Commit 83ed9f02 authored by Brindusan Cristian's avatar Brindusan Cristian
Browse files

Backed out 14 changesets (bug 1705659, bug 472823, bug 669675) as requested by... 

Backed out 14 changesets (bug 1705659, bug 472823, bug 669675) as requested by valentin for causing regressions.

Backed out changeset d920aa17a468 (bug 669675)
Backed out changeset adad38c05584 (bug 1705659)
Backed out changeset 361c177ed131 (bug 1705659)
Backed out changeset 46e559f45338 (bug 1705659)
Backed out changeset 3c9556a8df55 (bug 1705659)
Backed out changeset a179695a56c9 (bug 1705659)
Backed out changeset e688986c7011 (bug 1705659)
Backed out changeset de990e6c944d (bug 1705659)
Backed out changeset 0ea348abee78 (bug 1705659)
Backed out changeset 2f0aacbd42b1 (bug 1705659)
Backed out changeset c977551bad6e (bug 1705659)
Backed out changeset 5449d9e08034 (bug 1705659)
Backed out changeset b6b51bc167ac (bug 1705659)
Backed out changeset 27e709923ecb (bug 472823)
parent 34244d97

extensions/auth/nsAuthGSSAPI.cpp

+15 −19
Original line number Diff line number Diff line
@@ -192,10 +192,10 @@ static nsresult gssInit() { 


  LOG(("Attempting to load gss functions\n"));



  for (auto& gssFunc : gssFuncs) {

    gssFunc.func = PR_FindFunctionSymbol(lib, gssFunc.str);

    if (!gssFunc.func) {

      LOG(("Fail to load %s function from gssapi library\n", gssFunc.str));

  for (size_t i = 0; i < ArrayLength(gssFuncs); ++i) {

    gssFuncs[i].func = PR_FindFunctionSymbol(lib, gssFuncs[i].str);

    if (!gssFuncs[i].func) {

      LOG(("Fail to load %s function from gssapi library\n", gssFuncs[i].str));

      PR_UnloadLibrary(lib);

      return NS_ERROR_FAILURE;

    }
@@ -324,15 +324,14 @@ void nsAuthGSSAPI::Shutdown() { 
NS_IMPL_ISUPPORTS(nsAuthGSSAPI, nsIAuthModule)



NS_IMETHODIMP

nsAuthGSSAPI::Init(const nsACString& serviceName, uint32_t serviceFlags,

                   const nsAString& domain, const nsAString& username,

                   const nsAString& password) {

nsAuthGSSAPI::Init(const char* serviceName, uint32_t serviceFlags,

                   const char16_t* domain, const char16_t* username,

                   const char16_t* password) {

  // we don't expect to be passed any user credentials

  NS_ASSERTION(domain.IsEmpty() && username.IsEmpty() && password.IsEmpty(),

               "unexpected credentials");

  NS_ASSERTION(!domain && !username && !password, "unexpected credentials");



  // it's critial that the caller supply a service name to be used

  NS_ENSURE_TRUE(!serviceName.IsEmpty(), NS_ERROR_INVALID_ARG);

  NS_ENSURE_TRUE(serviceName && *serviceName, NS_ERROR_INVALID_ARG);



  LOG(("entering nsAuthGSSAPI::Init()\n"));
@@ -447,19 +446,17 @@ nsAuthGSSAPI::GetNextToken(const void* inToken, uint32_t inTokenLen, 
  }



  *outTokenLen = output_token.length;

  if (output_token.length != 0) {

  if (output_token.length != 0)

    *outToken = moz_xmemdup(output_token.value, output_token.length);

  } else {

  else

    *outToken = nullptr;

  }



  gss_release_buffer_ptr(&minor_status, &output_token);



  if (major_status == GSS_S_COMPLETE) {

  if (major_status == GSS_S_COMPLETE)

    rv = NS_SUCCESS_AUTH_FINISHED;

  } else {

  else

    rv = NS_OK;

  }



end:

  gss_release_name_ptr(&minor_status, &server);
@@ -491,11 +488,10 @@ nsAuthGSSAPI::Unwrap(const void* inToken, uint32_t inTokenLen, void** outToken, 


