source: trunk/third/mozilla/caps/src/nsSecurityManagerFactory.cpp @ 20014

Revision 20014, 14.7 KB checked in by rbasch, 21 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r20013, which included commits to RCS files with non-trunk default branches.
Line 
1/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2/* ***** BEGIN LICENSE BLOCK *****
3 * Version: NPL 1.1/GPL 2.0/LGPL 2.1
4 *
5 * The contents of this file are subject to the Netscape Public License
6 * Version 1.1 (the "License"); you may not use this file except in
7 * compliance with the License. You may obtain a copy of the License at
8 * http://www.mozilla.org/NPL/
9 *
10 * Software distributed under the License is distributed on an "AS IS" basis,
11 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 * for the specific language governing rights and limitations under the
13 * License.
14 *
15 * The Original Code is mozilla.org code.
16 *
17 * The Initial Developer of the Original Code is
18 * Netscape Communications Corporation.
19 * Portions created by the Initial Developer are Copyright (C) 1998
20 * the Initial Developer. All Rights Reserved.
21 *
22 * Contributor(s):
23 *
24 *
25 * Alternatively, the contents of this file may be used under the terms of
26 * either the GNU General Public License Version 2 or later (the "GPL"), or
27 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
28 * in which case the provisions of the GPL or the LGPL are applicable instead
29 * of those above. If you wish to allow use of your version of this file only
30 * under the terms of either the GPL or the LGPL, and not to allow others to
31 * use your version of this file under the terms of the NPL, indicate your
32 * decision by deleting the provisions above and replace them with the notice
33 * and other provisions required by the GPL or the LGPL. If you do not delete
34 * the provisions above, a recipient may use your version of this file under
35 * the terms of any one of the NPL, the GPL or the LGPL.
36 *
37 * ***** END LICENSE BLOCK ***** */
38/*Factory for internal browser security resource managers*/
39
40#include "nsCOMPtr.h"
41#include "nsIModule.h"
42#include "nsIGenericFactory.h"
43#include "nsIScriptSecurityManager.h"
44#include "nsScriptSecurityManager.h"
45#include "nsIPrincipal.h"
46#include "nsAggregatePrincipal.h"
47#include "nsCertificatePrincipal.h"
48#include "nsCodebasePrincipal.h"
49#include "nsSystemPrincipal.h"
50#include "nsIScriptNameSpaceManager.h"
51#include "nsIScriptExternalNameSet.h"
52#include "nsIScriptContext.h"
53#include "nsICategoryManager.h"
54#include "nsXPIDLString.h"
55#include "nsCOMPtr.h"
56#include "nsIServiceManager.h"
57
58///////////////////////
59// nsSecurityNameSet //
60///////////////////////
61
62#define NS_SECURITYNAMESET_CID \
63 { 0x7c02eadc, 0x76, 0x4d03, \
64 { 0x99, 0x8d, 0x80, 0xd7, 0x79, 0xc4, 0x85, 0x89 } }
65#define NS_SECURITYNAMESET_CONTRACTID "@mozilla.org/security/script/nameset;1"
66
67class nsSecurityNameSet : public nsIScriptExternalNameSet
68{
69public:
70    nsSecurityNameSet();
71    virtual ~nsSecurityNameSet();
72   
73    NS_DECL_ISUPPORTS
74
75    NS_IMETHOD InitializeNameSet(nsIScriptContext* aScriptContext);
76};
77
78nsSecurityNameSet::nsSecurityNameSet()
79{
80}
81
82nsSecurityNameSet::~nsSecurityNameSet()
83{
84}
85
86NS_IMPL_ISUPPORTS1(nsSecurityNameSet, nsIScriptExternalNameSet)
87
88static char *
89getStringArgument(JSContext *cx, JSObject *obj, PRUint16 argNum, uintN argc, jsval *argv)
90{
91    if (argc <= argNum || !JSVAL_IS_STRING(argv[argNum])) {
92        JS_ReportError(cx, "String argument expected");
93        return nsnull;
94    }
95
96    /*
97     * We don't want to use JS_ValueToString because we want to be able
98     * to have an object to represent a target in subsequent versions.
