From ed5bd3c06d1bcffcdd40db1e26713369cae8b9d2 Mon Sep 17 00:00:00 2001 From: Chris Hegarty Date: Mon, 10 Jan 2011 18:12:43 +0000 Subject: [PATCH] 6997851: Create NTLM AuthenticationCallBack class to avoid NTLM info leakage on client side Reviewed-by: michaelm --- jdk/make/sun/net/FILES_java.gmk | 1 + .../www/protocol/http/HttpURLConnection.java | 7 +++ .../http/NTLMAuthenticationProxy.java | 22 ++++++- .../http/ntlm/NTLMAuthenticationCallback.java | 59 +++++++++++++++++++ .../http/ntlm/NTLMAuthentication.java | 11 ++++ .../http/ntlm/NTLMAuthentication.java | 11 ++++ 6 files changed, 108 insertions(+), 3 deletions(-) create mode 100644 jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java diff --git a/jdk/make/sun/net/FILES_java.gmk b/jdk/make/sun/net/FILES_java.gmk index 576159c4799..e2a9b7d6f0e 100644 --- a/jdk/make/sun/net/FILES_java.gmk +++ b/jdk/make/sun/net/FILES_java.gmk @@ -100,6 +100,7 @@ FILES_java = \ sun/net/www/protocol/http/NegotiateAuthentication.java \ sun/net/www/protocol/http/Negotiator.java \ sun/net/www/protocol/http/ntlm/NTLMAuthentication.java \ + sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java \ sun/net/www/protocol/http/spnego/NegotiatorImpl.java \ sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java \ sun/net/www/protocol/http/logging/HttpLogFormatter.java \ diff --git a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java index 69f12a5c601..afc8cea0308 100644 --- a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +++ b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java @@ -2173,6 +2173,13 @@ public class HttpURLConnection extends java.net.HttpURLConnection { if (tryTransparentNTLMServer) { tryTransparentNTLMServer = NTLMAuthenticationProxy.proxy.supportsTransparentAuth; + /* If the platform supports transparent authentication + * then check if we are in a secure environment + * whether, or not, we should try transparent authentication.*/ + if (tryTransparentNTLMServer) { + tryTransparentNTLMServer = + NTLMAuthenticationProxy.proxy.isTrustedSite(url); + } } a = null; if (tryTransparentNTLMServer) { diff --git a/jdk/src/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java b/jdk/src/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java index a998d2b1226..b235a0bed17 100644 --- a/jdk/src/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java +++ b/jdk/src/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java @@ -36,12 +36,14 @@ import sun.util.logging.PlatformLogger; */ class NTLMAuthenticationProxy { private static Method supportsTA; + private static Method isTrustedSite; private static final String clazzStr = "sun.net.www.protocol.http.ntlm.NTLMAuthentication"; private static final String supportsTAStr = "supportsTransparentAuth"; + private static final String isTrustedSiteStr = "isTrustedSite"; static final NTLMAuthenticationProxy proxy = tryLoadNTLMAuthentication(); static final boolean supported = proxy != null ? true : false; - static final boolean supportsTransparentAuth = supported ? supportsTransparentAuth(supportsTA) : false; + static final boolean supportsTransparentAuth = supported ? supportsTransparentAuth() : false; private final Constructor threeArgCtr; private final Constructor fiveArgCtr; @@ -82,9 +84,22 @@ class NTLMAuthenticationProxy { * authentication (try with the current users credentials before * prompting for username and password, etc). */ - private static boolean supportsTransparentAuth(Method method) { + private static boolean supportsTransparentAuth() { try { - return (Boolean)method.invoke(null); + return (Boolean)supportsTA.invoke(null); + } catch (ReflectiveOperationException roe) { + finest(roe); + } + + return false; + } + + /* Transparent authentication should only be tried with a trusted + * site ( when running in a secure environment ). + */ + public static boolean isTrustedSite(URL url) { + try { + return (Boolean)isTrustedSite.invoke(null, url); } catch (ReflectiveOperationException roe) { finest(roe); } @@ -112,6 +127,7 @@ class NTLMAuthenticationProxy { int.class, PasswordAuthentication.class); supportsTA = cl.getDeclaredMethod(supportsTAStr); + isTrustedSite = cl.getDeclaredMethod(isTrustedSiteStr, java.net.URL.class); return new NTLMAuthenticationProxy(threeArg, fiveArg); } diff --git a/jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java b/jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java new file mode 100644 index 00000000000..92886311e09 --- /dev/null +++ b/jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.net.www.protocol.http.ntlm; + +import java.net.URL; + +/** + * This class is used to call back to deployment to determine if a given + * URL is trusted. Transparent authentication (try with logged in users + * credentials without prompting) should only be tried with trusted sites. + */ +public abstract class NTLMAuthenticationCallback { + private static volatile NTLMAuthenticationCallback callback = + new DefaultNTLMAuthenticationCallback(); + + public static void setNTLMAuthenticationCallback( + NTLMAuthenticationCallback callback) { + NTLMAuthenticationCallback.callback = callback; + } + + public static NTLMAuthenticationCallback getNTLMAuthenticationCallback() { + return callback; + } + + /** + * Returns true if the given site is trusted, i.e. we can try + * transparent Authentication. + */ + public abstract boolean isTrustedSite(URL url); + + static class DefaultNTLMAuthenticationCallback extends NTLMAuthenticationCallback { + @Override + public boolean isTrustedSite(URL url) { return true; } + } +} + diff --git a/jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java b/jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java index 5ad8b8d54d8..be2426d7f72 100644 --- a/jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java +++ b/jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java @@ -68,6 +68,9 @@ import sun.net.www.protocol.http.HttpURLConnection; public class NTLMAuthentication extends AuthenticationInfo { private static final long serialVersionUID = 170L; + private static final NTLMAuthenticationCallback NTLMAuthCallback = + NTLMAuthenticationCallback.getNTLMAuthenticationCallback(); + private String hostname; private static String defaultDomain; /* Domain to use if not specified by user */ @@ -81,6 +84,14 @@ public class NTLMAuthentication extends AuthenticationInfo { return false; } + /** + * Returns true if the given site is trusted, i.e. we can try + * transparent Authentication. + */ + public static boolean isTrustedSite(URL url) { + return NTLMAuthCallback.isTrustedSite(url); + } + private void init0() { hostname = java.security.AccessController.doPrivileged( diff --git a/jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java b/jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java index c9c26517d9b..c4b20db6495 100644 --- a/jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java +++ b/jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java @@ -45,6 +45,9 @@ public class NTLMAuthentication extends AuthenticationInfo { private static final long serialVersionUID = 100L; + private static final NTLMAuthenticationCallback NTLMAuthCallback = + NTLMAuthenticationCallback.getNTLMAuthenticationCallback(); + private String hostname; private static String defaultDomain; /* Domain to use if not specified by user */ @@ -142,6 +145,14 @@ public class NTLMAuthentication extends AuthenticationInfo { return true; } + /** + * Returns true if the given site is trusted, i.e. we can try + * transparent Authentication. + */ + public static boolean isTrustedSite(URL url) { + return NTLMAuthCallback.isTrustedSite(url); + } + /** * Not supported. Must use the setHeaders() method */