Merge pull request #223 from deepak1556/iwa_patch

flags to control iwa enabled server whitelist
This commit is contained in:
Cheng Zhao 2016-05-23 10:37:36 +00:00
commit b41d9fd6c0
2 changed files with 20 additions and 58 deletions

View file

@ -92,34 +92,14 @@ const char kProxyPacUrl[] = "proxy-pac-url";
// Disable HTTP/2 and SPDY/3.1 protocols. // Disable HTTP/2 and SPDY/3.1 protocols.
const char kDisableHttp2[] = "disable-http2"; const char kDisableHttp2[] = "disable-http2";
// Whitelist containing servers for which Integrated Authentication is enabled.
const char kAuthServerWhitelist[] = "auth-server-whitelist";
// Whitelist containing servers for which Kerberos delegation is allowed.
const char kAuthNegotiateDelegateWhitelist[] = "auth-negotiate-delegate-whitelist";
} // namespace } // namespace
URLRequestContextGetter::DelegateURLSecurityManager::DelegateURLSecurityManager
(URLRequestContextGetter::Delegate* delegate) :
delegate_(delegate) {}
bool URLRequestContextGetter::DelegateURLSecurityManager::CanUseDefaultCredentials
(const GURL& auth_origin) const {
return delegate_->AllowNTLMCredentialsForDomain(auth_origin);
}
bool URLRequestContextGetter::DelegateURLSecurityManager::CanDelegate
(const GURL& auth_origin) const {
return delegate_->CanDelegateURLSecurity(auth_origin);
}
void URLRequestContextGetter::DelegateURLSecurityManager::SetDefaultWhitelist(
scoped_ptr<net::HttpAuthFilter> whitelist_default) {
}
void URLRequestContextGetter::DelegateURLSecurityManager::SetDelegateWhitelist(
scoped_ptr<net::HttpAuthFilter> whitelist_delegate) {
}
URLRequestContextGetter::Delegate::Delegate() :
orig_url_sec_mgr_(net::URLSecurityManager::Create()) {}
std::string URLRequestContextGetter::Delegate::GetUserAgent() { std::string URLRequestContextGetter::Delegate::GetUserAgent() {
return base::EmptyString(); return base::EmptyString();
} }
@ -174,15 +154,6 @@ net::SSLConfigService* URLRequestContextGetter::Delegate::CreateSSLConfigService
return new net::SSLConfigServiceDefaults; return new net::SSLConfigServiceDefaults;
} }
bool URLRequestContextGetter::Delegate::AllowNTLMCredentialsForDomain(const GURL& auth_origin) {
return orig_url_sec_mgr_->CanUseDefaultCredentials(auth_origin);
}
bool URLRequestContextGetter::Delegate::CanDelegateURLSecurity(const GURL& auth_origin) {
return orig_url_sec_mgr_->CanDelegate(auth_origin);
}
URLRequestContextGetter::URLRequestContextGetter( URLRequestContextGetter::URLRequestContextGetter(
Delegate* delegate, Delegate* delegate,
DevToolsNetworkControllerHandle* handle, DevToolsNetworkControllerHandle* handle,
@ -317,6 +288,19 @@ net::URLRequestContext* URLRequestContextGetter::GetURLRequestContext() {
#else #else
http_auth_preferences_.reset(new net::HttpAuthPreferences(schemes)); http_auth_preferences_.reset(new net::HttpAuthPreferences(schemes));
#endif #endif
// --auth-server-whitelist
if (command_line.HasSwitch(kAuthServerWhitelist)) {
http_auth_preferences_->set_server_whitelist(
command_line.GetSwitchValueASCII(kAuthServerWhitelist));
}
// --auth-negotiate-delegate-whitelist
if (command_line.HasSwitch(kAuthNegotiateDelegateWhitelist)) {
http_auth_preferences_->set_delegate_whitelist(
command_line.GetSwitchValueASCII(kAuthNegotiateDelegateWhitelist));
}
auto auth_handler_factory = auto auth_handler_factory =
net::HttpAuthHandlerRegistryFactory::Create( net::HttpAuthHandlerRegistryFactory::Create(
http_auth_preferences_.get(), host_resolver.get()); http_auth_preferences_.get(), host_resolver.get());

View file

@ -35,7 +35,7 @@ class URLRequestContextGetter : public net::URLRequestContextGetter {
public: public:
class Delegate { class Delegate {
public: public:
Delegate(); Delegate() {}
virtual ~Delegate() {} virtual ~Delegate() {}
virtual net::NetworkDelegate* CreateNetworkDelegate() { return NULL; } virtual net::NetworkDelegate* CreateNetworkDelegate() { return NULL; }
@ -47,28 +47,6 @@ class URLRequestContextGetter : public net::URLRequestContextGetter {
const base::FilePath& base_path); const base::FilePath& base_path);
virtual scoped_ptr<net::CertVerifier> CreateCertVerifier(); virtual scoped_ptr<net::CertVerifier> CreateCertVerifier();
virtual net::SSLConfigService* CreateSSLConfigService(); virtual net::SSLConfigService* CreateSSLConfigService();
virtual bool AllowNTLMCredentialsForDomain(const GURL& auth_origin);
virtual bool CanDelegateURLSecurity(const GURL& auth_origin);
private:
scoped_ptr<net::URLSecurityManager> orig_url_sec_mgr_;
};
class DelegateURLSecurityManager : public net::URLSecurityManager {
public:
DelegateURLSecurityManager(URLRequestContextGetter::Delegate* delegate);
bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
bool CanDelegate(const GURL& auth_origin) const override;
void SetDefaultWhitelist(
scoped_ptr<net::HttpAuthFilter> whitelist_default) override;
void SetDelegateWhitelist(
scoped_ptr<net::HttpAuthFilter> whitelist_delegate) override;
private:
URLRequestContextGetter::Delegate* delegate_;
DISALLOW_COPY_AND_ASSIGN(DelegateURLSecurityManager);
}; };
URLRequestContextGetter( URLRequestContextGetter(