diff --git a/mozilla/caps/idl/Makefile.in b/mozilla/caps/idl/Makefile.in index b4ed527a7bb..5eb5d4e9163 100644 --- a/mozilla/caps/idl/Makefile.in +++ b/mozilla/caps/idl/Makefile.in @@ -32,9 +32,6 @@ GRE_MODULE = 1 XPIDLSRCS = \ nsIScriptSecurityManager.idl \ nsIPrincipal.idl \ - nsICodebasePrincipal.idl \ - nsICertificatePrincipal.idl \ - nsIAggregatePrincipal.idl \ nsISignatureVerifier.idl \ nsISecurityCheckedComponent.idl \ $(NULL) diff --git a/mozilla/caps/idl/nsIAggregatePrincipal.idl b/mozilla/caps/idl/nsIAggregatePrincipal.idl deleted file mode 100644 index 4a7269afe8f..00000000000 --- a/mozilla/caps/idl/nsIAggregatePrincipal.idl +++ /dev/null @@ -1,60 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: NPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Netscape Public License - * Version 1.1 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1999-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Mitch Stoltz - * - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the NPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the NPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* Defines an interface for aggregate principals. */ - -%{C++ -#define NS_AGGREGATEPRINCIPAL_CONTRACTID "@mozilla.org/aggregateprincipal;1" -#define NS_AGGREGATEPRINCIPAL_CLASSNAME "aggregateprincipal" -%} - -#include "nsIPrincipal.idl" - -[uuid(1c30a682-1dd2-11b2-ba9b-86a86f300cbc)] -interface nsIAggregatePrincipal : nsISupports { - - attribute nsIPrincipal certificate; - attribute nsIPrincipal codebase; - attribute boolean domainChanged; - readonly attribute nsIPrincipal originalCodebase; - readonly attribute nsIPrincipal primaryChild; - - void intersect(in nsIPrincipal other); - - attribute voidPtr cachedSecurityPolicy; -}; diff --git a/mozilla/caps/idl/nsICertificatePrincipal.idl b/mozilla/caps/idl/nsICertificatePrincipal.idl deleted file mode 100644 index b8249a11bb8..00000000000 --- a/mozilla/caps/idl/nsICertificatePrincipal.idl +++ /dev/null @@ -1,53 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: NPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Netscape Public License - * Version 1.1 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1999-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Mitchell Stoltz - * - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the NPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the NPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* Defines an interface for certificate principals. */ -#include "nsIPrincipal.idl" -#include "nsIZipReader.idl" - -%{C++ -#define NS_CERTIFICATEPRINCIPAL_CONTRACTID "@mozilla.org/certificateprincipal;1" -#define NS_CERTIFICATEPRINCIPAL_CLASSNAME "certificateprincipal" -%} - -[uuid(ebfefcd0-25e1-11d2-8160-006008119d7a)] -interface nsICertificatePrincipal : nsISupports { - - readonly attribute string certificateID; - attribute string commonName; -}; diff --git a/mozilla/caps/idl/nsICodebasePrincipal.idl b/mozilla/caps/idl/nsICodebasePrincipal.idl deleted file mode 100644 index b684e6cfbb2..00000000000 --- a/mozilla/caps/idl/nsICodebasePrincipal.idl +++ /dev/null @@ -1,56 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: NPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Netscape Public License - * Version 1.1 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1999 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the NPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the NPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* Defines an interface for codebase principals. */ -#include "nsIPrincipal.idl" -interface nsIURI; - -%{C++ -#define NS_CODEBASEPRINCIPAL_CONTRACTID "@mozilla.org/codebaseprincipal;1" -#define NS_CODEBASEPRINCIPAL_CLASSNAME "codebaseprincipal" -%} - -[uuid(829fe440-25e1-11d2-8160-006008119d7a)] -interface nsICodebasePrincipal : nsISupports { - - readonly attribute nsIURI URI; - - readonly attribute string origin; - - readonly attribute string spec; -}; - diff --git a/mozilla/caps/idl/nsIPrincipal.idl b/mozilla/caps/idl/nsIPrincipal.idl index c5c2b256db1..e8d999d5f8b 100644 --- a/mozilla/caps/idl/nsIPrincipal.idl +++ b/mozilla/caps/idl/nsIPrincipal.idl @@ -14,12 +14,14 @@ * * The Original Code is mozilla.org code. * - * The Initial Developer of the Original Code is + * The Initial Developer of the Original Code is * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1999-2000 + * Portions created by the Initial Developer are Copyright (C) 1999-2003 * the Initial Developer. All Rights Reserved. * * Contributor(s): + * Mitchell Stoltz + * Christopher A. Aillon * * * Alternatively, the contents of this file may be used under the terms of @@ -44,41 +46,109 @@ struct JSPrincipals; %} +interface nsIURI; + [ptr] native JSPrincipals(JSPrincipals); [uuid(ff9313d0-25e1-11d2-8160-006008119d7a)] -interface nsIPrincipal : nsISerializable { - - // Values of capabilities for each principal. Order is - // significant: if an operation is performed on a set - // of capabilities, the minimum is computed. +interface nsIPrincipal : nsISerializable +{ + /** + * Values of capabilities for each principal. Order is + * significant: if an operation is performed on a set + * of capabilities, the minimum is computed. + */ const short ENABLE_DENIED = 1; const short ENABLE_UNKNOWN = 2; const short ENABLE_WITH_USER_PERMISSION = 3; const short ENABLE_GRANTED = 4; - string ToString(); - - string ToUserVisibleString(); - - void GetPreferences(out string prefName, out string id, + /** + * Returns the security preferences associated with this principal. + * prefBranch will be set to the pref branch to which these preferences + * pertain. id is a pseudo-unique identifier, pertaining to either the + * certificateID or the origin. grantedList and deniedList are + * space-separated lists of capabilities which were explicitly granted + * or denied by a pref. + */ + void getPreferences(out string prefBranch, out string id, out string grantedList, out string deniedList); - boolean Equals(in nsIPrincipal other); + /** + * Returns whether the other principal is equivalent to this principal. + * Principals are considered equal if they are the same principal, + * they have the same origin, or have the same certificate ID + */ + boolean equals(in nsIPrincipal other); - unsigned long HashValue(); + /** + * Returns a hash value for the principal. + */ + readonly attribute unsigned long hashValue; - JSPrincipals GetJSPrincipals(); + /** + * Returns the JS equivalent of the principal. + * @see JSPrincipals.h + */ + readonly attribute JSPrincipals jsPrincipals; - short CanEnableCapability(in string capability); + /** + * The domain security policy of the principal. + */ + // XXXcaa should this be here? The script security manager is the only + // thing that should care about this. Wouldn't storing this data in one + // of the hashtables in nsScriptSecurityManager be better? + attribute voidPtr securityPolicy; - void SetCanEnableCapability(in string capability, in short canEnable); + // XXXcaa probably should be turned into {get|set}CapabilityFlags + short canEnableCapability(in string capability); + void setCanEnableCapability(in string capability, in short canEnable); + boolean isCapabilityEnabled(in string capability, in voidPtr annotation); + void enableCapability(in string capability, inout voidPtr annotation); + void revertCapability(in string capability, inout voidPtr annotation); + void disableCapability(in string capability, inout voidPtr annotation); - boolean IsCapabilityEnabled(in string capability, in voidPtr annotation); - - void EnableCapability(in string capability, inout voidPtr annotation); + /** + * The codebase URI to which this principal pertains. This is + * generally the document URI. Setting this will reset the domain + * to null. + */ + attribute nsIURI URI; - void RevertCapability(in string capability, inout voidPtr annotation); + /** + * The domain URI to which this principal pertains. + * This is congruent with HTMLDocument.domain, and may be null. + * Setting this has no effect on the URI. + */ + attribute nsIURI domain; - void DisableCapability(in string capability, inout voidPtr annotation); + /** + * The origin of this principal's domain, if non-null, or its + * codebase URI otherwise. An origin is defined as: + * scheme + host + port. + */ + // XXXcaa this should probably be turned into an nsIURI. + // The system principal's origin should be some caps namespace + // with a chrome URI. All of chrome should probably be the same. + readonly attribute string origin; + + /** + * Whether this principal is associated with a certificate. + */ + readonly attribute boolean hasCertificate; + + /** + * The fingerprint ID of this principal's certificate. + * Throws if there is no certificate associated with this principal. + */ + // XXXcaa kaie says this may not be unique. We should probably + // consider using something else for this.... + attribute string certificateID; + + /** + * The common name for the certificate. + * This pertains to the certificate authority organization. + * Throws if there is no certificate associated with this principal. + */ + attribute string commonName; }; diff --git a/mozilla/caps/idl/nsIScriptSecurityManager.idl b/mozilla/caps/idl/nsIScriptSecurityManager.idl index 633e0ef3409..ab01ca2e3d5 100644 --- a/mozilla/caps/idl/nsIScriptSecurityManager.idl +++ b/mozilla/caps/idl/nsIScriptSecurityManager.idl @@ -134,23 +134,22 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager * executing script. Will return null if there is no script * currently executing. */ - nsIPrincipal getSubjectPrincipal(); + [noscript] nsIPrincipal getSubjectPrincipal(); /** * Return the all-powerful system principal. */ - nsIPrincipal getSystemPrincipal(); + [noscript] nsIPrincipal getSystemPrincipal(); /** - * Return a principal that can be QI'd to nsICertificatePrincipal. + * Return a principal with the specified certificate ID. */ - nsIPrincipal getCertificatePrincipal(in string CertID); + [noscript] nsIPrincipal getCertificatePrincipal(in string CertID); /** - * Return a principal that can be QI'd to nsICodebasePrincipal and - * has the same origin as aURI. + * Return a principal that has the same origin as aURI. */ - nsIPrincipal getCodebasePrincipal(in nsIURI aURI); + [noscript] nsIPrincipal getCodebasePrincipal(in nsIURI aURI); ///////////////// Capabilities API ///////////////////// /** @@ -159,13 +158,13 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager * necessary. Returns nsIPrincipal::ENABLE_GRANTED or * nsIPrincipal::ENABLE_DENIED based on user's choice. */ - void requestCapability(in nsIPrincipal principal, in string capability, - out short result); + [noscript] short requestCapability(in nsIPrincipal principal, + in string capability); /** * Return true if the currently executing script has 'capability' enabled. */ - boolean IsCapabilityEnabled(in string capability); + boolean isCapabilityEnabled(in string capability); /** * Enable 'capability' in the innermost frame of the currently executing diff --git a/mozilla/caps/include/Makefile.in b/mozilla/caps/include/Makefile.in index 1b7c9edda60..a08770c1886 100644 --- a/mozilla/caps/include/Makefile.in +++ b/mozilla/caps/include/Makefile.in @@ -29,14 +29,8 @@ include $(DEPTH)/config/autoconf.mk MODULE = caps EXPORTS = \ - nsBasePrincipal.h \ - nsSystemPrincipal.h \ - nsCertificatePrincipal.h \ - nsCodebasePrincipal.h \ - nsAggregatePrincipal.h \ - nsJSPrincipals.h \ - nsScriptSecurityManager.h \ - $(NULL) + nsJSPrincipals.h \ + $(NULL) include $(topsrcdir)/config/rules.mk diff --git a/mozilla/caps/include/nsAggregatePrincipal.h b/mozilla/caps/include/nsAggregatePrincipal.h deleted file mode 100644 index cacda09a019..00000000000 --- a/mozilla/caps/include/nsAggregatePrincipal.h +++ /dev/null @@ -1,116 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: NPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Netscape Public License - * Version 1.1 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1998-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the NPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the NPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* describes aggregate principals which combine the - behavior of one or more other principals */ - -#ifndef _NS_AGGREGATE_PRINCIPAL_H_ -#define _NS_AGGREGATE_PRINCIPAL_H_ -#include "nsIAggregatePrincipal.h" -#include "nsICertificatePrincipal.h" -#include "nsICodebasePrincipal.h" -#include "nsBasePrincipal.h" -#include "nsCOMPtr.h" - -#define NS_AGGREGATEPRINCIPAL_CID \ -{ 0x867cf414, 0x1dd2, 0x11b2, \ -{ 0x82, 0x66, 0xca, 0x64, 0x3b, 0xbc, 0x35, 0x64 }} - -/* 867cf414-1dd2-11b2-8266-ca643bbc3564 */ -class nsAggregatePrincipal : public nsIAggregatePrincipal, - public nsICertificatePrincipal, - public nsICodebasePrincipal, - public nsBasePrincipal -{ -public: - - NS_DEFINE_STATIC_CID_ACCESSOR(NS_AGGREGATEPRINCIPAL_CID) - NS_DECL_ISUPPORTS - NS_DECL_NSISERIALIZABLE - NS_DECL_NSIAGGREGATEPRINCIPAL - NS_DECL_NSICERTIFICATEPRINCIPAL - NS_DECL_NSICODEBASEPRINCIPAL - - NS_IMETHOD - ToString(char **result); - - NS_IMETHOD - ToUserVisibleString(char **result); - - NS_IMETHOD - Equals(nsIPrincipal *other, PRBool *result); - - NS_IMETHOD - HashValue(PRUint32 *result); - - NS_IMETHOD - CanEnableCapability(const char *capability, PRInt16 *result); - - NS_IMETHOD - SetCanEnableCapability(const char *capability, PRInt16 canEnable); - - NS_IMETHOD - IsCapabilityEnabled(const char *capability, void *annotation, - PRBool *result); - - NS_IMETHOD - EnableCapability(const char *capability, void **annotation); - - NS_IMETHOD - RevertCapability(const char *capability, void **annotation); - - NS_IMETHOD - DisableCapability(const char *capability, void **annotation); - - NS_IMETHOD - GetPreferences(char** aPrefName, char** aID, - char** aGrantedList, char** aDeniedList); - - nsAggregatePrincipal(); - - virtual ~nsAggregatePrincipal(void); - -protected: - nsCOMPtr mCertificate; - nsCOMPtr mCodebase; - nsCOMPtr mOriginalCodebase; - void* mCachedSecurityPolicy; - PRPackedBool mDomainChanged; -}; - -#endif // _NS_AGGREGATE_PRINCIPAL_H_ diff --git a/mozilla/caps/include/nsBasePrincipal.h b/mozilla/caps/include/nsBasePrincipal.h deleted file mode 100644 index 56a1fb8cacd..00000000000 --- a/mozilla/caps/include/nsBasePrincipal.h +++ /dev/null @@ -1,122 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- - * - * The contents of this file are subject to the Netscape Public License - * Version 1.0 (the "NPL"); you may not use this file except in - * compliance with the NPL. You may obtain a copy of the NPL at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the NPL is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL - * for the specific language governing rights and limitations under the - * NPL. - * - * The Initial Developer of this code under the NPL is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1999-2000 Netscape Communications Corporation. All Rights - * Reserved. - * - * Contributors: - * Norris Boyd - */ - -/* Shared implementation code for principals. */ - -#ifndef _NS_BASE_PRINCIPAL_H_ -#define _NS_BASE_PRINCIPAL_H_ - -#include "jsapi.h" -#include "nsJSPrincipals.h" -#include "nsVoidArray.h" -#include "nsHashtable.h" -#include "nsIObjectInputStream.h" -#include "nsIObjectOutputStream.h" - -class nsBasePrincipal: public nsIPrincipal { -public: - - nsBasePrincipal(); - - virtual ~nsBasePrincipal(void); - - NS_IMETHOD - GetJSPrincipals(JSPrincipals **jsprin); - - NS_IMETHOD - CanEnableCapability(const char *capability, PRInt16 *result); - - NS_IMETHOD - SetCanEnableCapability(const char *capability, PRInt16 canEnable); - - NS_IMETHOD - IsCapabilityEnabled(const char *capability, void *annotation, - PRBool *result); - - NS_IMETHOD - EnableCapability(const char *capability, void **annotation); - - NS_IMETHOD - RevertCapability(const char *capability, void **annotation); - - NS_IMETHOD - DisableCapability(const char *capability, void **annotation); - - NS_IMETHOD - GetPreferences(char** aPrefName, char** aID, - char** aGrantedList, char** aDeniedList); - - nsresult - InitFromPersistent(const char* aPrefName,const char* aID, - const char* aGrantedList, const char* aDeniedList); - - NS_IMETHOD - Read(nsIObjectInputStream* aStream); - - NS_IMETHOD - Write(nsIObjectOutputStream* aStream); - - static const char Invalid[]; - -protected: - enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled }; - - NS_IMETHOD - SetCapability(const char *capability, void **annotation, - AnnotationValue value); - - nsJSPrincipals mJSPrincipals; - nsVoidArray mAnnotations; - nsHashtable *mCapabilities; - nsCString mPrefName; - static int mCapabilitiesOrdinal; -}; - -// special AddRef/Release to unify reference counts between XPCOM -// and JSPrincipals - -#define NSBASEPRINCIPALS_ADDREF(className) \ -NS_IMETHODIMP_(nsrefcnt) \ -className::AddRef(void) \ -{ \ - NS_PRECONDITION(PRInt32(mRefCnt) == 0, "illegal mRefCnt"); \ - NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt");\ - nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount);\ - NS_LOG_ADDREF(this, count, #className, sizeof(*this)); \ - return count; \ -} - -#define NSBASEPRINCIPALS_RELEASE(className) \ -NS_IMETHODIMP_(nsrefcnt) \ -className::Release(void) \ -{ \ - NS_PRECONDITION(PRInt32(mRefCnt) == 0, "illegal mRefCnt"); \ - NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release"); \ - nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount);\ - NS_LOG_RELEASE(this, count, #className); \ - if (count == 0) { \ - NS_DELETEXPCOM(this); \ - return 0; \ - } \ - return count; \ -} - -#endif // _NS_BASE_PRINCIPAL_H_ diff --git a/mozilla/caps/include/nsCertificatePrincipal.h b/mozilla/caps/include/nsCertificatePrincipal.h deleted file mode 100644 index 65976044002..00000000000 --- a/mozilla/caps/include/nsCertificatePrincipal.h +++ /dev/null @@ -1,89 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: NPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Netscape Public License - * Version 1.1 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1998-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the NPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the NPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* describes principals for use with signed scripts */ - -#ifndef _NS_CERTIFICATE_PRINCIPAL_H_ -#define _NS_CERTIFICATE_PRINCIPAL_H_ -#include "jsapi.h" -#include "nsICertificatePrincipal.h" -#include "nsBasePrincipal.h" - -class nsIURI; - -#define NS_CERTIFICATEPRINCIPAL_CID \ -{ 0x7ee2a4c0, 0x4b91, 0x11d3, \ -{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }} - -class nsCertificatePrincipal : public nsICertificatePrincipal, public nsBasePrincipal -{ -public: - - NS_DEFINE_STATIC_CID_ACCESSOR(NS_CERTIFICATEPRINCIPAL_CID) - NS_DECL_ISUPPORTS - NS_DECL_NSISERIALIZABLE - NS_DECL_NSICERTIFICATEPRINCIPAL - - NS_IMETHOD ToString(char **result); - - NS_IMETHOD ToUserVisibleString(char **result); - - NS_IMETHOD GetPreferences(char** aPrefName, char** aID, - char** aGrantedList, char** aDeniedList); - - NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result); - - NS_IMETHOD HashValue(PRUint32 *result); - - NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result); - - NS_IMETHOD Init(const char* aCertificateID); - - nsresult InitFromPersistent(const char* aPrefName, const char* aID, - const char* aGrantedList, const char* aDeniedList); - - nsCertificatePrincipal(); - - virtual ~nsCertificatePrincipal(void); - -protected: - nsCString mCertificateID; - nsCString mCommonName; -}; - -#endif // _NS_CERTIFICATE_PRINCIPAL_H_ diff --git a/mozilla/caps/include/nsCodebasePrincipal.h b/mozilla/caps/include/nsCodebasePrincipal.h deleted file mode 100644 index 710c54a6809..00000000000 --- a/mozilla/caps/include/nsCodebasePrincipal.h +++ /dev/null @@ -1,93 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: NPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Netscape Public License - * Version 1.1 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1998-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the NPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the NPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* describes principals by their orginating URIs */ - -#ifndef _NS_CODEBASE_PRINCIPAL_H_ -#define _NS_CODEBASE_PRINCIPAL_H_ - -#include "jsapi.h" -#include "nsBasePrincipal.h" -#include "nsICodebasePrincipal.h" -#include "nsIURI.h" -#include "nsCOMPtr.h" - -#define NS_CODEBASEPRINCIPAL_CID \ -{ 0x7ee2a400, 0x0b91, 0xaad3, \ -{ 0xba, 0x18, 0xd7, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }} - -class nsCodebasePrincipal : public nsBasePrincipal, public nsICodebasePrincipal { -public: - - NS_DEFINE_STATIC_CID_ACCESSOR(NS_CODEBASEPRINCIPAL_CID) - - NS_DECL_ISUPPORTS - NS_DECL_NSISERIALIZABLE - NS_DECL_NSICODEBASEPRINCIPAL - - NS_IMETHOD ToString(char **result); - - NS_IMETHOD ToUserVisibleString(char **result); - - NS_IMETHOD GetPreferences(char** aPrefName, char** aID, - char** aGrantedList, char** aDeniedList); - - NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result); - - NS_IMETHOD HashValue(PRUint32 *result); - - NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result); - - nsCodebasePrincipal(); - - nsresult - Init(nsIURI *uri); - - nsresult - InitFromPersistent(const char* aPrefName, const char* aID, - const char* aGrantedList, const char* aDeniedList, - PRBool aTrusted); - - virtual ~nsCodebasePrincipal(void); - -protected: - nsCOMPtr mURI; - PRBool mTrusted; -}; - -#endif // _NS_CODEBASE_PRINCIPAL_H_ diff --git a/mozilla/caps/include/nsJSPrincipals.h b/mozilla/caps/include/nsJSPrincipals.h index d7caf860391..76edbe071a4 100644 --- a/mozilla/caps/include/nsJSPrincipals.h +++ b/mozilla/caps/include/nsJSPrincipals.h @@ -36,8 +36,9 @@ * * ***** END LICENSE BLOCK ***** */ /* describes principals by their orginating uris*/ -#ifndef _NS_JSPRINCIPALS_H_ -#define _NS_JSPRINCIPALS_H_ + +#ifndef nsJSPrincipals_h__ +#define nsJSPrincipals_h__ #include "jsapi.h" #include "nsIPrincipal.h" @@ -47,8 +48,8 @@ struct nsJSPrincipals : JSPrincipals { nsresult Init(char *prin); ~nsJSPrincipals(void); - nsIPrincipal *nsIPrincipalPtr; + nsIPrincipal *nsIPrincipalPtr; // [WEAK] it owns us. }; -#endif /* _NS_JSPRINCIPALS_H_ */ +#endif /* nsJSPrincipals_h__ */ diff --git a/mozilla/caps/include/nsPrincipal.h b/mozilla/caps/include/nsPrincipal.h new file mode 100755 index 00000000000..2cecc55ec92 --- /dev/null +++ b/mozilla/caps/include/nsPrincipal.h @@ -0,0 +1,128 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is mozilla.org code. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2003 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Christopher A. Aillon + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef nsPrincipal_h__ +#define nsPrincipal_h__ + +#include "nsAutoPtr.h" +#include "nsCOMPtr.h" +#include "nsVoidArray.h" +#include "nsHashtable.h" +#include "nsJSPrincipals.h" + +class nsIObjectInputStream; +class nsIObjectOutputStream; + +class nsPrincipal : public nsIPrincipal +{ +public: + nsPrincipal(); + nsPrincipal(nsIURI *aURI); + +protected: + virtual ~nsPrincipal(); + +public: + // Our refcount is managed by mJSPrincipals. Use this macro to avoid + // an extra refcount member. + NS_DECL_ISUPPORTS_INHERITED +protected: + // XXXcaa Probably unnecessary. See bug 143559. + NS_DECL_OWNINGTHREAD +public: + + NS_DECL_NSIPRINCIPAL + NS_DECL_NSISERIALIZABLE + + nsresult InitFromPersistent(const char* aPrefName, + const char* aToken, + const char* aGrantedList, + const char* aDeniedList, + PRBool aIsCert = PR_FALSE, + PRBool aTrusted = PR_FALSE); + + enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled }; + + nsresult SetCapability(const char *capability, void **annotation, + AnnotationValue value); + + static const char sInvalid[]; + +protected: + nsJSPrincipals mJSPrincipals; + nsVoidArray mAnnotations; + nsHashtable mCapabilities; + nsCString mPrefName; + static PRInt32 sCapabilitiesOrdinal; + + // XXXcaa This is a semi-hack. The best solution here is to keep + // a reference to an interface here, except there is no interface + // that we can use yet. + struct Certificate + { + Certificate(const char* aCertID, const char* aName) + : certificateID(aCertID), + commonName(aName) + { + }; + nsCString certificateID; + nsCString commonName; + }; + + // Keep this is a pointer, even though it may slightly increase the + // cost of keeping a certificate, this is a good tradeoff though since + // it is very rare that we actually have a certificate. + nsAutoPtr mCert; + + void* mSecurityPolicy; + + nsCOMPtr mCodebase; + nsCOMPtr mDomain; + PRUint8 mType; + PRPackedBool mTrusted; +}; + + +#define NS_PRINCIPAL_CLASSNAME "principal" +#define NS_PRINCIPAL_CONTRACTID "@mozilla.org/principal;1" +#define NS_PRINCIPAL_CID \ + { 0x36102b6b, 0x7b62, 0x451a, \ + { 0xa1, 0xc8, 0xa0, 0xd4, 0x56, 0xc9, 0x2d, 0xc5 }} + + +#endif // nsPrincipal_h__ diff --git a/mozilla/caps/include/nsScriptSecurityManager.h b/mozilla/caps/include/nsScriptSecurityManager.h index faaaa4bb775..cf3189dd5db 100644 --- a/mozilla/caps/include/nsScriptSecurityManager.h +++ b/mozilla/caps/include/nsScriptSecurityManager.h @@ -22,6 +22,7 @@ * Contributor(s): * Norris Boyd * Mitch Stoltz + * Christopher A. Aillon * * Alternatively, the contents of this file may be used under the terms of * either the GNU General Public License Version 2 or later (the "GPL"), or @@ -37,14 +38,15 @@ * * ***** END LICENSE BLOCK ***** */ -#ifndef _NS_SCRIPT_SECURITY_MANAGER_H_ -#define _NS_SCRIPT_SECURITY_MANAGER_H_ +#ifndef nsScriptSecurityManager_h__ +#define nsScriptSecurityManager_h__ #include "nsIScriptSecurityManager.h" #include "nsIPrincipal.h" #include "jsapi.h" #include "jsdbgapi.h" #include "nsIXPCSecurityManager.h" +#include "nsInterfaceHashtable.h" #include "nsHashtable.h" #include "nsCOMPtr.h" #include "nsIPrefService.h" @@ -57,42 +59,85 @@ class nsIDocShell; class nsString; class nsIClassInfo; +class nsIIOService; +class nsIXPConnect; class nsSystemPrincipal; struct ClassPolicy; +#if defined(DEBUG_mstoltz) || defined(DEBUG_caillon) +#define DEBUG_CAPS_HACKER +#endif + +#ifdef DEBUG_CAPS_HACKER +#define DEBUG_CAPS_CheckPropertyAccessImpl +#define DEBUG_CAPS_LookupPolicy +#define DEBUG_CAPS_CheckComponentPermissions +#endif + +#if 0 +#define DEBUG_CAPS_CanCreateWrapper +#define DEBUG_CAPS_CanCreateInstance +#define DEBUG_CAPS_CanGetService +#endif + ///////////////////// -// nsIPrincipalKey // +// PrincipalKey // ///////////////////// -class nsIPrincipalKey : public nsHashKey { +class NS_COM PrincipalKey : public PLDHashEntryHdr +{ public: - nsIPrincipalKey(nsIPrincipal* key) { - mKey = key; - NS_IF_ADDREF(mKey); + typedef const nsIPrincipal* KeyType; + typedef const nsIPrincipal* KeyTypePointer; + + PrincipalKey(const nsIPrincipal* key) + : mKey(NS_CONST_CAST(nsIPrincipal*, key)) + { } - - ~nsIPrincipalKey(void) { - NS_IF_RELEASE(mKey); + + PrincipalKey(const PrincipalKey& toCopy) + : mKey(toCopy.mKey) + { + } + + ~PrincipalKey() + { } - - PRUint32 HashCode(void) const { - PRUint32 hash; - mKey->HashValue(&hash); - return hash; + + KeyType GetKey() const + { + return mKey; } - - PRBool Equals(const nsHashKey* aKey) const { + + KeyTypePointer GetKeyPointer() const + { + return mKey; + } + + PRBool KeyEquals(KeyTypePointer aKey) const + { PRBool eq; - mKey->Equals(((nsIPrincipalKey*) aKey)->mKey, &eq); + mKey->Equals(NS_CONST_CAST(nsIPrincipal*, aKey), + &eq); return eq; } - - nsHashKey *Clone(void) const { - return new nsIPrincipalKey(mKey); + + static KeyTypePointer KeyToPointer(KeyType aKey) + { + return aKey; } -protected: - nsIPrincipal* mKey; + static PLDHashNumber HashKey(KeyTypePointer aKey) + { + PRUint32 hash; + NS_CONST_CAST(nsIPrincipal*, aKey)->GetHashValue(&hash); + return PLDHashNumber(hash); + } + + enum { ALLOW_MEMMOVE = PR_TRUE }; + +private: + nsCOMPtr mKey; }; //////////////////// @@ -213,9 +258,12 @@ class DomainPolicy : public PLDHashTable public: DomainPolicy() : mWildcardPolicy(nsnull), mRefCount(0) - { - static PLDHashTableOps domainPolicyOps = + } + + PRBool Init() + { + static const PLDHashTableOps domainPolicyOps = { PL_DHashAllocTable, PL_DHashFreeTable, @@ -228,8 +276,8 @@ public: InitClassPolicyEntry }; - PL_DHashTableInit(this, &domainPolicyOps, nsnull, - sizeof(ClassPolicy), 16); + return PL_DHashTableInit(this, &domainPolicyOps, nsnull, + sizeof(ClassPolicy), 16); } ~DomainPolicy() @@ -397,7 +445,7 @@ private: nsresult CheckComponentPermissions(JSContext *cx, const nsCID &aCID); #endif -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_HACKER void PrintPolicyDB(); #endif @@ -408,8 +456,8 @@ private: inline void JSEnabledPrefChanged(nsISecurityPref* aSecurityPref); - static const char* sJSEnabledPrefName; - static const char* sJSMailEnabledPrefName; + static const char sJSEnabledPrefName[]; + static const char sJSMailEnabledPrefName[]; nsObjectHashtable* mOriginToPolicyMap; DomainPolicy* mDefaultPolicy; @@ -417,20 +465,21 @@ private: nsCOMPtr mPrefBranch; nsCOMPtr mSecurityPref; - nsIPrincipal* mSystemPrincipal; + nsCOMPtr mSystemPrincipal; nsCOMPtr mSystemCertificate; - nsSupportsHashtable* mPrincipals; - PRBool mIsJavaScriptEnabled; - PRBool mIsMailJavaScriptEnabled; - PRBool mIsWritingPrefs; + nsInterfaceHashtable mPrincipals; nsCOMPtr mJSContextStack; - PRBool mNameSetRegistered; - PRBool mPolicyPrefsChanged; + PRPackedBool mIsJavaScriptEnabled; + PRPackedBool mIsMailJavaScriptEnabled; + PRPackedBool mIsWritingPrefs; + PRPackedBool mPolicyPrefsChanged; #ifdef XPC_IDISPATCH_SUPPORT - PRBool mXPCDefaultGrantAll; - static const char* sXPCDefaultGrantAllName; + PRPackedBool mXPCDefaultGrantAll; + static const char sXPCDefaultGrantAllName[]; #endif + + static nsIIOService* sIOService; + static nsIXPConnect* sXPConnect; }; -#endif /*_NS_SCRIPT_SECURITY_MANAGER_H_*/ - +#endif // nsScriptSecurityManager_h__ diff --git a/mozilla/caps/include/nsSystemPrincipal.h b/mozilla/caps/include/nsSystemPrincipal.h index ae31356df2c..dc65780a3b4 100644 --- a/mozilla/caps/include/nsSystemPrincipal.h +++ b/mozilla/caps/include/nsSystemPrincipal.h @@ -14,7 +14,7 @@ * * The Original Code is mozilla.org code. * - * The Initial Developer of the Original Code is + * The Initial Developer of the Original Code is * Netscape Communications Corporation. * Portions created by the Initial Developer are Copyright (C) 1999-2000 * the Initial Developer. All Rights Reserved. @@ -38,10 +38,11 @@ /* The privileged system principal. */ -#ifndef _NS_SYSTEM_PRINCIPAL_H_ -#define _NS_SYSTEM_PRINCIPAL_H_ +#ifndef nsSystemPrincipal_h__ +#define nsSystemPrincipal_h__ -#include "nsBasePrincipal.h" +#include "nsIPrincipal.h" +#include "nsJSPrincipals.h" #define NS_SYSTEMPRINCIPAL_CLASSNAME "systemprincipal" #define NS_SYSTEMPRINCIPAL_CID \ @@ -50,42 +51,23 @@ #define NS_SYSTEMPRINCIPAL_CONTRACTID "@mozilla.org/systemprincipal;1" -class nsSystemPrincipal : public nsBasePrincipal { +class nsSystemPrincipal : public nsIPrincipal +{ public: - - NS_DECL_ISUPPORTS + NS_DECL_ISUPPORTS_INHERITED + NS_DECL_NSIPRINCIPAL NS_DECL_NSISERIALIZABLE - - NS_IMETHOD ToString(char **result); - NS_IMETHOD ToUserVisibleString(char **result); - - NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result); - - NS_IMETHOD HashValue(PRUint32 *result); - - NS_IMETHOD CanEnableCapability(const char *capability, PRInt16 *result); - - NS_IMETHOD SetCanEnableCapability(const char *capability, - PRInt16 canEnable); - - NS_IMETHOD IsCapabilityEnabled(const char *capability, void * annotation, - PRBool *result); - - NS_IMETHOD EnableCapability(const char *capability, void * *annotation); - - NS_IMETHOD RevertCapability(const char *capability, void * *annotation); - - NS_IMETHOD DisableCapability(const char *capability, void * *annotation); - - NS_IMETHOD GetPreferences(char** aPrefName, char** aID, - char** aGrantedList, char** aDeniedList); - - NS_IMETHOD Init(); + nsresult Init(); nsSystemPrincipal(); +protected: virtual ~nsSystemPrincipal(void); + + nsJSPrincipals mJSPrincipals; + // XXX Probably unnecessary. See bug 143559. + NS_DECL_OWNINGTHREAD }; -#endif // _NS_SYSTEM_PRINCIPAL_H_ +#endif // nsSystemPrincipal_h__ diff --git a/mozilla/caps/src/Makefile.in b/mozilla/caps/src/Makefile.in index 390c192b536..d4fccf9899c 100644 --- a/mozilla/caps/src/Makefile.in +++ b/mozilla/caps/src/Makefile.in @@ -50,11 +50,8 @@ REQUIRES = xpcom \ $(NULL) CPPSRCS = \ - nsBasePrincipal.cpp \ + nsPrincipal.cpp \ nsSystemPrincipal.cpp \ - nsCertificatePrincipal.cpp \ - nsCodebasePrincipal.cpp \ - nsAggregatePrincipal.cpp \ nsJSPrincipals.cpp \ nsScriptSecurityManager.cpp \ nsSecurityManagerFactory.cpp \ diff --git a/mozilla/caps/src/nsAggregatePrincipal.cpp b/mozilla/caps/src/nsAggregatePrincipal.cpp deleted file mode 100644 index 29dc43e36d1..00000000000 --- a/mozilla/caps/src/nsAggregatePrincipal.cpp +++ /dev/null @@ -1,479 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: NPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Netscape Public License - * Version 1.1 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1998-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Mitch Stoltz - * - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the NPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the NPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/*describes principals which combine one or more principals*/ -#include "nsAggregatePrincipal.h" -#include "nsIURI.h" - -static NS_DEFINE_IID(kIAggregatePrincipalIID, NS_IAGGREGATEPRINCIPAL_IID); - -NS_IMPL_QUERY_INTERFACE5_CI(nsAggregatePrincipal, nsIAggregatePrincipal, - nsICertificatePrincipal, nsICodebasePrincipal, - nsIPrincipal, nsISerializable) -NS_IMPL_CI_INTERFACE_GETTER5(nsAggregatePrincipal, nsIAggregatePrincipal, - nsICertificatePrincipal, nsICodebasePrincipal, - nsIPrincipal, nsISerializable) - -NSBASEPRINCIPALS_ADDREF(nsAggregatePrincipal); -NSBASEPRINCIPALS_RELEASE(nsAggregatePrincipal); - -////////////////////////////////////////////////// -// Methods implementing nsICertificatePrincipal // -////////////////////////////////////////////////// -NS_IMETHODIMP -nsAggregatePrincipal::GetCertificateID(char** aCertificateID) -{ - if (!mCertificate) - { - *aCertificateID = nsnull; - return NS_OK; - } - - nsCOMPtr certificate = do_QueryInterface(mCertificate); - return certificate->GetCertificateID(aCertificateID); -} - -NS_IMETHODIMP -nsAggregatePrincipal::GetCommonName(char** aCommonName) -{ - if (!mCertificate) - { - *aCommonName = nsnull; - return NS_OK; - } - - nsCOMPtr certificate = do_QueryInterface(mCertificate); - return certificate->GetCommonName(aCommonName); -} - -NS_IMETHODIMP -nsAggregatePrincipal::SetCommonName(const char* aCommonName) -{ - if (!mCertificate) - return NS_ERROR_FAILURE; - - nsCOMPtr certificate = do_QueryInterface(mCertificate); - return certificate->SetCommonName(aCommonName); -} - -/////////////////////////////////////////////// -// Methods implementing nsICodebasePrincipal // -/////////////////////////////////////////////// -NS_IMETHODIMP -nsAggregatePrincipal::GetURI(nsIURI** aURI) -{ - if (!mCodebase) - { - *aURI = nsnull; - return NS_ERROR_FAILURE; - } - - nsCOMPtr codebase = do_QueryInterface(mCodebase); - return codebase->GetURI(aURI); -} - -NS_IMETHODIMP -nsAggregatePrincipal::GetOrigin(char** aOrigin) -{ - if (!mCodebase) - { - *aOrigin = nsnull; - return NS_ERROR_FAILURE; - } - - nsCOMPtr codebase = do_QueryInterface(mCodebase); - return codebase->GetOrigin(aOrigin); -} - -NS_IMETHODIMP -nsAggregatePrincipal::GetSpec(char** aSpec) -{ - if (!mCodebase) - { - *aSpec = nsnull; - return NS_ERROR_FAILURE; - } - - nsCOMPtr codebase = do_QueryInterface(mCodebase); - return codebase->GetSpec(aSpec); -} - -//////////////////////////////////////////////// -// Methods implementing nsIAggregatePrincipal // -//////////////////////////////////////////////// -NS_IMETHODIMP -nsAggregatePrincipal::GetCertificate(nsIPrincipal** result) -{ - *result = mCertificate; - NS_IF_ADDREF(*result); - return NS_OK; -} - -NS_IMETHODIMP -nsAggregatePrincipal::GetCodebase(nsIPrincipal** result) -{ - *result = mCodebase; - NS_IF_ADDREF(*result); - return NS_OK; -} - -NS_IMETHODIMP -nsAggregatePrincipal::SetCertificate(nsIPrincipal* aCertificate) -{ - nsresult rv; - //-- Make sure this really is a certificate principal - if (aCertificate) - { - nsCOMPtr tempCertificate = - do_QueryInterface(aCertificate, &rv); - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - } - - //-- If aCertificate is an aggregate, get its underlying certificate - nsCOMPtr agg = - do_QueryInterface(aCertificate, &rv); - if (NS_SUCCEEDED(rv)) - { - nsCOMPtr underlying; - rv = agg->GetCertificate(getter_AddRefs(underlying)); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - mCertificate = underlying.get(); - } - else - mCertificate = aCertificate; - // New certificate, so forget cached security policy - mCachedSecurityPolicy = nsnull; - return NS_OK; -} - -NS_IMETHODIMP -nsAggregatePrincipal::SetCodebase(nsIPrincipal* aCodebase) -{ - nsresult rv; - nsCOMPtr newCodebase(aCodebase); - - //-- If newCodebase is an aggregate, get its underlying codebase - nsCOMPtr agg = - do_QueryInterface(newCodebase, &rv); - if (NS_SUCCEEDED(rv)) - { - rv = agg->GetCodebase(getter_AddRefs(newCodebase)); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - } - else - { //-- Make sure this really is a codebase principal - nsCOMPtr tempCodebase = - do_QueryInterface(newCodebase, &rv); - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - } - - mCodebase = newCodebase; - - //-- If this is the first codebase set, remember it. - if (!mOriginalCodebase) - mOriginalCodebase = newCodebase; - else - { - mDomainChanged = PR_TRUE; - // Codebase has changed, forget cached security policy - mCachedSecurityPolicy = nsnull; - } - - return NS_OK; -} - -NS_IMETHODIMP -nsAggregatePrincipal::GetOriginalCodebase(nsIPrincipal** aOriginalCodebase) -{ - NS_ENSURE_ARG_POINTER(aOriginalCodebase); - - *aOriginalCodebase = mOriginalCodebase; - NS_IF_ADDREF(*aOriginalCodebase); - - return NS_OK; -} - -NS_IMETHODIMP -nsAggregatePrincipal::GetPrimaryChild(nsIPrincipal** aPrimaryChild) -{ - //-- If a certificate is present, then that's the PrimaryChild principal. - // Otherwise we use the codebase. - if (mCertificate) - *aPrimaryChild = mCertificate.get(); - else if (mCodebase) - *aPrimaryChild = mCodebase.get(); - else - { - *aPrimaryChild = nsnull; - return NS_ERROR_FAILURE; - } - - NS_IF_ADDREF(*aPrimaryChild); - return NS_OK; -} - -NS_IMETHODIMP -nsAggregatePrincipal::Intersect(nsIPrincipal* other) -{ - NS_ASSERTION(mCodebase, "Principal without codebase"); - - if (mCertificate) - { - PRBool sameCert = PR_FALSE; - if (NS_FAILED(mCertificate->Equals(other, &sameCert))) - return NS_ERROR_FAILURE; - if (!sameCert) - SetCertificate(nsnull); - } - return NS_OK; -} - -NS_IMETHODIMP -nsAggregatePrincipal::SetDomainChanged(PRBool aDomainChanged) -{ - mDomainChanged = aDomainChanged; - return NS_OK; -} - -NS_IMETHODIMP -nsAggregatePrincipal::GetDomainChanged(PRBool* aDomainChanged) -{ - *aDomainChanged = mDomainChanged; - return NS_OK; -} - -NS_IMETHODIMP -nsAggregatePrincipal::GetCachedSecurityPolicy(void** aCachedSecurityPolicy) -{ - *aCachedSecurityPolicy = mCachedSecurityPolicy; - return NS_OK; -} - -NS_IMETHODIMP -nsAggregatePrincipal::SetCachedSecurityPolicy(void* aCachedSecurityPolicy) -{ - mCachedSecurityPolicy = aCachedSecurityPolicy; - return NS_OK; -} - - -/////////////////////////////////////// -// Methods implementing nsIPrincipal // -/////////////////////////////////////// -NS_IMETHODIMP -nsAggregatePrincipal::ToString(char **result) -{ - nsCOMPtr PrimaryChild; - if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) - return NS_ERROR_FAILURE; - return PrimaryChild->ToString(result); -} - -NS_IMETHODIMP -nsAggregatePrincipal::ToUserVisibleString(char **result) -{ - nsCOMPtr PrimaryChild; - if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) - return NS_ERROR_FAILURE; - return PrimaryChild->ToUserVisibleString(result); -} - -NS_IMETHODIMP -nsAggregatePrincipal::Equals(nsIPrincipal * other, PRBool * result) -{ - *result = PR_FALSE; - if (this == other) { - *result = PR_TRUE; - return NS_OK; - } - if (!other) - return NS_OK; - - nsresult rv; - nsCOMPtr otherAgg = - do_QueryInterface(other, &rv); - if (NS_FAILED(rv)) - return NS_OK; - //-- Two aggregates are equal if both codebase and certificate are equal - PRBool certEqual = PR_TRUE; - if (mCertificate) - { - rv = mCertificate->Equals(other, &certEqual); - if(NS_FAILED(rv)) return rv; - } - PRBool cbEqual = PR_TRUE; - if (mCodebase) - { - rv = mCodebase->Equals(other, &cbEqual); - if(NS_FAILED(rv)) return rv; - } - if (mCertificate || mCodebase) // At least one must be present - *result = certEqual && cbEqual; - return NS_OK; -} - -NS_IMETHODIMP -nsAggregatePrincipal::HashValue(PRUint32 *result) -{ - nsCOMPtr PrimaryChild; - if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) - return NS_ERROR_FAILURE; - return PrimaryChild->HashValue(result); -} - -NS_IMETHODIMP -nsAggregatePrincipal::CanEnableCapability(const char *capability, - PRInt16 *result) -{ - nsCOMPtr PrimaryChild; - if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) - return NS_ERROR_FAILURE; - return PrimaryChild->CanEnableCapability(capability, result); -} - -NS_IMETHODIMP -nsAggregatePrincipal::SetCanEnableCapability(const char *capability, - PRInt16 canEnable) -{ - nsCOMPtr PrimaryChild; - if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) - return NS_ERROR_FAILURE; - return PrimaryChild->SetCanEnableCapability(capability, canEnable); -} - -NS_IMETHODIMP -nsAggregatePrincipal::IsCapabilityEnabled(const char *capability, void *annotation, - PRBool *result) -{ - nsCOMPtr PrimaryChild; - if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) - return NS_ERROR_FAILURE; - return PrimaryChild->IsCapabilityEnabled(capability, annotation, result); -} - -NS_IMETHODIMP -nsAggregatePrincipal::EnableCapability(const char *capability, void **annotation) -{ - nsCOMPtr PrimaryChild; - if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) - return NS_ERROR_FAILURE; - return PrimaryChild->EnableCapability(capability, annotation); -} - -NS_IMETHODIMP -nsAggregatePrincipal::RevertCapability(const char *capability, void **annotation) -{ - nsCOMPtr PrimaryChild; - if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) - return NS_ERROR_FAILURE; - return PrimaryChild->RevertCapability(capability, annotation); -} - -NS_IMETHODIMP -nsAggregatePrincipal::DisableCapability(const char *capability, void **annotation) -{ - nsCOMPtr PrimaryChild; - if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) - return NS_ERROR_FAILURE; - return PrimaryChild->DisableCapability(capability, annotation); -} - -NS_IMETHODIMP -nsAggregatePrincipal::GetPreferences(char** aPrefName, char** aID, - char** aGrantedList, char** aDeniedList) -{ - nsCOMPtr PrimaryChild; - if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) - return NS_ERROR_FAILURE; - return PrimaryChild->GetPreferences(aPrefName, aID, - aGrantedList, aDeniedList); -} - -////////////////////////////////////////// -// Methods implementing nsISerializable // -////////////////////////////////////////// - -NS_IMETHODIMP -nsAggregatePrincipal::Read(nsIObjectInputStream* aStream) -{ - nsresult rv; - - rv = nsBasePrincipal::Read(aStream); - if (NS_FAILED(rv)) return rv; - - rv = NS_ReadOptionalObject(aStream, PR_TRUE, getter_AddRefs(mCertificate)); - if (NS_FAILED(rv)) return rv; - - rv = NS_ReadOptionalObject(aStream, PR_TRUE, getter_AddRefs(mCodebase)); - if (NS_FAILED(rv)) return rv; - - return NS_OK; -} - -NS_IMETHODIMP -nsAggregatePrincipal::Write(nsIObjectOutputStream* aStream) -{ - nsresult rv; - - rv = nsBasePrincipal::Write(aStream); - if (NS_FAILED(rv)) return rv; - - rv = NS_WriteOptionalObject(aStream, mCertificate, PR_TRUE); - if (NS_FAILED(rv)) return rv; - - rv = NS_WriteOptionalCompoundObject(aStream, mCodebase, NS_GET_IID(nsIPrincipal), PR_TRUE); - if (NS_FAILED(rv)) return rv; - - return NS_OK; -} - -///////////////////////////////////////////// -// Constructor, Destructor, initialization // -///////////////////////////////////////////// - -nsAggregatePrincipal::nsAggregatePrincipal() : mCachedSecurityPolicy(nsnull), - mDomainChanged(PR_FALSE) -{ -} - -nsAggregatePrincipal::~nsAggregatePrincipal() -{ -} diff --git a/mozilla/caps/src/nsBasePrincipal.cpp b/mozilla/caps/src/nsBasePrincipal.cpp deleted file mode 100644 index 71e7b75c9cd..00000000000 --- a/mozilla/caps/src/nsBasePrincipal.cpp +++ /dev/null @@ -1,421 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- - * - * The contents of this file are subject to the Netscape Public License - * Version 1.0 (the "NPL"); you may not use this file except in - * compliance with the NPL. You may obtain a copy of the NPL at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the NPL is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL - * for the specific language governing rights and limitations under the - * NPL. - * - * The Initial Developer of this code under the NPL is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1999-2000 Netscape Communications Corporation. All Rights - * Reserved. - * - * Contributor(s): - * Norris Boyd - * Mitch Stoltz - */ - -#include "nscore.h" -#include "nsBasePrincipal.h" -#include "nsScriptSecurityManager.h" -#include "nsString.h" -#include "nsReadableUtils.h" -#include "plstr.h" -#include "nsCRT.h" - -////////////////////////// - -nsBasePrincipal::nsBasePrincipal() - : mCapabilities(nsnull) -{ -} - -PR_STATIC_CALLBACK(PRBool) -deleteElement(void* aElement, void *aData) -{ - nsHashtable *ht = (nsHashtable *) aElement; - delete ht; - return PR_TRUE; -} - -nsBasePrincipal::~nsBasePrincipal(void) -{ - mAnnotations.EnumerateForwards(deleteElement, nsnull); - delete mCapabilities; -} - -NS_IMETHODIMP -nsBasePrincipal::GetJSPrincipals(JSPrincipals **jsprin) -{ - if (mJSPrincipals.nsIPrincipalPtr == nsnull) { - mJSPrincipals.nsIPrincipalPtr = this; - // No need for a ADDREF since it is a self-reference - } - *jsprin = &mJSPrincipals; - JSPRINCIPALS_HOLD(cx, *jsprin); - return NS_OK; -} - -const char -nsBasePrincipal::Invalid[] = "Invalid"; - -NS_IMETHODIMP -nsBasePrincipal::CanEnableCapability(const char *capability, PRInt16 *result) -{ - if (!mCapabilities) { - *result = nsIPrincipal::ENABLE_UNKNOWN; - return NS_OK; - } - else // If this principal is marked invalid, can't enable any capabilities - { - nsCStringKey invalidKey(Invalid); - if (mCapabilities->Exists(&invalidKey)) - { - *result = nsIPrincipal::ENABLE_DENIED; - return NS_OK; - } - } - - const char *start = capability; - *result = nsIPrincipal::ENABLE_GRANTED; - for(;;) { - const char *space = PL_strchr(start, ' '); - int len = space ? space - start : strlen(start); - nsCAutoString capString(start, len); - nsCStringKey key(capString); - PRInt16 value = (PRInt16)NS_PTR_TO_INT32(mCapabilities->Get(&key)); - if (value == 0) - value = nsIPrincipal::ENABLE_UNKNOWN; - if (value < *result) - *result = value; - if (!space) - return NS_OK; - start = space + 1; - } - /* NOTREACHED */ - return NS_OK; -} - -NS_IMETHODIMP -nsBasePrincipal::SetCanEnableCapability(const char *capability, - PRInt16 canEnable) -{ - if (!mCapabilities) { - mCapabilities = new nsHashtable(7); - if (!mCapabilities) - return NS_ERROR_OUT_OF_MEMORY; - } - else // If this principal is marked invalid, can't enable any capabilities - { - nsCStringKey invalidKey(Invalid); - if (mCapabilities->Exists(&invalidKey)) - return NS_OK; - } - - if (PL_strcmp(capability, Invalid) == 0) - mCapabilities->Reset(); - - const char *start = capability; - for(;;) { - const char *space = PL_strchr(start, ' '); - int len = space ? space - start : strlen(start); - nsCAutoString capString(start, len); - nsCStringKey key(capString); - mCapabilities->Put(&key, (void *) canEnable); - if (!space) - return NS_OK; - start = space + 1; - } - /* NOTREACHED */ - return NS_OK; -} - -NS_IMETHODIMP -nsBasePrincipal::IsCapabilityEnabled(const char *capability, void *annotation, - PRBool *result) -{ - *result = PR_FALSE; - nsHashtable *ht = (nsHashtable *) annotation; - if (!ht) { - return NS_OK; - } - const char *start = capability; - for(;;) { - const char *space = PL_strchr(start, ' '); - int len = space ? space - start : strlen(start); - nsCAutoString capString(start, len); - nsCStringKey key(capString); - *result = (ht->Get(&key) == (void *) AnnotationEnabled); - if (!