blob: c096aaf5afc4b539e7ea0201e170ff9f12929296 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// See "SSPI Sample Application" at
// http://msdn.microsoft.com/en-us/library/aa918273.aspx
// and "NTLM Security Support Provider" at
// http://msdn.microsoft.com/en-us/library/aa923611.aspx.
#include "net/http/http_auth_handler_ntlm.h"
#include "base/logging.h"
#include "base/string_util.h"
#include "net/base/net_errors.h"
#include "net/base/net_util.h"
#include "net/http/http_auth_sspi_win.h"
#pragma comment(lib, "secur32.lib")
namespace net {
HttpAuthHandlerNTLM::HttpAuthHandlerNTLM() : auth_sspi_("NTLM", NTLMSP_NAME) {
}
HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() {
}
// Require identity on first pass instead of second.
bool HttpAuthHandlerNTLM::NeedsIdentity() {
return auth_sspi_.NeedsIdentity();
}
bool HttpAuthHandlerNTLM::IsFinalRound() {
return auth_sspi_.IsFinalRound();
}
bool HttpAuthHandlerNTLM::AllowDefaultCredentials() {
// NOTE: Temporarily disabled. SSO is a potential security risk with NTLM.
// TODO(cbentzel): Add a pointer to Firefox documentation about risk.
// TODO(cbentzel): Add a blanket command line flag to enable/disable?
// TODO(cbentzel): Add a whitelist regexp command line flag?
// TODO(cbentzel): Resolve the origin_ (helpful if doing already) and see if
// it is in private IP space?
// TODO(cbentzel): Compare origin_ to this machine's hostname and allow if
// it matches at least two or three layers deep?
return false;
}
int HttpAuthHandlerNTLM::GenerateDefaultAuthToken(
const HttpRequestInfo* request,
const ProxyInfo* proxy,
std::string* auth_token) {
return auth_sspi_.GenerateAuthToken(
NULL, // username
NULL, // password
origin_,
request,
proxy,
auth_token);
}
} // namespace net
|
