|
1 From: various contributors |
|
2 Subject: lockdown hooks for Gecko |
|
3 |
|
4 diff --git a/extensions/cookie/nsCookiePermission.cpp b/extensions/cookie/nsCookiePermission.cpp |
|
5 --- a/extensions/cookie/nsCookiePermission.cpp |
|
6 +++ b/extensions/cookie/nsCookiePermission.cpp |
|
7 @@ -1,10 +1,10 @@ |
|
8 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ |
|
9 -/* vim:ts=2:sw=2:et: */ |
|
10 +/* vim: set ts=2 sw=2 et: */ |
|
11 /* ***** BEGIN LICENSE BLOCK ***** |
|
12 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
|
13 * |
|
14 * The contents of this file are subject to the Mozilla Public License Version |
|
15 * 1.1 (the "License"); you may not use this file except in compliance with |
|
16 * the License. You may obtain a copy of the License at |
|
17 * http://www.mozilla.org/MPL/ |
|
18 * |
|
19 @@ -81,16 +81,17 @@ static const PRBool kDefaultPolicy = PR_ |
|
20 static const char kCookiesLifetimePolicy[] = "network.cookie.lifetimePolicy"; |
|
21 static const char kCookiesLifetimeDays[] = "network.cookie.lifetime.days"; |
|
22 static const char kCookiesAlwaysAcceptSession[] = "network.cookie.alwaysAcceptSessionCookies"; |
|
23 |
|
24 static const char kCookiesPrefsMigrated[] = "network.cookie.prefsMigrated"; |
|
25 // obsolete pref names for migration |
|
26 static const char kCookiesLifetimeEnabled[] = "network.cookie.lifetime.enabled"; |
|
27 static const char kCookiesLifetimeBehavior[] = "network.cookie.lifetime.behavior"; |
|
28 +static const char kCookiesHonorExceptions[] = "network.cookie.honorExceptions"; |
|
29 static const char kCookiesAskPermission[] = "network.cookie.warnAboutCookies"; |
|
30 |
|
31 static const char kPermissionType[] = "cookie"; |
|
32 |
|
33 #ifdef MOZ_MAIL_NEWS |
|
34 // returns PR_TRUE if URI appears to be the URI of a mailnews protocol |
|
35 // XXXbz this should be a protocol flag, not a scheme list, dammit! |
|
36 static PRBool |
|
37 @@ -120,16 +121,17 @@ nsCookiePermission::Init() |
|
38 |
|
39 // failure to access the pref service is non-fatal... |
|
40 nsCOMPtr<nsIPrefBranch2> prefBranch = |
|
41 do_GetService(NS_PREFSERVICE_CONTRACTID); |
|
42 if (prefBranch) { |
|
43 prefBranch->AddObserver(kCookiesLifetimePolicy, this, PR_FALSE); |
|
44 prefBranch->AddObserver(kCookiesLifetimeDays, this, PR_FALSE); |
|
45 prefBranch->AddObserver(kCookiesAlwaysAcceptSession, this, PR_FALSE); |
|
46 + prefBranch->AddObserver(kCookiesHonorExceptions, this, PR_FALSE); |
|
47 PrefChanged(prefBranch, nsnull); |
|
48 |
|
49 // migration code for original cookie prefs |
|
50 PRBool migrated; |
|
51 rv = prefBranch->GetBoolPref(kCookiesPrefsMigrated, &migrated); |
|
52 if (NS_FAILED(rv) || !migrated) { |
|
53 PRBool warnAboutCookies = PR_FALSE; |
|
54 prefBranch->GetBoolPref(kCookiesAskPermission, &warnAboutCookies); |
|
55 @@ -173,16 +175,20 @@ nsCookiePermission::PrefChanged(nsIPrefB |
|
56 if (PREF_CHANGED(kCookiesLifetimeDays) && |
|
57 NS_SUCCEEDED(aPrefBranch->GetIntPref(kCookiesLifetimeDays, &val))) |
|
58 // save cookie lifetime in seconds instead of days |
|
59 mCookiesLifetimeSec = val * 24 * 60 * 60; |
|
60 |
|
61 if (PREF_CHANGED(kCookiesAlwaysAcceptSession) && |
|
62 NS_SUCCEEDED(aPrefBranch->GetBoolPref(kCookiesAlwaysAcceptSession, &val))) |
|
63 mCookiesAlwaysAcceptSession = val; |
|
64 + |
|
65 + if (PREF_CHANGED(kCookiesHonorExceptions) && |
|
66 + NS_SUCCEEDED(aPrefBranch->GetBoolPref(kCookiesHonorExceptions, &val))) |
|
67 + mCookiesHonorExceptions = val; |
|
68 } |
|
69 |
|
70 NS_IMETHODIMP |
|
71 nsCookiePermission::SetAccess(nsIURI *aURI, |
|
72 nsCookieAccess aAccess) |
|
73 { |
|
74 // |
|
75 // NOTE: nsCookieAccess values conveniently match up with |
|
76 @@ -202,16 +208,21 @@ nsCookiePermission::CanAccess(nsIURI |
|
77 // it. |
|
78 if (IsFromMailNews(aURI)) { |
|
79 *aResult = ACCESS_DENY; |
|
80 return NS_OK; |
|
81 } |
|
82 #endif // MOZ_MAIL_NEWS |
|
83 |
|
84 // finally, check with permission manager... |
|
85 + if (!mCookiesHonorExceptions) { |
|
86 + *aResult = ACCESS_DEFAULT; |
|
87 + return NS_OK; |
|
88 + } |
|
89 + |
|
90 nsresult rv = mPermMgr->TestPermission(aURI, kPermissionType, (PRUint32 *) aResult); |
|
91 if (NS_SUCCEEDED(rv)) { |
|
92 switch (*aResult) { |
|
93 // if we have one of the publicly-available values, just return it |
|
94 case nsIPermissionManager::UNKNOWN_ACTION: // ACCESS_DEFAULT |
|
95 case nsIPermissionManager::ALLOW_ACTION: // ACCESS_ALLOW |
|
96 case nsIPermissionManager::DENY_ACTION: // ACCESS_DENY |
|
97 break; |
|
98 diff --git a/extensions/cookie/nsCookiePermission.h b/extensions/cookie/nsCookiePermission.h |
|
99 --- a/extensions/cookie/nsCookiePermission.h |
|
100 +++ b/extensions/cookie/nsCookiePermission.h |
|
101 @@ -54,30 +54,32 @@ public: |
|
102 NS_DECL_ISUPPORTS |
|
103 NS_DECL_NSICOOKIEPERMISSION |
|
104 NS_DECL_NSIOBSERVER |
|
105 |
|
106 nsCookiePermission() |
|
107 : mCookiesLifetimeSec(LL_MAXINT) |
|
108 , mCookiesLifetimePolicy(0) // ACCEPT_NORMALLY |
|
109 , mCookiesAlwaysAcceptSession(PR_FALSE) |
|
110 + , mCookiesHonorExceptions(PR_TRUE) |
|
111 {} |
|
112 virtual ~nsCookiePermission() {} |
|
113 |
|
114 nsresult Init(); |
|
115 void PrefChanged(nsIPrefBranch *, const char *); |
|
116 |
|
117 private: |
|
118 PRBool InPrivateBrowsing(); |
|
119 |
|
120 nsCOMPtr<nsIPermissionManager> mPermMgr; |
|
121 nsCOMPtr<nsIPrivateBrowsingService> mPBService; |
|
122 |
|
123 PRInt64 mCookiesLifetimeSec; // lifetime limit specified in seconds |
|
124 PRUint8 mCookiesLifetimePolicy; // pref for how long cookies are stored |
|
125 PRPackedBool mCookiesAlwaysAcceptSession; // don't prompt for session cookies |
|
126 + PRPackedBool mCookiesHonorExceptions; |
|
127 }; |
|
128 |
|
129 // {EF565D0A-AB9A-4A13-9160-0644CDFD859A} |
|
130 #define NS_COOKIEPERMISSION_CID \ |
|
131 {0xEF565D0A, 0xAB9A, 0x4A13, {0x91, 0x60, 0x06, 0x44, 0xcd, 0xfd, 0x85, 0x9a }} |
|
132 |
|
133 #endif |
