Backed out changeset d1ef75d52b01 for landing with the wrong bug number in the commit message.
authorRyan VanderMeulen <ryanvm@gmail.com>
Fri, 11 Nov 2016 10:44:54 -0500
changeset 352210 27e505e44a64aa0949453177fb0bcb04e9acb7de
parent 352209 e3096c5d3ec201efdad2eaf57f626f66555dc635
child 352211 720a160f4c0c2707b1c0eacd5b652a0763655ec1
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-esr52@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
milestone52.0a1
backs outd1ef75d52b01dbd1f3185084836f48fda8262691
Backed out changeset d1ef75d52b01 for landing with the wrong bug number in the commit message.
extensions/auth/nsHttpNegotiateAuth.cpp
modules/libpref/init/all.js
netwerk/protocol/http/nsHttpNTLMAuth.cpp
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -48,56 +48,46 @@
 //-----------------------------------------------------------------------------
 
 static const char kNegotiate[] = "Negotiate";
 static const char kNegotiateAuthTrustedURIs[] = "network.negotiate-auth.trusted-uris";
 static const char kNegotiateAuthDelegationURIs[] = "network.negotiate-auth.delegation-uris";
 static const char kNegotiateAuthAllowProxies[] = "network.negotiate-auth.allow-proxies";
 static const char kNegotiateAuthAllowNonFqdn[] = "network.negotiate-auth.allow-non-fqdn";
 static const char kNegotiateAuthSSPI[] = "network.auth.use-sspi";
-static const char kSSOinPBmode[] = "network.auth.private-browsing-sso";
 
 #define kNegotiateLen  (sizeof(kNegotiate)-1)
 #define DEFAULT_THREAD_TIMEOUT_MS 30000
 
 //-----------------------------------------------------------------------------
 
 // Return false when the channel comes from a Private browsing window.
 static bool
-TestNotInPBMode(nsIHttpAuthenticableChannel *authChannel, bool proxyAuth)
+TestNotInPBMode(nsIHttpAuthenticableChannel *authChannel)
 {
-    // Proxy should go all the time, it's not considered a privacy leak
-    // to send default credentials to a proxy.
-    if (proxyAuth) {
-        return true;
-    }
-
     nsCOMPtr<nsIChannel> bareChannel = do_QueryInterface(authChannel);
     MOZ_ASSERT(bareChannel);
 
     if (!NS_UsePrivateBrowsing(bareChannel)) {
         return true;
     }
 
     nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
-    if (prefs) {
-        bool ssoInPb;
-        if (NS_SUCCEEDED(prefs->GetBoolPref(kSSOinPBmode, &ssoInPb)) && ssoInPb) {
-            return true;
-        }
+    if (!prefs) {
+        return true;
+    }
 
-        // When the "Never remember history" option is set, all channels are
-        // set PB mode flag, but here we want to make an exception, users
-        // want their credentials go out.
-        bool dontRememberHistory;
-        if (NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart",
-                                            &dontRememberHistory)) &&
-            dontRememberHistory) {
-            return true;
-        }
+    // When the "Never remember history" option is set, all channels are
+    // set PB mode flag, but here we want to make an exception, users
+    // want their credentials go out.
+    bool dontRememberHistory;
+    if (NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart",
+                                        &dontRememberHistory)) &&
+        dontRememberHistory) {
+        return true;
     }
 
     return false;
 }
 
 NS_IMETHODIMP
 nsHttpNegotiateAuth::GetAuthFlags(uint32_t *flags)
 {
@@ -154,17 +144,17 @@ nsHttpNegotiateAuth::ChallengeReceived(n
         req_flags |= nsIAuthModule::REQ_PROXY_AUTH;
         nsCOMPtr<nsIProxyInfo> proxyInfo;
         authChannel->GetProxyInfo(getter_AddRefs(proxyInfo));
         NS_ENSURE_STATE(proxyInfo);
 
         proxyInfo->GetHost(service);
     }
     else {
-        bool allowed = TestNotInPBMode(authChannel, isProxyAuth) &&
+        bool allowed = TestNotInPBMode(authChannel) &&
                        (TestNonFqdn(uri) ||
                        TestPref(uri, kNegotiateAuthTrustedURIs));
         if (!allowed) {
             LOG(("nsHttpNegotiateAuth::ChallengeReceived URI blocked\n"));
             return NS_ERROR_ABORT;
         }
 
         bool delegation = TestPref(uri, kNegotiateAuthDelegationURIs);
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -1959,28 +1959,16 @@ pref("network.generic-ntlm-auth.workstat
 // Sub-resources HTTP-authentication:
 //   0 - don't allow sub-resources to open HTTP authentication credentials
 //       dialogs
 //   1 - allow sub-resources to open HTTP authentication credentials dialogs,
 //       but don't allow it for cross-origin sub-resources
 //   2 - allow the cross-origin authentication as well.
 pref("network.auth.subresource-http-auth-allow", 2);
 
