((nsIPrincipalArray *)data->principalsArrayRef)->FreePrincipalArray(); - data->principalsArrayRef = nsnull; - } - data->signedness = HAS_UNSIGNED_SCRIPTS; -} - -PRBool -nsJSSecurityManager::CanExtendTrust(JSContext *aCx, void *aFrom, void *aTo) -{ -// this code is already taken care of by nsPrivilegeManager, there is no need for the -//JSContext object, this needs to be reviewed and modified, i don't think this method -//should exist at all in this class - if (aFrom == nsnull || aTo == nsnull) { - return PR_FALSE; - } - if (aFrom == aTo) { - return PR_TRUE; - } - - PRBool canExtend; - nsIPrincipalManager * prinMan; - mCapsManager->GetPrincipalManager(& prinMan); - prinMan->CanExtendTrust((nsIPrincipalArray *)aFrom,(nsIPrincipalArray *) aTo, &canExtend); - return canExtend; -} - -PRUint32 -nsJSSecurityManager::GetPrincipalsCount(JSContext *aCx, JSPrincipals *aPrincipals) -{ -// again, why??????? -// these methods are handled by nsIPrincipalArray, get rid of duplicates - nsIPrincipalArray * principalArray; - PRUint32 count; - - principalArray = (nsIPrincipalArray *)aPrincipals->getPrincipalArray(aCx, aPrincipals); - // this check is already done in nsPrincipalArray -// if (nsnull == principalArray) return 0; - principalArray->GetPrincipalArraySize(& count); - return count; -} - -char * -nsJSSecurityManager::GetJavaCodebaseFromOrigin(const char *origin) -{ - /* Remove filename part. */ - char *result = PL_strdup(origin); - if (result) { - char *slash = PL_strrchr(result, '/'); - if (slash && slash > result && slash[-1] != '/') - slash[1] = '\0'; - } - return result; -} - - - -#ifdef DO_JAVA_STUFF -/* - -PR_PUBLIC_API(char *) -LM_LoadFromZipFile(void *zip, char *fn) -{ - struct stat st; - char* data; - - if (!ns_zip_stat((ns_zip_t *)zip, fn, &st)) { - return nsnull; - } - if ((data = malloc((size_t)st.st_size + 1)) == 0) { - return nsnull; - } - if (!ns_zip_get((ns_zip_t *)zip, fn, data, st.st_size)) { - PR_Free(data); - return nsnull; - } - data[st.st_size] = '\0'; - return data; -} - -extern char * -LM_ExtractFromPrincipalsArchive(JSPrincipals *principals, char *name, - uint *length) -{ - nsJSPrincipalsData *data = (nsJSPrincipalsData *) principals; - char *result = nsnull; - - result = LM_LoadFromZipFile(data->zip, name); - *length = result ? PL_strlen(result) : 0; - - return result; -} - -extern PRBool -LM_SetUntransformedSource(JSPrincipals *principals, char *original, - char *transformed) -{ - nsJSPrincipalsData *data = (nsJSPrincipalsData *) principals; - - NS_ASSERTION(data->untransformed == nsnull); - data->untransformed = PL_strdup(original); - if (data->untransformed == nsnull) - return PR_FALSE; - data->transformed = PL_strdup(transformed); - if (data->transformed == nsnull) - return PR_FALSE; - return PR_TRUE; -} - - -JSPrincipals * PR_CALLBACK -LM_GetJSPrincipalsFromJavaCaller(JSContext *aCx, void *principalsArray, void *pNSISecurityContext) -{ - setupJSCapsCallbacks(); - if (principalsArray == nsnull) - return nsnull; - - return newJSPrincipalsFromArray(aCx, principalsArray, pNSISecurityContext); -} - -static JSPrincipals * -newJSPrincipalsFromArray(JSContext *aCx, void *principalsArray, void *pNSISecurityContext) -{ - JSPrincipals *result; - nsIPrincipal *principal; - const char *codebase; - nsJSPrincipalsData *data; - uint32 i, count; - - setupJSCapsCallbacks(); - - count = nsCapsGetPrincipalArraySize(principalsArray); - if (count == 0) { - JS_ReportError(aCx, "No principals found for Java caller"); - return nsnull; - } - - codebase = nsnull; - for (i = count; i > 0; i--) { - principal = nsCapsGetPrincipalArrayElement(principalsArray, i-1); - if (nsCapsIsCodebaseExact(principal)) { - codebase = nsCapsPrincipalToString(principal); - break; - } - } - - result = NewJSPrincipals(nsnull, nsnull, (char *) codebase); - if (result == nsnull) { - JS_ReportOutOfMemory(aCx); - return nsnull; - } - - data = (nsJSPrincipalsData *) result; - data->principalsArrayRef = principalsArray; - data->pNSISecurityContext = pNSISecurityContext; - data->signedness = count == 1 && codebase - ? HAS_UNSIGNED_SCRIPTS - : HAS_SIGNED_SCRIPTS; - - return result; -} -*/ -#endif //DO_JAVA_STUFF - -#ifdef NEED_CANACCESSTARGETSTR -/* -int -findTarget(const char *target) -{ - int i=0; - for(i=0; iGetNativeContext(); - *aRetPrincipals = nsnull; - - if (NS_OK == aGlobal->QueryInterface(kIScriptObjectOwnerIID, (void**)&aGlobalObjOwner)) { - aGlobalObjOwner->GetScriptObject(aContext, (void**)&inner); - } - if (inner == nsnull) return NS_ERROR_FAILURE; - if (NS_OK != GetContainerPrincipals(cx, inner, &containerPrincipals)) return NS_ERROR_FAILURE; - containerData = (nsJSPrincipalsData *)containerPrincipals; - JSObject* container = inner; - if (!aName && aPrincipals != containerPrincipals && aPrincipals) { - // "name" argument omitted since it was specified when "principals" - // was created. Get it from "principals". - aName = new nsString(data->name); - } -#if 0 - implicitName = nsnull; - if (!aName && data && data->signedness == HAS_SIGNED_SCRIPTS) { - /* - * Name is unspecified. Use the implicit name formed from the - * origin URL and the ordinal within the page. For example, the - * third implicit name on http://www.co.com/dir/mypage.html - * would be "_mypage2". - */ - char * urlchars, * path, * tempchars; - urlchars = FindOriginURL(cx, inner); - if (!urlchars) return nsnull; - path = ParseURL(urlchars, GET_PATH_PART) - nsIURL * url; - nsresult rv; - NS_WITH_SERVICE(nsIComponentManager, compMan,kComponentManagerCID,&rv); - if (!NS_SUCCEEDED(rv)) return nsnull; - rv = compMan->CreateInstance(kURLCID,NULL,nsIURL::GetIID(),(void**)&url); - if (!NS_SUCCEEDED(rv)) return nsnull; - rv = url->SetSpec(urlchars); - if (!NS_SUCCEEDED(rv)) return nsnull; - url->GetPath(& path); - if (path && *path) { - char * s = PL_strrchr(path, '.'); - if (s) *s = '\0'; - s = PL_strrchr(path, '/'); - //XXXGlobalApi - implicitName = PR_sprintf_append(nsnull, "_%s%d", s ? s+1 : path, - aGlobal->signature_ordinal++); - name = implicitName; - } - PR_FREEIF(path); - delete url; - } -#endif - untransformed = nsnull; - if (data && data->untransformed && data->transformed == aSrc) { - /* Perform verification on original source. */ - aSrc = untransformed = data->untransformed; - data->untransformed = nsnull; - PR_Free(data->transformed); - data->transformed = nsnull; - } - - PR_FREEIF(untransformed); - aSrc = nsnull; - PR_FREEIF(implicitName); - aName = nsnull; - - /* - * Now that we've attempted verification, we need to set the appropriate - * level of signedness based on whether verification succeeded. - * We avoid setting signedness if principals is the same as container - * principals (i.e., we "inherited" the principals from a script earlier - * in the page) and we are not in a subcontainer of the container where - * the principals were found. In that case we will create a new set of - * principals for the inner container. - */ - if (data && !