|
134 diff --git a/extensions/permissions/nsContentBlocker.cpp b/extensions/permissions/nsContentBlocker.cpp |
|
135 --- a/extensions/permissions/nsContentBlocker.cpp |
|
136 +++ b/extensions/permissions/nsContentBlocker.cpp |
|
137 @@ -71,32 +71,38 @@ static const char *kTypeString[NUMBER_OF |
|
138 NS_IMPL_ISUPPORTS3(nsContentBlocker, |
|
139 nsIContentPolicy, |
|
140 nsIObserver, |
|
141 nsSupportsWeakReference) |
|
142 |
|
143 nsContentBlocker::nsContentBlocker() |
|
144 { |
|
145 memset(mBehaviorPref, BEHAVIOR_ACCEPT, NUMBER_OF_TYPES); |
|
146 + memset(mHonorExceptions, PR_TRUE, NUMBER_OF_TYPES); |
|
147 } |
|
148 |
|
149 nsresult |
|
150 nsContentBlocker::Init() |
|
151 { |
|
152 nsresult rv; |
|
153 mPermissionManager = do_GetService(NS_PERMISSIONMANAGER_CONTRACTID, &rv); |
|
154 NS_ENSURE_SUCCESS(rv, rv); |
|
155 |
|
156 nsCOMPtr<nsIPrefService> prefService = do_GetService(NS_PREFSERVICE_CONTRACTID, &rv); |
|
157 NS_ENSURE_SUCCESS(rv, rv); |
|
158 |
|
159 nsCOMPtr<nsIPrefBranch> prefBranch; |
|
160 rv = prefService->GetBranch("permissions.default.", getter_AddRefs(prefBranch)); |
|
161 NS_ENSURE_SUCCESS(rv, rv); |
|
162 |
|
163 + nsCOMPtr<nsIPrefBranch> honorExceptionsPrefBranch; |
|
164 + rv = prefService->GetBranch("permissions.honorExceptions.", |
|
165 + getter_AddRefs(honorExceptionsPrefBranch)); |
|
166 + NS_ENSURE_SUCCESS(rv, rv); |
|
167 + |
|
168 // Migrate old image blocker pref |
|
169 nsCOMPtr<nsIPrefBranch> oldPrefBranch; |
|
170 oldPrefBranch = do_QueryInterface(prefService); |
|
171 PRInt32 oldPref; |
|
172 rv = oldPrefBranch->GetIntPref("network.image.imageBehavior", &oldPref); |
|
173 if (NS_SUCCEEDED(rv) && oldPref) { |
|
174 PRInt32 newPref; |
|
175 switch (oldPref) { |
|
176 @@ -116,39 +122,49 @@ nsContentBlocker::Init() |
|
177 |
|
178 |
|
179 // The branch is not a copy of the prefservice, but a new object, because |
|
180 // it is a non-default branch. Adding obeservers to it will only work if |
|
181 // we make sure that the object doesn't die. So, keep a reference to it. |
|
182 mPrefBranchInternal = do_QueryInterface(prefBranch, &rv); |
|
183 NS_ENSURE_SUCCESS(rv, rv); |
|
184 |
|
185 + mHonorExceptionsPrefBranchInternal = |
|
186 + do_QueryInterface(honorExceptionsPrefBranch, &rv); |
|
187 + NS_ENSURE_SUCCESS(rv, rv); |
|
188 + |
|
189 rv = mPrefBranchInternal->AddObserver("", this, PR_TRUE); |
|
190 - PrefChanged(prefBranch, nsnull); |
|
191 + NS_ENSURE_SUCCESS(rv, rv); |
|
192 + |
|
193 + rv = mHonorExceptionsPrefBranchInternal->AddObserver("", this, PR_TRUE); |
|
194 + PrefChanged(nsnull); |
|
195 |
|
196 return rv; |
|
197 } |
|
198 |
|
199 #undef LIMIT |
|
200 #define LIMIT(x, low, high, default) ((x) >= (low) && (x) <= (high) ? (x) : (default)) |
|
201 |
|
202 void |
|
203 -nsContentBlocker::PrefChanged(nsIPrefBranch *aPrefBranch, |
|
204 - const char *aPref) |
|
205 +nsContentBlocker::PrefChanged(const char *aPref) |
|
206 { |
|
207 - PRInt32 val; |
|
