Bug 1502774 - Part 2: Remove XPCOM component registrations for auth module classes r=valentin
authorEhsan Akhgari <ehsan@mozilla.com>
Mon, 29 Oct 2018 14:59:16 +0000
changeset 443384 b3bf57d996a72f0a8843b85ec3e0379092a7bf87
parent 443383 32a581482291e22e54f705df46ec58b5f791072b
child 443385 6b821f5b12ae5c9520a0d1da2575094b5a532899
push id109362
push userrgurzau@mozilla.com
push dateMon, 29 Oct 2018 22:12:05 +0000
treeherdermozilla-inbound@1c7d0042fc4a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvalentin
bugs1502774
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1502774 - Part 2: Remove XPCOM component registrations for auth module classes r=valentin Depends on D10025 Differential Revision: https://phabricator.services.mozilla.com/D10026
extensions/auth/moz.build
extensions/auth/nsAuthFactory.cpp
extensions/auth/nsAuthSASL.cpp
extensions/auth/nsAuthSSPI.h
extensions/auth/nsHttpNegotiateAuth.cpp
netwerk/base/nsIAuthModule.idl
netwerk/protocol/http/nsHttpNTLMAuth.cpp
security/manager/ssl/nsNSSModule.cpp
security/manager/ssl/nsNTLMAuthModule.h
--- a/extensions/auth/moz.build
+++ b/extensions/auth/moz.build
@@ -21,15 +21,16 @@ if CONFIG['OS_ARCH'] == 'WINNT':
     DEFINES['USE_SSPI'] = True
 else:
     UNIFIED_SOURCES += [
         'nsAuthSambaNTLM.cpp',
     ]
 
 LOCAL_INCLUDES += [
     '/netwerk/dns', # For nsDNSService2.h
+    '/security/manager/ssl',
 ]
 
 FINAL_LIBRARY = 'xul'
 
 with Files('**'):
     BUG_COMPONENT = ('Core', 'Networking')
 
--- a/extensions/auth/nsAuthFactory.cpp
+++ b/extensions/auth/nsAuthFactory.cpp
@@ -1,213 +1,83 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/ModuleUtils.h"
-#include "nsAuth.h"
+#include "nsCRT.h"
+#include "nsIAuthModule.h"
 
