In an implementation of CanCreateWrapper I am failing to get a codebase
from the subject principal. Everytime I see the failure the subject
principal IS the system principal. Can I infer that if I get no codebase
that I have the system principla (or vice versa)?
Also, is it safe given one of the two states above to infer that the
call being made is NOT from a web page?
The issue I am dealing with is knowing when to require a check against
the permissions manager for further clearing. The object I am doing the
check on is called from both insecure webpage js and from an event fired
from C++ code from within Songbird in repsonse to UI interaction.
Thanks,
John
Here are some relevant code snippets:
...
nsCOMPtr<nsIURI> codebase;
GetCodebase( getter_AddRefs(codebase) );
// XXXredfive CHECK TO MAKE SURE THIS IS SAFE!!!!!!!
if (!codebase) {
NS_WARNING("We're doing something possibly bad here - INVESTIGATE
ME.");
*_retval = SB_CloneAllAccess();
return NS_OK;
}
if ( GetPermission(codebase, PERM_TYPE_CONTROLS, "disable_controls") ||
GetPermission(codebase, PERM_TYPE_BINDING, "disable_binding") ||
GetPermission(codebase, PERM_TYPE_METADATA, "disable_metadata") ) {
LOG(("sbSecurityMixin::CanCreateWrapper - Permission GRANTED!!!"));
*_retval = SB_CloneAllAccess();
} else {
LOG(("sbSecurityMixin::CanCreateWrapper - Permission DENIED
(looser)!!!"));
*_retval = nsnull;
}
NS_IMETHODIMP
sbSecurityMixin::GetCodebase(nsIURI **aCodebase) {
NS_ENSURE_ARG_POINTER(aCodebase);
// Get the current domain.
nsresult rv;
nsCOMPtr<nsIScriptSecurityManager>
secman(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIPrincipal> principal;
secman->GetSubjectPrincipal(getter_AddRefs(principal));
if (!principal) {
LOG(("sbSecurityMixin::GetCodebase -- Error: No Subject Principal."));
*aCodebase = nsnull;
return NS_OK;
}
LOG(("SecurityMixin::GetCodebase -- Have Subject Principal."));
#ifdef PR_LOGGING
nsCOMPtr<nsIPrincipal> systemPrincipal;
secman->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
if (principal == systemPrincipal) {
LOG(("sbSecurityMixin::GetCodebase -- System Principal."));
} else {
LOG(("sbSecurityMixin::GetCodebase -- Not System Principal."));
}
#endif
nsCOMPtr<nsIURI> codebase;
principal->GetDomain(getter_AddRefs(codebase));
if (!codebase) {
LOG(("sbSecurityMixin::GetCodebase -- no codebase from domain,
getting it from URI."));
principal->GetURI(getter_AddRefs(codebase));
}
*aCodebase = codebase;
NS_IF_ADDREF(*aCodebase);
return NS_OK;
}
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