(aPrincipals == containerPrincipals && container != inner)) { - data->signedness = HAS_UNSIGNED_SCRIPTS; - } - -#ifdef EARLY_ACCESS_STUFF - /* - //XXXGlobalApi - if (verified && aGlobal->early_access_list && - !CheckEarlyAccess(cx, aGlobal, principals)) - { - return nsnull; - } - */ -#endif - - if (!verified) { - //Add pref check of "javascript.all.unsigngedExecution" - if (0) {//!GetUnsignedExecutionEnabled()) { - /* Execution of unsigned scripts disabled. Return now. */ - return NS_ERROR_FAILURE; - } - /* No cert principals; try codebase principal */ - if (!aPrincipals || aPrincipals == containerPrincipals) { - if (container == inner || - containerData->signedness == HAS_UNSIGNED_SCRIPTS) { - aPrincipals = containerPrincipals; - data = (nsJSPrincipalsData *)aPrincipals; - } - else { - /* Just put restricted principals in inner */ - nsAutoString contCodebase(containerPrincipals->codebase); - - NewJSPrincipals(nsnull, nsnull, - &contCodebase, &aPrincipals); - if (!aPrincipals) { - JS_ReportOutOfMemory(cx); - return NS_ERROR_FAILURE; - } - data = (nsJSPrincipalsData *)aPrincipals; - } - } - InvalidateCertPrincipals(cx, aPrincipals); - -#ifdef EARLY_ACCESS_STUFF - /* - //XXXGlobalApi - if (aGlobal->early_access_list && !GetCrossOriginEnabled() && - !CheckEarlyAccess(cx, aGlobal, principals)) - { - return nsnull; - } - */ -#endif - - if (container == inner) { - InvalidateCertPrincipals(cx, containerPrincipals); - - /* compare codebase principals */ - if (!this->SameOrigins(cx, containerPrincipals->codebase, - aPrincipals->codebase)) { - /* Codebases don't match; evaluate under different - principals than container */ - *aRetPrincipals = aPrincipals; - return NS_OK; - } - /* Codebases match */ - *aRetPrincipals = containerPrincipals; - return NS_OK; - } - - /* Just put restricted principals in inner */ - SetContainerPrincipals(cx, inner, aPrincipals); - *aRetPrincipals = aPrincipals; - return NS_OK; - } - - if (!PrincipalsEqual(cx, aPrincipals, containerPrincipals)) { - /* We have two unequal sets of principals. */ - if (containerData->signedness == HAS_NO_SCRIPTS && - this->SameOrigins(cx, aPrincipals->codebase, - containerPrincipals->codebase)) { - /* - * Principals are unequal because we have container principals - * carrying only a codebase, and the principals of this script - * that carry cert principals as well. - */ - SetContainerPrincipals(cx, container, aPrincipals); - *aRetPrincipals = aPrincipals; - return NS_OK; - } - if (inner == container) { - if (containerData->signedness == HAS_NO_SCRIPTS) { - SetContainerPrincipals(cx, container, aPrincipals); - *aRetPrincipals = aPrincipals; - return NS_OK; - } - /* - * Intersect principals and container principals, - * modifying the container principals. - */ - PrintToConsole("Intersecting principals "); - PrintPrincipalsToConsole(cx, containerPrincipals); - PrintToConsole("with "); - PrintPrincipalsToConsole(cx, aPrincipals); - if (!IntersectPrincipals(cx, containerPrincipals, - aPrincipals)) { - return NS_OK; - } - PrintToConsole("yielding "); - PrintPrincipalsToConsole(cx, containerPrincipals); - } - else { - /* - * Store the disjoint set of principals in the - * innermost container - */ - SetContainerPrincipals(cx, inner, aPrincipals); - *aRetPrincipals = aPrincipals; - return NS_OK; - } - - } - *aRetPrincipals = containerPrincipals; - return NS_OK; -} - -#if 0 -NS_IMETHODIMP -nsJSSecurityManager::CheckURI(nsString *uri, nsIURI *base, PRBool checkFile, - PRBool *isOkay) -{ - *isOkay = PR_TRUE; - return NS_OK; - - // TODO: Perform checks on uri - nsresult result; - nsIURI *url; - char *str; - - if (!NS_SUCCEEDED(result = NS_NewURI(&url, *uri))) - return result; - if (!NS_SUCCEEDED(result = url->GetProtocol(&str))) - return result; // TODO: what happens if no protocol? -#endif - -#if 0 - // Old 4.x code - const char * - lm_CheckURL(JSContext *cx, const char *url_string, JSBool checkFile) - { - char *protocol, *absolute; - JSObject *obj; - MochaDecoder *decoder; - - protocol = NET_ParseURL(url_string, GET_PROTOCOL_PART); - if (!protocol || *protocol == '\0' || XP_STRCHR(protocol, '?')) { - lo_TopState *top_state; - - obj = JS_GetGlobalObject(cx); - decoder = JS_GetPrivate(cx, obj); - - LO_LockLayout(); - top_state = lo_GetMochaTopState(decoder->window_context); - if (top_state && top_state->base_url) { - absolute = NET_MakeAbsoluteURL(top_state->base_url, - (char *)url_string); /*XXX*/ - /* - * Temporarily unlock layout so that we don't hold the lock - * across a call (lm_CheckPermissions) that may result in - * synchronous event handling. - */ - LO_UnlockLayout(); - if (!lm_CheckPermissions(cx, obj, JSTARGET_UNIVERSAL_BROWSER_READ)) - { - /* Don't leak information about the url of this page. */ - XP_FREEIF(absolute); - return NULL; - } - LO_LockLayout(); - } else { - absolute = NULL; - } - if (absolute) { - if (protocol) XP_FREE(protocol); - protocol = NET_ParseURL(absolute, GET_PROTOCOL_PART); - } - LO_UnlockLayout(); - } else { - absolute = JS_strdup(cx, url_string); - if (!absolute) { - XP_FREE(protocol); - return NULL; - } - decoder = NULL; - } - - if (absolute) { - - /* Make sure it's a safe URL type. */ - switch (NET_URL_Type(protocol)) { - case FILE_TYPE_URL: - if (checkFile) { - const char *subjectOrigin = lm_GetSubjectOriginURL(cx); - if (subjectOrigin == NULL) { - XP_FREE(protocol); - return NULL; - } - if (NET_URL_Type(subjectOrigin) != FILE_TYPE_URL && - !lm_CanAccessTarget(cx, JSTARGET_UNIVERSAL_FILE_READ)) - { - XP_FREE(absolute); - absolute = NULL; - } - } - break; - case FTP_TYPE_URL: - case GOPHER_TYPE_URL: - case HTTP_TYPE_URL: - case MAILTO_TYPE_URL: - case NEWS_TYPE_URL: - case RLOGIN_TYPE_URL: - case TELNET_TYPE_URL: - case TN3270_TYPE_URL: - case WAIS_TYPE_URL: - case SECURE_HTTP_TYPE_URL: - case URN_TYPE_URL: - case NFS_TYPE_URL: - case MOCHA_TYPE_URL: - case VIEW_SOURCE_TYPE_URL: - case NETHELP_TYPE_URL: - case WYSIWYG_TYPE_URL: - case LDAP_TYPE_URL: - #ifdef JAVA - /* DHIREN */ - case MARIMBA_TYPE_URL: - /* ~DHIREN */ - #endif - /* These are "safe". */ - break; - case ABOUT_TYPE_URL: - if (XP_STRCASECMP(absolute, "about:blank") == 0) - break; - if (XP_STRNCASECMP(absolute, "about:pics", 10) == 0) - break; - /* these are OK if we are signed */ - if (lm_CanAccessTarget(cx, JSTARGET_UNIVERSAL_BROWSER_READ)) - break; - /* FALL THROUGH */ - default: - /* All others are naughty. */ - /* XXX signing - should we allow these for signed scripts? */ - XP_FREE(absolute); - absolute = NULL; - break; - } - } - - if (!absolute) { - JS_ReportError(cx, "illegal URL method '%s'", - protocol && *protocol ? protocol : url_string); - } - if (protocol) - XP_FREE(protocol); - return absolute; - } - -} -#endif - -#ifdef EARLY_ACCESS_STUFF -/* -PRBool -nsJSSecurityManager::CheckEarlyAccess(JSContext* aCx, JSPrincipals *aPrincipals) -{ - nsJSPrincipalsData *data; - JSPrincipalsList *p; - PRBool ok; - - data = (nsJSPrincipalsData*)aPrincipals; - ok = PR_TRUE; - - for (p = (JSPrincipalsList *) decoder->early_access_list; p; p = p->next) { - if (data->signedness == HAS_SIGNED_SCRIPTS) { - if (!CanExtendTrust(aCx, - aPrincipals->getPrincipalArray(aCx, aPrincipals), - p->principals->getPrincipalArray(aCx, p->principals))) { - JS_ReportError(aCx, container_error_message, - p->principals->codebase); - ok = PR_FALSE; - break; - } - } - else { - if (!SameOrigins(aCx, p->principals->codebase, - aPrincipals->codebase)) { - // Check to see if early access violated the cross-origin - // container check. - JS_ReportError(aCx, access_error_message, - p->principals->codebase); - ok = PR_FALSE; - break; - } - } - } - DestroyPrincipalsList(aCx, decoder->early_access_list); - decoder->early_access_list = nsnull; - return ok; -} -*/ -#endif - -/* - * Compute the intersection of "principals" and "other", saving in - * "principals". Return true iff the intersection is nonnsnull. - */ -PRBool -nsJSSecurityManager::IntersectPrincipals(JSContext *aCx, JSPrincipals *aPrincipals, JSPrincipals *aNewPrincipals) -{ - nsJSPrincipalsData* data = (nsJSPrincipalsData*)aPrincipals; - nsJSPrincipalsData* newData = (nsJSPrincipalsData*)aNewPrincipals; - - NS_ASSERTION(data->signedness != HAS_NO_SCRIPTS, "Signed page with no scripts"); - NS_ASSERTION(newData->signedness != HAS_NO_SCRIPTS, "Signed page with no scripts"); - - if (!this->SameOrigins(aCx, aPrincipals->codebase, aNewPrincipals->codebase)) { - delete aPrincipals->codebase; - aPrincipals->codebase = gUnknownOriginStr.ToNewCString(); - if (aPrincipals->codebase == nsnull) { - return PR_FALSE; - } - } - - if (data->signedness == HAS_UNSIGNED_SCRIPTS || - newData->signedness == HAS_UNSIGNED_SCRIPTS) { - // No cert principals. Nonempty only if there is a codebase - // principal. - InvalidateCertPrincipals(aCx, aPrincipals); - return PR_TRUE; - } - // Compute the intersection. - nsIPrincipalArray * principalArray = (nsIPrincipalArray *)aPrincipals->getPrincipalArray(aCx, aPrincipals); - nsIPrincipalArray * newPrincipalArray = (nsIPrincipalArray *)aNewPrincipals->getPrincipalArray(aCx, aNewPrincipals); - if (principalArray == nsnull || newPrincipalArray == nsnull) { - InvalidateCertPrincipals(aCx, aPrincipals); - return PR_TRUE; - } - - nsIPrincipalArray * intersectArray; - principalArray->IntersectPrincipalArray(newPrincipalArray, & intersectArray); - if (nsnull == intersectArray) { - InvalidateCertPrincipals(aCx, aPrincipals); - return PR_TRUE; - } - - data->principalsArrayRef = intersectArray; - return PR_TRUE; -} - -PRBool -nsJSSecurityManager::PrincipalsEqual(JSContext *aCx, JSPrincipals *aPrinA, JSPrincipals *aPrinB) -{ - if (aPrinA == aPrinB) - return PR_TRUE; - - nsJSPrincipalsData *dataA, *dataB; - dataA = (nsJSPrincipalsData*)aPrinA; - dataB = (nsJSPrincipalsData*)aPrinB; - - if (dataA->signedness != dataB->signedness) - return PR_FALSE; - - nsIPrincipalArray * arrayA = (nsIPrincipalArray *)aPrinA->getPrincipalArray(aCx, aPrinA); - nsIPrincipalArray * arrayB = (nsIPrincipalArray *)aPrinB->getPrincipalArray(aCx, aPrinB); - - PRInt16 comparisonType; - arrayA->ComparePrincipalArray(arrayB, & comparisonType); - return (PRBool)(nsIPrincipalArray::SetComparisonType_Equal == comparisonType); -} - -/******************************************************************************* - * Glue code for JS stack crawling callbacks - ******************************************************************************/ - - - - - -/** - * nsICapsSecurityCallbacks interface - */ - - - -/* Get the site-specific policy associated with object origin org. */ -char * -nsJSSecurityManager::GetSitePolicy(const char *org) -{ - char *sitepol; - char *sp; - char *nextsp; - char *orghost = 0; - char *retval = 0; - char *prot; - int splen; - char *bar; - char *end; - char *match = 0; - int matlen; - - if (NS_OK != mPrefs->CopyCharPref("js_security.site_policy", &sitepol)) { - return 0; - } - - /* Site policy comprises text of the form - * site1-policy,site2-policy,...,siteNpolicy - * where each site-policy is - * site|policy - * and policy is presumed to be one of strict/moderate/default - * site may be either a URL or a hostname. In the former case - * we do a prefix match with the origin URL; in the latter case - * we just compare hosts. - */ - - /* Process entry by entry. Take longest match, to account for - * cases like: - * http://host/|moderate,http://host/dir/|strict - */ - for (sp = sitepol; sp != 0; sp = nextsp) { - if ((nextsp = strchr(sp, ',')) != 0) { - *nextsp++ = '\0'; - } - - if ((bar = strchr(sp, '|')) == 0) { - continue; /* no | for this entry */ - } - *bar = '\0'; - - /* Isolate host, then policy. */ - sp += strspn(sp, " "); /* skip leading spaces */ - end = sp + strcspn(sp, " |"); /* skip up to space or | */ - *end = '\0'; - if ((splen = end-sp) == 0) { - continue; /* no URL or hostname */ - } - - /* Check whether this is long enough. */ - if (match != 0 && matlen >= splen) { - continue; /* Nope. New shorter than old. */ - } - - /* Check which case, URL or hostname, we're dealing with. */ - if ((prot = ParseURL(sp, GET_PROTOCOL_PART)) != 0 && *prot != '\0') { - /* URL case. Do prefix match, make sure we're at proper boundaries. */ - if (PL_strncmp(org, sp, splen) != 0 || (org[splen] != '\0' /* exact match */ - && sp[splen-1] != '/' /* site policy ends with / */ - && org[splen] != '/' /* site policy doesn't, but org does */ - )) { - PR_Free(prot); - continue; /* no match */ - } - } - else { - /* Host-only case. */ - PR_FREEIF(prot); - - if (orghost == 0 && (orghost = ParseURL(org, GET_HOST_PART)) == 0) { - return 0; /* out of mem */ - } - if (PL_strcasecmp(orghost, sp) != 0) { - continue; /* no match */ - } - } - /* Had a match. Remember policy and length of host/URL match. */ - match = bar; - matlen = splen; - } - - if (match != 0) { - /* Longest hostname or URL match. Get policy. - ** match points to |. - ** Skip spaces after | and after policy name. - */ - ++match; - sp = match + strspn(match, " "); - end = sp + strcspn(sp, " "); - *end = '\0'; - if (sp != end) { - retval = PL_strdup(sp); - } - } - - PR_FREEIF(orghost); - PR_FREEIF(sitepol); - return retval; -} - -static const char* continue_on_violation = "continue_on_access_violation"; - -JSBool -nsJSSecurityManager::ContinueOnViolation(JSContext *cx, int pref_code) -{ - PRBool cont; - - char *pref_str; - - pref_str = (char*)continue_on_violation; - pref_str = AddSecPolicyPrefix(cx, pref_str); - if (pref_str == NULL) { - return JS_TRUE; - } - - mPrefs->GetBoolPref(pref_str, &cont); - - if(cont) { - return JS_TRUE; - } - - return JS_FALSE; -} - -/* Check named property for access; if fail, check for - * permission to continue from violation. - * Arguments: - * priv_code privilege: LM_PRIV_READONLY or LM_PRIV_READWRITE - * pref_code prefix for continuation - * (arg. to lm_ContinueOnViolation) - * Returns: - * LM_PRIV_OK if access okay - * JS_TRUE if access denied, but continuation (interpretation) okay - * JS_FALSE if access denied, continuation denied - */ -JSBool -nsJSSecurityManager::CheckForPrivilegeContinue(JSContext *cx, char *prop_name, int priv_code, int pref_code) -{ - if (CheckForPrivilege(cx, prop_name, priv_code) == JS_TRUE) { - return JS_TRUE; - } - - //JS_ReportError(cx, "Access denied: Cannot %s %s", - // priv_code == LM_PRIV_READONLY ? "read" : "write", prop_name); - - return ContinueOnViolation(cx, pref_code); -} - -//def'ing ACL stuff for the moment. -#if 0 -/* -static JSObject * -getObjectDocument(JSContext *cx, JSObject *container) -{ - while(container) { - - if(JS_InstanceOf(cx, container, &lm_layer_class, 0)) { - return lm_GetLayerDocument(cx, container); - } else if (JS_InstanceOf(cx, container, &lm_window_class, 0)) { - MochaDecoder *decoder = JS_GetInstancePrivate(cx, container, - &lm_window_class, NULL); - - return decoder? decoder->document: NULL; - } - - container = JS_GetParent(cx, container); - } - return NULL; -} - -// Get ACL for obj. If there's an explicit ACL, return it. -// Otherwise, return the implicit ACL. -char * -lm_GetObjectACL(JSContext *cx, JSObject *obj) -{ - JSDocument *doc; - char *acl; - char *doc_str; - char *slash; - - fprintf(stderr, "in lm_GetObjectACL\n"); - - // Get/check explicit value. - doc = JS_GetPrivate(cx, getObjectDocument(cx, obj)); - doc_str = lm_GetDocACLName(doc); - fprintf(stderr, "*#*#*#*#* doc = %s #*#*#*#*\n", doc_str); - if (PREF_CopyCharPref(doc_str, &acl) != PREF_OK) - acl = 0; - PR_FREEIF(doc_str); - - if (acl == 0) { - // Get the default value - acl = lm_GetObjectOriginURL(cx, obj); - if (acl == 0 || PL_strcmp(acl, lm_unknown_origin_str) == 0 -#if 0 // ??? - || (PL_strlen(origin) <= 1) -#else // there really seem to be such! - || acl[0] == '\0' -#endif - ) - return NULL; - - fprintf(stderr, "--> OOORRRIIIGGGIIINNN %s\n", acl); - fflush(stderr); - - // Default ACL for object is protocol://host[:port]. - acl = ParseURL(acl, GET_PROTOCOL_PART | GET_HOST_PART); - } - - fprintf(stderr, "ACL -> %s\n", acl); - fflush(stderr); - - return acl; -} - -static JSBool -CheckTrustedHosts(JSContext *cx, char *subjectOriginURL, char *objectOriginURL) -{ - int i, j, k; - int acl_len; - const char *subjectOriginDomain, *objectOriginDomain; - char *hostlist; - const char objectHostList[1024]; - char substr[1024]; - JSBool no_match = JS_FALSE; - - // Get the domain of the subject origin - - subjectOriginDomain = getCanonicalizedOrigin(cx, subjectOriginURL); - - fprintf(stderr, "Subject Origin Domain - %s, ", subjectOriginDomain); - - objectOriginDomain = getCanonicalizedOrigin(cx, objectOriginURL); - - fprintf(stderr, "Object Origin Domain - %s\n", objectOriginDomain); - - hostlist = AddSecPolicyPrefix(cx, "trusted_domain_pair"); - - if(hostlist[0] == '\0') { - return JS_TRUE; - } - - acl_len = sizeof(objectHostList); - PR_BZERO(objectHostList, acl_len); - PREF_GetCharPref(hostlist, objectHostList, &acl_len); - - acl_len = PL_strlen(objectHostList); - j = k = 0; - while(j < acl_len) { - k++; - PR_BZERO(substr, 1024); - - for(i = 0; (j < acl_len) && (objectHostList[j] != ','); j++) { - if(!isspace(objectHostList[j])) { - substr[i++] = objectHostList[j]; - } - } - - if(k % 2) { - if(PL_strcmp(substr, subjectOriginDomain)) { - no_match = JS_FALSE; - continue; - } - } else if(no_match) { - continue; - } - - // Remove trailing '/' - if(substr[i-1] == '/') - i--; - - substr[i] = '\0'; - - if(PL_strcmp(objectOriginDomain, substr) == 0) - return JS_TRUE; - - - while(j < acl_len && (objectHostList[j] == ',' || isspace(objectHostList[j]))) - j++; - - } - - return JS_FALSE; -} - -JSBool -lm_CheckACL(JSContext *cx, JSObject *obj, JSTarget target) -{ - const char *sOrigin; - const char *objectACL; - const char *oOrigin; - char *acl; - char *subj; - char *subjhost = 0; - char *slash; - char *aclmem, *nextmem; - JSBool allow = JS_FALSE; - - fprintf(stderr, "in lm_CheckACL\n"); - - // Get the ACL associated with the object(document). - if ((objectACL = lm_GetObjectACL(cx, obj)) == 0) - return JS_TRUE; // unrestricted access (??) - - // Get the subject origin. - sOrigin = lm_GetSubjectOriginURL(cx); - - // Object is always on its own ACL. - oOrigin = lm_GetObjectOriginURL(cx, obj); - if (PL_strcmp(sOrigin, oOrigin) == 0) { - allow = JS_TRUE; - goto done; - } - - fprintf(stderr, "-- subj: %s\n-- obj ACL: %s\n", sOrigin, objectACL); - - // Now, check whether sOrigin is part of objectACL. - // Walk through space-separated elements of ACL, doing prefix match - // of ACL member against sOrigin. - - // First strip last part of sOrigin path. - subj = ParseURL(sOrigin, GET_PROTOCOL_PART | GET_HOST_PART | GET_PATH_PART); - if ((slash = PL_strrchr(subj, '/')) != 0) - *slash = '\0'; - acl = PL_strdup(objectACL); - - // Walk through the ACL to see whether the subject host/URL is in - // the ACL. There are two styles of check: - // - if the ACL member is a pure host; check for match against - // host in subject URL. - // - otherwise, do pure prefix string match. - // Determine whether the member is a pure host by whether it does or - // does not have a protocol specified. - // - for (aclmem = acl; aclmem != 0; aclmem = nextmem) { - int memlen; - char *prot; - - // Chop up list, trim leading spaces. - if ((nextmem = PL_strchr(aclmem, ' ')) != 0) - *nextmem++ = '\0'; - aclmem += strspn(aclmem, " "); - memlen = PL_strlen(aclmem); - - // Decide which case we've got. - if ((prot = ParseURL(aclmem, GET_PROTOCOL_PART)) != 0 && *prot != '\0') { - // URL case. Do prefix match, make sure we're at proper boundaries. - if ( PL_strncmp(subj, aclmem, memlen) == 0 - && ( subj[memlen] == '\0' // exact match - || aclmem[memlen-1] == '/' // ACL ends with / - || subj[memlen] == '/' // ACL doesn't, but subj starts - ) - ) { - allow = JS_TRUE; - PR_Free(prot); - break; - } - } - else { - // Host-only case. - PR_FREEIF(prot); - if (subjhost == 0) - subjhost = ParseURL(sOrigin, GET_HOST_PART); - if ((allow = (PL_strcasecmp(subjhost, aclmem) == 0)) != 0) - break; - } - } - - PR_FREEIF(subjhost); - - if(allow == JS_FALSE) { - char *err_mesg = - PR_smprintf("Access disallowed from scripts at %s to documents at %s", - sOrigin, lm_GetObjectOriginURL(cx,obj)); - JS_ReportError(cx, err_mesg); - PR_FREEIF(err_mesg); - } - - PR_FREEIF(subj); - PR_FREEIF(acl); - -done:; - fprintf(stderr, "-- returns %s\n", allow == JS_TRUE ? "true" : "false"); - return allow; -} - -char * -lm_NotifyUserAboutACLExpansion(JSContext *cx) -{ - int i, j; - int uhl_len; - const char *subjectOriginDomain; - char substr[1024]; - char *pref; - char untrustedHostsBuf[1024]; - - pref = AddSecPolicyPrefix(cx, "untrusted_host"); - - if(pref == NULL) - return NULL; - - uhl_len = sizeof(untrustedHostsBuf); - PR_BZERO(untrustedHostsBuf, uhl_len); - PREF_GetCharPref(pref, untrustedHostsBuf, &uhl_len); - PR_FREEIF(pref); - - if(!untrustedHostsBuf[0]) - return NULL; - - // Get the domain of the subject origin - - subjectOriginDomain = getCanonicalizedOrigin(cx, lm_GetSubjectOriginURL(cx)); - - fprintf(stderr, "subjectDomain - %s, \n", subjectOriginDomain); - - // Now, check whether subjectOriginDomain - // is part of untrustedHostsBuf - uhl_len = PL_strlen(untrustedHostsBuf); - j = 0; - while(j < uhl_len) { - PR_BZERO(substr, 1024); - - for(i = 0; (j < uhl_len) && (untrustedHostsBuf[j] != ','); j++) { - if(!isspace(untrustedHostsBuf[j])) { - substr[i++] = untrustedHostsBuf[j]; - } - } - - // Remove trailing '/' - if(substr[i-1] == '/') - i--; - - substr[i] = '\0'; - - if(PL_strcmp(substr, subjectOriginDomain) == 0) { - char *message_str = PR_smprintf("Script from untrusted domain: %s trying to expand ACL\n Allow?", subjectOriginDomain); - return message_str; - } - - fprintf(stderr, "lm_NotifyUserAboutACLExpansion: substr - %s, \n", substr); - - while((j < uhl_len) && - (untrustedHostsBuf[j] == ',' || isspace(untrustedHostsBuf[j]))) { - j++; - } - - } - - return NULL; -} - -JSBool -lm_CheckPrivateTag(JSContext *cx, JSObject *obj, jsval id) -{ - char *name; - const char *subjectOrigin, *objectOrigin; - JSObject *parent; - - if(!JSVAL_IS_INT(id)) - return JS_FALSE; - - fprintf(stderr, "Inside lm_CheckPrivateTag, id %d\n", JSVAL_TO_INT(id)); - - // May be in a layer loaded from a different origin. - subjectOrigin = lm_GetSubjectOriginURL(cx); - objectOrigin = lm_GetObjectOriginURL(cx, obj); - - // If the subjectURL and objectURL don't match, stop here - if ( subjectOrigin != 0 - && objectOrigin != 0 - && PL_strcmp(subjectOrigin, objectOrigin) == 0 - && PL_strcmp(subjectOrigin, lm_unknown_origin_str) != 0 - ) - return JS_FALSE; - - // Check for private tag by examining object, then its ancestors. - name = lm_GetPrivateName_slot(JSVAL_TO_INT(id)); - - for (parent = obj; parent != 0; parent = JS_GetParent(cx, obj)) { - jsval val; - - fprintf(stderr, "(((( %s ))))\n", name); - - if ( JS_GetProperty(cx, obj, name, &val) - && val != JSVAL_VOID - && JSVAL_TO_BOOLEAN(val) == JS_TRUE - ) { - JS_ReportError(cx, "Cannot access private property"); - return JS_TRUE; - } - - // Now check for private tag on composite objects - obj = parent; - PR_Free(name); - name = lm_GetPrivateName_obj(obj); - } - PR_Free(name); - return JS_FALSE; -} -*/ -#endif //def'ing out ACL code. - - - - -#endif - diff --git a/mozilla/dom/src/base/nsJSSecurityManager.h b/mozilla/dom/src/base/nsJSSecurityManager.h deleted file mode 100644 index 911dfb25fd4..00000000000 --- a/mozilla/dom/src/base/nsJSSecurityManager.h +++ /dev/null @@ -1,150 +0,0 @@ -/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- -* -* The contents of this file are subject to the Netscape Public License -* Version 1.0 (the "NPL"); you may not use this file except in -* compliance with the NPL. You may obtain a copy of the NPL at -* http://www.mozilla.org/NPL/ -* -* Software distributed under the NPL is distributed on an "AS IS" basis, -* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL -* for the specific language governing rights and limitations under the -* NPL. -* -* The Initial Developer of this code under the NPL is Netscape -* Communications Corporation. Portions created by Netscape are -* Copyright (C) 1998 Netscape Communications Corporation. All Rights -* Reserved. -*/ -#ifndef nsJSSecurityManager_h___ -#define nsJSSecurityManager_h___ - -#include "nsIScriptContext.h" -#include "jsapi.h" -#include "jsdbgapi.h" -#include "nsIXPCSecurityManager.h" -#include "nsIScriptSecurityManager.h" -#include "nsICapsSecurityCallbacks.h" -#include "nsICapsManager.h" -class nsIPref; - -typedef struct nsJSFrameIterator { - JSStackFrame *fp; - JSContext *cx; - void *intersect; - PRBool sawEmptyPrincipals; -} nsJSFrameIterator; - -typedef struct nsFrameWrapper { - void *iterator; -} nsFrameWrapper; - -typedef struct nsJSPrincipalsList { - JSPrincipals *principals; - struct nsJSPrincipalsList *next; -} nsJSPrincipalsList; - -enum Signedness { - HAS_NO_SCRIPTS, - HAS_UNSIGNED_SCRIPTS, - HAS_SIGNED_SCRIPTS -}; - -typedef struct nsJSPrincipalsData { - JSPrincipals principals; - void* principalsArrayRef; - nsIURI *url; - char* name; - void* zip; - uint32 externalCapturePrincipalsCount; - nsString* untransformed; - nsString* transformed; - PRBool needUnlock; - char* codebaseBeforeSettingDomain; - enum Signedness signedness; - void* pNSISecurityContext; -} nsJSPrincipalsData; - -class nsJSSecurityManager : //public nsICapsSecurityCallbacks, - public nsIXPCSecurityManager { -public: - nsJSSecurityManager(); - virtual ~nsJSSecurityManager(); - - NS_DECL_ISUPPORTS - -#if 0 - //nsICapsSecurityCallbacks interface - NS_IMETHOD NewNSJSJavaFrameWrapper(void *aContext, struct nsFrameWrapper ** aWrapper); - NS_IMETHOD FreeNSJSJavaFrameWrapper(struct nsFrameWrapper *aWrapper); - NS_IMETHOD GetStartFrame(struct nsFrameWrapper *aWrapper); - NS_IMETHOD IsEndOfFrame(struct nsFrameWrapper *aWrapper, PRBool* aReturn); - NS_IMETHOD IsValidFrame(struct nsFrameWrapper *aWrapper, PRBool* aReturn); - NS_IMETHOD GetNextFrame(struct nsFrameWrapper *aWrapper, int *aDepth, void** aReturn); - NS_IMETHOD OJIGetPrincipalArray(struct nsFrameWrapper *aWrapper, void** aReturn); - NS_IMETHOD OJIGetAnnotation(struct nsFrameWrapper *aWrapper, void** aReturn); - NS_IMETHOD OJISetAnnotation(struct nsFrameWrapper *aWrapper, void *aPrivTable, void** aReturn); -#endif - - //nsIXPCSecurityManager interface - NS_IMETHOD CanCreateWrapper(JSContext * aJSContext, const nsIID & aIID, nsISupports *aObj); - NS_IMETHOD CanCreateInstance(JSContext * aJSContext, const nsCID & aCID); - NS_IMETHOD CanGetService(JSContext * aJSContext, const nsCID & aCID); - NS_IMETHOD CanCallMethod(JSContext * aJSContext, const nsIID & aIID, nsISupports *aObj, nsIInterfaceInfo *aInterfaceInfo, - PRUint16 aMethodIndex, const jsid aName); - NS_IMETHOD CanGetProperty(JSContext * aJSContext, const nsIID & aIID, nsISupports *aObj, nsIInterfaceInfo *aInterfaceInfo, - PRUint16 aMethodIndex, const jsid aName); - NS_IMETHOD CanSetProperty(JSContext * aJSContext, const nsIID & aIID, nsISupports *aObj, nsIInterfaceInfo *aInterfaceInfo, - PRUint16 aMethodIndex, const jsid