 //-----------------------------------------------------------------------------
-
-#define NS_NEGOTIATEAUTH_CID                       \
-{ /* 96ec4163-efc8-407a-8735-007fb26be4e8 */       \
-  0x96ec4163,                                      \
-  0xefc8,                                          \
-  0x407a,                                          \
-  {0x87, 0x35, 0x00, 0x7f, 0xb2, 0x6b, 0xe4, 0xe8} \
-}
-#define NS_GSSAUTH_CID                             \
-{ /* dc8e21a0-03e4-11da-8cd6-0800200c9a66 */       \
-  0xdc8e21a0,                                      \
-  0x03e4,                                          \
-  0x11da,                                          \
-  {0x8c, 0xd6, 0x08, 0x00, 0x20, 0x0c, 0x9a, 0x66} \
-}
-
 #include "nsAuthGSSAPI.h"
-
 #if defined( USE_SSPI )
 #include "nsAuthSSPI.h"
-
-static nsresult
-nsSysNTLMAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
-{
-  if (outer)
-    return NS_ERROR_NO_AGGREGATION;
-
-  nsAuthSSPI *auth = new nsAuthSSPI(PACKAGE_TYPE_NTLM);
-  if (!auth)
-    return NS_ERROR_OUT_OF_MEMORY;
-
-  NS_ADDREF(auth);
-  nsresult rv = auth->QueryInterface(iid, result);
-  NS_RELEASE(auth);
-  return rv;
-}
-
-static nsresult
-nsKerbSSPIAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
-{
-  if (outer)
-    return NS_ERROR_NO_AGGREGATION;
-
-  nsAuthSSPI *auth = new nsAuthSSPI(PACKAGE_TYPE_KERBEROS);
-  if (!auth)
-    return NS_ERROR_OUT_OF_MEMORY;
-
-  NS_ADDREF(auth);
-  nsresult rv = auth->QueryInterface(iid, result);
-  NS_RELEASE(auth);
-  return rv;
-}
-
-#define NS_SYSNTLMAUTH_CID                         \
-{ /* dc195987-6e9a-47bc-b1fd-ab895d398833 */       \
-  0xdc195987,                                      \
-  0x6e9a,                                          \
-  0x47bc,                                          \
-  {0xb1, 0xfd, 0xab, 0x89, 0x5d, 0x39, 0x88, 0x33} \
-}
-
-#define NS_NEGOTIATEAUTHSSPI_CID                   \
-{ /* 78d3b0c0-0241-11da-8cd6-0800200c9a66 */       \
-  0x78d3b0c0,                                      \
-  0x0241,                                          \
-  0x11da,                                          \
-  {0x8c, 0xd6, 0x08, 0x00, 0x20, 0x0c, 0x9a, 0x66} \
-}
-
-#define NS_KERBAUTHSSPI_CID                        \
-{ /* 8c3a0e20-03e5-11da-8cd6-0800200c9a66 */       \
-  0x8c3a0e20,                                      \
-  0x03e5,                                          \
-  0x11da,                                          \
-  {0x8c, 0xd6, 0x08, 0x00, 0x20, 0x0c, 0x9a, 0x66} \
-}
-
 #else
-
-#define NS_SAMBANTLMAUTH_CID                       \
-{ /* bc54f001-6eb0-4e32-9f49-7e064d8e70ef */       \
-  0xbc54f001,                                      \
-  0x6eb0,                                          \
-  0x4e32,                                          \
-  {0x9f, 0x49, 0x7e, 0x06, 0x4d, 0x8e, 0x70, 0xef} \
-}
-
 #include "nsAuthSambaNTLM.h"
-static nsresult
-nsSambaNTLMAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
-{
-  if (outer)
-    return NS_ERROR_NO_AGGREGATION;
-
-  RefPtr<nsAuthSambaNTLM> auth = new nsAuthSambaNTLM();
-  if (!auth)
-    return NS_ERROR_OUT_OF_MEMORY;
-
-  nsresult rv = auth->SpawnNTLMAuthHelper();
-  if (NS_FAILED(rv)) {
-    // Failure here probably means that cached credentials were not available
-    return rv;
-  }
-
-  return auth->QueryInterface(iid, result);
-}
-
 #endif
-
-static nsresult
-nsKerbGSSAPIAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
-{
-  if (outer)
-    return NS_ERROR_NO_AGGREGATION;
-
-  nsAuthGSSAPI *auth = new nsAuthGSSAPI(PACKAGE_TYPE_KERBEROS);
-  if (!auth)
-    return NS_ERROR_OUT_OF_MEMORY;
-
-  NS_ADDREF(auth);
-  nsresult rv = auth->QueryInterface(iid, result);
-  NS_RELEASE(auth);
-  return rv;
-}
-
-static nsresult
-nsGSSAPIAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
-{
-  if (outer)
-    return NS_ERROR_NO_AGGREGATION;
-
-  nsAuthGSSAPI *auth = new nsAuthGSSAPI(PACKAGE_TYPE_NEGOTIATE);
-  if (!auth)
-    return NS_ERROR_OUT_OF_MEMORY;
-
-  NS_ADDREF(auth);
-  nsresult rv = auth->QueryInterface(iid, result);
-  NS_RELEASE(auth);
-  return rv;
-}
-
-
-#if defined( USE_SSPI )
-NS_GENERIC_FACTORY_CONSTRUCTOR(nsAuthSSPI)
-#endif
-
-#define NS_AUTHSASL_CID                            \
-{ /* 815e42e0-72cc-480f-934b-148e33c228a6 */       \
-  0x815e42e0,                                      \
-  0x72cc,                                          \
-  0x480f,                                          \
-  {0x93, 0x4b, 0x14, 0x8e, 0x33, 0xc2, 0x28, 0xa6} \
-}
-
 #include "nsAuthSASL.h"
-NS_GENERIC_FACTORY_CONSTRUCTOR(nsAuthSASL)
-
-NS_DEFINE_NAMED_CID(NS_GSSAUTH_CID);
-NS_DEFINE_NAMED_CID(NS_NEGOTIATEAUTH_CID);
-#if defined( USE_SSPI )
-NS_DEFINE_NAMED_CID(NS_NEGOTIATEAUTHSSPI_CID);
-NS_DEFINE_NAMED_CID(NS_KERBAUTHSSPI_CID);
-NS_DEFINE_NAMED_CID(NS_SYSNTLMAUTH_CID);
-#else
-NS_DEFINE_NAMED_CID(NS_SAMBANTLMAUTH_CID);
-#endif
-NS_DEFINE_NAMED_CID(NS_AUTHSASL_CID);
-
+#include "nsNTLMAuthModule.h"
+#include "nsNSSComponent.h"
 
