Chromium Code Reviews Chromium Code Reviews
Issue 1414313002:
Allow dynamic updating of authentication policies (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/io_thread.h" | 5 #include "chrome/browser/io_thread.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 440 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 451 : net_log_(net_log), | 451 : net_log_(net_log), |
| 452 #if defined(ENABLE_EXTENSIONS) | 452 #if defined(ENABLE_EXTENSIONS) |
| 453 extension_event_router_forwarder_(extension_event_router_forwarder), | 453 extension_event_router_forwarder_(extension_event_router_forwarder), |
| 454 #endif | 454 #endif |
| 455 globals_(NULL), | 455 globals_(NULL), |
| 456 is_spdy_disabled_by_policy_(false), | 456 is_spdy_disabled_by_policy_(false), |
| 457 is_quic_allowed_by_policy_(true), | 457 is_quic_allowed_by_policy_(true), |
| 458 creation_time_(base::TimeTicks::Now()), | 458 creation_time_(base::TimeTicks::Now()), |
| 459 weak_factory_(this) { | 459 weak_factory_(this) { |
| 460 auth_schemes_ = local_state->GetString(prefs::kAuthSchemes); | 460 auth_schemes_ = local_state->GetString(prefs::kAuthSchemes); |
| 461 negotiate_disable_cname_lookup_ = local_state->GetBoolean( | 461 negotiate_disable_cname_lookup_.Init( |
| 462 prefs::kDisableAuthNegotiateCnameLookup); | 462 prefs::kDisableAuthNegotiateCnameLookup, local_state, |
| 463 negotiate_enable_port_ = local_state->GetBoolean( | 463 base::Bind(&IOThread::UpdateNegotiateDisableCnameLookup, |
| 464 prefs::kEnableAuthNegotiatePort); | 464 base::Unretained(this))); |
| 465 auth_server_whitelist_ = local_state->GetString(prefs::kAuthServerWhitelist); | 465 scoped_refptr<base::SingleThreadTaskRunner> io_thread_proxy = |
| 466 auth_delegate_whitelist_ = local_state->GetString( | 466 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO); |
| 467 prefs::kAuthNegotiateDelegateWhitelist); | 467 negotiate_disable_cname_lookup_.MoveToThread(io_thread_proxy); |
| 468 negotiate_enable_port_.Init( | |
| 469 prefs::kEnableAuthNegotiatePort, local_state, | |
| 470 base::Bind(&IOThread::UpdateNegotiateEnablePort, base::Unretained(this))); | |
| 471 negotiate_enable_port_.MoveToThread(io_thread_proxy); | |
| 472 auth_server_whitelist_.Init( | |
| 473 prefs::kAuthServerWhitelist, local_state, | |
| 474 base::Bind(&IOThread::UpdateServerWhitelist, base::Unretained(this))); | |
| 475 auth_server_whitelist_.MoveToThread(io_thread_proxy); | |
| 476 auth_delegate_whitelist_.Init( | |
| 477 prefs::kAuthNegotiateDelegateWhitelist, local_state, | |
| 478 base::Bind(&IOThread::UpdateDelegateWhitelist, base::Unretained(this))); | |
| 479 auth_delegate_whitelist_.MoveToThread(io_thread_proxy); | |
| 468 gssapi_library_name_ = local_state->GetString(prefs::kGSSAPILibraryName); | 480 gssapi_library_name_ = local_state->GetString(prefs::kGSSAPILibraryName); |
| 469 auth_android_negotiate_account_type_ = | 481 auth_android_negotiate_account_type_.Init( |
| 470 local_state->GetString(prefs::kAuthAndroidNegotiateAccountType); | 482 prefs::kAuthAndroidNegotiateAccountType, local_state, |
| 483 base::Bind(&IOThread::UpdateAndroidAuthNegotiateAccount, | |
| 484 base::Unretained(this))); | |
| 485 auth_android_negotiate_account_type_.MoveToThread(io_thread_proxy); | |
| 471 pref_proxy_config_tracker_.reset( | 486 pref_proxy_config_tracker_.reset( |
| 472 ProxyServiceFactory::CreatePrefProxyConfigTrackerOfLocalState( | 487 ProxyServiceFactory::CreatePrefProxyConfigTrackerOfLocalState( |
| 473 local_state)); | 488 local_state)); |
| 474 ChromeNetworkDelegate::InitializePrefsOnUIThread( | 489 ChromeNetworkDelegate::InitializePrefsOnUIThread( |
| 475 &system_enable_referrers_, | 490 &system_enable_referrers_, |
| 476 NULL, | 491 NULL, |
| 477 NULL, | 492 NULL, |
| 478 NULL, | 493 NULL, |
| 479 local_state); | 494 local_state); |
| 480 ssl_config_service_manager_.reset( | 495 ssl_config_service_manager_.reset( |
