--auth-schemes specifies which authentication schemes are supported on the co...

chrome/browser/io_thread.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/io_thread.h"
 
 #include "base/command_line.h"
 #include "base/leak_tracker.h"
 #include "base/logging.h"
 #include "base/string_number_conversions.h"
 #include "base/string_util.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_thread.h"
 #include "chrome/browser/gpu_process_host.h"
 #include "chrome/browser/net/chrome_net_log.h"
 #include "chrome/browser/net/predictor_api.h"
 #include "chrome/browser/net/passive_log_collector.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/net/url_fetcher.h"
 #include "net/base/mapped_host_resolver.h"
 #include "net/base/host_cache.h"
 #include "net/base/host_resolver.h"
 #include "net/base/host_resolver_impl.h"
 #include "net/base/net_util.h"
 #include "net/http/http_auth_filter.h"
 #include "net/http/http_auth_handler_factory.h"
-#include "net/http/http_auth_handler_negotiate.h"
 
 namespace {
 
 net::HostResolver* CreateGlobalHostResolver() {
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
 
   size_t parallelism = net::HostResolver::kDefaultParallelism;
 
   // Use the concurrency override from the command-line, if any.
   if (command_line.HasSwitch(switches::kHostResolverParallelism)) {
@@ skipping 200 matching lines @@
   // TODO(eroman): get rid of this special case for 39723. If we could instead
   // have a method that runs after the message loop destruction obsevers have
   // run, but before the message loop itself is destroyed, we could safely
   // combine the two cleanups.
   deferred_net_log_to_delete_.reset();
   BrowserProcessSubThread::CleanUpAfterMessageLoopDestruction();
 }
 
 net::HttpAuthHandlerFactory* IOThread::CreateDefaultAuthHandlerFactory(
     net::HostResolver* resolver) {
-  net::HttpAuthFilterWhitelist* auth_filter = NULL;
+  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
 
   // Get the whitelist information from the command line, create an
   // HttpAuthFilterWhitelist, and attach it to the HttpAuthHandlerFactory.
-  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
-
+  net::HttpAuthFilterWhitelist* auth_filter = NULL;
   if (command_line.HasSwitch(switches::kAuthServerWhitelist)) {
     std::string auth_server_whitelist =
         command_line.GetSwitchValueASCII(switches::kAuthServerWhitelist);
-
     // Create a whitelist filter.
     auth_filter = new net::HttpAuthFilterWhitelist();
     auth_filter->SetWhitelist(auth_server_whitelist);
   }
-
-  // Set the flag that enables or disables the Negotiate auth handler.
-  static const bool kNegotiateAuthEnabledDefault = true;
-
-  bool negotiate_auth_enabled = kNegotiateAuthEnabledDefault;
-  if (command_line.HasSwitch(switches::kExperimentalEnableNegotiateAuth)) {
-    std::string enable_negotiate_auth = command_line.GetSwitchValueASCII(
-        switches::kExperimentalEnableNegotiateAuth);
-    // Enabled if no value, or value is 'true'.  Disabled otherwise.
-    negotiate_auth_enabled =
-        enable_negotiate_auth.empty() ||
-        (StringToLowerASCII(enable_negotiate_auth) == "true");
-  }
-
-  net::HttpAuthHandlerRegistryFactory* registry_factory =
-      net::HttpAuthHandlerFactory::CreateDefault();
-
   globals_->url_security_manager.reset(
       net::URLSecurityManager::Create(auth_filter));
 
-  // Add the security manager to the auth factories that need it.
-  registry_factory->SetURLSecurityManager("ntlm",
-                                          globals_->url_security_manager.get());
-  registry_factory->SetURLSecurityManager("negotiate",
-                                          globals_->url_security_manager.get());
-  if (negotiate_auth_enabled) {
-    // Configure the Negotiate settings for the Kerberos SPN.
-    // TODO(cbentzel): Read the related IE registry settings on Windows builds.
-    // TODO(cbentzel): Ugly use of static_cast here.
-    net::HttpAuthHandlerNegotiate::Factory* negotiate_factory =
-        static_cast<net::HttpAuthHandlerNegotiate::Factory*>(
-            registry_factory->GetSchemeFactory("negotiate"));
-    DCHECK(negotiate_factory);
-    negotiate_factory->set_host_resolver(resolver);
-    if (command_line.HasSwitch(switches::kDisableAuthNegotiateCnameLookup))
-      negotiate_factory->set_disable_cname_lookup(true);
-    if (command_line.HasSwitch(switches::kEnableAuthNegotiatePort))
-      negotiate_factory->set_use_port(true);
-  } else {
-    // Disable the Negotiate authentication handler.
-    registry_factory->RegisterSchemeFactory("negotiate", NULL);
-  }
-  return registry_factory;
+  // Determine which schemes are supported.
+  std::string csv_auth_schemes = "basic,digest,ntlm,negotiate";
+  if (command_line.HasSwitch(switches::kAuthSchemes))
+    csv_auth_schemes = StringToLowerASCII(
+        command_line.GetSwitchValueASCII(switches::kAuthSchemes));
+  std::vector<std::string> supported_schemes;
+  SplitString(csv_auth_schemes, ',', &supported_schemes);
+
+  return net::HttpAuthHandlerRegistryFactory::Create(
+      supported_schemes,
+      globals_->url_security_manager.get(),
+      resolver,
+      command_line.HasSwitch(switches::kDisableAuthNegotiateCnameLookup),
+      command_line.HasSwitch(switches::kEnableAuthNegotiatePort));
 }
 
 void IOThread::InitNetworkPredictorOnIOThread(
     bool prefetching_enabled,
     base::TimeDelta max_dns_queue_delay,
     size_t max_concurrent,
     const chrome_common_net::UrlList& startup_urls,
     ListValue* referral_list,
     bool preconnect_enabled) {
   DCHECK(ChromeThread::CurrentlyOn(ChromeThread::IO));
@@ skipping 29 matching lines @@
     net::HostCache* host_cache =
         globals_->host_resolver.get()->GetAsHostResolverImpl()->cache();
     if (host_cache)
       host_cache->clear();
   }
   // Clear all of the passively logged data.
   // TODO(eroman): this is a bit heavy handed, really all we need to do is
   //               clear the data pertaining to off the record context.
   globals_->net_log->passive_collector()->Clear();
 }