OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/url_security_manager.h" | 5 #include "net/http/url_security_manager.h" |
6 | 6 |
7 #include <urlmon.h> | 7 #include <urlmon.h> |
8 #pragma comment(lib, "urlmon.lib") | 8 #pragma comment(lib, "urlmon.lib") |
9 | 9 |
10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
11 #include "base/strings/utf_string_conversions.h" | 11 #include "base/strings/utf_string_conversions.h" |
12 #include "base/win/scoped_comptr.h" | 12 #include "base/win/scoped_comptr.h" |
13 #include "net/http/http_auth_filter.h" | 13 #include "net/http/http_auth_filter.h" |
14 #include "url/gurl.h" | 14 #include "url/gurl.h" |
15 | 15 |
16 // The Windows implementation of URLSecurityManager uses WinINet/IE's | 16 // The Windows implementation of URLSecurityManager uses WinINet/IE's |
17 // URL security zone manager. See the MSDN page "URL Security Zones" at | 17 // URL security zone manager. See the MSDN page "URL Security Zones" at |
18 // http://msdn.microsoft.com/en-us/library/ms537021(VS.85).aspx for more | 18 // http://msdn.microsoft.com/en-us/library/ms537021(VS.85).aspx for more |
19 // info on the Internet Security Manager and Internet Zone Manager objects. | 19 // info on the Internet Security Manager and Internet Zone Manager objects. |
20 // | 20 // |
21 // On Windows, we honor the WinINet/IE settings and group policy related to | 21 // On Windows, we honor the WinINet/IE settings and group policy related to |
22 // URL Security Zones. See the Microsoft Knowledge Base article 182569 | 22 // URL Security Zones. See the Microsoft Knowledge Base article 182569 |
23 // "Internet Explorer security zones registry entries for advanced users" | 23 // "Internet Explorer security zones registry entries for advanced users" |
24 // (http://support.microsoft.com/kb/182569) for more info on these registry | 24 // (http://support.microsoft.com/kb/182569) for more info on these registry |
25 // keys. | 25 // keys. |
26 | 26 |
27 namespace net { | 27 namespace net { |
28 | 28 |
29 class URLSecurityManagerWin : public URLSecurityManager { | 29 class URLSecurityManagerWin : public URLSecurityManagerWhitelist { |
30 public: | 30 public: |
31 explicit URLSecurityManagerWin(const HttpAuthFilter* whitelist_delegate); | 31 URLSecurityManagerWin(); |
32 ~URLSecurityManagerWin() override; | |
32 | 33 |
33 // URLSecurityManager methods: | 34 // URLSecurityManager methods: |
34 bool CanUseDefaultCredentials(const GURL& auth_origin) const override; | 35 bool CanUseDefaultCredentials(const GURL& auth_origin) const override; |
35 bool CanDelegate(const GURL& auth_origin) const override; | |
36 | 36 |
37 private: | 37 private: |
38 bool EnsureSystemSecurityManager(); | 38 bool EnsureSystemSecurityManager(); |
39 | 39 |
40 base::win::ScopedComPtr<IInternetSecurityManager> security_manager_; | 40 base::win::ScopedComPtr<IInternetSecurityManager> security_manager_; |
41 scoped_ptr<const HttpAuthFilter> whitelist_delegate_; | |
42 | 41 |
43 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWin); | 42 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWin); |
44 }; | 43 }; |
45 | 44 |
46 URLSecurityManagerWin::URLSecurityManagerWin( | 45 URLSecurityManagerWin::URLSecurityManagerWin() {} |
47 const HttpAuthFilter* whitelist_delegate) | 46 URLSecurityManagerWin::~URLSecurityManagerWin() {} |
48 : whitelist_delegate_(whitelist_delegate) { | |
49 } | |
50 | 47 |
51 bool URLSecurityManagerWin::CanUseDefaultCredentials( | 48 bool URLSecurityManagerWin::CanUseDefaultCredentials( |
