source: trunk/third/mozilla/caps/src/nsSecurityManagerFactory.cpp @ 20192

Revision 20192, 13.6 KB checked in by rbasch, 21 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r20191, which included commits to RCS files with non-trunk default branches.
Line 
1/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2/* ***** BEGIN LICENSE BLOCK *****
3 * Version: NPL 1.1/GPL 2.0/LGPL 2.1
4 *
5 * The contents of this file are subject to the Netscape Public License
6 * Version 1.1 (the "License"); you may not use this file except in
7 * compliance with the License. You may obtain a copy of the License at
8 * http://www.mozilla.org/NPL/
9 *
10 * Software distributed under the License is distributed on an "AS IS" basis,
11 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 * for the specific language governing rights and limitations under the
13 * License.
14 *
15 * The Original Code is mozilla.org code.
16 *
17 * The Initial Developer of the Original Code is
18 * Netscape Communications Corporation.
19 * Portions created by the Initial Developer are Copyright (C) 1998
20 * the Initial Developer. All Rights Reserved.
21 *
22 * Contributor(s):
23 *
24 *
25 * Alternatively, the contents of this file may be used under the terms of
26 * either the GNU General Public License Version 2 or later (the "GPL"), or
27 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
28 * in which case the provisions of the GPL or the LGPL are applicable instead
29 * of those above. If you wish to allow use of your version of this file only
30 * under the terms of either the GPL or the LGPL, and not to allow others to
31 * use your version of this file under the terms of the NPL, indicate your
32 * decision by deleting the provisions above and replace them with the notice
33 * and other provisions required by the GPL or the LGPL. If you do not delete
34 * the provisions above, a recipient may use your version of this file under
35 * the terms of any one of the NPL, the GPL or the LGPL.
36 *
37 * ***** END LICENSE BLOCK ***** */
38/*Factory for internal browser security resource managers*/
39
40#include "nsCOMPtr.h"
41#include "nsIModule.h"
42#include "nsIGenericFactory.h"
43#include "nsIScriptSecurityManager.h"
44#include "nsScriptSecurityManager.h"
45#include "nsIPrincipal.h"
46#include "nsPrincipal.h"
47#include "nsSystemPrincipal.h"
48#include "nsIScriptNameSpaceManager.h"
49#include "nsIScriptExternalNameSet.h"
50#include "nsIScriptContext.h"
51#include "nsICategoryManager.h"
52#include "nsXPIDLString.h"
53#include "nsCOMPtr.h"
54#include "nsIServiceManager.h"
55
56///////////////////////
57// nsSecurityNameSet //
58///////////////////////
59
60#define NS_SECURITYNAMESET_CID \
61 { 0x7c02eadc, 0x76, 0x4d03, \
62 { 0x99, 0x8d, 0x80, 0xd7, 0x79, 0xc4, 0x85, 0x89 } }
63#define NS_SECURITYNAMESET_CONTRACTID "@mozilla.org/security/script/nameset;1"
64
65class nsSecurityNameSet : public nsIScriptExternalNameSet
66{
67public:
68    nsSecurityNameSet();
69    virtual ~nsSecurityNameSet();
70   
71    NS_DECL_ISUPPORTS
72
73    NS_IMETHOD InitializeNameSet(nsIScriptContext* aScriptContext);
74};
75
76nsSecurityNameSet::nsSecurityNameSet()
77{
78}
79
80nsSecurityNameSet::~nsSecurityNameSet()
81{
82}
83
84NS_IMPL_ISUPPORTS1(nsSecurityNameSet, nsIScriptExternalNameSet)
85
86static char *
87getStringArgument(JSContext *cx, JSObject *obj, PRUint16 argNum, uintN argc, jsval *argv)
88{
89    if (argc <= argNum || !JSVAL_IS_STRING(argv[argNum])) {
90        JS_ReportError(cx, "String argument expected");
91        return nsnull;
92    }
93
94    /*
95     * We don't want to use JS_ValueToString because we want to be able
96     * to have an object to represent a target in subsequent versions.