 static const mozilla::Module::CIDEntry kAuthCIDs[] = {
-  { &kNS_GSSAUTH_CID, false, nullptr, nsKerbGSSAPIAuthConstructor },
-  { &kNS_NEGOTIATEAUTH_CID, false, nullptr, nsGSSAPIAuthConstructor },
-#if defined( USE_SSPI )
-  { &kNS_NEGOTIATEAUTHSSPI_CID, false, nullptr, nsAuthSSPIConstructor },
-  { &kNS_KERBAUTHSSPI_CID, false, nullptr, nsKerbSSPIAuthConstructor },
-  { &kNS_SYSNTLMAUTH_CID, false, nullptr, nsSysNTLMAuthConstructor },
-#else
-  { &kNS_SAMBANTLMAUTH_CID, false, nullptr, nsSambaNTLMAuthConstructor },
-#endif
-  { &kNS_AUTHSASL_CID, false, nullptr, nsAuthSASLConstructor },
   { nullptr }
 };
 
 static const mozilla::Module::ContractIDEntry kAuthContracts[] = {
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-gss", &kNS_GSSAUTH_CID },
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate-gss", &kNS_NEGOTIATEAUTH_CID },
-#if defined( USE_SSPI )
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate-sspi", &kNS_NEGOTIATEAUTHSSPI_CID },
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-sspi", &kNS_KERBAUTHSSPI_CID },
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm", &kNS_SYSNTLMAUTH_CID },
-#elif !defined(XP_MACOSX)
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm", &kNS_SAMBANTLMAUTH_CID },
-#endif
-  { NS_AUTH_MODULE_CONTRACTID_PREFIX "sasl-gssapi", &kNS_AUTHSASL_CID },
   { nullptr }
 };
 
+// static
+already_AddRefed<nsIAuthModule>
+nsIAuthModule::CreateInstance(const char* aType)
+{
+  nsCOMPtr<nsIAuthModule> auth;
+  if (!nsCRT::strcmp(aType, "kerb-gss")) {
+    auth = new nsAuthGSSAPI(PACKAGE_TYPE_KERBEROS);
+  } else if (!nsCRT::strcmp(aType, "negotiate-gss")) {
+    auth = new nsAuthGSSAPI(PACKAGE_TYPE_NEGOTIATE);
+#if defined( USE_SSPI )
+  } else if (!nsCRT::strcmp(aType, "negotiate-sspi")) {
+    auth = new nsAuthSSPI();
+  } else if (!nsCRT::strcmp(aType, "kerb-sspi")) {
+    auth = new nsAuthSSPI(PACKAGE_TYPE_KERBEROS);
+  } else if (!nsCRT::strcmp(aType, "sys-ntlm")) {
+    auth = new nsAuthSSPI(PACKAGE_TYPE_NTLM);
+#elif !defined(XP_MACOSX)
+  } else if (!nsCRT::strcmp(aType, "sys-ntlm")) {
+    RefPtr<nsAuthSambaNTLM> sambaAuth = new nsAuthSambaNTLM();
+
+    nsresult rv = sambaAuth->SpawnNTLMAuthHelper();
+    if (NS_FAILED(rv)) {
+      // Failure here probably means that cached credentials were not available
+      return nullptr;
+    }
+
+    auth = sambaAuth.forget();
+#endif
+  } else if (!nsCRT::strcmp(aType, "sasl-gssapi")) {
+    auth = new nsAuthSASL();
+  } else if (!nsCRT::strcmp(aType, "ntlm") &&
+    XRE_IsParentProcess() &&
+    EnsureNSSInitializedChromeOrContent()) {
+    RefPtr<nsNTLMAuthModule> ntlmAuth = new nsNTLMAuthModule();
+
+    nsresult rv = ntlmAuth->InitTest();
+    if (NS_FAILED(rv)) {
+      return nullptr;
+    }
+
+    auth = ntlmAuth.forget();
+  } else {
+    return nullptr;
+  }
+
+  return auth.forget();
+}
+
 //-----------------------------------------------------------------------------
 mozilla::LazyLogModule gNegotiateLog("negotiateauth");
 
 // setup nspr logging ...
 static nsresult
 InitNegotiateAuth()
 {
   return NS_OK;
--- a/extensions/auth/nsAuthSASL.cpp
+++ b/extensions/auth/nsAuthSASL.cpp
@@ -38,29 +38,27 @@ nsAuthSASL::Init(const char *serviceName
     NS_ASSERTION(!domain && !password, "unexpected credentials");
 
     mUsername = username;
 
