| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_handler_factory.h" | 5 #include "net/http/http_auth_handler_factory.h" |
| 6 | 6 |
| 7 #include "base/stl_util.h" | 7 #include "base/stl_util.h" |
| 8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
| 9 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
| 10 #include "net/http/http_auth_challenge_tokenizer.h" | 10 #include "net/http/http_auth_challenge_tokenizer.h" |
| 11 #include "net/http/http_auth_filter.h" | 11 #include "net/http/http_auth_filter.h" |
| 12 #include "net/http/http_auth_handler_basic.h" | 12 #include "net/http/http_auth_handler_basic.h" |
| 13 #include "net/http/http_auth_handler_digest.h" | 13 #include "net/http/http_auth_handler_digest.h" |
| 14 #include "net/http/http_auth_handler_ntlm.h" | 14 #include "net/http/http_auth_handler_ntlm.h" |
| 15 #include "net/http/http_auth_preferences.h" |
| 16 #include "net/http/http_auth_scheme.h" |
| 15 | 17 |
| 16 #if defined(USE_KERBEROS) | 18 #if defined(USE_KERBEROS) |
| 17 #include "net/http/http_auth_handler_negotiate.h" | 19 #include "net/http/http_auth_handler_negotiate.h" |
| 18 #endif | 20 #endif |
| 19 | 21 |
| 20 namespace net { | 22 namespace net { |
| 21 | 23 |
| 22 int HttpAuthHandlerFactory::CreateAuthHandlerFromString( | 24 int HttpAuthHandlerFactory::CreateAuthHandlerFromString( |
| 23 const std::string& challenge, | 25 const std::string& challenge, |
| 24 HttpAuth::Target target, | 26 HttpAuth::Target target, |
| (...skipping 10 matching lines...) Expand all Loading... |
| 35 HttpAuth::Target target, | 37 HttpAuth::Target target, |
| 36 const GURL& origin, | 38 const GURL& origin, |
| 37 int digest_nonce_count, | 39 int digest_nonce_count, |
| 38 const BoundNetLog& net_log, | 40 const BoundNetLog& net_log, |
| 39 scoped_ptr<HttpAuthHandler>* handler) { | 41 scoped_ptr<HttpAuthHandler>* handler) { |
| 40 HttpAuthChallengeTokenizer props(challenge.begin(), challenge.end()); | 42 HttpAuthChallengeTokenizer props(challenge.begin(), challenge.end()); |
| 41 return CreateAuthHandler(&props, target, origin, CREATE_PREEMPTIVE, | 43 return CreateAuthHandler(&props, target, origin, CREATE_PREEMPTIVE, |
| 42 digest_nonce_count, net_log, handler); | 44 digest_nonce_count, net_log, handler); |
| 43 } | 45 } |
| 44 | 46 |
| 45 // static | |
| 46 scoped_ptr<HttpAuthHandlerRegistryFactory> | |
| 47 HttpAuthHandlerFactory::CreateDefault(HostResolver* host_resolver) { | |
| 48 DCHECK(host_resolver); | |
| 49 scoped_ptr<HttpAuthHandlerRegistryFactory> registry_factory = | |
| 50 make_scoped_ptr(new HttpAuthHandlerRegistryFactory()); | |
| 51 registry_factory->RegisterSchemeFactory( | |
| 52 "basic", new HttpAuthHandlerBasic::Factory()); | |
| 53 registry_factory->RegisterSchemeFactory( | |
| 54 "digest", new HttpAuthHandlerDigest::Factory()); | |
| 55 | |
| 56 // On Android Chrome needs an account type configured to enable Kerberos, | |
| 57 // so the default factory should not include Kerberos. | |
| 58 #if defined(USE_KERBEROS) && !defined(OS_ANDROID) | |
| 59 HttpAuthHandlerNegotiate::Factory* negotiate_factory = | |
| 60 new HttpAuthHandlerNegotiate::Factory(); | |
| 61 #if defined(OS_POSIX) | |
| 62 negotiate_factory->set_library(new GSSAPISharedLibrary(std::string())); | |
| 63 #elif defined(OS_WIN) | |
| 64 negotiate_factory->set_library(new SSPILibraryDefault()); | |
| 65 #endif | |
| 66 negotiate_factory->set_host_resolver(host_resolver); | |
| 67 registry_factory->RegisterSchemeFactory("negotiate", negotiate_factory); | |
| 68 #endif // defined(USE_KERBEROS) && !defined(OS_ANDROID) | |
| 69 | |
| 70 HttpAuthHandlerNTLM::Factory* ntlm_factory = | |
| 71 new HttpAuthHandlerNTLM::Factory(); | |
| 72 #if defined(OS_WIN) | |
