Closed Bug 239969 Opened 20 years ago Closed 17 years ago

implement a full security manager for xpcshell

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: vlad)

References

Details

Attachments

(2 files, 5 obsolete files)

239969-xpcshell-principals-2.patch
6.73 KB, patch
shaver
: review+
Details | Diff | Splinter Review
Last one, I promise!
13.68 KB, patch
jst
: review+
jst
: superreview+
Details | Diff | Splinter Review 
Code:
a=Components.classes["@mozilla.org/xmlextras/soap/call;1"].createInstance()
a.transportURI="http://simpledotnetthingee/SimpleService/Service1.asmx"
a.encode(0, "HelloWorld", "http://dotnet.com/webservices/", 0, null, [].length, 
[])
a.asyncInvoke(function(response, soapcall, error) {dump(response, soapcall, 
error);})

expected results:
js> a=Components.classes["@mozilla.org/xmlextras/soap/call;1"].createInstance()
[xpconnect wrapped (nsISupports, nsISOAPMessage, nsISOAPCall)]
js> a.transportURI="http://simpledotnetthingee/SimpleService/Service1.asmx"
http://simpledotnetthingee/SimpleService/Service1.asmx
js> a.encode(0, "HelloWorld", "http://dotnet.com/webservices/", 0, null, 
[].length, [])
js> a.asyncInvoke(function(response, soapcall, error) {dump(response, soapcall, 
error);})
[xpconnect wrapped (nsISupports, nsIDOMEventListener, nsISOAPCallCompletion)]

Actual results:
...
js> a.asyncInvoke(function(response, soapcall, error) {dump(response, soapcall, 
error);})
uncaught exception: [Exception... "Component returned failure code: 0x80004005 
(NS_ERROR_FAILURE) [nsISOAPCall.asyncInvoke]"  nsresult: "0x80004005 
(NS_ERROR_FAILURE)"  location: "JS frame :: typein :: <TOP_LEVEL> :: line 36"  
data: no]

The problem is that soap asks for the global ssm service and decides that the 
stuff just isn't privy to it.

There are a few solutions (one is to fix soap), but for the time being, i 
decided to hack xpcshell
Summary: implement a full security manager for xpcshell → implement a full security manager for xpcshell
Attached patch security manager (draft) (obsolete) — Splinter Review 
Assignee: BradleyJunk → timeless
Status: NEW → ASSIGNED

    
  

        Attachment #145671 -
        Attachment description: security manager → security manager (draft)

        Attachment #145671 -
        Flags: superreview?(shaver)

    
    

    
  
Comment on attachment 145671 [details] [diff] [review]
security manager (draft)


+NS_IMPL_ISUPPORTS1(FullTrustSecMan, nsIScriptSecurityManager)

should be:

+NS_IMPL_ISUPPORTS2(FullTrustSecMan, nsIScriptSecurityManager, 
nsIXPCScriptSecurityManager)

    
    

    
  
Hi,

I had a similar issue not being able to load an XML Document from a javascript
running from xpcshell... I tracked it down to : the script is compiled without
any principles).

I have hacked xpcshell as follow:
1. Get the all powerfull SystemPrincipal :
2. Then compile the script using the System Principals.

replace xpcshell.cpp line 576:

-         script = JS_CompileFileHandle(cx, obj, filename, file);

with:

+{
+  nsCOMPtr<nsIPrincipal> princ ;
+  JSPrincipals *jsp=NULL;
+  nsresult rv = NS_OK;
+
+  nsCOMPtr<nsIScriptSecurityManager> securityManager =
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+  if ( securityManager && NS_SUCCEEDED( rv ) ) {
+    rv=securityManager->GetSystemPrincipal(getter_AddRefs(princ));
+  }
+  rv = princ->GetJSPrincipals( cx , &jsp);
+  if ( NS_SUCCEEDED( rv ) ) {
+    script = JS_CompileFileHandleForPrincipals(cx, obj,filename, file , jsp); 
           
+  }
+}

Hope this helps. I know this is gives full control to js executed this way, but
this is executed from the command line, so I would assume user knows what thay
are doing...

Let me know if this helps...


    
    

    
  
Comment on attachment 145671 [details] [diff] [review]
security manager (draft)

Yeah, do we need a secman at all if we just give the sysprin to those scripts? 
I'd be surprised if we did, but maybe there are some cases where sysprin isn't
enough?

