Chromium Code Reviews Chromium Code Reviews
Issue 1414313002:
Allow dynamic updating of authentication policies (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_handler_factory.h" | 5 #include "net/http/http_auth_handler_factory.h" |
| 6 | 6 |
| 7 #include "base/stl_util.h" | 7 #include "base/stl_util.h" |
| 8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
| 9 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
| 10 #include "net/http/http_auth_challenge_tokenizer.h" | 10 #include "net/http/http_auth_challenge_tokenizer.h" |
| 11 #include "net/http/http_auth_filter.h" | 11 #include "net/http/http_auth_filter.h" |
| 12 #include "net/http/http_auth_handler_basic.h" | 12 #include "net/http/http_auth_handler_basic.h" |
| 13 #include "net/http/http_auth_handler_digest.h" | 13 #include "net/http/http_auth_handler_digest.h" |
| 14 #include "net/http/http_auth_handler_ntlm.h" | 14 #include "net/http/http_auth_handler_ntlm.h" |
| 15 | 15 |
| 16 #if defined(USE_KERBEROS) | 16 #if defined(USE_KERBEROS) |
| 17 #include "net/http/http_auth_handler_negotiate.h" | 17 #include "net/http/http_auth_handler_negotiate.h" |
| 18 #endif | 18 #endif |
| 19 | 19 |
| 20 namespace net { | 20 namespace net { |
| 21 | 21 |
| 22 const char kBasic[] = "basic"; | |
|
asanka
2015/10/28 03:27:43
Move these to http_auth.h where we have the consta
aberent
2015/11/02 18:52:50
Done.
| |
| 23 const char kDigest[] = "digest"; | |
| 24 const char kNtlm[] = "ntlm"; | |
| 25 const char kNegotiate[] = "negotiate"; | |
| 26 | |
| 22 int HttpAuthHandlerFactory::CreateAuthHandlerFromString( | 27 int HttpAuthHandlerFactory::CreateAuthHandlerFromString( |
| 23 const std::string& challenge, | 28 const std::string& challenge, |
| 24 HttpAuth::Target target, | 29 HttpAuth::Target target, |
| 25 const GURL& origin, | 30 const GURL& origin, |
| 26 const BoundNetLog& net_log, | 31 const BoundNetLog& net_log, |
| 27 scoped_ptr<HttpAuthHandler>* handler) { | 32 scoped_ptr<HttpAuthHandler>* handler) { |
| 28 HttpAuthChallengeTokenizer props(challenge.begin(), challenge.end()); | 33 HttpAuthChallengeTokenizer props(challenge.begin(), challenge.end()); |
| 29 return CreateAuthHandler(&props, target, origin, CREATE_CHALLENGE, 1, | 34 return CreateAuthHandler(&props, target, origin, CREATE_CHALLENGE, 1, |
| 30 net_log, handler); | 35 net_log, handler); |
| 31 } | 36 } |
| 32 | 37 |
| 33 int HttpAuthHandlerFactory::CreatePreemptiveAuthHandlerFromString( | 38 int HttpAuthHandlerFactory::CreatePreemptiveAuthHandlerFromString( |
| 34 const std::string& challenge, | 39 const std::string& challenge, |
| 35 HttpAuth::Target target, | 40 HttpAuth::Target target, |
| 36 const GURL& origin, | 41 const GURL& origin, |
| 37 int digest_nonce_count, | 42 int digest_nonce_count, |
| 38 const BoundNetLog& net_log, | 43 const BoundNetLog& net_log, |
| 39 scoped_ptr<HttpAuthHandler>* handler) { | 44 scoped_ptr<HttpAuthHandler>* handler) { |
| 40 HttpAuthChallengeTokenizer props(challenge.begin(), challenge.end()); | 45 HttpAuthChallengeTokenizer props(challenge.begin(), challenge.end()); |
| 41 return CreateAuthHandler(&props, target, origin, CREATE_PREEMPTIVE, | 46 return CreateAuthHandler(&props, target, origin, CREATE_PREEMPTIVE, |
| 42 digest_nonce_count, net_log, handler); | 47 digest_nonce_count, net_log, handler); |
| 43 } | 48 } |
| 44 | 49 |
| 45 // static | 50 // static |
| 46 scoped_ptr<HttpAuthHandlerRegistryFactory> | 51 scoped_ptr<HttpAuthHandlerRegistryFactory> |