| 73 ntlm_factory->set_sspi_library(new SSPILibraryDefault()); | |
| 74 #endif | |
| 75 registry_factory->RegisterSchemeFactory("ntlm", ntlm_factory); | |
| 76 return registry_factory; | |
| 77 } | |
| 78 | |
| 79 namespace { | 47 namespace { |
| 80 | 48 |
| 81 bool IsSupportedScheme(const std::vector<std::string>& supported_schemes, | 49 const char* const kDefaultAuthSchemes[] = {kBasicAuthScheme, kDigestAuthScheme, |
| 82 const std::string& scheme) { | 50 #if defined(USE_KERBEROS) && !defined(OS_ANDROID) |
| 83 std::vector<std::string>::const_iterator it = std::find( | 51 kNegotiateAuthScheme, |
| 84 supported_schemes.begin(), supported_schemes.end(), scheme); | 52 #endif |
| 85 return it != supported_schemes.end(); | 53 kNtlmAuthScheme}; |
| 54 |
| 55 // Create a registry factory. Note that |prefs| may be a temporary, and |
| 56 // should only be used to create the factories. It should not be passed |
| 57 // to the registry factory or its children as the preferences they should |
| 58 // use. |
| 59 scoped_ptr<HttpAuthHandlerRegistryFactory> CreateAuthHandlerRegistryFactory( |
| 60 const HttpAuthPreferences& prefs, |
| 61 HostResolver* host_resolver) { |
| 62 scoped_ptr<HttpAuthHandlerRegistryFactory> registry_factory( |
| 63 new HttpAuthHandlerRegistryFactory()); |
| 64 if (prefs.IsSupportedScheme(kBasicAuthScheme)) |
| 65 registry_factory->RegisterSchemeFactory( |
| 66 kBasicAuthScheme, new HttpAuthHandlerBasic::Factory()); |
| 67 if (prefs.IsSupportedScheme(kDigestAuthScheme)) |
| 68 registry_factory->RegisterSchemeFactory( |
| 69 kDigestAuthScheme, new HttpAuthHandlerDigest::Factory()); |
| 70 if (prefs.IsSupportedScheme(kNtlmAuthScheme)) { |
| 71 HttpAuthHandlerNTLM::Factory* ntlm_factory = |
| 72 new HttpAuthHandlerNTLM::Factory(); |
| 73 #if defined(OS_WIN) |
| 74 ntlm_factory->set_sspi_library(new SSPILibraryDefault()); |
| 75 #endif // defined(OS_WIN) |
| 76 registry_factory->RegisterSchemeFactory(kNtlmAuthScheme, ntlm_factory); |
| 77 } |
| 78 #if defined(USE_KERBEROS) |
| 79 if (prefs.IsSupportedScheme(kNegotiateAuthScheme)) { |
| 80 DCHECK(host_resolver); |
| 81 HttpAuthHandlerNegotiate::Factory* negotiate_factory = |
| 82 new HttpAuthHandlerNegotiate::Factory(); |
| 83 #if defined(OS_WIN) |
| 84 negotiate_factory->set_library(make_scoped_ptr(new SSPILibraryDefault())); |
| 85 #elif defined(OS_POSIX) && !defined(OS_ANDROID) |
| 86 negotiate_factory->set_library( |
| 87 make_scoped_ptr(new GSSAPISharedLibrary(prefs.GssapiLibraryName()))); |
| 88 #endif // defined(OS_POSIX) && !defined(OS_ANDROID) |
| 89 negotiate_factory->set_host_resolver(host_resolver); |
| 90 registry_factory->RegisterSchemeFactory(kNegotiateAuthScheme, |
| 91 negotiate_factory); |
| 92 } |
| 93 #endif // defined(USE_KERBEROS) |
| 94 return registry_factory; |
| 86 } | 95 } |
| 87 | 96 |
| 88 } // namespace | 97 } // namespace |
| 89 | 98 |
| 90 HttpAuthHandlerRegistryFactory::HttpAuthHandlerRegistryFactory() { | 99 HttpAuthHandlerRegistryFactory::HttpAuthHandlerRegistryFactory() { |
| 91 } | 100 } |
| 92 | 101 |
| 93 HttpAuthHandlerRegistryFactory::~HttpAuthHandlerRegistryFactory() { | 102 HttpAuthHandlerRegistryFactory::~HttpAuthHandlerRegistryFactory() { |
| 94 STLDeleteContainerPairSecondPointers(factory_map_.begin(), | 103 STLDeleteContainerPairSecondPointers(factory_map_.begin(), |
| 95 factory_map_.end()); | 104 factory_map_.end()); |
| 96 } | 105 } |
| 97 | 106 |
| 98 void HttpAuthHandlerRegistryFactory::SetURLSecurityManager( | 107 void HttpAuthHandlerRegistryFactory::SetHttpAuthPreferences( |
| 99 const std::string& scheme, | 108 const std::string& scheme, |
| 100 URLSecurityManager* security_manager) { | 109 const HttpAuthPreferences* prefs) { |
| 101 HttpAuthHandlerFactory* factory = GetSchemeFactory(scheme); | 110 HttpAuthHandlerFactory* factory = GetSchemeFactory(scheme); |
