Bug 1313016 - Pref to send default NTLM creds in PB, Always send default creds to proxies in PB. r=jduell

--HG-- extra : rebase_source : 621085462a44307ef018533b04398be9383b9dba extra : source : d1ef75d52b01dbd1f3185084836f48fda8262691
2024-10-09 03:15:11 +00:00 · 2016-11-11 03:45:00 -05:00 · 2016-11-11 03:45:00 -05:00 · 3a99264fc4
commit 3a99264fc4
parent bfd51f89f4
3 changed files with 59 additions and 30 deletions
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@ -53,6 +53,7 @@ static const char kNegotiateAuthDelegationURIs[] = "network.negotiate-auth.deleg
 static const char kNegotiateAuthAllowProxies[] = "network.negotiate-auth.allow-proxies";
 static const char kNegotiateAuthAllowNonFqdn[] = "network.negotiate-auth.allow-non-fqdn";
 static const char kNegotiateAuthSSPI[] = "network.auth.use-sspi";
+static const char kSSOinPBmode[] = "network.auth.private-browsing-sso";

 #define kNegotiateLen  (sizeof(kNegotiate)-1)
 #define DEFAULT_THREAD_TIMEOUT_MS 30000
@ -61,8 +62,14 @@ static const char kNegotiateAuthSSPI[] = "network.auth.use-sspi";

 // Return false when the channel comes from a Private browsing window.
 static bool
-TestNotInPBMode(nsIHttpAuthenticableChannel *authChannel)
+TestNotInPBMode(nsIHttpAuthenticableChannel *authChannel, bool proxyAuth)
 {
+    // Proxy should go all the time, it's not considered a privacy leak
+    // to send default credentials to a proxy.
+    if (proxyAuth) {
+        return true;
+    }
+
    nsCOMPtr<nsIChannel> bareChannel = do_QueryInterface(authChannel);
    MOZ_ASSERT(bareChannel);

@ -71,18 +78,21 @@ TestNotInPBMode(nsIHttpAuthenticableChannel *authChannel)
    }

    nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
-    if (!prefs) {
-        return true;
-    }
+    if (prefs) {
+        bool ssoInPb;
+        if (NS_SUCCEEDED(prefs->GetBoolPref(kSSOinPBmode, &ssoInPb)) && ssoInPb) {
+            return true;
+        }

-    // When the "Never remember history" option is set, all channels are
-    // set PB mode flag, but here we want to make an exception, users
-    // want their credentials go out.
-    bool dontRememberHistory;
-    if (NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart",
-                                        &dontRememberHistory)) &&
-        dontRememberHistory) {
-        return true;
+        // When the "Never remember history" option is set, all channels are
+        // set PB mode flag, but here we want to make an exception, users
+        // want their credentials go out.
+        bool dontRememberHistory;
+        if (NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart",
+                                            &dontRememberHistory)) &&
+            dontRememberHistory) {
+            return true;
+        }
    }

    return false;
@ -149,7 +159,7 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel *authChannel,
        proxyInfo->GetHost(service);
    }
    else {
-        bool allowed = TestNotInPBMode(authChannel) &&
+        bool allowed = TestNotInPBMode(authChannel, isProxyAuth) &&
                       (TestNonFqdn(uri) ||
                       TestPref(uri, kNegotiateAuthTrustedURIs));
        if (!allowed) {
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -1964,6 +1964,18 @@ pref("network.generic-ntlm-auth.workstation", "WORKSTATION");
 //   2 - allow the cross-origin authentication as well.
 pref("network.auth.subresource-http-auth-allow", 2);

+// This preference controls whether to allow sending default credentials (SSO) to
+// NTLM/Negotiate servers allowed in the "trusted uri" list when navigating them
+// in a Private Browsing window.
+// If set to false, Private Browsing windows will not use default credentials and ask
+// for credentials from the user explicitly.
+// If set to true, and a server URL conforms other conditions for sending default
+// credentials, those will be sent automatically in Private Browsing windows.
+//
+// This preference has no effect when the browser is set to "Never Remember History",
+// in that case default credentials will always be used.
+pref("network.auth.private-browsing-sso", false);
+
 pref("permissions.default.image",           1); // 1-Accept, 2-Deny, 3-dontAcceptForeign

 pref("network.proxy.type",                  5);
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@ -37,6 +37,7 @@ static const char kAllowProxies[] = "network.automatic-ntlm-auth.allow-proxies";
 static const char kAllowNonFqdn[] = "network.automatic-ntlm-auth.allow-non-fqdn";
 static const char kTrustedURIs[]  = "network.automatic-ntlm-auth.trusted-uris";
 static const char kForceGeneric[] = "network.auth.force-generic-ntlm";
+static const char kSSOinPBmode[] = "network.auth.private-browsing-sso";

 // XXX MatchesBaseURI and TestPref are duplicated in nsHttpNegotiateAuth.cpp,
 // but since that file lives in a separate library we cannot directly share it.
@ -188,27 +189,12 @@ CanUseDefaultCredentials(nsIHttpAuthenticableChannel *channel,
                         bool isProxyAuth)
 {
    nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
-
-    // Prevent using default credentials for authentication when we are in the
-    // private browsing mode.  It would cause a privacy data leak.
-    nsCOMPtr<nsIChannel> bareChannel = do_QueryInterface(channel);
-    MOZ_ASSERT(bareChannel);
-
-    if (NS_UsePrivateBrowsing(bareChannel)) {
-        // But allow when in the "Never remember history" mode.
-        bool dontRememberHistory;
-        if (prefs &&
-            NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart",
-                                            &dontRememberHistory)) &&
-            !dontRememberHistory) {
-            return false;
-        }
-    }
-
    if (!prefs) {
        return false;
    }

+    // Proxy should go all the time, it's not considered a privacy leak
+    // to send default credentials to a proxy.
    if (isProxyAuth) {
        bool val;
        if (NS_FAILED(prefs->GetBoolPref(kAllowProxies, &val)))
@ -217,6 +203,27 @@ CanUseDefaultCredentials(nsIHttpAuthenticableChannel *channel,
        return val;
    }

+    // Prevent using default credentials for authentication when we are in the
+    // private browsing mode (but not in "never remember history" mode) and when
+    // not explicitely allowed.  Otherwise, it would cause a privacy data leak.
+    nsCOMPtr<nsIChannel> bareChannel = do_QueryInterface(channel);
+    MOZ_ASSERT(bareChannel);
+
+    if (NS_UsePrivateBrowsing(bareChannel)) {
+        bool ssoInPb;
+        if (NS_SUCCEEDED(prefs->GetBoolPref(kSSOinPBmode, &ssoInPb)) &&
+            ssoInPb) {
+            return true;
+        }
+
+        bool dontRememberHistory;
+        if (NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart",
+                                            &dontRememberHistory)) &&
+            !dontRememberHistory) {
+            return false;
+        }
+    }
+
    nsCOMPtr<nsIURI> uri;
    channel->GetURI(getter_AddRefs(uri));