caps/src/nsSecurityManagerFactory.cpp

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
   2 /* ***** BEGIN LICENSE BLOCK *****
   3  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
   4  *
   5  * The contents of this file are subject to the Mozilla Public License Version
   6  * 1.1 (the "License"); you may not use this file except in compliance with
   7  * the License. You may obtain a copy of the License at
   8  * http://www.mozilla.org/MPL/
   9  *
  10  * Software distributed under the License is distributed on an "AS IS" basis,
  11  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  12  * for the specific language governing rights and limitations under the
  13  * License.
  14  *
  15  * The Original Code is mozilla.org code.
  16  *
  17  * The Initial Developer of the Original Code is
  18  * Netscape Communications Corporation.
  19  * Portions created by the Initial Developer are Copyright (C) 1998
  20  * the Initial Developer. All Rights Reserved.
  21  *
  22  * Contributor(s):
  23  *
  24  * Alternatively, the contents of this file may be used under the terms of
  25  * either of the GNU General Public License Version 2 or later (the "GPL"),
  26  * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  27  * in which case the provisions of the GPL or the LGPL are applicable instead
  28  * of those above. If you wish to allow use of your version of this file only
  29  * under the terms of either the GPL or the LGPL, and not to allow others to
  30  * use your version of this file under the terms of the MPL, indicate your
  31  * decision by deleting the provisions above and replace them with the notice
  32  * and other provisions required by the GPL or the LGPL. If you do not delete
  33  * the provisions above, a recipient may use your version of this file under
  34  * the terms of any one of the MPL, the GPL or the LGPL.
  35  *
  36  * ***** END LICENSE BLOCK ***** */
  37 /*Factory for internal browser security resource managers*/
  38
  39 #include "nsCOMPtr.h"
  40 #include "nsIModule.h"
  41 #include "nsIGenericFactory.h"
  42 #include "nsIScriptSecurityManager.h"
  43 #include "nsScriptSecurityManager.h"
  44 #include "nsIPrincipal.h"
  45 #include "nsPrincipal.h"
  46 #include "nsSystemPrincipal.h"
  47 #include "nsNullPrincipal.h"
  48 #include "nsIScriptNameSpaceManager.h"
  49 #include "nsIScriptContext.h"
  50 #include "nsICategoryManager.h"
  51 #include "nsXPIDLString.h"
  52 #include "nsCOMPtr.h"
  53 #include "nsIServiceManager.h"
  54 #include "nsString.h"
  55 #include "nsNetCID.h"
  56 #include "nsIClassInfoImpl.h"
  57
  58 ///////////////////////
  59 // nsSecurityNameSet //
  60 ///////////////////////
  61
  62 nsSecurityNameSet::nsSecurityNameSet()
  63 {
  64 }
  65
  66 nsSecurityNameSet::~nsSecurityNameSet()
  67 {
  68 }
  69
  70 NS_IMPL_ISUPPORTS1(nsSecurityNameSet, nsIScriptExternalNameSet)
  71
  72 static char *
  73 getStringArgument(JSContext *cx, JSObject *obj, PRUint16 argNum, uintN argc, jsval *argv)
  74 {
  75     if (argc <= argNum || !JSVAL_IS_STRING(argv[argNum])) {
  76         JS_ReportError(cx, "String argument expected");
  77         return nsnull;
  78     }
  79
  80     /*
  81      * We don't want to use JS_ValueToString because we want to be able
  82      * to have an object to represent a target in subsequent versions.
  83      */
  84     JSString *str = JSVAL_TO_STRING(argv[argNum]);
  85     if (!str)
  86         return nsnull;
  87
  88     return JS_GetStringBytes(str);
  89 }
  90
  91 static void
  92 getUTF8StringArgument(JSContext *cx, JSObject *obj, PRUint16 argNum,
  93                       uintN argc, jsval *argv, nsCString& aRetval)
  94 {
  95     if (argc <= argNum || !JSVAL_IS_STRING(argv[argNum])) {
  96         JS_ReportError(cx, "String argument expected");
  97         aRetval.Truncate();
  98         return;
  99     }
 100
 101     /*
 102      * We don't want to use JS_ValueToString because we want to be able
 103      * to have an object to represent a target in subsequent versions.
