1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /* ***** BEGIN LICENSE BLOCK *****
3 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 * The contents of this file are subject to the Mozilla Public License Version
6 * 1.1 (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 * http://www.mozilla.org/MPL/
10 * Software distributed under the License is distributed on an "AS IS" basis,
11 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 * for the specific language governing rights and limitations under the
15 * The Original Code is mozilla.org code.
17 * The Initial Developer of the Original Code is
18 * Netscape Communications Corporation.
19 * Portions created by the Initial Developer are Copyright (C) 1998
20 * the Initial Developer. All Rights Reserved.
24 * Alternatively, the contents of this file may be used under the terms of
25 * either of the GNU General Public License Version 2 or later (the "GPL"),
26 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
36 * ***** END LICENSE BLOCK ***** */
37 /*Factory for internal browser security resource managers*/
40 #include "nsIModule.h"
41 #include "nsIGenericFactory.h"
42 #include "nsIScriptSecurityManager.h"
43 #include "nsScriptSecurityManager.h"
44 #include "nsIPrincipal.h"
45 #include "nsPrincipal.h"
46 #include "nsSystemPrincipal.h"
47 #include "nsNullPrincipal.h"
48 #include "nsIScriptNameSpaceManager.h"
49 #include "nsIScriptExternalNameSet.h"
50 #include "nsIScriptContext.h"
51 #include "nsICategoryManager.h"
52 #include "nsXPIDLString.h"
54 #include "nsIServiceManager.h"
56 #include "nsPrefsCID.h"
58 #include "nsIClassInfoImpl.h"
60 ///////////////////////
61 // nsSecurityNameSet //
62 ///////////////////////
64 #define NS_SECURITYNAMESET_CID \
65 { 0x7c02eadc, 0x76, 0x4d03, \
66 { 0x99, 0x8d, 0x80, 0xd7, 0x79, 0xc4, 0x85, 0x89 } }
67 #define NS_SECURITYNAMESET_CONTRACTID "@mozilla.org/security/script/nameset;1"
69 class nsSecurityNameSet
: public nsIScriptExternalNameSet
73 virtual ~nsSecurityNameSet();
77 NS_IMETHOD
InitializeNameSet(nsIScriptContext
* aScriptContext
);
80 nsSecurityNameSet::nsSecurityNameSet()
84 nsSecurityNameSet::~nsSecurityNameSet()
88 NS_IMPL_ISUPPORTS1(nsSecurityNameSet
, nsIScriptExternalNameSet
)
91 getStringArgument(JSContext
*cx
, JSObject
*obj
, PRUint16 argNum
, uintN argc
, jsval
*argv
)
93 if (argc
<= argNum
|| !JSVAL_IS_STRING(argv
[argNum
])) {
94 JS_ReportError(cx
, "String argument expected");
99 * We don't want to use JS_ValueToString because we want to be able
100 * to have an object to represent a target in subsequent versions.
102 JSString
*str
= JSVAL_TO_STRING(argv
[argNum
]);
106 return JS_GetStringBytes(str
);
110 getUTF8StringArgument(JSContext
*cx
, JSObject
*obj
, PRUint16 argNum
,
111 uintN argc
, jsval
*argv
, nsCString
& aRetval
)
113 if (argc
<= argNum
|| !JSVAL_IS_STRING(argv
[argNum
])) {
114 JS_ReportError(cx
, "String argument expected");
120 * We don't want to use JS_ValueToString because we want to be able
121 * to have an object to represent a target in subsequent versions.
123 JSString
*str
= JSVAL_TO_STRING(argv
[argNum
]);
129 PRUnichar
*data
= (PRUnichar
*)JS_GetStringChars(str
);
130 CopyUTF16toUTF8(data
, aRetval
);
133 PR_STATIC_CALLBACK(JSBool
)
134 netscape_security_isPrivilegeEnabled(JSContext
*cx
, JSObject
*obj
, uintN argc
,
135 jsval
*argv
, jsval
*rval
)
137 JSBool result
= JS_FALSE
;
138 char *cap
= getStringArgument(cx
, obj
, 0, argc
, argv
);
141 nsCOMPtr
<nsIScriptSecurityManager
> securityManager
=
142 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID
, &rv
);
143 if (NS_SUCCEEDED(rv
)) {
144 // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
146 rv
= securityManager
->IsCapabilityEnabled(cap
, &result
);
151 *rval
= BOOLEAN_TO_JSVAL(result
);
156 PR_STATIC_CALLBACK(JSBool
)
157 netscape_security_enablePrivilege(JSContext
*cx
, JSObject
*obj
, uintN argc
,
158 jsval
*argv
, jsval
*rval
)
160 char *cap
= getStringArgument(cx
, obj
, 0, argc
, argv
);
165 nsCOMPtr
<nsIScriptSecurityManager
> securityManager
=
166 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID
, &rv
);
170 // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
172 rv
= securityManager
->EnableCapability(cap
);
178 PR_STATIC_CALLBACK(JSBool
)
179 netscape_security_disablePrivilege(JSContext
*cx
, JSObject
*obj
, uintN argc
,
180 jsval
*argv
, jsval
*rval
)
182 char *cap
= getStringArgument(cx
, obj
, 0, argc
, argv
);
187 nsCOMPtr
<nsIScriptSecurityManager
> securityManager
=
188 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID
, &rv
);
192 // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
194 rv
= securityManager
->DisableCapability(cap
);
200 PR_STATIC_CALLBACK(JSBool
)
201 netscape_security_revertPrivilege(JSContext
*cx
, JSObject
*obj
, uintN argc
,
202 jsval
*argv
, jsval
*rval
)
204 char *cap
= getStringArgument(cx
, obj
, 0, argc
, argv
);
209 nsCOMPtr
<nsIScriptSecurityManager
> securityManager
=
210 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID
, &rv
);
214 // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
216 rv
= securityManager
->RevertCapability(cap
);
222 PR_STATIC_CALLBACK(JSBool
)
223 netscape_security_setCanEnablePrivilege(JSContext
*cx
, JSObject
*obj
, uintN argc
,
224 jsval
*argv
, jsval
*rval
)
226 if (argc
< 2) return JS_FALSE
;
227 nsCAutoString principalFingerprint
;
228 getUTF8StringArgument(cx
, obj
, 0, argc
, argv
, principalFingerprint
);
229 char *cap
= getStringArgument(cx
, obj
, 1, argc
, argv
);
230 if (principalFingerprint
.IsEmpty() || !cap
)
234 nsCOMPtr
<nsIScriptSecurityManager
> securityManager
=
235 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID
, &rv
);
239 // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
241 rv
= securityManager
->SetCanEnableCapability(principalFingerprint
, cap
,
242 nsIPrincipal::ENABLE_GRANTED
);
248 PR_STATIC_CALLBACK(JSBool
)
249 netscape_security_invalidate(JSContext
*cx
, JSObject
*obj
, uintN argc
,
250 jsval
*argv
, jsval
*rval
)
252 nsCAutoString principalFingerprint
;
253 getUTF8StringArgument(cx
, obj
, 0, argc
, argv
, principalFingerprint
);
254 if (principalFingerprint
.IsEmpty())
258 nsCOMPtr
<nsIScriptSecurityManager
> securityManager
=
259 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID
, &rv
);
263 // NS_ASSERTION(cx == GetCurrentContext(), "unexpected context");
265 rv
= securityManager
->SetCanEnableCapability(principalFingerprint
,
266 nsPrincipal::sInvalid
,
267 nsIPrincipal::ENABLE_GRANTED
);
273 static JSFunctionSpec PrivilegeManager_static_methods
[] = {
274 { "isPrivilegeEnabled", netscape_security_isPrivilegeEnabled
, 1,0,0},
275 { "enablePrivilege", netscape_security_enablePrivilege
, 1,0,0},
276 { "disablePrivilege", netscape_security_disablePrivilege
, 1,0,0},
277 { "revertPrivilege", netscape_security_revertPrivilege
, 1,0,0},
278 //-- System Cert Functions
279 { "setCanEnablePrivilege", netscape_security_setCanEnablePrivilege
,
281 { "invalidate", netscape_security_invalidate
, 1,0,0},
282 {nsnull
,nsnull
,0,0,0}
286 * "Steal" calls to netscape.security.PrivilegeManager.enablePrivilege,
287 * et. al. so that code that worked with 4.0 can still work.