| 481 ssl_config::SSLConfigServiceManager::CreateDefaultManager( | 496 ssl_config::SSLConfigServiceManager::CreateDefaultManager( |
| 482 local_state, | 497 local_state, |
| 483 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO))); | 498 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO))); |
| 484 | 499 |
| 485 base::Value* dns_client_enabled_default = new base::FundamentalValue( | 500 base::Value* dns_client_enabled_default = new base::FundamentalValue( |
| 486 chrome_browser_net::ConfigureAsyncDnsFieldTrial()); | 501 chrome_browser_net::ConfigureAsyncDnsFieldTrial()); |
| 487 local_state->SetDefaultPrefValue(prefs::kBuiltInDnsClientEnabled, | 502 local_state->SetDefaultPrefValue(prefs::kBuiltInDnsClientEnabled, |
| 488 dns_client_enabled_default); | 503 dns_client_enabled_default); |
| 489 chrome_browser_net::LogAsyncDnsPrefSource( | 504 chrome_browser_net::LogAsyncDnsPrefSource( |
| 490 local_state->FindPreference(prefs::kBuiltInDnsClientEnabled)); | 505 local_state->FindPreference(prefs::kBuiltInDnsClientEnabled)); |
| 491 | 506 |
| 492 dns_client_enabled_.Init(prefs::kBuiltInDnsClientEnabled, | 507 dns_client_enabled_.Init(prefs::kBuiltInDnsClientEnabled, |
| 493 local_state, | 508 local_state, |
| 494 base::Bind(&IOThread::UpdateDnsClientEnabled, | 509 base::Bind(&IOThread::UpdateDnsClientEnabled, |
| 495 base::Unretained(this))); | 510 base::Unretained(this))); |
| 496 dns_client_enabled_.MoveToThread( | 511 dns_client_enabled_.MoveToThread(io_thread_proxy); |
| 497 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO)); | |
| 498 | 512 |
| 499 quick_check_enabled_.Init(prefs::kQuickCheckEnabled, | 513 quick_check_enabled_.Init(prefs::kQuickCheckEnabled, |
| 500 local_state); | 514 local_state); |
| 501 quick_check_enabled_.MoveToThread( | 515 quick_check_enabled_.MoveToThread(io_thread_proxy); |
| 502 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO)); | |
| 503 | 516 |
| 504 #if defined(ENABLE_CONFIGURATION_POLICY) | 517 #if defined(ENABLE_CONFIGURATION_POLICY) |
| 505 is_spdy_disabled_by_policy_ = policy_service->GetPolicies( | 518 is_spdy_disabled_by_policy_ = policy_service->GetPolicies( |
| 506 policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME, std::string())).Get( | 519 policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME, std::string())).Get( |
| 507 policy::key::kDisableSpdy) != NULL; | 520 policy::key::kDisableSpdy) != NULL; |
| 508 | 521 |
| 509 const base::Value* value = policy_service->GetPolicies( | 522 const base::Value* value = policy_service->GetPolicies( |
| 510 policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME, | 523 policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME, |
| 511 std::string())).GetValue(policy::key::kQuicAllowed); | 524 std::string())).GetValue(policy::key::kQuicAllowed); |
| 512 if (value) | 525 if (value) |
| (...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 713 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 | 726 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 |
| 714 // is fixed. | 727 // is fixed. |
| 715 tracked_objects::ScopedTracker tracking_profile10( | 728 tracked_objects::ScopedTracker tracking_profile10( |
| 716 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 729 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 717 "466432 IOThread::InitAsync::CertPolicyEnforcer")); | 730 "466432 IOThread::InitAsync::CertPolicyEnforcer")); |
| 718 net::CertPolicyEnforcer* policy_enforcer = new net::CertPolicyEnforcer; | 731 net::CertPolicyEnforcer* policy_enforcer = new net::CertPolicyEnforcer; |
| 719 globals_->cert_policy_enforcer.reset(policy_enforcer); | 732 globals_->cert_policy_enforcer.reset(policy_enforcer); |
| 720 | 733 |
| 721 globals_->ssl_config_service = GetSSLConfigService(); | 734 globals_->ssl_config_service = GetSSLConfigService(); |
| 722 | 735 |
| 723 globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory( | 736 CreateDefaultAuthHandlerFactory(); |
| 724 globals_->host_resolver.get())); | |
