From b8e8e08f63f3221505615c72a5ce46868f99cc65 Mon Sep 17 00:00:00 2001 From: deepak1556 Date: Sat, 21 May 2016 23:40:02 +0530 Subject: [PATCH] flags to control iwa enabled server whitelist --- .../browser/url_request_context_getter.cc | 54 +++++++------------ .../browser/url_request_context_getter.h | 24 +-------- 2 files changed, 20 insertions(+), 58 deletions(-) diff --git a/brightray/browser/url_request_context_getter.cc b/brightray/browser/url_request_context_getter.cc index a2f7032f6831..7bd479e34f67 100644 --- a/brightray/browser/url_request_context_getter.cc +++ b/brightray/browser/url_request_context_getter.cc @@ -92,34 +92,14 @@ const char kProxyPacUrl[] = "proxy-pac-url"; // Disable HTTP/2 and SPDY/3.1 protocols. const char kDisableHttp2[] = "disable-http2"; +// Whitelist containing servers for which Integrated Authentication is enabled. +const char kAuthServerWhitelist[] = "auth-server-whitelist"; + +// Whitelist containing servers for which Kerberos delegation is allowed. +const char kAuthNegotiateDelegateWhitelist[] = "auth-negotiate-delegate-whitelist"; + } // namespace - -URLRequestContextGetter::DelegateURLSecurityManager::DelegateURLSecurityManager - (URLRequestContextGetter::Delegate* delegate) : - delegate_(delegate) {} - -bool URLRequestContextGetter::DelegateURLSecurityManager::CanUseDefaultCredentials - (const GURL& auth_origin) const { - return delegate_->AllowNTLMCredentialsForDomain(auth_origin); -} - -bool URLRequestContextGetter::DelegateURLSecurityManager::CanDelegate - (const GURL& auth_origin) const { - return delegate_->CanDelegateURLSecurity(auth_origin); -} - -void URLRequestContextGetter::DelegateURLSecurityManager::SetDefaultWhitelist( - scoped_ptr whitelist_default) { -} - -void URLRequestContextGetter::DelegateURLSecurityManager::SetDelegateWhitelist( - scoped_ptr whitelist_delegate) { -} - -URLRequestContextGetter::Delegate::Delegate() : - orig_url_sec_mgr_(net::URLSecurityManager::Create()) {} - std::string URLRequestContextGetter::Delegate::GetUserAgent() { return base::EmptyString(); } @@ -174,15 +154,6 @@ net::SSLConfigService* URLRequestContextGetter::Delegate::CreateSSLConfigService return new net::SSLConfigServiceDefaults; } -bool URLRequestContextGetter::Delegate::AllowNTLMCredentialsForDomain(const GURL& auth_origin) { - return orig_url_sec_mgr_->CanUseDefaultCredentials(auth_origin); -} - -bool URLRequestContextGetter::Delegate::CanDelegateURLSecurity(const GURL& auth_origin) { - return orig_url_sec_mgr_->CanDelegate(auth_origin); -} - - URLRequestContextGetter::URLRequestContextGetter( Delegate* delegate, DevToolsNetworkControllerHandle* handle, @@ -317,6 +288,19 @@ net::URLRequestContext* URLRequestContextGetter::GetURLRequestContext() { #else http_auth_preferences_.reset(new net::HttpAuthPreferences(schemes)); #endif + + // --auth-server-whitelist + if (command_line.HasSwitch(kAuthServerWhitelist)) { + http_auth_preferences_->set_server_whitelist( + command_line.GetSwitchValueASCII(kAuthServerWhitelist)); + } + + // --auth-negotiate-delegate-whitelist + if (command_line.HasSwitch(kAuthNegotiateDelegateWhitelist)) { + http_auth_preferences_->set_delegate_whitelist( + command_line.GetSwitchValueASCII(kAuthNegotiateDelegateWhitelist)); + } + auto auth_handler_factory = net::HttpAuthHandlerRegistryFactory::Create( http_auth_preferences_.get(), host_resolver.get()); diff --git a/brightray/browser/url_request_context_getter.h b/brightray/browser/url_request_context_getter.h index 3f06ba78ba2a..546cda9b8acd 100644 --- a/brightray/browser/url_request_context_getter.h +++ b/brightray/browser/url_request_context_getter.h @@ -35,7 +35,7 @@ class URLRequestContextGetter : public net::URLRequestContextGetter { public: class Delegate { public: - Delegate(); + Delegate() {} virtual ~Delegate() {} virtual net::NetworkDelegate* CreateNetworkDelegate() { return NULL; } @@ -47,28 +47,6 @@ class URLRequestContextGetter : public net::URLRequestContextGetter { const base::FilePath& base_path); virtual scoped_ptr CreateCertVerifier(); virtual net::SSLConfigService* CreateSSLConfigService(); - virtual bool AllowNTLMCredentialsForDomain(const GURL& auth_origin); - virtual bool CanDelegateURLSecurity(const GURL& auth_origin); - - private: - scoped_ptr orig_url_sec_mgr_; - }; - - class DelegateURLSecurityManager : public net::URLSecurityManager { - public: - DelegateURLSecurityManager(URLRequestContextGetter::Delegate* delegate); - - bool CanUseDefaultCredentials(const GURL& auth_origin) const override; - bool CanDelegate(const GURL& auth_origin) const override; - void SetDefaultWhitelist( - scoped_ptr whitelist_default) override; - void SetDelegateWhitelist( - scoped_ptr whitelist_delegate) override; - - private: - URLRequestContextGetter::Delegate* delegate_; - - DISALLOW_COPY_AND_ASSIGN(DelegateURLSecurityManager); }; URLRequestContextGetter(