search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 545431, fix versioning of mac sdks, r=ted.mielczarek
[gecko.git] / caps / src / nsSecurityManagerFactory.cpp
blob593b30292f98c80454bcdde3f3a724a4b7bcaffd
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /* ***** BEGIN LICENSE BLOCK *****
3 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 *
5 * The contents of this file are subject to the Mozilla Public License Version
6 * 1.1 (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 * http://www.mozilla.org/MPL/
9 *
10 * Software distributed under the License is distributed on an "AS IS" basis,
11 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 * for the specific language governing rights and limitations under the
13 * License.
14 *
15 * The Original Code is mozilla.org code.
16 *
17 * The Initial Developer of the Original Code is
18 * Netscape Communications Corporation.
19 * Portions created by the Initial Developer are Copyright (C) 1998
20 * the Initial Developer. All Rights Reserved.
21 *
22 * Contributor(s):
23 *
24 * Alternatively, the contents of this file may be used under the terms of
25 * either of the GNU General Public License Version 2 or later (the "GPL"),
26 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
35 *
36 * ***** END LICENSE BLOCK ***** */
37 /*Factory for internal browser security resource managers*/
38
39 #include "nsCOMPtr.h"
40 #include "nsIModule.h"
41 #include "nsIGenericFactory.h"
42 #include "nsIScriptSecurityManager.h"
43 #include "nsScriptSecurityManager.h"
44 #include "nsIPrincipal.h"
45 #include "nsPrincipal.h"
46 #include "nsSystemPrincipal.h"
47 #include "nsNullPrincipal.h"
48 #include "nsIScriptNameSpaceManager.h"
49 #include "nsIScriptExternalNameSet.h"
50 #include "nsIScriptContext.h"
51 #include "nsICategoryManager.h"
52 #include "nsXPIDLString.h"
53 #include "nsCOMPtr.h"
54 #include "nsIServiceManager.h"
55 #include "nsString.h"
56 #include "nsPrefsCID.h"
57 #include "nsNetCID.h"
58 #include "nsIClassInfoImpl.h"
59
60 ///////////////////////
61 // nsSecurityNameSet //
62 ///////////////////////
63
64 #define NS_SECURITYNAMESET_CID \
65 { 0x7c02eadc, 0x76, 0x4d03, \
66 { 0x99, 0x8d, 0x80, 0xd7, 0x79, 0xc4, 0x85, 0x89 } }
67 #define NS_SECURITYNAMESET_CONTRACTID "@mozilla.org/security/script/nameset;1"
68
69 class nsSecurityNameSet : public nsIScriptExternalNameSet
70 {
71 public:
72 nsSecurityNameSet();
73 virtual ~nsSecurityNameSet();
74
75 NS_DECL_ISUPPORTS
76
77 NS_IMETHOD InitializeNameSet(nsIScriptContext* aScriptContext);
78 };
79
80 nsSecurityNameSet::nsSecurityNameSet()
81 {
82 }
83
84 nsSecurityNameSet::~nsSecurityNameSet()
85 {
86 }
87
88 NS_IMPL_ISUPPORTS1(nsSecurityNameSet, nsIScriptExternalNameSet)
89
90 static char *
91 getStringArgument(JSContext *cx, JSObject *obj, PRUint16 argNum, uintN argc, jsval *argv)
92 {
93 if (argc <= argNum || !JSVAL_IS_STRING(argv[argNum])) {
94 JS_ReportError(cx, "String argument expected");
95 return nsnull;
96 }
97
98 /*
99 * We don't want to use JS_ValueToString because we want to be able
100 * to have an object to represent a target in subsequent versions.
101 */
102 JSString *str = JSVAL_TO_STRING(argv[argNum]);
103 if (!str)
104 return nsnull;
105
106 return JS_GetStringBytes(str);
107 }
108
109 static void
110 getUTF8StringArgument(JSContext *cx, JSObject *obj, PRUint16 argNum,
111 uintN argc, jsval *argv, nsCString& aRetval)
112 {
113 if (argc <= argNum || !JSVAL_IS_STRING(argv[argNum])) {
114 JS_ReportError(cx, "String argument expected");
115 aRetval.Truncate();
116 return;
117 }
118
119 /*
120 * We don't want to use JS_ValueToString because we want to be able
121 * to have an object to represent a target in subsequent versions.