| 725 globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl()); | 737 globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl()); |
| 726 // For the ProxyScriptFetcher, we use a direct ProxyService. | 738 // For the ProxyScriptFetcher, we use a direct ProxyService. |
| 727 globals_->proxy_script_fetcher_proxy_service = | 739 globals_->proxy_script_fetcher_proxy_service = |
| 728 net::ProxyService::CreateDirectWithNetLog(net_log_); | 740 net::ProxyService::CreateDirectWithNetLog(net_log_); |
| 729 // In-memory cookie store. | 741 // In-memory cookie store. |
| 730 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 | 742 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 |
| 731 // is fixed. | 743 // is fixed. |
| 732 tracked_objects::ScopedTracker tracking_profile11( | 744 tracked_objects::ScopedTracker tracking_profile11( |
| 733 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 745 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 734 "466432 IOThread::InitAsync::CreateCookieStore::Start")); | 746 "466432 IOThread::InitAsync::CreateCookieStore::Start")); |
| (...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 976 registry->RegisterStringPref(prefs::kAuthAndroidNegotiateAccountType, | 988 registry->RegisterStringPref(prefs::kAuthAndroidNegotiateAccountType, |
| 977 std::string()); | 989 std::string()); |
| 978 registry->RegisterStringPref( | 990 registry->RegisterStringPref( |
| 979 data_reduction_proxy::prefs::kDataReductionProxy, std::string()); | 991 data_reduction_proxy::prefs::kDataReductionProxy, std::string()); |
| 980 registry->RegisterBooleanPref(prefs::kEnableReferrers, true); | 992 registry->RegisterBooleanPref(prefs::kEnableReferrers, true); |
| 981 data_reduction_proxy::RegisterPrefs(registry); | 993 data_reduction_proxy::RegisterPrefs(registry); |
| 982 registry->RegisterBooleanPref(prefs::kBuiltInDnsClientEnabled, true); | 994 registry->RegisterBooleanPref(prefs::kBuiltInDnsClientEnabled, true); |
| 983 registry->RegisterBooleanPref(prefs::kQuickCheckEnabled, true); | 995 registry->RegisterBooleanPref(prefs::kQuickCheckEnabled, true); |
| 984 } | 996 } |
| 985 | 997 |
| 986 net::HttpAuthHandlerFactory* IOThread::CreateDefaultAuthHandlerFactory( | 998 void IOThread::UpdateServerWhitelist() { |
| 987 net::HostResolver* resolver) { | 999 std::string server_whitelist = auth_server_whitelist_.GetValue(); |
| 988 net::HttpAuthFilterWhitelist* auth_filter_default_credentials = NULL; | 1000 if (server_whitelist.empty()) { |
| 989 if (!auth_server_whitelist_.empty()) { | 1001 globals_->url_security_manager->SetDefaultWhitelist( |
| 990 auth_filter_default_credentials = | 1002 scoped_ptr<net::HttpAuthFilterWhitelist>()); |
| 991 new net::HttpAuthFilterWhitelist(auth_server_whitelist_); | 1003 } else { |
| 1004 globals_->url_security_manager->SetDefaultWhitelist( | |
| 1005 make_scoped_ptr(new net::HttpAuthFilterWhitelist(server_whitelist))); | |
| 992 } | 1006 } |
| 993 net::HttpAuthFilterWhitelist* auth_filter_delegate = NULL; | 1007 } |
| 994 if (!auth_delegate_whitelist_.empty()) { | 1008 |
| 995 auth_filter_delegate = | 1009 void IOThread::UpdateDelegateWhitelist() { |
| 996 new net::HttpAuthFilterWhitelist(auth_delegate_whitelist_); | 1010 std::string delegate_whitelist = auth_delegate_whitelist_.GetValue(); |
| 1011 if (delegate_whitelist.empty()) { | |
| 1012 globals_->url_security_manager->SetDelegateWhitelist( | |
| 1013 scoped_ptr<net::HttpAuthFilterWhitelist>()); | |
| 1014 } else { | |
| 1015 globals_->url_security_manager->SetDelegateWhitelist( | |
| 1016 make_scoped_ptr(new net::HttpAuthFilterWhitelist(delegate_whitelist))); | |
| 997 } | 1017 } |
| 998 globals_->url_security_manager.reset( | 1018 } |
| 999 net::URLSecurityManager::Create(auth_filter_default_credentials, | 1019 |
| 1000 auth_filter_delegate)); | 1020 void IOThread::UpdateAndroidAuthNegotiateAccount() { |
|
asanka
2015/11/04 16:05:44
Shouldn't this be UpdateAndroidAuthNegotiateAccoun
aberent
2015/11/06 13:57:34
Done.