| 102 if (factory) | 111 if (factory) |
| 103 factory->set_url_security_manager(security_manager); | 112 factory->set_http_auth_preferences(prefs); |
| 104 } | 113 } |
| 105 | 114 |
| 106 void HttpAuthHandlerRegistryFactory::RegisterSchemeFactory( | 115 void HttpAuthHandlerRegistryFactory::RegisterSchemeFactory( |
| 107 const std::string& scheme, | 116 const std::string& scheme, |
| 108 HttpAuthHandlerFactory* factory) { | 117 HttpAuthHandlerFactory* factory) { |
| 118 factory->set_http_auth_preferences(http_auth_preferences()); |
| 109 std::string lower_scheme = base::ToLowerASCII(scheme); | 119 std::string lower_scheme = base::ToLowerASCII(scheme); |
| 110 FactoryMap::iterator it = factory_map_.find(lower_scheme); | 120 FactoryMap::iterator it = factory_map_.find(lower_scheme); |
| 111 if (it != factory_map_.end()) { | 121 if (it != factory_map_.end()) { |
| 112 delete it->second; | 122 delete it->second; |
| 113 } | 123 } |
| 114 if (factory) | 124 if (factory) |
| 115 factory_map_[lower_scheme] = factory; | 125 factory_map_[lower_scheme] = factory; |
| 116 else | 126 else |
| 117 factory_map_.erase(it); | 127 factory_map_.erase(it); |
| 118 } | 128 } |
| 119 | 129 |
| 120 HttpAuthHandlerFactory* HttpAuthHandlerRegistryFactory::GetSchemeFactory( | 130 HttpAuthHandlerFactory* HttpAuthHandlerRegistryFactory::GetSchemeFactory( |
| 121 const std::string& scheme) const { | 131 const std::string& scheme) const { |
| 122 std::string lower_scheme = base::ToLowerASCII(scheme); | 132 std::string lower_scheme = base::ToLowerASCII(scheme); |
| 123 FactoryMap::const_iterator it = factory_map_.find(lower_scheme); | 133 FactoryMap::const_iterator it = factory_map_.find(lower_scheme); |
| 124 if (it == factory_map_.end()) { | 134 if (it == factory_map_.end()) { |
| 125 return NULL; // |scheme| is not registered. | 135 return NULL; // |scheme| is not registered. |
| 126 } | 136 } |
| 127 return it->second; | 137 return it->second; |
| 128 } | 138 } |
| 129 | 139 |
| 130 // static | 140 // static |
| 131 HttpAuthHandlerRegistryFactory* HttpAuthHandlerRegistryFactory::Create( | 141 scoped_ptr<HttpAuthHandlerRegistryFactory> |
| 132 const std::vector<std::string>& supported_schemes, | 142 HttpAuthHandlerFactory::CreateDefault(HostResolver* host_resolver) { |
| 133 URLSecurityManager* security_manager, | 143 std::vector<std::string> auth_types(std::begin(kDefaultAuthSchemes), |
| 134 HostResolver* host_resolver, | 144 std::end(kDefaultAuthSchemes)); |
| 135 const std::string& gssapi_library_name, | 145 HttpAuthPreferences prefs(auth_types |
| 136 const std::string& auth_android_negotiate_account_type, | 146 #if defined(OS_POSIX) && !defined(OS_ANDROID) |
| 137 bool negotiate_disable_cname_lookup, | 147 , |
| 138 bool negotiate_enable_port) { | 148 std::string() |
| 139 HttpAuthHandlerRegistryFactory* registry_factory = | |
| 140 new HttpAuthHandlerRegistryFactory(); | |
| 141 if (IsSupportedScheme(supported_schemes, "basic")) | |
| 142 registry_factory->RegisterSchemeFactory( | |
| 143 "basic", new HttpAuthHandlerBasic::Factory()); | |
| 144 if (IsSupportedScheme(supported_schemes, "digest")) | |
| 145 registry_factory->RegisterSchemeFactory( | |
| 146 "digest", new HttpAuthHandlerDigest::Factory()); | |
| 147 if (IsSupportedScheme(supported_schemes, "ntlm")) { | |
| 148 HttpAuthHandlerNTLM::Factory* ntlm_factory = | |
| 149 new HttpAuthHandlerNTLM::Factory(); | |
| 150 ntlm_factory->set_url_security_manager(security_manager); | |
| 151 #if defined(OS_WIN) | |
| 152 ntlm_factory->set_sspi_library(new SSPILibraryDefault()); | |
| 153 #endif | 149 #endif |
| 154 registry_factory->RegisterSchemeFactory("ntlm", ntlm_factory); | 150 ); |
| 151 return CreateAuthHandlerRegistryFactory(prefs, host_resolver); |
| 152 } |
| 153 |
| 154 // static |
| 155 scoped_ptr<HttpAuthHandlerRegistryFactory> |
| 156 HttpAuthHandlerRegistryFactory::Create(const HttpAuthPreferences* prefs, |
| 157 HostResolver* host_resolver) { |
| 158 scoped_ptr<HttpAuthHandlerRegistryFactory> registry_factory( |
| 159 CreateAuthHandlerRegistryFactory(*prefs, host_resolver)); |
| 160 registry_factory->set_http_auth_preferences(prefs); |
| 161 for (auto factory_entry : registry_factory->factory_map_) { |
| 162 factory_entry.second->set_http_auth_preferences(prefs); |
| 155 } | 163 } |
| 156 #if defined(USE_KERBEROS) | |
| 157 if (IsSupportedScheme(supported_schemes, "negotiate")) { | |
| 158 HttpAuthHandlerNegotiate::Factory* negotiate_factory = | |
| 159 new HttpAuthHandlerNegotiate::Factory(); | |
| 160 #if defined(OS_ANDROID) | |
| 161 negotiate_factory->set_library(&auth_android_negotiate_account_type); | |
| 162 #elif defined(OS_POSIX) | |
| 163 negotiate_factory->set_library( | |
| 164 new GSSAPISharedLibrary(gssapi_library_name)); | |
| 165 #elif defined(OS_WIN) | |
| 166 negotiate_factory->set_library(new SSPILibraryDefault()); | |
| 167 #endif | |
| 168 negotiate_factory->set_url_security_manager(security_manager); | |
| 169 DCHECK(host_resolver || negotiate_disable_cname_lookup); | |
| 170 negotiate_factory->set_host_resolver(host_resolver); | |
| 171 negotiate_factory->set_disable_cname_lookup(negotiate_disable_cname_lookup); | |
| 172 negotiate_factory->set_use_port(negotiate_enable_port); | |
| 173 registry_factory->RegisterSchemeFactory("negotiate", negotiate_factory); | |
| 174 } | |
| 175 #endif // defined(USE_KERBEROS) | |
| 176 | |
| 177 return registry_factory; | 164 return registry_factory; |
| 178 } | 165 } |
| 179 | 166 |
| 180 int HttpAuthHandlerRegistryFactory::CreateAuthHandler( | 167 int HttpAuthHandlerRegistryFactory::CreateAuthHandler( |
| 181 HttpAuthChallengeTokenizer* challenge, | 168 HttpAuthChallengeTokenizer* challenge, |
| 182 HttpAuth::Target target, | 169 HttpAuth::Target target, |
| 183 const GURL& origin, | 170 const GURL& origin, |
| 184 CreateReason reason, | 171 CreateReason reason, |
| 185 int digest_nonce_count, | 172 int digest_nonce_count, |
| 186 const BoundNetLog& net_log, | 173 const BoundNetLog& net_log, |
| 187 scoped_ptr<HttpAuthHandler>* handler) { | 174 scoped_ptr<HttpAuthHandler>* handler) { |
| 188 std::string scheme = challenge->scheme(); | 175 std::string scheme = challenge->scheme(); |
| 189 if (scheme.empty()) { | 176 if (scheme.empty()) { |
| 190 handler->reset(); | 177 handler->reset(); |
| 191 return ERR_INVALID_RESPONSE; | 178 return ERR_INVALID_RESPONSE; |
| 192 } | 179 } |
| 193 std::string lower_scheme = base::ToLowerASCII(scheme); | 180 std::string lower_scheme = base::ToLowerASCII(scheme); |
| 194 FactoryMap::iterator it = factory_map_.find(lower_scheme); | 181 FactoryMap::iterator it = factory_map_.find(lower_scheme); |
| 195 if (it == factory_map_.end()) { | 182 if (it == factory_map_.end()) { |
| 196 handler->reset(); | 183 handler->reset(); |
| 197 return ERR_UNSUPPORTED_AUTH_SCHEME; | 184 return ERR_UNSUPPORTED_AUTH_SCHEME; |
| 198 } | 185 } |
| 199 DCHECK(it->second); | 186 DCHECK(it->second); |
| 200 return it->second->CreateAuthHandler(challenge, target, origin, reason, | 187 return it->second->CreateAuthHandler(challenge, target, origin, reason, |
| 201 digest_nonce_count, net_log, handler); | 188 digest_nonce_count, net_log, handler); |
| 202 } | 189 } |
| 203 | 190 |
| 204 } // namespace net | 191 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1414313002:
Allow dynamic updating of authentication policies (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master