208 - |
|
209 -#define PREF_CHANGED(_P) (!aPref || !strcmp(aPref, _P)) |
|
210 - |
|
211 - for(PRUint32 i = 0; i < NUMBER_OF_TYPES; ++i) { |
|
212 - if (PREF_CHANGED(kTypeString[i]) && |
|
213 - NS_SUCCEEDED(aPrefBranch->GetIntPref(kTypeString[i], &val))) |
|
214 - mBehaviorPref[i] = LIMIT(val, 1, 3, 1); |
|
215 + for (PRUint32 i = 0; i < NUMBER_OF_TYPES; ++i) { |
|
216 + if (!aPref || !strcmp(kTypeString[i], aPref)) { |
|
217 + PRInt32 val; |
|
218 + PRBool b; |
|
219 + if (mPrefBranchInternal && |
|
220 + NS_SUCCEEDED(mPrefBranchInternal->GetIntPref(kTypeString[i], &val))) { |
|
221 + mBehaviorPref[i] = LIMIT(val, 1, 3, 1); |
|
222 + } |
|
223 + if (mHonorExceptionsPrefBranchInternal && |
|
224 + NS_SUCCEEDED(mHonorExceptionsPrefBranchInternal->GetBoolPref(kTypeString[i], &b))) { |
|
225 + mHonorExceptions[i] = b; |
|
226 + } |
|
227 + } |
|
228 } |
|
229 - |
|
230 } |
|
231 |
|
232 // nsIContentPolicy Implementation |
|
233 NS_IMETHODIMP |
|
234 nsContentBlocker::ShouldLoad(PRUint32 aContentType, |
|
235 nsIURI *aContentLocation, |
|
236 nsIURI *aRequestingLocation, |
|
237 nsISupports *aRequestingContext, |
|
238 @@ -264,21 +280,23 @@ nsContentBlocker::TestPermission(nsIURI |
|
239 // This default will also get used if there is an unknown value in the |
|
240 // permission list, or if the permission manager returns unknown values. |
|
241 *aPermission = PR_TRUE; |
|
242 |
|
243 // check the permission list first; if we find an entry, it overrides |
|
244 // default prefs. |
|
245 // Don't forget the aContentType ranges from 1..8, while the |
|
246 // array is indexed 0..7 |
|
247 - PRUint32 permission; |
|
248 - nsresult rv = mPermissionManager->TestPermission(aCurrentURI, |
|
249 - kTypeString[aContentType - 1], |
|
250 - &permission); |
|
251 - NS_ENSURE_SUCCESS(rv, rv); |
|
252 + PRUint32 permission = 0; |
|
253 + if (mHonorExceptions[aContentType - 1]) { |
|
254 + nsresult rv = mPermissionManager->TestPermission(aCurrentURI, |
|
255 + kTypeString[aContentType - 1], |
|
256 + &permission); |
|
257 + NS_ENSURE_SUCCESS(rv, rv); |
|
258 + } |
|
259 |
|
260 // If there is nothing on the list, use the default. |
|
261 if (!permission) { |
|
262 permission = mBehaviorPref[aContentType - 1]; |
|
263 *aFromPrefs = PR_TRUE; |
|
264 } |
|
265 |
|
266 // Use the fact that the nsIPermissionManager values map to |
|
267 @@ -294,17 +312,17 @@ nsContentBlocker::TestPermission(nsIURI |
|
268 case BEHAVIOR_NOFOREIGN: |
|
269 // Third party checking |
|
270 |
|
271 // Need a requesting uri for third party checks to work. |
|
272 if (!aFirstURI) |
|
273 return NS_OK; |
|
274 |
|
275 PRBool trustedSource = PR_FALSE; |
|
276 - rv = aFirstURI->SchemeIs("chrome", &trustedSource); |
|
277 + nsresult rv = aFirstURI->SchemeIs("chrome", &trustedSource); |
|
278 NS_ENSURE_SUCCESS(rv,rv); |
|
279 if (!trustedSource) { |
|
280 rv = aFirstURI->SchemeIs("resource", &trustedSource); |
|
281 NS_ENSURE_SUCCESS(rv,rv); |