     // If we're doing SASL, we should do mutual auth
     serviceFlags |= REQ_MUTUAL_AUTH;
 
     // Find out whether we should be trying SSPI or not
-    const char *contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-gss";
+    const char *authType = "kerb-gss";
 
     nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
     if (prefs) {
         bool val;
         rv = prefs->GetBoolPref(kNegotiateAuthSSPI, &val);
         if (NS_SUCCEEDED(rv) && val)
-            contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-sspi";
+            authType = "kerb-sspi";
     }
 
-    mInnerModule = do_CreateInstance(contractID, &rv);
-    // if we can't create the GSSAPI module, then bail
-    NS_ENSURE_SUCCESS(rv, rv);
+    MOZ_ALWAYS_TRUE(mInnerModule = nsIAuthModule::CreateInstance(authType));
 
     mInnerModule->Init(serviceName, serviceFlags, nullptr, nullptr, nullptr);
 
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsAuthSASL::GetNextToken(const void *inToken,
--- a/extensions/auth/nsAuthSSPI.h
+++ b/extensions/auth/nsAuthSSPI.h
@@ -34,17 +34,17 @@ public:
 
     explicit nsAuthSSPI(pType package = PACKAGE_TYPE_NEGOTIATE);
 
 private:
     ~nsAuthSSPI();
 
     void Reset();
 
-    typedef TimeStamp MS_TimeStamp;
+    typedef ::TimeStamp MS_TimeStamp;
 
 private:
     nsresult MakeSN(const char *principal, nsCString &result);
 
     CredHandle   mCred;
     CtxtHandle   mCtxt;
     nsCString    mServiceName;
     uint32_t     mServiceFlags;
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -149,23 +149,24 @@ nsHttpNegotiateAuth::GetAuthFlags(uint32
 NS_IMETHODIMP
 nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel *authChannel,
                                        const char *challenge,
                                        bool isProxyAuth,
                                        nsISupports **sessionState,
                                        nsISupports **continuationState,
                                        bool *identityInvalid)
 {
-    nsIAuthModule *module = (nsIAuthModule *) *continuationState;
+    nsIAuthModule *rawModule = (nsIAuthModule *) *continuationState;
 
     *identityInvalid = false;
-    if (module)
+    if (rawModule)
         return NS_OK;
 
     nsresult rv;
+    nsCOMPtr<nsIAuthModule> module;
 
     nsCOMPtr<nsIURI> uri;
     rv = authChannel->GetURI(getter_AddRefs(uri));
     if (NS_FAILED(rv))
         return rv;
 
     uint32_t req_flags = nsIAuthModule::REQ_DEFAULT;
     nsAutoCString service;
@@ -210,41 +211,35 @@ nsHttpNegotiateAuth::ChallengeReceived(n
     // construct the proper service name for passing to "gss_import_name".
     //
     // TODO: Possibly make this a configurable service name for use
     // with non-standard servers that use stuff like "khttp/f.q.d.n"
     // instead.
     //
     service.InsertLiteral("HTTP@", 0);
 
-    const char *contractID;
+    const char *authType;
     if (TestBoolPref(kNegotiateAuthSSPI)) {
 	   LOG(("  using negotiate-sspi\n"));
-	   contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate-sspi";
+	   authType = "negotiate-sspi";
     }
     else {
 	   LOG(("  using negotiate-gss\n"));
-	   contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate-gss";
+	   authType = "negotiate-gss";
     }
 
-    rv = CallCreateInstance(contractID, &module);
-
-    if (NS_FAILED(rv)) {
-        LOG(("  Failed to load Negotiate Module \n"));
-        return rv;
-    }
+    MOZ_ALWAYS_TRUE(module = nsIAuthModule::CreateInstance(authType));
 
     rv = module->Init(service.get(), req_flags, nullptr, nullptr, nullptr);
 
     if (NS_FAILED(rv)) {
-        NS_RELEASE(module);
         return rv;
     }
 
-    *continuationState = module;
+    module.forget(continuationState);
     return NS_OK;
 }
 