  *outTokenLen = output_token.length;



  if (output_token.length) {

  if (output_token.length)

    *outToken = moz_xmemdup(output_token.value, output_token.length);

  } else {

  else

    *outToken = nullptr;

  }



  gss_release_buffer_ptr(&minor_status, &output_token);

extensions/auth/nsAuthSASL.cpp

+6 −7
Original line number Diff line number Diff line
@@ -20,14 +20,13 @@ void nsAuthSASL::Reset() { mSASLReady = false; } 
NS_IMPL_ISUPPORTS(nsAuthSASL, nsIAuthModule)



NS_IMETHODIMP

nsAuthSASL::Init(const nsACString& serviceName, uint32_t serviceFlags,

                 const nsAString& domain, const nsAString& username,

                 const nsAString& password) {

nsAuthSASL::Init(const char* serviceName, uint32_t serviceFlags,

                 const char16_t* domain, const char16_t* username,

                 const char16_t* password) {

  nsresult rv;



  NS_ASSERTION(!username.IsEmpty(), "SASL requires a username");

  NS_ASSERTION(domain.IsEmpty() && password.IsEmpty(),

               "unexpected credentials");

  NS_ASSERTION(username, "SASL requires a username");

  NS_ASSERTION(!domain && !password, "unexpected credentials");



  mUsername = username;
@@ -46,7 +45,7 @@ nsAuthSASL::Init(const nsACString& serviceName, uint32_t serviceFlags, 


  MOZ_ALWAYS_TRUE(mInnerModule = nsIAuthModule::CreateInstance(authType));



  mInnerModule->Init(serviceName, serviceFlags, u""_ns, u""_ns, u""_ns);

  mInnerModule->Init(serviceName, serviceFlags, nullptr, nullptr, nullptr);



  return NS_OK;

}

extensions/auth/nsAuthSSPI.cpp

+13 −13
Original line number Diff line number Diff line
@@ -90,7 +90,7 @@ static nsresult InitSSPI() { 


//-----------------------------------------------------------------------------



nsresult nsAuthSSPI::MakeSN(const nsACString& principal, nsCString& result) {

nsresult nsAuthSSPI::MakeSN(const char* principal, nsCString& result) {

  nsresult rv;



  nsAutoCString buf(principal);
@@ -174,9 +174,9 @@ void nsAuthSSPI::Reset() { 
NS_IMPL_ISUPPORTS(nsAuthSSPI, nsIAuthModule)



NS_IMETHODIMP

nsAuthSSPI::Init(const nsACString& aServiceName, uint32_t aServiceFlags,

                 const nsAString& aDomain, const nsAString& aUsername,

                 const nsAString& aPassword) {

nsAuthSSPI::Init(const char* serviceName, uint32_t serviceFlags,

                 const char16_t* domain, const char16_t* username,

                 const char16_t* password) {

  LOG(("  nsAuthSSPI::Init\n"));



  mIsFirst = true;
@@ -185,7 +185,7 @@ nsAuthSSPI::Init(const nsACString& aServiceName, uint32_t aServiceFlags, 


  // The caller must supply a service name to be used. (For why we now require

  // a service name for NTLM, see bug 487872.)

  NS_ENSURE_TRUE(!aServiceName.IsEmpty(), NS_ERROR_INVALID_ARG);

  NS_ENSURE_TRUE(serviceName && *serviceName, NS_ERROR_INVALID_ARG);



  nsresult rv;
@@ -203,18 +203,18 @@ nsAuthSSPI::Init(const nsACString& aServiceName, uint32_t aServiceFlags, 
    // lookups. The incoming serviceName is in the format: "protocol@hostname",

    // SSPI expects

    // "<service class>/<hostname>", so swap the '@' for a '/'.

    mServiceName = aServiceName;

    mServiceName.Assign(serviceName);

    int32_t index = mServiceName.FindChar('@');

    if (index == kNotFound) return NS_ERROR_UNEXPECTED;

    mServiceName.Replace(index, 1, '/');