97     */
98    JSString *str = JSVAL_TO_STRING(argv[argNum]);
99    if (!str)
100        return nsnull;
101
102    return JS_GetStringBytes(str);
103}
104
105PR_STATIC_CALLBACK(JSBool)
106netscape_security_isPrivilegeEnabled(JSContext *cx, JSObject *obj, uintN argc,
107                                     jsval *argv, jsval *rval)
108{
109    JSBool result = JS_FALSE;
110    char *cap = getStringArgument(cx, obj, 0, argc, argv);
111    if (cap) {
112        nsresult rv;
113        nsCOMPtr<nsIScriptSecurityManager> securityManager =
114                 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
115        if (NS_SUCCEEDED(rv)) {
116            //            NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
117
118            rv = securityManager->IsCapabilityEnabled(cap, &result);
119            if (NS_FAILED(rv))
120                result = JS_FALSE;
121        }
122    }
123    *rval = BOOLEAN_TO_JSVAL(result);
124    return JS_TRUE;
125}
126
127
128PR_STATIC_CALLBACK(JSBool)
129netscape_security_enablePrivilege(JSContext *cx, JSObject *obj, uintN argc,
130                                  jsval *argv, jsval *rval)
131{
132    char *cap = getStringArgument(cx, obj, 0, argc, argv);
133    if (!cap)
134        return JS_FALSE;
135
136    nsresult rv;
137    nsCOMPtr<nsIScriptSecurityManager> securityManager =
138             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
139    if (NS_FAILED(rv))
140        return JS_FALSE;
141
142    //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
143
144    rv = securityManager->EnableCapability(cap);
145    if (NS_FAILED(rv))
146        return JS_FALSE;
147    return JS_TRUE;
148}
149
150PR_STATIC_CALLBACK(JSBool)
151netscape_security_disablePrivilege(JSContext *cx, JSObject *obj, uintN argc,
152                                   jsval *argv, jsval *rval)
153{
154    char *cap = getStringArgument(cx, obj, 0, argc, argv);
155    if (!cap)
156        return JS_FALSE;
157
158    nsresult rv;
159    nsCOMPtr<nsIScriptSecurityManager> securityManager =
160             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
161    if (NS_FAILED(rv))
162        return JS_FALSE;
163
164    //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
165
166    rv = securityManager->DisableCapability(cap);
167    if (NS_FAILED(rv))
168        return JS_FALSE;
169    return JS_TRUE;
170}
171
172PR_STATIC_CALLBACK(JSBool)
173netscape_security_revertPrivilege(JSContext *cx, JSObject *obj, uintN argc,
174                                  jsval *argv, jsval *rval)
175{
176    char *cap = getStringArgument(cx, obj, 0, argc, argv);
177    if (!cap)
178        return JS_FALSE;
179
180    nsresult rv;
181    nsCOMPtr<nsIScriptSecurityManager> securityManager =
182             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
183    if (NS_FAILED(rv))
184        return JS_FALSE;
185
186    //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
187
188    rv = securityManager->RevertCapability(cap);
189    if (NS_FAILED(rv))
190        return JS_FALSE;
191    return JS_TRUE;
192}
193
194PR_STATIC_CALLBACK(JSBool)
195netscape_security_setCanEnablePrivilege(JSContext *cx, JSObject *obj, uintN argc,
196                                        jsval *argv, jsval *rval)
197{
198    if (argc < 2) return JS_FALSE;
199    char *principalID = getStringArgument(cx, obj, 0, argc, argv);
200    char *cap = getStringArgument(cx, obj, 1, argc, argv);
201    if (!principalID || !cap)
202        return JS_FALSE;
203
204    nsresult rv;
205    nsCOMPtr<nsIScriptSecurityManager> securityManager =
206             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
207    if (NS_FAILED(rv))
208        return JS_FALSE;
209
210    //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
211
212    rv = securityManager->SetCanEnableCapability(principalID, cap,