| 47 HttpAuthHandlerFactory::CreateDefault(HostResolver* host_resolver) { | 52 HttpAuthHandlerFactory::CreateDefault(HostResolver* host_resolver) { |
| 48 DCHECK(host_resolver); | 53 DCHECK(host_resolver); |
| 49 scoped_ptr<HttpAuthHandlerRegistryFactory> registry_factory = | 54 scoped_ptr<HttpAuthHandlerRegistryFactory> registry_factory = |
| 50 make_scoped_ptr(new HttpAuthHandlerRegistryFactory()); | 55 make_scoped_ptr(new HttpAuthHandlerRegistryFactory()); |
| 51 registry_factory->RegisterSchemeFactory( | 56 registry_factory->RegisterSchemeFactory(kBasic, |
| 52 "basic", new HttpAuthHandlerBasic::Factory()); | 57 new HttpAuthHandlerBasic::Factory()); |
| 53 registry_factory->RegisterSchemeFactory( | 58 registry_factory->RegisterSchemeFactory(kDigest, |
| 54 "digest", new HttpAuthHandlerDigest::Factory()); | 59 new HttpAuthHandlerDigest::Factory()); |
| 55 | 60 |
| 56 // On Android Chrome needs an account type configured to enable Kerberos, | 61 // On Android Chrome needs an account type configured to enable Kerberos, |
| 57 // so the default factory should not include Kerberos. | 62 // so the default factory should not include Kerberos. |
| 58 #if defined(USE_KERBEROS) && !defined(OS_ANDROID) | 63 #if defined(USE_KERBEROS) && !defined(OS_ANDROID) |
| 59 HttpAuthHandlerNegotiate::Factory* negotiate_factory = | 64 HttpAuthHandlerNegotiate::Factory* negotiate_factory = |
| 60 new HttpAuthHandlerNegotiate::Factory(); | 65 new HttpAuthHandlerNegotiate::Factory(); |
| 61 #if defined(OS_POSIX) | 66 #if defined(OS_POSIX) |
|
asanka
2015/10/28 03:27:43
Preexisting: For #if/#elif chains for platform sel
aberent
2015/11/02 18:52:50
Done.
| |
| 62 negotiate_factory->set_library(new GSSAPISharedLibrary(std::string())); | 67 negotiate_factory->set_library( |
| 68 make_scoped_ptr(new GSSAPISharedLibrary(std::string()))); | |
| 63 #elif defined(OS_WIN) | 69 #elif defined(OS_WIN) |
| 64 negotiate_factory->set_library(new SSPILibraryDefault()); | 70 negotiate_factory->set_library(make_scoped_ptr(new SSPILibraryDefault())); |
| 65 #endif | 71 #endif |
| 66 negotiate_factory->set_host_resolver(host_resolver); | 72 negotiate_factory->set_host_resolver(host_resolver); |
| 67 registry_factory->RegisterSchemeFactory("negotiate", negotiate_factory); | 73 registry_factory->RegisterSchemeFactory(kNegotiate, negotiate_factory); |
| 68 #endif // defined(USE_KERBEROS) && !defined(OS_ANDROID) | 74 #endif // defined(USE_KERBEROS) && !defined(OS_ANDROID) |
| 69 | 75 |
| 70 HttpAuthHandlerNTLM::Factory* ntlm_factory = | 76 HttpAuthHandlerNTLM::Factory* ntlm_factory = |
| 71 new HttpAuthHandlerNTLM::Factory(); | 77 new HttpAuthHandlerNTLM::Factory(); |
| 72 #if defined(OS_WIN) | 78 #if defined(OS_WIN) |
| 73 ntlm_factory->set_sspi_library(new SSPILibraryDefault()); | 79 ntlm_factory->set_sspi_library(new SSPILibraryDefault()); |
| 74 #endif | 80 #endif |
| 75 registry_factory->RegisterSchemeFactory("ntlm", ntlm_factory); | 81 registry_factory->RegisterSchemeFactory(kNtlm, ntlm_factory); |
| 76 return registry_factory; | 82 return registry_factory; |
| 77 } | 83 } |
| 78 | 84 |
| 79 namespace { | 85 namespace { |
| 80 | 86 |
| 81 bool IsSupportedScheme(const std::vector<std::string>& supported_schemes, | 87 bool IsSupportedScheme(const std::vector<std::string>& supported_schemes, |
| 82 const std::string& scheme) { | 88 const std::string& scheme) { |
| 83 std::vector<std::string>::const_iterator it = std::find( | 89 std::vector<std::string>::const_iterator it = std::find( |
