Closed Bug 1312062 Opened 8 years ago Closed 8 years ago

Port bug 1264562 to c-c [Add firstPartyDomain to socket transport ]

Categories

(MailNews Core :: LDAP Integration, defect)

Product:
MailNews Core
Component:
LDAP Integration
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 52.0

People

(Reporter: Paenglab, Assigned: aceman)

References

Details

Attachments

(1 file)

WIP patch
1.84 KB, patch
jorgk-bmo
: review+
Details | Diff | Splinter Review 
An actual build fails with ldap/xpcom/src/nsLDAPSecurityGlue.cpp(178): error C2660: 'nsISocketProvider::AddToSocket': function does not take 7 arguments
Attached patch WIP patchSplinter Review 
I don't know if this is correct, but at least makes the build work.
Severity: normal → blocker
Version: unspecified → Trunk
Comment on attachment 8803513 [details] [diff] [review]
WIP patch

Review of attachment 8803513 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good to me looking at
https://hg.mozilla.org/mozilla-central/rev/6ed882bc57d4
Attachment #8803513 - Flags: review+
Yes, that was my template :) But do we know if we can ignore the new argument (we do not use the feature), or if we need to set it to something useful?
     /**
+     * This is only non-empty when "privacy.firstparty.isolate" is enabled.
+     * It is used to create sockets, and will eventually be used to isolate
+     * OCSP cache. It's the only way to carry it down to NSPR layers which are
+     * final consumers.  It must be set before the socket transport is built.
+     */
+    attribute AUTF8String firstPartyDomain;

We know nothing about privacy.firstparty.isolate, so the string must be empty.
(In reply to :aceman from comment #3)
> Yes, that was my template :) But do we know if we can ignore the new
> argument (we do not use the feature), or if we need to set it to something
> useful?

Just request feedback from those driving the original bug. Currently it looks like the whole thing is behind a pref, but as it's a security bug it might be good to know more.
No reason not to land this meanwhile of course ;)
Do you guys have an idea if we need to use this argument in Thunderbird for any purpose? Or is it only intended to be used for OCSP?
Flags: needinfo?(honzab.moz)
Flags: needinfo?(dkeeler)
It's for first-party isolation (see bug 1299996). If the feature is enabled, you might pass some sort of identifier that ensures the desired properties of the feature, but it's probably safe to just pass an empty string in this case.
Flags: needinfo?(dkeeler)
(In reply to aleth [:aleth] from comment #6)
> No reason not to land this meanwhile of course ;)

Landed:
https://hg.mozilla.org/comm-central/rev/46b456a3059e10c10576bed1a97e533f727247ce
(Tree was busted "twice" (two bustages), needed to get ready for Daily build).

If despite comment #8 the patch isn't right, we can fix it later.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 52.0
Assignee: nobody → acelists
See Also: → FirstPartyIsolation
The first party is valid only when you are navigating pages in a tabbed browser.  For LDAP I think you are ok with an empty string, as you did ;)
Flags: needinfo?(honzab.moz)
c:/t1/hg/comm-central/ldap/xpcom/src/nsLDAPSecurityGlue.cpp(180): error C2664: 
'nsresult nsISocketProvider::AddToSocket(int32_t,const char 
*,int32_t,nsIProxyInfo *,const mozilla::NeckoOriginAttributes 
&,uint32_t,PRFileDesc *,nsISupports **)': cannot convert argument 5 from 
'const nsAFlatCString' to 'const mozilla::NeckoOriginAttributes &'

c:/t1/hg/comm-central/ldap/xpcom/src/nsLDAPSecurityGlue.cpp(180): note: 
Reason: cannot convert from 'const nsAFlatCString' to 'const 
mozilla::NeckoOriginAttributes'

c:/t1/hg/comm-central/ldap/xpcom/src/nsLDAPSecurityGlue.cpp(180): note: No 
user-defined-conversion operator available that can perform this conversion, 
or the operator cannot be called

c:/t1/hg/comm-central/mozilla/config/rules.mk:963: recipe for target 
'nsLDAPSecurityGlue.obj' failed
Flags: needinfo?(acelists)
s/Look/Looks/ ;-(
I'm not sure why this was pasted into this bug, it seems to be a new bustage.
Anyway, thanks Jorg.
Flags: needinfo?(acelists)
(In reply to :aceman from comment #14)
> I'm not sure why this was pasted into this bug, it seems to be a new bustage.
You were the last person to touch this file. Ergo you.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: