diff options
| author | ahendrickson@google.com <ahendrickson@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-28 18:03:04 +0000 |
|---|---|---|
| committer | ahendrickson@google.com <ahendrickson@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-28 18:03:04 +0000 |
| commit | aef042746af7a3a9a9967195c24cb7a9c755a0e8 (patch) | |
| tree | 2c0aa7088f240c63f1f12b2bd19651314cdfc928 /chrome | |
| parent | f9f41ec4f27ba5fd19ca82d4c04b13bed6627d23 (diff) | |
| download | chromium_src-aef042746af7a3a9a9967195c24cb7a9c755a0e8.zip chromium_src-aef042746af7a3a9a9967195c24cb7a9c755a0e8.tar.gz chromium_src-aef042746af7a3a9a9967195c24cb7a9c755a0e8.tar.bz2 | |
Hooking GSSAPI code into HTTP authenticate Negotiate handler.
BUG=33033.
TEST=None.
Review URL: http://codereview.chromium.org/2684001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@51001 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/browser/io_thread.cc | 44 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.cc | 4 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.h | 3 |
3 files changed, 39 insertions, 12 deletions
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc index 681bb9d..885aae9 100644 --- a/chrome/browser/io_thread.cc +++ b/chrome/browser/io_thread.cc @@ -207,6 +207,22 @@ net::HttpAuthHandlerFactory* IOThread::CreateDefaultAuthHandlerFactory() { auth_filter->SetWhitelist(auth_server_whitelist); } + // Set the flag that enables or disables the Negotiate auth handler. +#if defined(OS_WIN) + static const bool kNegotiateAuthEnabledDefault = true; +#else + static const bool kNegotiateAuthEnabledDefault = false; +#endif + bool negotiate_auth_enabled = kNegotiateAuthEnabledDefault; + if (command_line.HasSwitch(switches::kExperimentalEnableNegotiateAuth)) { + std::string enable_negotiate_auth = command_line.GetSwitchValueASCII( + switches::kExperimentalEnableNegotiateAuth); + // Enabled if no value, or value is 'true'. Disabled otherwise. + negotiate_auth_enabled = + enable_negotiate_auth.empty() || + (StringToLowerASCII(enable_negotiate_auth) == "true"); + } + net::HttpAuthHandlerRegistryFactory* registry_factory = net::HttpAuthHandlerFactory::CreateDefault(); @@ -219,18 +235,22 @@ net::HttpAuthHandlerFactory* IOThread::CreateDefaultAuthHandlerFactory() { registry_factory->SetURLSecurityManager("negotiate", globals_->url_security_manager.get()); - // Configure the Negotiate settings for the Kerberos SPN. - // TODO(cbentzel): Read the related IE registry settings on Windows builds. - // TODO(cbentzel): Ugly use of static_cast here. - net::HttpAuthHandlerNegotiate::Factory* negotiate_factory = - static_cast<net::HttpAuthHandlerNegotiate::Factory*>( - registry_factory->GetSchemeFactory("negotiate")); - DCHECK(negotiate_factory); - if (command_line.HasSwitch(switches::kDisableAuthNegotiateCnameLookup)) - negotiate_factory->set_disable_cname_lookup(true); - if (command_line.HasSwitch(switches::kEnableAuthNegotiatePort)) - negotiate_factory->set_use_port(true); - + if (negotiate_auth_enabled) { + // Configure the Negotiate settings for the Kerberos SPN. + // TODO(cbentzel): Read the related IE registry settings on Windows builds. + // TODO(cbentzel): Ugly use of static_cast here. + net::HttpAuthHandlerNegotiate::Factory* negotiate_factory = + static_cast<net::HttpAuthHandlerNegotiate::Factory*>( + registry_factory->GetSchemeFactory("negotiate")); + DCHECK(negotiate_factory); + if (command_line.HasSwitch(switches::kDisableAuthNegotiateCnameLookup)) + negotiate_factory->set_disable_cname_lookup(true); + if (command_line.HasSwitch(switches::kEnableAuthNegotiatePort)) + negotiate_factory->set_use_port(true); + } else { + // Disable the Negotiate authentication handler. + registry_factory->RegisterSchemeFactory("negotiate", NULL); + } return registry_factory; } diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index 7e9e7b5..6941558 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -402,6 +402,10 @@ const char kEnableWatchdog[] = "enable-watchdog"; // Disable WebKit's XSSAuditor. The XSSAuditor mitigates reflective XSS. const char kEnableXSSAuditor[] = "enable-xss-auditor"; +// Enables the experimental Negotiate authentication protocol. +const char kExperimentalEnableNegotiateAuth[] = + "experimental-enable-negotiate-auth"; + // Enables experimental features for Spellchecker. Right now, the first // experimental feature is auto spell correct, which corrects words which are // misppelled by typing the word with two consecutive letters swapped. The diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index 0c527bf..d8c1e12 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -130,7 +130,10 @@ extern const char kEnableVideoLayering[]; extern const char kEnableVideoLogging[]; extern const char kEnableWatchdog[]; extern const char kEnableXSSAuditor[]; +// Experimental features. +extern const char kExperimentalEnableNegotiateAuth[]; extern const char kExperimentalSpellcheckerFeatures[]; +// End experimental features. extern const char kExplicitlyAllowedPorts[]; extern const char kExtensionProcess[]; extern const char kExtensionsUpdateFrequency[]; |