chromium/net/http/http_auth_preferences.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_HTTP_HTTP_AUTH_PREFERENCES_H_
#define NET_HTTP_HTTP_AUTH_PREFERENCES_H_

#include <memory>
#include <set>
#include <string>

#include "base/callback.h"
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
#include "net/base/net_export.h"
#include "net/http/http_auth.h"
#include "third_party/abseil-cpp/absl/types/optional.h"

namespace url {
class SchemeHostPort;
}

namespace net {

class URLSecurityManager;

// Manage the preferences needed for authentication, and provide a cache of
// them accessible from the IO thread.
class NET_EXPORT HttpAuthPreferences {
 public:
  // |DefaultCredentials| influences the behavior of codepaths that use
  // IdentitySource::IDENT_SRC_DEFAULT_CREDENTIALS in |HttpAuthController|
  enum DefaultCredentials {
    DISALLOW_DEFAULT_CREDENTIALS = 0,
    ALLOW_DEFAULT_CREDENTIALS = 1,
  };

  HttpAuthPreferences();

  HttpAuthPreferences(const HttpAuthPreferences&) = delete;
  HttpAuthPreferences& operator=(const HttpAuthPreferences&) = delete;

  virtual ~HttpAuthPreferences();

  virtual bool NegotiateDisableCnameLookup() const;
  virtual bool NegotiateEnablePort() const;
#if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
  virtual bool NtlmV2Enabled() const;
#endif  // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
#if BUILDFLAG(IS_ANDROID)
  virtual std::string AuthAndroidNegotiateAccountType() const;
#endif
#if BUILDFLAG(IS_CHROMEOS)
  virtual bool AllowGssapiLibraryLoad() const;
#endif  // BUILDFLAG(IS_CHROMEOS)
  virtual bool CanUseDefaultCredentials(
      const url::SchemeHostPort& auth_scheme_host_port) const;
  virtual HttpAuth::DelegationType GetDelegationType(
      const url::SchemeHostPort& auth_scheme_host_port) const;

  void set_delegate_by_kdc_policy(bool delegate_by_kdc_policy) {
    delegate_by_kdc_policy_ = delegate_by_kdc_policy;
  }

  bool delegate_by_kdc_policy() const { return delegate_by_kdc_policy_; }

  void set_negotiate_disable_cname_lookup(bool negotiate_disable_cname_lookup) {
    negotiate_disable_cname_lookup_ = negotiate_disable_cname_lookup;
  }

  void set_negotiate_enable_port(bool negotiate_enable_port) {
    negotiate_enable_port_ = negotiate_enable_port;
  }

  // Return |true| if the browser should allow attempts to use HTTP Basic auth
  // on non-secure HTTP connections.
  bool basic_over_http_enabled() const { return basic_over_http_enabled_; }

  void set_basic_over_http_enabled(bool allow_http) {
    basic_over_http_enabled_ = allow_http;
  }

#if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
  void set_ntlm_v2_enabled(bool ntlm_v2_enabled) {
    ntlm_v2_enabled_ = ntlm_v2_enabled;
  }
#endif  // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)

#if BUILDFLAG(IS_CHROMEOS)
  void set_allow_gssapi_library_load(bool allow_gssapi_library_load) {
    allow_gssapi_library_load_ = allow_gssapi_library_load;
  }
#endif  // BUILDFLAG(IS_CHROMEOS)

  const absl::optional<std::set<std::string>>& allowed_schemes() const {
    return allowed_schemes_;
  }

  void set_allowed_schemes(
      const absl::optional<std::set<std::string>>& allowed_schemes) {
    allowed_schemes_ = allowed_schemes;
  }

  void set_http_auth_scheme_filter(
      base::RepeatingCallback<bool(const url::SchemeHostPort&)>&& filter) {
    http_auth_scheme_filter_ = std::move(filter);
  }

  bool IsAllowedToUseAllHttpAuthSchemes(const url::SchemeHostPort& url) const;

  void SetServerAllowlist(const std::string& server_allowlist);

  void SetDelegateAllowlist(const std::string& delegate_allowlist);

  void SetAllowDefaultCredentials(DefaultCredentials creds);

#if BUILDFLAG(IS_ANDROID)
  void set_auth_android_negotiate_account_type(
      const std::string& account_type) {
    auth_android_negotiate_account_type_ = account_type;
  }
#endif  // BUILDFLAG(IS_ANDROID)

 private:
  bool delegate_by_kdc_policy_ = false;
  bool negotiate_disable_cname_lookup_ = false;
  bool negotiate_enable_port_ = false;
  bool basic_over_http_enabled_ = true;

  DefaultCredentials allow_default_credentials_ = ALLOW_DEFAULT_CREDENTIALS;

#if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
  bool ntlm_v2_enabled_ = true;
#endif  // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)

#if BUILDFLAG(IS_ANDROID)
  std::string auth_android_negotiate_account_type_;
#endif  // BUILDFLAG(IS_ANDROID)

#if BUILDFLAG(IS_CHROMEOS)
  bool allow_gssapi_library_load_ = true;
#endif  // BUILDFLAG(IS_CHROMEOS)

  absl::optional<std::set<std::string>> allowed_schemes_;
  std::unique_ptr<URLSecurityManager> security_manager_;
  base::RepeatingCallback<bool(const url::SchemeHostPort&)>
      http_auth_scheme_filter_ =
          base::RepeatingCallback<bool(const url::SchemeHostPort&)>();
};

}  // namespace net

#endif  // NET_HTTP_HTTP_AUTH_PREFERENCES_H_