browser: flags to control iwa enabled server whitelist

2016-05-21 23:38:50 +05:30 · 2016-05-21 23:38:50 +05:30 · 3db2daf790
commit 3db2daf790
parent 8821cae34f
5 changed files with 19 additions and 26 deletions
--- a/atom/browser/api/atom_api_app.cc
+++ b/atom/browser/api/atom_api_app.cc
@ -375,12 +375,6 @@ void App::SetDesktopName(const std::string& desktop_name) {
 #endif
 }

-void App::AllowNTLMCredentialsForAllDomains(bool should_allow) {
-  auto browser_context = static_cast<AtomBrowserContext*>(
-        AtomBrowserMainParts::Get()->browser_context());
-  browser_context->AllowNTLMCredentialsForAllDomains(should_allow);
-}
-
 std::string App::GetLocale() {
  return l10n_util::GetApplicationLocale("");
 }
@ -482,8 +476,6 @@ void App::BuildPrototype(
      .SetMethod("setPath", &App::SetPath)
      .SetMethod("getPath", &App::GetPath)
      .SetMethod("setDesktopName", &App::SetDesktopName)
-      .SetMethod("allowNTLMCredentialsForAllDomains",
-                 &App::AllowNTLMCredentialsForAllDomains)
      .SetMethod("getLocale", &App::GetLocale)
 #if defined(USE_NSS_CERTS)
      .SetMethod("importCertificate", &App::ImportCertificate)
--- a/atom/browser/api/atom_api_app.h
+++ b/atom/browser/api/atom_api_app.h
@ -106,7 +106,6 @@ class App : public AtomBrowserClient::Delegate,
               const base::FilePath& path);

  void SetDesktopName(const std::string& desktop_name);
-  void AllowNTLMCredentialsForAllDomains(bool should_allow);
  bool MakeSingleInstance(
      const ProcessSingleton::NotificationCallback& callback);
  std::string GetLocale();
--- a/atom/browser/atom_browser_context.cc
+++ b/atom/browser/atom_browser_context.cc
@ -67,8 +67,7 @@ AtomBrowserContext::AtomBrowserContext(const std::string& partition,
    : brightray::BrowserContext(partition, in_memory),
      cert_verifier_(new AtomCertVerifier),
      job_factory_(new AtomURLRequestJobFactory),
-      network_delegate_(new AtomNetworkDelegate),
-      allow_ntlm_everywhere_(false) {
+      network_delegate_(new AtomNetworkDelegate) {
 }

 AtomBrowserContext::~AtomBrowserContext() {
@ -195,16 +194,6 @@ void AtomBrowserContext::RegisterPrefs(PrefRegistrySimple* pref_registry) {
  pref_registry->RegisterDictionaryPref(prefs::kDevToolsFileSystemPaths);
 }

-bool AtomBrowserContext::AllowNTLMCredentialsForDomain(const GURL& origin) {
-  if (allow_ntlm_everywhere_)
-    return true;
-  return Delegate::AllowNTLMCredentialsForDomain(origin);
-}
-
-void AtomBrowserContext::AllowNTLMCredentialsForAllDomains(bool should_allow) {
-  allow_ntlm_everywhere_ = should_allow;
-}
-
 }  // namespace atom

 namespace brightray {
--- a/atom/browser/atom_browser_context.h
+++ b/atom/browser/atom_browser_context.h
@ -33,7 +33,6 @@ class AtomBrowserContext : public brightray::BrowserContext {
      const base::FilePath& base_path) override;
  scoped_ptr<net::CertVerifier> CreateCertVerifier() override;
  net::SSLConfigService* CreateSSLConfigService() override;
-  bool AllowNTLMCredentialsForDomain(const GURL& auth_origin) override;

  // content::BrowserContext:
  content::DownloadManagerDelegate* GetDownloadManagerDelegate() override;
@ -43,8 +42,6 @@ class AtomBrowserContext : public brightray::BrowserContext {
  // brightray::BrowserContext:
  void RegisterPrefs(PrefRegistrySimple* pref_registry) override;

-  void AllowNTLMCredentialsForAllDomains(bool should_allow);
-
  AtomCertVerifier* cert_verifier() const { return cert_verifier_; }

  AtomURLRequestJobFactory* job_factory() const { return job_factory_; }
@ -61,8 +58,6 @@ class AtomBrowserContext : public brightray::BrowserContext {
  AtomURLRequestJobFactory* job_factory_;
  AtomNetworkDelegate* network_delegate_;

-  bool allow_ntlm_everywhere_;
-
  DISALLOW_COPY_AND_ASSIGN(AtomBrowserContext);
 };

--- a/docs/api/chrome-command-line-switches.md
+++ b/docs/api/chrome-command-line-switches.md
@ -95,6 +95,24 @@ connection, and the endpoint host in a `SOCKS` proxy connection).

 Like `--host-rules` but these `rules` only apply to the host resolver.

+## --auth-server-whitelist=`url`
+
+A comma-separated list of servers for which integrated authentication is enabled.
+
+For example:
+
+```
+--auth-server-whitelist='*example.com, *foobar.com, *baz'
+```
+
+then any `url` ending with `example.com`, `foobar.com`, `baz` will be considered
+for integrated authentication. Without `*` prefix the url has to match exactly.
+
+## --auth-negotiate-delegate-whitelist=`url`
+
+A comma-separated list of servers for which delegation of user credentials is required.
+Without `*` prefix the url has to match exactly.
+
 ## --ignore-certificate-errors

 Ignores certificate related errors.