Skip to content

Commit

Permalink
Bug 1264562 - Part 1: Add firstPartyDomain to socket transport (adapt…
Browse files Browse the repository at this point in the history 
…ed from Tor Browser patch 13670) r=mayhemer
  • Loading branch information
Jonathan Hao committed Oct 12, 2016
1 parent 64c8fda commit 1b08cd0
Show file tree
Hide file tree
Showing 10 changed files with 53 additions and 3 deletions.
8 changes: 8 additions & 0 deletions netwerk/base/nsISocketTransport.idl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,14 @@ interface nsISocketTransport : nsITransport
*/
readonly attribute long port;

/**
* This is only non-empty when "privacy.firstparty.isolate" is enabled.
* It is used to create sockets, and will eventually be used to isolate
* OCSP cache. It's the only way to carry it down to NSPR layers which are
* final consumers. It must be set before the socket transport is built.
*/
attribute AUTF8String firstPartyDomain;

/**
* The platform-specific network interface id that this socket
* associated with. Note that this attribute can be only accessed
Expand Down
22 changes: 20 additions & 2 deletions netwerk/base/nsSocketTransport2.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1169,7 +1169,7 @@ nsSocketTransport::BuildSocket(PRFileDesc *&fd, bool &proxyTransparent, bool &us
rv = provider->NewSocket(mNetAddr.raw.family,
mHttpsProxy ? mProxyHost.get() : host,
mHttpsProxy ? mProxyPort : port,
proxyInfo,
proxyInfo, mFirstPartyDomain,
controlFlags, &fd,
getter_AddRefs(secinfo));

Expand All @@ -1184,9 +1184,10 @@ nsSocketTransport::BuildSocket(PRFileDesc *&fd, bool &proxyTransparent, bool &us
// to the stack (such as pushing an io layer)
rv = provider->AddToSocket(mNetAddr.raw.family,
host, port, proxyInfo,
controlFlags, fd,
mFirstPartyDomain, controlFlags, fd,
getter_AddRefs(secinfo));
}

// controlFlags = 0; not used below this point...
if (NS_FAILED(rv))
break;
Expand Down Expand Up @@ -2389,6 +2390,23 @@ nsSocketTransport::SetNetworkInterfaceId(const nsACString_internal &aNetworkInte
return NS_OK;
}

NS_IMETHODIMP
nsSocketTransport::GetFirstPartyDomain(nsACString &value)
{
value = mFirstPartyDomain;
return NS_OK;
}

NS_IMETHODIMP
nsSocketTransport::SetFirstPartyDomain(const nsACString &value)
{
MutexAutoLock lock(mLock);
NS_ENSURE_FALSE(mFD.IsInitialized(), NS_ERROR_FAILURE);

mFirstPartyDomain = value;
return NS_OK;
}

NS_IMETHODIMP
nsSocketTransport::GetPeerAddr(NetAddr *addr)
{
Expand Down
6 changes: 6 additions & 0 deletions netwerk/base/nsSocketTransport2.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,12 @@ class nsSocketTransport final : public nsASocketHandler
bool mProxyTransparentResolvesHost;
bool mHttpsProxy;
uint32_t mConnectionFlags;

// This is only non-empty when "privacy.firstparty.isolate" is enabled.
// It is used to create sockets. It's the only way to carry it down to NSPR
// layers which are final consumers. It must be set before the socket
// transport is built.
nsCString mFirstPartyDomain;

uint16_t SocketPort() { return (!mProxyHost.IsEmpty() && !mProxyTransparent) ? mProxyPort : mPort; }
const nsCString &SocketHost() { return (!mProxyHost.IsEmpty() && !mProxyTransparent) ? mProxyHost : mHost; }
Expand Down
4 changes: 3 additions & 1 deletion netwerk/protocol/http/TunnelUtils.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ TLSFilterTransaction::TLSFilterTransaction(nsAHttpTransaction *aWrapped,

if (provider && mFD) {
mFD->secret = reinterpret_cast<PRFilePrivate *>(this);
provider->AddToSocket(PR_AF_INET, aTLSHost, aTLSPort, nullptr,
provider->AddToSocket(PR_AF_INET, aTLSHost, aTLSPort, nullptr, EmptyCString(),
0, mFD, getter_AddRefs(mSecInfo));
}

Expand Down Expand Up @@ -1593,6 +1593,8 @@ FWD_TS_PTR(GetConnectionFlags, uint32_t);
FWD_TS(SetConnectionFlags, uint32_t);
FWD_TS_PTR(GetRecvBufferSize, uint32_t);
FWD_TS(SetRecvBufferSize, uint32_t);
FWD_TS(SetFirstPartyDomain, const nsACString&);
FWD_TS(GetFirstPartyDomain, nsACString&);