122 */
123 JSString *str = JSVAL_TO_STRING(argv[argNum]);
124 if (!str) {
125 aRetval.Truncate();
126 return;
127 }
128
129 PRUnichar *data = (PRUnichar*)JS_GetStringChars(str);
130 CopyUTF16toUTF8(data, aRetval);
131 }
132
133 static JSBool
134 netscape_security_isPrivilegeEnabled(JSContext *cx, JSObject *obj, uintN argc,
135 jsval *argv, jsval *rval)
136 {
137 JSBool result = JS_FALSE;
138 char *cap = getStringArgument(cx, obj, 0, argc, argv);
139 if (cap) {
140 nsresult rv;
141 nsCOMPtr<nsIScriptSecurityManager> securityManager =
142 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
143 if (NS_SUCCEEDED(rv)) {
144 // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
145
146 rv = securityManager->IsCapabilityEnabled(cap, &result);
147 if (NS_FAILED(rv))
148 result = JS_FALSE;
149 }
150 }
151 *rval = BOOLEAN_TO_JSVAL(result);
152 return JS_TRUE;
153 }
154
155
156 static JSBool
157 netscape_security_enablePrivilege(JSContext *cx, JSObject *obj, uintN argc,
158 jsval *argv, jsval *rval)
159 {
160 char *cap = getStringArgument(cx, obj, 0, argc, argv);
161 if (!cap)
162 return JS_FALSE;
163
164 nsresult rv;
165 nsCOMPtr<nsIScriptSecurityManager> securityManager =
166 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
167 if (NS_FAILED(rv))
168 return JS_FALSE;
169
170 // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
171
172 rv = securityManager->EnableCapability(cap);
173 if (NS_FAILED(rv))
174 return JS_FALSE;
175 return JS_TRUE;
176 }
177
178 static JSBool
179 netscape_security_disablePrivilege(JSContext *cx, JSObject *obj, uintN argc,
180 jsval *argv, jsval *rval)
181 {
182 char *cap = getStringArgument(cx, obj, 0, argc, argv);
183 if (!cap)
184 return JS_FALSE;
185
186 nsresult rv;
187 nsCOMPtr<nsIScriptSecurityManager> securityManager =
188 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
189 if (NS_FAILED(rv))
190 return JS_FALSE;
191
192 // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
193
194 rv = securityManager->DisableCapability(cap);
195 if (NS_FAILED(rv))
196 return JS_FALSE;
197 return JS_TRUE;
198 }
199
200 static JSBool
201 netscape_security_revertPrivilege(JSContext *cx, JSObject *obj, uintN argc,
202 jsval *argv, jsval *rval)
203 {
204 char *cap = getStringArgument(cx, obj, 0, argc, argv);
205 if (!cap)
206 return JS_FALSE;
207
208 nsresult rv;
209 nsCOMPtr<nsIScriptSecurityManager> securityManager =
210 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
211 if (NS_FAILED(rv))
212 return JS_FALSE;
213
214 // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
215
216 rv = securityManager->RevertCapability(cap);
217 if (NS_FAILED(rv))
218 return JS_FALSE;
219 return JS_TRUE;
220 }
221
222 static JSBool
223 netscape_security_setCanEnablePrivilege(JSContext *cx, JSObject *obj, uintN argc,
224 jsval *argv, jsval *rval)
225 {
226 if (argc < 2) return JS_FALSE;
227 nsCAutoString principalFingerprint;
228 getUTF8StringArgument(cx, obj, 0, argc, argv, principalFingerprint);
229 char *cap = getStringArgument(cx, obj, 1, argc, argv);
230 if (principalFingerprint.IsEmpty() || !cap)
231 return JS_FALSE;
232
233 nsresult rv;
234 nsCOMPtr<nsIScriptSecurityManager> securityManager =
235 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
236 if (NS_FAILED(rv))
237 return JS_FALSE;
238
239 // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
240
241 rv = securityManager->SetCanEnableCapability(principalFingerprint, cap,
242 nsIPrincipal::ENABLE_GRANTED);
243 if (NS_FAILED(rv))
244 return JS_FALSE;
245 return JS_TRUE;
246 }
247
248 static JSBool
249 netscape_security_invalidate(JSContext *cx, JSObject *obj, uintN argc,
250 jsval *argv, jsval *rval)
251 {
252 nsCAutoString principalFingerprint;
253 getUTF8StringArgument(cx, obj, 0, argc, argv, principalFingerprint);
254 if (principalFingerprint.IsEmpty())
255 return JS_FALSE;
256
257 nsresult rv;
258 nsCOMPtr<nsIScriptSecurityManager> securityManager =
259 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
260 if (NS_FAILED(rv))
261 return JS_FALSE;
262
263 // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
264
265 rv = securityManager->SetCanEnableCapability(principalFingerprint,
266 nsPrincipal::sInvalid,
267 nsIPrincipal::ENABLE_GRANTED);
268 if (NS_FAILED(rv))
269 return JS_FALSE;
270 return JS_TRUE;
271 }
272
273 static JSFunctionSpec PrivilegeManager_static_methods[] = {
274 { "isPrivilegeEnabled", netscape_security_isPrivilegeEnabled, 1,0,0},
275 { "enablePrivilege", netscape_security_enablePrivilege, 1,0,0},
276 { "disablePrivilege", netscape_security_disablePrivilege, 1,0,0},
277 { "revertPrivilege", netscape_security_revertPrivilege, 1,0,0},
278 //-- System Cert Functions
279 { "setCanEnablePrivilege", netscape_security_setCanEnablePrivilege,
280 2,0,0},
281 { "invalidate", netscape_security_invalidate, 1,0,0},
282 {nsnull,nsnull,0,0,0}
283 };
284
285 /*
286 * "Steal" calls to netscape.security.PrivilegeManager.enablePrivilege,
287 * et. al. so that code that worked with 4.0 can still work.