*result) { - // If any single capability is not enabled, then return false. - return NS_OK; - } - if (!space) - return NS_OK; - start = space + 1; - } - return NS_OK; -} - -NS_IMETHODIMP -nsBasePrincipal::EnableCapability(const char *capability, void **annotation) -{ - return SetCapability(capability, annotation, AnnotationEnabled); -} - -NS_IMETHODIMP -nsBasePrincipal::DisableCapability(const char *capability, void **annotation) -{ - return SetCapability(capability, annotation, AnnotationDisabled); -} - -NS_IMETHODIMP -nsBasePrincipal::RevertCapability(const char *capability, void **annotation) -{ - if (*annotation) { - nsHashtable *ht = (nsHashtable *) *annotation; - const char *start = capability; - for(;;) { - const char *space = PL_strchr(start, ' '); - int len = space ? space - start : strlen(start); - nsCAutoString capString(start, len); - nsCStringKey key(capString); - ht->Remove(&key); - if (!space) - return NS_OK; - start = space + 1; - } - } - return NS_OK; -} - -NS_IMETHODIMP -nsBasePrincipal::SetCapability(const char *capability, void **annotation, - AnnotationValue value) -{ - if (*annotation == nsnull) { - *annotation = new nsHashtable(5); - if (!*annotation) - return NS_ERROR_OUT_OF_MEMORY; - // This object owns its annotations. Save them so we can release - // them when we destroy this object. - mAnnotations.AppendElement(*annotation); - } - - const char *start = capability; - for(;;) { - const char *space = PL_strchr(start, ' '); - int len = space ? space - start : strlen(start); - nsCAutoString capString(start, len); - nsCStringKey key(capString); - nsHashtable *ht = (nsHashtable *) *annotation; - ht->Put(&key, (void *) value); - if (!space) - return NS_OK; - start = space + 1; - } - /* NOTREACHED */ - return NS_OK; -} - -int nsBasePrincipal::mCapabilitiesOrdinal = 0; - -nsresult -nsBasePrincipal::InitFromPersistent(const char* aPrefName, const char* aID, - const char* aGrantedList, const char* aDeniedList) -{ - //-- Empty the capability table - if (mCapabilities) - mCapabilities->Reset(); - - //-- Save the preference name - mPrefName = aPrefName; - - const char* ordinalBegin = PL_strpbrk(aPrefName, "1234567890"); - if (ordinalBegin) { - int n = atoi(ordinalBegin); - if (mCapabilitiesOrdinal <= n) - mCapabilitiesOrdinal = n+1; - } - - //-- Store the capabilities - if (aGrantedList) - if(NS_FAILED(SetCanEnableCapability(aGrantedList, nsIPrincipal::ENABLE_GRANTED))) - return NS_ERROR_FAILURE; - if (aDeniedList) - if(NS_FAILED(SetCanEnableCapability(aDeniedList, nsIPrincipal::ENABLE_DENIED))) - return NS_ERROR_FAILURE; - return NS_OK; -} - -struct CapabilityList -{ - nsCString* granted; - nsCString* denied; -}; - -PR_STATIC_CALLBACK(PRBool) -AppendCapability(nsHashKey *aKey, void *aData, void *capListPtr) -{ - CapabilityList* capList = (CapabilityList*)capListPtr; - PRInt16 value = (PRInt16)NS_PTR_TO_INT32(aData); - nsCStringKey* key = (nsCStringKey *)aKey; - if (value == nsIPrincipal::ENABLE_GRANTED) - { - capList->granted->Append(key->GetString(), key->GetStringLength()); - capList->granted->Append(' '); - } - else if (value == nsIPrincipal::ENABLE_DENIED) - { - capList->denied->Append(key->GetString(), key->GetStringLength()); - capList->denied->Append(' '); - } - return PR_TRUE; -} - -NS_IMETHODIMP -nsBasePrincipal::GetPreferences(char** aPrefName, char** aID, - char** aGrantedList, char** aDeniedList) -{ - //-- Preference name - *aPrefName = ToNewCString(mPrefName); - if (!aPrefName) - return NS_ERROR_OUT_OF_MEMORY; - - //-- ID - if (NS_FAILED(ToString(aID))) - return NS_ERROR_FAILURE; - - //-- Capabilities - *aGrantedList = nsnull; - *aDeniedList = nsnull; - if (mCapabilities) { - nsCAutoString grantedListStr; - nsCAutoString deniedListStr; - CapabilityList* capList = new CapabilityList(); - capList->granted = &grantedListStr; - capList->denied = &deniedListStr; - mCapabilities->Enumerate(AppendCapability, (void*)capList); - if (!grantedListStr.IsEmpty()) - { - grantedListStr.Truncate(grantedListStr.Length()-1); - *aGrantedList = ToNewCString(grantedListStr); - if (!*aGrantedList) return NS_ERROR_OUT_OF_MEMORY; - } - if (!deniedListStr.IsEmpty()) - { - deniedListStr.Truncate(deniedListStr.Length()-1); - *aDeniedList = ToNewCString(deniedListStr); - if (!*aDeniedList) return NS_ERROR_OUT_OF_MEMORY; - } - } - return NS_OK; -} - -PR_STATIC_CALLBACK(nsresult) -ReadAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey** aKey, - void** aData) -{ - nsresult rv; - nsCStringKey* key = new nsCStringKey(aStream, &rv); - if (NS_FAILED(rv)) return rv; - - PRUint32 value; - rv = aStream->Read32(&value); - if (NS_FAILED(rv)) { - delete key; - return rv; - } - - *aKey = key; - *aData = (void*) value; - return NS_OK; -} - -PR_STATIC_CALLBACK(void) -FreeAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey* aKey, - void* aData) -{ - if (aKey) - delete NS_STATIC_CAST(nsCStringKey*, aKey); -} - -nsresult -nsBasePrincipal::Read(nsIObjectInputStream* aStream) -{ - nsresult rv; - - PRUint32 annotationCount; - rv = aStream->Read32(&annotationCount); - if (NS_FAILED(rv)) return rv; - - for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) { - nsHashtable *ht = new nsHashtable(aStream, - ReadAnnotationEntry, - FreeAnnotationEntry, - &rv); - NS_ASSERTION(NS_SUCCEEDED(rv) || ht == nsnull, - "failure but non-null return from nsHashtable ctor!"); - if (NS_FAILED(rv)) return rv; - - if (!mAnnotations.InsertElementAt(NS_REINTERPRET_CAST(void*, ht), i)) { - delete ht; - return NS_ERROR_OUT_OF_MEMORY; - } - } - - PRBool hasCapabilities; - rv = aStream->ReadBoolean(&hasCapabilities); - if (NS_SUCCEEDED(rv) && hasCapabilities) { - mCapabilities = new nsHashtable(aStream, - ReadAnnotationEntry, - FreeAnnotationEntry, - &rv); - } - if (NS_FAILED(rv)) return rv; - - rv = NS_ReadOptionalCString(aStream, mPrefName); - if (NS_FAILED(rv)) return rv; - - return NS_OK; -} - -PR_STATIC_CALLBACK(nsresult) -WriteScalarValue(nsIObjectOutputStream* aStream, void* aData) -{ - PRUint32 value = NS_PTR_TO_INT32(aData); - - return aStream->Write32(value); -} - -nsresult -nsBasePrincipal::Write(nsIObjectOutputStream* aStream) -{ - nsresult rv; - - PRUint32 annotationCount = PRUint32(mAnnotations.Count()); - rv = aStream->Write32(annotationCount); - if (NS_FAILED(rv)) return rv; - - for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) { - nsHashtable *ht = NS_REINTERPRET_CAST(nsHashtable *, mAnnotations[i]); - rv = ht->Write(aStream, WriteScalarValue); - if (NS_FAILED(rv)) return rv; - } - - PRBool hasCapabilities = (mCapabilities != nsnull); - rv = aStream->WriteBoolean(hasCapabilities); - if (NS_SUCCEEDED(rv) && hasCapabilities) - rv = mCapabilities->Write(aStream, WriteScalarValue); - if (NS_FAILED(rv)) return rv; - - rv = NS_WriteOptionalStringZ(aStream, mPrefName.get()); - if (NS_FAILED(rv)) return rv; - - return NS_OK; -} diff --git a/mozilla/caps/src/nsCertificatePrincipal.cpp b/mozilla/caps/src/nsCertificatePrincipal.cpp deleted file mode 100644 index b8fefcecf58..00000000000 --- a/mozilla/caps/src/nsCertificatePrincipal.cpp +++ /dev/null @@ -1,227 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: NPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Netscape Public License - * Version 1.1 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1998-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Mitch Stoltz - * - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the NPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the NPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/*describes principals for use in signed scripts*/ -#include "nsCertificatePrincipal.h" -#include "prmem.h" -#include "nsCOMPtr.h" -#include "nsReadableUtils.h" -#include "nsCRT.h" - -static NS_DEFINE_IID(kICertificatePrincipalIID, NS_ICERTIFICATEPRINCIPAL_IID); - -NS_IMPL_QUERY_INTERFACE3_CI(nsCertificatePrincipal, - nsICertificatePrincipal, - nsIPrincipal, - nsISerializable) -NS_IMPL_CI_INTERFACE_GETTER3(nsCertificatePrincipal, - nsICertificatePrincipal, - nsIPrincipal, - nsISerializable) - -NSBASEPRINCIPALS_ADDREF(nsCertificatePrincipal); -NSBASEPRINCIPALS_RELEASE(nsCertificatePrincipal); - -////////////////////////////////////////////////// -// Methods implementing nsICertificatePrincipal // -////////////////////////////////////////////////// -NS_IMETHODIMP -nsCertificatePrincipal::GetCertificateID(char** aCertificateID) -{ - *aCertificateID = ToNewCString(mCertificateID); - return *aCertificateID ? NS_OK : NS_ERROR_OUT_OF_MEMORY; -} - -NS_IMETHODIMP -nsCertificatePrincipal::GetCommonName(char** aCommonName) -{ - *aCommonName = ToNewCString(mCommonName); - return *aCommonName ? NS_OK : NS_ERROR_OUT_OF_MEMORY; -} - -NS_IMETHODIMP -nsCertificatePrincipal::SetCommonName(const char* aCommonName) -{ - mCommonName = aCommonName; - return NS_OK; -} - -/////////////////////////////////////// -// Methods implementing nsIPrincipal // -/////////////////////////////////////// -NS_IMETHODIMP -nsCertificatePrincipal::CanEnableCapability(const char *capability, - PRInt16 *result) -{ - if(NS_FAILED(nsBasePrincipal::CanEnableCapability(capability, result))) - return NS_ERROR_FAILURE; - if (*result == nsIPrincipal::ENABLE_UNKNOWN) - *result = ENABLE_WITH_USER_PERMISSION; - return NS_OK; -} - -NS_IMETHODIMP -nsCertificatePrincipal::ToString(char **result) -{ - return GetCertificateID(result); -} - -NS_IMETHODIMP -nsCertificatePrincipal::ToUserVisibleString(char **result) -{ - return GetCommonName(result); -} - -NS_IMETHODIMP -nsCertificatePrincipal::GetPreferences(char** aPrefName, char** aID, - char** aGrantedList, char** aDeniedList) -{ - if (mPrefName.IsEmpty()) { - mPrefName.Assign("capability.principal.certificate.p"); - mPrefName.AppendInt(mCapabilitiesOrdinal++); - mPrefName.Append(".id"); - } - return nsBasePrincipal::GetPreferences(aPrefName, aID, - aGrantedList, aDeniedList); -} - -NS_IMETHODIMP -nsCertificatePrincipal::Equals(nsIPrincipal * other, PRBool * result) -{ - *result = PR_FALSE; - if (this == other) { - *result = PR_TRUE; - return NS_OK; - } - if (!other) - return NS_OK; - nsresult rv; - nsCOMPtr otherCertificate = - do_QueryInterface(other, &rv); - if (NS_FAILED(rv)) - return NS_OK; - //-- Compare cert ID's - char* otherID; - rv = otherCertificate->GetCertificateID(&otherID); - if (NS_FAILED(rv)) - { - PR_FREEIF(otherID); - return rv; - } - *result = mCertificateID.Equals(otherID); - PR_FREEIF(otherID); - return NS_OK; -} - -NS_IMETHODIMP -nsCertificatePrincipal::HashValue(PRUint32 *result) -{ - char* str; - if (NS_FAILED(ToString(&str)) || !str) return NS_ERROR_FAILURE; - *result = nsCRT::HashCode(str, nsnull); - nsCRT::free(str); - return NS_OK; -} - -////////////////////////////////////////// -// Methods implementing nsISerializable // -////////////////////////////////////////// - -NS_IMETHODIMP -nsCertificatePrincipal::Read(nsIObjectInputStream* aStream) -{ - nsresult rv; - - rv = nsBasePrincipal::Read(aStream); - if (NS_FAILED(rv)) return rv; - - rv = aStream->ReadCString(mCertificateID); - if (NS_FAILED(rv)) return rv; - - rv = NS_ReadOptionalCString(aStream, mCommonName); - if (NS_FAILED(rv)) return rv; - - return NS_OK; -} - -NS_IMETHODIMP -nsCertificatePrincipal::Write(nsIObjectOutputStream* aStream) -{ - nsresult rv; - - rv = nsBasePrincipal::Write(aStream); - if (NS_FAILED(rv)) return rv; - - rv = aStream->WriteStringZ(mCertificateID.get()); - if (NS_FAILED(rv)) return rv; - - rv = NS_WriteOptionalStringZ(aStream, mCommonName.get()); - if (NS_FAILED(rv)) return rv; - - return NS_OK; -} - -///////////////////////////////////////////// -// Constructor, Destructor, initialization // -///////////////////////////////////////////// -nsresult -nsCertificatePrincipal::InitFromPersistent(const char* aPrefName, const char* aCertID, - const char* aGrantedList, const char* aDeniedList) -{ - if (NS_FAILED(Init(aCertID))) - return NS_ERROR_FAILURE; - - return nsBasePrincipal::InitFromPersistent(aPrefName, aCertID, - aGrantedList, aDeniedList); -} - -NS_IMETHODIMP -nsCertificatePrincipal::Init(const char* aCertificateID) -{ - mCertificateID = aCertificateID; - return NS_OK; -} - -nsCertificatePrincipal::nsCertificatePrincipal() -{ -} - -nsCertificatePrincipal::~nsCertificatePrincipal() -{ -} diff --git a/mozilla/caps/src/nsCodebasePrincipal.cpp b/mozilla/caps/src/nsCodebasePrincipal.cpp deleted file mode 100644 index 6ddac6a3394..00000000000 --- a/mozilla/caps/src/nsCodebasePrincipal.cpp +++ /dev/null @@ -1,311 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: NPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Netscape Public License - * Version 1.1 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * http://www.mozilla.org/NPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1999-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the NPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the NPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* Describes principals by their orginating uris */ - -#include "nsCodebasePrincipal.h" -#include "nsIComponentManager.h" -#include "nsIServiceManager.h" -#include "nsNetUtil.h" -#include "nsIURL.h" -#include "nsIJARURI.h" -#include "nsCOMPtr.h" -#include "nsIPrefBranch.h" -#include "nsIPrefService.h" -#include "nsXPIDLString.h" -#include "nsReadableUtils.h" -#include "nsCRT.h" -#include "nsScriptSecurityManager.h" - -NS_IMPL_QUERY_INTERFACE3_CI(nsCodebasePrincipal, - nsICodebasePrincipal, - nsIPrincipal, - nsISerializable) -NS_IMPL_CI_INTERFACE_GETTER3(nsCodebasePrincipal, - nsICodebasePrincipal, - nsIPrincipal, - nsISerializable) - -NSBASEPRINCIPALS_ADDREF(nsCodebasePrincipal); -NSBASEPRINCIPALS_RELEASE(nsCodebasePrincipal); - -/////////////////////////////////////// -// Methods implementing nsIPrincipal // -/////////////////////////////////////// -NS_IMETHODIMP -nsCodebasePrincipal::ToString(char **result) -{ - *result = nsnull; - PRBool isFile = PR_TRUE; - if(NS_FAILED(mURI->SchemeIs("file", &isFile))) - return NS_ERROR_FAILURE; - - if (isFile) - { - nsCOMPtr url(do_QueryInterface(mURI)); - if (url) - { - nsCAutoString directory; - nsresult rv = url->GetDirectory(directory); - if (NS_FAILED(rv)) - return rv; - nsCAutoString fileName; - rv = url->GetFileName(fileName); - if (NS_FAILED(rv)) - return rv; - *result = - ToNewCString(NS_LITERAL_CSTRING("file://") + directory + fileName); - if (!*result) - return NS_ERROR_OUT_OF_MEMORY; - return NS_OK; - } - } - return GetOrigin(result); -} - -NS_IMETHODIMP -nsCodebasePrincipal::ToUserVisibleString(char **result) -{ - return ToString(result); -} - -NS_IMETHODIMP -nsCodebasePrincipal::GetPreferences(char** aPrefName, char** aID, - char** aGrantedList, char** aDeniedList) -{ - if (mPrefName.IsEmpty()) - { - mPrefName.Assign("capability.principal.codebase.p"); - mPrefName.AppendInt(mCapabilitiesOrdinal++); - mPrefName.Append(".id"); - } - return nsBasePrincipal::GetPreferences(aPrefName, aID, - aGrantedList, aDeniedList); -} - -NS_IMETHODIMP -nsCodebasePrincipal::HashValue(PRUint32 *result) -{ - nsXPIDLCString spec; - if (NS_FAILED(GetSpec(getter_Copies(spec)))) - return NS_ERROR_FAILURE; - *result = nsCRT::HashCode(spec, nsnull); - return NS_OK; -} - -NS_IMETHODIMP -nsCodebasePrincipal::CanEnableCapability(const char *capability, - PRInt16 *result) -{ - // Either this principal must be preconfigured as a trusted source - // (mTrusted), or else the codebase principal pref must be enabled - if (!mTrusted) - { - static char pref[] = "signed.applets.codebase_principal_support"; - nsCOMPtr prefBranch(do_GetService(NS_PREFSERVICE_CONTRACTID)); - if (!prefBranch) - return NS_ERROR_FAILURE; - PRBool enabled; - if (NS_FAILED(prefBranch->GetBoolPref(pref, &enabled)) || !enabled) - { - // Deny unless subject is executing from file: or resource: - PRBool isFile = PR_FALSE; - PRBool isRes = PR_FALSE; - - if (NS_FAILED(mURI->SchemeIs("file", &isFile)) || - NS_FAILED(mURI->SchemeIs("resource", &isRes)) || - (!isFile && !isRes)) - { - *result = nsIPrincipal::ENABLE_DENIED; - return NS_OK; - } - } - } - nsBasePrincipal::CanEnableCapability(capability, result); - if (*result == nsIPrincipal::ENABLE_UNKNOWN) - *result = ENABLE_WITH_USER_PERMISSION; - return NS_OK; -} - -/////////////////////////////////////////////// -// Methods implementing nsICodebasePrincipal // -/////////////////////////////////////////////// - -NS_IMETHODIMP -nsCodebasePrincipal::GetURI(nsIURI **uri) -{ - *uri = mURI; - NS_ADDREF(*uri); - return NS_OK; -} - -NS_IMETHODIMP -nsCodebasePrincipal::GetOrigin(char **origin) -{ - nsresult rv; - nsCAutoString hostPort; - if (NS_SUCCEEDED(mURI->GetHostPort(hostPort))) - { - nsCAutoString scheme; - rv = mURI->GetScheme(scheme); - NS_ENSURE_SUCCESS(rv, rv); - *origin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort); - } - else - { - // Some URIs (e.g., nsSimpleURI) don't support host. Just - // get the full spec. - nsCAutoString spec; - rv = mURI->GetSpec(spec); - NS_ENSURE_SUCCESS(rv, rv); - *origin = ToNewCString(spec); - } - - return *origin ? NS_OK : NS_ERROR_OUT_OF_MEMORY; -} - -NS_IMETHODIMP -nsCodebasePrincipal::GetSpec(char **spec) -{ - nsCAutoString buf; - nsresult rv = mURI->GetSpec(buf); - if (NS_FAILED(rv)) return rv; - - *spec = ToNewCString(buf); - return *spec ? NS_OK : NS_ERROR_OUT_OF_MEMORY; -} - -NS_IMETHODIMP -nsCodebasePrincipal::Equals(nsIPrincipal *aOther, PRBool *result) -{ - if (this == aOther) - { - *result = PR_TRUE; - return NS_OK; - } - *result = PR_FALSE; - if (!aOther) - return NS_OK; - - // Get a URI from the other principal - nsCOMPtr otherCodebase( - do_QueryInterface(aOther)); - if (!otherCodebase) - { - // Other principal is not a codebase, so return false - return NS_OK; - } - nsCOMPtr otherURI; - otherCodebase->GetURI(getter_AddRefs(otherURI)); - - NS_ENSURE_TRUE(otherURI, NS_ERROR_FAILURE); - return nsScriptSecurityManager::SecurityCompareURIs(mURI, - otherURI, - result); -} - -////////////////////////////////////////// -// Methods implementing nsISerializable // -////////////////////////////////////////// - -NS_IMETHODIMP -nsCodebasePrincipal::Read(nsIObjectInputStream* aStream) -{ - nsresult rv; - - rv = nsBasePrincipal::Read(aStream); - if (NS_FAILED(rv)) return rv; - - return aStream->ReadObject(PR_TRUE, getter_AddRefs(mURI)); -} - -NS_IMETHODIMP -nsCodebasePrincipal::Write(nsIObjectOutputStream* aStream) -{ - nsresult rv; - - rv = nsBasePrincipal::Write(aStream); - if (NS_FAILED(rv)) return rv; - - return aStream->WriteCompoundObject(mURI, NS_GET_IID(nsIURI), PR_TRUE); -} - -///////////////////////////////////////////// -// Constructor, Destructor, initialization // -///////////////////////////////////////////// - -nsCodebasePrincipal::nsCodebasePrincipal() : mTrusted(PR_FALSE) -{ -} - -nsresult -nsCodebasePrincipal::Init(nsIURI *uri) -{ - nsCAutoString codebase; - if (uri == nsnull || NS_FAILED(uri->GetSpec(codebase))) - return NS_ERROR_FAILURE; - if (NS_FAILED(mJSPrincipals.Init(ToNewCString(codebase)))) - return NS_ERROR_FAILURE; - // JSPrincipals::Init adopts its input - mURI = uri; - return NS_OK; -} - -// This method overrides nsBasePrincipal::InitFromPersistent -nsresult -nsCodebasePrincipal::InitFromPersistent(const char* aPrefName, const char* aURLStr, - const char* aGrantedList, const char* aDeniedList, - PRBool aTrusted) -{ - nsresult rv; - nsCOMPtr uri; - rv = NS_NewURI(getter_AddRefs(uri), nsDependentCString(aURLStr), nsnull); - NS_ASSERTION(NS_SUCCEEDED(rv), "Malformed URI in security.principal preference."); - if (NS_FAILED(rv)) return rv; - - if (NS_FAILED(Init(uri))) return NS_ERROR_FAILURE; - // XXX: Add check for trusted = SSL only here? - mTrusted = aTrusted; - - return nsBasePrincipal::InitFromPersistent(aPrefName, aURLStr, - aGrantedList, aDeniedList); -} - -nsCodebasePrincipal::~nsCodebasePrincipal() -{ -} diff --git a/mozilla/caps/src/nsJSPrincipals.cpp b/mozilla/caps/src/nsJSPrincipals.cpp index 09e76821235..f505e416508 100644 --- a/mozilla/caps/src/nsJSPrincipals.cpp +++ b/mozilla/caps/src/nsJSPrincipals.cpp @@ -35,7 +35,10 @@ * the terms of any one of the NPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -#include "nsCodebasePrincipal.h" + +#include "nsString.h" +#include "nsIObjectOutputStream.h" +#include "nsIObjectInputStream.h" #include "nsJSPrincipals.h" #include "plstr.h" #include "nsXPIDLString.h" @@ -138,7 +141,7 @@ nsTranscodeJSPrincipals(JSXDRState *xdr, JSPrincipals **jsprinp) nsMemory::Free(olddata); ::JS_XDRMemSetData(xdr, data, size); - prin->GetJSPrincipals(jsprinp); + prin->GetJsPrincipals(jsprinp); } } } @@ -185,6 +188,12 @@ nsJSPrincipals::nsJSPrincipals() nsresult nsJSPrincipals::Init(char *aCodebase) { + if (codebase) + { + NS_ERROR("Init called twice!"); + return NS_ERROR_UNEXPECTED; + } + codebase = aCodebase; return NS_OK; } diff --git a/mozilla/caps/src/nsPrincipal.cpp b/mozilla/caps/src/nsPrincipal.cpp new file mode 100755 index 00000000000..f0211d44b98 --- /dev/null +++ b/mozilla/caps/src/nsPrincipal.cpp @@ -0,0 +1,796 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is mozilla.org code. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2003 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Christopher A. Aillon + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#include "nscore.h" +#include "nsScriptSecurityManager.h" +#include "nsString.h" +#include "nsReadableUtils.h" +#include "plstr.h" +#include "nsCRT.h" +#include "nsIURI.h" +#include "nsNetUtil.h" +#include "nsJSPrincipals.h" +#include "nsVoidArray.h" +#include "nsHashtable.h" +#include "nsIObjectInputStream.h" +#include "nsIObjectOutputStream.h" + +#include "nsPrincipal.h" + + +// Static member variables +PRInt32 nsPrincipal::sCapabilitiesOrdinal = 0; +const char nsPrincipal::sInvalid[] = "Invalid"; + + +nsPrincipal::nsPrincipal() + : mCapabilities(7) +{ +} + + +NS_IMPL_QUERY_INTERFACE2_CI(nsPrincipal, + nsIPrincipal, + nsISerializable) +NS_IMPL_CI_INTERFACE_GETTER2(nsPrincipal, + nsIPrincipal, + nsISerializable) + +NS_IMETHODIMP_(nsrefcnt) +nsPrincipal::AddRef() +{ + NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt"); + // XXXcaa does this need to be threadsafe? See bug 143559. + nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount); + NS_LOG_ADDREF(this, count, "nsPrincipal", sizeof(*this)); + return count; +} + +NS_IMETHODIMP_(nsrefcnt) +nsPrincipal::Release() +{ + NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release"); + nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount); + NS_LOG_RELEASE(this, count, "nsPrincipal"); + if (count == 0) { + NS_DELETEXPCOM(this); + } + + return count; +} + +nsPrincipal::nsPrincipal(nsIURI *aURI) + : mSecurityPolicy(nsnull), + mCodebase(aURI) +{ +} + + +PR_STATIC_CALLBACK(PRBool) +deleteElement(void* aElement, void *aData) +{ + nsHashtable *ht = (nsHashtable *) aElement; + delete ht; + return PR_TRUE; +} + +nsPrincipal::~nsPrincipal(void) +{ + mAnnotations.EnumerateForwards(deleteElement, nsnull); + delete mCert; +} + +NS_IMETHODIMP +nsPrincipal::GetJsPrincipals(JSPrincipals **jsprin) +{ + if (!mJSPrincipals.nsIPrincipalPtr) { + // Don't addref here, since we are referencing each other. + mJSPrincipals.nsIPrincipalPtr = this; + } + + *jsprin = &mJSPrincipals; + + // JSPRINCIPALS_HOLD does not use its first argument. + // Just use a dummy cx to save the codesize. + JSPRINCIPALS_HOLD(cx, *jsprin); + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::GetOrigin(char **aOrigin) +{ + nsIURI* uri = mDomain ? mDomain : mCodebase; + NS_ASSERTION(uri, "No Domain or Codebase"); + + nsCAutoString hostPort; + nsresult rv = uri->GetHostPort(hostPort); + if (NS_SUCCEEDED(rv)) { + nsCAutoString scheme; + rv = uri->GetScheme(scheme); + NS_ENSURE_SUCCESS(rv, rv); + *aOrigin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort); + } + else { + // Some URIs (e.g., nsSimpleURI) don't support host. Just + // get the full spec. + nsCAutoString spec; + rv = uri->GetSpec(spec); + NS_ENSURE_SUCCESS(rv, rv); + *aOrigin = ToNewCString(spec); + } + + return *aOrigin ? NS_OK : NS_ERROR_OUT_OF_MEMORY; +} + +NS_IMETHODIMP +nsPrincipal::GetSecurityPolicy(void** aSecurityPolicy) +{ + *aSecurityPolicy = mSecurityPolicy; + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::SetSecurityPolicy(void* aSecurityPolicy) +{ + mSecurityPolicy = aSecurityPolicy; + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::Equals(nsIPrincipal *aOther, PRBool *aResult) +{ + *aResult = PR_FALSE; + + if (!aOther) { + NS_WARNING("Need a principal to compare this to!"); + return NS_OK; + } + + if (this != aOther) { + if (mCert) { + PRBool otherHasCert; + aOther->GetHasCertificate(&otherHasCert); + if (!otherHasCert) { + return NS_OK; + } + + nsXPIDLCString otherCertID; + aOther->GetCertificateID(getter_Copies(otherCertID)); + if (!otherCertID.Equals(mCert->certificateID)) { + return NS_OK; + } + } + + // Codebases are equal if they have the same origin. + nsIURI *origin = mDomain ? mDomain : mCodebase; + nsCOMPtr otherOrigin; + aOther->GetDomain(getter_AddRefs(otherOrigin)); + if (!otherOrigin) { + aOther->GetURI(getter_AddRefs(otherOrigin)); + } + + return nsScriptSecurityManager::SecurityCompareURIs(origin, + otherOrigin, + aResult); + } + + *aResult = PR_TRUE; + return NS_OK; +} + + +NS_IMETHODIMP +nsPrincipal::CanEnableCapability(const char *capability, PRInt16 *result) +{ + // If this principal is marked invalid, can't enable any capabilities + nsCStringKey invalidKey(sInvalid); + if (mCapabilities.Exists(&invalidKey)) { + *result = nsIPrincipal::ENABLE_DENIED; + + return NS_OK; + } + + const char *start = capability; + *result = nsIPrincipal::ENABLE_GRANTED; + for(;;) { + const char *space = PL_strchr(start, ' '); + PRInt32 len = space ? space - start : strlen(start); + nsCAutoString capString(start, len); + nsCStringKey key(capString); + PRInt16 value = (PRInt16)NS_PTR_TO_INT32(mCapabilities.Get(&key)); + if (value == 0) { + value = nsIPrincipal::ENABLE_UNKNOWN; + } + + if (value < *result) { + *result = value; + } + + if (!space) { + break; + } + + start = space + 1; + } + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::SetCanEnableCapability(const char *capability, + PRInt16 canEnable) +{ + // If this principal is marked invalid, can't enable any capabilities + + nsCStringKey invalidKey(sInvalid); + if (mCapabilities.Exists(&invalidKey)) { + return NS_OK; + } + + if (PL_strcmp(capability, sInvalid) == 0) { + mCapabilities.Reset(); + } + + const char *start = capability; + for(;;) { + const char *space = PL_strchr(start, ' '); + int len = space ? space - start : strlen(start); + nsCAutoString capString(start, len); + nsCStringKey key(capString); + mCapabilities.Put(&key, NS_INT32_TO_PTR(canEnable)); + if (!space) { + break; + } + + start = space + 1; + } + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::IsCapabilityEnabled(const char *capability, void *annotation, + PRBool *result) +{ + *result = PR_FALSE; + nsHashtable *ht = (nsHashtable *) annotation; + if (!ht) { + return NS_OK; + } + const char *start = capability; + for(;;) { + const char *space = PL_strchr(start, ' '); + int len = space ? space - start : strlen(start); + nsCAutoString capString(start, len); + nsCStringKey key(capString); + *result = (ht->Get(&key) == (void *) AnnotationEnabled); + if (!*result) { + // If any single capability is not enabled, then return false. + return NS_OK; + } + + if (!space) { + return NS_OK; + } + + start = space + 1; + } + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::EnableCapability(const char *capability, void **annotation) +{ + return SetCapability(capability, annotation, AnnotationEnabled); +} + +NS_IMETHODIMP +nsPrincipal::DisableCapability(const char *capability, void **annotation) +{ + return SetCapability(capability, annotation, AnnotationDisabled); +} + +NS_IMETHODIMP +nsPrincipal::RevertCapability(const char *capability, void **annotation) +{ + if (*annotation) { + nsHashtable *ht = (nsHashtable *) *annotation; + const char *start = capability; + for(;;) { + const char *space = PL_strchr(start, ' '); + int len = space ? space - start : strlen(start); + nsCAutoString capString(start, len); + nsCStringKey key(capString); + ht->Remove(&key); + if (!space) { + return NS_OK; + } + + start = space + 1; + } + } + return NS_OK; +} + +nsresult +nsPrincipal::SetCapability(const char *capability, void **annotation, + AnnotationValue value) +{ + if (*annotation == nsnull) { + *annotation = new nsHashtable(5); + if (!*annotation) { + return NS_ERROR_OUT_OF_MEMORY; + } + + // This object owns its annotations. Save them so we can release + // them when we destroy this object. + mAnnotations.AppendElement(*annotation); + } + + const char *start = capability; + for(;;) { + const char *space = PL_strchr(start, ' '); + int len = space ? space - start : strlen(start); + nsCAutoString capString(start, len); + nsCStringKey key(capString); + nsHashtable *ht = (nsHashtable *) *annotation; + ht->Put(&key, (void *) value); + if (!space) { + break; + } + + start = space + 1; + } + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::GetHasCertificate(PRBool* aResult) +{ + *aResult = (mCert != nsnull); + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::GetURI(nsIURI** aURI) +{ + NS_IF_ADDREF(*aURI = mCodebase); + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::SetURI(nsIURI* aURI) +{ + mCodebase = aURI; + mDomain = nsnull; + // Codebase has changed, forget cached security policy + mSecurityPolicy = nsnull; + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::SetCertificateID(const char* aID) +{ + if (!aID) { + mCert = nsnull; + return NS_OK; + } + + if (!mCert) { + mCert = new Certificate(aID, ""); + if (!mCert) { + return NS_ERROR_OUT_OF_MEMORY; + } + } + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::GetCertificateID(char** aID) +{ + NS_ENSURE_STATE(mCert); + + *aID = ToNewCString(mCert->certificateID); + if (!*aID) { + return NS_ERROR_OUT_OF_MEMORY; + } + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::GetCommonName(char** aName) +{ + NS_ENSURE_STATE(mCert); + + *aName = ToNewCString(mCert->commonName); + if (!*aName) { + return NS_ERROR_OUT_OF_MEMORY; + } + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::SetCommonName(const char* aName) +{ + if (!mCert) { + NS_ERROR("You must first initialize the certificate with an ID"); + return NS_ERROR_FAILURE; + } + + mCert->commonName = aName; + + return NS_OK; +} + + +NS_IMETHODIMP +nsPrincipal::GetHashValue(PRUint32* aValue) +{ + NS_PRECONDITION(mCert || mCodebase, "Need a cert or codebase"); + + // If there is a certificate, it takes precendence over the codebase. + if (mCert) { + *aValue = nsCRT::HashCode(mCert->certificateID.get(), nsnull); + } + else { + nsCAutoString str; + mCodebase->GetSpec(str); + *aValue = nsCRT::HashCode(str.get(), nsnull); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::GetDomain(nsIURI** aDomain) +{ + NS_IF_ADDREF(*aDomain = mDomain); + + return NS_OK; +} + +NS_IMETHODIMP +nsPrincipal::SetDomain(nsIURI* aDomain) +{ + mDomain = aDomain; + // Domain has changed, forget cached security policy + mSecurityPolicy = nsnull; + + return NS_OK; +} + +nsresult +nsPrincipal::InitFromPersistent(const char* aPrefName, + const char* aToken, + const char* aGrantedList, + const char* aDeniedList, + PRBool aIsCert, + PRBool aTrusted) +{ + NS_PRECONDITION(mCapabilities.Count() == 0, + "mCapabilities was already initialized?"); + NS_PRECONDITION(mAnnotations.Count() == 0, + "mAnnotations was already initialized?"); + + if (aIsCert) { + SetCertificateID(aToken); + } + else { + nsCOMPtr uri; + nsresult rv = NS_NewURI(getter_AddRefs(uri), aToken, nsnull); + if (NS_FAILED(rv)) { + NS_ERROR("Malformed URI in capability.principal preference."); + return rv; + } + + nsCAutoString token; + rv = uri->GetSpec(token); + if (NS_FAILED(rv)) { + return rv; + } + + rv = mJSPrincipals.Init(PL_strdup(token.get())); + if (NS_FAILED(rv)) { + return rv; + } + + mTrusted = aTrusted; + } + + //-- Save the preference name + mPrefName = aPrefName; + + const char* ordinalBegin = PL_strpbrk(aPrefName, "1234567890"); + if (ordinalBegin) { + PRIntn n = atoi(ordinalBegin); + if (sCapabilitiesOrdinal <= n) { + sCapabilitiesOrdinal = n + 1; + } + } + + //-- Store the capabilities + nsresult rv = NS_OK; + if (aGrantedList) { + rv = SetCanEnableCapability(aGrantedList, nsIPrincipal::ENABLE_GRANTED); + } + + if (NS_SUCCEEDED(rv) && aDeniedList) { + rv = SetCanEnableCapability(aDeniedList, nsIPrincipal::ENABLE_DENIED); + } + + return rv; +} + +struct CapabilityList +{ + nsCString* granted; + nsCString* denied; +}; + +PR_STATIC_CALLBACK(PRBool) +AppendCapability(nsHashKey *aKey, void *aData, void *capListPtr) +{ + CapabilityList* capList = (CapabilityList*)capListPtr; + PRInt16 value = (PRInt16)NS_PTR_TO_INT32(aData); + nsCStringKey* key = (nsCStringKey *)aKey; + if (value == nsIPrincipal::ENABLE_GRANTED) { + capList->granted->Append(key->GetString(), key->GetStringLength()); + capList->granted->Append(' '); + } + else if (value == nsIPrincipal::ENABLE_DENIED) { + capList->denied->Append(key->GetString(), key->GetStringLength()); + capList->denied->Append(' '); + } + + return PR_TRUE; +} + +NS_IMETHODIMP +nsPrincipal::GetPreferences(char** aPrefName, char** aID, + char** aGrantedList, char** aDeniedList) +{ + if (mPrefName.IsEmpty()) { + if (mCert) { + mPrefName.Assign("capability.principal.certificate.p"); + } + else { + mPrefName.Assign("capability.principal.codebase.p"); + } + + mPrefName.AppendInt(sCapabilitiesOrdinal++); + mPrefName.Append(".id"); + } + + *aPrefName = nsnull; + *aID = nsnull; + *aGrantedList = nsnull; + *aDeniedList = nsnull; + + char *prefName = nsnull; + char *id = nsnull; + char *granted = nsnull; + char *denied = nsnull; + + //-- Preference name + prefName = ToNewCString(mPrefName); + if (!prefName) { + return NS_ERROR_OUT_OF_MEMORY; + } + + //-- ID + nsresult rv; + if (mCert) { + rv = GetCertificateID(&id); + } + else { + rv = GetOrigin(&id); + } + + if (NS_FAILED(rv)) { + nsMemory::Free(prefName); + return rv; + } + + //-- Capabilities + nsCAutoString grantedListStr, deniedListStr; + CapabilityList capList = CapabilityList(); + capList.granted = &grantedListStr; + capList.denied = &deniedListStr; + mCapabilities.Enumerate(AppendCapability, (void*)&capList); + + if (!grantedListStr.IsEmpty()) { + grantedListStr.Truncate(grantedListStr.Length() - 1); + granted = ToNewCString(grantedListStr); + if (!granted) { + nsMemory::Free(prefName); + nsMemory::Free(id); + return NS_ERROR_OUT_OF_MEMORY; + } + } + + if (!deniedListStr.IsEmpty()) { + deniedListStr.Truncate(deniedListStr.Length() - 1); + denied = ToNewCString(deniedListStr); + if (!denied) { + nsMemory::Free(prefName); + nsMemory::Free(id); + if (granted) { + nsMemory::Free(granted); + } + return NS_ERROR_OUT_OF_MEMORY; + } + } + + *aPrefName = prefName; + *aID = id; + *aGrantedList = granted; + *aDeniedList = denied; + + return NS_OK; +} + +PR_STATIC_CALLBACK(nsresult) +ReadAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey** aKey, + void** aData) +{ + nsresult rv; + nsCStringKey* key = new nsCStringKey(aStream, &rv); + if (NS_FAILED(rv)) { + return rv; + } + + PRUint32 value; + rv = aStream->Read32(&value); + if (NS_FAILED(rv)) { + delete key; + return rv; + } + + *aKey = key; + *aData = (void*) value; + return NS_OK; +} + +PR_STATIC_CALLBACK(void) +FreeAnnotationEntry(nsIObjectInputStream* aStream, nsHashKey* aKey, + void* aData) +{ + delete aKey; +} + +NS_IMETHODIMP +nsPrincipal::Read(nsIObjectInputStream* aStream) +{ + PRUint32 annotationCount; + nsresult rv = aStream->Read32(&annotationCount); + if (NS_FAILED(rv)) { + return rv; + } + + for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) { + nsHashtable *ht = new nsHashtable(aStream, + ReadAnnotationEntry, + FreeAnnotationEntry, + &rv); + if (!ht) { + return NS_ERROR_OUT_OF_MEMORY; + } + + if (NS_FAILED(rv)) { + delete ht; + return rv; + } + + if (!mAnnotations.InsertElementAt(NS_REINTERPRET_CAST(void*, ht), i)) { + delete ht; + return NS_ERROR_OUT_OF_MEMORY; + } + } + + PRBool hasCapabilities; + rv = aStream->ReadBoolean(&hasCapabilities); + if (NS_SUCCEEDED(rv) && hasCapabilities) { + mCapabilities = nsHashtable(aStream, + ReadAnnotationEntry, + FreeAnnotationEntry, + &rv); + } + + if (NS_FAILED(rv)) { + return rv; + } + + rv = NS_ReadOptionalCString(aStream, mPrefName); + if (NS_FAILED(rv)) { + return rv; + } + + return NS_OK; +} + +PR_STATIC_CALLBACK(nsresult) +WriteScalarValue(nsIObjectOutputStream* aStream, void* aData) +{ + PRUint32 value = NS_PTR_TO_INT32(aData); + + return aStream->Write32(value); +} + +NS_IMETHODIMP +nsPrincipal::Write(nsIObjectOutputStream* aStream) +{ + PRUint32 annotationCount = PRUint32(mAnnotations.Count()); + nsresult rv = aStream->Write32(annotationCount); + if (NS_FAILED(rv)) { + return rv; + } + + for (PRInt32 i = 0, n = PRInt32(annotationCount); i < n; i++) { + nsHashtable *ht = NS_REINTERPRET_CAST(nsHashtable *, mAnnotations[i]); + rv = ht->Write(aStream, WriteScalarValue); + if (NS_FAILED(rv)) { + return rv; + } + } + + PRBool hasCapabilities = (mCapabilities.Count() > 0); + rv = aStream->WriteBoolean(hasCapabilities); + if (NS_SUCCEEDED(rv) && hasCapabilities) { + rv = mCapabilities.Write(aStream, WriteScalarValue); + } + + if (NS_FAILED(rv)) { + return rv; + } + + rv = NS_WriteOptionalStringZ(aStream, mPrefName.get()); + if (NS_FAILED(rv)) { + return rv; + } + + return NS_OK; +} diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 435265a44e5..9c281590326 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -23,7 +23,7 @@ * Norris Boyd * Mitch Stoltz * Steve Morse - * + * Christopher A. Aillon * * Alternatively, the contents of this file may be used under the terms of * either the GNU General Public License Version 2 or later (the "GPL"), or @@ -47,9 +47,7 @@ #include "nspr.h" #include "nsJSPrincipals.h" #include "nsSystemPrincipal.h" -#include "nsCodebasePrincipal.h" -#include "nsCertificatePrincipal.h" -#include "nsAggregatePrincipal.h" +#include "nsPrincipal.h" #include "nsXPIDLString.h" #include "nsCRT.h" #include "nsIJSContextStack.h" @@ -61,7 +59,7 @@ #include "nsTextFormatter.h" #include "nsIStringBundle.h" #include "nsNetUtil.h" -#include "nsDirectoryService.h" +#include "nsIProperties.h" #include "nsDirectoryServiceDefs.h" #include "nsIFile.h" #include "nsIZipReader.h" @@ -80,13 +78,12 @@ #include "nsIJSRuntimeService.h" #include "nsIObserverService.h" #include "nsIContent.h" +#include "nsAutoPtr.h" -static NS_DEFINE_IID(kIStringBundleServiceIID, NS_ISTRINGBUNDLESERVICE_IID); -static NS_DEFINE_IID(kStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID); -static NS_DEFINE_CID(kCScriptNameSetRegistryCID, - NS_SCRIPT_NAMESET_REGISTRY_CID); static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID); -static NS_DEFINE_IID(kObserverServiceIID, NS_IOBSERVERSERVICE_IID); + +nsIIOService* nsScriptSecurityManager::sIOService = nsnull; +nsIXPConnect* nsScriptSecurityManager::sXPConnect = nsnull; /////////////////////////// // Convenience Functions // @@ -116,8 +113,10 @@ class ClassInfoData { public: ClassInfoData(nsIClassInfo *aClassInfo, const char *aName) - : mClassInfo(aClassInfo), mDidGetFlags(PR_FALSE), - mName(NS_CONST_CAST(char *, aName)), mMustFreeName(PR_FALSE) + : mClassInfo(aClassInfo), + mName(NS_CONST_CAST(char *, aName)), + mDidGetFlags(PR_FALSE), + mMustFreeName(PR_FALSE) { } @@ -174,10 +173,10 @@ public: private: nsIClassInfo *mClassInfo; // WEAK - PRBool mDidGetFlags; PRUint32 mFlags; char *mName; - PRBool mMustFreeName; + PRPackedBool mDidGetFlags; + PRPackedBool mMustFreeName; }; JSContext * @@ -220,7 +219,6 @@ nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI, PRBool* result) { - nsresult rv; *result = PR_FALSE; if (aSourceURI == aTargetURI) @@ -228,7 +226,8 @@ nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI, *result = PR_TRUE; return NS_OK; } - if (aTargetURI == nsnull) + + if (!aTargetURI) { // return false return NS_OK; @@ -252,25 +251,20 @@ nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI, // Compare schemes nsCAutoString targetScheme; - rv = targetBaseURI->GetScheme(targetScheme); + nsresult rv = targetBaseURI->GetScheme(targetScheme); nsCAutoString sourceScheme; if (NS_SUCCEEDED(rv)) rv = sourceBaseURI->GetScheme(sourceScheme); - if (NS_SUCCEEDED(rv) && - targetScheme.Equals(sourceScheme, nsCaseInsensitiveCStringComparator())) + if (NS_SUCCEEDED(rv) && targetScheme.Equals(sourceScheme)) { - if (targetScheme.Equals(NS_LITERAL_CSTRING("file"), - nsCaseInsensitiveCStringComparator())) + if (targetScheme.Equals(NS_LITERAL_CSTRING("file"))) { // All file: urls are considered to have the same origin. *result = PR_TRUE; } - else if (targetScheme.Equals(NS_LITERAL_CSTRING("imap"), - nsCaseInsensitiveCStringComparator()) || - targetScheme.Equals(NS_LITERAL_CSTRING("mailbox"), - nsCaseInsensitiveCStringComparator()) || - targetScheme.Equals(NS_LITERAL_CSTRING("news"), - nsCaseInsensitiveCStringComparator())) + else if (targetScheme.Equals(NS_LITERAL_CSTRING("imap")) || + targetScheme.Equals(NS_LITERAL_CSTRING("mailbox")) || + targetScheme.Equals(NS_LITERAL_CSTRING("news"))) { // Each message is a distinct trust domain; use the // whole spec for comparison @@ -307,34 +301,22 @@ nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI, // for that scheme. if (!*result && (sourcePort == -1 || targetPort == -1)) { + NS_ENSURE_STATE(sIOService); + PRInt32 defaultPort; - //XXX had to hard-code the defualt port for http(s) here. - // remove this after darin fixes bug 113206 - if (sourceScheme.Equals(NS_LITERAL_CSTRING("http"), - nsCaseInsensitiveCStringComparator())) - defaultPort = 80; - else if (sourceScheme.Equals(NS_LITERAL_CSTRING("https"), - nsCaseInsensitiveCStringComparator())) - defaultPort = 443; - else + nsCOMPtr protocolHandler; + rv = sIOService->GetProtocolHandler(sourceScheme.get(), + getter_AddRefs(protocolHandler)); + if (NS_FAILED(rv)) { - nsCOMPtr ioService( - do_GetService(NS_IOSERVICE_CONTRACTID)); - if (!ioService) - return NS_ERROR_FAILURE; - nsCOMPtr protocolHandler; - rv = ioService->GetProtocolHandler(sourceScheme.get(), - getter_AddRefs(protocolHandler)); - if (NS_FAILED(rv)) - { - *result = PR_FALSE; - return NS_OK; - } - - rv = protocolHandler->GetDefaultPort(&defaultPort); - if (NS_FAILED(rv) || defaultPort == -1) - return NS_OK; // No default port for this scheme + *result = PR_FALSE; + return NS_OK; } + + rv = protocolHandler->GetDefaultPort(&defaultPort); + if (NS_FAILED(rv) || defaultPort == -1) + return NS_OK; // No default port for this scheme + if (sourcePort == -1) sourcePort = defaultPort; else if (targetPort == -1) @@ -534,9 +516,7 @@ nsScriptSecurityManager::CheckSameOrigin(JSContext* cx, return NS_OK; } - PRBool equals = PR_FALSE; - rv = sourcePrincipal->Equals(mSystemPrincipal, &equals); - if (NS_SUCCEEDED(rv) && equals) + if (sourcePrincipal == mSystemPrincipal) { // This is a system (chrome) script, so allow access return NS_OK; @@ -545,16 +525,12 @@ nsScriptSecurityManager::CheckSameOrigin(JSContext* cx, // Get the original URI from the source principal. // This has the effect of ignoring any change to document.domain // which must be done to avoid DNS spoofing (bug 154930) - nsCOMPtr sourceAgg(do_QueryInterface(sourcePrincipal, &rv)); - NS_ENSURE_SUCCESS(rv, rv); // If it's not a system principal, it must be an aggregate - nsCOMPtr sourceOriginal; - rv = sourceAgg->GetOriginalCodebase(getter_AddRefs(sourceOriginal)); - NS_ENSURE_SUCCESS(rv, rv); - nsCOMPtr sourceCodebase(do_QueryInterface(sourcePrincipal, &rv)); - NS_ENSURE_SUCCESS(rv, rv); nsCOMPtr sourceURI; - rv = sourceCodebase->GetURI(getter_AddRefs(sourceURI)); - NS_ENSURE_TRUE(sourceURI, NS_ERROR_FAILURE); + sourcePrincipal->GetDomain(getter_AddRefs(sourceURI)); + if (!sourceURI) { + sourcePrincipal->GetURI(getter_AddRefs(sourceURI)); + NS_ENSURE_TRUE(sourceURI, NS_ERROR_FAILURE); + } // Compare origins PRBool sameOrigin = PR_FALSE; @@ -610,9 +586,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction, if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(subjectPrincipal)))) return NS_ERROR_FAILURE; - PRBool equals; - if (!subjectPrincipal || - NS_SUCCEEDED(subjectPrincipal->Equals(mSystemPrincipal, &equals)) && equals) + if (!subjectPrincipal || subjectPrincipal == mSystemPrincipal) // We have native code or the system principal: just allow access return NS_OK; @@ -620,7 +594,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction, // Hold the class info data here so we don't have to go back to virtual // methods all the time ClassInfoData classInfoData(aClassInfo, aClassName); -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_CheckPropertyAccessImpl nsCAutoString propertyName; propertyName.AssignWithConversion((PRUnichar*)JSValIDToString(cx, aProperty)); printf("### CanAccess(%s.%s, %i) ", classInfoData.GetName(), @@ -652,14 +626,14 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction, switch (securityLevel.level) { case SCRIPT_SECURITY_NO_ACCESS: -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_CheckPropertyAccessImpl printf("noAccess "); #endif rv = NS_ERROR_DOM_PROP_ACCESS_DENIED; break; case SCRIPT_SECURITY_ALL_ACCESS: -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_CheckPropertyAccessImpl printf("allAccess "); #endif rv = NS_OK; @@ -667,7 +641,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction, case SCRIPT_SECURITY_SAME_ORIGIN_ACCESS: { -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_CheckPropertyAccessImpl printf("sameOrigin "); #endif nsCOMPtr objectPrincipal; @@ -696,7 +670,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction, break; } default: -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_CheckPropertyAccessImpl printf("ERROR "); #endif NS_ERROR("Bad Security Level Value"); @@ -705,7 +679,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction, } else // if SECURITY_ACCESS_LEVEL_FLAG is false, securityLevel is a capability { -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_CheckPropertyAccessImpl printf("Cap:%s ", securityLevel.capability); #endif PRBool capabilityEnabled = PR_FALSE; @@ -729,7 +703,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction, if (NS_SUCCEEDED(rv)) { -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_CheckPropertyAccessImpl printf(" GRANTED.\n"); #endif return rv; @@ -773,7 +747,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction, } } rv = CheckXPCPermissions(aObj, objectSecurityLevel); -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_CheckPropertyAccessImpl if(NS_SUCCEEDED(rv)) printf("CheckXPCPerms GRANTED.\n"); else @@ -782,7 +756,6 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction, if (NS_FAILED(rv)) //-- Security tests failed, access is denied, report error { - //XXX Clean up string usage here too nsCAutoString errorMsg("Permission denied to "); switch(aAction) { @@ -801,11 +774,10 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction, JS_SetPendingException(cx, STRING_TO_JSVAL(JS_NewStringCopyZ(cx, errorMsg.get()))); - nsCOMPtr xpc = do_GetService(nsIXPConnect::GetCID()); - if (xpc) + if (sXPConnect) { nsCOMPtr xpcCallContext; - xpc->GetCurrentNativeCallContext(getter_AddRefs(xpcCallContext)); + sXPConnect->GetCurrentNativeCallContext(getter_AddRefs(xpcCallContext)); if (xpcCallContext) xpcCallContext->SetExceptionWasThrown(PR_TRUE); } @@ -825,8 +797,20 @@ nsScriptSecurityManager::CheckSameOriginPrincipalInternal(nsIPrincipal* aSubject if (aSubject == aObject) return NS_OK; + nsCOMPtr subjectURI; + nsCOMPtr objectURI; + aSubject->GetDomain(getter_AddRefs(subjectURI)); + if (!subjectURI) { + aSubject->GetURI(getter_AddRefs(subjectURI)); + } + + aObject->GetDomain(getter_AddRefs(objectURI)); + if (!objectURI) { + aObject->GetURI(getter_AddRefs(objectURI)); + } + PRBool isSameOrigin = PR_FALSE; - nsresult rv = aSubject->Equals(aObject, &isSameOrigin); + nsresult rv = SecurityCompareURIs(subjectURI, objectURI, &isSameOrigin); NS_ENSURE_SUCCESS(rv, rv); if (isSameOrigin) @@ -842,32 +826,23 @@ nsScriptSecurityManager::CheckSameOriginPrincipalInternal(nsIPrincipal* aSubject if (aIsCheckConnect) return NS_OK; - nsCOMPtr subjectAgg(do_QueryInterface(aSubject, &rv)); - NS_ENSURE_SUCCESS(rv, rv); - PRBool subjectDomainChanged = PR_FALSE; - subjectAgg->GetDomainChanged(&subjectDomainChanged); + nsCOMPtr subjectDomain; + aSubject->GetDomain(getter_AddRefs(subjectDomain)); - nsCOMPtr objectAgg(do_QueryInterface(aObject, &rv)); - NS_ENSURE_SUCCESS(rv, rv); - PRBool objectDomainChanged = PR_FALSE; - objectAgg->GetDomainChanged(&objectDomainChanged); + nsCOMPtr objectDomain; + aObject->GetDomain(getter_AddRefs(objectDomain)); // If both or neither explicitly set their domain, allow the access - if (!(subjectDomainChanged || objectDomainChanged) || - (subjectDomainChanged && objectDomainChanged)) + if (!subjectDomain == !objectDomain) return NS_OK; } // Allow access to about:blank - nsCOMPtr objectCodebase(do_QueryInterface(aObject)); - if (objectCodebase) - { - nsXPIDLCString origin; - rv = objectCodebase->GetOrigin(getter_Copies(origin)); - NS_ENSURE_SUCCESS(rv, rv); - if (nsCRT::strcasecmp(origin, "about:blank") == 0) - return NS_OK; - } + nsXPIDLCString origin; + rv = aObject->GetOrigin(getter_Copies(origin)); + NS_ENSURE_SUCCESS(rv, rv); + if (nsCRT::strcasecmp(origin, "about:blank") == 0) + return NS_OK; /* ** Access tests failed, so now report error. @@ -928,24 +903,17 @@ nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal, } DomainPolicy* dpolicy = nsnull; - nsCOMPtr agg(do_QueryInterface(aPrincipal)); - NS_ASSERTION(agg, "Subject principal not an aggregate - this shouldn't happen"); - if (agg) - agg->GetCachedSecurityPolicy((void**)&dpolicy); + aPrincipal->GetSecurityPolicy((void**)&dpolicy); if (!dpolicy && mOriginToPolicyMap) { //-- Look up the relevant domain policy, if any -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_LookupPolicy printf("DomainLookup "); #endif - nsCOMPtr codebase(do_QueryInterface(aPrincipal)); - if (!codebase) - return NS_ERROR_FAILURE; - nsXPIDLCString origin; - if (NS_FAILED(rv = codebase->GetOrigin(getter_Copies(origin)))) + if (NS_FAILED(rv = aPrincipal->GetOrigin(getter_Copies(origin)))) return rv; const char *start = origin; @@ -987,7 +955,7 @@ nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal, if (!dpolicy) dpolicy = mDefaultPolicy; - agg->SetCachedSecurityPolicy((void*)dpolicy); + aPrincipal->SetSecurityPolicy((void*)dpolicy); } ClassPolicy* cpolicy = nsnull; @@ -1001,7 +969,7 @@ nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal, if (!cpolicy) { //-- No cached policy for this class, need to look it up -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_LookupPolicy printf("ClassLookup "); #endif @@ -1082,19 +1050,13 @@ nsScriptSecurityManager::CheckLoadURIFromScript(JSContext *cx, nsIURI *aURI) return NS_OK; // The system principal can load all URIs. - PRBool equals = PR_FALSE; - if (NS_FAILED(principal->Equals(mSystemPrincipal, &equals))) - return NS_ERROR_FAILURE; - if (equals) + if (principal == mSystemPrincipal) return NS_OK; - // Otherwise, principal should have a codebase that we can use to + // Otherwise, principal should have a codebase URI that we can use to // do the remaining tests. - nsCOMPtr codebase(do_QueryInterface(principal)); - if (!codebase) - return NS_ERROR_FAILURE; nsCOMPtr uri; - if (NS_FAILED(codebase->GetURI(getter_AddRefs(uri)))) + if (NS_FAILED(principal->GetURI(getter_AddRefs(uri)))) return NS_ERROR_FAILURE; if (NS_SUCCEEDED(CheckLoadURI(uri, aURI, nsIScriptSecurityManager::STANDARD ))) return NS_OK; @@ -1143,7 +1105,7 @@ nsScriptSecurityManager::GetBaseURIScheme(nsIURI* aURI, char** aScheme) { rv = uri->GetPath(path); if (NS_FAILED(rv)) return rv; - rv = NS_NewURI(getter_AddRefs(uri), path, nsnull); + rv = NS_NewURI(getter_AddRefs(uri), path, nsnull, nsnull, sIOService); if (NS_FAILED(rv)) return rv; rv = uri->GetScheme(scheme); if (NS_FAILED(rv)) return rv; @@ -1321,7 +1283,7 @@ nsScriptSecurityManager::ReportError(JSContext* cx, const nsAString& messageTag, // First, create the error message text // create a bundle for the localization - nsCOMPtr bundleService(do_GetService(kStringBundleServiceCID, &rv)); + nsCOMPtr bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv)); NS_ENSURE_SUCCESS(rv, rv); nsCOMPtr bundle; @@ -1358,11 +1320,10 @@ nsScriptSecurityManager::ReportError(JSContext* cx, const nsAString& messageTag, STRING_TO_JSVAL(JS_NewUCStringCopyZ(cx, NS_REINTERPRET_CAST(const jschar*, message.get())))); // Tell XPConnect that an exception was thrown, if appropriate - nsCOMPtr xpc = do_GetService(nsIXPConnect::GetCID()); - if (xpc) + if (sXPConnect) { nsCOMPtr xpcCallContext; - xpc->GetCurrentNativeCallContext(getter_AddRefs(xpcCallContext)); + sXPConnect->GetCurrentNativeCallContext(getter_AddRefs(xpcCallContext)); if (xpcCallContext) xpcCallContext->SetExceptionWasThrown(PR_TRUE); } @@ -1386,10 +1347,14 @@ nsScriptSecurityManager::CheckLoadURIStr(const char* aSourceURIStr, const char* PRUint32 aFlags) { nsCOMPtr source; - nsresult rv = NS_NewURI(getter_AddRefs(source), nsDependentCString(aSourceURIStr), nsnull); + nsresult rv = NS_NewURI(getter_AddRefs(source), + nsDependentCString(aSourceURIStr), + nsnull, nsnull, sIOService); NS_ENSURE_SUCCESS(rv, rv); nsCOMPtr target; - rv = NS_NewURI(getter_AddRefs(target), nsDependentCString(aTargetURIStr), nsnull); + rv = NS_NewURI(getter_AddRefs(target), + nsDependentCString(aTargetURIStr), + nsnull, nsnull, sIOService); NS_ENSURE_SUCCESS(rv, rv); return CheckLoadURI(source, target, aFlags); } @@ -1423,8 +1388,7 @@ nsScriptSecurityManager::CheckFunctionAccess(JSContext *aCx, void *aFunObj, if (!subject) return NS_ERROR_FAILURE; - PRBool isSystem; - if (NS_SUCCEEDED(subject->Equals(mSystemPrincipal, &isSystem)) && isSystem) + if (subject == mSystemPrincipal) // This is the system principal: just allow access return NS_OK; @@ -1449,28 +1413,7 @@ nsScriptSecurityManager::CheckFunctionAccess(JSContext *aCx, void *aFunObj, if (subject == object) return NS_OK; - PRBool isSameOrigin = PR_FALSE; - if (NS_FAILED(subject->Equals(object, &isSameOrigin))) - return NS_ERROR_FAILURE; - - if (isSameOrigin) - return NS_OK; - - // Allow access to about:blank - nsCOMPtr objectCodebase(do_QueryInterface(object)); - if (objectCodebase) - { - nsXPIDLCString origin; - if (NS_FAILED(objectCodebase->GetOrigin(getter_Copies(origin)))) - return NS_ERROR_FAILURE; - if (nsCRT::strcasecmp(origin, "about:blank") == 0) - return NS_OK; - } - - /* - ** Access tests failed. Fail silently without a JS exception. - */ - return NS_ERROR_DOM_SECURITY_ERR; + return CheckSameOriginPrincipalInternal(subject, object, PR_TRUE); } nsresult @@ -1512,20 +1455,18 @@ nsScriptSecurityManager::CanExecuteScripts(JSContext* cx, //-- Always allow chrome pages to run scripts // This is for about: URLs, which are chrome but don't // have the system principal - nsresult rv; if (!mIsJavaScriptEnabled) { - nsCOMPtr codebase(do_QueryInterface(aPrincipal)); - if (codebase) + nsCOMPtr principalURI; + aPrincipal->GetURI(getter_AddRefs(principalURI)); + if (principalURI) { - nsXPIDLCString origin; - rv = codebase->GetOrigin(getter_Copies(origin)); - static const char chromePrefix[] = "chrome:"; - if (NS_SUCCEEDED(rv) && - (PL_strncmp(origin, chromePrefix, sizeof(chromePrefix)-1) == 0)) + PRBool isChrome = PR_FALSE; + principalURI->SchemeIs("chrome", &isChrome); + if (isChrome) { *result = PR_TRUE; - return NS_OK; + return NS_OK; } } } @@ -1537,60 +1478,53 @@ nsScriptSecurityManager::CanExecuteScripts(JSContext* cx, scriptContext->GetGlobalObject(getter_AddRefs(globalObject)); if (!globalObject) return NS_ERROR_FAILURE; + nsresult rv; nsCOMPtr docshell; globalObject->GetDocShell(getter_AddRefs(docshell)); - nsCOMPtr treeItem; - if (docshell) + nsCOMPtr globalObjTreeItem = do_QueryInterface(docshell); + if (globalObjTreeItem) { - treeItem = do_QueryInterface(docshell); + nsCOMPtr treeItem(globalObjTreeItem); nsCOMPtr parentItem; + // Walk up the docshell tree to see if any containing docshell disallows scripts - do + do { rv = docshell->GetAllowJavascript(result); if (NS_FAILED(rv)) return rv; if (!*result) return NS_OK; // Do not run scripts - if (treeItem) - { - treeItem->GetParent(getter_AddRefs(parentItem)); - if (parentItem) - { - treeItem = parentItem; - docshell = do_QueryInterface(treeItem, &rv); - NS_ASSERTION(docshell, "cannot get a docshell from a treeItem!"); - if (NS_FAILED(rv)) break; - } + treeItem->GetParent(getter_AddRefs(parentItem)); + treeItem.swap(parentItem); + docshell = do_QueryInterface(treeItem); +#ifdef DEBUG + if (treeItem && !docshell) { + NS_ERROR("cannot get a docshell from a treeItem!"); } - } while (parentItem); +#endif // DEBUG + } while (treeItem && docshell); } //-- See if JS is disabled globally (via prefs) *result = mIsJavaScriptEnabled; - if (mIsJavaScriptEnabled != mIsMailJavaScriptEnabled) + if (mIsJavaScriptEnabled != mIsMailJavaScriptEnabled && globalObjTreeItem) { - // Get docshell from the global window again. - globalObject->GetDocShell(getter_AddRefs(docshell)); - treeItem = do_QueryInterface(docshell); - if (treeItem) + nsCOMPtr rootItem; + globalObjTreeItem->GetRootTreeItem(getter_AddRefs(rootItem)); + docshell = do_QueryInterface(rootItem); + if (docshell) { - nsCOMPtr rootItem; - treeItem->GetRootTreeItem(getter_AddRefs(rootItem)); - docshell = do_QueryInterface(rootItem); - if (docshell) + // Is this script running from mail? + PRUint32 appType; + rv = docshell->GetAppType(&appType); + if (NS_FAILED(rv)) return rv; + if (appType == nsIDocShell::APP_TYPE_MAIL) { - // Is this script running from mail? - PRUint32 appType; - rv = docshell->GetAppType(&appType); - if (NS_FAILED(rv)) return rv; - if (appType == nsIDocShell::APP_TYPE_MAIL) - { - *result = mIsMailJavaScriptEnabled; - } + *result = mIsMailJavaScriptEnabled; } } } - + if (!*result) return NS_OK; // Do not run scripts @@ -1633,10 +1567,9 @@ nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal **result) mSystemPrincipal = new nsSystemPrincipal(); if (!mSystemPrincipal) return NS_ERROR_OUT_OF_MEMORY; - NS_ADDREF(mSystemPrincipal); } - *result = mSystemPrincipal; - NS_ADDREF(*result); + + NS_ADDREF(*result = mSystemPrincipal); return NS_OK; } @@ -1669,59 +1602,38 @@ NS_IMETHODIMP nsScriptSecurityManager::GetCertificatePrincipal(const char* aCertID, nsIPrincipal **result) { - nsresult rv; //-- Create a certificate principal - nsCertificatePrincipal *certificate = new nsCertificatePrincipal(); + nsRefPtr certificate = new nsPrincipal(); if (!certificate) return NS_ERROR_OUT_OF_MEMORY; - NS_ADDREF(certificate); - if (NS_FAILED(certificate->Init(aCertID))) - { - NS_RELEASE(certificate); - return NS_ERROR_FAILURE; - } - nsCOMPtr principal(do_QueryInterface((nsBasePrincipal*)certificate, &rv)); - NS_RELEASE(certificate); - if (NS_FAILED(rv)) return rv; - if (mPrincipals) - { - // Check to see if we already have this principal. - nsIPrincipalKey key(principal); - nsCOMPtr fromTable = (nsIPrincipal *) mPrincipals->Get(&key); - if (fromTable) - principal = fromTable; - } + nsresult rv = certificate->SetCertificateID(aCertID); + if (NS_FAILED(rv)) + return rv; - //-- Bundle this certificate principal into an aggregate principal - nsAggregatePrincipal* agg = new nsAggregatePrincipal(); - if (!agg) return NS_ERROR_OUT_OF_MEMORY; - rv = agg->SetCertificate(principal); - if (NS_FAILED(rv)) return rv; - principal = do_QueryInterface((nsBasePrincipal*)agg, &rv); - if (NS_FAILED(rv)) return rv; + nsCOMPtr principal(certificate); + + // Check to see if we already have this principal. + nsCOMPtr fromTable; + mPrincipals.Get(principal, getter_AddRefs(fromTable)); + if (fromTable) + principal = fromTable; + + NS_ADDREF(*result = principal); - *result = principal; - NS_ADDREF(*result); return NS_OK; } nsresult nsScriptSecurityManager::CreateCodebasePrincipal(nsIURI* aURI, nsIPrincipal **result) { - nsresult rv = NS_OK; - nsCodebasePrincipal *codebase = new nsCodebasePrincipal(); + nsRefPtr codebase = new nsPrincipal(aURI); if (!codebase) return NS_ERROR_OUT_OF_MEMORY; - NS_ADDREF(codebase); - if (NS_FAILED(codebase->Init(aURI))) - { - NS_RELEASE(codebase); - return NS_ERROR_FAILURE; - } - rv = CallQueryInterface((nsBasePrincipal*)codebase, result); - NS_RELEASE(codebase); - return rv; + + NS_ADDREF(*result = codebase); + + return NS_OK; } NS_IMETHODIMP @@ -1733,42 +1645,29 @@ nsScriptSecurityManager::GetCodebasePrincipal(nsIURI *aURI, rv = CreateCodebasePrincipal(aURI, getter_AddRefs(principal)); if (NS_FAILED(rv)) return rv; - if (mPrincipals) + //-- Check to see if we already have this principal. + nsCOMPtr fromTable; + mPrincipals.Get(principal, getter_AddRefs(fromTable)); + if (fromTable) + principal = fromTable; + else //-- Check to see if we have a more general principal { - //-- Check to see if we already have this principal. - nsIPrincipalKey key(principal); - nsCOMPtr fromTable = (nsIPrincipal *) mPrincipals->Get(&key); + nsXPIDLCString originUrl; + rv = principal->GetOrigin(getter_Copies(originUrl)); + if (NS_FAILED(rv)) return rv; + nsCOMPtr newURI; + rv = NS_NewURI(getter_AddRefs(newURI), originUrl, nsnull, sIOService); + if (NS_FAILED(rv)) return rv; + nsCOMPtr principal2; + rv = CreateCodebasePrincipal(newURI, getter_AddRefs(principal2)); + if (NS_FAILED(rv)) return rv; + mPrincipals.Get(principal2, getter_AddRefs(fromTable)); if (fromTable) principal = fromTable; - else //-- Check to see if we have a more general principal - { - nsCOMPtr codebasePrin(do_QueryInterface(principal)); - nsXPIDLCString originUrl; - rv = codebasePrin->GetOrigin(getter_Copies(originUrl)); - if (NS_FAILED(rv)) return rv; - nsCOMPtr newURI; - rv = NS_NewURI(getter_AddRefs(newURI), originUrl, nsnull); - if (NS_FAILED(rv)) return rv; - nsCOMPtr principal2; - rv = CreateCodebasePrincipal(newURI, getter_AddRefs(principal2)); - if (NS_FAILED(rv)) return rv; - nsIPrincipalKey key2(principal2); - fromTable = (nsIPrincipal *) mPrincipals->Get(&key2); - if (fromTable) - principal = fromTable; - } } - //-- Bundle this codebase principal into an aggregate principal - nsAggregatePrincipal* agg = new nsAggregatePrincipal(); - if (!agg) return NS_ERROR_OUT_OF_MEMORY; - rv = agg->SetCodebase(principal); - if (NS_FAILED(rv)) return rv; - principal = do_QueryInterface((nsBasePrincipal*)agg, &rv); - if (NS_FAILED(rv)) return rv; + NS_IF_ADDREF(*result = principal); - *result = principal; - NS_ADDREF(*result); return NS_OK; } @@ -1844,8 +1743,8 @@ nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext *cx, } - *result = scriptPrincipal.get(); - NS_IF_ADDREF(*result); + NS_IF_ADDREF(*result = scriptPrincipal); + return NS_OK; } @@ -1990,32 +1889,18 @@ nsScriptSecurityManager::doGetObjectPrincipal(JSContext *aCx, JSObject *aObj, nsresult nsScriptSecurityManager::SavePrincipal(nsIPrincipal* aToSave) { - nsresult rv; - nsCOMPtr persistent = aToSave; - nsCOMPtr aggregate(do_QueryInterface(aToSave, &rv)); - if (NS_SUCCEEDED(rv)) - if (NS_FAILED(aggregate->GetPrimaryChild(getter_AddRefs(persistent)))) - return NS_ERROR_FAILURE; - //-- Save to mPrincipals - if (!mPrincipals) - { - mPrincipals = new nsSupportsHashtable(31); - if (!mPrincipals) - return NS_ERROR_OUT_OF_MEMORY; - } - nsIPrincipalKey key(persistent); - mPrincipals->Put(&key, persistent); + mPrincipals.Put(aToSave, aToSave); //-- Save to prefs nsXPIDLCString idPrefName; nsXPIDLCString id; nsXPIDLCString grantedList; nsXPIDLCString deniedList; - rv = persistent->GetPreferences(getter_Copies(idPrefName), - getter_Copies(id), - getter_Copies(grantedList), - getter_Copies(deniedList)); + nsresult rv = aToSave->GetPreferences(getter_Copies(idPrefName), + getter_Copies(id), + getter_Copies(grantedList), + getter_Copies(deniedList)); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; nsXPIDLCString grantedPrefName; @@ -2144,7 +2029,7 @@ nsScriptSecurityManager::CheckConfirmDialog(JSContext* cx, nsIPrincipal* aPrinci } // create a bundle for the localization - nsCOMPtr bundleService(do_GetService(kStringBundleServiceCID, &rv)); + nsCOMPtr bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv)); if (NS_FAILED(rv)) return PR_FALSE; @@ -2168,11 +2053,18 @@ nsScriptSecurityManager::CheckConfirmDialog(JSContext* cx, nsIPrincipal* aPrinci if (NS_FAILED(rv)) return PR_FALSE; - nsXPIDLCString source; - rv = aPrincipal->ToUserVisibleString(getter_Copies(source)); + nsXPIDLCString val; + PRBool hasCert; + aPrincipal->GetHasCertificate(&hasCert); + if (hasCert) + rv = aPrincipal->GetCommonName(getter_Copies(val)); + else + rv = aPrincipal->GetOrigin(getter_Copies(val)); + if (NS_FAILED(rv)) return PR_FALSE; - PRUnichar* message = nsTextFormatter::smprintf(query.get(), source.get()); + + PRUnichar* message = nsTextFormatter::smprintf(query.get(), val.get()); NS_ENSURE_TRUE(message, PR_FALSE); PRInt32 buttonPressed = 1; // If the user exits by clicking the close box, assume No (button 1) @@ -2311,10 +2203,7 @@ nsScriptSecurityManager::SetCanEnableCapability(const char* certificateID, #endif systemCertFile->AppendNative(NS_LITERAL_CSTRING("systemSignature.jar")); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - nsCOMPtr systemCertZip; - rv = nsComponentManager::CreateInstance(kZipReaderCID, nsnull, - NS_GET_IID(nsIZipReader), - getter_AddRefs(systemCertZip)); + nsCOMPtr systemCertZip = do_CreateInstance(kZipReaderCID, &rv); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; systemCertZip->Init(systemCertFile); rv = systemCertZip->Open(); @@ -2366,15 +2255,15 @@ nsScriptSecurityManager::CanCreateWrapper(JSContext *cx, nsIClassInfo *aClassInfo, void **aPolicy) { -#if 0 +#ifdef DEBUG_CAPS_CanCreateWrapper char* iidStr = aIID.ToString(); printf("### CanCreateWrapper(%s) ", iidStr); - PR_FREEIF(iidStr); + nsCRT::free(iidStr); #endif // XXX Special case for nsIXPCException ? if (ClassInfoData(aClassInfo, nsnull).IsDOMClass()) { -#if 0 +#ifdef DEBUG_CAPS_CanCreateWrapper printf("DOM class - GRANTED.\n"); #endif return NS_OK; @@ -2406,7 +2295,16 @@ nsScriptSecurityManager::CanCreateWrapper(JSContext *cx, } JS_SetPendingException(cx, STRING_TO_JSVAL(JS_NewStringCopyZ(cx, errorMsg.get()))); + +#ifdef DEBUG_CAPS_CanCreateWrapper + printf("DENIED.