 104      */
 105     JSString *str = JSVAL_TO_STRING(argv[argNum]);
 106     if (!str) {
 107         aRetval.Truncate();
 108         return;
 109     }
 110
 111     PRUnichar *data = (PRUnichar*)JS_GetStringChars(str);
 112     CopyUTF16toUTF8(data, aRetval);
 113 }
 114
 115 static JSBool
 116 netscape_security_isPrivilegeEnabled(JSContext *cx, JSObject *obj, uintN argc,
 117                                      jsval *argv, jsval *rval)
 118 {
 119     JSBool result = JS_FALSE;
 120     char *cap = getStringArgument(cx, obj, 0, argc, argv);
 121     if (cap) {
 122         nsresult rv;
 123         nsCOMPtr<nsIScriptSecurityManager> securityManager =
 124                  do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
 125         if (NS_SUCCEEDED(rv)) {
 126             //            NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
 127
 128             rv = securityManager->IsCapabilityEnabled(cap, &result);
 129             if (NS_FAILED(rv))
 130                 result = JS_FALSE;
 131         }
 132     }
 133     *rval = BOOLEAN_TO_JSVAL(result);
 134     return JS_TRUE;
 135 }
 136
 137
 138 static JSBool
 139 netscape_security_enablePrivilege(JSContext *cx, JSObject *obj, uintN argc,
 140                                   jsval *argv, jsval *rval)
 141 {
 142     char *cap = getStringArgument(cx, obj, 0, argc, argv);
 143     if (!cap)
 144         return JS_FALSE;
 145
 146     nsresult rv;
 147     nsCOMPtr<nsIScriptSecurityManager> securityManager =
 148              do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
 149     if (NS_FAILED(rv))
 150         return JS_FALSE;
 151
 152     //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
 153
 154     rv = securityManager->EnableCapability(cap);
 155     if (NS_FAILED(rv))
 156         return JS_FALSE;
 157     return JS_TRUE;
 158 }
 159
 160 static JSBool
 161 netscape_security_disablePrivilege(JSContext *cx, JSObject *obj, uintN argc,
 162                                    jsval *argv, jsval *rval)
 163 {
 164     char *cap = getStringArgument(cx, obj, 0, argc, argv);
 165     if (!cap)
 166         return JS_FALSE;
 167
 168     nsresult rv;
 169     nsCOMPtr<nsIScriptSecurityManager> securityManager =
 170              do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
 171     if (NS_FAILED(rv))
 172         return JS_FALSE;
 173
 174     //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
 175
 176     rv = securityManager->DisableCapability(cap);
 177     if (NS_FAILED(rv))
 178         return JS_FALSE;
 179     return JS_TRUE;
 180 }
 181
 182 static JSBool
 183 netscape_security_revertPrivilege(JSContext *cx, JSObject *obj, uintN argc,
 184                                   jsval *argv, jsval *rval)
 185 {
 186     char *cap = getStringArgument(cx, obj, 0, argc, argv);
 187     if (!cap)
 188         return JS_FALSE;
 189
 190     nsresult rv;
 191     nsCOMPtr<nsIScriptSecurityManager> securityManager =
 192              do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
 193     if (NS_FAILED(rv))
 194         return JS_FALSE;
 195
 196     //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
 197
 198     rv = securityManager->RevertCapability(cap);
 199     if (NS_FAILED(rv))
 200         return JS_FALSE;
 201     return JS_TRUE;
 202 }
 203
 204 static JSBool
 205 netscape_security_setCanEnablePrivilege(JSContext *cx, JSObject *obj, uintN argc,
 206                                         jsval *argv, jsval *rval)
 207 {
 208     if (argc < 2) return JS_FALSE;
 209     nsCAutoString principalFingerprint;
 210     getUTF8StringArgument(cx, obj, 0, argc, argv, principalFingerprint);
 211     char *cap = getStringArgument(cx, obj, 1, argc, argv);
 212     if (principalFingerprint.IsEmpty() || !cap)
 213         return JS_FALSE;
 214
 215     nsresult rv;
 216     nsCOMPtr<nsIScriptSecurityManager> securityManager =
 217              do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
 218     if (NS_FAILED(rv))
 219         return JS_FALSE;
 220
 221     //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
 222