aName); - -#if 0 - NS_IMETHOD GetCompilationPrincipals(nsIScriptContext *aContext, nsIScriptGlobalObject* aGlobal, - JSPrincipals *aLayoutPrincipals, JSPrincipals** aPrincipals); - NS_IMETHOD CheckContainerAccess(JSContext *aCx, JSObject *aObj, PRInt16 aTarget, PRBool* aReturn); - NS_IMETHOD SetContainerPrincipals(JSContext *aCx, JSObject *aContainer, JSPrincipals* aPrincipals); - NS_IMETHOD CanCaptureEvent(JSContext *aCx, JSFunction *aFun, JSObject *aEventTarget, PRBool* aReturn); - NS_IMETHOD SetExternalCapture(JSContext *aCx, JSPrincipals* aPrincipals, PRBool aBool); - NS_IMETHOD CheckSetParentSlot(JSContext *aCx, JSObject *aObj, jsval *vp, PRBool* aReturn); - NS_IMETHOD SetDocumentDomain(JSContext *aCx, JSPrincipals *principals, - nsString* newDomain, PRBool* aReturn); - NS_IMETHOD DestroyPrincipalsList(JSContext *aCx, nsJSPrincipalsList *list); - //XXX From include/libmocha.h - NS_IMETHOD RegisterPrincipals(nsIScriptContext *aContext, nsIScriptGlobalObject* aGlobal, JSPrincipals *aPrincipals, - nsString* aName, nsString* aSrc, JSPrincipals** aRetPrincipals); - -#ifdef DO_JAVA_STUFF - NS_IMETHOD ExtractFromPrincipalsArchive(JSPrincipals *aPrincipals, char *aName, uint *aLength, char** aReturn); - NS_IMETHOD SetUntransformedSource(JSPrincipals *principals, char *original, char *transformed, PRBool* aReturn); - NS_IMETHOD GetJSPrincipalsFromJavaCaller(JSContext *aCx, void *principalsArray, void *pNSISecurityContext, JSPrincipals** aPrincipals); -#endif -#if 0 - NS_IMETHOD CanAccessTargetStr(JSContext *aCx, const char *target, PRBool* aReturn); -#endif -#endif -private: - nsIPref* mPrefs; - PRBool PrincipalsCanAccessTarget(JSContext *cx, short target); - nsJSFrameIterator* NewJSFrameIterator(void *aContext); - PRBool NextJSFrame(struct nsJSFrameIterator **aIterator); - PRBool NextJSJavaFrame(struct nsJSFrameIterator *aIterator); -#if 0 - void PrintToConsole(const char *data); - void PrintPrincipalsToConsole(JSContext *cx, JSPrincipals *principals); - PRUint32 GetPrincipalsCount(JSContext *aCx, JSPrincipals *aPrincipals); - void InvalidateCertPrincipals(JSContext *cx, JSPrincipals *principals); -#ifdef EARLY_ACCESS_STUFF - PRBool CheckEarlyAccess(MochaDecoder *decoder, JSPrincipals *principals); -#endif - PRBool IntersectPrincipals(JSContext *aCx, JSPrincipals *principals, - JSPrincipals *newPrincipals); - PRBool PrincipalsEqual(JSContext *aCx, JSPrincipals *aA, JSPrincipals *aB); - - PRBool IsExternalCaptureEnabled(JSContext *cx, JSPrincipals *principals); - PRBool CanExtendTrust(JSContext *cx, void *from, void *to); - char* GetJavaCodebaseFromOrigin(const char *origin); - JSBool ContinueOnViolation(JSContext *cx, int pref_code); - JSBool CheckForPrivilegeContinue(JSContext *cx, char *prop_name, int priv_code, int pref_code); - nsICapsManager * mCapsManager; -#endif -}; - -#endif /* nsJSSecurityManager_h___ */ diff --git a/mozilla/layout/base/public/nsIDocument.h b/mozilla/layout/base/public/nsIDocument.h index 67032c4f60c..0198c465f04 100644 --- a/mozilla/layout/base/public/nsIDocument.h +++ b/mozilla/layout/base/public/nsIDocument.h @@ -53,6 +53,7 @@ class nsILineBreaker; class nsIWordBreaker; class nsIDOMSelection; class nsIChannel; +class nsIPrincipal; // IID for the nsIDocument interface #define NS_IDOCUMENT_IID \ @@ -108,6 +109,11 @@ public: */ virtual nsIURI* GetDocumentURL() const = 0; + /** + * Return the principal responsible for this document. + */ + virtual nsIPrincipal* GetDocumentPrincipal() const = 0; + /** * Return the LoadGroup for the document. May return null. */ diff --git a/mozilla/layout/base/src/nsDocument.cpp b/mozilla/layout/base/src/nsDocument.cpp index bfa0c822f4c..49d153a7f4a 100644 --- a/mozilla/layout/base/src/nsDocument.cpp +++ b/mozilla/layout/base/src/nsDocument.cpp @@ -891,6 +891,7 @@ nsDocument::Reset(nsIURI *aURL) #ifdef NECKO (void)aChannel->GetURI(&mDocumentURL); + aChannel->GetPrincipal(&mPrincipal); // (void)aChannel->GetLoadGroup(&mDocumentLoadGroup); mDocumentLoadGroup = aLoadGroup; NS_ADDREF(mDocumentLoadGroup); @@ -939,6 +940,12 @@ nsIURI* nsDocument::GetDocumentURL() const return mDocumentURL; } +nsIPrincipal* nsDocument::GetDocumentPrincipal() const +{ + NS_IF_ADDREF(mPrincipal); + return mPrincipal; +} + NS_IMETHODIMP nsDocument::GetContentType(nsString& aContentType) const { diff --git a/mozilla/layout/base/src/nsDocument.h b/mozilla/layout/base/src/nsDocument.h index ab549013c45..739fd7c7c1a 100644 --- a/mozilla/layout/base/src/nsDocument.h +++ b/mozilla/layout/base/src/nsDocument.h @@ -32,6 +32,7 @@ #include "nsIJSScriptObject.h" #include "nsIContent.h" #include "nsGenericDOMNodeList.h" +#include "nsIPrincipal.h" class nsIEventListenerManager; class nsDOMStyleSheetCollection; @@ -134,6 +135,11 @@ public: */ virtual nsIURI* GetDocumentURL() const; + /** + * Return the principal responsible for this document. + */ + virtual nsIPrincipal* GetDocumentPrincipal() const; + /** * Return the content (mime) type of this document. */ @@ -449,6 +455,7 @@ protected: nsIArena* mArena; nsString* mDocumentTitle; nsIURI* mDocumentURL; + nsIPrincipal* mPrincipal; nsILoadGroup* mDocumentLoadGroup; nsString mCharacterSet; nsIDocument* mParentDocument; diff --git a/mozilla/layout/events/src/nsEventListenerManager.cpp b/mozilla/layout/events/src/nsEventListenerManager.cpp index 29796e9795a..9c02cb960fb 100644 --- a/mozilla/layout/events/src/nsEventListenerManager.cpp +++ b/mozilla/layout/events/src/nsEventListenerManager.cpp @@ -433,8 +433,8 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte JSObject *mScriptObject; nsIScriptGlobalObject *global; nsIScriptGlobalObjectData *globalData; - nsIPrincipal * prin = nsnull; - JSPrincipals * jsprin = nsnull; + nsIPrincipal *prin = nsnull; + JSPrincipals *jsprin = nsnull; global = aContext->GetGlobalObject(); if (global && NS_SUCCEEDED(global->QueryInterface(kIScriptGlobalObjectDataIID, (void**)&globalData))) { if (NS_FAILED(globalData->GetPrincipal(& prin))) { @@ -442,12 +442,12 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte NS_RELEASE(globalData); return NS_ERROR_FAILURE; } - prin->ToJSPrincipal(& jsprin); + prin->GetJSPrincipals(&jsprin); NS_RELEASE(globalData); } NS_IF_RELEASE(global); + JSContext *mJSContext = (JSContext*)aContext->GetNativeContext(); if (NS_OK == aScriptObjectOwner->GetScriptObject(aContext, (void**)&mScriptObject)) { - JSContext* mJSContext = (JSContext*)aContext->GetNativeContext(); nsString mName, mLowerName; char* mCharName; aName->ToString(mName); @@ -457,9 +457,12 @@ nsresult nsEventListenerManager::AddScriptEventListener(nsIScriptContext* aConte JS_CompileUCFunctionForPrincipals(mJSContext, mScriptObject, jsprin, mCharName, 1, mEventArgv, (jschar*)aFunc.GetUnicode(), aFunc.Length(), nsnull, 0); delete[] mCharName; + JSPRINCIPALS_DROP(mJSContext, jsprin); return