| |
| 1021 globals_->http_auth_handler_factory->SetAndroidAuthNegotiateAccountType( | |
| 1022 auth_android_negotiate_account_type_.GetValue()); | |
| 1023 } | |
| 1024 | |
| 1025 void IOThread::UpdateNegotiateDisableCnameLookup() { | |
| 1026 globals_->http_auth_handler_factory->SetNegotiateDisableCnameLookup( | |
| 1027 negotiate_disable_cname_lookup_.GetValue()); | |
| 1028 } | |
| 1029 | |
| 1030 void IOThread::UpdateNegotiateEnablePort() { | |
| 1031 globals_->http_auth_handler_factory->SetNegotiateEnablePort( | |
| 1032 negotiate_enable_port_.GetValue()); | |
| 1033 } | |
| 1034 | |
| 1035 void IOThread::CreateDefaultAuthHandlerFactory() { | |
| 1001 std::vector<std::string> supported_schemes = base::SplitString( | 1036 std::vector<std::string> supported_schemes = base::SplitString( |
| 1002 auth_schemes_, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); | 1037 auth_schemes_, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY); |
| 1003 | 1038 globals_->url_security_manager.reset(net::URLSecurityManager::Create()); |
| 1004 scoped_ptr<net::HttpAuthHandlerRegistryFactory> registry_factory( | 1039 globals_->http_auth_handler_factory.reset( |
| 1005 net::HttpAuthHandlerRegistryFactory::Create( | 1040 net::HttpAuthHandlerRegistryFactory::Create( |
| 1006 supported_schemes, globals_->url_security_manager.get(), resolver, | 1041 supported_schemes, globals_->url_security_manager.get(), |
| 1007 gssapi_library_name_, auth_android_negotiate_account_type_, | 1042 globals_->host_resolver.get(), gssapi_library_name_)); |
| 1008 negotiate_disable_cname_lookup_, negotiate_enable_port_)); | 1043 UpdateServerWhitelist(); |
| 1009 return registry_factory.release(); | 1044 UpdateDelegateWhitelist(); |
| 1045 UpdateAndroidAuthNegotiateAccount(); | |
| 1046 UpdateNegotiateDisableCnameLookup(); | |
| 1047 UpdateNegotiateEnablePort(); | |
| 1010 } | 1048 } |
| 1011 | 1049 |
| 1012 void IOThread::ClearHostCache() { | 1050 void IOThread::ClearHostCache() { |
| 1013 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 1051 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 1014 | 1052 |
| 1015 net::HostCache* host_cache = globals_->host_resolver->GetHostCache(); | 1053 net::HostCache* host_cache = globals_->host_resolver->GetHostCache(); |
| 1016 if (host_cache) | 1054 if (host_cache) |
| 1017 host_cache->clear(); | 1055 host_cache->clear(); |
| 1018 } | 1056 } |
| 1019 | 1057 |
| (...skipping 610 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1630 globals->proxy_script_fetcher_url_request_job_factory = job_factory.Pass(); | 1668 globals->proxy_script_fetcher_url_request_job_factory = job_factory.Pass(); |
| 1631 | 1669 |
| 1632 context->set_job_factory( | 1670 context->set_job_factory( |
| 1633 globals->proxy_script_fetcher_url_request_job_factory.get()); | 1671 globals->proxy_script_fetcher_url_request_job_factory.get()); |
| 1634 | 1672 |
| 1635 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the | 1673 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the |
| 1636 // system URLRequestContext too. There's no reason this should be tied to a | 1674 // system URLRequestContext too. There's no reason this should be tied to a |
| 1637 // profile. | 1675 // profile. |
| 1638 return context; | 1676 return context; |
| 1639 } | 1677 } |
| OLD | NEW |
