Add Single Sign On support to HTTP Authentication handlers.

Currently this is implemented on Windows for the NTLM and Negotiate schemes.

This CL does not introduce the hooks to actually use Single Sign On in response to a 401/407 request - that will come in a later CL.

This behavior is disabled for now as well.

BUG=29862
TEST=Ran unittests, and Chrome against a server with authentication challenges.

Review URL: http://codereview.chromium.org/555174

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@38227 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 25 insertions, 0 deletions

diff --git a/net/http/http_auth_handler_ntlm_win.cc b/net/http/http_auth_handler_ntlm_win.cc
index fba9c1b..c096aaf 100644
--- a/net/http/http_auth_handler_ntlm_win.cc
+++ b/net/http/http_auth_handler_ntlm_win.cc
@@ -34,6 +34,31 @@ bool HttpAuthHandlerNTLM::IsFinalRound() {
   return auth_sspi_.IsFinalRound();
 }
 
+bool HttpAuthHandlerNTLM::AllowDefaultCredentials() {
+  // NOTE: Temporarily disabled. SSO is a potential security risk with NTLM.
+  // TODO(cbentzel): Add a pointer to Firefox documentation about risk.
+
+  // TODO(cbentzel): Add a blanket command line flag to enable/disable?
+  // TODO(cbentzel): Add a whitelist regexp command line flag?
+  // TODO(cbentzel): Resolve the origin_ (helpful if doing already) and see if
+  //                 it is in private IP space?
+  // TODO(cbentzel): Compare origin_ to this machine's hostname and allow if
+  //                 it matches at least two or three layers deep?
+  return false;
+}
+
+int HttpAuthHandlerNTLM::GenerateDefaultAuthToken(
+    const HttpRequestInfo* request,
+    const ProxyInfo* proxy,
+    std::string* auth_token) {
+  return auth_sspi_.GenerateAuthToken(
+      NULL, // username
+      NULL, // password
+      origin_,
+      request,
+      proxy,
+      auth_token);
+}
 
 }  // namespace net