xref: /aosp_15_r20/external/cronet/net/http/url_security_manager_win.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2011 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/http/url_security_manager.h"
6 
7 #include <urlmon.h>
8 #include <wrl/client.h>
9 
10 #include "base/logging.h"
11 #include "base/notreached.h"
12 #include "base/strings/string_util.h"
13 #include "base/strings/utf_string_conversions.h"
14 #include "net/http/http_auth_filter.h"
15 #include "url/scheme_host_port.h"
16 
17 // The Windows implementation of URLSecurityManager uses WinINet/IE's
18 // URL security zone manager.  See the MSDN page "URL Security Zones" at
19 // http://msdn.microsoft.com/en-us/library/ms537021(VS.85).aspx for more
20 // info on the Internet Security Manager and Internet Zone Manager objects.
21 //
22 // On Windows, we honor the WinINet/IE settings and group policy related to
23 // URL Security Zones.  See the Microsoft Knowledge Base article 182569
24 // "Internet Explorer security zones registry entries for advanced users"
25 // (http://support.microsoft.com/kb/182569) for more info on these registry
26 // keys.
27 
28 namespace net {
29 
30 class URLSecurityManagerWin : public URLSecurityManagerAllowlist {
31  public:
32   URLSecurityManagerWin();
33 
34   URLSecurityManagerWin(const URLSecurityManagerWin&) = delete;
35   URLSecurityManagerWin& operator=(const URLSecurityManagerWin&) = delete;
36 
37   ~URLSecurityManagerWin() override;
38 
39   // URLSecurityManager methods:
40   bool CanUseDefaultCredentials(
41       const url::SchemeHostPort& auth_scheme_host_port) const override;
42 
43  private:
44   bool EnsureSystemSecurityManager();
45 
46   Microsoft::WRL::ComPtr<IInternetSecurityManager> security_manager_;
47 };
48 
49 URLSecurityManagerWin::URLSecurityManagerWin() = default;
50 URLSecurityManagerWin::~URLSecurityManagerWin() = default;
51 
CanUseDefaultCredentials(const url::SchemeHostPort & auth_scheme_host_port) const52 bool URLSecurityManagerWin::CanUseDefaultCredentials(
53     const url::SchemeHostPort& auth_scheme_host_port) const {
54   if (HasDefaultAllowlist())
55     return URLSecurityManagerAllowlist::CanUseDefaultCredentials(
56         auth_scheme_host_port);
57   if (!const_cast<URLSecurityManagerWin*>(this)->EnsureSystemSecurityManager())
58     return false;
59 
60   std::u16string url16 = base::ASCIIToUTF16(auth_scheme_host_port.Serialize());
61   DWORD policy = 0;
62   HRESULT hr;
63   hr = security_manager_->ProcessUrlAction(
64       base::as_wcstr(url16), URLACTION_CREDENTIALS_USE,
65       reinterpret_cast<BYTE*>(&policy), sizeof(policy), nullptr, 0, PUAF_NOUI,
66       0);
67   if (FAILED(hr)) {
68     LOG(ERROR) << "IInternetSecurityManager::ProcessUrlAction failed: " << hr;
69     return false;
70   }
71 
72   // Four possible policies for URLACTION_CREDENTIALS_USE.  See the MSDN page
73   // "About URL Security Zones" at
74   // http://msdn.microsoft.com/en-us/library/ms537183(VS.85).aspx
75   switch (policy) {
76     case URLPOLICY_CREDENTIALS_SILENT_LOGON_OK:
77       return true;
78     case URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT: {
79       // This policy means "prompt the user for permission if the resource is
80       // not located in the Intranet zone".  TODO(wtc): Note that it's
81       // prompting for permission (to use the default credentials), as opposed
82       // to prompting the user to enter a user name and password.
83 
84       // URLZONE_LOCAL_MACHINE 0
85       // URLZONE_INTRANET      1
86       // URLZONE_TRUSTED       2
87       // URLZONE_INTERNET      3
88       // URLZONE_UNTRUSTED     4
89       DWORD zone = 0;
90       hr = security_manager_->MapUrlToZone(base::as_wcstr(url16), &zone, 0);
91       if (FAILED(hr)) {
92         LOG(ERROR) << "IInternetSecurityManager::MapUrlToZone failed: " << hr;
93         return false;
94       }
95       return zone <= URLZONE_INTRANET;
96     }
97     case URLPOLICY_CREDENTIALS_MUST_PROMPT_USER:
98       return false;
99     case URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY:
100       // TODO(wtc): we should fail the authentication.
101       return false;
102     default:
103       NOTREACHED();
104       return false;
105   }
106 }
107 // TODO(cbentzel): Could CanDelegate use the security zone as well?
108 
EnsureSystemSecurityManager()109 bool URLSecurityManagerWin::EnsureSystemSecurityManager() {
110   if (!security_manager_.Get()) {
111     HRESULT hr =
112         CoInternetCreateSecurityManager(nullptr, &security_manager_, 0);
113     if (FAILED(hr) || !security_manager_.Get()) {
114       LOG(ERROR) << "Unable to create the Windows Security Manager instance";
115       return false;
116     }
117   }
118   return true;
119 }
120 
121 // static
Create()122 std::unique_ptr<URLSecurityManager> URLSecurityManager::Create() {
123   return std::make_unique<URLSecurityManagerWin>();
124 }
125 
126 }  //  namespace net
127