639
639
this.destinations = new Ruleset();
642
isMatch: function(uriObj) {
643
if (this.scheme && this.scheme !== uriObj.scheme) {
643
* @param {nsIURI} uriObj
644
* @param {boolean} endpointSpecHasHost Whether the endpoint spec
645
* corresponding to this "Rule" instance has a host.
648
isMatch: function(uriObj, endpointSpecHasHost) {
649
if (this.scheme && this.scheme !== "*" && this.scheme !== uriObj.scheme) {
644
650
//dprint("isMatch: wrong scheme (uri: '" + uriObj.scheme + "', rule: '" +
645
651
// this.scheme + "')");
649
655
// Check the port only in case the URI has a host at all.
650
if (DomainUtil.uriObjHasHost(uriObj)) {
656
if (DomainUtil.uriObjHasPort(uriObj)) {
652
658
// If the rule's port is "*" it means any port. We use this convention
653
659
// because we assume an empty port in a rule means default ports rather
654
660
// than any port.
655
if (parseInt(this.port, 10) !== uriObj.port && this.port !== "*") {
656
//dprint("isMatch: wrong port (not the port specified by the rule)");
661
if (this.port !== "*") {
662
let rulePort = parseInt(this.port, 10);
664
rulePort === uriObj.port ||
665
uriObj.port === -1 &&
666
rulePort === DomainUtil.
667
getDefaultPortForScheme(uriObj.scheme)
669
// Port Match is OK, so continue
671
//dprint("isMatch: wrong port (not the port specified by the rule)");
660
if (!DomainUtil.hasStandardPort(uriObj)) {
661
//dprint("isMatch: wrong port (not the default port and the rule assumes default)");
676
if (!endpointSpecHasHost) {
677
// Both host and port are undefined, so skip the default-port-check.
679
if (!DomainUtil.hasStandardPort(uriObj)) {
680
//dprint("isMatch: wrong port (not the default port and the rule assumes default)");
685
} else if (this.port) {
686
// The rule specifies a port, but the URI has no port.
935
958
if (DomainUtil.isIPAddress(host)) {
936
959
var addrEntry = this._ipAddr[host];
961
yield [addrEntry, true];
941
964
var parts = host.split(".");
942
965
var curLevel = this._domain;
966
// Start by checking for a wildcard at the highest level.
967
var nextLevel = curLevel.getLowerLevel("*");
969
yield [nextLevel, true];
944
971
for (var i = parts.length - 1; i >= 0; i--) {
945
972
nextLevel = curLevel.getLowerLevel(parts[i]);
946
973
if (!nextLevel) {
949
976
curLevel = nextLevel;
977
yield [nextLevel, true];
952
979
// Check for *.domain rules at each level.
953
980
nextLevel = curLevel.getLowerLevel("*");
982
yield [nextLevel, true];
984
1011
//dprint("Checking origin rules and origin-to-destination rules.");
985
1012
// First, check for rules for each part of the origin host.
986
originouterloop: for (let entry in this.getHostMatches(originHost)) {
1013
for (let [entry, originSpecHasHost] in this.getHostMatches(originHost)) {
987
1014
//dprint(entry);
988
1015
for (let rule in entry.rules) {
989
1016
//dprint("Checking rule: " + rule);
990
let ruleMatchedOrigin = rule.isMatch(origin);
1017
let ruleMatchedOrigin = rule.isMatch(origin, originSpecHasHost);
992
1019
if (rule.allowOrigin && ruleMatchedOrigin) {
993
1020
//dprint("ALLOW origin by rule " + entry + " " + rule);
997
1024
//dprint("DENY origin by rule " + entry + " " + rule);
998
1025
matchedDenyRules.push(["origin", entry, rule]);
1000
// switch(rule.originRuleAction) {
1001
// case C.RULE_ACTION_ALLOW:
1002
// if (ruleMatchedOrigin) {
1003
// dprint("ALLOW origin by rule " + entry + " " + rule);
1004
// matchedAllowRules.push(["origin", entry, rule]);
1007
// case C.RULE_ACTION_DENY:
1008
// if (ruleMatchedOrigin) {
1009
// dprint("DENY origin by rule " + entry + " " + rule);
1010
// matchedDenyRules.push(["origin", entry, rule]);
1011
// //break originouterloop;
1016
1028
// Check if there are origin-to-destination rules from the origin host
1017
1029
// entry we're currently looking at.