52 const GURL& auth_origin) const { | 49 const GURL& auth_origin) const { |
50 if (HasDefaultWhitelist()) { | |
51 return URLSecurityManagerWhitelist::CanUseDefaultCredentials(auth_origin); | |
52 } | |
53 if (!const_cast<URLSecurityManagerWin*>(this)->EnsureSystemSecurityManager()) | 53 if (!const_cast<URLSecurityManagerWin*>(this)->EnsureSystemSecurityManager()) |
54 return false; | 54 return false; |
55 | 55 |
56 base::string16 url16 = base::ASCIIToUTF16(auth_origin.spec()); | 56 base::string16 url16 = base::ASCIIToUTF16(auth_origin.spec()); |
57 DWORD policy = 0; | 57 DWORD policy = 0; |
58 HRESULT hr; | 58 HRESULT hr; |
59 hr = security_manager_->ProcessUrlAction(url16.c_str(), | 59 hr = security_manager_->ProcessUrlAction(url16.c_str(), |
60 URLACTION_CREDENTIALS_USE, | 60 URLACTION_CREDENTIALS_USE, |
61 reinterpret_cast<BYTE*>(&policy), | 61 reinterpret_cast<BYTE*>(&policy), |
62 sizeof(policy), NULL, 0, | 62 sizeof(policy), NULL, 0, |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
94 case URLPOLICY_CREDENTIALS_MUST_PROMPT_USER: | 94 case URLPOLICY_CREDENTIALS_MUST_PROMPT_USER: |
95 return false; | 95 return false; |
96 case URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY: | 96 case URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY: |
97 // TODO(wtc): we should fail the authentication. | 97 // TODO(wtc): we should fail the authentication. |
98 return false; | 98 return false; |
99 default: | 99 default: |
100 NOTREACHED(); | 100 NOTREACHED(); |
101 return false; | 101 return false; |
102 } | 102 } |
103 } | 103 } |
104 | 104 // TODO(cbentzel): Could CanDelegate use the security zone as well? |
105 bool URLSecurityManagerWin::CanDelegate(const GURL& auth_origin) const { | |
106 // TODO(cbentzel): Could this just use the security zone as well? Apparently | |
107 // this is what IE does as well. | |
108 if (whitelist_delegate_.get()) | |
109 return whitelist_delegate_->IsValid(auth_origin, HttpAuth::AUTH_SERVER); | |
110 return false; | |
111 } | |
112 | 105 |
113 bool URLSecurityManagerWin::EnsureSystemSecurityManager() { | 106 bool URLSecurityManagerWin::EnsureSystemSecurityManager() { |
114 if (!security_manager_.get()) { | 107 if (!security_manager_.get()) { |
115 HRESULT hr = CoInternetCreateSecurityManager(NULL, | 108 HRESULT hr = CoInternetCreateSecurityManager(NULL, |
116 security_manager_.Receive(), | 109 security_manager_.Receive(), |
117 NULL); | 110 NULL); |
118 if (FAILED(hr) || !security_manager_.get()) { | 111 if (FAILED(hr) || !security_manager_.get()) { |
119 LOG(ERROR) << "Unable to create the Windows Security Manager instance"; | 112 LOG(ERROR) << "Unable to create the Windows Security Manager instance"; |
120 return false; | 113 return false; |
121 } | 114 } |
122 } | 115 } |
123 return true; | 116 return true; |
124 } | 117 } |
125 | 118 |
126 // static | 119 // static |
127 URLSecurityManager* URLSecurityManager::Create( | 120 URLSecurityManager* URLSecurityManager::Create() { |
128 const HttpAuthFilter* whitelist_default, | |
129 const HttpAuthFilter* whitelist_delegate) { | |
130 // If we have a whitelist, just use that. | 121 // If we have a whitelist, just use that. |
asanka
2015/11/04 16:05:44
Comment no longer accurate.
aberent
2015/11/06 13:57:34
Done.
| |
131 if (whitelist_default) | 122 return new URLSecurityManagerWin; |
132 return new URLSecurityManagerWhitelist(whitelist_default, | |
133 whitelist_delegate); | |
134 return new URLSecurityManagerWin(whitelist_delegate); | |
135 } | 123 } |
136 | 124 |
137 } // namespace net | 125 } // namespace net |
OLD | NEW |