290 nsSecurityNameSet::InitializeNameSet(nsIScriptContext
* aScriptContext
)
292 JSContext
*cx
= (JSContext
*) aScriptContext
->GetNativeContext();
293 JSObject
*global
= JS_GetGlobalObject(cx
);
296 * Find Object.prototype's class by walking up the global object's
299 JSObject
*obj
= global
;
301 JSAutoRequest
ar(cx
);
302 while ((proto
= JS_GetPrototype(cx
, obj
)) != nsnull
)
304 JSClass
*objectClass
= JS_GET_CLASS(cx
, obj
);
307 if (!JS_GetProperty(cx
, global
, "netscape", &v
))
308 return NS_ERROR_FAILURE
;
309 JSObject
*securityObj
;
310 if (JSVAL_IS_OBJECT(v
)) {
312 * "netscape" property of window object exists; must be LiveConnect
313 * package. Get the "security" property.
315 obj
= JSVAL_TO_OBJECT(v
);
316 if (!JS_GetProperty(cx
, obj
, "security", &v
) || !JSVAL_IS_OBJECT(v
))
317 return NS_ERROR_FAILURE
;
318 securityObj
= JSVAL_TO_OBJECT(v
);
320 /* define netscape.security object */
321 obj
= JS_DefineObject(cx
, global
, "netscape", objectClass
, nsnull
, 0);
323 return NS_ERROR_FAILURE
;
324 securityObj
= JS_DefineObject(cx
, obj
, "security", objectClass
,
326 if (securityObj
== nsnull
)
327 return NS_ERROR_FAILURE
;
330 /* Define PrivilegeManager object with the necessary "static" methods. */
331 obj
= JS_DefineObject(cx
, securityObj
, "PrivilegeManager", objectClass
,
334 return NS_ERROR_FAILURE
;
336 return JS_DefineFunctions(cx
, obj
, PrivilegeManager_static_methods
)
343 NS_GENERIC_FACTORY_CONSTRUCTOR(nsPrincipal
)
344 NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecurityNameSet
)
345 NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(nsSystemPrincipal
,
346 nsScriptSecurityManager::SystemPrincipalSingletonConstructor
)
347 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNullPrincipal
, Init
)
349 NS_DECL_CLASSINFO(nsPrincipal
)
350 NS_DECL_CLASSINFO(nsSystemPrincipal
)
351 NS_DECL_CLASSINFO(nsNullPrincipal
)
354 Construct_nsIScriptSecurityManager(nsISupports
*aOuter
, REFNSIID aIID
,
358 return NS_ERROR_NULL_POINTER
;
361 return NS_ERROR_NO_AGGREGATION
;
362 nsScriptSecurityManager
*obj
= nsScriptSecurityManager::GetScriptSecurityManager();
364 return NS_ERROR_OUT_OF_MEMORY
;
365 if (NS_FAILED(obj
->QueryInterface(aIID
, aResult
)))
366 return NS_ERROR_FAILURE
;
371 RegisterSecurityNameSet(nsIComponentManager
*aCompMgr
,
373 const char *registryLocation
,
374 const char *componentType
,
375 const nsModuleComponentInfo
*info
)
379 nsCOMPtr
<nsICategoryManager
> catman
=
380 do_GetService(NS_CATEGORYMANAGER_CONTRACTID
, &rv
);
385 nsXPIDLCString previous
;
386 rv
= catman
->AddCategoryEntry(JAVASCRIPT_GLOBAL_STATIC_NAMESET_CATEGORY
,
388 NS_SECURITYNAMESET_CONTRACTID
,
389 PR_TRUE
, PR_TRUE
, getter_Copies(previous
));
390 NS_ENSURE_SUCCESS(rv
, rv
);
392 rv
= catman
->AddCategoryEntry("app-startup", "Script Security Manager",
393 "service," NS_SCRIPTSECURITYMANAGER_CONTRACTID
,
395 getter_Copies(previous
));
396 NS_ENSURE_SUCCESS(rv
, rv
);
402 static const nsModuleComponentInfo capsComponentInfo
[] =
404 { NS_SCRIPTSECURITYMANAGER_CLASSNAME
,
405 NS_SCRIPTSECURITYMANAGER_CID
,
406 NS_SCRIPTSECURITYMANAGER_CONTRACTID
,
407 Construct_nsIScriptSecurityManager
,
408 RegisterSecurityNameSet
,
414 nsIClassInfo::MAIN_THREAD_ONLY
417 { NS_SCRIPTSECURITYMANAGER_CLASSNAME
,
418 NS_SCRIPTSECURITYMANAGER_CID
,
419 NS_GLOBAL_PREF_SECURITY_CHECK
,
420 Construct_nsIScriptSecurityManager
,
421 RegisterSecurityNameSet
,
427 nsIClassInfo::MAIN_THREAD_ONLY
430 { NS_SCRIPTSECURITYMANAGER_CLASSNAME
,
431 NS_SCRIPTSECURITYMANAGER_CID
,
432 NS_GLOBAL_CHANNELEVENTSINK_CONTRACTID
,
433 Construct_nsIScriptSecurityManager
,
434 RegisterSecurityNameSet
,
440 nsIClassInfo::MAIN_THREAD_ONLY
445 { NS_PRINCIPAL_CLASSNAME
,
447 NS_PRINCIPAL_CONTRACTID
,
448 nsPrincipalConstructor
,
452 NS_CI_INTERFACE_GETTER_NAME(nsPrincipal
),
454 &NS_CLASSINFO_NAME(nsPrincipal
),
455 nsIClassInfo::MAIN_THREAD_ONLY
| nsIClassInfo::EAGER_CLASSINFO
458 { NS_SYSTEMPRINCIPAL_CLASSNAME
,
459 NS_SYSTEMPRINCIPAL_CID
,
460 NS_SYSTEMPRINCIPAL_CONTRACTID
,
461 nsSystemPrincipalConstructor
,
465 NS_CI_INTERFACE_GETTER_NAME(nsSystemPrincipal
),
467 &NS_CLASSINFO_NAME(nsSystemPrincipal
),
468 nsIClassInfo::SINGLETON
| nsIClassInfo::MAIN_THREAD_ONLY
|
469 nsIClassInfo::EAGER_CLASSINFO
472 { NS_NULLPRINCIPAL_CLASSNAME
,
473 NS_NULLPRINCIPAL_CID
,
474 NS_NULLPRINCIPAL_CONTRACTID
,
475 nsNullPrincipalConstructor
,
479 NS_CI_INTERFACE_GETTER_NAME(nsNullPrincipal
),
481 &NS_CLASSINFO_NAME(nsNullPrincipal
),
482 nsIClassInfo::MAIN_THREAD_ONLY
| nsIClassInfo::EAGER_CLASSINFO
485 { "Security Script Name Set",
486 NS_SECURITYNAMESET_CID
,
487 NS_SECURITYNAMESET_CONTRACTID
,
488 nsSecurityNameSetConstructor
,
495 nsIClassInfo::MAIN_THREAD_ONLY
501 CapsModuleDtor(nsIModule
* thisModules
)
503 nsScriptSecurityManager::Shutdown();
506 NS_IMPL_NSGETMODULE_WITH_DTOR(nsSecurityManagerModule
, capsComponentInfo
,