Bug 647010 - Limit when HTTP authentication dialog is shown. Block cross-origin http auth prompts with pref. r=mayhemer, r=tanvi

This commit is contained in:
Dragana Damjanovic 2015-04-01 06:56:00 -04:00
parent d57a0c0e6b
commit b658f9d97e
11 changed files with 371 additions and 1 deletions

View File

@ -11,6 +11,9 @@
<script class="testbody" type="text/javascript">
SimpleTest.waitForExplicitFinish();
// Turn off the authentication dialog blocking for this test.
SpecialPowers.setIntPref("network.auth.allow-subresource-auth", 2)
var tests = [
// Not the same origin no CORS asked for, should have silence
{ url: "http://example.org:80/tests/dom/media/webaudio/test/small-shot.ogg",

View File

@ -1682,6 +1682,14 @@ pref("network.automatic-ntlm-auth.allow-proxies", true);
pref("network.automatic-ntlm-auth.allow-non-fqdn", false);
pref("network.automatic-ntlm-auth.trusted-uris", "");
// Sub-resources HTTP-authentication:
// 0 - don't allow sub-resources to open HTTP authentication credentials
// dialogs
// 1 - allow sub-resources to open HTTP authentication credentials dialogs,
// but don't allow it for cross-origin sub-resources
// 2 - allow the cross-origin authentication as well.
pref("network.auth.allow-subresource-auth", 1);
pref("permissions.default.image", 1); // 1-Accept, 2-Deny, 3-dontAcceptForeign
pref("network.proxy.type", 5);

View File

@ -7,6 +7,7 @@
// HttpLog.h should generally be included first
#include "HttpLog.h"
#include "mozilla/Preferences.h"
#include "nsHttpChannelAuthProvider.h"
#include "nsNetUtil.h"
#include "nsHttpHandler.h"
@ -22,10 +23,15 @@
#include "netCore.h"
#include "nsIHttpAuthenticableChannel.h"
#include "nsIURI.h"
#include "nsContentUtils.h"
namespace mozilla {
namespace net {
#define SUBRESOURCE_AUTH_DIALOG_DISALLOW_ALL 0
#define SUBRESOURCE_AUTH_DIALOG_DISALLOW_CROSS_ORIGIN 1
#define SUBRESOURCE_AUTH_DIALOG_ALLOW_ALL 2
static void
GetAppIdAndBrowserStatus(nsIChannel* aChan, uint32_t* aAppId, bool* aInBrowserElem)
{
@ -60,6 +66,18 @@ nsHttpChannelAuthProvider::~nsHttpChannelAuthProvider()
MOZ_ASSERT(!mAuthChannel, "Disconnect wasn't called");
}
uint32_t nsHttpChannelAuthProvider::sAuthAllowPref =
SUBRESOURCE_AUTH_DIALOG_DISALLOW_CROSS_ORIGIN;
void
nsHttpChannelAuthProvider::InitializePrefs()
{
MOZ_ASSERT(NS_IsMainThread());
mozilla::Preferences::AddUintVarCache(&sAuthAllowPref,
"network.auth.allow-subresource-auth",
SUBRESOURCE_AUTH_DIALOG_DISALLOW_CROSS_ORIGIN);
}
NS_IMETHODIMP
nsHttpChannelAuthProvider::Init(nsIHttpAuthenticableChannel *channel)
{
@ -736,6 +754,14 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
else if (authFlags & nsIHttpAuthenticator::IDENTITY_ENCRYPTED)
level = nsIAuthPrompt2::LEVEL_PW_ENCRYPTED;
// Depending on the pref setting, the authentication dialog may be
// blocked for all sub-resources, blocked for cross-origin
// sub-resources, or always allowed for sub-resources.
// For more details look at the bug 647010.
if (BlockPrompt()) {
return NS_ERROR_ABORT;
}
// at this point we are forced to interact with the user to get
// their username and password for this domain.
rv = PromptForIdentity(level, proxyAuth, realm.get(),
@ -779,6 +805,53 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
return rv;
}
bool
nsHttpChannelAuthProvider::BlockPrompt()
{
nsCOMPtr<nsIChannel> chan = do_QueryInterface(mAuthChannel);
nsCOMPtr<nsILoadInfo> loadInfo;
chan->GetLoadInfo(getter_AddRefs(loadInfo));
if (!loadInfo) {
return false;
}
// Allow if it is the top-level document or xhr.
if ((loadInfo->GetContentPolicyType() == nsIContentPolicy::TYPE_DOCUMENT) ||
(loadInfo->GetContentPolicyType() == nsIContentPolicy::TYPE_XMLHTTPREQUEST)) {
return false;
}
switch (sAuthAllowPref) {
case SUBRESOURCE_AUTH_DIALOG_DISALLOW_ALL:
// Do not open the http-authentication credentials dialog for
// the sub-resources.
return true;
break;
case SUBRESOURCE_AUTH_DIALOG_DISALLOW_CROSS_ORIGIN:
// Do not open the http-authentication credentials dialog for
// the sub-resources only if they are not cross-origin.
{
nsCOMPtr<nsIPrincipal> loadingPrincipal =
loadInfo->LoadingPrincipal();
if (!loadingPrincipal) {
return false;
}
if (NS_FAILED(loadingPrincipal->CheckMayLoad(mURI, false, false))) {
return true;
}
}
break;
case SUBRESOURCE_AUTH_DIALOG_ALLOW_ALL:
// Allow the http-authentication dialog.
return false;
default:
// This is an invalid value.
MOZ_ASSERT(false, "A non valid value!");
}
return false;
}
inline void
GetAuthType(const char *challenge, nsCString &authType)
{