 NS_IMPL_ISUPPORTS(nsHttpNegotiateAuth, nsIHttpAuthenticator)
 
 namespace {
 
 //
--- a/netwerk/base/nsIAuthModule.idl
+++ b/netwerk/base/nsIAuthModule.idl
@@ -128,18 +128,19 @@ interface nsIAuthModule : nsISupports
      *
      * Unwrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying  
      * authentication mechanism does not support security layers.
      */
     void unwrap([const] in voidPtr aInToken,
                 in unsigned long   aInTokenLength,
                 out voidPtr        aOutToken,
                 out unsigned long  aOutTokenLength);
-};
 
 %{C++
-/**
- * nsIAuthModule implementations are registered under the following contract
- * ID prefix:
- */
-#define NS_AUTH_MODULE_CONTRACTID_PREFIX \
-    "@mozilla.org/network/auth-module;1?name="
+    /**
+     * Create a new instance of an auth module.
+     *
+     * @param aType
+     *        The type of the auth module to be constructed.
+     */
+    static already_AddRefed<nsIAuthModule> CreateInstance(const char* aType);
 %}
+};
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -181,41 +181,41 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHtt
     // NOTE: we don't define any session state, but we do use the pointer.
 
     *identityInvalid = false;
 
     // Start a new auth sequence if the challenge is exactly "NTLM".
     // If native NTLM auth apis are available and enabled through prefs,
     // try to use them.
     if (PL_strcasecmp(challenge, "NTLM") == 0) {
-        nsCOMPtr<nsISupports> module;
+        nsCOMPtr<nsIAuthModule> module;
 
         // Check to see if we should default to our generic NTLM auth module
         // through UseGenericNTLM. (We use native auth by default if the
         // system provides it.) If *sessionState is non-null, we failed to
         // instantiate a native NTLM module the last time, so skip trying again.
         bool forceGeneric = ForceGenericNTLM();
         if (!forceGeneric && !*sessionState) {
             // Check for approved default credentials hosts and proxies. If
             // *continuationState is non-null, the last authentication attempt
             // failed so skip default credential use.
             if (!*continuationState && CanUseDefaultCredentials(channel, isProxyAuth)) {
                 // Try logging in with the user's default credentials. If
                 // successful, |identityInvalid| is false, which will trigger
                 // a default credentials attempt once we return.
-                module = do_CreateInstance(NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm");
+                module = nsIAuthModule::CreateInstance("sys-ntlm");
             }
 #ifdef XP_WIN
             else {
                 // Try to use native NTLM and prompt the user for their domain,
                 // username, and password. (only supported by windows nsAuthSSPI module.)
                 // Note, for servers that use LMv1 a weak hash of the user's password
                 // will be sent. We rely on windows internal apis to decide whether
                 // we should support this older, less secure version of the protocol.
-                module = do_CreateInstance(NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm");
+                module = nsIAuthModule::CreateInstance("sys-ntlm");
                 *identityInvalid = true;
             }
 #endif // XP_WIN
             if (!module)
                 LOG(("Native sys-ntlm auth module not found.\n"));
         }
 
 #ifdef XP_WIN
@@ -233,33 +233,33 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHtt
                 if (!*sessionState)
                     return NS_ERROR_OUT_OF_MEMORY;
                 NS_ADDREF(*sessionState);
             }
 
             // Use our internal NTLM implementation. Note, this is less secure,
             // see bug 520607 for details.
             LOG(("Trying to fall back on internal ntlm auth.\n"));
-            module = do_CreateInstance(NS_AUTH_MODULE_CONTRACTID_PREFIX "ntlm");
+            module = nsIAuthModule::CreateInstance("ntlm");
 
             mUseNative = false;
 
             // Prompt user for domain, username, and password.
             *identityInvalid = true;
         }
 
         // If this fails, then it means that we cannot do NTLM auth.
         if (!module) {
             LOG(("No ntlm auth modules available.\n"));
             return NS_ERROR_UNEXPECTED;
         }
 
