1*6777b538SAndroid Build Coastguard Worker // Copyright 2015 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_HTTP_HTTP_AUTH_PREFERENCES_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_HTTP_HTTP_AUTH_PREFERENCES_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <memory> 9*6777b538SAndroid Build Coastguard Worker #include <optional> 10*6777b538SAndroid Build Coastguard Worker #include <set> 11*6777b538SAndroid Build Coastguard Worker #include <string> 12*6777b538SAndroid Build Coastguard Worker 13*6777b538SAndroid Build Coastguard Worker #include "base/functional/callback.h" 14*6777b538SAndroid Build Coastguard Worker #include "build/build_config.h" 15*6777b538SAndroid Build Coastguard Worker #include "build/chromeos_buildflags.h" 16*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 17*6777b538SAndroid Build Coastguard Worker #include "net/http/http_auth.h" 18*6777b538SAndroid Build Coastguard Worker 19*6777b538SAndroid Build Coastguard Worker namespace url { 20*6777b538SAndroid Build Coastguard Worker class SchemeHostPort; 21*6777b538SAndroid Build Coastguard Worker } 22*6777b538SAndroid Build Coastguard Worker 23*6777b538SAndroid Build Coastguard Worker namespace net { 24*6777b538SAndroid Build Coastguard Worker 25*6777b538SAndroid Build Coastguard Worker class URLSecurityManager; 26*6777b538SAndroid Build Coastguard Worker 27*6777b538SAndroid Build Coastguard Worker // Manage the preferences needed for authentication, and provide a cache of 28*6777b538SAndroid Build Coastguard Worker // them accessible from the IO thread. 29*6777b538SAndroid Build Coastguard Worker class NET_EXPORT HttpAuthPreferences { 30*6777b538SAndroid Build Coastguard Worker public: 31*6777b538SAndroid Build Coastguard Worker // |DefaultCredentials| influences the behavior of codepaths that use 32*6777b538SAndroid Build Coastguard Worker // IdentitySource::IDENT_SRC_DEFAULT_CREDENTIALS in |HttpAuthController| 33*6777b538SAndroid Build Coastguard Worker enum DefaultCredentials { 34*6777b538SAndroid Build Coastguard Worker DISALLOW_DEFAULT_CREDENTIALS = 0, 35*6777b538SAndroid Build Coastguard Worker ALLOW_DEFAULT_CREDENTIALS = 1, 36*6777b538SAndroid Build Coastguard Worker }; 37*6777b538SAndroid Build Coastguard Worker 38*6777b538SAndroid Build Coastguard Worker HttpAuthPreferences(); 39*6777b538SAndroid Build Coastguard Worker 40*6777b538SAndroid Build Coastguard Worker HttpAuthPreferences(const HttpAuthPreferences&) = delete; 41*6777b538SAndroid Build Coastguard Worker HttpAuthPreferences& operator=(const HttpAuthPreferences&) = delete; 42*6777b538SAndroid Build Coastguard Worker 43*6777b538SAndroid Build Coastguard Worker virtual ~HttpAuthPreferences(); 44*6777b538SAndroid Build Coastguard Worker 45*6777b538SAndroid Build Coastguard Worker virtual bool NegotiateDisableCnameLookup() const; 46*6777b538SAndroid Build Coastguard Worker virtual bool NegotiateEnablePort() const; 47*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 48*6777b538SAndroid Build Coastguard Worker virtual bool NtlmV2Enabled() const; 49*6777b538SAndroid Build Coastguard Worker #endif // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 50*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_ANDROID) 51*6777b538SAndroid Build Coastguard Worker virtual std::string AuthAndroidNegotiateAccountType() const; 52*6777b538SAndroid Build Coastguard Worker #endif 53*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) 54*6777b538SAndroid Build Coastguard Worker virtual bool AllowGssapiLibraryLoad() const; 55*6777b538SAndroid Build Coastguard Worker #endif // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) 56*6777b538SAndroid Build Coastguard Worker virtual bool CanUseDefaultCredentials( 57*6777b538SAndroid Build Coastguard Worker const url::SchemeHostPort& auth_scheme_host_port) const; 58*6777b538SAndroid Build Coastguard Worker virtual HttpAuth::DelegationType