diff --git a/extensions/auth/nsHttpNegotiateAuth.cpp b/extensions/auth/nsHttpNegotiateAuth.cpp index 99c845ee80b3..d858a4dda42d 100644 --- a/extensions/auth/nsHttpNegotiateAuth.cpp +++ b/extensions/auth/nsHttpNegotiateAuth.cpp @@ -53,6 +53,7 @@ static const char kNegotiateAuthDelegationURIs[] = "network.negotiate-auth.deleg static const char kNegotiateAuthAllowProxies[] = "network.negotiate-auth.allow-proxies"; static const char kNegotiateAuthAllowNonFqdn[] = "network.negotiate-auth.allow-non-fqdn"; static const char kNegotiateAuthSSPI[] = "network.auth.use-sspi"; +static const char kSSOinPBmode[] = "network.auth.private-browsing-sso"; #define kNegotiateLen (sizeof(kNegotiate)-1) #define DEFAULT_THREAD_TIMEOUT_MS 30000 @@ -61,8 +62,14 @@ static const char kNegotiateAuthSSPI[] = "network.auth.use-sspi"; // Return false when the channel comes from a Private browsing window. static bool -TestNotInPBMode(nsIHttpAuthenticableChannel *authChannel) +TestNotInPBMode(nsIHttpAuthenticableChannel *authChannel, bool proxyAuth) { + // Proxy should go all the time, it's not considered a privacy leak + // to send default credentials to a proxy. + if (proxyAuth) { + return true; + } + nsCOMPtr bareChannel = do_QueryInterface(authChannel); MOZ_ASSERT(bareChannel); @@ -71,18 +78,21 @@ TestNotInPBMode(nsIHttpAuthenticableChannel *authChannel) } nsCOMPtr prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); - if (!prefs) { - return true; - } + if (prefs) { + bool ssoInPb; + if (NS_SUCCEEDED(prefs->GetBoolPref(kSSOinPBmode, &ssoInPb)) && ssoInPb) { + return true; + } - // When the "Never remember history" option is set, all channels are - // set PB mode flag, but here we want to make an exception, users - // want their credentials go out. - bool dontRememberHistory; - if (NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart", - &dontRememberHistory)) && - dontRememberHistory) { - return true; + // When the "Never remember history" option is set, all channels are + // set PB mode flag, but here we want to make an exception, users + // want their credentials go out. + bool dontRememberHistory; + if (NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart", + &dontRememberHistory)) && + dontRememberHistory) { + return true; + } } return false; @@ -149,7 +159,7 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel *authChannel, proxyInfo->GetHost(service); } else { - bool allowed = TestNotInPBMode(authChannel) && + bool allowed = TestNotInPBMode(authChannel, isProxyAuth) && (TestNonFqdn(uri) || TestPref(uri, kNegotiateAuthTrustedURIs)); if (!allowed) { diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index 2e9c9186a8ee..a7fccfed6cc7 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -1964,6 +1964,18 @@ pref("network.generic-ntlm-auth.workstation", "WORKSTATION"); // 2 - allow the cross-origin authentication as well. pref("network.auth.subresource-http-auth-allow", 2); +// This preference controls whether to allow sending default credentials (SSO) to +// NTLM/Negotiate servers allowed in the "trusted uri" list when navigating them +// in a Private Browsing window. +// If set to false, Private Browsing windows will not use default credentials and ask +// for credentials from the user explicitly. +// If set to true, and a server URL conforms other conditions for sending default +// credentials, those will be sent automatically in Private Browsing windows. +// +// This preference has no effect when the browser is set to "Never Remember History", +// in that case default credentials will always be used. +pref("network.auth.private-browsing-sso", false); + pref("permissions.default.image", 1); // 1-Accept, 2-Deny, 3-dontAcceptForeign pref("network.proxy.type", 5); diff --git a/netwerk/protocol/http/nsHttpNTLMAuth.cpp b/netwerk/protocol/http/nsHttpNTLMAuth.cpp index 9d7c6150aac9..f81927373a7b 100644 --- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp +++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp @@ -37,6 +37,7 @@ static const char kAllowProxies[] = "network.automatic-ntlm-auth.allow-proxies"; static const char kAllowNonFqdn[] = "network.automatic-ntlm-auth.allow-non-fqdn"; static const char kTrustedURIs[] = "network.automatic-ntlm-auth.trusted-uris"; static const char kForceGeneric[] = "network.auth.force-generic-ntlm"; +static const char kSSOinPBmode[] = "network.auth.private-browsing-sso"; // XXX MatchesBaseURI and TestPref are duplicated in nsHttpNegotiateAuth.cpp, // but since that file lives in a separate library we cannot directly share it. @@ -188,27 +189,12 @@ CanUseDefaultCredentials(nsIHttpAuthenticableChannel *channel, bool isProxyAuth) { nsCOMPtr prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); - - // Prevent using default credentials for authentication when we are in the - // private browsing mode. It would cause a privacy data leak. - nsCOMPtr bareChannel = do_QueryInterface(channel); - MOZ_ASSERT(bareChannel); - - if (NS_UsePrivateBrowsing(bareChannel)) { - // But allow when in the "Never remember history" mode. - bool dontRememberHistory; - if (prefs && - NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart", - &dontRememberHistory)) && - !dontRememberHistory) { - return false; - } - } - if (!prefs) { return false; } + // Proxy should go all the time, it's not considered a privacy leak + // to send default credentials to a proxy. if (isProxyAuth) { bool val; if (NS_FAILED(prefs->GetBoolPref(kAllowProxies, &val))) @@ -217,6 +203,27 @@ CanUseDefaultCredentials(nsIHttpAuthenticableChannel *channel, return val; } + // Prevent using default credentials for authentication when we are in the + // private browsing mode (but not in "never remember history" mode) and when + // not explicitely allowed. Otherwise, it would cause a privacy data leak. + nsCOMPtr bareChannel = do_QueryInterface(channel); + MOZ_ASSERT(bareChannel); + + if (NS_UsePrivateBrowsing(bareChannel)) { + bool ssoInPb; + if (NS_SUCCEEDED(prefs->GetBoolPref(kSSOinPBmode, &ssoInPb)) && + ssoInPb) { + return true; + } + + bool dontRememberHistory; + if (NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart", + &dontRememberHistory)) && + !dontRememberHistory) { + return false; + } + } + nsCOMPtr uri; channel->GetURI(getter_AddRefs(uri));