-// This preference controls whether to allow sending default credentials (SSO) to
-// NTLM/Negotiate servers allowed in the "trusted uri" list when navigating them
-// in a Private Browsing window.
-// If set to false, Private Browsing windows will not use default credentials and ask
-// for credentials from the user explicitly.
-// If set to true, and a server URL conforms other conditions for sending default
-// credentials, those will be sent automatically in Private Browsing windows.
-//
-// This preference has no effect when the browser is set to "Never Remember History",
-// in that case default credentials will always be used.
-pref("network.auth.private-browsing-sso", false);
-
 pref("permissions.default.image",           1); // 1-Accept, 2-Deny, 3-dontAcceptForeign
 
 pref("network.proxy.type",                  5);
 pref("network.proxy.ftp",                   "");
 pref("network.proxy.ftp_port",              0);
 pref("network.proxy.http",                  "");
 pref("network.proxy.http_port",             0);
 pref("network.proxy.ssl",                   "");
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -32,17 +32,16 @@
 
 namespace mozilla {
 namespace net {
 
 static const char kAllowProxies[] = "network.automatic-ntlm-auth.allow-proxies";
 static const char kAllowNonFqdn[] = "network.automatic-ntlm-auth.allow-non-fqdn";
 static const char kTrustedURIs[]  = "network.automatic-ntlm-auth.trusted-uris";
 static const char kForceGeneric[] = "network.auth.force-generic-ntlm";
-static const char kSSOinPBmode[] = "network.auth.private-browsing-sso";
 
 // XXX MatchesBaseURI and TestPref are duplicated in nsHttpNegotiateAuth.cpp,
 // but since that file lives in a separate library we cannot directly share it.
 // bug 236865 addresses this problem.
 
 static bool
 MatchesBaseURI(const nsCSubstring &matchScheme,
                const nsCSubstring &matchHost,
@@ -184,51 +183,45 @@ ForceGenericNTLM()
 }
 
 // Check to see if we should use default credentials for this host or proxy.
 static bool
 CanUseDefaultCredentials(nsIHttpAuthenticableChannel *channel,
                          bool isProxyAuth)
 {
     nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
+
+    // Prevent using default credentials for authentication when we are in the
+    // private browsing mode.  It would cause a privacy data leak.
+    nsCOMPtr<nsIChannel> bareChannel = do_QueryInterface(channel);
+    MOZ_ASSERT(bareChannel);
+
+    if (NS_UsePrivateBrowsing(bareChannel)) {
+        // But allow when in the "Never remember history" mode.
+        bool dontRememberHistory;
+        if (prefs &&
+            NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart",
+                                            &dontRememberHistory)) &&
+            !dontRememberHistory) {
+            return false;
+        }
+    }
+
     if (!prefs) {
         return false;
     }
 
-    // Proxy should go all the time, it's not considered a privacy leak
-    // to send default credentials to a proxy.
     if (isProxyAuth) {
         bool val;
         if (NS_FAILED(prefs->GetBoolPref(kAllowProxies, &val)))
             val = false;
         LOG(("Default credentials allowed for proxy: %d\n", val));
         return val;
     }
 
-    // Prevent using default credentials for authentication when we are in the
-    // private browsing mode (but not in "never remember history" mode) and when
-    // not explicitely allowed.  Otherwise, it would cause a privacy data leak.
-    nsCOMPtr<nsIChannel> bareChannel = do_QueryInterface(channel);
-    MOZ_ASSERT(bareChannel);
-
-    if (NS_UsePrivateBrowsing(bareChannel)) {
-        bool ssoInPb;
-        if (NS_SUCCEEDED(prefs->GetBoolPref(kSSOinPBmode, &ssoInPb)) &&
-            ssoInPb) {
-            return true;
-        }
-
-        bool dontRememberHistory;
-        if (NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart",
-                                            &dontRememberHistory)) &&
-            !dontRememberHistory) {
-            return false;
-        }
-    }
-
     nsCOMPtr<nsIURI> uri;
     channel->GetURI(getter_AddRefs(uri));
 
     bool allowNonFqdn;
     if (NS_FAILED(prefs->GetBoolPref(kAllowNonFqdn, &allowNonFqdn)))
         allowNonFqdn = false;
     if (allowNonFqdn && uri && IsNonFqdn(uri)) {
         LOG(("Host is non-fqdn, default credentials are allowed\n"));