View File

@ -33,7 +33,7 @@ public:
NS_DECL_NSIAUTHPROMPTCALLBACK
nsHttpChannelAuthProvider();
static void InitializePrefs();
private:
virtual ~nsHttpChannelAuthProvider();
@ -111,6 +111,12 @@ private:
*/
nsresult ProcessSTSHeader();
// Depending on the pref setting, the authentication dialog may be blocked
// for all sub-resources, blocked for cross-origin sub-resources, or
// always allowed for sub-resources.
// For more details look at the bug 647010.
bool BlockPrompt();
private:
nsIHttpAuthenticableChannel *mAuthChannel; // weak ref
@ -149,6 +155,11 @@ private:
uint32_t mSuppressDefensiveAuth : 1;
nsRefPtr<nsHttpHandler> mHttpHandler; // keep gHttpHandler alive
// A variable holding the preference settings to whether to open HTTP
// authentication credentials dialogs for sub-resources and cross-origin
// sub-resources.
static uint32_t sAuthAllowPref;
};
}} // namespace mozilla::net

View File

@ -48,6 +48,7 @@
#include "nsIMemoryReporter.h"
#include "nsIParentalControlsService.h"
#include "nsINetworkLinkService.h"
#include "nsHttpChannelAuthProvider.h"
#include "mozilla/net/NeckoChild.h"
#include "mozilla/ipc/URIUtils.h"
@ -286,6 +287,8 @@ nsHttpHandler::Init()
PrefsChanged(prefBranch, nullptr);
}
nsHttpChannelAuthProvider::InitializePrefs();
mMisc.AssignLiteral("rv:" MOZILLA_UAVERSION);
mCompatFirefox.AssignLiteral("Firefox/" MOZILLA_UAVERSION);

