• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2011 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/http/url_security_manager.h"
6 
7 #include <urlmon.h>
8 #include <wrl/client.h>
9 
10 #include "base/debug/crash_logging.h"
11 #include "base/debug/dump_without_crashing.h"
12 #include "base/logging.h"
13 #include "base/notreached.h"
14 #include "base/strings/string_util.h"
15 #include "base/strings/utf_string_conversions.h"
16 #include "net/http/http_auth_filter.h"
17 #include "url/scheme_host_port.h"
18 
19 // The Windows implementation of URLSecurityManager uses WinINet/IE's
20 // URL security zone manager.  See the MSDN page "URL Security Zones" at
21 // http://msdn.microsoft.com/en-us/library/ms537021(VS.85).aspx for more
22 // info on the Internet Security Manager and Internet Zone Manager objects.
23 //
24 // On Windows, we honor the WinINet/IE settings and group policy related to
25 // URL Security Zones.  See the Microsoft Knowledge Base article 182569
26 // "Internet Explorer security zones registry entries for advanced users"
27 // (http://support.microsoft.com/kb/182569) for more info on these registry
28 // keys.
29 
30 namespace net {
31 
32 class URLSecurityManagerWin : public URLSecurityManagerAllowlist {
33  public:
34   URLSecurityManagerWin();
35 
36   URLSecurityManagerWin(const URLSecurityManagerWin&) = delete;
37   URLSecurityManagerWin& operator=(const URLSecurityManagerWin&) = delete;
38 
39   ~URLSecurityManagerWin() override;
40 
41   // URLSecurityManager methods:
42   bool CanUseDefaultCredentials(
43       const url::SchemeHostPort& auth_scheme_host_port) const override;
44 
45  private:
46   bool EnsureSystemSecurityManager();
47 
48   Microsoft::WRL::ComPtr<IInternetSecurityManager> security_manager_;
49 };
50 
51 URLSecurityManagerWin::URLSecurityManagerWin() = default;
52 URLSecurityManagerWin::~URLSecurityManagerWin() = default;
53 
CanUseDefaultCredentials(const url::SchemeHostPort & auth_scheme_host_port) const54 bool URLSecurityManagerWin::CanUseDefaultCredentials(
55     const url::SchemeHostPort& auth_scheme_host_port) const {
56   if (HasDefaultAllowlist())
57     return URLSecurityManagerAllowlist::CanUseDefaultCredentials(
58         auth_scheme_host_port);
59   if (!const_cast<URLSecurityManagerWin*>(this)->EnsureSystemSecurityManager())
60     return false;
61 
62   std::u16string url16 = base::ASCIIToUTF16(auth_scheme_host_port.Serialize());
63   DWORD policy = 0;
64   HRESULT hr;
65   hr = security_manager_->ProcessUrlAction(
66       base::as_wcstr(url16), URLACTION_CREDENTIALS_USE,
67       reinterpret_cast<BYTE*>(&policy), sizeof(policy), nullptr, 0, PUAF_NOUI,
68       0);
69   if (FAILED(hr)) {
70     LOG(ERROR) << "IInternetSecurityManager::ProcessUrlAction failed: " << hr;
71     return false;
72   }
73 
74   // Four possible policies for URLACTION_CREDENTIALS_USE.  See the MSDN page
75   // "About URL Security Zones" at
76   // http://msdn.microsoft.com/en-us/library/ms537183(VS.85).aspx
77   switch (policy) {
78     case URLPOLICY_CREDENTIALS_SILENT_LOGON_OK:
79       return true;
80     case URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT: {
81       // This policy means "prompt the user for permission if the resource is
82       // not located in the Intranet zone".  TODO(wtc): Note that it's
83       // prompting for permission (to use the default credentials), as opposed
84       // to prompting the user to enter a user name and password.
85 
86       // URLZONE_LOCAL_MACHINE 0
87       // URLZONE_INTRANET      1
88       // URLZONE_TRUSTED       2
89       // URLZONE_INTERNET      3
90       // URLZONE_UNTRUSTED     4
91       DWORD zone = 0;
92       hr = security_manager_->MapUrlToZone(base::as_wcstr(url16), &zone, 0);
93       if (FAILED(hr)) {
94         LOG(ERROR) << "IInternetSecurityManager::MapUrlToZone failed: " << hr;
95         return false;
96       }
97       return zone <= URLZONE_INTRANET;
98     }
99     case URLPOLICY_CREDENTIALS_MUST_PROMPT_USER:
100       return false;
101     case URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY:
102       // TODO(wtc): we should fail the authentication.
103       return false;
104     default:
105       LOG(ERROR) << "Unexpected policy: " << policy;
106       SCOPED_CRASH_KEY_NUMBER("CanUseDefaultCredentials", "policy", policy);
107       base::debug::DumpWithoutCrashing();
108       return false;
109   }
110 }
111 // TODO(cbentzel): Could CanDelegate use the security zone as well?
112 
EnsureSystemSecurityManager()113 bool URLSecurityManagerWin::EnsureSystemSecurityManager() {
114   if (!security_manager_.Get()) {
115     HRESULT hr =
116         CoInternetCreateSecurityManager(nullptr, &security_manager_, 0);
117     if (FAILED(hr) || !security_manager_.Get()) {
118       LOG(ERROR) << "Unable to create the Windows Security Manager instance";
119       return false;
120     }
121   }
122   return true;
123 }
124 
125 // static
Create()126 std::unique_ptr<URLSecurityManager> URLSecurityManager::Create() {
127   return std::make_unique<URLSecurityManagerWin>();
128 }
129 
130 }  //  namespace net
131