| 84 supported_schemes.begin(), supported_schemes.end(), scheme); | 90 supported_schemes.begin(), supported_schemes.end(), scheme); |
| 85 return it != supported_schemes.end(); | 91 return it != supported_schemes.end(); |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 123 FactoryMap::const_iterator it = factory_map_.find(lower_scheme); | 129 FactoryMap::const_iterator it = factory_map_.find(lower_scheme); |
| 124 if (it == factory_map_.end()) { | 130 if (it == factory_map_.end()) { |
| 125 return NULL; // |scheme| is not registered. | 131 return NULL; // |scheme| is not registered. |
| 126 } | 132 } |
| 127 return it->second; | 133 return it->second; |
| 128 } | 134 } |
| 129 | 135 |
| 130 // static | 136 // static |
| 131 HttpAuthHandlerRegistryFactory* HttpAuthHandlerRegistryFactory::Create( | 137 HttpAuthHandlerRegistryFactory* HttpAuthHandlerRegistryFactory::Create( |
| 132 const std::vector<std::string>& supported_schemes, | 138 const std::vector<std::string>& supported_schemes, |
| 133 URLSecurityManager* security_manager, | |
| 134 HostResolver* host_resolver, | 139 HostResolver* host_resolver, |
| 135 const std::string& gssapi_library_name, | 140 const std::string& gssapi_library_name) { |
| 136 const std::string& auth_android_negotiate_account_type, | |
| 137 bool negotiate_disable_cname_lookup, | |
| 138 bool negotiate_enable_port) { | |
| 139 HttpAuthHandlerRegistryFactory* registry_factory = | 141 HttpAuthHandlerRegistryFactory* registry_factory = |
| 140 new HttpAuthHandlerRegistryFactory(); | 142 new HttpAuthHandlerRegistryFactory(); |
| 141 if (IsSupportedScheme(supported_schemes, "basic")) | 143 if (IsSupportedScheme(supported_schemes, kBasic)) |
| 142 registry_factory->RegisterSchemeFactory( | 144 registry_factory->RegisterSchemeFactory( |
| 143 "basic", new HttpAuthHandlerBasic::Factory()); | 145 kBasic, new HttpAuthHandlerBasic::Factory()); |
| 144 if (IsSupportedScheme(supported_schemes, "digest")) | 146 if (IsSupportedScheme(supported_schemes, kDigest)) |
| 145 registry_factory->RegisterSchemeFactory( | 147 registry_factory->RegisterSchemeFactory( |
| 146 "digest", new HttpAuthHandlerDigest::Factory()); | 148 kDigest, new HttpAuthHandlerDigest::Factory()); |
| 147 if (IsSupportedScheme(supported_schemes, "ntlm")) { | 149 if (IsSupportedScheme(supported_schemes, kNtlm)) { |
| 148 HttpAuthHandlerNTLM::Factory* ntlm_factory = | 150 HttpAuthHandlerNTLM::Factory* ntlm_factory = |
| 149 new HttpAuthHandlerNTLM::Factory(); | 151 new HttpAuthHandlerNTLM::Factory(); |
| 150 ntlm_factory->set_url_security_manager(security_manager); | |
| 151 #if defined(OS_WIN) | 152 #if defined(OS_WIN) |
| 152 ntlm_factory->set_sspi_library(new SSPILibraryDefault()); | 153 ntlm_factory->set_sspi_library(new SSPILibraryDefault()); |
| 153 #endif | 154 #endif |
| 154 registry_factory->RegisterSchemeFactory("ntlm", ntlm_factory); | 155 registry_factory->RegisterSchemeFactory(kNtlm, ntlm_factory); |
| 155 } | 156 } |
| 156 #if defined(USE_KERBEROS) | 157 #if defined(USE_KERBEROS) |
| 157 if (IsSupportedScheme(supported_schemes, "negotiate")) { | 158 if (IsSupportedScheme(supported_schemes, kNegotiate)) { |
| 158 HttpAuthHandlerNegotiate::Factory* negotiate_factory = | 159 HttpAuthHandlerNegotiate::Factory* negotiate_factory = |
| 159 new HttpAuthHandlerNegotiate::Factory(); | 160 new HttpAuthHandlerNegotiate::Factory(); |
| 160 #if defined(OS_ANDROID) | 161 #if defined(OS_POSIX) && !defined(OS_ANDROID) |
|
asanka
2015/10/28 03:27:43
Same comment as above regarding OS_POSIX
aberent
2015/11/02 18:52:50
Done.
