system-proxy: Secure system credentials
Currently System-proxy sends the policy set credentials with every
connect request to a remote proxy. Since less secure authentication
schemes send the credentials in clear to the proxy, an attacker can
easily obtain the policy set credentials.
To protect against a downgrade attack, this CL restricts the auth
schemes for which the policy set credentials can be applied.
BUG=chromium:1132247
TEST=HttpServerProxyConnectJobTest.PolicyAuth*
Change-Id: I17e2d3e38b1560f0fadf347657bd3f4b6e1bae09
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2483831
Tested-by: Andreea-Elena Costinas <acostinas@google.com>
Commit-Queue: Andreea-Elena Costinas <acostinas@google.com>
Reviewed-by: Pavol Marko <pmarko@chromium.org>
diff --git a/system-proxy/system_proxy_adaptor.cc b/system-proxy/system_proxy_adaptor.cc
index e6bf877..9d57214 100644
--- a/system-proxy/system_proxy_adaptor.cc
+++ b/system-proxy/system_proxy_adaptor.cc
@@ -120,10 +120,12 @@
}
if (auth_details.has_credentials()) {
- if (auth_details.credentials().has_username() &&
- auth_details.credentials().has_password()) {
- credentials.set_username(auth_details.credentials().username());
- credentials.set_password(auth_details.credentials().password());
+ system_proxy::Credentials dbus_cred = auth_details.credentials();
+ if (dbus_cred.has_username() && dbus_cred.has_password()) {
+ credentials.set_username(dbus_cred.username());
+ credentials.set_password(dbus_cred.password());
+ credentials.mutable_policy_credentials_auth_schemes()->Swap(
+ dbus_cred.mutable_policy_credentials_auth_schemes());
}
}