288 */
289 NS_IMETHODIMP
290 nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
291 {
292 JSContext *cx = (JSContext *) aScriptContext->GetNativeContext();
293 JSObject *global = JS_GetGlobalObject(cx);
294
295 /*
296 * Find Object.prototype's class by walking up the global object's
297 * prototype chain.
298 */
299 JSObject *obj = global;
300 JSObject *proto;
301 JSAutoRequest ar(cx);
302 while ((proto = JS_GetPrototype(cx, obj)) != nsnull)
303 obj = proto;
304 JSClass *objectClass = JS_GET_CLASS(cx, obj);
305
306 jsval v;
307 if (!JS_GetProperty(cx, global, "netscape", &v))
308 return NS_ERROR_FAILURE;
309 JSObject *securityObj;
310 if (JSVAL_IS_OBJECT(v)) {
311 /*
312 * "netscape" property of window object exists; get the
313 * "security" property.
314 */
315 obj = JSVAL_TO_OBJECT(v);
316 if (!JS_GetProperty(cx, obj, "security", &v) || !JSVAL_IS_OBJECT(v))
317 return NS_ERROR_FAILURE;
318 securityObj = JSVAL_TO_OBJECT(v);
319 } else {
320 /* define netscape.security object */
321 obj = JS_DefineObject(cx, global, "netscape", objectClass, nsnull, 0);
322 if (obj == nsnull)
323 return NS_ERROR_FAILURE;
324 securityObj = JS_DefineObject(cx, obj, "security", objectClass,
325 nsnull, 0);
326 if (securityObj == nsnull)
327 return NS_ERROR_FAILURE;
328 }
329
330 /* Define PrivilegeManager object with the necessary "static" methods. */
331 obj = JS_DefineObject(cx, securityObj, "PrivilegeManager", objectClass,
332 nsnull, 0);
333 if (obj == nsnull)
334 return NS_ERROR_FAILURE;
335
336 return JS_DefineFunctions(cx, obj, PrivilegeManager_static_methods)
337 ? NS_OK
338 : NS_ERROR_FAILURE;
339 }
340
341
342
343 NS_GENERIC_FACTORY_CONSTRUCTOR(nsPrincipal)
344 NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecurityNameSet)
345 NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(nsSystemPrincipal,
346 nsScriptSecurityManager::SystemPrincipalSingletonConstructor)
347 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNullPrincipal, Init)
348
349 NS_DECL_CLASSINFO(nsPrincipal)
350 NS_DECL_CLASSINFO(nsSystemPrincipal)
351 NS_DECL_CLASSINFO(nsNullPrincipal)
352
353 static NS_IMETHODIMP
354 Construct_nsIScriptSecurityManager(nsISupports *aOuter, REFNSIID aIID,
355 void **aResult)
356 {
357 if (!aResult)
358 return NS_ERROR_NULL_POINTER;
359 *aResult = nsnull;
360 if (aOuter)
361 return NS_ERROR_NO_AGGREGATION;
362 nsScriptSecurityManager *obj = nsScriptSecurityManager::GetScriptSecurityManager();
363 if (!obj)
364 return NS_ERROR_OUT_OF_MEMORY;
365 if (NS_FAILED(obj->QueryInterface(aIID, aResult)))
366 return NS_ERROR_FAILURE;
367 return NS_OK;
368 }
369
370 static NS_METHOD
371 RegisterSecurityNameSet(nsIComponentManager *aCompMgr,
372 nsIFile *aPath,
373 const char *registryLocation,
374 const char *componentType,
375 const nsModuleComponentInfo *info)
376 {
377 nsresult rv = NS_OK;
378
379 nsCOMPtr<nsICategoryManager> catman =
380 do_GetService(NS_CATEGORYMANAGER_CONTRACTID, &rv);
381
382 if (NS_FAILED(rv))