View File

@ -0,0 +1,256 @@
// This file tests authentication prompt depending on pref
// network.auth.allow-subresource-auth:
// 0 - don't allow sub-resources to open HTTP authentication credentials
// dialogs
// 1 - allow sub-resources to open HTTP authentication credentials dialogs,
// but don't allow it for cross-origin sub-resources
// 2 - allow the cross-origin authentication as well.
Cu.import("resource://testing-common/httpd.js");
var prefs = Cc["@mozilla.org/preferences-service;1"].
getService(Ci.nsIPrefBranch);
function authHandler(metadata, response) {
// btoa("guest:guest"), but that function is not available here
var expectedHeader = "Basic Z3Vlc3Q6Z3Vlc3Q=";
var body;
if (metadata.hasHeader("Authorization") &&
metadata.getHeader("Authorization") == expectedHeader) {
response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
body = "success";
} else {
// didn't know guest:guest, failure
response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
body = "failed";
}
response.bodyOutputStream.write(body, body.length);
}
var httpserv = new HttpServer();
httpserv.registerPathHandler("/auth", authHandler);
httpserv.start(-1);
XPCOMUtils.defineLazyGetter(this, "URL", function() {
return "http://localhost:" + httpserv.identity.primaryPort;
});
XPCOMUtils.defineLazyGetter(this, "PORT", function() {
return httpserv.identity.primaryPort;
});
function AuthPrompt(promptExpected) {
this.promptExpected = promptExpected;
}
AuthPrompt.prototype = {
user: "guest",
pass: "guest",
QueryInterface: function authprompt_qi(iid) {
if (iid.equals(Components.interfaces.nsISupports) ||
iid.equals(Components.interfaces.nsIAuthPrompt))
return this;
throw Components.results.NS_ERROR_NO_INTERFACE;
},
prompt: function(title, text, realm, save, defaultText, result) {
do_throw("unexpected prompt call");
},
promptUsernameAndPassword: function(title, text, realm, savePW, user, pw) {
do_check_true(this.promptExpected,
"Not expected the authentication prompt.");
user.value = this.user;
pw.value = this.pass;
return true;
},
promptPassword: function(title, text, realm, save, pwd) {
do_throw("unexpected promptPassword call");
}
};
function Requestor(promptExpected) {
this.promptExpected = promptExpected;
}
Requestor.prototype = {
QueryInterface: function(iid) {
if (iid.equals(Components.interfaces.nsISupports) ||
iid.equals(Components.interfaces.nsIInterfaceRequestor))
return this;
throw Components.results.NS_ERROR_NO_INTERFACE;
},
getInterface: function(iid) {
if (iid.equals(Components.interfaces.nsIAuthPrompt)) {
this.prompter = new AuthPrompt(this.promptExpected);
return this.prompter;
}
throw Components.results.NS_ERROR_NO_INTERFACE;
},
prompter: null
};
function make_uri(url) {
var ios = Cc["@mozilla.org/network/io-service;1"].
getService(Ci.nsIIOService);
return ios.newURI(url, null, null);
}
function makeChan(loadingUrl, url, contentPolicy) {
var loadingUri = make_uri(loadingUrl);
var principal = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
.getService(Ci.nsIScriptSecurityManager)
.getNoAppCodebasePrincipal(loadingUri);
var ios = Components.classes["@mozilla.org/network/io-service;1"]
.getService(Components.interfaces.nsIIOService);
var chan = ios.newChannel2(url,
null,
null,
null,
principal,
null,
Ci.nsILoadInfo.SEC_NORMAL,
contentPolicy)
.QueryInterface(Components.interfaces.nsIHttpChannel);
return chan;
}
function Test(allow_subresource_auth_pref, loadingUri, uri, contentPolicy,
expectedCode) {
this._allow_subresource_auth_pref = allow_subresource_auth_pref;
this._loadingUri = loadingUri;
this._uri = uri;
this._contentPolicy = contentPolicy;
this._expectedCode = expectedCode;
}
Test.prototype = {
_allow_subresource_auth_pref: 1,
_loadingUri: null,
_uri: null,
_contentPolicy: Ci.nsIContentPolicy.TYPE_OTHER,
_expectedCode: 200,
onStartRequest: function(request, ctx) {
try {
if (!Components.isSuccessCode(request.status)) {
do_throw("Channel should have a success code!");
}
if (!(request instanceof Components.interfaces.nsIHttpChannel)) {
do_throw("Expecting an HTTP channel");
}
do_check_eq(request.responseStatus, this._expectedCode);
// The request should be succeeded iff we expect 200
do_check_eq(request.requestSucceeded, this._expectedCode == 200);
} catch (e) {
do_throw("Unexpected exception: " + e);
}
throw Components.results.NS_ERROR_ABORT;
},
onDataAvailable: function(request, context, stream, offset, count) {
do_throw("Should not get any data!");
},
onStopRequest: function(request, ctx, status) {
do_check_eq(status, Components.results.NS_ERROR_ABORT);
// Clear the auth cache.
Components.classes["@mozilla.org/network/http-auth-manager;1"]
.getService(Components.interfaces.nsIHttpAuthManager)
.clearAll();
do_timeout(0, run_next_test);
},
run: function() {
dump("Run test: " + this._allow_subresource_auth_pref
+ this._loadingUri
+ this._uri
+ this._contentPolicy
+ this._expectedCode + " \n");
prefs.setIntPref("network.auth.allow-subresource-auth",
this._allow_subresource_auth_pref);
let chan = makeChan(this._loadingUri, this._uri, this._contentPolicy);
chan.notificationCallbacks = new Requestor(this._expectedCode == 200);
chan.asyncOpen(this, null);
}
};
var tests = [
// For the next 3 tests the preference is set to 2 - allow the cross-origin
// authentication as well.
// A cross-origin request.
new Test(2, "https://example.com", URL + "/auth",
Ci.nsIContentPolicy.TYPE_OTHER, 200),
// A non cross-origin sub-resource request.
new Test(2, URL + "/", URL + "/auth",
Ci.nsIContentPolicy.TYPE_OTHER, 200),
// A top level document.
new Test(2, URL + "/auth", URL + "/auth",
Ci.nsIContentPolicy.TYPE_DOCUMENT, 200),
// For the next 3 tests the preference is set to 1 - allow sub-resources to
// open HTTP authentication credentials dialogs, but don't allow it for
// cross-origin sub-resources
// A cross-origin request.
new Test(1, "https://example.com", URL + "/auth",
Ci.nsIContentPolicy.TYPE_OTHER, 401),
// A non cross-origin sub-resource request.
new Test(1, URL + "/", URL + "/auth",
Ci.nsIContentPolicy.TYPE_OTHER, 200),
// A top level document.
new Test(1, URL + "/auth", URL + "/auth",
Ci.nsIContentPolicy.TYPE_DOCUMENT, 200),
// For the next 3 tests the preference is set to 0 - don't allow sub-resources
// to open HTTP authentication credentials dialogs.
// A cross-origin request.
new Test(0, "https://example.com", URL + "/auth",
Ci.nsIContentPolicy.TYPE_OTHER, 401),
// A sub-resource request.
new Test(0, URL + "/", URL + "/auth",
Ci.nsIContentPolicy.TYPE_OTHER, 401),
// A top level request.
new Test(0, URL + "/auth", URL + "/auth",
Ci.nsIContentPolicy.TYPE_DOCUMENT, 200),
];
function run_next_test() {
var nextTest = tests.shift();
if (!nextTest) {
httpserv.stop(do_test_finished);
return;
}
nextTest.run();
}
function run_test() {
do_test_pending();
run_next_test();
}