  } else {

    // Kerberos requires the canonical host, MakeSN takes care of this through a

    // DNS lookup.

    rv = MakeSN(aServiceName, mServiceName);

    rv = MakeSN(serviceName, mServiceName);

    if (NS_FAILED(rv)) return rv;

  }



  mServiceFlags = aServiceFlags;

  mServiceFlags = serviceFlags;



  SECURITY_STATUS rc;
@@ -235,11 +235,11 @@ nsAuthSSPI::Init(const nsACString& aServiceName, uint32_t aServiceFlags, 
  // domain, username, and password will be null if nsHttpNTLMAuth's

  // ChallengeReceived returns false for identityInvalid. Use default

  // credentials in this case by passing null for pai.

  if (!aUsername.IsEmpty() && !aPassword.IsEmpty()) {

  if (username && password) {

    // Keep a copy of these strings for the duration

    mUsername = aUsername;

    mPassword = aPassword;

    mDomain = aDomain;

    mUsername.Assign(username);

    mPassword.Assign(password);

    mDomain.Assign(domain);

    ai.Domain = reinterpret_cast<unsigned short*>(mDomain.BeginWriting());

    ai.DomainLength = mDomain.Length();

    ai.User = reinterpret_cast<unsigned short*>(mUsername.BeginWriting());
@@ -258,7 +258,7 @@ nsAuthSSPI::Init(const nsACString& aServiceName, uint32_t aServiceFlags, 
  static bool sTelemetrySent = false;

  if (!sTelemetrySent) {

    mozilla::Telemetry::Accumulate(mozilla::Telemetry::NTLM_MODULE_USED_2,

                                   aServiceFlags & nsIAuthModule::REQ_PROXY_AUTH

                                   serviceFlags & nsIAuthModule::REQ_PROXY_AUTH

                                       ? NTLM_MODULE_WIN_API_PROXY

                                       : NTLM_MODULE_WIN_API_DIRECT);

    sTelemetrySent = true;

extensions/auth/nsAuthSSPI.h

+1 −1
Original line number Diff line number Diff line
@@ -41,7 +41,7 @@ class nsAuthSSPI final : public nsIAuthModule { 
  typedef ::TimeStamp MS_TimeStamp;



 private:

  nsresult MakeSN(const nsACString& principal, nsCString& result);

  nsresult MakeSN(const char* principal, nsCString& result);



  CredHandle mCred;

  CtxtHandle mCtxt;

extensions/auth/nsAuthSambaNTLM.cpp

+5 −7
Original line number Diff line number Diff line
@@ -49,9 +49,8 @@ static bool SpawnIOChild(char* const* aArgs, PRProcess** aPID, 
                         PRFileDesc** aFromChildFD, PRFileDesc** aToChildFD) {

  PRFileDesc* toChildPipeRead;

  PRFileDesc* toChildPipeWrite;

  if (PR_CreatePipe(&toChildPipeRead, &toChildPipeWrite) != PR_SUCCESS) {

  if (PR_CreatePipe(&toChildPipeRead, &toChildPipeWrite) != PR_SUCCESS)

    return false;

  }

  PR_SetFDInheritable(toChildPipeRead, true);

  PR_SetFDInheritable(toChildPipeWrite, false);
@@ -190,11 +189,10 @@ nsresult nsAuthSambaNTLM::SpawnNTLMAuthHelper() { 
}



NS_IMETHODIMP

nsAuthSambaNTLM::Init(const nsACString& serviceName, uint32_t serviceFlags,

                      const nsAString& domain, const nsAString& username,

                      const nsAString& password) {

  NS_ASSERTION(username.IsEmpty() && domain.IsEmpty() && password.IsEmpty(),

               "unexpected credentials");

nsAuthSambaNTLM::Init(const char* serviceName, uint32_t serviceFlags,

                      const char16_t* domain, const char16_t* username,

                      const char16_t* password) {

  NS_ASSERTION(!username && !domain && !password, "unexpected credentials");



  static bool sTelemetrySent = false;

  if (!sTelemetrySent) {