99     */
100    JSString *str = JSVAL_TO_STRING(argv[argNum]);
101    if (!str)
102        return nsnull;
103
104    return JS_GetStringBytes(str);
105}
106
107PR_STATIC_CALLBACK(JSBool)
108netscape_security_isPrivilegeEnabled(JSContext *cx, JSObject *obj, uintN argc,
109                                     jsval *argv, jsval *rval)
110{
111    JSBool result = JS_FALSE;
112    char *cap = getStringArgument(cx, obj, 0, argc, argv);
113    if (cap) {
114        nsresult rv;
115        nsCOMPtr<nsIScriptSecurityManager> securityManager =
116                 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
117        if (NS_SUCCEEDED(rv)) {
118            //            NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
119
120            rv = securityManager->IsCapabilityEnabled(cap, &result);
121            if (NS_FAILED(rv))
122                result = JS_FALSE;
123        }
124    }
125    *rval = BOOLEAN_TO_JSVAL(result);
126    return JS_TRUE;
127}
128
129
130PR_STATIC_CALLBACK(JSBool)
131netscape_security_enablePrivilege(JSContext *cx, JSObject *obj, uintN argc,
132                                  jsval *argv, jsval *rval)
133{
134    char *cap = getStringArgument(cx, obj, 0, argc, argv);
135    if (!cap)
136        return JS_FALSE;
137
138    nsresult rv;
139    nsCOMPtr<nsIScriptSecurityManager> securityManager =
140             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
141    if (NS_FAILED(rv))
142        return JS_FALSE;
143
144    //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
145
146    rv = securityManager->EnableCapability(cap);
147    if (NS_FAILED(rv))
148        return JS_FALSE;
149    return JS_TRUE;
150}
151
152PR_STATIC_CALLBACK(JSBool)
153netscape_security_disablePrivilege(JSContext *cx, JSObject *obj, uintN argc,
154                                   jsval *argv, jsval *rval)
155{
156    char *cap = getStringArgument(cx, obj, 0, argc, argv);
157    if (!cap)
158        return JS_FALSE;
159
160    nsresult rv;
161    nsCOMPtr<nsIScriptSecurityManager> securityManager =
162             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
163    if (NS_FAILED(rv))
164        return JS_FALSE;
165
166    //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
167
168    rv = securityManager->DisableCapability(cap);
169    if (NS_FAILED(rv))
170        return JS_FALSE;
171    return JS_TRUE;
172}
173
174PR_STATIC_CALLBACK(JSBool)
175netscape_security_revertPrivilege(JSContext *cx, JSObject *obj, uintN argc,
176                                  jsval *argv, jsval *rval)
177{
178    char *cap = getStringArgument(cx, obj, 0, argc, argv);
179    if (!cap)
180        return JS_FALSE;
181
182    nsresult rv;
183    nsCOMPtr<nsIScriptSecurityManager> securityManager =
184             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
185    if (NS_FAILED(rv))
186        return JS_FALSE;
187
188    //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
189
190    rv = securityManager->RevertCapability(cap);
191    if (NS_FAILED(rv))
192        return JS_FALSE;
193    return JS_TRUE;
194}
195
196PR_STATIC_CALLBACK(JSBool)
197netscape_security_setCanEnablePrivilege(JSContext *cx, JSObject *obj, uintN argc,
198                                        jsval *argv, jsval *rval)
199{
200    if (argc < 2) return JS_FALSE;
201    char *principalID = getStringArgument(cx, obj, 0, argc, argv);
202    char *cap = getStringArgument(cx, obj, 1, argc, argv);
203    if (!principalID || !cap)
204        return JS_FALSE;
205
206    nsresult rv;
207    nsCOMPtr<nsIScriptSecurityManager> securityManager =
208             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
209    if (NS_FAILED(rv))
210        return JS_FALSE;
211
212    //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
213
214    rv = securityManager->SetCanEnableCapability(principalID, cap,
215                                                 nsIPrincipal::ENABLE_GRANTED);
216    if (NS_FAILED(rv))
217        return JS_FALSE;
218    return JS_TRUE;
219}
220
221PR_STATIC_CALLBACK(JSBool)
222netscape_security_invalidate(JSContext *cx, JSObject *obj, uintN argc,
223                             jsval *argv, jsval *rval)
224{
225    char *principalID = getStringArgument(cx, obj, 0, argc, argv);
226    if (!principalID)
227        return JS_FALSE;
228
229    nsresult rv;
230    nsCOMPtr<nsIScriptSecurityManager> securityManager =
231             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
232    if (NS_FAILED(rv))
233        return JS_FALSE;
234
235    //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
236
237    rv = securityManager->SetCanEnableCapability(principalID,
238                                                 nsBasePrincipal::Invalid,
239                                                 nsIPrincipal::ENABLE_GRANTED);
240    if (NS_FAILED(rv))
241        return JS_FALSE;
242    return JS_TRUE;
243}
244
245static JSFunctionSpec PrivilegeManager_static_methods[] = {
246    { "isPrivilegeEnabled", netscape_security_isPrivilegeEnabled,   1},
247    { "enablePrivilege",    netscape_security_enablePrivilege,      1},
248    { "disablePrivilege",   netscape_security_disablePrivilege,     1},
249    { "revertPrivilege",    netscape_security_revertPrivilege,      1},
250    //-- System Cert Functions
251    { "setCanEnablePrivilege", netscape_security_setCanEnablePrivilege,   2},
252    { "invalidate",            netscape_security_invalidate,              1},
253    {0}
254};
255
256/*
257 * "Steal" calls to netscape.security.PrivilegeManager.enablePrivilege,
258 * et. al. so that code that worked with 4.0 can still work.
