1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/http/url_security_manager.h"
6 
7 #include <urlmon.h>
8 #include <wrl/client.h>
9 
10 #include "base/logging.h"
11 #include "base/macros.h"
12 #include "base/notreached.h"
13 #include "base/strings/string_util.h"
14 #include "base/strings/utf_string_conversions.h"
15 #include "net/http/http_auth_filter.h"
16 #include "url/gurl.h"
17 
18 // The Windows implementation of URLSecurityManager uses WinINet/IE's
19 // URL security zone manager.  See the MSDN page "URL Security Zones" at
20 // http://msdn.microsoft.com/en-us/library/ms537021(VS.85).aspx for more
21 // info on the Internet Security Manager and Internet Zone Manager objects.
22 //
23 // On Windows, we honor the WinINet/IE settings and group policy related to
24 // URL Security Zones.  See the Microsoft Knowledge Base article 182569
25 // "Internet Explorer security zones registry entries for advanced users"
26 // (http://support.microsoft.com/kb/182569) for more info on these registry
27 // keys.
28 
29 namespace net {
30 
31 class URLSecurityManagerWin : public URLSecurityManagerAllowlist {
32  public:
33   URLSecurityManagerWin();
34   ~URLSecurityManagerWin() override;
35 
36   // URLSecurityManager methods:
37   bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
38 
39  private:
40   bool EnsureSystemSecurityManager();
41 
42   Microsoft::WRL::ComPtr<IInternetSecurityManager> security_manager_;
43 
44   DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWin);
45 };
46 
URLSecurityManagerWin()47 URLSecurityManagerWin::URLSecurityManagerWin() {}
~URLSecurityManagerWin()48 URLSecurityManagerWin::~URLSecurityManagerWin() {}
49 
CanUseDefaultCredentials(const GURL & auth_origin) const50 bool URLSecurityManagerWin::CanUseDefaultCredentials(
51     const GURL& auth_origin) const {
52   if (HasDefaultAllowlist())
53     return URLSecurityManagerAllowlist::CanUseDefaultCredentials(auth_origin);
54   if (!const_cast<URLSecurityManagerWin*>(this)->EnsureSystemSecurityManager())
55     return false;
56 
57   base::string16 url16 = base::ASCIIToUTF16(auth_origin.spec());
58   DWORD policy = 0;
59   HRESULT hr;
60   hr = security_manager_->ProcessUrlAction(
61       base::as_wcstr(url16), URLACTION_CREDENTIALS_USE,
62       reinterpret_cast<BYTE*>(&policy), sizeof(policy), nullptr, 0, PUAF_NOUI,
63       0);
64   if (FAILED(hr)) {
65     LOG(ERROR) << "IInternetSecurityManager::ProcessUrlAction failed: " << hr;
66     return false;
67   }
68 
69   // Four possible policies for URLACTION_CREDENTIALS_USE.  See the MSDN page
70   // "About URL Security Zones" at
71   // http://msdn.microsoft.com/en-us/library/ms537183(VS.85).aspx
72   switch (policy) {
73     case URLPOLICY_CREDENTIALS_SILENT_LOGON_OK:
74       return true;
75     case URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT: {
76       // This policy means "prompt the user for permission if the resource is
77       // not located in the Intranet zone".  TODO(wtc): Note that it's
78       // prompting for permission (to use the default credentials), as opposed
79       // to prompting the user to enter a user name and password.
80 
81       // URLZONE_LOCAL_MACHINE 0
82       // URLZONE_INTRANET      1
83       // URLZONE_TRUSTED       2
84       // URLZONE_INTERNET      3
85       // URLZONE_UNTRUSTED     4
86       DWORD zone = 0;
87       hr = security_manager_->MapUrlToZone(base::as_wcstr(url16), &zone, 0);
88       if (FAILED(hr)) {
89         LOG(ERROR) << "IInternetSecurityManager::MapUrlToZone failed: " << hr;
90         return false;
91       }
92       return zone <= URLZONE_INTRANET;
93     }
94     case URLPOLICY_CREDENTIALS_MUST_PROMPT_USER:
95       return false;
96     case URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY:
97       // TODO(wtc): we should fail the authentication.
98       return false;
99     default:
100       NOTREACHED();
101       return false;
102   }
103 }
104 // TODO(cbentzel): Could CanDelegate use the security zone as well?
105 
EnsureSystemSecurityManager()106 bool URLSecurityManagerWin::EnsureSystemSecurityManager() {
107   if (!security_manager_.Get()) {
108     HRESULT hr =
109         CoInternetCreateSecurityManager(nullptr, &security_manager_, 0);
110     if (FAILED(hr) || !security_manager_.Get()) {
111       LOG(ERROR) << "Unable to create the Windows Security Manager instance";
112       return false;
113     }
114   }
115   return true;
116 }
117 
118 // static
Create()119 std::unique_ptr<URLSecurityManager> URLSecurityManager::Create() {
120   return std::make_unique<URLSecurityManagerWin>();
121 }
122 
123 }  //  namespace net
124