diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-29 18:02:36 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-29 18:02:36 +0000 |
| commit | d7f166387b66955c2e5b967a3cc7467fad072e73 (patch) | |
| tree | 7a5c47a5e65f90afb2eca5bbb4c0d6c08f5dc625 /net/http/http_auth_handler_ntlm_win.cc | |
| parent | 5452d7e80ce2df298e15e6a5e17effcb26a51bf2 (diff) | |
| download | chromium_src-d7f166387b66955c2e5b967a3cc7467fad072e73.zip chromium_src-d7f166387b66955c2e5b967a3cc7467fad072e73.tar.gz chromium_src-d7f166387b66955c2e5b967a3cc7467fad072e73.tar.bz2 | |
On Windows, use IInternetSecurityManager to determine if it's OK
to send the default credentials to a server, without prompting the
user for permission, for HTTP NTLM or Negotiate authentication.
It is always OK to send the default credentials to a proxy without
prompting the user.
Rename the AllowDefaultCredentials method of HttpAuthHandler to
SupportsDefaultCredentials and redefine it to simply return if
the authentication scheme supports the use of default credentials,
as opposed to whether we may use the default credentials for a
particular server or proxy.
This CL contains the changes by cbentzel in
http://codereview.chromium.org/1082001.
R=cbentzel,cpu,stoyan
BUG=29596
TEST=none
Review URL: http://codereview.chromium.org/1343003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42960 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http/http_auth_handler_ntlm_win.cc')
| -rw-r--r-- | net/http/http_auth_handler_ntlm_win.cc | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/net/http/http_auth_handler_ntlm_win.cc b/net/http/http_auth_handler_ntlm_win.cc index 2de3411..2aa9c0d 100644 --- a/net/http/http_auth_handler_ntlm_win.cc +++ b/net/http/http_auth_handler_ntlm_win.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -36,17 +36,8 @@ bool HttpAuthHandlerNTLM::IsFinalRound() { return auth_sspi_.IsFinalRound(); } -bool HttpAuthHandlerNTLM::AllowDefaultCredentials() { - // NOTE: Temporarily disabled. SSO is a potential security risk with NTLM. - // TODO(cbentzel): Add a pointer to Firefox documentation about risk. - - // TODO(cbentzel): Add a blanket command line flag to enable/disable? - // TODO(cbentzel): Add a whitelist regexp command line flag? - // TODO(cbentzel): Resolve the origin_ (helpful if doing already) and see if - // it is in private IP space? - // TODO(cbentzel): Compare origin_ to this machine's hostname and allow if - // it matches at least two or three layers deep? - return false; +bool HttpAuthHandlerNTLM::SupportsDefaultCredentials() { + return true; } int HttpAuthHandlerNTLM::GenerateDefaultAuthToken( @@ -54,16 +45,16 @@ int HttpAuthHandlerNTLM::GenerateDefaultAuthToken( const ProxyInfo* proxy, std::string* auth_token) { return auth_sspi_.GenerateAuthToken( - NULL, // username - NULL, // password + NULL, // username + NULL, // password origin_, request, proxy, auth_token); } -HttpAuthHandlerNTLM::Factory::Factory() : - max_token_length_(0), +HttpAuthHandlerNTLM::Factory::Factory() + : max_token_length_(0), first_creation_(true), is_unsupported_(false), sspi_library_(SSPILibrary::GetDefault()) { |