259 */
260NS_IMETHODIMP
261nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
262{
263    JSContext *cx = (JSContext *) aScriptContext->GetNativeContext();
264    JSObject *global = JS_GetGlobalObject(cx);
265
266    /*
267     * Find Object.prototype's class by walking up the global object's
268     * prototype chain.
269     */
270    JSObject *obj = global;
271    JSObject *proto;
272    while ((proto = JS_GetPrototype(cx, obj)) != nsnull)
273        obj = proto;
274    JSClass *objectClass = JS_GetClass(cx, obj);
275
276    jsval v;
277    if (!JS_GetProperty(cx, global, "netscape", &v))
278        return NS_ERROR_FAILURE;
279    JSObject *securityObj;
280    if (JSVAL_IS_OBJECT(v)) {
281        /*
282         * "netscape" property of window object exists; must be LiveConnect
283         * package. Get the "security" property.
284         */
285        obj = JSVAL_TO_OBJECT(v);
286        if (!JS_GetProperty(cx, obj, "security", &v) || !JSVAL_IS_OBJECT(v))
287            return NS_ERROR_FAILURE;
288        securityObj = JSVAL_TO_OBJECT(v);
289    } else {
290        /* define netscape.security object */
291        obj = JS_DefineObject(cx, global, "netscape", objectClass, nsnull, 0);
292        if (obj == nsnull)
293            return NS_ERROR_FAILURE;
294        securityObj = JS_DefineObject(cx, obj, "security", objectClass,
295                                      nsnull, 0);
296        if (securityObj == nsnull)
297            return NS_ERROR_FAILURE;
298    }
299
300    /* Define PrivilegeManager object with the necessary "static" methods. */
301    obj = JS_DefineObject(cx, securityObj, "PrivilegeManager", objectClass,
302                          nsnull, 0);
303    if (obj == nsnull)
304        return NS_ERROR_FAILURE;
305
306    return JS_DefineFunctions(cx, obj, PrivilegeManager_static_methods)
307           ? NS_OK
308           : NS_ERROR_FAILURE;
309}
310
311
312
313NS_GENERIC_FACTORY_CONSTRUCTOR(nsAggregatePrincipal)
314NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertificatePrincipal)
315NS_GENERIC_FACTORY_CONSTRUCTOR(nsCodebasePrincipal)
316NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecurityNameSet)
317NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(nsSystemPrincipal,
318    nsScriptSecurityManager::SystemPrincipalSingletonConstructor)
319
320
321NS_DECL_CLASSINFO(nsAggregatePrincipal)
322NS_DECL_CLASSINFO(nsCertificatePrincipal)
323NS_DECL_CLASSINFO(nsCodebasePrincipal)
324NS_DECL_CLASSINFO(nsSystemPrincipal)
325
326
327static NS_IMETHODIMP
328Construct_nsIScriptSecurityManager(nsISupports *aOuter, REFNSIID aIID,
329                                   void **aResult)
330{
331    if (!aResult)
332        return NS_ERROR_NULL_POINTER;
333    *aResult = nsnull;
334    if (aOuter)
335        return NS_ERROR_NO_AGGREGATION;
336    nsScriptSecurityManager *obj = nsScriptSecurityManager::GetScriptSecurityManager();
337    if (!obj)
338        return NS_ERROR_OUT_OF_MEMORY;
339    if (NS_FAILED(obj->QueryInterface(aIID, aResult)))
340        return NS_ERROR_FAILURE;
341    return NS_OK;
342}
343
344static NS_METHOD
345RegisterSecurityNameSet(nsIComponentManager *aCompMgr,
346                        nsIFile *aPath,
347                        const char *registryLocation,
348                        const char *componentType,
349                        const nsModuleComponentInfo *info)
350{
351    nsresult rv = NS_OK;
352
353    nsCOMPtr<nsICategoryManager> catman =
354        do_GetService(NS_CATEGORYMANAGER_CONTRACTID, &rv);