GetDelegationType( 59*6777b538SAndroid Build Coastguard Worker const url::SchemeHostPort& auth_scheme_host_port) const; 60*6777b538SAndroid Build Coastguard Worker set_delegate_by_kdc_policy(bool delegate_by_kdc_policy)61*6777b538SAndroid Build Coastguard Worker void set_delegate_by_kdc_policy(bool delegate_by_kdc_policy) { 62*6777b538SAndroid Build Coastguard Worker delegate_by_kdc_policy_ = delegate_by_kdc_policy; 63*6777b538SAndroid Build Coastguard Worker } 64*6777b538SAndroid Build Coastguard Worker delegate_by_kdc_policy()65*6777b538SAndroid Build Coastguard Worker bool delegate_by_kdc_policy() const { return delegate_by_kdc_policy_; } 66*6777b538SAndroid Build Coastguard Worker set_negotiate_disable_cname_lookup(bool negotiate_disable_cname_lookup)67*6777b538SAndroid Build Coastguard Worker void set_negotiate_disable_cname_lookup(bool negotiate_disable_cname_lookup) { 68*6777b538SAndroid Build Coastguard Worker negotiate_disable_cname_lookup_ = negotiate_disable_cname_lookup; 69*6777b538SAndroid Build Coastguard Worker } 70*6777b538SAndroid Build Coastguard Worker set_negotiate_enable_port(bool negotiate_enable_port)71*6777b538SAndroid Build Coastguard Worker void set_negotiate_enable_port(bool negotiate_enable_port) { 72*6777b538SAndroid Build Coastguard Worker negotiate_enable_port_ = negotiate_enable_port; 73*6777b538SAndroid Build Coastguard Worker } 74*6777b538SAndroid Build Coastguard Worker 75*6777b538SAndroid Build Coastguard Worker // Return |true| if the browser should allow attempts to use HTTP Basic auth 76*6777b538SAndroid Build Coastguard Worker // on non-secure HTTP connections. basic_over_http_enabled()77*6777b538SAndroid Build Coastguard Worker bool basic_over_http_enabled() const { return basic_over_http_enabled_; } 78*6777b538SAndroid Build Coastguard Worker set_basic_over_http_enabled(bool allow_http)79*6777b538SAndroid Build Coastguard Worker void set_basic_over_http_enabled(bool allow_http) { 80*6777b538SAndroid Build Coastguard Worker basic_over_http_enabled_ = allow_http; 81*6777b538SAndroid Build Coastguard Worker } 82*6777b538SAndroid Build Coastguard Worker 83*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) set_ntlm_v2_enabled(bool ntlm_v2_enabled)84*6777b538SAndroid Build Coastguard Worker void set_ntlm_v2_enabled(bool ntlm_v2_enabled) { 85*6777b538SAndroid Build Coastguard Worker ntlm_v2_enabled_ = ntlm_v2_enabled; 86*6777b538SAndroid Build Coastguard Worker } 87*6777b538SAndroid Build Coastguard Worker #endif // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 88*6777b538SAndroid Build Coastguard Worker 89*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) set_allow_gssapi_library_load(bool allow_gssapi_library_load)90*6777b538SAndroid Build Coastguard Worker void set_allow_gssapi_library_load(bool allow_gssapi_library_load) { 91*6777b538SAndroid Build Coastguard Worker allow_gssapi_library_load_ = allow_gssapi_library_load; 92*6777b538SAndroid Build Coastguard Worker } 93*6777b538SAndroid Build Coastguard Worker #endif // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) 94*6777b538SAndroid Build Coastguard Worker allowed_schemes()95*6777b538SAndroid Build Coastguard Worker const std::optional<std::set<std::string>>& allowed_schemes() const { 96*6777b538SAndroid Build Coastguard Worker return allowed_schemes_; 97*6777b538SAndroid Build Coastguard Worker } 98*6777b538SAndroid Build Coastguard Worker set_allowed_schemes(const std::optional<std::set<std::string>> & allowed_schemes)99*6777b538SAndroid Build Coastguard Worker void set_allowed_schemes( 100*6777b538SAndroid Build Coastguard Worker const std::optional<std::set<std::string>>& allowed_schemes) { 101*6777b538SAndroid Build Coastguard Worker allowed_schemes_ = allowed_schemes; 102*6777b538SAndroid Build Coastguard Worker } 103*6777b538SAndroid Build Coastguard Worker set_http_auth_scheme_filter(base::RepeatingCallback<bool (const url::SchemeHostPort &)> && filter)104*6777b538SAndroid Build Coastguard Worker void set_http_auth_scheme_filter( 105*6777b538SAndroid Build Coastguard Worker base::RepeatingCallback<bool(const url::SchemeHostPort&)>&& filter) { 106*6777b538SAndroid Build Coastguard Worker http_auth_scheme_filter_ = std::move(filter); 107*6777b538SAndroid Build Coastguard Worker } 108*6777b538SAndroid Build Coastguard Worker 109*6777b538SAndroid Build Coastguard Worker bool IsAllowedToUseAllHttpAuthSchemes(const url::SchemeHostPort& url) const; 110*6777b538SAndroid Build Coastguard Worker 111*6777b538SAndroid Build Coastguard Worker void SetServerAllowlist(const std::string& server_allowlist); 112*6777b538SAndroid Build Coastguard Worker 113*6777b538SAndroid Build Coastguard Worker void SetDelegateAllowlist(const std::string& delegate_allowlist); 114*6777b538SAndroid Build Coastguard Worker 115*6777b538SAndroid Build Coastguard Worker void SetAllowDefaultCredentials(DefaultCredentials creds); 116*6777b538SAndroid Build Coastguard Worker 117*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_ANDROID) set_auth_android_negotiate_account_type(const std::string & account_type)118*6777b538SAndroid Build Coastguard Worker void set_auth_android_negotiate_account_type( 119*6777b538SAndroid Build Coastguard Worker const std::string& account_type) { 120*6777b538SAndroid Build Coastguard Worker auth_android_negotiate_account_type_ = account_type; 121*6777b538SAndroid Build Coastguard Worker } 122*6777b538SAndroid Build Coastguard Worker #endif // BUILDFLAG(IS_ANDROID) 123*6777b538SAndroid Build Coastguard Worker 124*6777b538SAndroid Build Coastguard Worker private: 125*6777b538SAndroid Build Coastguard Worker bool delegate_by_kdc_policy_ = false; 126*6777b538SAndroid Build Coastguard Worker bool negotiate_disable_cname_lookup_ = false; 127*6777b538SAndroid Build Coastguard Worker bool negotiate_enable_port_ = false; 128*6777b538SAndroid Build Coastguard Worker bool basic_over_http_enabled_ = true; 129*6777b538SAndroid Build Coastguard Worker 130*6777b538SAndroid Build Coastguard Worker DefaultCredentials allow_default_credentials_ = ALLOW_DEFAULT_CREDENTIALS; 131*6777b538SAndroid Build Coastguard Worker 132*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 133*6777b538SAndroid Build Coastguard Worker bool ntlm_v2_enabled_ = true; 134*6777b538SAndroid Build Coastguard Worker #endif // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 135*6777b538SAndroid Build Coastguard Worker 136*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_ANDROID) 137*6777b538SAndroid Build Coastguard Worker std::string auth_android_negotiate_account_type_; 138*6777b538SAndroid Build Coastguard Worker #endif // BUILDFLAG(IS_ANDROID) 139*6777b538SAndroid Build Coastguard Worker 140*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) 141*6777b538SAndroid Build Coastguard Worker bool allow_gssapi_library_load_ = true; 142*6777b538SAndroid Build Coastguard Worker #endif // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) 143*6777b538SAndroid Build Coastguard Worker 144*6777b538SAndroid Build Coastguard Worker std::optional<std::set<std::string>> allowed_schemes_; 145*6777b538SAndroid Build Coastguard Worker std::unique_ptr<URLSecurityManager> security_manager_; 146*6777b538SAndroid Build Coastguard Worker base::RepeatingCallback<bool(const url::SchemeHostPort&)> 147*6777b538SAndroid Build Coastguard Worker http_auth_scheme_filter_ = 148*6777b538SAndroid Build Coastguard Worker base::RepeatingCallback<bool(const url::SchemeHostPort&)>(); 149*6777b538SAndroid Build Coastguard Worker }; 150*6777b538SAndroid Build Coastguard Worker 151*6777b538SAndroid Build Coastguard Worker } // namespace net 152*6777b538SAndroid Build Coastguard Worker 153*6777b538SAndroid Build Coastguard Worker #endif // NET_HTTP_HTTP_AUTH_PREFERENCES_H_ 154