383 return rv;
384
385 nsXPIDLCString previous;
386 rv = catman->AddCategoryEntry(JAVASCRIPT_GLOBAL_STATIC_NAMESET_CATEGORY,
387 "PrivilegeManager",
388 NS_SECURITYNAMESET_CONTRACTID,
389 PR_TRUE, PR_TRUE, getter_Copies(previous));
390 NS_ENSURE_SUCCESS(rv, rv);
391
392 rv = catman->AddCategoryEntry("app-startup", "Script Security Manager",
393 "service," NS_SCRIPTSECURITYMANAGER_CONTRACTID,
394 PR_TRUE, PR_TRUE,
395 getter_Copies(previous));
396 NS_ENSURE_SUCCESS(rv, rv);
397
398 return rv;
399 }
400
401
402 static const nsModuleComponentInfo capsComponentInfo[] =
403 {
404 { NS_SCRIPTSECURITYMANAGER_CLASSNAME,
405 NS_SCRIPTSECURITYMANAGER_CID,
406 NS_SCRIPTSECURITYMANAGER_CONTRACTID,
407 Construct_nsIScriptSecurityManager,
408 RegisterSecurityNameSet,
409 nsnull,
410 nsnull,
411 nsnull,
412 nsnull,
413 nsnull,
414 nsIClassInfo::MAIN_THREAD_ONLY
415 },
416
417 { NS_SCRIPTSECURITYMANAGER_CLASSNAME,
418 NS_SCRIPTSECURITYMANAGER_CID,
419 NS_GLOBAL_PREF_SECURITY_CHECK,
420 Construct_nsIScriptSecurityManager,
421 RegisterSecurityNameSet,
422 nsnull,
423 nsnull,
424 nsnull,
425 nsnull,
426 nsnull,
427 nsIClassInfo::MAIN_THREAD_ONLY
428 },
429
430 { NS_SCRIPTSECURITYMANAGER_CLASSNAME,
431 NS_SCRIPTSECURITYMANAGER_CID,
432 NS_GLOBAL_CHANNELEVENTSINK_CONTRACTID,
433 Construct_nsIScriptSecurityManager,
434 RegisterSecurityNameSet,
435 nsnull,
436 nsnull,
437 nsnull,
438 nsnull,
439 nsnull,
440 nsIClassInfo::MAIN_THREAD_ONLY
441 },
442
443
444
445 { NS_PRINCIPAL_CLASSNAME,
446 NS_PRINCIPAL_CID,
447 NS_PRINCIPAL_CONTRACTID,
448 nsPrincipalConstructor,
449 nsnull,
450 nsnull,
451 nsnull,
452 NS_CI_INTERFACE_GETTER_NAME(nsPrincipal),
453 nsnull,
454 &NS_CLASSINFO_NAME(nsPrincipal),
455 nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
456 },
457
458 { NS_SYSTEMPRINCIPAL_CLASSNAME,
459 NS_SYSTEMPRINCIPAL_CID,
460 NS_SYSTEMPRINCIPAL_CONTRACTID,
461 nsSystemPrincipalConstructor,
462 nsnull,
463 nsnull,
464 nsnull,
465 NS_CI_INTERFACE_GETTER_NAME(nsSystemPrincipal),
466 nsnull,
467 &NS_CLASSINFO_NAME(nsSystemPrincipal),
468 nsIClassInfo::SINGLETON | nsIClassInfo::MAIN_THREAD_ONLY |
469 nsIClassInfo::EAGER_CLASSINFO
470 },
471
472 { NS_NULLPRINCIPAL_CLASSNAME,
473 NS_NULLPRINCIPAL_CID,
474 NS_NULLPRINCIPAL_CONTRACTID,
475 nsNullPrincipalConstructor,
476 nsnull,
477 nsnull,
478 nsnull,
479 NS_CI_INTERFACE_GETTER_NAME(nsNullPrincipal),
480 nsnull,
481 &NS_CLASSINFO_NAME(nsNullPrincipal),
482 nsIClassInfo::MAIN_THREAD_ONLY | nsIClassInfo::EAGER_CLASSINFO
483 },
484
485 { "Security Script Name Set",
486 NS_SECURITYNAMESET_CID,
487 NS_SECURITYNAMESET_CONTRACTID,
488 nsSecurityNameSetConstructor,
489 nsnull,
490 nsnull,
491 nsnull,
492 nsnull,
493 nsnull,
494 nsnull,
495 nsIClassInfo::MAIN_THREAD_ONLY
496 }
497 };
498
499
500 void
501 CapsModuleDtor(nsIModule* thisModules)
502 {
503 nsScriptSecurityManager::Shutdown();
504 }
505
506 NS_IMPL_NSGETMODULE_WITH_DTOR(nsSecurityManagerModule, capsComponentInfo,
507 CapsModuleDtor)