| |
| 161 negotiate_factory->set_library(&auth_android_negotiate_account_type); | |
| 162 #elif defined(OS_POSIX) | |
| 163 negotiate_factory->set_library( | 162 negotiate_factory->set_library( |
| 164 new GSSAPISharedLibrary(gssapi_library_name)); | 163 make_scoped_ptr(new GSSAPISharedLibrary(gssapi_library_name))); |
| 165 #elif defined(OS_WIN) | 164 #elif defined(OS_WIN) |
| 166 negotiate_factory->set_library(new SSPILibraryDefault()); | 165 negotiate_factory->set_library(make_scoped_ptr(new SSPILibraryDefault())); |
| 167 #endif | 166 #endif |
| 168 negotiate_factory->set_url_security_manager(security_manager); | |
| 169 DCHECK(host_resolver || negotiate_disable_cname_lookup); | |
| 170 negotiate_factory->set_host_resolver(host_resolver); | 167 negotiate_factory->set_host_resolver(host_resolver); |
| 171 negotiate_factory->set_disable_cname_lookup(negotiate_disable_cname_lookup); | 168 registry_factory->RegisterSchemeFactory(kNegotiate, negotiate_factory); |
| 172 negotiate_factory->set_use_port(negotiate_enable_port); | |
| 173 registry_factory->RegisterSchemeFactory("negotiate", negotiate_factory); | |
| 174 } | 169 } |
| 175 #endif // defined(USE_KERBEROS) | 170 #endif // defined(USE_KERBEROS) |
| 176 | 171 |
| 177 return registry_factory; | 172 return registry_factory; |
| 178 } | 173 } |
| 179 | 174 |
| 180 int HttpAuthHandlerRegistryFactory::CreateAuthHandler( | 175 int HttpAuthHandlerRegistryFactory::CreateAuthHandler( |
| 181 HttpAuthChallengeTokenizer* challenge, | 176 HttpAuthChallengeTokenizer* challenge, |
| 182 HttpAuth::Target target, | 177 HttpAuth::Target target, |
| 183 const GURL& origin, | 178 const GURL& origin, |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 194 FactoryMap::iterator it = factory_map_.find(lower_scheme); | 189 FactoryMap::iterator it = factory_map_.find(lower_scheme); |
| 195 if (it == factory_map_.end()) { | 190 if (it == factory_map_.end()) { |
| 196 handler->reset(); | 191 handler->reset(); |
| 197 return ERR_UNSUPPORTED_AUTH_SCHEME; | 192 return ERR_UNSUPPORTED_AUTH_SCHEME; |
| 198 } | 193 } |
| 199 DCHECK(it->second); | 194 DCHECK(it->second); |
| 200 return it->second->CreateAuthHandler(challenge, target, origin, reason, | 195 return it->second->CreateAuthHandler(challenge, target, origin, reason, |
| 201 digest_nonce_count, net_log, handler); | 196 digest_nonce_count, net_log, handler); |
| 202 } | 197 } |
| 203 | 198 |
| 199 void HttpAuthHandlerRegistryFactory::SetSecurityManager( | |
| 200 URLSecurityManager* security_manager) { | |
| 201 HttpAuthHandlerFactory* ntlm_factory = GetSchemeFactory(kNtlm); | |
| 202 if (ntlm_factory) | |
| 203 ntlm_factory->set_url_security_manager(security_manager); | |
| 204 #if defined(USE_KERBEROS) | |
| 205 HttpAuthHandlerFactory* negotiate_factory = GetSchemeFactory(kNegotiate); | |
| 206 if (negotiate_factory) | |
| 207 negotiate_factory->set_url_security_manager(security_manager); | |
| 208 #endif | |
| 209 } | |
| 210 | |
| 211 void HttpAuthHandlerRegistryFactory::SetAndroidAuthNegotiateAccountType( | |
| 212 scoped_ptr<std::string> account_type) { | |
| 213 #if defined(OS_ANDROID) && defined(USE_KERBEROS) | |
| 214 auto negotiate_factory = static_cast<HttpAuthHandlerNegotiate::Factory*>( | |
| 215 GetSchemeFactory(kNegotiate)); | |
| 216 if (negotiate_factory) | |
| 217 negotiate_factory->set_library(account_type.Pass()); | |
| 218 #endif | |
| 219 } | |
| 220 | |
| 221 void HttpAuthHandlerRegistryFactory::SetNegotiateDisableCnameLookup( | |
| 222 bool negotiate_disable_cname_lookup) { | |
| 223 #if defined(USE_KERBEROS) | |
| 224 auto negotiate_factory = static_cast<HttpAuthHandlerNegotiate::Factory*>( | |
| 225 GetSchemeFactory(kNegotiate)); | |
| 226 if (negotiate_factory) | |
| 227 negotiate_factory->set_disable_cname_lookup(negotiate_disable_cname_lookup); | |
| 228 #endif | |
| 229 } | |
| 230 | |
| 231 void HttpAuthHandlerRegistryFactory::SetNegotiateEnablePort( | |
| 232 bool negotiate_enable_port) { | |
| 233 #if defined(USE_KERBEROS) | |
| 234 auto negotiate_factory = static_cast<HttpAuthHandlerNegotiate::Factory*>( | |
|
asanka
2015/10/28 03:27:43
These static casts (here and elsewhere) are not co
aberent
2015/11/02 18:52:50
Done. Every HttpAuthHandlerFactory now has a SetNe
| |
| 235 GetSchemeFactory(kNegotiate)); | |
| 236 if (negotiate_factory) | |
| 237 negotiate_factory->set_use_port(negotiate_enable_port); | |
| 238 #endif | |
| 239 } | |
| 240 | |
| 204 } // namespace net | 241 } // namespace net |
| OLD | NEW |
