1 // Copyright 2015 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_HTTP_HTTP_AUTH_PREFERENCES_H_ 6 #define NET_HTTP_HTTP_AUTH_PREFERENCES_H_ 7 8 #include <memory> 9 #include <optional> 10 #include <set> 11 #include <string> 12 13 #include "base/functional/callback.h" 14 #include "build/build_config.h" 15 #include "build/chromeos_buildflags.h" 16 #include "net/base/net_export.h" 17 #include "net/http/http_auth.h" 18 19 namespace url { 20 class SchemeHostPort; 21 } 22 23 namespace net { 24 25 class URLSecurityManager; 26 27 // Manage the preferences needed for authentication, and provide a cache of 28 // them accessible from the IO thread. 29 class NET_EXPORT HttpAuthPreferences { 30 public: 31 // |DefaultCredentials| influences the behavior of codepaths that use 32 // IdentitySource::IDENT_SRC_DEFAULT_CREDENTIALS in |HttpAuthController| 33 enum DefaultCredentials { 34 DISALLOW_DEFAULT_CREDENTIALS = 0, 35 ALLOW_DEFAULT_CREDENTIALS = 1, 36 }; 37 38 HttpAuthPreferences(); 39 40 HttpAuthPreferences(const HttpAuthPreferences&) = delete; 41 HttpAuthPreferences& operator=(const HttpAuthPreferences&) = delete; 42 43 virtual ~HttpAuthPreferences(); 44 45 virtual bool NegotiateDisableCnameLookup() const; 46 virtual bool NegotiateEnablePort() const; 47 #if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 48 virtual bool NtlmV2Enabled() const; 49 #endif // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 50 #if BUILDFLAG(IS_ANDROID) 51 virtual std::string AuthAndroidNegotiateAccountType() const; 52 #endif 53 #if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) 54 virtual bool AllowGssapiLibraryLoad() const; 55 #endif // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) 56 virtual bool CanUseDefaultCredentials( 57 const url::SchemeHostPort& auth_scheme_host_port) const; 58 virtual HttpAuth::DelegationType GetDelegationType( 59 const url::SchemeHostPort& auth_scheme_host_port) const; 60 set_delegate_by_kdc_policy(bool delegate_by_kdc_policy)61 void set_delegate_by_kdc_policy(bool delegate_by_kdc_policy) { 62 delegate_by_kdc_policy_ = delegate_by_kdc_policy; 63 } 64 delegate_by_kdc_policy()65 bool delegate_by_kdc_policy() const { return delegate_by_kdc_policy_; } 66 set_negotiate_disable_cname_lookup(bool negotiate_disable_cname_lookup)67 void set_negotiate_disable_cname_lookup(bool negotiate_disable_cname_lookup) { 68 negotiate_disable_cname_lookup_ = negotiate_disable_cname_lookup; 69 } 70 set_negotiate_enable_port(bool negotiate_enable_port)71 void set_negotiate_enable_port(bool negotiate_enable_port) { 72 negotiate_enable_port_ = negotiate_enable_port; 73 } 74 75 // Return |true| if the browser should allow attempts to use HTTP Basic auth 76 // on non-secure HTTP connections. basic_over_http_enabled()77 bool basic_over_http_enabled() const { return basic_over_http_enabled_; } 78 set_basic_over_http_enabled(bool allow_http)79 void set_basic_over_http_enabled(bool allow_http) { 80 basic_over_http_enabled_ = allow_http; 81 } 82 83 #if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) set_ntlm_v2_enabled(bool ntlm_v2_enabled)84 void set_ntlm_v2_enabled(bool ntlm_v2_enabled) { 85 ntlm_v2_enabled_ = ntlm_v2_enabled; 86 } 87 #endif // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 88 89 #if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) set_allow_gssapi_library_load(bool allow_gssapi_library_load)90 void set_allow_gssapi_library_load(bool allow_gssapi_library_load) { 91 allow_gssapi_library_load_ = allow_gssapi_library_load; 92 } 93 #endif // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) 94 allowed_schemes()95 const std::optional<std::set<std::string>>& allowed_schemes() const { 96 return allowed_schemes_; 97 } 98 set_allowed_schemes(const std::optional<std::set<std::string>> & allowed_schemes)99 void set_allowed_schemes( 100 const std::optional<std::set<std::string>>& allowed_schemes) { 101 allowed_schemes_ = allowed_schemes; 102 } 103 set_http_auth_scheme_filter(base::RepeatingCallback<bool (const url::SchemeHostPort &)> && filter)104 void set_http_auth_scheme_filter( 105 base::RepeatingCallback<bool(const url::SchemeHostPort&)>&& filter) { 106 http_auth_scheme_filter_ = std::move(filter); 107 } 108 109 bool IsAllowedToUseAllHttpAuthSchemes(const url::SchemeHostPort& url) const; 110 111 void SetServerAllowlist(const std::string& server_allowlist); 112 113 void SetDelegateAllowlist(const std::string& delegate_allowlist); 114 115 void SetAllowDefaultCredentials(DefaultCredentials creds); 116 117 #if BUILDFLAG(IS_ANDROID) set_auth_android_negotiate_account_type(const std::string & account_type)118 void set_auth_android_negotiate_account_type( 119 const std::string& account_type) { 120 auth_android_negotiate_account_type_ = account_type; 121 } 122 #endif // BUILDFLAG(IS_ANDROID) 123 124 private: 125 bool delegate_by_kdc_policy_ = false; 126 bool negotiate_disable_cname_lookup_ = false; 127 bool negotiate_enable_port_ = false; 128 bool basic_over_http_enabled_ = true; 129 130 DefaultCredentials allow_default_credentials_ = ALLOW_DEFAULT_CREDENTIALS; 131 132 #if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 133 bool ntlm_v2_enabled_ = true; 134 #endif // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 135 136 #if BUILDFLAG(IS_ANDROID) 137 std::string auth_android_negotiate_account_type_; 138 #endif // BUILDFLAG(IS_ANDROID) 139 140 #if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) 141 bool allow_gssapi_library_load_ = true; 142 #endif // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) 143 144 std::optional<std::set<std::string>> allowed_schemes_; 145 std::unique_ptr<URLSecurityManager> security_manager_; 146 base::RepeatingCallback<bool(const url::SchemeHostPort&)> 147 http_auth_scheme_filter_ = 148 base::RepeatingCallback<bool(const url::SchemeHostPort&)>(); 149 }; 150 151 } // namespace net 152 153 #endif // NET_HTTP_HTTP_AUTH_PREFERENCES_H_ 154