 223     rv = securityManager->SetCanEnableCapability(principalFingerprint, cap,
 224                                                  nsIPrincipal::ENABLE_GRANTED);
 225     if (NS_FAILED(rv))
 226         return JS_FALSE;
 227     return JS_TRUE;
 228 }
 229
 230 static JSBool
 231 netscape_security_invalidate(JSContext *cx, JSObject *obj, uintN argc,
 232                              jsval *argv, jsval *rval)
 233 {
 234     nsCAutoString principalFingerprint;
 235     getUTF8StringArgument(cx, obj, 0, argc, argv, principalFingerprint);
 236     if (principalFingerprint.IsEmpty())
 237         return JS_FALSE;
 238
 239     nsresult rv;
 240     nsCOMPtr<nsIScriptSecurityManager> securityManager =
 241              do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
 242     if (NS_FAILED(rv))
 243         return JS_FALSE;
 244
 245     //    NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
 246
 247     rv = securityManager->SetCanEnableCapability(principalFingerprint,
 248                                                  nsPrincipal::sInvalid,
 249                                                  nsIPrincipal::ENABLE_GRANTED);
 250     if (NS_FAILED(rv))
 251         return JS_FALSE;
 252     return JS_TRUE;
 253 }
 254
 255 static JSFunctionSpec PrivilegeManager_static_methods[] = {
 256     { "isPrivilegeEnabled", netscape_security_isPrivilegeEnabled,   1,0,0},
 257     { "enablePrivilege",    netscape_security_enablePrivilege,      1,0,0},
 258     { "disablePrivilege",   netscape_security_disablePrivilege,     1,0,0},
 259     { "revertPrivilege",    netscape_security_revertPrivilege,      1,0,0},
 260     //-- System Cert Functions
 261     { "setCanEnablePrivilege", netscape_security_setCanEnablePrivilege,
 262                                                                     2,0,0},
 263     { "invalidate",            netscape_security_invalidate,        1,0,0},
 264     {nsnull,nsnull,0,0,0}
 265 };
 266
 267 /*
 268  * "Steal" calls to netscape.security.PrivilegeManager.enablePrivilege,
 269  * et. al. so that code that worked with 4.0 can still work.
 270  */
 271 NS_IMETHODIMP
 272 nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
 273 {
 274     JSContext *cx = (JSContext *) aScriptContext->GetNativeContext();
 275     JSObject *global = JS_GetGlobalObject(cx);
 276
 277     /*
 278      * Find Object.prototype's class by walking up the global object's
 279      * prototype chain.
 280      */
 281     JSObject *obj = global;
 282     JSObject *proto;
 283     JSAutoRequest ar(cx);
 284     while ((proto = JS_GetPrototype(cx, obj)) != nsnull)
 285         obj = proto;
 286     JSClass *objectClass = JS_GET_CLASS(cx, obj);
 287
 288     jsval v;
 289     if (!JS_GetProperty(cx, global, "netscape", &v))
 290         return NS_ERROR_FAILURE;
 291     JSObject *securityObj;
 292     if (JSVAL_IS_OBJECT(v)) {
 293         /*
 294          * "netscape" property of window object exists; get the
 295          * "security" property.
 296          */
 297         obj = JSVAL_TO_OBJECT(v);
 298         if (!JS_GetProperty(cx, obj, "security", &v) || !JSVAL_IS_OBJECT(v))
 299             return NS_ERROR_FAILURE;
 300         securityObj = JSVAL_TO_OBJECT(v);
 301     } else {
 302         /* define netscape.security object */
 303         obj = JS_DefineObject(cx, global, "netscape", objectClass, nsnull, 0);
 304         if (obj == nsnull)
 305             return NS_ERROR_FAILURE;
 306         securityObj = JS_DefineObject(cx, obj, "security", objectClass,
 307                                       nsnull, 0);
 308         if (securityObj == nsnull)
 309             return NS_ERROR_FAILURE;
 310     }
 311
 312     /* Define PrivilegeManager object with the necessary "static" methods. */
 313     obj = JS_DefineObject(cx, securityObj, "PrivilegeManager", objectClass,
 314                           nsnull, 0);
 315     if (obj == nsnull)
 316         return NS_ERROR_FAILURE;
 317
 318     return JS_DefineFunctions(cx, obj, PrivilegeManager_static_methods)
 319            ? NS_OK
 320            : NS_ERROR_FAILURE;
 321 }