NS_IMETHODIMP
SocketTransportShim::GetHost(nsACString & aHost)
Expand Down
6 changes: 6 additions & 0 deletions netwerk/protocol/http/nsHttpConnectionMgr.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3081,6 +3081,12 @@ nsHalfOpenSocket::SetupStreams(nsISocketTransport **transport,

socketTransport->SetConnectionFlags(tmpFlags);

nsAutoCString firstPartyDomain =
NS_ConvertUTF16toUTF8(mEnt->mConnInfo->GetOriginAttributes().mFirstPartyDomain);
if (!firstPartyDomain.IsEmpty()) {
socketTransport->SetFirstPartyDomain(firstPartyDomain);
}

socketTransport->SetQoSBits(gHttpHandler->GetQoSBits());

if (!ci->GetNetworkInterfaceId().IsEmpty()) {
Expand Down
2 changes: 2 additions & 0 deletions netwerk/socket/nsISocketProvider.idl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ interface nsISocketProvider : nsISupports
in string aHost,
in long aPort,
in nsIProxyInfo aProxy,
in ACString aFirstPartyDomain,
in unsigned long aFlags,
out PRFileDescStar aFileDesc,
out nsISupports aSecurityInfo);
Expand All @@ -59,6 +60,7 @@ interface nsISocketProvider : nsISupports
in string aHost,
in long aPort,
in nsIProxyInfo aProxy,
in ACString aFirstPartyDomain,
in unsigned long aFlags,
in PRFileDescStar aFileDesc,
out nsISupports aSecurityInfo);
Expand Down
2 changes: 2 additions & 0 deletions netwerk/socket/nsSOCKSSocketProvider.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ nsSOCKSSocketProvider::NewSocket(int32_t family,
const char *host,
int32_t port,
nsIProxyInfo *proxy,
const nsACString &firstPartyDomain,
uint32_t flags,
PRFileDesc **result,
nsISupports **socksInfo)
Expand Down Expand Up @@ -76,6 +77,7 @@ nsSOCKSSocketProvider::AddToSocket(int32_t family,
const char *host,
int32_t port,
nsIProxyInfo *proxy,
const nsACString &firstPartyDomain,
uint32_t flags,
PRFileDesc *sock,
nsISupports **socksInfo)
Expand Down
2 changes: 2 additions & 0 deletions netwerk/socket/nsUDPSocketProvider.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ nsUDPSocketProvider::NewSocket(int32_t aFamily,
const char *aHost,
int32_t aPort,
nsIProxyInfo *aProxy,
const nsACString &firstPartyDomain,
uint32_t aFlags,
PRFileDesc * *aFileDesc,
nsISupports **aSecurityInfo)
Expand All @@ -36,6 +37,7 @@ nsUDPSocketProvider::AddToSocket(int32_t aFamily,
const char *aHost,
int32_t aPort,
nsIProxyInfo *aProxy,
const nsACString &firstPartyDomain,
uint32_t aFlags,
struct PRFileDesc * aFileDesc,
nsISupports **aSecurityInfo)
Expand Down
2 changes: 2 additions & 0 deletions security/manager/ssl/nsSSLSocketProvider.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ nsSSLSocketProvider::NewSocket(int32_t family,
const char *host,
int32_t port,
nsIProxyInfo *proxy,
const nsACString &firstPartyDomain,
uint32_t flags,
PRFileDesc **_result,
nsISupports **securityInfo)
Expand All @@ -44,6 +45,7 @@ nsSSLSocketProvider::AddToSocket(int32_t family,
const char *host,
int32_t port,
nsIProxyInfo *proxy,
const nsACString &firstPartyDomain,
uint32_t flags,
PRFileDesc *aSocket,
nsISupports **securityInfo)
Expand Down
2 changes: 2 additions & 0 deletions security/manager/ssl/nsTLSSocketProvider.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ nsTLSSocketProvider::NewSocket(int32_t family,
const char *host,
int32_t port,
nsIProxyInfo *proxy,
const nsACString &firstPartyDomain,
uint32_t flags,
PRFileDesc **_result,
nsISupports **securityInfo)
Expand All @@ -45,6 +46,7 @@ nsTLSSocketProvider::AddToSocket(int32_t family,
const char *host,
int32_t port,
nsIProxyInfo *proxy,
const nsACString &firstPartyDomain,
uint32_t flags,
PRFileDesc *aSocket,
nsISupports **securityInfo)
Expand Down

0 comments on commit 1b08cd0

Please sign in to comment.