355
356    if (NS_FAILED(rv))
357        return rv;
358
359    nsXPIDLCString previous;
360    rv = catman->AddCategoryEntry(JAVASCRIPT_GLOBAL_STATIC_NAMESET_CATEGORY,
361                                  "PrivilegeManager",
362                                  NS_SECURITYNAMESET_CONTRACTID,
363                                  PR_TRUE, PR_TRUE, getter_Copies(previous));
364    NS_ENSURE_SUCCESS(rv, rv);
365
366    rv = catman->AddCategoryEntry("app-startup", "Script Security Manager",
367                                  "service," NS_SCRIPTSECURITYMANAGER_CONTRACTID,
368                                  PR_TRUE, PR_TRUE,
369                                  getter_Copies(previous));
370    NS_ENSURE_SUCCESS(rv, rv);
371
372    return rv;
373}
374
375
376static const nsModuleComponentInfo capsComponentInfo[] =
377{
378    { NS_SCRIPTSECURITYMANAGER_CLASSNAME,
379      NS_SCRIPTSECURITYMANAGER_CID,
380      NS_SCRIPTSECURITYMANAGER_CONTRACTID,
381      Construct_nsIScriptSecurityManager,
382      RegisterSecurityNameSet,
383      nsnull,
384      nsnull,
385      nsnull,
386      nsnull,
387      nsnull,
388      nsIClassInfo::MAIN_THREAD_ONLY
389    },
390
391    { NS_AGGREGATEPRINCIPAL_CLASSNAME,
392      NS_AGGREGATEPRINCIPAL_CID,
393      NS_AGGREGATEPRINCIPAL_CONTRACTID,
394      nsAggregatePrincipalConstructor,
395      nsnull,
396      nsnull,
397      nsnull,
398      NS_CI_INTERFACE_GETTER_NAME(nsAggregatePrincipal),
399      nsnull,
400      &NS_CLASSINFO_NAME(nsAggregatePrincipal),
401      nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
402    },
403
404    { NS_CERTIFICATEPRINCIPAL_CLASSNAME,
405      NS_CERTIFICATEPRINCIPAL_CID,
406      NS_CERTIFICATEPRINCIPAL_CONTRACTID,
407      nsCertificatePrincipalConstructor,
408      nsnull,
409      nsnull,
410      nsnull,
411      NS_CI_INTERFACE_GETTER_NAME(nsCertificatePrincipal),
412      nsnull,
413      &NS_CLASSINFO_NAME(nsCertificatePrincipal),
414      nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
415    },
416
417    { NS_CODEBASEPRINCIPAL_CLASSNAME,
418      NS_CODEBASEPRINCIPAL_CID,
419      NS_CODEBASEPRINCIPAL_CONTRACTID,
420      nsCodebasePrincipalConstructor,
421      nsnull,
422      nsnull,
423      nsnull,
424      NS_CI_INTERFACE_GETTER_NAME(nsCodebasePrincipal),
425      nsnull,
426      &NS_CLASSINFO_NAME(nsCodebasePrincipal),
427      nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
428    },
429
430    { NS_SYSTEMPRINCIPAL_CLASSNAME,
431      NS_SYSTEMPRINCIPAL_CID,
432      NS_SYSTEMPRINCIPAL_CONTRACTID,
433      nsSystemPrincipalConstructor,
434      nsnull,
435      nsnull,
436      nsnull,
437      NS_CI_INTERFACE_GETTER_NAME(nsSystemPrincipal),
438      nsnull,
439      &NS_CLASSINFO_NAME(nsSystemPrincipal),
440      nsIClassInfo::SINGLETON | nsIClassInfo::MAIN_THREAD_ONLY |
441      nsIClassInfo::EAGER_CLASSINFO
442    },
443
444    { "Security Script Name Set",
445      NS_SECURITYNAMESET_CID,
446      NS_SECURITYNAMESET_CONTRACTID,
447      nsSecurityNameSetConstructor,
448      nsnull,
449      nsnull,
450      nsnull,
451      nsnull,
452      nsnull,
453      nsnull,
454      nsIClassInfo::MAIN_THREAD_ONLY
455    }
456};
457
458
459void PR_CALLBACK
460CapsModuleDtor(nsIModule* thisModules)
461{
462    nsScriptSecurityManager::Shutdown();
463}
464
465NS_IMPL_NSGETMODULE_WITH_DTOR(nsSecurityManagerModule, capsComponentInfo,
466                              CapsModuleDtor)
467
Note: See TracBrowser for help on using the repository browser.