1018
1030
if (ruleMatchedOrigin && rule.destinations) {
1019
1031
//dprint("There are origin-to-destination rules using this origin rule.");
1020
for (let destEntry in rule.destinations.getHostMatches(destHost)) {
1032
for (let [destEntry, destSpecHasHost]
1033
in rule.destinations.getHostMatches(destHost)) {
1021
1034
//dprint(destEntry);
1022
1035
for (let destRule in destEntry.rules) {
1023
1036
//dprint("Checking rule: " + rule);
1024
if (destRule.allowDestination && destRule.isMatch(dest)) {
1037
if (destRule.allowDestination &&
1038
destRule.isMatch(dest, destSpecHasHost)) {
1025
1039
//dprint("ALLOW origin-to-dest by rule origin " + entry + " " + rule + " to dest " + destEntry + " " + destRule);
1026
1040
matchedAllowRules.push([
1027
1041
"origin-to-dest",
1034
if (destRule.denyDestination && destRule.isMatch(dest)) {
1048
if (destRule.denyDestination &&
1049
destRule.isMatch(dest, destSpecHasHost)) {
1035
1050
//dprint("DENY origin-to-dest by rule origin " + entry + " " + rule + " to dest " + destEntry + " " + destRule);
1036
1051
matchedDenyRules.push([
1037
1052
"origin-to-dest",
1045
// switch(destRule.destinationRuleAction) {
1046
// case C.RULE_ACTION_ALLOW:
1047
// if (destRule.isMatch(dest)) {
1048
// dprint("ALLOW origin-to-dest by rule origin " + entry + " " + rule + " to dest " + destEntry + " " + destRule);
1049
// matchedAllowRules.push(["origin-to-dest", entry, rule, destEntry, destRule]);
1052
// case C.RULE_ACTION_DENY:
1053
// if (destRule.isMatch(dest)) {
1054
// dprint("DENY origin-to-dest by rule origin " + entry + " " + rule + " to dest " + destEntry + " " + destRule);
1055
// matchedDenyRules.push(["origin-to-dest", entry, rule, destEntry, destRule]);
1056
// //break originouterloop;
1063
1061
//dprint("Done checking origin-to-destination rules using this origin rule.");
1068
1066
//dprint("Checking dest rules.");
1069
1067
// Last, check for rules for each part of the destination host.
1070
destouterloop: for (let entry in this.getHostMatches(destHost)) {
1068
for (let [entry, destSpecHasHost] in this.getHostMatches(destHost)) {
1071
1069
//dprint(entry);
1072
1070
for (let rule in entry.rules) {
1073
1071
//dprint("Checking rule: " + rule);
1074
if (rule.allowDestination && rule.isMatch(dest)) {
1072
if (rule.allowDestination && rule.isMatch(dest, destSpecHasHost)) {
1075
1073
//dprint("ALLOW dest by rule " + entry + " " + rule);
1076
1074
matchedAllowRules.push(["dest", entry, rule]);
1078
if (rule.denyDestination && rule.isMatch(dest)) {
1076
if (rule.denyDestination && rule.isMatch(dest, destSpecHasHost)) {
1079
1077
//dprint("DENY dest by rule " + entry + " " + rule);
1080
1078
matchedDenyRules.push(["dest", entry, rule]);
1082
// switch(rule.destinationRuleAction) {
1083
// case C.RULE_ACTION_ALLOW:
1084
// if (rule.isMatch(dest)) {
1085
// dprint("ALLOW dest by rule " + entry + " " + rule);
1086
// matchedAllowRules.push(["dest", entry, rule]);
1089
// case C.RULE_ACTION_DENY:
1090
// if (rule.isMatch(dest)) {
1091
// dprint("DENY dest by rule " + entry + " " + rule);
1092
// matchedDenyRules.push(["dest", entry, rule]);
1093
// //break destouterloop;