213                                                 nsIPrincipal::ENABLE_GRANTED);
214    if (NS_FAILED(rv))
215        return JS_FALSE;
216    return JS_TRUE;
217}
218
219PR_STATIC_CALLBACK(JSBool)
220netscape_security_invalidate(JSContext *cx, JSObject *obj, uintN argc,
221                             jsval *argv, jsval *rval)
222{
223    char *principalID = getStringArgument(cx, obj, 0, argc, argv);
224    if (!principalID)
225        return JS_FALSE;
226
227    nsresult rv;
228    nsCOMPtr<nsIScriptSecurityManager> securityManager =
229             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
230    if (NS_FAILED(rv))
231        return JS_FALSE;
232
233    //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
234
235    rv = securityManager->SetCanEnableCapability(principalID,
236                                                 nsPrincipal::sInvalid,
237                                                 nsIPrincipal::ENABLE_GRANTED);
238    if (NS_FAILED(rv))
239        return JS_FALSE;
240    return JS_TRUE;
241}
242
243static JSFunctionSpec PrivilegeManager_static_methods[] = {
244    { "isPrivilegeEnabled", netscape_security_isPrivilegeEnabled,   1},
245    { "enablePrivilege",    netscape_security_enablePrivilege,      1},
246    { "disablePrivilege",   netscape_security_disablePrivilege,     1},
247    { "revertPrivilege",    netscape_security_revertPrivilege,      1},
248    //-- System Cert Functions
249    { "setCanEnablePrivilege", netscape_security_setCanEnablePrivilege,   2},
250    { "invalidate",            netscape_security_invalidate,              1},
251    {0}
252};
253
254/*
255 * "Steal" calls to netscape.security.PrivilegeManager.enablePrivilege,
256 * et. al. so that code that worked with 4.0 can still work.
257 */
258NS_IMETHODIMP
259nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
260{
261    JSContext *cx = (JSContext *) aScriptContext->GetNativeContext();
262    JSObject *global = JS_GetGlobalObject(cx);
263
264    /*
265     * Find Object.prototype's class by walking up the global object's
266     * prototype chain.
267     */
268    JSObject *obj = global;
269    JSObject *proto;
270    while ((proto = JS_GetPrototype(cx, obj)) != nsnull)
271        obj = proto;
272    JSClass *objectClass = JS_GetClass(cx, obj);
273
274    jsval v;
275    if (!JS_GetProperty(cx, global, "netscape", &v))
276        return NS_ERROR_FAILURE;
277    JSObject *securityObj;
278    if (JSVAL_IS_OBJECT(v)) {
279        /*
280         * "netscape" property of window object exists; must be LiveConnect
281         * package. Get the "security" property.
282         */
283        obj = JSVAL_TO_OBJECT(v);
284        if (!JS_GetProperty(cx, obj, "security", &v) || !JSVAL_IS_OBJECT(v))
285            return NS_ERROR_FAILURE;
286        securityObj = JSVAL_TO_OBJECT(v);
287    } else {
288        /* define netscape.security object */
289        obj = JS_DefineObject(cx, global, "netscape", objectClass, nsnull, 0);
290        if (obj == nsnull)
291            return NS_ERROR_FAILURE;
292        securityObj = JS_DefineObject(cx, obj, "security", objectClass,
293                                      nsnull, 0);
294        if (securityObj == nsnull)
295            return NS_ERROR_FAILURE;
296    }
297
298    /* Define PrivilegeManager object with the necessary "static" methods. */
299    obj = JS_DefineObject(cx, securityObj, "PrivilegeManager", objectClass,
300                          nsnull, 0);
301    if (obj == nsnull)
302        return NS_ERROR_FAILURE;
303
304    return JS_DefineFunctions(cx, obj, PrivilegeManager_static_methods)
305           ? NS_OK
306           : NS_ERROR_FAILURE;
307}
308
309
310
311NS_GENERIC_FACTORY_CONSTRUCTOR(nsPrincipal)
312NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecurityNameSet)
313NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(nsSystemPrincipal,
314    nsScriptSecurityManager::SystemPrincipalSingletonConstructor)
315
316
317NS_DECL_CLASSINFO(nsPrincipal)
318NS_DECL_CLASSINFO(nsSystemPrincipal)
319
320
321static NS_IMETHODIMP
322Construct_nsIScriptSecurityManager(nsISupports *aOuter, REFNSIID aIID,
323                                   void **aResult)
324{
325    if (!aResult)
326        return NS_ERROR_NULL_POINTER;
327    *aResult = nsnull;
328    if (aOuter)
329        return NS_ERROR_NO_AGGREGATION;
330    nsScriptSecurityManager *obj = nsScriptSecurityManager::GetScriptSecurityManager();
331    if (!obj)
332        return NS_ERROR_OUT_OF_MEMORY;
333    if (NS_FAILED(obj->QueryInterface(aIID, aResult)))
334        return NS_ERROR_FAILURE;
335    return NS_OK;
336}
337
338static NS_METHOD
339RegisterSecurityNameSet(nsIComponentManager *aCompMgr,
340                        nsIFile *aPath,
341                        const char *registryLocation,
342                        const char *componentType,
343                        const nsModuleComponentInfo *info)
344{
345    nsresult rv = NS_OK;
346
347    nsCOMPtr<nsICategoryManager> catman =
348        do_GetService(NS_CATEGORYMANAGER_CONTRACTID, &rv);
349
350    if (NS_FAILED(rv))
351        return rv;
352
353    nsXPIDLCString previous;
354    rv = catman->AddCategoryEntry(JAVASCRIPT_GLOBAL_STATIC_NAMESET_CATEGORY,
355                                  "PrivilegeManager",
356                                  NS_SECURITYNAMESET_CONTRACTID,
357                                  PR_TRUE, PR_TRUE, getter_Copies(previous));
358    NS_ENSURE_SUCCESS(rv, rv);
359
360    rv = catman->AddCategoryEntry("app-startup", "Script Security Manager",
361                                  "service," NS_SCRIPTSECURITYMANAGER_CONTRACTID,
362                                  PR_TRUE, PR_TRUE,
363                                  getter_Copies(previous));
364    NS_ENSURE_SUCCESS(rv, rv);
365
366    return rv;
367}
368
369
370static const nsModuleComponentInfo capsComponentInfo[] =
371{
372    { NS_SCRIPTSECURITYMANAGER_CLASSNAME,
373      NS_SCRIPTSECURITYMANAGER_CID,
374      NS_SCRIPTSECURITYMANAGER_CONTRACTID,
375      Construct_nsIScriptSecurityManager,
376      RegisterSecurityNameSet,
377      nsnull,
378      nsnull,
379      nsnull,
380      nsnull,
381      nsnull,
382      nsIClassInfo::MAIN_THREAD_ONLY
383    },
384
385    { NS_PRINCIPAL_CLASSNAME,
386      NS_PRINCIPAL_CID,
387      NS_PRINCIPAL_CONTRACTID,
388      nsPrincipalConstructor,
389      nsnull,
390      nsnull,
391      nsnull,
392      NS_CI_INTERFACE_GETTER_NAME(nsPrincipal),
393      nsnull,
394      &NS_CLASSINFO_NAME(nsPrincipal),
395      nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
396    },
397
398    { NS_SYSTEMPRINCIPAL_CLASSNAME,
399      NS_SYSTEMPRINCIPAL_CID,
400      NS_SYSTEMPRINCIPAL_CONTRACTID,
401      nsSystemPrincipalConstructor,
402      nsnull,
403      nsnull,
404      nsnull,
405      NS_CI_INTERFACE_GETTER_NAME(nsSystemPrincipal),
406      nsnull,
407      &NS_CLASSINFO_NAME(nsSystemPrincipal),
408      nsIClassInfo::SINGLETON | nsIClassInfo::MAIN_THREAD_ONLY |
409      nsIClassInfo::EAGER_CLASSINFO
410    },
411
412    { "Security Script Name Set",
413      NS_SECURITYNAMESET_CID,
414      NS_SECURITYNAMESET_CONTRACTID,
415      nsSecurityNameSetConstructor,
416      nsnull,
417      nsnull,
418      nsnull,
419      nsnull,
420      nsnull,
421      nsnull,
422      nsIClassInfo::MAIN_THREAD_ONLY
423    }
424};
425
426
427void PR_CALLBACK
428CapsModuleDtor(nsIModule* thisModules)
429{
430    nsScriptSecurityManager::Shutdown();
431}
432
433NS_IMPL_NSGETMODULE_WITH_DTOR(nsSecurityManagerModule, capsComponentInfo,
434                              CapsModuleDtor)
435
Note: See TracBrowser for help on using the repository browser.