system-proxy: Secure system credentials
Currently System-proxy sends the policy set credentials with every
connect request to a remote proxy. Since less secure authentication
schemes send the credentials in clear to the proxy, an attacker can
easily obtain the policy set credentials.
To protect against a downgrade attack, this CL restricts the auth
schemes for which the policy set credentials can be applied.
BUG=chromium:1132247
TEST=HttpServerProxyConnectJobTest.PolicyAuth*
Change-Id: I17e2d3e38b1560f0fadf347657bd3f4b6e1bae09
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2483831
Tested-by: Andreea-Elena Costinas <acostinas@google.com>
Commit-Queue: Andreea-Elena Costinas <acostinas@google.com>
Reviewed-by: Pavol Marko <pmarko@chromium.org>
diff --git a/system-proxy/test_http_server.cc b/system-proxy/test_http_server.cc
index efcba00..6fb9dbc 100644
--- a/system-proxy/test_http_server.cc
+++ b/system-proxy/test_http_server.cc
@@ -32,7 +32,7 @@
"\r\n";
const std::string_view kHttpBadGateway =
- "HTTP/1.1 502 Bad Gateway\r\n\r\nBag gateway message from the server";
+ "HTTP/1.1 502 Bad Gateway\r\n\r\nBad gateway message from the server";
} // namespace
namespace system_proxy {
@@ -62,7 +62,6 @@
std::string_view server_reply =
GetConnectReplyString(expected_responses_.front());
expected_responses_.pop();
- LOG(ERROR) << server_reply;
client_conn->SendTo(server_reply.data(), server_reply.size());
}
}