View File

@ -244,6 +244,9 @@ function run_test() {
prefs.setCharPref("network.proxy.no_proxies_on", "");
prefs.setIntPref("network.proxy.type", 1);
// Turn off the authentication dialog blocking for this test.
prefs.setIntPref("network.auth.allow-subresource-auth", 2);
tests[current_test]();
}

View File

@ -4,6 +4,11 @@
Cu.import("resource://testing-common/httpd.js");
Cu.import("resource://gre/modules/Services.jsm");
// Turn off the authentication dialog blocking for this test.
var prefs = Cc["@mozilla.org/preferences-service;1"].
getService(Ci.nsIPrefBranch);
prefs.setIntPref("network.auth.allow-subresource-auth", 2);
XPCOMUtils.defineLazyGetter(this, "URL", function() {
return "http://localhost:" + httpserv.identity.primaryPort;
});

View File

@ -80,6 +80,7 @@ skip-if = true
[test_auth_proxy.js]
[test_authentication.js]
[test_authpromptwrapper.js]
[test_auth_dialog_permission.js]
[test_backgroundfilesaver.js]
[test_bug203271.js]
[test_bug248970_cache.js]

View File

@ -11,6 +11,9 @@
SimpleTest.waitForExplicitFinish();
SimpleTest.requestFlakyTimeout("untriaged");
var prefs = Cc["@mozilla.org/preferences-service;1"].
getService(Ci.nsIPrefBranch);
prefs.setIntPref("network.auth.allow-subresource-auth", 2);
// Class monitoring number of open dialog windows
// It checks there is always open just a single dialog per application
function dialogMonitor() {

View File

@ -8,6 +8,10 @@ function test() {
Harness.installsCompletedCallback = finish_test;
Harness.setup();
var prefs = Cc["@mozilla.org/preferences-service;1"].
getService(Ci.nsIPrefBranch);
prefs.setIntPref("network.auth.allow-subresource-auth", 2);
var pm = Services.perms;
pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);