\n"); } + else + { + printf("GRANTED.\n"); +#endif + } + return rv; } @@ -2427,7 +2325,7 @@ nsScriptSecurityManager::CheckComponentPermissions(JSContext *cx, Substring(cidTemp, 1, cidTemp.Length() - 2)); ToUpperCase(cid); -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_CheckComponentPermissions printf("### CheckComponentPermissions(ClassID.%s) ",cid.get()); #endif @@ -2449,13 +2347,13 @@ nsScriptSecurityManager::CheckComponentPermissions(JSContext *cx, if (securityLevel.level == SCRIPT_SECURITY_ALL_ACCESS) { -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_CheckComponentPermissions printf(" GRANTED.\n"); #endif return NS_OK; } -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_CheckComponentPermissions printf(" DENIED.\n"); #endif return NS_ERROR_DOM_PROP_ACCESS_DENIED; @@ -2466,6 +2364,12 @@ NS_IMETHODIMP nsScriptSecurityManager::CanCreateInstance(JSContext *cx, const nsCID &aCID) { +#ifdef DEBUG_CAPS_CanCreateInstance + char* cidStr = aCID.ToString(); + printf("### CanCreateInstance(%s) ", cidStr); + nsCRT::free(cidStr); +#endif + nsresult rv = CheckXPCPermissions(nsnull, nsnull); if (NS_FAILED(rv)) #ifdef XPC_IDISPATCH_SUPPORT @@ -2482,6 +2386,14 @@ nsScriptSecurityManager::CanCreateInstance(JSContext *cx, errorMsg.Append(cidStr); JS_SetPendingException(cx, STRING_TO_JSVAL(JS_NewStringCopyZ(cx, errorMsg.get()))); + +#ifdef DEBUG_CAPS_CanCreateInstance + printf("DENIED\n"); + } + else + { + printf("GRANTED\n"); +#endif } return rv; } @@ -2490,10 +2402,10 @@ NS_IMETHODIMP nsScriptSecurityManager::CanGetService(JSContext *cx, const nsCID &aCID) { -#if 0 +#ifdef DEBUG_CAPS_CanGetService char* cidStr = aCID.ToString(); printf("### CanGetService(%s) ", cidStr); - PR_FREEIF(cidStr); + nsCRT::free(cidStr); #endif nsresult rv = CheckXPCPermissions(nsnull, nsnull); @@ -2506,7 +2418,16 @@ nsScriptSecurityManager::CanGetService(JSContext *cx, errorMsg.Append(cidStr); JS_SetPendingException(cx, STRING_TO_JSVAL(JS_NewStringCopyZ(cx, errorMsg.get()))); + +#ifdef DEBUG_CAPS_CanGetService + printf("DENIED\n"); } + else + { + printf("GRANTED\n"); +#endif + } + return rv; } @@ -2620,17 +2541,16 @@ nsScriptSecurityManager::nsScriptSecurityManager(void) : mOriginToPolicyMap(nsnull), mDefaultPolicy(nsnull), mCapabilities(nsnull), - mSystemPrincipal(nsnull), mPrincipals(nsnull), mIsJavaScriptEnabled(PR_FALSE), mIsMailJavaScriptEnabled(PR_FALSE), mIsWritingPrefs(PR_FALSE), - mNameSetRegistered(PR_FALSE), mPolicyPrefsChanged(PR_TRUE) #ifdef XPC_IDISPATCH_SUPPORT ,mXPCDefaultGrantAll(PR_FALSE) #endif { NS_ASSERTION(sizeof(long) == sizeof(void*), "long and void* have different lengths on this platform. This may cause a security failure."); + mPrincipals.Init(31); } @@ -2647,6 +2567,12 @@ nsresult nsScriptSecurityManager::Init() nsresult rv = InitPrefs(); NS_ENSURE_SUCCESS(rv, rv); + rv = CallGetService(NS_IOSERVICE_CONTRACTID, &sIOService); + NS_ENSURE_SUCCESS(rv, rv); + + rv = CallGetService(nsIXPConnect::GetCID(), &sXPConnect); + NS_ENSURE_SUCCESS(rv, rv); + //-- Register security check callback in the JS engine // Currently this is used to control access to function.caller nsCOMPtr runtimeService = @@ -2675,8 +2601,6 @@ nsScriptSecurityManager::~nsScriptSecurityManager(void) { delete mOriginToPolicyMap; delete mDefaultPolicy; - NS_IF_RELEASE(mSystemPrincipal); - delete mPrincipals; delete mCapabilities; gScriptSecMan = nsnull; } @@ -2685,6 +2609,9 @@ void nsScriptSecurityManager::Shutdown() { sEnabledID = JSVAL_VOID; + + NS_IF_RELEASE(sIOService); + NS_IF_RELEASE(sXPConnect); } nsScriptSecurityManager * @@ -2710,16 +2637,8 @@ nsScriptSecurityManager::GetScriptSecurityManager() return nsnull; } - nsCOMPtr xpc = do_GetService(nsIXPConnect::GetCID(), &rv); - if (NS_FAILED(rv) || !xpc) { - NS_WARNING("Failed to get the XPConnect service"); - delete ssManager; - return nsnull; - } - - rv = xpc->SetDefaultSecurityManager( - NS_STATIC_CAST(nsIXPCSecurityManager*, ssManager), - nsIXPCSecurityManager::HOOK_ALL); + rv = sXPConnect->SetDefaultSecurityManager(ssManager, + nsIXPCSecurityManager::HOOK_ALL); if (NS_FAILED(rv)) { NS_WARNING("Failed to install xpconnect security manager!"); delete ssManager; @@ -2746,15 +2665,12 @@ nsScriptSecurityManager::SystemPrincipalSingletonConstructor() nsresult nsScriptSecurityManager::InitPolicies() { - nsresult rv; - // Reset the "dirty" flag mPolicyPrefsChanged = PR_FALSE; // Clear any policies cached on XPConnect wrappers - nsCOMPtr xpc(do_GetService(nsIXPConnect::GetCID(), &rv)); - if (NS_FAILED(rv)) return rv; - rv = xpc->ClearAllWrappedNativeSecurityPolicies(); + NS_ENSURE_STATE(sXPConnect); + nsresult rv = sXPConnect->ClearAllWrappedNativeSecurityPolicies(); if (NS_FAILED(rv)) return rv; //-- Reset mOriginToPolicyMap @@ -2764,11 +2680,13 @@ nsScriptSecurityManager::InitPolicies() //-- Reset and initialize the default policy delete mDefaultPolicy; - mDefaultPolicy = - new DomainPolicy(); + mDefaultPolicy = new DomainPolicy(); if (!mOriginToPolicyMap || !mDefaultPolicy) return NS_ERROR_OUT_OF_MEMORY; + if (!mDefaultPolicy->Init()) + return NS_ERROR_UNEXPECTED; + //-- Initialize the table of security levels if (!mCapabilities) { @@ -2824,6 +2742,12 @@ nsScriptSecurityManager::InitPolicies() if (!domainPolicy) return NS_ERROR_OUT_OF_MEMORY; + if (!domainPolicy->Init()) + { + delete domainPolicy; + return NS_ERROR_UNEXPECTED; + } + //-- Parse list of sites and create an entry in mOriginToPolicyMap for each char* domainStart = (char*)domainList.get(); char* domainCurrent = domainStart; @@ -2839,7 +2763,10 @@ nsScriptSecurityManager::InitPolicies() nsCStringKey key(nextToLastDot ? nextToLastDot+1 : domainStart); DomainEntry *newEntry = new DomainEntry(domainStart, domainPolicy); if (!newEntry) + { + delete domainPolicy; return NS_ERROR_OUT_OF_MEMORY; + } #ifdef DEBUG newEntry->mPolicyName_DEBUG = nameBegin; #endif @@ -2882,10 +2809,11 @@ nsScriptSecurityManager::InitPolicies() } rv = InitDomainPolicy(cx, nameBegin, domainPolicy); - NS_ENSURE_SUCCESS(rv, rv); + if (NS_FAILED(rv)) + return rv; } -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_HACKER PrintPolicyDB(); #endif return NS_OK; @@ -2899,15 +2827,14 @@ nsScriptSecurityManager::InitDomainPolicy(JSContext* cx, { nsresult rv; nsCAutoString policyPrefix(sPolicyPrefix + - nsDependentCString(aPolicyName) + - NS_LITERAL_CSTRING(".")); + nsDependentCString(aPolicyName) + + NS_LITERAL_CSTRING(".")); PRUint32 prefixLength = policyPrefix.Length() - 1; // subtract the '.' - // XXX fix string use here. PRUint32 prefCount; char** prefNames; rv = mPrefBranch->GetChildList(policyPrefix.get(), - &prefCount, &prefNames); + &prefCount, &prefNames); if (NS_FAILED(rv)) return rv; if (prefCount == 0) return NS_OK; @@ -2917,14 +2844,14 @@ nsScriptSecurityManager::InitDomainPolicy(JSContext* cx, for (; currentPref < prefCount; currentPref++) { // Get the class name - const char* start = prefNames[currentPref] + prefixLength +1; + const char* start = prefNames[currentPref] + prefixLength + 1; char* end = PL_strchr(start, '.'); if (!end) // malformed pref, bail on this one continue; static const char sitesStr[] = "sites"; - // We dealt with "sites" in InitPolicies(), so no need to do - // that again... + // We dealt with "sites" in InitPolicies(), so no need to do + // that again... if (PL_strncmp(start, sitesStr, sizeof(sitesStr)-1) == 0) continue; @@ -3080,23 +3007,20 @@ nsScriptSecurityManager::InitPrincipals(PRUint32 aPrefCount, const char** aPrefN getter_Copies(deniedPrefName)); if (rv == NS_ERROR_OUT_OF_MEMORY) return rv; - else if (NS_FAILED(rv)) + if (NS_FAILED(rv)) continue; - char* grantedList = nsnull; - mSecurityPref->SecurityGetCharPref(grantedPrefName, &grantedList); - char* deniedList = nsnull; - mSecurityPref->SecurityGetCharPref(deniedPrefName, &deniedList); + nsXPIDLCString grantedList; + mSecurityPref->SecurityGetCharPref(grantedPrefName, getter_Copies(grantedList)); + nsXPIDLCString deniedList; + mSecurityPref->SecurityGetCharPref(deniedPrefName, getter_Copies(deniedList)); //-- Delete prefs if their value is the empty string - if ((!id || id[0] == '\0') || - ((!grantedList || grantedList[0] == '\0') && (!deniedList || deniedList[0] == '\0'))) + if (id.IsEmpty() || (grantedList.IsEmpty() && deniedList.IsEmpty())) { mSecurityPref->SecurityClearUserPref(aPrefNames[c]); mSecurityPref->SecurityClearUserPref(grantedPrefName); mSecurityPref->SecurityClearUserPref(deniedPrefName); - PR_FREEIF(grantedList); - PR_FREEIF(deniedList); continue; } @@ -3104,74 +3028,68 @@ nsScriptSecurityManager::InitPrincipals(PRUint32 aPrefCount, const char** aPrefN static const char certificateName[] = "capability.principal.certificate"; static const char codebaseName[] = "capability.principal.codebase"; static const char codebaseTrustedName[] = "capability.principal.codebaseTrusted"; - nsCOMPtr principal; + + PRBool isCert = PR_FALSE; + PRBool isTrusted = PR_FALSE; + if (PL_strncmp(aPrefNames[c], certificateName, - sizeof(certificateName)-1) == 0) + sizeof(certificateName) - 1) == 0) { - nsCertificatePrincipal *certificate = new nsCertificatePrincipal(); - if (certificate) { - NS_ADDREF(certificate); - if (NS_SUCCEEDED(certificate->InitFromPersistent(aPrefNames[c], id, - grantedList, deniedList))) - principal = do_QueryInterface((nsBasePrincipal*)certificate); - NS_RELEASE(certificate); - } - } else if(PL_strncmp(aPrefNames[c], codebaseName, - sizeof(codebaseName)-1) == 0) - { - nsCodebasePrincipal *codebase = new nsCodebasePrincipal(); - if (codebase) { - NS_ADDREF(codebase); - PRBool trusted = (PL_strncmp(aPrefNames[c], codebaseTrustedName, - sizeof(codebaseTrustedName)-1) == 0); - if (NS_SUCCEEDED(codebase->InitFromPersistent(aPrefNames[c], id, - grantedList, deniedList, - trusted))) - principal = do_QueryInterface((nsBasePrincipal*)codebase); - NS_RELEASE(codebase); - } + isCert = PR_TRUE; + } + else if (PL_strncmp(aPrefNames[c], codebaseName, + sizeof(codebaseName) - 1) == 0) + { + isTrusted = (PL_strncmp(aPrefNames[c], codebaseTrustedName, + sizeof(codebaseTrustedName) - 1) == 0); + } + else + { + NS_ERROR("Not a codebase or a certificate?!"); + } + + nsCOMPtr principal; + nsRefPtr newPrincipal = new nsPrincipal(); + if (newPrincipal) + { + rv = newPrincipal->InitFromPersistent(aPrefNames[c], id, + grantedList, deniedList, + isCert, isTrusted); + if (NS_SUCCEEDED(rv)) + principal = do_QueryInterface(newPrincipal); } - PR_FREEIF(grantedList); - PR_FREEIF(deniedList); if (principal) - { - if (!mPrincipals) - { - mPrincipals = new nsSupportsHashtable(31); - if (!mPrincipals) - return NS_ERROR_OUT_OF_MEMORY; - } - nsIPrincipalKey key(principal); - mPrincipals->Put(&key, principal); - } + mPrincipals.Put(principal, principal); } return NS_OK; } -const char* nsScriptSecurityManager::sJSEnabledPrefName = "javascript.enabled"; -const char* nsScriptSecurityManager::sJSMailEnabledPrefName = "javascript.allow.mailnews"; +const char nsScriptSecurityManager::sJSEnabledPrefName[] = + "javascript.enabled"; +const char nsScriptSecurityManager::sJSMailEnabledPrefName[] = + "javascript.allow.mailnews"; #ifdef XPC_IDISPATCH_SUPPORT -const char* nsScriptSecurityManager::sXPCDefaultGrantAllName = - "security.classID.allowByDefault"; +const char nsScriptSecurityManager::sXPCDefaultGrantAllName[] = + "security.classID.allowByDefault"; #endif + inline void nsScriptSecurityManager::JSEnabledPrefChanged(nsISecurityPref* aSecurityPref) { - if (NS_FAILED(mSecurityPref->SecurityGetBoolPref(sJSEnabledPrefName, - &mIsJavaScriptEnabled))) - // Default to enabled. - mIsJavaScriptEnabled = PR_TRUE; + PRBool temp; + nsresult rv = mSecurityPref->SecurityGetBoolPref(sJSEnabledPrefName, &temp); + // JavaScript defaults to enabled in failure cases. + mIsJavaScriptEnabled = NS_FAILED(rv) || temp; + + rv = mSecurityPref->SecurityGetBoolPref(sJSMailEnabledPrefName, &temp); + // JavaScript in Mail defaults to enabled in failure cases. + mIsMailJavaScriptEnabled = NS_FAILED(rv) || temp; - if (NS_FAILED(mSecurityPref->SecurityGetBoolPref(sJSMailEnabledPrefName, - &mIsMailJavaScriptEnabled))) - // Default to enabled. - mIsMailJavaScriptEnabled = PR_TRUE; #ifdef XPC_IDISPATCH_SUPPORT - if (NS_FAILED(mSecurityPref->SecurityGetBoolPref(sXPCDefaultGrantAllName, - &mXPCDefaultGrantAll))) - // Default to disabled. - mXPCDefaultGrantAll = PR_FALSE; + rv = mSecurityPref->SecurityGetBoolPref(sXPCDefaultGrantAllName, &temp); + // Granting XPC Priveleges defaults to disabled in failure cases. + mXPCDefaultGrantAll = NS_SUCCEEDED(rv) && temp; #endif } @@ -3218,7 +3136,7 @@ nsScriptSecurityManager::InitPrefs() /////////////////////////////////////////////////////////////////////////////// // The following code prints the contents of the policy DB to the console. -#ifdef DEBUG_mstoltz +#ifdef DEBUG_CAPS_HACKER //typedef PLDHashOperator //(* PR_CALLBACK PLDHashEnumerator)(PLDHashTable *table, PLDHashEntryHdr *hdr, diff --git a/mozilla/caps/src/nsSecurityManagerFactory.cpp b/mozilla/caps/src/nsSecurityManagerFactory.cpp index 2d4eb8c2023..39add47548f 100644 --- a/mozilla/caps/src/nsSecurityManagerFactory.cpp +++ b/mozilla/caps/src/nsSecurityManagerFactory.cpp @@ -43,9 +43,7 @@ #include "nsIScriptSecurityManager.h" #include "nsScriptSecurityManager.h" #include "nsIPrincipal.h" -#include "nsAggregatePrincipal.h" -#include "nsCertificatePrincipal.h" -#include "nsCodebasePrincipal.h" +#include "nsPrincipal.h" #include "nsSystemPrincipal.h" #include "nsIScriptNameSpaceManager.h" #include "nsIScriptExternalNameSet.h" @@ -234,8 +232,8 @@ netscape_security_invalidate(JSContext *cx, JSObject *obj, uintN argc, // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context"); - rv = securityManager->SetCanEnableCapability(principalID, - nsBasePrincipal::Invalid, + rv = securityManager->SetCanEnableCapability(principalID, + nsPrincipal::sInvalid, nsIPrincipal::ENABLE_GRANTED); if (NS_FAILED(rv)) return JS_FALSE; @@ -310,17 +308,13 @@ nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext) -NS_GENERIC_FACTORY_CONSTRUCTOR(nsAggregatePrincipal) -NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertificatePrincipal) -NS_GENERIC_FACTORY_CONSTRUCTOR(nsCodebasePrincipal) +NS_GENERIC_FACTORY_CONSTRUCTOR(nsPrincipal) NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecurityNameSet) NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(nsSystemPrincipal, nsScriptSecurityManager::SystemPrincipalSingletonConstructor) -NS_DECL_CLASSINFO(nsAggregatePrincipal) -NS_DECL_CLASSINFO(nsCertificatePrincipal) -NS_DECL_CLASSINFO(nsCodebasePrincipal) +NS_DECL_CLASSINFO(nsPrincipal) NS_DECL_CLASSINFO(nsSystemPrincipal) @@ -388,42 +382,16 @@ static const nsModuleComponentInfo capsComponentInfo[] = nsIClassInfo::MAIN_THREAD_ONLY }, - { NS_AGGREGATEPRINCIPAL_CLASSNAME, - NS_AGGREGATEPRINCIPAL_CID, - NS_AGGREGATEPRINCIPAL_CONTRACTID, - nsAggregatePrincipalConstructor, + { NS_PRINCIPAL_CLASSNAME, + NS_PRINCIPAL_CID, + NS_PRINCIPAL_CONTRACTID, + nsPrincipalConstructor, nsnull, nsnull, nsnull, - NS_CI_INTERFACE_GETTER_NAME(nsAggregatePrincipal), + NS_CI_INTERFACE_GETTER_NAME(nsPrincipal), nsnull, - &NS_CLASSINFO_NAME(nsAggregatePrincipal), - nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO - }, - - { NS_CERTIFICATEPRINCIPAL_CLASSNAME, - NS_CERTIFICATEPRINCIPAL_CID, - NS_CERTIFICATEPRINCIPAL_CONTRACTID, - nsCertificatePrincipalConstructor, - nsnull, - nsnull, - nsnull, - NS_CI_INTERFACE_GETTER_NAME(nsCertificatePrincipal), - nsnull, - &NS_CLASSINFO_NAME(nsCertificatePrincipal), - nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO - }, - - { NS_CODEBASEPRINCIPAL_CLASSNAME, - NS_CODEBASEPRINCIPAL_CID, - NS_CODEBASEPRINCIPAL_CONTRACTID, - nsCodebasePrincipalConstructor, - nsnull, - nsnull, - nsnull, - NS_CI_INTERFACE_GETTER_NAME(nsCodebasePrincipal), - nsnull, - &NS_CLASSINFO_NAME(nsCodebasePrincipal), + &NS_CLASSINFO_NAME(nsPrincipal), nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO }, diff --git a/mozilla/caps/src/nsSystemPrincipal.cpp b/mozilla/caps/src/nsSystemPrincipal.cpp index c5095037fc8..a30c01c4ac5 100644 --- a/mozilla/caps/src/nsSystemPrincipal.cpp +++ b/mozilla/caps/src/nsSystemPrincipal.cpp @@ -47,40 +47,53 @@ #include "nsXPIDLString.h" #include "nsReadableUtils.h" #include "nsCRT.h" +#include "nsString.h" -NS_IMPL_QUERY_INTERFACE2_CI(nsSystemPrincipal, nsIPrincipal, nsISerializable) -NS_IMPL_CI_INTERFACE_GETTER2(nsSystemPrincipal, nsIPrincipal, nsISerializable) +NS_IMPL_QUERY_INTERFACE2_CI(nsSystemPrincipal, + nsIPrincipal, + nsISerializable) +NS_IMPL_CI_INTERFACE_GETTER2(nsSystemPrincipal, + nsIPrincipal, + nsISerializable) -NSBASEPRINCIPALS_ADDREF(nsSystemPrincipal); -NSBASEPRINCIPALS_RELEASE(nsSystemPrincipal); +NS_IMETHODIMP_(nsrefcnt) +nsSystemPrincipal::AddRef() +{ + NS_PRECONDITION(PRInt32(mJSPrincipals.refcount) >= 0, "illegal refcnt"); + nsrefcnt count = PR_AtomicIncrement((PRInt32 *)&mJSPrincipals.refcount); + NS_LOG_ADDREF(this, count, "nsSystemPrincipal", sizeof(*this)); + return count; +} + +NS_IMETHODIMP_(nsrefcnt) +nsSystemPrincipal::Release() +{ + NS_PRECONDITION(0 != mJSPrincipals.refcount, "dup release"); + nsrefcnt count = PR_AtomicDecrement((PRInt32 *)&mJSPrincipals.refcount); + NS_LOG_RELEASE(this, count, "nsSystemPrincipal"); + if (count == 0) { + NS_DELETEXPCOM(this); + } + + return count; +} /////////////////////////////////////// // Methods implementing nsIPrincipal // /////////////////////////////////////// -NS_IMETHODIMP -nsSystemPrincipal::ToString(char **result) -{ - nsAutoString buf; - buf.Assign(NS_LITERAL_STRING("[System]")); - - *result = ToNewCString(buf); - return *result ? NS_OK : NS_ERROR_OUT_OF_MEMORY; -} - -NS_IMETHODIMP -nsSystemPrincipal::ToUserVisibleString(char **result) -{ - return ToString(result); -} - NS_IMETHODIMP nsSystemPrincipal::GetPreferences(char** aPrefName, char** aID, char** aGrantedList, char** aDeniedList) { // The system principal should never be streamed out + *aPrefName = nsnull; + *aID = nsnull; + *aGrantedList = nsnull; + *aDeniedList = nsnull; + return NS_ERROR_FAILURE; } @@ -92,7 +105,7 @@ nsSystemPrincipal::Equals(nsIPrincipal *other, PRBool *result) } NS_IMETHODIMP -nsSystemPrincipal::HashValue(PRUint32 *result) +nsSystemPrincipal::GetHashValue(PRUint32 *result) { *result = NS_PTR_TO_INT32(this); return NS_OK; @@ -127,12 +140,14 @@ nsSystemPrincipal::IsCapabilityEnabled(const char *capability, NS_IMETHODIMP nsSystemPrincipal::EnableCapability(const char *capability, void **annotation) { + *annotation = nsnull; return NS_OK; } NS_IMETHODIMP nsSystemPrincipal::RevertCapability(const char *capability, void **annotation) { + *annotation = nsnull; return NS_OK; } @@ -141,9 +156,104 @@ nsSystemPrincipal::DisableCapability(const char *capability, void **annotation) { // Can't disable the capabilities of the system principal. // XXX might be handy to be able to do so! + *annotation = nsnull; return NS_ERROR_FAILURE; } +NS_IMETHODIMP +nsSystemPrincipal::GetURI(nsIURI** aURI) +{ + *aURI = nsnull; + return NS_OK; +} + +NS_IMETHODIMP +nsSystemPrincipal::SetURI(nsIURI* aURI) +{ + return NS_OK; +} + +NS_IMETHODIMP +nsSystemPrincipal::GetOrigin(char** aOrigin) +{ + *aOrigin = ToNewCString(NS_LITERAL_CSTRING("[System]")); + return *aOrigin ? NS_OK : NS_ERROR_OUT_OF_MEMORY; +} + +NS_IMETHODIMP +nsSystemPrincipal::SetCertificateID(const char* aID) +{ + return NS_OK; +} + + +NS_IMETHODIMP +nsSystemPrincipal::GetCertificateID(char** aID) +{ + *aID = nsnull; + return NS_OK; +} + +NS_IMETHODIMP +nsSystemPrincipal::GetCommonName(char** aName) +{ + *aName = nsnull; + return NS_OK; +} + +NS_IMETHODIMP +nsSystemPrincipal::SetCommonName(const char* aName) +{ + return NS_OK; +} + +NS_IMETHODIMP +nsSystemPrincipal::GetHasCertificate(PRBool* aResult) +{ + *aResult = PR_FALSE; + return NS_OK; +} + +NS_IMETHODIMP +nsSystemPrincipal::GetDomain(nsIURI** aDomain) +{ + *aDomain = nsnull; + return NS_OK; +} + +NS_IMETHODIMP +nsSystemPrincipal::SetDomain(nsIURI* aDomain) +{ + return NS_OK; +} + +NS_IMETHODIMP +nsSystemPrincipal::GetSecurityPolicy(void** aSecurityPolicy) +{ + *aSecurityPolicy = nsnull; + return NS_OK; +} + +NS_IMETHODIMP +nsSystemPrincipal::SetSecurityPolicy(void* aSecurityPolicy) +{ + return NS_OK; +} + +NS_IMETHODIMP +nsSystemPrincipal::GetJsPrincipals(JSPrincipals **jsprin) +{ + if (mJSPrincipals.nsIPrincipalPtr == nsnull) { + mJSPrincipals.nsIPrincipalPtr = this; + // No need for a ADDREF since it is a self-reference + } + + *jsprin = &mJSPrincipals; + JSPRINCIPALS_HOLD(cx, *jsprin); + return NS_OK; +} + + ////////////////////////////////////////// // Methods implementing nsISerializable // ////////////////////////////////////////// @@ -170,7 +280,7 @@ nsSystemPrincipal::nsSystemPrincipal() { } -NS_IMETHODIMP +nsresult nsSystemPrincipal::Init() { char *codebase = nsCRT::strdup("[System Principal]"); diff --git a/mozilla/content/base/src/nsDocument.cpp b/mozilla/content/base/src/nsDocument.cpp index 285bc48b5c8..0bd6b01065d 100644 --- a/mozilla/content/base/src/nsDocument.cpp +++ b/mozilla/content/base/src/nsDocument.cpp @@ -87,7 +87,7 @@ #include "nsNetUtil.h" // for NS_MakeAbsoluteURI #include "nsIScriptSecurityManager.h" -#include "nsIAggregatePrincipal.h" +#include "nsIPrincipal.h" #include "nsIPrivateDOMImplementation.h" #include "nsIDOMWindowInternal.h" @@ -848,18 +848,22 @@ nsDocument::GetPrincipal(nsIPrincipal **aPrincipal) NS_IMETHODIMP nsDocument::AddPrincipal(nsIPrincipal *aNewPrincipal) { - nsresult rv; + NS_PRECONDITION(aNewPrincipal, "Null principal!"); + if (!mPrincipal) { nsCOMPtr principal; - rv = GetPrincipal(getter_AddRefs(principal)); + nsresult rv = GetPrincipal(getter_AddRefs(principal)); NS_ENSURE_SUCCESS(rv, rv); } - nsCOMPtr agg(do_QueryInterface(mPrincipal, &rv)); - if (NS_SUCCEEDED(rv)) { - rv = agg->Intersect(aNewPrincipal); - if (NS_FAILED(rv)) - return rv; + PRBool hasCert; + mPrincipal->GetHasCertificate(&hasCert); + if (hasCert) { + PRBool equal; + mPrincipal->Equals(aNewPrincipal, &equal); + if (!equal) { + mPrincipal->SetCertificateID(nsnull); + } } return NS_OK; diff --git a/mozilla/content/base/src/nsFrameLoader.cpp b/mozilla/content/base/src/nsFrameLoader.cpp index 46a94021bd2..be024531970 100644 --- a/mozilla/content/base/src/nsFrameLoader.cpp +++ b/mozilla/content/base/src/nsFrameLoader.cpp @@ -59,7 +59,6 @@ #include "nsIWebShell.h" #include "nsIScriptSecurityManager.h" -#include "nsICodebasePrincipal.h" #include "nsIURI.h" #include "nsNetUtil.h" @@ -191,12 +190,8 @@ nsFrameLoader::LoadFrame() // If we were called from script, get the referring URL from the script if (principal) { - nsCOMPtr codebase(do_QueryInterface(principal)); - - if (codebase) { - rv = codebase->GetURI(getter_AddRefs(referrer)); - NS_ENSURE_SUCCESS(rv, rv); - } + rv = principal->GetURI(getter_AddRefs(referrer)); + NS_ENSURE_SUCCESS(rv, rv); // Pass the script principal to the docshell diff --git a/mozilla/content/base/src/nsGenericElement.cpp