Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Side by Side Diff: net/http/url_security_manager.h

Issue 3155046: Add support for delegated Kerberos tickets during Negotiate authentication. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/http/http_auth_sspi_win.cc ('k') | net/http/url_security_manager.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_URL_SECURITY_MANAGER_H_ 5 #ifndef NET_HTTP_URL_SECURITY_MANAGER_H_
6 #define NET_HTTP_URL_SECURITY_MANAGER_H_ 6 #define NET_HTTP_URL_SECURITY_MANAGER_H_
7 #pragma once 7 #pragma once
8 8
9 #include "base/scoped_ptr.h" 9 #include "base/scoped_ptr.h"
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
11 11
12 class GURL; 12 class GURL;
13 13
14 namespace net { 14 namespace net {
15 15
16 class HttpAuthFilter; 16 class HttpAuthFilter;
17 17
18 // The URL security manager controls the policies (allow, deny, prompt user) 18 // The URL security manager controls the policies (allow, deny, prompt user)
19 // regarding URL actions (e.g., sending the default credentials to a server). 19 // regarding URL actions (e.g., sending the default credentials to a server).
20 class URLSecurityManager { 20 class URLSecurityManager {
21 public: 21 public:
22 URLSecurityManager() {} 22 URLSecurityManager() {}
23 virtual ~URLSecurityManager() {} 23 virtual ~URLSecurityManager() {}
24 24
25 // Creates a platform-dependent instance of URLSecurityManager. 25 // Creates a platform-dependent instance of URLSecurityManager.
26 // The URLSecurityManager takes ownership of the HttpAuthFilter. 26 //
27 static URLSecurityManager* Create(HttpAuthFilter* whitelist); 27 // |whitelist_default| is the whitelist of servers that default credentials
28 // can be used with during NTLM or Negotiate authentication. If
29 // |whitelist_default| is NULL and the platform is Windows, it indicates
30 // that security zone mapping should be used to determine whether default
31 // credentials sxhould be used. If |whitelist_default| is NULL and the
32 // platform is non-Windows, it indicates that no servers should be
33 // whitelisted.
34 //
35 // |whitelist_delegate| is the whitelist of servers that are allowed
36 // to have Delegated Kerberos tickets. If |whitelist_delegate| is NULL,
37 // no servers can have delegated Kerberos tickets.
38 //
39 // Both |whitelist_default| and |whitelist_delegate| will be owned by
40 // the created URLSecurityManager.
41 //
42 // TODO(cbentzel): Perhaps it's better to make a non-abstract HttpAuthFilter
43 // and just copy into the URLSecurityManager?
44 static URLSecurityManager* Create(const HttpAuthFilter* whitelist_default,
45 const HttpAuthFilter* whitelist_delegate);
28 46
29 // Returns true if we can send the default credentials to the server at 47 // Returns true if we can send the default credentials to the server at
30 // |auth_origin| for HTTP NTLM or Negotiate authentication. 48 // |auth_origin| for HTTP NTLM or Negotiate authentication.
31 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) = 0; 49 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0;
50
51 // Returns true if Kerberos delegation is allowed for the server at
52 // |auth_origin| for HTTP Negotiate authentication.
53 virtual bool CanDelegate(const GURL& auth_origin) const = 0;
32 54
33 private: 55 private:
34 DISALLOW_COPY_AND_ASSIGN(URLSecurityManager); 56 DISALLOW_COPY_AND_ASSIGN(URLSecurityManager);
35 }; 57 };
36 58
37 class URLSecurityManagerWhitelist : public URLSecurityManager { 59 class URLSecurityManagerWhitelist : public URLSecurityManager {
38 public: 60 public:
39 // The URLSecurityManagerWhitelist takes ownership of the HttpAuthFilter. 61 // The URLSecurityManagerWhitelist takes ownership of the whitelists.
40 explicit URLSecurityManagerWhitelist(HttpAuthFilter* whitelist); 62 URLSecurityManagerWhitelist(const HttpAuthFilter* whitelist_default,
63 const HttpAuthFilter* whitelist_delegation);
41 64
42 // URLSecurityManager methods. 65 // URLSecurityManager methods.
43 virtual bool CanUseDefaultCredentials(const GURL& auth_origin); 66 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const;
67 virtual bool CanDelegate(const GURL& auth_origin) const;
44 68
45 private: 69 private:
46 scoped_ptr<HttpAuthFilter> whitelist_; 70 scoped_ptr<const HttpAuthFilter> whitelist_default_;
71 scoped_ptr<const HttpAuthFilter> whitelist_delegate_;
47 72
48 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist); 73 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist);
49 }; 74 };
50 75
51 #if defined(UNIT_TEST) 76 #if defined(UNIT_TEST)
52 // An URLSecurityManager which always allows default credentials. 77 // An URLSecurityManager which is very permissive.
53 class URLSecurityManagerAllow : public URLSecurityManager { 78 class URLSecurityManagerAllow : public URLSecurityManager {
54 public: 79 public:
55 URLSecurityManagerAllow() {} 80 URLSecurityManagerAllow() {}
56 virtual ~URLSecurityManagerAllow() {} 81 virtual ~URLSecurityManagerAllow() {}
57 82
58 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) { 83 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const {
84 return true;
85 }
86 virtual bool CanDelegate(const GURL& auth_origin) const {
59 return true; 87 return true;
60 } 88 }
61 89
62 private: 90 private:
63 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerAllow); 91 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerAllow);
64 }; 92 };
65 #endif // defined(UNIT_TEST) 93 #endif // defined(UNIT_TEST)
66 94
67 } // namespace net 95 } // namespace net
68 96
69 #endif // NET_HTTP_URL_SECURITY_MANAGER_H_ 97 #endif // NET_HTTP_URL_SECURITY_MANAGER_H_
OLDNEW
« no previous file with comments | « net/http/http_auth_sspi_win.cc ('k') | net/http/url_security_manager.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698