Merge pull request #180 from mozilla/auth_fqdn

Add support for non FQDN policy - Bugzilla 1471651

diff --git a/README.md b/README.md
index 4b9cfc983cadd2e9413dd1713468edcdb390fab1..c0d8424f44360cec1e393db3f8e122000a8dd6c4 100644 (file)
--- a/README.md
+++ b/README.md
@@ -25,7 +25,11 @@ This policy is for configuring sites that support integrated authentication. See
     "Authentication": {
       "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
       "Delegated": ["mydomain.com", "https://myotherdomain.com"],
-      "NTLM": ["mydomain.com", "https://myotherdomain.com"]
+      "NTLM": ["mydomain.com", "https://myotherdomain.com"],
+      "AllowNonFQDN": {
+        "SPNEGO": true,
+        "NTLM": true
+      }
     }
   }
 }

diff --git a/windows/en-US/firefox.adml b/windows/en-US/firefox.adml
index e5f23e61c3826edd57171f71dfa1990735136af2..eca45b303a33d7333831b1b442f9c2126509fd11 100644 (file)
--- a/windows/en-US/firefox.adml
+++ b/windows/en-US/firefox.adml
@@ -5,7 +5,8 @@
   <resources >
     <stringTable >
       <string id="SUPPORTED_WINXPSP2">Microsoft Windows XP SP2 or later</string>
-      <string id="SUPPORTED_FF60">Firefox 60 or later</string>
+      <string id="SUPPORTED_FF60">Firefox 60 or later, Firefox 60 ESR or later</string>
+      <string id="SUPPORTED_FF62">Firefox 62 or later, Firefox 60.2 ESR or later</string>
       <string id="SUPPORTED_FF60ESR">Firefox 60 ESR or later</string>
       <string id="firefox">Firefox</string>
       <string id="Permissions_group">Permissions</string>
@@ -39,6 +40,10 @@ For more information, see https://developer.mozilla.org/en-US/docs/Mozilla/Integ
 If this policy is disabled or not configured, no websites are trusted to use NTLM authentification.
 
 For more information, see https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication.</string>
+      <string id="Authentication_AllowNonFQDN">Allow Non FQDN</string>
+      <string id="Authentication_AllowNonFQDN_Explain">If this policy is enabled, you can always allow SPNEGO or NTLM on non FQDNs (fully qualified domain names).
+
+If this policy is disabled or not configured, NTLM and SPNEGO are not enabled on non FQDNs.</string>
       <string id="BlockAboutAddons">Block Add-ons Manager</string>
       <string id="BlockAboutAddons_Explain" >If this policy is enabled, the user cannot access the Add-ons Manager or about:addons.
 
@@ -63,12 +68,13 @@ If this policy is disabled or not configured, users can set images as their desk
       <string id="Certificates_ImportEnterpriseRoots_Explain">If this policy is enabled, Firefox will read certificates from the Windows certificate store.
 
 If this policy is disabled or not configured, Firefox will not read certificates from the Windows certificate store.</string>
+
       <string id="DisableMasterPasswordCreation">Disable Master Password Creation</string>
       <string id="DisableMasterPasswordCreation_Explain">If this policy is enabled, users cannot create a master password.
 
 If this policy is disabled or not configured, users can create a master password.</string>
       <string id="DisableAppUpdate">Disable Update</string>
-      <string id="DisableAppUpdate_Explain">If this policy is enabled, the browser does not receive updates.
+      <string id="DisableAppUpdate_Explain">If this policy is enabled, the browser does not receive udpates.
 
 If this policy is disabled or not configured, the browser receives updates.</string>
       <string id="DisableBuiltinPDFViewer">Disable Built-in PDF Viewer (PDF.js)</string>
@@ -329,6 +335,10 @@ If this policy is disabled or not configured, search engines can be installed fr
       <presentation id="Authentication">
         <listBox refId="Authentication"/>
       </presentation>
+      <presentation id="Authentication_AllowNonFQDN">
+        <checkBox refId="Authentication_AllowNonFQDN_NTLM">Always allow NTLM on non FQDNs</checkBox>
+        <checkBox refId="Authentication_AllowNonFQDN_SPNEGO">Always allow SPNEGO on non FQDNs</checkBox>
+      </presentation>
       <presentation id="Extensions">
         <listBox refId="Extensions"/>
       </presentation>

diff --git a/windows/firefox.admx b/windows/firefox.admx
index f4ca95b8e32adce15e826665b7a60e0fdd0deb50..1be3b6e7cd37af8c70e4e11e5d1262e0720f7dd0 100644 (file)
--- a/windows/firefox.admx
+++ b/windows/firefox.admx
@@ -70,6 +70,28 @@
         <list id="Authentication" key="Software\Policies\Mozilla\Firefox\Authentication\NTLM" valuePrefix=""/>
       </elements>
     </policy>
+    <policy name="Authentication_AllowNonFQDN" class="Both" displayName="$(string.Authentication_AllowNonFQDN)"  key="Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN" explainText="$(string.Authentication_AllowNonFQDN_Explain)" presentation="$(presentation.Authentication_AllowNonFQDN)">
+      <parentCategory ref="Authentication"/>
+      <supportedOn ref="SUPPORTED_FF62"/>
+      <elements>
+        <boolean id="Authentication_AllowNonFQDN_NTLM" key="Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN" valueName="NTLM">
+          <trueValue>
+            <decimal value="1"/>
+          </trueValue>
+          <falseValue>
+            <decimal value="0"/>
+          </falseValue>
+        </boolean>
+        <boolean id="Authentication_AllowNonFQDN_SPNEGO" key="Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN" valueName="SPNEGO">
+          <trueValue>
+            <decimal value="1"/>
+          </trueValue>
+          <falseValue>
+            <decimal value="0"/>
+          </falseValue>
+        </boolean>
+      </elements>
+    </policy>
     <policy name="BlockAboutAddons" class="Both" displayName="$(string.BlockAboutAddons)" explainText="$(string.BlockAboutAddons_Explain)" key="Software\Policies\Mozilla\Firefox" valueName="BlockAboutAddons">
       <parentCategory ref="firefox"/>
       <supportedOn ref="SUPPORTED_FF60"/>