|
282 } |
|
283 if (trustedSource) |
|
284 return NS_OK; |
|
285 |
|
286 @@ -360,12 +378,11 @@ nsContentBlocker::TestPermission(nsIURI |
|
287 NS_IMETHODIMP |
|
288 nsContentBlocker::Observe(nsISupports *aSubject, |
|
289 const char *aTopic, |
|
290 const PRUnichar *aData) |
|
291 { |
|
292 NS_ASSERTION(!strcmp(NS_PREFBRANCH_PREFCHANGE_TOPIC_ID, aTopic), |
|
293 "unexpected topic - we only deal with pref changes!"); |
|
294 |
|
295 - if (mPrefBranchInternal) |
|
296 - PrefChanged(mPrefBranchInternal, NS_LossyConvertUTF16toASCII(aData).get()); |
|
297 + PrefChanged(NS_LossyConvertUTF16toASCII(aData).get()); |
|
298 return NS_OK; |
|
299 } |
|
300 diff --git a/extensions/permissions/nsContentBlocker.h b/extensions/permissions/nsContentBlocker.h |
|
301 --- a/extensions/permissions/nsContentBlocker.h |
|
302 +++ b/extensions/permissions/nsContentBlocker.h |
|
303 @@ -61,26 +61,28 @@ public: |
|
304 NS_DECL_NSIOBSERVER |
|
305 |
|
306 nsContentBlocker(); |
|
307 nsresult Init(); |
|
308 |
|
309 private: |
|
310 ~nsContentBlocker() {} |
|
311 |
|
312 - void PrefChanged(nsIPrefBranch *, const char *); |
|
313 + void PrefChanged(const char *); |
|
314 nsresult TestPermission(nsIURI *aCurrentURI, |
|
315 nsIURI *aFirstURI, |
|
316 PRInt32 aContentType, |
|
317 PRBool *aPermission, |
|
318 PRBool *aFromPrefs); |
|
319 |
|
320 nsCOMPtr<nsIPermissionManager> mPermissionManager; |
|
321 nsCOMPtr<nsIPrefBranch2> mPrefBranchInternal; |
|
322 + nsCOMPtr<nsIPrefBranch2> mHonorExceptionsPrefBranchInternal; |
|
323 PRUint8 mBehaviorPref[NUMBER_OF_TYPES]; |
|
324 + PRPackedBool mHonorExceptions[NUMBER_OF_TYPES]; |
|
325 }; |
|
326 |
|
327 #define NS_CONTENTBLOCKER_CID \ |
|
328 { 0x4ca6b67b, 0x5cc7, 0x4e71, \ |
|
329 { 0xa9, 0x8a, 0x97, 0xaf, 0x1c, 0x13, 0x48, 0x62 } } |
|
330 |
|
331 #define NS_CONTENTBLOCKER_CONTRACTID "@mozilla.org/permissions/contentblocker;1" |
|
332 |
|
333 diff --git a/modules/libpref/src/init/all.js b/modules/libpref/src/init/all.js |
|
334 --- a/modules/libpref/src/init/all.js |
|
335 +++ b/modules/libpref/src/init/all.js |
|
336 @@ -842,16 +842,17 @@ pref("network.automatic-ntlm-auth.truste |
|
337 // response to a NTLM challenge. By default, this is disabled since servers |
|
338 // should almost never need the LM hash, and the LM hash is what makes NTLM |
|
339 // authentication less secure. See bug 250691 for further details. |
|
340 // NOTE: automatic-ntlm-auth which leverages the OS-provided NTLM |
|
341 // implementation will not be affected by this preference. |
|
342 pref("network.ntlm.send-lm-response", false); |
|
343 |
|
344 pref("permissions.default.image", 1); // 1-Accept, 2-Deny, 3-dontAcceptForeign |
|
345 +pref("permissions.honorExceptions.image", true); |
|
346 |
|
347 #ifndef XP_MACOSX |
|
348 #ifdef XP_UNIX |
|
349 pref("network.proxy.type", 5); |
|
350 #else |
|
351 pref("network.proxy.type", 0); |
|
352 #endif |
|
353 #else |
|
354 @@ -869,16 +870,17 @@ pref("network.proxy.ssl_port", |