b/mozilla/content/base/src/nsGenericElement.cpp index d54308f4902..f0e916f9301 100644 --- a/mozilla/content/base/src/nsGenericElement.cpp +++ b/mozilla/content/base/src/nsGenericElement.cpp @@ -74,7 +74,7 @@ #include "nsINameSpaceManager.h" #include "nsContentList.h" #include "nsDOMError.h" -#include "nsScriptSecurityManager.h" +#include "nsIScriptSecurityManager.h" #include "nsIDOMMutationEvent.h" #include "nsMutationEvent.h" diff --git a/mozilla/content/base/src/nsNodeInfoManager.cpp b/mozilla/content/base/src/nsNodeInfoManager.cpp index ba9ed87a4a8..e7c5b03df80 100644 --- a/mozilla/content/base/src/nsNodeInfoManager.cpp +++ b/mozilla/content/base/src/nsNodeInfoManager.cpp @@ -43,6 +43,7 @@ #include "nsIAtom.h" #include "nsIDocument.h" #include "nsIPrincipal.h" +#include "nsIURI.h" #include "nsISupportsArray.h" #include "nsContentUtils.h" diff --git a/mozilla/content/base/src/nsNodeInfoManager.h b/mozilla/content/base/src/nsNodeInfoManager.h index 816b105aa0a..b7ac2c72ce1 100644 --- a/mozilla/content/base/src/nsNodeInfoManager.h +++ b/mozilla/content/base/src/nsNodeInfoManager.h @@ -42,10 +42,10 @@ #include "nsINodeInfo.h" #include "nsCOMPtr.h" #include "plhash.h" -#include "nsIURI.h" -#include "nsIPrincipal.h" class nsNodeInfo; +class nsIPrincipal; +class nsIURI; class nsNodeInfoManager : public nsINodeInfoManager diff --git a/mozilla/content/base/src/nsRange.cpp b/mozilla/content/base/src/nsRange.cpp index d71dac56875..ce4633a115f 100644 --- a/mozilla/content/base/src/nsRange.cpp +++ b/mozilla/content/base/src/nsRange.cpp @@ -61,7 +61,7 @@ #include "nsParserCIID.h" #include "nsIHTMLFragmentContentSink.h" #include "nsIEnumerator.h" -#include "nsScriptSecurityManager.h" +#include "nsIScriptSecurityManager.h" #include "nsIScriptGlobalObject.h" #include "nsIScriptContext.h" #include "nsIHTMLDocument.h" diff --git a/mozilla/content/base/src/nsScriptLoader.cpp b/mozilla/content/base/src/nsScriptLoader.cpp index fc8583891c3..b4eeea22766 100644 --- a/mozilla/content/base/src/nsScriptLoader.cpp +++ b/mozilla/content/base/src/nsScriptLoader.cpp @@ -868,18 +868,16 @@ nsScriptLoader::OnStreamComplete(nsIStreamLoader* aLoader, if (channel) { nsCOMPtr owner; channel->GetOwner(getter_AddRefs(owner)); - nsCOMPtr prin; - - if (owner) { - prin = do_QueryInterface(owner, &rv); - } - - rv = mDocument->AddPrincipal(prin); - if (NS_FAILED(rv)) { - mPendingRequests.RemoveObject(request); - FireScriptAvailable(rv, request, NS_LITERAL_STRING("")); - ProcessPendingReqests(); - return NS_OK; + nsCOMPtr principal = do_QueryInterface(owner); + + if (principal) { + rv = mDocument->AddPrincipal(principal); + if (NS_FAILED(rv)) { + mPendingRequests.RemoveObject(request); + FireScriptAvailable(rv, request, NS_LITERAL_STRING("")); + ProcessPendingReqests(); + return NS_OK; + } } } } diff --git a/mozilla/content/events/src/nsEventListenerManager.h b/mozilla/content/events/src/nsEventListenerManager.h index fe143e7e87f..a7b32b2a1f6 100644 --- a/mozilla/content/events/src/nsEventListenerManager.h +++ b/mozilla/content/events/src/nsEventListenerManager.h @@ -42,7 +42,6 @@ #include "nsIEventListenerManager.h" #include "jsapi.h" #include "nsCOMPtr.h" -#include "nsIPrincipal.h" #include "nsIDOMEventReceiver.h" #include "nsIDOM3EventTarget.h" #include "nsHashtable.h" diff --git a/mozilla/content/html/document/src/nsHTMLContentSink.cpp b/mozilla/content/html/document/src/nsHTMLContentSink.cpp index a6c720f0585..ea9ea772df1 100644 --- a/mozilla/content/html/document/src/nsHTMLContentSink.cpp +++ b/mozilla/content/html/document/src/nsHTMLContentSink.cpp @@ -116,8 +116,6 @@ #include "nsVoidArray.h" #include "nsIScriptSecurityManager.h" #include "nsIPrincipal.h" -#include "nsICodebasePrincipal.h" -#include "nsIAggregatePrincipal.h" #include "nsTextFragment.h" #include "nsIScriptGlobalObject.h" #include "nsIScriptGlobalObjectOwner.h" @@ -5181,25 +5179,16 @@ HTMLContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue, return rv; } - nsCOMPtr agg(do_QueryInterface(docPrincipal, &rv)); - // Document principal should always be an aggregate - NS_ENSURE_SUCCESS(rv, rv); + nsCOMPtr codebaseURI; + docPrincipal->GetURI(getter_AddRefs(codebaseURI)); - nsCOMPtr originalPrincipal; - rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal)); - nsCOMPtr originalCodebase = - do_QueryInterface(originalPrincipal, &rv); - if (NS_FAILED(rv)) { + if (!codebaseURI) { // Document's principal is not a codebase (may be system), so // can't set cookies return NS_OK; } - nsCOMPtr codebaseURI; - rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI)); - NS_ENSURE_SUCCESS(rv, rv); - char *cookie = ToNewUTF8String(aValue); nsCOMPtr globalObj; nsCOMPtr prompt; diff --git a/mozilla/content/html/document/src/nsHTMLDocument.cpp b/mozilla/content/html/document/src/nsHTMLDocument.cpp index 0c618b4ddac..f85949e0a35 100644 --- a/mozilla/content/html/document/src/nsHTMLDocument.cpp +++ b/mozilla/content/html/document/src/nsHTMLDocument.cpp @@ -85,8 +85,7 @@ #include "nsIXPConnect.h" #include "nsContentList.h" #include "nsDOMError.h" -#include "nsICodebasePrincipal.h" -#include "nsIAggregatePrincipal.h" +#include "nsIPrincipal.h" #include "nsIScriptSecurityManager.h" #include "nsIScrollableView.h" @@ -1896,11 +1895,10 @@ nsHTMLDocument::GetDomainURI(nsIURI **aURI) if (NS_FAILED(GetPrincipal(getter_AddRefs(principal)))) return; - nsCOMPtr codebase = do_QueryInterface(principal); - if (!codebase) - return; - - codebase->GetURI(aURI); + principal->GetDomain(aURI); + if (!*aURI) { + principal->GetURI(aURI); + } } @@ -1972,27 +1970,10 @@ nsHTMLDocument::SetDomain(const nsAString& aDomain) if (NS_FAILED(NS_NewURI(getter_AddRefs(newURI), newURIString))) return NS_ERROR_FAILURE; - // Get codebase principal - nsresult rv; - nsCOMPtr securityManager = - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - nsCOMPtr newCodebase; - rv = securityManager->GetCodebasePrincipal(newURI, - getter_AddRefs(newCodebase)); - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - nsCOMPtr agg = do_QueryInterface(mPrincipal, &rv); - NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate."); - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - - rv = agg->SetCodebase(newCodebase); + nsresult rv = mPrincipal->SetDomain(newURI); // Bug 13871: Frameset spoofing - note that document.domain was set if (NS_SUCCEEDED(rv)) { - agg->SetDomainChanged(PR_TRUE); mDomainWasSet = PR_TRUE; } @@ -2257,23 +2238,16 @@ nsHTMLDocument::GetCookie(nsAString& aCookie) if (service) { // Get a URI from the document principal. We use the original // codebase in case the codebase was changed by SetDomain - nsCOMPtr agg(do_QueryInterface(mPrincipal, &rv)); - // Document principal should always be an aggregate - NS_ENSURE_SUCCESS(rv, rv); + nsCOMPtr codebaseURI; + mPrincipal->GetURI(getter_AddRefs(codebaseURI)); + + if (!codebaseURI) { + // Document's principal is not a codebase (may be system), so + // can't set cookies - nsCOMPtr originalPrincipal; - rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal)); - nsCOMPtr originalCodebase( - do_QueryInterface(originalPrincipal, &rv)); - if (NS_FAILED(rv)) { - // Document's principal is not a codebase, so can't get cookies return NS_OK; } - nsCOMPtr codebaseURI; - rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI)); - NS_ENSURE_SUCCESS(rv, rv); - nsXPIDLCString cookie; rv = service->GetCookieString(codebaseURI, mChannel, getter_Copies(cookie)); if (NS_SUCCEEDED(rv) && cookie) @@ -2309,25 +2283,16 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie) } } - // Get a URI from the document principal. We use the original - // codebase in case the codebase was changed by SetDomain - nsCOMPtr agg(do_QueryInterface(mPrincipal, &rv)); - // Document principal should always be an aggregate - NS_ENSURE_SUCCESS(rv, rv); + nsCOMPtr codebaseURI; + mPrincipal->GetURI(getter_AddRefs(codebaseURI)); + + if (!codebaseURI) { + // Document's principal is not a codebase (may be system), so + // can't set cookies - nsCOMPtr originalPrincipal; - rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal)); - nsCOMPtr originalCodebase( - do_QueryInterface(originalPrincipal, &rv)); - if (NS_FAILED(rv)) { - // Document's principal is not a codebase, so can't set cookies return NS_OK; } - nsCOMPtr codebaseURI; - rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI)); - NS_ENSURE_SUCCESS(rv, rv); - rv = NS_ERROR_OUT_OF_MEMORY; char* cookie = ToNewCString(aCookie); if (cookie) { @@ -2703,19 +2668,12 @@ nsHTMLDocument::ScriptWriteCommon(PRBool aNewlineTerminate) rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject)); NS_ENSURE_SUCCESS(rv, rv); - // why is the above code duplicated below??? - rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject)); - NS_ENSURE_SUCCESS(rv, rv); - if (subject) { - nsCOMPtr codebase = do_QueryInterface(subject); - if (codebase) { - nsCOMPtr subjectURI; - rv = codebase->GetURI(getter_AddRefs(subjectURI)); - NS_ENSURE_SUCCESS(rv, rv); + nsCOMPtr subjectURI; + subject->GetURI(getter_AddRefs(subjectURI)); + if (subjectURI) { mDocumentURL = subjectURI; - mPrincipal = subject; } } diff --git a/mozilla/content/xml/document/src/nsXMLContentSink.cpp b/mozilla/content/xml/document/src/nsXMLContentSink.cpp index 21c65d8aa21..f0e84cda0aa 100644 --- a/mozilla/content/xml/document/src/nsXMLContentSink.cpp +++ b/mozilla/content/xml/document/src/nsXMLContentSink.cpp @@ -98,8 +98,6 @@ #include "nsIChannel.h" #include "nsIHttpChannel.h" #include "nsIPrincipal.h" -#include "nsIAggregatePrincipal.h" -#include "nsICodebasePrincipal.h" #include "nsXBLAtoms.h" #include "nsXMLPrettyPrinter.h" @@ -1082,25 +1080,19 @@ nsXMLContentSink::ProcessHeaderData(nsIAtom* aHeader,const nsAString& aValue,nsI // We use the original codebase in case the codebase was changed by SetDomain nsCOMPtr docPrincipal; rv = mDocument->GetPrincipal(getter_AddRefs(docPrincipal)); - if (NS_FAILED(rv)) return rv; - if (!docPrincipal) return NS_OK; - - nsCOMPtr agg(do_QueryInterface(docPrincipal, &rv)); - // Document principal should always be an aggregate - NS_ENSURE_SUCCESS(rv, rv); - - nsCOMPtr originalPrincipal; - rv = agg->GetOriginalCodebase(getter_AddRefs(originalPrincipal)); - nsCOMPtr originalCodebase( - do_QueryInterface(originalPrincipal, &rv)); - if (NS_FAILED(rv)) { - // Document's principal is not a codebase (may be system), so can't set cookies - return NS_OK; + if (NS_FAILED(rv) || !docPrincipal) { + return rv; } nsCOMPtr codebaseURI; - rv = originalCodebase->GetURI(getter_AddRefs(codebaseURI)); - NS_ENSURE_SUCCESS(rv, rv); + docPrincipal->GetURI(getter_AddRefs(codebaseURI)); + + if (!codebaseURI) { + // Document's principal is not a codebase (may be system), so + // can't set cookies + + return NS_OK; + } nsCOMPtr globalObj; nsCOMPtr prompt; diff --git a/mozilla/content/xml/document/src/nsXMLDocument.cpp b/mozilla/content/xml/document/src/nsXMLDocument.cpp index fa65a9d9087..ab016109557 100644 --- a/mozilla/content/xml/document/src/nsXMLDocument.cpp +++ b/mozilla/content/xml/document/src/nsXMLDocument.cpp @@ -76,9 +76,8 @@ #include "nsICharsetAlias.h" #include "nsNetUtil.h" #include "nsDOMError.h" -#include "nsScriptSecurityManager.h" +#include "nsIScriptSecurityManager.h" #include "nsIPrincipal.h" -#include "nsIAggregatePrincipal.h" #include "nsLayoutCID.h" #include "nsDOMAttribute.h" #include "nsGUIEvent.h" @@ -330,21 +329,7 @@ nsXMLDocument::OnRedirect(nsIHttpChannel *aHttpChannel, nsIChannel *aNewChannel) return rv; } - nsCOMPtr newCodebase; - rv = secMan->GetCodebasePrincipal(newLocation, - getter_AddRefs(newCodebase)); - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - - nsCOMPtr agg = do_QueryInterface(mPrincipal, &rv); - NS_ASSERTION(NS_SUCCEEDED(rv), "Principal not an aggregate."); - - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - - rv = agg->SetCodebase(newCodebase); - - return rv; + return mPrincipal->SetURI(newLocation); } NS_IMETHODIMP diff --git a/mozilla/content/xul/document/src/nsXULDocument.cpp b/mozilla/content/xul/document/src/nsXULDocument.cpp index 940444c0c65..9199917884a 100644 --- a/mozilla/content/xul/document/src/nsXULDocument.cpp +++ b/mozilla/content/xul/document/src/nsXULDocument.cpp @@ -68,7 +68,7 @@ #include "nsDOMError.h" #include "nsIBoxObject.h" #include "nsIChromeRegistry.h" -#include "nsICodebasePrincipal.h" +#include "nsIPrincipal.h" #include "nsIContentSink.h" // for NS_CONTENT_ID_COUNTER_BASE #include "nsIScrollableView.h" #include "nsIContentViewer.h" diff --git a/mozilla/docshell/base/nsDocShell.cpp b/mozilla/docshell/base/nsDocShell.cpp index 057a2317730..804a24cdd98 100644 --- a/mozilla/docshell/base/nsDocShell.cpp +++ b/mozilla/docshell/base/nsDocShell.cpp @@ -52,7 +52,7 @@ #include "nsIHttpEventSink.h" #include "nsIUploadChannel.h" #include "nsISecurityEventSink.h" -#include "nsScriptSecurityManager.h" +#include "nsIScriptSecurityManager.h" #include "nsDocumentCharsetInfoCID.h" #include "nsICanvasFrame.h" #include "nsContentPolicyUtils.h" // NS_CheckContentLoadPolicy(...) @@ -105,7 +105,6 @@ #include "nsIWyciwygChannel.h" // The following are for bug #13871: Prevent frameset spoofing -#include "nsICodebasePrincipal.h" #include "nsIHTMLDocument.h" // For reporting errors with the console service. @@ -955,11 +954,8 @@ PRBool ValidateOrigin(nsIDocShellTreeItem* aOriginTreeItem, nsIDocShellTreeItem* rv = targetDocument->GetPrincipal(getter_AddRefs(targetPrincipal)); NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipal, rv); - nsCOMPtr targetCodebasePrincipal(do_QueryInterface(targetPrincipal)); - NS_ENSURE_TRUE(targetCodebasePrincipal, PR_TRUE); - nsCOMPtr targetPrincipalURI; - rv = targetCodebasePrincipal->GetURI(getter_AddRefs(targetPrincipalURI)); + rv = targetPrincipal->GetURI(getter_AddRefs(targetPrincipalURI)); NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && targetPrincipalURI, PR_TRUE); // Find out if document.domain was set for HTML documents diff --git a/mozilla/dom/src/base/nsGlobalWindow.cpp b/mozilla/dom/src/base/nsGlobalWindow.cpp index ce01d109283..e80da48932f 100644 --- a/mozilla/dom/src/base/nsGlobalWindow.cpp +++ b/mozilla/dom/src/base/nsGlobalWindow.cpp @@ -73,7 +73,6 @@ #include "nsIWidget.h" #include "nsIBaseWindow.h" #include "nsICharsetConverterManager.h" -#include "nsICodebasePrincipal.h" #include "nsIContent.h" #include "nsIWebBrowserPrint.h" #include "nsIContentViewerEdit.h" @@ -4668,12 +4667,13 @@ GlobalWindowImpl::OpenInternal(const nsAString& aUrl, if (sSecMan) { nsCOMPtr principal; sSecMan->GetSubjectPrincipal(getter_AddRefs(principal)); - nsCOMPtr codebasePrin(do_QueryInterface(principal)); - if (codebasePrin) { + if (principal) { nsCOMPtr subjectURI; - codebasePrin->GetURI(getter_AddRefs(subjectURI)); - nsCOMPtr domReturnPrivate(do_QueryInterface(domReturn)); - domReturnPrivate->SetOpenerScriptURL(subjectURI); + principal->GetURI(getter_AddRefs(subjectURI)); + if (subjectURI) { + nsCOMPtr domReturnPrivate(do_QueryInterface(domReturn)); + domReturnPrivate->SetOpenerScriptURL(subjectURI); + } } } } diff --git a/mozilla/dom/src/base/nsJSEnvironment.cpp b/mozilla/dom/src/base/nsJSEnvironment.cpp index f06641edc21..40054a56598 100644 --- a/mozilla/dom/src/base/nsJSEnvironment.cpp +++ b/mozilla/dom/src/base/nsJSEnvironment.cpp @@ -628,7 +628,7 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript, JSPrincipals *jsprin; nsCOMPtr principal = aPrincipal; if (aPrincipal) { - aPrincipal->GetJSPrincipals(&jsprin); + aPrincipal->GetJsPrincipals(&jsprin); } else { nsCOMPtr global; @@ -641,7 +641,7 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript, rv = objPrincipal->GetPrincipal(getter_AddRefs(principal)); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - principal->GetJSPrincipals(&jsprin); + principal->GetJsPrincipals(&jsprin); } // From here on, we must JSPRINCIPALS_DROP(jsprin) before returning... @@ -806,7 +806,7 @@ nsJSContext::EvaluateString(const nsAString& aScript, JSPrincipals *jsprin; nsCOMPtr principal = aPrincipal; if (aPrincipal) { - aPrincipal->GetJSPrincipals(&jsprin); + aPrincipal->GetJsPrincipals(&jsprin); } else { nsCOMPtr global; @@ -819,7 +819,7 @@ nsJSContext::EvaluateString(const nsAString& aScript, rv = objPrincipal->GetPrincipal(getter_AddRefs(principal)); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - principal->GetJSPrincipals(&jsprin); + principal->GetJsPrincipals(&jsprin); } // From here on, we must JSPRINCIPALS_DROP(jsprin) before returning... @@ -919,7 +919,7 @@ nsJSContext::CompileScript(const PRUnichar* aText, aScopeObject = ::JS_GetGlobalObject(mContext); JSPrincipals *jsprin; - aPrincipal->GetJSPrincipals(&jsprin); + aPrincipal->GetJsPrincipals(&jsprin); // From here on, we must JSPRINCIPALS_DROP(jsprin) before returning... PRBool ok = PR_FALSE; @@ -1093,7 +1093,7 @@ nsJSContext::CompileEventHandler(void *aTarget, nsIAtom *aName, getter_AddRefs(prin)); NS_ENSURE_SUCCESS(rv, rv); - prin->GetJSPrincipals(&jsprin); + prin->GetJsPrincipals(&jsprin); NS_ENSURE_TRUE(jsprin, NS_ERROR_NOT_AVAILABLE); } @@ -1146,7 +1146,7 @@ nsJSContext::CompileFunction(void* aTarget, nsCOMPtr prin; if (NS_FAILED(globalData->GetPrincipal(getter_AddRefs(prin)))) return NS_ERROR_FAILURE; - prin->GetJSPrincipals(&jsprin); + prin->GetJsPrincipals(&jsprin); } } diff --git a/mozilla/dom/src/base/nsLocation.cpp b/mozilla/dom/src/base/nsLocation.cpp index 35f4d4c07d9..3440e10175d 100644 --- a/mozilla/dom/src/base/nsLocation.cpp +++ b/mozilla/dom/src/base/nsLocation.cpp @@ -58,7 +58,6 @@ #include "nsEscape.h" #include "nsJSUtils.h" #include "nsIScriptSecurityManager.h" -#include "nsICodebasePrincipal.h" #include "nsIDOMWindow.h" #include "nsIDOMDocument.h" #include "nsIDocument.h" diff --git a/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp b/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp index 86f5759b9c9..7fe1d3074ef 100644 --- a/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp +++ b/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp @@ -55,7 +55,6 @@ #include "nsIScriptGlobalObjectOwner.h" #include "nsIPrincipal.h" #include "nsIScriptSecurityManager.h" -#include "nsICodebasePrincipal.h" #include "nsIInterfaceRequestor.h" #include "nsIInterfaceRequestorUtils.h" #include "nsIStringStream.h" @@ -230,32 +229,21 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel) if (NS_FAILED(rv)) return rv; - PRBool equals = PR_FALSE; - if ((NS_FAILED(objectPrincipal->Equals(principal, &equals)) || !equals)) { - // If the principals aren't equal - - nsCOMPtr systemPrincipal; - securityManager->GetSystemPrincipal(getter_AddRefs(systemPrincipal)); - if (principal.get() != systemPrincipal.get()) { - // and the script to be run does not have the system principal - - nsCOMPtr - objectCodebase(do_QueryInterface(objectPrincipal)); - nsXPIDLCString objectOrigin; - rv = objectCodebase->GetOrigin(getter_Copies(objectOrigin)); - if (PL_strcmp("about:blank", objectOrigin) != 0) { - // and the target window is not about:blank, then - // don't run the script. Print a message to the console and - // return undefined. - - nsCOMPtr - console(do_GetService("@mozilla.org/consoleservice;1")); - if (console) { - console->LogStringMessage( - NS_LITERAL_STRING("Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.").get()); - } - return NS_ERROR_DOM_RETVAL_UNDEFINED; + nsCOMPtr systemPrincipal; + securityManager->GetSystemPrincipal(getter_AddRefs(systemPrincipal)); + if (principal != systemPrincipal) { + rv = securityManager->CheckSameOriginPrincipal(principal, + objectPrincipal); + if (NS_FAILED(rv)) { + nsCOMPtr console = + do_GetService("@mozilla.org/consoleservice;1"); + if (console) { + // XXX Localize me! + console->LogStringMessage( + NS_LITERAL_STRING("Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.").get()); } + + return NS_ERROR_DOM_RETVAL_UNDEFINED; } } } @@ -300,9 +288,9 @@ nsresult nsJSThunk::BringUpConsole(nsIDOMWindow *aDomWindow) nsresult rv; // First, get the Window Mediator service. - nsCOMPtr windowMediator; + nsCOMPtr windowMediator = + do_GetService(kWindowMediatorCID, &rv); - windowMediator = do_GetService(kWindowMediatorCID, &rv); if (NS_FAILED(rv)) return rv; // Next, find out whether there's a console already open. diff --git a/mozilla/embedding/browser/activex/src/plugin/LegacyPlugin.cpp b/mozilla/embedding/browser/activex/src/plugin/LegacyPlugin.cpp index 1358c9b2c64..df1142b4698 100644 --- a/mozilla/embedding/browser/activex/src/plugin/LegacyPlugin.cpp +++ b/mozilla/embedding/browser/activex/src/plugin/LegacyPlugin.cpp @@ -404,7 +404,7 @@ MozAxAutoPushJSContext::MozAxAutoPushJSContext(JSContext *cx, if (NS_SUCCEEDED(mPushResult)) { JSPrincipals* jsprinc; - principal->GetJSPrincipals(&jsprinc); + principal->GetJsPrincipals(&jsprinc); mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx), jsprinc, "", 0, "", 1); diff --git a/mozilla/extensions/webservices/schema/src/nsSchemaLoader.cpp b/mozilla/extensions/webservices/schema/src/nsSchemaLoader.cpp index 0e086a687a7..51c985be89f 100644 --- a/mozilla/extensions/webservices/schema/src/nsSchemaLoader.cpp +++ b/mozilla/extensions/webservices/schema/src/nsSchemaLoader.cpp @@ -43,7 +43,7 @@ // XPConnect includes #include "nsIXPConnect.h" #include "nsIScriptSecurityManager.h" -#include "nsICodebasePrincipal.h" +#include "nsIPrincipal.h" // XPCOM includes #include "nsIServiceManager.h" @@ -813,10 +813,7 @@ nsSchemaLoader::GetResolvedURI(const nsAString& aSchemaURI, nsCOMPtr principal; rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal)); if (NS_SUCCEEDED(rv)) { - nsCOMPtr codebase = do_QueryInterface(principal); - if (codebase) { - codebase->GetURI(getter_AddRefs(baseURI)); - } + principal->GetURI(getter_AddRefs(baseURI)); } rv = NS_NewURI(aURI, aSchemaURI, nsnull, baseURI); diff --git a/mozilla/extensions/webservices/security/src/nsWebScriptsAccess.cpp b/mozilla/extensions/webservices/security/src/nsWebScriptsAccess.cpp index 2c219d9303b..f53f10eb50a 100755 --- a/mozilla/extensions/webservices/security/src/nsWebScriptsAccess.cpp +++ b/mozilla/extensions/webservices/security/src/nsWebScriptsAccess.cpp @@ -43,7 +43,7 @@ #include "nsIDOMNodeList.h" #include "nsIDOMAttr.h" #include "nsIDOMNamedNodeMap.h" -#include "nsICodebasePrincipal.h" +#include "nsIPrincipal.h" #include "nsIURL.h" #include "nsReadableUtils.h" #include "nsIHttpChannel.h" @@ -260,13 +260,7 @@ nsWebScriptsAccess::GetCodebaseURI(nsIURI** aCodebase) rv = mSecurityManager->GetSubjectPrincipal(getter_AddRefs(principal)); NS_ENSURE_SUCCESS(rv, rv); - nsCOMPtr codebase(do_QueryInterface(principal, &rv)); - NS_ENSURE_SUCCESS(rv, rv); - - rv = codebase->GetURI(aCodebase); - NS_ENSURE_SUCCESS(rv, rv); - - return NS_OK; + return principal->GetURI(aCodebase); } nsresult diff --git a/mozilla/extensions/webservices/soap/src/nsHTTPSOAPTransport.cpp b/mozilla/extensions/webservices/soap/src/nsHTTPSOAPTransport.cpp index 48fc8cbbbc6..086af245308 100644 --- a/mozilla/extensions/webservices/soap/src/nsHTTPSOAPTransport.cpp +++ b/mozilla/extensions/webservices/soap/src/nsHTTPSOAPTransport.cpp @@ -44,7 +44,7 @@ #include "nsIURI.h" #include "nsNetUtil.h" #include "nsIScriptSecurityManager.h" -#include "nsICodebasePrincipal.h" +#include "nsIPrincipal.h" #include "nsIVariant.h" #include "nsString.h" #include "nsSOAPUtils.h" @@ -57,7 +57,6 @@ #include "nsIWebScriptsAccessService.h" #include "nsMemory.h" #include "nsIDocument.h" -#include "nsIAggregatePrincipal.h" nsHTTPSOAPTransport::nsHTTPSOAPTransport() { @@ -123,23 +122,15 @@ nsresult ChangePrincipal(nsIDOMDocument* aDocument) rv = secMgr->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal)); NS_ENSURE_SUCCESS(rv, rv); - nsCOMPtr subjectAgg = - do_QueryInterface(subjectPrincipal, &rv); + nsCOMPtr subjectURI; + rv = subjectPrincipal->GetURI(getter_AddRefs(subjectURI)); NS_ENSURE_SUCCESS(rv, rv); - - nsCOMPtr subjectCodebase; - rv = subjectAgg->GetOriginalCodebase(getter_AddRefs(subjectCodebase)); - NS_ENSURE_SUCCESS(rv, rv); - + nsCOMPtr targetPrincipal; rv = targetDoc->GetPrincipal(getter_AddRefs(targetPrincipal)); NS_ENSURE_SUCCESS(rv, rv); - nsCOMPtr targetAgg = - do_QueryInterface(targetPrincipal, &rv); - NS_ENSURE_SUCCESS(rv, rv); - - rv = targetAgg->SetCodebase(subjectCodebase); + rv = targetPrincipal->SetURI(subjectURI); } return rv; } @@ -216,24 +207,20 @@ static nsresult GetTransportURI(nsISOAPCall * aCall, nsAString & aURI) "SOAP_INVOKE_VERIFY_PRINCIPAL", "Source-verified message cannot be sent without principal."); } - nsCOMPtr codebase = do_QueryInterface(principal,&rc); - if (NS_FAILED(rc)) - return rc; - - if (!codebase) { + + nsCOMPtr uri; + principal->GetURI(getter_AddRefs(uri)); + if (!uri) { return SOAP_EXCEPTION(NS_ERROR_FAILURE, - "SOAP_INVOKE_VERIFY_CODEBASE", - "Source-verified message cannot be sent without codebase."); + "SOAP_INVOKE_VERIFY_URI", + "Source-verified message cannot be sent without URI."); } - - char* str; - rc = codebase->GetSpec(&str); + nsCAutoString spec; + rc = uri->GetSpec(spec); if (NS_FAILED(rc)) return rc; - CopyASCIItoUCS2(nsDependentCString(str), sourceURI); - nsMemory::Free(str); - + CopyASCIItoUCS2(spec, sourceURI); } // Adding a header to tell the server that it must understand and verify the source of the call diff --git a/mozilla/extensions/webservices/wsdl/src/nsWSDLLoader.cpp b/mozilla/extensions/webservices/wsdl/src/nsWSDLLoader.cpp index a5db5fc88a5..63edfe39d5f 100644 --- a/mozilla/extensions/webservices/wsdl/src/nsWSDLLoader.cpp +++ b/mozilla/extensions/webservices/wsdl/src/nsWSDLLoader.cpp @@ -40,7 +40,7 @@ // XPConnect includes #include "nsIXPConnect.h" #include "nsIScriptSecurityManager.h" -#include "nsICodebasePrincipal.h" +#include "nsIPrincipal.h" // XPCOM includes #include "nsIServiceManager.h" @@ -218,10 +218,7 @@ nsWSDLLoader::GetResolvedURI(const nsAString& aWSDLURI, const char* aMethod, nsCOMPtr principal; rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal)); if (NS_SUCCEEDED(rv)) { - nsCOMPtr codebase = do_QueryInterface(principal); - if (codebase) { - codebase->GetURI(getter_AddRefs(baseURI)); - } + principal->GetURI(getter_AddRefs(baseURI)); } rv = NS_NewURI(aURI, aWSDLURI, nsnull, baseURI); diff --git a/mozilla/extensions/xmlextras/base/src/nsDOMSerializer.cpp b/mozilla/extensions/xmlextras/base/src/nsDOMSerializer.cpp index c10d745704d..b34833b8364 100644 --- a/mozilla/extensions/xmlextras/base/src/nsDOMSerializer.cpp +++ b/mozilla/extensions/xmlextras/base/src/nsDOMSerializer.cpp @@ -50,7 +50,6 @@ #include "nsIJSContextStack.h" #include "nsIScriptSecurityManager.h" -#include "nsICodebasePrincipal.h" #include "nsIURI.h" nsDOMSerializer::nsDOMSerializer() @@ -156,11 +155,8 @@ nsresult CheckSameOrigin(nsIDOMNode *aRoot) doc->GetPrincipal(getter_AddRefs(principal)); - nsCOMPtr codebase_principal = - do_QueryInterface(principal); - - if (codebase_principal) { - codebase_principal->GetURI(getter_AddRefs(root_uri)); + if (principal) { + principal->GetURI(getter_AddRefs(root_uri)); } if (root_uri) { diff --git a/mozilla/js/src/liveconnect/nsCLiveconnect.cpp b/mozilla/js/src/liveconnect/nsCLiveconnect.cpp index 8f01e833a33..ca44634e78d 100644 --- a/mozilla/js/src/liveconnect/nsCLiveconnect.cpp +++ b/mozilla/js/src/liveconnect/nsCLiveconnect.cpp @@ -210,7 +210,7 @@ AutoPushJSContext::AutoPushJSContext(nsISupports* aSecuritySupports, if (!hasScript) { JSPrincipals* jsprinc; - principal->GetJSPrincipals(&jsprinc); + principal->GetJsPrincipals(&jsprinc); mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx), jsprinc, "", 0, "", 1); diff --git a/mozilla/js/src/xpconnect/loader/mozJSComponentLoader.cpp b/mozilla/js/src/xpconnect/loader/mozJSComponentLoader.cpp index 8d481b043a2..136397f818d 100644 --- a/mozilla/js/src/xpconnect/loader/mozJSComponentLoader.cpp +++ b/mozilla/js/src/xpconnect/loader/mozJSComponentLoader.cpp @@ -268,7 +268,7 @@ EvalInSandbox(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, NS_FAILED(secman->GetCodebasePrincipal(iURL, getter_AddRefs(principal))) || !principal || - NS_FAILED(principal->GetJSPrincipals(&jsPrincipals)) || + NS_FAILED(principal->GetJsPrincipals(&jsPrincipals)) || !jsPrincipals) { JS_ReportError(cx, "Can't get principals for evalInSandbox"); return JS_FALSE; @@ -996,7 +996,7 @@ mozJSComponentLoader::GlobalForLocation(const char *aLocation, nsCOMPtr backstagePass = new BackstagePass(mSystemPrincipal); - rv = mSystemPrincipal->GetJSPrincipals(&jsPrincipals); + rv = mSystemPrincipal->GetJsPrincipals(&jsPrincipals); if (NS_FAILED(rv) || !jsPrincipals) return nsnull; diff --git a/mozilla/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp b/mozilla/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp index efd0e19e90d..4ba3cb45874 100644 --- a/mozilla/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp +++ b/mozilla/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp @@ -299,7 +299,7 @@ mozJSSubScriptLoader::LoadSubScript (const PRUnichar * /*url*/ /* we can't hold onto jsPrincipals as a module var because the * JSPRINCIPALS_DROP macro takes a JSContext, which we won't have in the * destructor */ - rv = mSystemPrincipal->GetJSPrincipals(&jsPrincipals); + rv = mSystemPrincipal->GetJsPrincipals(&jsPrincipals); if (NS_FAILED(rv) || !jsPrincipals) { delete[] buf; return rv; diff --git a/mozilla/layout/generic/nsFrameFrame.cpp b/mozilla/layout/generic/nsFrameFrame.cpp index f881de8690f..a763da8b210 100644 --- a/mozilla/layout/generic/nsFrameFrame.cpp +++ b/mozilla/layout/generic/nsFrameFrame.cpp @@ -76,7 +76,6 @@ #include "nsLayoutAtoms.h" #include "nsIChromeEventHandler.h" #include "nsIScriptSecurityManager.h" -#include "nsICodebasePrincipal.h" #include "nsXPIDLString.h" #include "nsIScrollable.h" #include "nsINameSpaceManager.h" diff --git a/mozilla/layout/html/document/src/nsFrameFrame.cpp b/mozilla/layout/html/document/src/nsFrameFrame.cpp index f881de8690f..a763da8b210 100644 --- a/mozilla/layout/html/document/src/nsFrameFrame.cpp +++ b/mozilla/layout/html/document/src/nsFrameFrame.cpp @@ -76,7 +76,6 @@ #include "nsLayoutAtoms.h" #include "nsIChromeEventHandler.h" #include "nsIScriptSecurityManager.h" -#include "nsICodebasePrincipal.h" #include "nsXPIDLString.h" #include "nsIScrollable.h" #include "nsINameSpaceManager.h" diff --git a/mozilla/modules/libjar/nsJARChannel.cpp b/mozilla/modules/libjar/nsJARChannel.cpp index 5b6cc816ed1..60a4cfbc300 100644 --- a/mozilla/modules/libjar/nsJARChannel.cpp +++ b/mozilla/modules/libjar/nsJARChannel.cpp @@ -22,12 +22,11 @@ #include "nsMimeTypes.h" #include "nsNetUtil.h" -#include "nsScriptSecurityManager.h" -#include "nsIAggregatePrincipal.h" +#include "nsIScriptSecurityManager.h" +#include "nsIPrincipal.h" #include "nsIFileURL.h" #include "nsIJAR.h" -static NS_DEFINE_CID(kScriptSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID); static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID); //----------------------------------------------------------------------------- @@ -424,22 +423,28 @@ nsJARChannel::GetOwner(nsISupports **result) if (cert) { // Get the codebase principal nsCOMPtr secMan = - do_GetService(kScriptSecurityManagerCID, &rv); + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); if (NS_FAILED(rv)) return rv; nsCOMPtr codebase; rv = secMan->GetCodebasePrincipal(mJarBaseURI, getter_AddRefs(codebase)); if (NS_FAILED(rv)) return rv; - + + nsCOMPtr codebaseURI; + codebase->GetURI(getter_AddRefs(codebaseURI)); + + nsCOMPtr domainURI; + codebase->GetDomain(getter_AddRefs(domainURI)); + // Join the certificate and the codebase - nsCOMPtr agg = do_QueryInterface(cert, &rv); + rv = cert->SetURI(codebaseURI); if (NS_FAILED(rv)) return rv; - rv = agg->SetCodebase(codebase); + rv = cert->SetDomain(domainURI); if (NS_FAILED(rv)) return rv; - mOwner = do_QueryInterface(agg, &rv); + mOwner = do_QueryInterface(cert, &rv); if (NS_FAILED(rv)) return rv; NS_ADDREF(*result = mOwner); diff --git a/mozilla/modules/libpref/src/nsPrefBranch.cpp b/mozilla/modules/libpref/src/nsPrefBranch.cpp index b85e3900b7f..f313c30f9c1 100644 --- a/mozilla/modules/libpref/src/nsPrefBranch.cpp +++ b/mozilla/modules/libpref/src/nsPrefBranch.cpp @@ -46,7 +46,7 @@ #include "nsString.h" #include "nsReadableUtils.h" #include "nsXPIDLString.h" -#include "nsScriptSecurityManager.h" +#include "nsIScriptSecurityManager.h" #include "nsIStringBundle.h" #include "prefapi.h" #include "prmem.h" @@ -68,8 +68,6 @@ struct PrefCallbackData { }; -static NS_DEFINE_CID(kSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID); - // Prototypes extern PrefResult pref_UnlockPref(const char *key); PR_STATIC_CALLBACK(PLDHashOperator) @@ -897,7 +895,7 @@ nsresult nsPrefBranch::getValidatedPrefName(const char *aPrefName, const char ** { nsresult rv; nsCOMPtr secMan = - do_GetService(kSecurityManagerCID, &rv); + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); PRBool enabled; if (NS_FAILED(rv)) diff --git a/mozilla/modules/oji/src/ProxyClassLoader.cpp b/mozilla/modules/oji/src/ProxyClassLoader.cpp index 4f82ea23f30..a3909eb4f10 100644 --- a/mozilla/modules/oji/src/ProxyClassLoader.cpp +++ b/mozilla/modules/oji/src/ProxyClassLoader.cpp @@ -45,7 +45,6 @@ #include "nsIServiceManager.h" #include "nsIJSContextStack.h" #include "nsIPrincipal.h" -#include "nsICodebasePrincipal.h" #include "nsIScriptContext.h" #include "nsIScriptGlobalObject.h" #include "nsIScriptObjectPrincipal.h" @@ -70,9 +69,7 @@ static nsresult getScriptCodebase(JSContext* cx, nsIURI* *result) nsCOMPtr principal; scriptObjectPrincipal->GetPrincipal(getter_AddRefs(principal)); if (principal) { - nsCOMPtr codebasePrincipal = do_QueryInterface(principal); - if (codebasePrincipal) - return codebasePrincipal->GetURI(result); + return principal->GetURI(result); } } } diff --git a/mozilla/modules/oji/src/lcglue.cpp b/mozilla/modules/oji/src/lcglue.cpp index bf98f5b967d..5a205c76cfe 100644 --- a/mozilla/modules/oji/src/lcglue.cpp +++ b/mozilla/modules/oji/src/lcglue.cpp @@ -358,7 +358,7 @@ get_JSPrincipals_from_java_caller_impl(JNIEnv *pJNIEnv, JSContext *pJSContext, v rv = ssm->GetCodebasePrincipal(codebaseURI, getter_AddRefs(principal)); if (NS_SUCCEEDED(rv)) { JSPrincipals* jsprincipals; - principal->GetJSPrincipals(&jsprincipals); + principal->GetJsPrincipals(&jsprincipals); return jsprincipals; } } @@ -368,7 +368,7 @@ get_JSPrincipals_from_java_caller_impl(JNIEnv *pJNIEnv, JSContext *pJSContext, v nsCOMPtr principal = do_QueryInterface(credentials); if (principal) { JSPrincipals* jsprincipals; - principal->GetJSPrincipals(&jsprincipals); + principal->GetJsPrincipals(&jsprincipals); return jsprincipals; } } diff --git a/mozilla/modules/oji/src/nsCSecurityContext.cpp b/mozilla/modules/oji/src/nsCSecurityContext.cpp index 80a652a68f6..114c24d46de 100644 --- a/mozilla/modules/oji/src/nsCSecurityContext.cpp +++ b/mozilla/modules/oji/src/nsCSecurityContext.cpp @@ -54,14 +54,11 @@ // For GetOrigin() #include "nsCOMPtr.h" -#include "nsJSPrincipals.h" -#include "nsSystemPrincipal.h" -#include "nsCodebasePrincipal.h" -#include "nsCertificatePrincipal.h" -#include "nsScriptSecurityManager.h" +#include "nsIScriptSecurityManager.h" #include "nsIScriptGlobalObject.h" #include "nsIServiceManager.h" #include "nsIScriptObjectPrincipal.h" +#include "nsIPrincipal.h" #include "nsCRT.h" #include "nsTraceRefcnt.h" @@ -162,39 +159,27 @@ nsCSecurityContext::GetOrigin(char* buf, int buflen) } } - nsCOMPtr codebase = do_QueryInterface(m_pPrincipal); - if (!codebase) + nsXPIDLCString origin; + m_pPrincipal->GetOrigin(getter_Copies(origin)); + + if (origin.IsEmpty()) { return NS_ERROR_FAILURE; - - char* origin=nsnull; - codebase->GetOrigin(&origin); - - if (origin) { - PRInt32 originlen = (PRInt32) strlen(origin); - if (!buf || buflen<=originlen) { - if (origin) { - nsCRT::free(origin); - } - return NS_ERROR_FAILURE; - } - - // Copy the string into to user supplied buffer. Is there a better - // way to do this? - - memcpy(buf,origin,originlen); - buf[originlen]=nsnull; // Gotta terminate it. - nsCRT::free(origin); - } else { - *buf = nsnull; } + // Copy the string into to user supplied buffer. Is there a better + // way to do this? + + PRInt32 originlen = origin.Length(); + memcpy(buf, origin, originlen); + buf[originlen] = nsnull; // Gotta terminate it. + return NS_OK; } NS_METHOD nsCSecurityContext::GetCertificateID(char* buf, int buflen) { - nsCOMPtr principal = NULL; + nsCOMPtr principal; // Get the Script Security Manager. @@ -203,28 +188,19 @@ nsCSecurityContext::GetCertificateID(char* buf, int buflen) do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); if (NS_FAILED(rv) || !secMan) return NS_ERROR_FAILURE; - secMan->GetSubjectPrincipal(getter_AddRefs(principal)); - nsCOMPtr cprincipal = do_QueryInterface(principal); - if (!cprincipal) + + nsXPIDLCString certificate; + principal->GetCertificateID(getter_Copies(certificate)); + + PRInt32 certlen = certificate.Length(); + if (buflen <= certlen) { return NS_ERROR_FAILURE; - - char* certificate = nsnull; - cprincipal->GetCertificateID(&certificate); - - if (certificate) { - PRInt32 certlen = (PRInt32) strlen(certificate); - if( buflen<=certlen ) { - nsCRT::free(certificate); - return NS_ERROR_FAILURE; - } - memcpy(buf,certificate,certlen); - buf[certlen]=nsnull; - nsCRT::free(certificate); - } else { - *buf = nsnull; } + memcpy(buf, certificate.get(), certlen); + buf[certlen] = nsnull; + return NS_OK; } diff --git a/mozilla/modules/oji/src/nsJVMManager.cpp b/mozilla/modules/oji/src/nsJVMManager.cpp index 3412fec2393..a646faac9bf 100644 --- a/mozilla/modules/oji/src/nsJVMManager.cpp +++ b/mozilla/modules/oji/src/nsJVMManager.cpp @@ -68,14 +68,10 @@ #include "nspr.h" #include "plstr.h" #include "nsCOMPtr.h" -//#include "nsJSPrincipals.h" -//#include "nsSystemPrincipal.h" -//#include "nsCodebasePrincipal.h" -#include "nsCertificatePrincipal.h" +#include "nsIPrincipal.h" #include "nsIScriptSecurityManager.h" #include "nsISignatureVerifier.h" -//#include "nsScriptSecurityManager.h" extern "C" int XP_PROGRESS_STARTING_JAVA; extern "C" int XP_PROGRESS_STARTING_JAVA_DONE; @@ -971,15 +967,8 @@ nsJVMManager::IsAllPermissionGranted( rv = secMan->GetCertificatePrincipal(lastFP, &pIPrincipal); if (NS_FAILED(rv)) return PR_FALSE; - // Get the nsICertificatePrincipal interface so that we can set the - // common name. The common name is a user meaningful string. - - nsCOMPtr pICertificate = do_QueryInterface(pIPrincipal, &rv); - if (NS_FAILED(rv) || !pICertificate) return PR_FALSE; - // Set the common name. - - rv = pICertificate->SetCommonName(lastCN); + rv = pIPrincipal->SetCommonName(lastCN); PRInt16 ret; diff --git a/mozilla/netwerk/protocol/jar/src/nsJARChannel.cpp b/mozilla/netwerk/protocol/jar/src/nsJARChannel.cpp index 5b6cc816ed1..60a4cfbc300 100644 --- a/mozilla/netwerk/protocol/jar/src/nsJARChannel.cpp +++ b/mozilla/netwerk/protocol/jar/src/nsJARChannel.cpp @@ -22,12 +22,11 @@ #include "nsMimeTypes.h" #include "nsNetUtil.h" -#include "nsScriptSecurityManager.h" -#include "nsIAggregatePrincipal.h" +#include "nsIScriptSecurityManager.h" +#include "nsIPrincipal.h" #include "nsIFileURL.h" #include "nsIJAR.h" -static NS_DEFINE_CID(kScriptSecurityManagerCID, NS_SCRIPTSECURITYMANAGER_CID); static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID); //----------------------------------------------------------------------------- @@ -424,22 +423,28 @@ nsJARChannel::GetOwner(nsISupports **result) if (cert) { // Get the codebase principal nsCOMPtr secMan = - do_GetService(kScriptSecurityManagerCID, &rv); + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); if (NS_FAILED(rv)) return rv; nsCOMPtr codebase; rv = secMan->GetCodebasePrincipal(mJarBaseURI, getter_AddRefs(codebase)); if (NS_FAILED(rv)) return rv; - + + nsCOMPtr codebaseURI; + codebase->GetURI(getter_AddRefs(codebaseURI)); + + nsCOMPtr domainURI; + codebase->GetDomain(getter_AddRefs(domainURI)); + // Join the certificate and the codebase - nsCOMPtr agg = do_QueryInterface(cert, &rv); + rv = cert->SetURI(codebaseURI); if (NS_FAILED(rv)) return rv; - rv = agg->SetCodebase(codebase); + rv = cert->SetDomain(domainURI); if (NS_FAILED(rv)) return rv; - mOwner = do_QueryInterface(agg, &rv); + mOwner = do_QueryInterface(cert, &rv); if (NS_FAILED(rv)) return rv; NS_ADDREF(*result = mOwner); diff --git a/mozilla/security/manager/ssl/src/nsCrypto.cpp b/mozilla/security/manager/ssl/src/nsCrypto.cpp index 770f2be4e97..415f0ca6ec0 100644 --- a/mozilla/security/manager/ssl/src/nsCrypto.cpp +++ b/mozilla/security/manager/ssl/src/nsCrypto.cpp @@ -47,12 +47,12 @@ #include "nsIPrompt.h" #include "nsIFilePicker.h" #include "nsJSPrincipals.h" -#include "nsScriptSecurityManager.h" #include "nsIPrincipal.h" #include "nsXPIDLString.h" #include "nsIGenKeypairInfoDlg.h" #include "nsIDOMCryptoDialogs.h" #include "jsapi.h" +#include "jsdbgapi.h" #include #include "nsReadableUtils.h" #include "pk11func.h" @@ -1788,7 +1788,7 @@ nsCryptoRunnable::Run() nsNSSShutDownPreventionLock locker; JSPrincipals *principals; - nsresult rv = m_args->m_principals->GetJSPrincipals(&principals); + nsresult rv = m_args->m_principals->GetJsPrincipals(&principals); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; diff --git a/mozilla/security/manager/ssl/src/nsCrypto.h b/mozilla/security/manager/ssl/src/nsCrypto.h index f99c8c79210..0b76ede8ca4 100644 --- a/mozilla/security/manager/ssl/src/nsCrypto.h +++ b/mozilla/security/manager/ssl/src/nsCrypto.h @@ -28,7 +28,6 @@ #include "nsIDOMPkcs11.h" #include "nsString.h" #include "jsapi.h" -#include "nsIPrincipal.h" #define NS_CRYPTO_CLASSNAME "Crypto JavaScript Class" #define NS_CRYPTO_CID \ @@ -43,6 +42,7 @@ class nsIPSMComponent; class nsIDOMScriptObjectFactory; class nsIEventQueue; +class nsIPrincipal; class nsCRMFObject : public nsIDOMCRMFObject diff --git a/mozilla/security/manager/ssl/src/nsNSSComponent.cpp b/mozilla/security/manager/ssl/src/nsNSSComponent.cpp index 79d45d1a752..d5ac5779cd4 100644 --- a/mozilla/security/manager/ssl/src/nsNSSComponent.cpp +++ b/mozilla/security/manager/ssl/src/nsNSSComponent.cpp @@ -58,7 +58,6 @@ #include "nsIWindowWatcher.h" #include "nsIPrompt.h" #include "nsProxiedService.h" -#include "nsICertificatePrincipal.h" #include "nsReadableUtils.h" #include "nsIDateTimeFormat.h" #include "prtypes.h" @@ -1461,13 +1460,11 @@ nsNSSComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen, rv2 = mScriptSecurityManager->GetCertificatePrincipal(fingerprintStr.get(), aPrincipal); if (NS_FAILED(rv2) || !*aPrincipal) return rv2; - nsCOMPtr certPrincipal = do_QueryInterface(*aPrincipal, &rv2); - if (NS_FAILED(rv2)) return rv2; nsAutoString orgName; rv2 = pCert->GetOrganization(orgName); if (NS_FAILED(rv2)) return rv2; NS_LossyConvertUCS2toASCII orgNameStr(orgName); - rv2 = certPrincipal->SetCommonName(orgNameStr.get()); + rv2 = (*aPrincipal)->SetCommonName(orgNameStr.get()); if (NS_FAILED(rv2)) return rv2; } diff --git a/mozilla/xpinstall/src/CertReader.cpp b/mozilla/xpinstall/src/CertReader.cpp index 83722ba96af..d375a65cd7d 100644 --- a/mozilla/xpinstall/src/CertReader.cpp +++ b/mozilla/xpinstall/src/CertReader.cpp @@ -42,6 +42,10 @@ #include "nsIServiceManager.h" #include "nsISignatureVerifier.h" #include "nsIInputStream.h" +#include "nsIPrincipal.h" +#include "nsIURI.h" +#include "nsPICertNotification.h" + #include "nsNetUtil.h" diff --git a/mozilla/xpinstall/src/CertReader.h b/mozilla/xpinstall/src/CertReader.h index 22e62a750a3..5558282e00e 100644 --- a/mozilla/xpinstall/src/CertReader.h +++ b/mozilla/xpinstall/src/CertReader.h @@ -36,11 +36,12 @@ #include "nsCOMPtr.h" #include "nsIStreamListener.h" #include "nsString.h" -#include "nsISignatureVerifier.h" -#include "nsICertificatePrincipal.h" -#include "nsIPrincipal.h" -#include "nsIURI.h" -#include "nsPICertNotification.h" + +class nsISignatureVerifier; +class nsIPrincipal; +class nsIURI; +class nsPICertNotification; + class CertReader : public nsIStreamListener { diff --git a/mozilla/xpinstall/src/nsSoftwareUpdateRun.cpp b/mozilla/xpinstall/src/nsSoftwareUpdateRun.cpp index 6d9e42fd83c..ba46f66dd0b 100644 --- a/mozilla/xpinstall/src/nsSoftwareUpdateRun.cpp +++ b/mozilla/xpinstall/src/nsSoftwareUpdateRun.cpp @@ -55,7 +55,6 @@ #include "nsIJAR.h" #include "nsIPrincipal.h" -#include "nsICertificatePrincipal.h" static NS_DEFINE_CID(kSoftwareUpdateCID, NS_SoftwareUpdate_CID); static NS_DEFINE_CID(kEventQueueServiceCID, NS_EVENTQUEUESERVICE_CID); @@ -82,8 +81,9 @@ nsresult VerifySigning(nsIZipReader* hZip, nsIPrincipal* aPrincipal) if (!aPrincipal) return NS_OK; // not signed, but not an error - nsCOMPtr cp(do_QueryInterface(aPrincipal)); - if (!cp) + PRBool hasCert; + aPrincipal->GetHasCertificate(&hasCert); + if (!hasCert) return NS_ERROR_FAILURE; nsCOMPtr jar(do_QueryInterface(hZip)); diff --git a/mozilla/xpinstall/src/nsXPITriggerInfo.cpp b/mozilla/xpinstall/src/nsXPITriggerInfo.cpp index d607731cea8..36abce80887 100644 --- a/mozilla/xpinstall/src/nsXPITriggerInfo.cpp +++ b/mozilla/xpinstall/src/nsXPITriggerInfo.cpp @@ -1,4 +1,4 @@ -/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * The contents of this file are subject to the Netscape Public * License Version 1.1 (the "License"); you may not use this file @@ -27,7 +27,6 @@ #include "nsDebug.h" #include "nsIServiceManager.h" #include "nsIEventQueueService.h" -#include "nsICertificatePrincipal.h" static NS_DEFINE_IID(kEventQueueServiceCID, NS_EVENTQUEUESERVICE_CID); @@ -93,15 +92,17 @@ PRBool nsXPITriggerItem::IsRelativeURL() void nsXPITriggerItem::SetPrincipal(nsIPrincipal* aPrincipal) { - mPrincipal = aPrincipal; + mPrincipal = aPrincipal; - nsCOMPtr cp(do_QueryInterface(aPrincipal)); - if (cp) { - nsXPIDLCString cName; - cp->GetCommonName(getter_Copies(cName)); - mCertName = NS_ConvertUTF8toUCS2(cName); - } + PRBool hasCert; + aPrincipal->GetHasCertificate(&hasCert); + if (hasCert) { + nsXPIDLCString cName; + aPrincipal->GetCommonName(getter_Copies(cName)); + mCertName = NS_ConvertUTF8toUCS2(cName); + } } + // // nsXPITriggerInfo //