         // A non-null continuation state implies that we failed to authenticate.
         // Blow away the old authentication state, and use the new one.
-        module.swap(*continuationState);
+        module.forget(continuationState);
     }
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsHttpNTLMAuth::GenerateCredentialsAsync(nsIHttpAuthenticableChannel *authChannel,
                                          nsIHttpAuthenticatorCallback* aCallback,
                                          const char *challenge,
--- a/security/manager/ssl/nsNSSModule.cpp
+++ b/security/manager/ssl/nsNSSModule.cpp
@@ -18,17 +18,16 @@
 #include "nsCryptoHash.h"
 #include "nsICategoryManager.h"
 #include "nsKeyModule.h"
 #include "nsKeygenHandler.h"
 #include "nsNSSCertificate.h"
 #include "nsNSSCertificateDB.h"
 #include "nsNSSComponent.h"
 #include "nsNSSVersion.h"
-#include "nsNTLMAuthModule.h"
 #include "nsNetCID.h"
 #include "nsPK11TokenDB.h"
 #include "nsPKCS11Slot.h"
 #include "nsRandomGenerator.h"
 #include "nsSecureBrowserUIImpl.h"
 #include "nsSiteSecurityService.h"
 #include "nsXULAppAPI.h"
 #include "OSKeyStore.h"
@@ -139,17 +138,16 @@ NS_DEFINE_NAMED_CID(NS_X509CERT_CID);
 NS_DEFINE_NAMED_CID(NS_X509CERTDB_CID);
 NS_DEFINE_NAMED_CID(NS_X509CERTLIST_CID);
 NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID);
 #ifdef MOZ_XUL
 NS_DEFINE_NAMED_CID(NS_CERTTREE_CID);
 #endif
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
-NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID);
 NS_DEFINE_NAMED_CID(NS_CONTENTSIGNATUREVERIFIER_CID);
 NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID);
 NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID);
 NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID);
 NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID);
 NS_DEFINE_NAMED_CID(NS_NSSVERSION_CID);
@@ -178,18 +176,16 @@ static const mozilla::Module::CIDEntry k
   { &kNS_FORMPROCESSOR_CID, false, nullptr, nsKeygenFormProcessor::Create },
 #ifdef MOZ_XUL
   { &kNS_CERTTREE_CID, false, nullptr, Constructor<nsCertTree> },
 #endif
   { &kNS_CRYPTO_HASH_CID, false, nullptr,
     Constructor<nsCryptoHash, nullptr, ProcessRestriction::AnyProcess> },
   { &kNS_CRYPTO_HMAC_CID, false, nullptr,
     Constructor<nsCryptoHMAC, nullptr, ProcessRestriction::AnyProcess> },
-  { &kNS_NTLMAUTHMODULE_CID, false, nullptr,
-    Constructor<nsNTLMAuthModule, &nsNTLMAuthModule::InitTest> },
   { &kNS_KEYMODULEOBJECT_CID, false, nullptr,
     Constructor<nsKeyObject, nullptr, ProcessRestriction::AnyProcess> },
   { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr,
     Constructor<nsKeyObjectFactory, nullptr, ProcessRestriction::AnyProcess> },
   { &kNS_CONTENTSIGNATUREVERIFIER_CID, false, nullptr,
     Constructor<ContentSignatureVerifier> },
   { &kNS_CERTOVERRIDE_CID, false, nullptr,
     Constructor<nsCertOverrideService, &nsCertOverrideService::Init,
@@ -234,17 +230,16 @@ static const mozilla::Module::ContractID
   { NS_X509CERTLIST_CONTRACTID, &kNS_X509CERTLIST_CID },
   { NS_FORMPROCESSOR_CONTRACTID, &kNS_FORMPROCESSOR_CID },
 #ifdef MOZ_XUL
   { NS_CERTTREE_CONTRACTID, &kNS_CERTTREE_CID },
 #endif
   { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID },
   { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID },
   { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },
-  { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
   { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID },
   { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID },
   { NS_CONTENTSIGNATUREVERIFIER_CONTRACTID, &kNS_CONTENTSIGNATUREVERIFIER_CID },
   { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID },
   { NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID },
   { NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID },
   { NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID },
   { NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID },
--- a/security/manager/ssl/nsNTLMAuthModule.h
+++ b/security/manager/ssl/nsNTLMAuthModule.h
@@ -26,19 +26,9 @@ protected:
 
 private:
   nsString mDomain;
   nsString mUsername;
   nsString mPassword;
   bool mNTLMNegotiateSent;
 };
 
-#define NS_NTLMAUTHMODULE_CONTRACTID \
-  NS_AUTH_MODULE_CONTRACTID_PREFIX "ntlm"
-#define NS_NTLMAUTHMODULE_CID \
-{ /* a4e5888f-4fe4-4632-8e7e-745196ea7c70 */       \
-  0xa4e5888f,                                      \
-  0x4fe4,                                          \
-  0x4632,                                          \
-  {0x8e, 0x7e, 0x74, 0x51, 0x96, 0xea, 0x7c, 0x70} \
-}
-
 #endif // nsNTLMAuthModule_h__