SetJSEventListener(aContext, mScriptObject, aIID); } } + if (jsprin) + JSPRINCIPALS_DROP(mJSContext, jsprin); return NS_ERROR_FAILURE; } diff --git a/mozilla/layout/html/forms/src/nsGfxAutoTextControlFrame.cpp b/mozilla/layout/html/forms/src/nsGfxAutoTextControlFrame.cpp index f959f6548bf..8b6c880e357 100644 --- a/mozilla/layout/html/forms/src/nsGfxAutoTextControlFrame.cpp +++ b/mozilla/layout/html/forms/src/nsGfxAutoTextControlFrame.cpp @@ -314,20 +314,21 @@ nsresult nsGfxAutoTextControlFrame::BuildScriptEventHandler(nsIScriptContext* aC NS_RELEASE(globalData); } NS_IF_RELEASE(global); - JSPrincipals * jsprin; - prin->ToJSPrincipal(& jsprin); + JSPrincipals *jsprin; + prin->GetJSPrincipals(&jsprin); + JSContext* mJSContext = (JSContext*)aContext->GetNativeContext(); if (NS_OK == aScriptObjectOwner->GetScriptObject(aContext, (void**)mScriptObject)) { - JSContext* mJSContext = (JSContext*)aContext->GetNativeContext(); if (nsnull != aName) { JS_CompileUCFunctionForPrincipals(mJSContext, *mScriptObject, jsprin, aName, 0, nsnull, (jschar*)aFunc.GetUnicode(), aFunc.Length(), nsnull, 0); + JSPRINCIPALS_DROP(mJSContext, jsprin); return NS_OK; } } - + JSPRINCIPALS_DROP(mJSContext, jsprin); return NS_ERROR_FAILURE; } diff --git a/mozilla/modules/libpref/src/win/winpref.js b/mozilla/modules/libpref/src/win/winpref.js index cf13d48838b..9cbb5929a19 100644 --- a/mozilla/modules/libpref/src/win/winpref.js +++ b/mozilla/modules/libpref/src/win/winpref.js @@ -157,36 +157,37 @@ pref("netinst.profile.show_dir_overwrite_msg", true); Security information ***************************/ /* DISABLE FOR NOW -pref("js_security.default.htmlinputelement.value", 2); +pref("security.policies", "default,chrome"); +pref("security.policy.default.htmlinputelement.value", "sameOrigin"); -pref("js_security.default.htmlimageelement.src", 2); -pref("js_security.default.htmlimageelement.lowsrc", 2); +pref("security.policy.default.htmlimageelement.src", "sameOrigin"); +pref("security.policy.default.htmlimageelement.lowsrc", "sameOrigin"); -pref("js_security.default.location.hash", 2); -pref("js_security.default.location.host", 2); -pref("js_security.default.location.hostname", 2); -pref("js_security.default.location.pathname", 2); -pref("js_security.default.location.port", 2); -pref("js_security.default.location.protocol", 2); -pref("js_security.default.location.search", 2); -pref("js_security.default.location.replace", 2); -pref("js_security.default.location.tostring", 2); -pref("js_security.default.location.reload", 2); -pref("js_security.default.location.replace", 2); +pref("security.policy.default.location.hash", "sameOrigin"); +pref("security.policy.default.location.host", "sameOrigin"); +pref("security.policy.default.location.hostname", "sameOrigin"); +pref("security.policy.default.location.pathname", "sameOrigin"); +pref("security.policy.default.location.port", "sameOrigin"); +pref("security.policy.default.location.protocol", "sameOrigin"); +pref("security.policy.default.location.search", "sameOrigin"); +pref("security.policy.default.location.replace", "sameOrigin"); +pref("security.policy.default.location.tostring", "sameOrigin"); +pref("security.policy.default.location.reload", "sameOrigin"); +pref("security.policy.default.location.replace", "sameOrigin"); -pref("js_security.default.htmldocument.anchors", 2); -pref("js_security.default.htmldocument.applets", 2); -pref("js_security.default.htmldocument.cookie", 2); -pref("js_security.default.htmldocument.domain", 2); -pref("js_security.default.htmldocument.getelementbyid", 2); -pref("js_security.default.htmldocument.getelementsbyname", 2); -pref("js_security.default.htmldocument.embeds", 2); -pref("js_security.default.htmldocument.forms", 2); -pref("js_security.default.htmldocument.lastmodified", 2); -pref("js_security.default.htmldocument.links", 2); -pref("js_security.default.htmldocument.referrer", 2); -pref("js_security.default.htmldocument.title", 2); -pref("js_security.default.htmldocument.url", 2); +pref("security.policy.default.htmldocument.anchors", "sameOrigin"); +pref("security.policy.default.htmldocument.applets", "sameOrigin"); +pref("security.policy.default.htmldocument.cookie", "sameOrigin"); +pref("security.policy.default.htmldocument.domain", "sameOrigin"); +pref("security.policy.default.htmldocument.getelementbyid", "sameOrigin"); +pref("security.policy.default.htmldocument.getelementsbyname", "sameOrigin"); +pref("security.policy.default.htmldocument.embeds", "sameOrigin"); +pref("security.policy.default.htmldocument.forms", "sameOrigin"); +pref("security.policy.default.htmldocument.lastmodified", "sameOrigin"); +pref("security.policy.default.htmldocument.links", "sameOrigin"); +pref("security.policy.default.htmldocument.referrer", "sameOrigin"); +pref("security.policy.default.htmldocument.title", "sameOrigin"); +pref("security.policy.default.htmldocument.url", "sameOrigin"); */ /* Need preference names for diff --git a/mozilla/netwerk/base/public/nsIChannel.idl b/mozilla/netwerk/base/public/nsIChannel.idl index 28ae1e08bd5..cfa9d799fb0 100644 --- a/mozilla/netwerk/base/public/nsIChannel.idl +++ b/mozilla/netwerk/base/public/nsIChannel.idl @@ -24,6 +24,7 @@ interface nsIOutputStream; interface nsIStreamObserver; interface nsIStreamListener; interface nsILoadGroup; +interface nsIPrincipal; typedef unsigned long nsLoadFlags; @@ -117,6 +118,13 @@ interface nsIChannel : nsIRequest */ readonly attribute string ContentType; + /** + * Accesses the principal corresponding to the entity that is + * responsible for this channel. Used by security code to grant + * or diminish privileges to mobile code loaded from this channel. + */ + attribute nsIPrincipal Principal; + /** * Returns the load group in which the channel is a currently a member. */ diff --git a/mozilla/netwerk/base/src/nsInputStreamChannel.cpp b/mozilla/netwerk/base/src/nsInputStreamChannel.cpp index 2e8e8a2b729..654bddd18dd 100644 --- a/mozilla/netwerk/base/src/nsInputStreamChannel.cpp +++ b/mozilla/netwerk/base/src/nsInputStreamChannel.cpp @@ -239,4 +239,17 @@ nsInputStreamChannel::GetLoadGroup(nsILoadGroup * *aLoadGroup) return NS_OK; } +NS_IMETHODIMP +nsInputStreamChannel::GetPrincipal(nsIPrincipal * *aPrincipal) +{ + *aPrincipal = nsnull; + return NS_OK; +} + +NS_IMETHODIMP +nsInputStreamChannel::SetPrincipal(nsIPrincipal * aPrincipal) +{ + return NS_OK; +} + //////////////////////////////////////////////////////////////////////////////// diff --git a/mozilla/netwerk/base/src/nsSocketTransport.cpp b/mozilla/netwerk/base/src/nsSocketTransport.cpp index f7656d46245..0ca11df20dc 100644 --- a/mozilla/netwerk/base/src/nsSocketTransport.cpp +++ b/mozilla/netwerk/base/src/nsSocketTransport.cpp @@ -1723,3 +1723,16 @@ nsSocketTransport::GetLoadGroup(nsILoadGroup * *aLoadGroup) return NS_ERROR_FAILURE; } +NS_IMETHODIMP +nsSocketTransport::GetPrincipal(nsIPrincipal * *aPrincipal) +{ + *aPrincipal = nsnull; + return NS_OK; +} + +NS_IMETHODIMP +nsSocketTransport::SetPrincipal(nsIPrincipal * aPrincipal) +{ + return NS_OK; +} + diff --git a/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp b/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp index 5a406e5099a..3f7b3aa96a4 100644 --- a/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp +++ b/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp @@ -42,6 +42,7 @@ #include "nsEscape.h" #include "nsIMIMEService.h" #include "prlog.h" +#include "nsIPrincipal.h" static NS_DEFINE_CID(kMIMEServiceCID, NS_MIMESERVICE_CID); @@ -78,7 +79,8 @@ nsFileChannel::nsFileChannel() mBufferInputStream(nsnull), mBufferOutputStream(nsnull), mStatus(NS_OK), mHandler(nsnull), mSourceOffset(0), mLoadAttributes(LOAD_NORMAL), - mReadFixedAmount(PR_FALSE), mLoadGroup(nsnull), mRealListener(nsnull) + mReadFixedAmount(PR_FALSE), mLoadGroup(nsnull), mRealListener(nsnull), + mPrincipal(nsnull) { NS_INIT_REFCNT(); #if defined(PR_LOGGING) @@ -180,6 +182,7 @@ nsFileChannel::~nsFileChannel() if (mMonitor) PR_DestroyMonitor(mMonitor); NS_IF_RELEASE(mLoadGroup); + NS_IF_RELEASE(mPrincipal); } NS_IMETHODIMP @@ -559,6 +562,22 @@ nsFileChannel::GetLoadGroup(nsILoadGroup * *aLoadGroup) return NS_OK; } +NS_IMETHODIMP +nsFileChannel::GetPrincipal(nsIPrincipal * *aPrincipal) +{ + *aPrincipal = mPrincipal; + NS_IF_ADDREF(*aPrincipal); + return NS_OK; +} + +NS_IMETHODIMP +nsFileChannel::SetPrincipal(nsIPrincipal * aPrincipal) +{ + NS_IF_RELEASE(mPrincipal); + mPrincipal = aPrincipal; + NS_IF_ADDREF(mPrincipal); + return NS_OK; +} //////////////////////////////////////////////////////////////////////////////// // nsIRunnable methods: diff --git a/mozilla/netwerk/protocol/file/src/nsFileChannel.h b/mozilla/netwerk/protocol/file/src/nsFileChannel.h index 7ecac23cc49..3c842f1bd71 100644 --- a/mozilla/netwerk/protocol/file/src/nsFileChannel.h +++ b/mozilla/netwerk/protocol/file/src/nsFileChannel.h @@ -123,6 +123,7 @@ protected: PRMonitor* mMonitor; PRUint32 mLoadAttributes; nsILoadGroup* mLoadGroup; + nsIPrincipal* mPrincipal; nsCOMPtr mRealListener; diff --git a/mozilla/netwerk/protocol/ftp/src/nsFTPChannel.cpp b/mozilla/netwerk/protocol/ftp/src/nsFTPChannel.cpp index d08220ae8ff..24d020b7532 100644 --- a/mozilla/netwerk/protocol/ftp/src/nsFTPChannel.cpp +++ b/mozilla/netwerk/protocol/ftp/src/nsFTPChannel.cpp @@ -31,6 +31,7 @@ #include "nsILoadGroup.h" #include "nsIFTPContext.h" #include "nsIMIMEService.h" +#include "nsIPrincipal.h" static NS_DEFINE_CID(kMIMEServiceCID, NS_MIMESERVICE_CID); static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID); @@ -381,6 +382,19 @@ nsFTPChannel::GetLoadGroup(nsILoadGroup * *aLoadGroup) return NS_OK; } +NS_IMETHODIMP +nsFTPChannel::GetPrincipal(nsIPrincipal * *aPrincipal) +{ + *aPrincipal = nsnull; + return NS_OK; +} + +NS_IMETHODIMP +nsFTPChannel::SetPrincipal(nsIPrincipal * aPrincipal) +{ + return NS_OK; +} + //////////////////////////////////////////////////////////////////////////////// // nsIFTPChannel methods: diff --git a/mozilla/netwerk/protocol/http/src/nsHTTPChannel.cpp b/mozilla/netwerk/protocol/http/src/nsHTTPChannel.cpp index 46e99ce76e5..47a633f2031 100644 --- a/mozilla/netwerk/protocol/http/src/nsHTTPChannel.cpp +++ b/mozilla/netwerk/protocol/http/src/nsHTTPChannel.cpp @@ -319,6 +319,19 @@ nsHTTPChannel::GetLoadGroup(nsILoadGroup * *aLoadGroup) return NS_OK; } +NS_IMETHODIMP +nsHTTPChannel::GetPrincipal(nsIPrincipal * *aPrincipal) +{ + *aPrincipal = nsnull; + return NS_OK; +} + +NS_IMETHODIMP +nsHTTPChannel::SetPrincipal(nsIPrincipal * aPrincipal) +{ + return NS_OK; +} + //////////////////////////////////////////////////////////////////////////////// // nsIHTTPChannel methods: diff --git a/mozilla/rdf/chrome/src/nsChromeProtocolHandler.cpp b/mozilla/rdf/chrome/src/nsChromeProtocolHandler.cpp index 5fd3250a8db..8437f2858af 100644 --- a/mozilla/rdf/chrome/src/nsChromeProtocolHandler.cpp +++ b/mozilla/rdf/chrome/src/nsChromeProtocolHandler.cpp @@ -23,7 +23,10 @@ #include "nsIComponentManager.h" #include "nsIServiceManager.h" #include "nsIIOService.h" +#include "nsIChannel.h" #include "nsIChromeRegistry.h" +#include "nsCOMPtr.h" +#include "nsIPrincipalManager.h" static NS_DEFINE_CID(kStandardURLCID, NS_STANDARDURL_CID); static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID); @@ -170,6 +173,23 @@ nsChromeProtocolHandler::NewChannel(const char* verb, nsIURI* uri, rv = serv->NewChannelFromURI(verb, chromeURI, aGroup, eventSinkGetter, result); + + // Create a special principal for chrome and set the creator property + // of the result + if (NS_SUCCEEDED(rv)) { + NS_WITH_SERVICE(nsIPrincipalManager, prinMan, + NS_PRINCIPALMANAGER_PROGID, &rv); + if (NS_FAILED(rv)) + return NS_ERROR_FAILURE; + nsCOMPtr principal; + if (NS_FAILED(prinMan->CreateCodebasePrincipal(nsnull, chromeURI, + getter_AddRefs(principal)))) + { + return NS_ERROR_FAILURE; + } + (*result)->SetPrincipal(principal); + } + NS_RELEASE(chromeURI); return rv; } diff --git a/mozilla/rdf/content/src/nsXULDocument.cpp b/mozilla/rdf/content/src/nsXULDocument.cpp index f958570f2ba..1f291e01327 100644 --- a/mozilla/rdf/content/src/nsXULDocument.cpp +++ b/mozilla/rdf/content/src/nsXULDocument.cpp @@ -61,6 +61,7 @@ #include "nsIParser.h" #include "nsIPresContext.h" #include "nsIPresShell.h" +#include "nsIPrincipal.h" #include "nsIContentViewer.h" #include "nsIRDFCompositeDataSource.h" #include "nsIRDFContainerUtils.h" @@ -438,6 +439,8 @@ public: virtual nsIURI* GetDocumentURL() const; + virtual nsIPrincipal* GetDocumentPrincipal() const; + virtual nsILoadGroup* GetDocumentLoadGroup() const; NS_IMETHOD GetBaseURL(nsIURI*& aURL) const; @@ -765,6 +768,7 @@ protected: nsAutoString mDocumentTitle; nsCOMPtr mDocumentURL; // [OWNER] ??? compare with loader nsCOMPtr mDocumentLoadGroup; // [OWNER] leads to loader + nsCOMPtr mDocumentPrincipal; // [OWNER] nsCOMPtr mRootResource; // [OWNER] nsCOMPtr mRootContent; // [OWNER] nsIDocument* mParentDocument; // [WEAK] @@ -1130,6 +1134,10 @@ XULDocumentImpl::PrepareToLoad( nsCOMPtr* created_parser, mDocumentTitle.Truncate(); mDocumentURL = syntheticURL; + + rv = aChannel->GetPrincipal(getter_AddRefs(mDocumentPrincipal)); + if (NS_FAILED(rv)) return rv; + #ifdef NECKO mDocumentLoadGroup = aLoadGroup; #else @@ -1345,6 +1353,15 @@ XULDocumentImpl::GetDocumentURL() const return result; } +nsIPrincipal* +XULDocumentImpl::GetDocumentPrincipal() const +{ + nsIPrincipal* result = mDocumentPrincipal; + NS_IF_ADDREF(result); + return result; +} + + nsILoadGroup* XULDocumentImpl::GetDocumentLoadGroup() const {