        Attachment #145671 -
        Flags: superreview?(shaver)

    
    

    
  


  
Patch based on Jean-Marc's diff.  Wrapped relevant sections with
XPCONNECT_STANDALONE, also do some error checking.   Right now it bails if
GetSystemPrincipals or GetJSPrincipals fails, do we want to try without
principals instead?  I'm not sure if it'll make a difference what we do in
practice.

    
    

    
  
Comment on attachment 166736 [details] [diff] [review]
239969-xpcshell-principals-0.patch

>         DoBeginRequest(cx);
see beginrequest^^^

>+                return;
thou shalt not return without ending thy request.

>         DoEndRequest(cx);
see endrequest^^^

        Attachment #166736 -
        Flags: review?(shaver) → review-

    
    

    
  


  
Whoops, yep, forgot the EndRequests.

        Attachment #166736 -
        Attachment is obsolete: true
OS: Windows XP → All
Hardware: PC → All

    
    

    
  
Comment on attachment 166783 [details] [diff] [review]
239969-xpcshell-principals-1.patch

Please condition the DEPENDS on XPCONNECT_STANDALONE as well.

Also, printing a warning if we can't get the securityManager will save people
_just_like_us_ from chasing weird sysprin bugs in the future.

        Attachment #166783 -
        Flags: review?(shaver) → review+

    
    

    
  


  
Updated; there were a few other places that needed to be cought (the Load()
function, and also interactive reading from the console).  So, I store away the
jsprin in a global and just use it everywhere.	All 3 usages seem to work (-f
from the command line, load("foo.js"), and interactive).

(There's no makefile flag for XPCONNECT_STANDALONE; the loader seems to have
caps unconditionally in REQUIRES, so it doesn't seem to hurt anything.)

        Attachment #166783 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 166820 [details] [diff] [review]
239969-xpcshell-principals-2.patch

r=shaver with the irc nits picked.  thanks!

        Attachment #166820 -
        Flags: review+

    
    

    
  
Is there an alternative to XPCONNECT_STANDALONE here? alecf mentioned a desire
to try to eliminate it in comment here
https://bugzilla.mozilla.org/show_bug.cgi?id=121438#c34.

Off the top of my head I don't know what an alternative would be and I'm fuzzy
on why this needs to be standalone only. Just wanted to bring it up for discussion. 

    
    

    
  
*** Bug 270497 has been marked as a duplicate of this bug. ***

    
    

    
  
Whatever happened to this? 

    
  
QA Contact: pschwartau → xpconnect

    
  
Assignee: timeless → vladimir
Status: ASSIGNED → NEW

    
    

    
  
I honestly don't remember; I must've dropped it on the floor for some reason.  Is this still needed?

    
    

    
  
Yes; a security manager is needed at the very least for bug 374071.  It has a patch which was committed, but the patch requires a security manager.  xpcshell's lack of said security manager results in the unit test crashing, so the patch had to be backed out.
Blocks: 374071

    
    

    
  
It seems that Vlad's patch was checked in, but timeless' patch wasn't. I think that I'll need the latter to land in order to land bug 374071.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Fixing a couple of problems (obsolete)
        — Splinter Review
      

    


  
I'd missed a couple of *_retval = PR_TRUE s, and and added an incorrect HOLD (the DROP was necessary, though).

        Attachment #145671 -
        Attachment is obsolete: true

        Attachment #268994 -
        Attachment is obsolete: true

        Attachment #268998 -
        Flags: review?(jst)

        Attachment #268994 -
        Flags: review?(jst)

    
    

    
  


  

        Attachment #268998 -
        Attachment is obsolete: true

        Attachment #268998 -
        Flags: review?(jst)

        Attachment #269000 -
        Flags: superreview+

        Attachment #269000 -
        Flags: review+

    
    

    
  
This bug is fully fixed now.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED

    
    

    
  
I backed this patch out, because it caused bustage and was checked in when the tree was closed.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  
Fix checked in again.
Status: REOPENED → RESOLVED
Closed: 17 years ago17 years ago
Resolution: --- → FIXED

    
    

    
  
The code exercised by test_protocolproxyservice.js depends on the presence of the security manager, now that bug 374071 is fixed, so we can call this enough for now.
Flags: in-testsuite+

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: