Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(362)

Side by Side Diff: net/http/url_security_manager_win.cc

Issue 3155046: Add support for delegated Kerberos tickets during Negotiate authentication. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/http/url_security_manager_unittest.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/url_security_manager.h" 5 #include "net/http/url_security_manager.h"
6 6
7 #include <urlmon.h> 7 #include <urlmon.h>
8 #pragma comment(lib, "urlmon.lib") 8 #pragma comment(lib, "urlmon.lib")
9 9
10 #include "base/scoped_comptr_win.h" 10 #include "base/scoped_comptr_win.h"
11 #include "base/string_util.h" 11 #include "base/string_util.h"
12 #include "base/utf_string_conversions.h" 12 #include "base/utf_string_conversions.h"
13 #include "googleurl/src/gurl.h" 13 #include "googleurl/src/gurl.h"
14 #include "net/http/http_auth_filter.h"
14 15
15 // The Windows implementation of URLSecurityManager uses WinINet/IE's 16 // The Windows implementation of URLSecurityManager uses WinINet/IE's
16 // URL security zone manager. See the MSDN page "URL Security Zones" at 17 // URL security zone manager. See the MSDN page "URL Security Zones" at
17 // http://msdn.microsoft.com/en-us/library/ms537021(VS.85).aspx for more 18 // http://msdn.microsoft.com/en-us/library/ms537021(VS.85).aspx for more
18 // info on the Internet Security Manager and Internet Zone Manager objects. 19 // info on the Internet Security Manager and Internet Zone Manager objects.
19 // 20 //
20 // On Windows, we honor the WinINet/IE settings and group policy related to 21 // On Windows, we honor the WinINet/IE settings and group policy related to
21 // URL Security Zones. See the Microsoft Knowledge Base article 182569 22 // URL Security Zones. See the Microsoft Knowledge Base article 182569
22 // "Internet Explorer security zones registry entries for advanced users" 23 // "Internet Explorer security zones registry entries for advanced users"
23 // (http://support.microsoft.com/kb/182569) for more info on these registry 24 // (http://support.microsoft.com/kb/182569) for more info on these registry
24 // keys. 25 // keys.
25 26
26 namespace net { 27 namespace net {
27 28
28 class URLSecurityManagerWin : public URLSecurityManager { 29 class URLSecurityManagerWin : public URLSecurityManager {
29 public: 30 public:
30 URLSecurityManagerWin(); 31 explicit URLSecurityManagerWin(const HttpAuthFilter* whitelist_delegate);
31 32
32 // URLSecurityManager methods: 33 // URLSecurityManager methods:
33 virtual bool CanUseDefaultCredentials(const GURL& auth_origin); 34 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const;
35 virtual bool CanDelegate(const GURL& auth_origin) const;
34 36
35 private: 37 private:
38 bool EnsureSystemSecurityManager();
39
36 ScopedComPtr<IInternetSecurityManager> security_manager_; 40 ScopedComPtr<IInternetSecurityManager> security_manager_;
41 scoped_ptr<const HttpAuthFilter> whitelist_delegate_;
37 42
38 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWin); 43 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWin);
39 }; 44 };
40 45
41 URLSecurityManagerWin::URLSecurityManagerWin() { 46 URLSecurityManagerWin::URLSecurityManagerWin(
47 const HttpAuthFilter* whitelist_delegate)
48 : whitelist_delegate_(whitelist_delegate) {
42 } 49 }
43 50
44
45 bool URLSecurityManagerWin::CanUseDefaultCredentials( 51 bool URLSecurityManagerWin::CanUseDefaultCredentials(
46 const GURL& auth_origin) { 52 const GURL& auth_origin) const {
47 if (!security_manager_) { 53 if (!const_cast<URLSecurityManagerWin*>(this)->EnsureSystemSecurityManager())
48 HRESULT hr = CoInternetCreateSecurityManager(NULL, 54 return false;
49 security_manager_.Receive(),
50 NULL);
51 if (FAILED(hr) || !security_manager_) {
52 LOG(ERROR) << "Unable to create the Windows Security Manager instance";
53 return false;
54 }
55 }
56 55
57 std::wstring url_w = ASCIIToWide(auth_origin.spec()); 56 std::wstring url_w = ASCIIToWide(auth_origin.spec());
58 DWORD policy = 0; 57 DWORD policy = 0;
59 HRESULT hr; 58 HRESULT hr;
60 hr = security_manager_->ProcessUrlAction(url_w.c_str(), 59 hr = security_manager_->ProcessUrlAction(url_w.c_str(),
61 URLACTION_CREDENTIALS_USE, 60 URLACTION_CREDENTIALS_USE,
62 reinterpret_cast<BYTE*>(&policy), 61 reinterpret_cast<BYTE*>(&policy),
63 sizeof(policy), NULL, 0, 62 sizeof(policy), NULL, 0,
64 PUAF_NOUI, 0); 63 PUAF_NOUI, 0);
65 if (FAILED(hr)) { 64 if (FAILED(hr)) {
(...skipping 30 matching lines...) Expand all
96 return false; 95 return false;
97 case URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY: 96 case URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY:
98 // TODO(wtc): we should fail the authentication. 97 // TODO(wtc): we should fail the authentication.
99 return false; 98 return false;
100 default: 99 default:
101 NOTREACHED(); 100 NOTREACHED();
102 return false; 101 return false;
103 } 102 }
104 } 103 }
105 104
105 bool URLSecurityManagerWin::CanDelegate(const GURL& auth_origin) const {
106 // TODO(cbentzel): Could this just use the security zone as well? Apparently
107 // this is what IE does as well.
108 if (whitelist_delegate_.get())
109 return whitelist_delegate_->IsValid(auth_origin, HttpAuth::AUTH_SERVER);
110 return false;
111 }
112
113 bool URLSecurityManagerWin::EnsureSystemSecurityManager() {
114 if (!security_manager_) {
115 HRESULT hr = CoInternetCreateSecurityManager(NULL,
116 security_manager_.Receive(),
117 NULL);
118 if (FAILED(hr) || !security_manager_) {
119 LOG(ERROR) << "Unable to create the Windows Security Manager instance";
120 return false;
121 }
122 }
123 return true;
124 }
125
106 // static 126 // static
107 URLSecurityManager* URLSecurityManager::Create( 127 URLSecurityManager* URLSecurityManager::Create(
108 HttpAuthFilter* whitelist) { 128 const HttpAuthFilter* whitelist_default,
129 const HttpAuthFilter* whitelist_delegate) {
109 // If we have a whitelist, just use that. 130 // If we have a whitelist, just use that.
110 if (whitelist) 131 if (whitelist_default)
111 return new URLSecurityManagerWhitelist(whitelist); 132 return new URLSecurityManagerWhitelist(whitelist_default,
112 return new URLSecurityManagerWin(); 133 whitelist_delegate);
134 return new URLSecurityManagerWin(whitelist_delegate);
113 } 135 }
114 136
115 } // namespace net 137 } // namespace net
OLDNEW
« no previous file with comments | « net/http/url_security_manager_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698