commit cc4d54ed02fc90b64c8567f4abb7ca5ce9fc35ee
author Andreea Costinas <acostinas@google.com> Mon Oct 19 15:46:25 2020 +0200
committer Commit Bot <commit-bot@chromium.org> Wed Nov 04 11:45:05 2020 +0000
tree 9003b4c8e3956bd7673c43a3bc440f441bdea4b2
parent ed9ddfcd376a8c134215d8ba689f66c469f3d7eb

system-proxy: Secure system credentials

Currently System-proxy sends the policy set credentials with every
connect request to a remote proxy. Since less secure authentication
schemes send the credentials in clear to the proxy, an attacker can
easily obtain the policy set credentials.

To protect against a downgrade attack, this CL restricts the auth
schemes for which the policy  set credentials can be applied.

BUG=chromium:1132247
TEST=HttpServerProxyConnectJobTest.PolicyAuth*

Change-Id: I17e2d3e38b1560f0fadf347657bd3f4b6e1bae09
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2483831
Tested-by: Andreea-Elena Costinas <acostinas@google.com>
Commit-Queue: Andreea-Elena Costinas <acostinas@google.com>
Reviewed-by: Pavol Marko <pmarko@chromium.org>

system-proxy/server_proxy.h

diff --git a/system-proxy/server_proxy.h b/system-proxy/server_proxy.h
index 2f3de43..094e664 100644
--- a/system-proxy/server_proxy.h
+++ b/system-proxy/server_proxy.h
@@ -126,6 +126,10 @@
   // proxy it's connecting to or the challenge response.
   std::string system_credentials_;
 
+  // Curl compatible bit-mask list of proxy authenticated schemes that can be
+  // used with the policy set credentials.
+  int64_t system_credentials_auth_schemes_ = 0;
+
   std::unique_ptr<patchpanel::Socket> listening_fd_;
 
   // List of SocketForwarders that corresponds to the TCP tunnel between the