зеркало из https://github.com/mozilla/gecko-dev.git
Bug 828183 - disable NTLM generic module, effectively disable arbitrary NTLMv1 in Firefox, r=bsmith
This commit is contained in:
Родитель
e302a5b3ab
Коммит
7888ec7b2d
|
@ -14,6 +14,10 @@
|
|||
#include "mozilla/Likely.h"
|
||||
#include "mozilla/Telemetry.h"
|
||||
|
||||
// Since the generic module doesn't support NTLMv2 and NTLMv1 is considered
|
||||
// a security threat, we disable the generic module completely.
|
||||
#define DISABLE_GENERIC_NTLM_MODULE 1
|
||||
|
||||
#ifdef PR_LOGGING
|
||||
static PRLogModuleInfo *
|
||||
GetNTLMLog()
|
||||
|
@ -754,11 +758,16 @@ nsNTLMAuthModule::~nsNTLMAuthModule()
|
|||
nsresult
|
||||
nsNTLMAuthModule::InitTest()
|
||||
{
|
||||
#if defined(DISABLE_GENERIC_NTLM_MODULE)
|
||||
// Unconditionally disallow usage of the generic module.
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
#else // Generic NTLM is enabled
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
//
|
||||
// disable NTLM authentication when FIPS mode is enabled.
|
||||
//
|
||||
return PK11_IsFIPS() ? NS_ERROR_NOT_AVAILABLE : NS_OK;
|
||||
#endif
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
|
|
Загрузка…
Ссылка в новой задаче