|
355 pref("network.proxy.socks", ""); |
|
356 pref("network.proxy.socks_port", 0); |
|
357 pref("network.proxy.socks_version", 5); |
|
358 pref("network.proxy.socks_remote_dns", false); |
|
359 pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1"); |
|
360 pref("network.proxy.failover_timeout", 1800); // 30 minutes |
|
361 pref("network.online", true); //online/offline |
|
362 pref("network.cookie.cookieBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse |
|
363 +pref("network.cookie.honorExceptions", true); |
|
364 pref("network.cookie.lifetimePolicy", 0); // accept normally, 1-askBeforeAccepting, 2-acceptForSession,3-acceptForNDays |
|
365 pref("network.cookie.alwaysAcceptSessionCookies", false); |
|
366 pref("network.cookie.prefsMigrated", false); |
|
367 pref("network.cookie.lifetime.days", 90); |
|
368 |
|
369 // The PAC file to load. Ignored unless network.proxy.type is 2. |
|
370 pref("network.proxy.autoconfig_url", ""); |
|
371 |
|
372 diff --git a/xpinstall/src/nsXPInstallManager.cpp b/xpinstall/src/nsXPInstallManager.cpp |
|
373 --- a/xpinstall/src/nsXPInstallManager.cpp |
|
374 +++ b/xpinstall/src/nsXPInstallManager.cpp |
|
375 @@ -300,36 +300,46 @@ nsXPInstallManager::InitManagerInternal( |
|
376 packageList[j++] = item->GetSafeURLString(); |
|
377 packageList[j++] = item->mIconURL.get(); |
|
378 packageList[j++] = item->mCertName.get(); |
|
379 } |
|
380 |
|
381 //----------------------------------------------------- |
|
382 // Get permission to install |
|
383 //----------------------------------------------------- |
|
384 + nsCOMPtr<nsIPrefBranch> pref(do_GetService(NS_PREFSERVICE_CONTRACTID)); |
|
385 |
|
386 #ifdef ENABLE_SKIN_SIMPLE_INSTALLATION_UI |
|
387 if ( mChromeType == CHROME_SKIN ) |
|
388 { |
|
389 // We may want to enable the simple installation UI once |
|
390 // bug 343037 is fixed |
|
391 |
|
392 // skins get a simpler/friendlier dialog |
|
393 // XXX currently not embeddable |
|
394 - OKtoInstall = ConfirmChromeInstall( mParentWindow, packageList ); |
|
395 + PRBool themesDisabled = PR_FALSE; |
|
396 + if (pref) |
|
397 + pref->GetBoolPref("config.lockdown.disable_themes", &themesDisabled); |
|
398 + OKtoInstall = !themesDisabled && |
|
399 + ConfirmChromeInstall( mParentWindow, packageList ); |
|
400 } |
|
401 else |
|
402 { |
|
403 #endif |
|
404 + PRBool extensionsDisabled = PR_FALSE; |
|
405 + if (pref) |
|
406 + pref->GetBoolPref("config.lockdown.disable_extensions", &extensionsDisabled); |
|
407 + if (!extensionsDisabled) { |
|
408 rv = dlgSvc->ConfirmInstall( mParentWindow, |
|
409 packageList, |
|
410 numStrings, |
|
411 &OKtoInstall ); |
|
412 if (NS_FAILED(rv)) |
|
413 OKtoInstall = PR_FALSE; |
|
414 + } |
|
415 #ifdef ENABLE_SKIN_SIMPLE_INSTALLATION_UI |
|
416 } |
|
417 #endif |
|
418 |
|
419 if (OKtoInstall) |
|
420 { |
|
421 //----------------------------------------------------- |
|
422 // Open the progress dialog |