| OLD | NEW |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/url_security_manager.h" | 5 #include "net/http/url_security_manager.h" |
| 6 | 6 |
| 7 #include <urlmon.h> | 7 #include <urlmon.h> |
| 8 #pragma comment(lib, "urlmon.lib") | 8 #pragma comment(lib, "urlmon.lib") |
| 9 | 9 |
| 10 #include "base/scoped_comptr_win.h" | 10 #include "base/scoped_comptr_win.h" |
| 11 #include "base/string_util.h" | 11 #include "base/string_util.h" |
| 12 #include "base/utf_string_conversions.h" | 12 #include "base/utf_string_conversions.h" |
| 13 #include "googleurl/src/gurl.h" | 13 #include "googleurl/src/gurl.h" |
| 14 #include "net/http/http_auth_filter.h" |
| 14 | 15 |
| 15 // The Windows implementation of URLSecurityManager uses WinINet/IE's | 16 // The Windows implementation of URLSecurityManager uses WinINet/IE's |
| 16 // URL security zone manager. See the MSDN page "URL Security Zones" at | 17 // URL security zone manager. See the MSDN page "URL Security Zones" at |
| 17 // http://msdn.microsoft.com/en-us/library/ms537021(VS.85).aspx for more | 18 // http://msdn.microsoft.com/en-us/library/ms537021(VS.85).aspx for more |
| 18 // info on the Internet Security Manager and Internet Zone Manager objects. | 19 // info on the Internet Security Manager and Internet Zone Manager objects. |
| 19 // | 20 // |
| 20 // On Windows, we honor the WinINet/IE settings and group policy related to | 21 // On Windows, we honor the WinINet/IE settings and group policy related to |
| 21 // URL Security Zones. See the Microsoft Knowledge Base article 182569 | 22 // URL Security Zones. See the Microsoft Knowledge Base article 182569 |
| 22 // "Internet Explorer security zones registry entries for advanced users" | 23 // "Internet Explorer security zones registry entries for advanced users" |
| 23 // (http://support.microsoft.com/kb/182569) for more info on these registry | 24 // (http://support.microsoft.com/kb/182569) for more info on these registry |
| 24 // keys. | 25 // keys. |
| 25 | 26 |
| 26 namespace net { | 27 namespace net { |
| 27 | 28 |
| 28 class URLSecurityManagerWin : public URLSecurityManager { | 29 class URLSecurityManagerWin : public URLSecurityManager { |
| 29 public: | 30 public: |
| 30 URLSecurityManagerWin(); | 31 explicit URLSecurityManagerWin(const HttpAuthFilter* whitelist_delegate); |
| 31 | 32 |
| 32 // URLSecurityManager methods: | 33 // URLSecurityManager methods: |
| 33 virtual bool CanUseDefaultCredentials(const GURL& auth_origin); | 34 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const; |
| 35 virtual bool CanDelegate(const GURL& auth_origin) const; |
| 34 | 36 |
| 35 private: | 37 private: |
| 38 bool EnsureSystemSecurityManager(); |
| 39 |
| 36 ScopedComPtr<IInternetSecurityManager> security_manager_; | 40 ScopedComPtr<IInternetSecurityManager> security_manager_; |
| 41 scoped_ptr<const HttpAuthFilter> whitelist_delegate_; |
| 37 | 42 |
| 38 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWin); | 43 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWin); |
| 39 }; | 44 }; |
| 40 | 45 |
| 41 URLSecurityManagerWin::URLSecurityManagerWin() { | 46 URLSecurityManagerWin::URLSecurityManagerWin( |
| 47 const HttpAuthFilter* whitelist_delegate) |
| 48 : whitelist_delegate_(whitelist_delegate) { |
| 42 } | 49 } |
| 43 | 50 |
| 44 | |
| 45 bool URLSecurityManagerWin::CanUseDefaultCredentials( | 51 bool URLSecurityManagerWin::CanUseDefaultCredentials( |
| 46 const GURL& auth_origin) { | 52 const GURL& auth_origin) const { |
| 47 if (!security_manager_) { | 53 if (!const_cast<URLSecurityManagerWin*>(this)->EnsureSystemSecurityManager()) |
| 48 HRESULT hr = CoInternetCreateSecurityManager(NULL, | 54 return false; |
| 49 security_manager_.Receive(), | |
| 50 NULL); | |
| 51 if (FAILED(hr) || !security_manager_) { | |
| 52 LOG(ERROR) << "Unable to create the Windows Security Manager instance"; | |
| 53 return false; | |
| 54 } | |
| 55 } | |
| 56 | 55 |
| 57 std::wstring url_w = ASCIIToWide(auth_origin.spec()); | 56 std::wstring url_w = ASCIIToWide(auth_origin.spec()); |
| 58 DWORD policy = 0; | 57 DWORD policy = 0; |
| 59 HRESULT hr; | 58 HRESULT hr; |
| 60 hr = security_manager_->ProcessUrlAction(url_w.c_str(), | 59 hr = security_manager_->ProcessUrlAction(url_w.c_str(), |
| 61 URLACTION_CREDENTIALS_USE, | 60 URLACTION_CREDENTIALS_USE, |
| 62 reinterpret_cast<BYTE*>(&policy), | 61 reinterpret_cast<BYTE*>(&policy), |
| 63 sizeof(policy), NULL, 0, | 62 sizeof(policy), NULL, 0, |
| 64 PUAF_NOUI, 0); | 63 PUAF_NOUI, 0); |
| 65 if (FAILED(hr)) { | 64 if (FAILED(hr)) { |
| (...skipping 30 matching lines...) Expand all Loading... |
| 96 return false; | 95 return false; |
| 97 case URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY: | 96 case URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY: |
| 98 // TODO(wtc): we should fail the authentication. | 97 // TODO(wtc): we should fail the authentication. |
| 99 return false; | 98 return false; |
| 100 default: | 99 default: |
| 101 NOTREACHED(); | 100 NOTREACHED(); |
| 102 return false; | 101 return false; |
| 103 } | 102 } |
| 104 } | 103 } |
| 105 | 104 |
| 105 bool URLSecurityManagerWin::CanDelegate(const GURL& auth_origin) const { |
| 106 // TODO(cbentzel): Could this just use the security zone as well? Apparently |
| 107 // this is what IE does as well. |
| 108 if (whitelist_delegate_.get()) |
| 109 return whitelist_delegate_->IsValid(auth_origin, HttpAuth::AUTH_SERVER); |
| 110 return false; |
| 111 } |
| 112 |
| 113 bool URLSecurityManagerWin::EnsureSystemSecurityManager() { |
| 114 if (!security_manager_) { |
| 115 HRESULT hr = CoInternetCreateSecurityManager(NULL, |
| 116 security_manager_.Receive(), |
| 117 NULL); |
| 118 if (FAILED(hr) || !security_manager_) { |
| 119 LOG(ERROR) << "Unable to create the Windows Security Manager instance"; |
| 120 return false; |
| 121 } |
| 122 } |
| 123 return true; |
| 124 } |
| 125 |
| 106 // static | 126 // static |
| 107 URLSecurityManager* URLSecurityManager::Create( | 127 URLSecurityManager* URLSecurityManager::Create( |
| 108 HttpAuthFilter* whitelist) { | 128 const HttpAuthFilter* whitelist_default, |
| 129 const HttpAuthFilter* whitelist_delegate) { |
| 109 // If we have a whitelist, just use that. | 130 // If we have a whitelist, just use that. |
| 110 if (whitelist) | 131 if (whitelist_default) |
| 111 return new URLSecurityManagerWhitelist(whitelist); | 132 return new URLSecurityManagerWhitelist(whitelist_default, |
| 112 return new URLSecurityManagerWin(); | 133 whitelist_delegate); |
| 134 return new URLSecurityManagerWin(whitelist_delegate); |
| 113 } | 135 } |
| 114 | 136 |
| 115 } // namespace net | 137 } // namespace net |
| OLD | NEW |