| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_H_ | 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_H_ |
| 6 #define NET_HTTP_HTTP_AUTH_HANDLER_H_ | 6 #define NET_HTTP_HTTP_AUTH_HANDLER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/ref_counted.h" | 10 #include "base/ref_counted.h" |
| 11 #include "net/base/completion_callback.h" |
| 11 #include "net/http/http_auth.h" | 12 #include "net/http/http_auth.h" |
| 12 | 13 |
| 13 namespace net { | 14 namespace net { |
| 14 | 15 |
| 16 class BoundNetLog; |
| 17 class HostResolver; |
| 15 class HttpRequestInfo; | 18 class HttpRequestInfo; |
| 16 class ProxyInfo; | 19 class ProxyInfo; |
| 17 | 20 |
| 18 // HttpAuthHandler is the interface for the authentication schemes | 21 // HttpAuthHandler is the interface for the authentication schemes |
| 19 // (basic, digest, NTLM, Negotiate). | 22 // (basic, digest, NTLM, Negotiate). |
| 20 // HttpAuthHandler objects are typically created by an HttpAuthHandlerFactory. | 23 // HttpAuthHandler objects are typically created by an HttpAuthHandlerFactory. |
| 21 class HttpAuthHandler : public base::RefCounted<HttpAuthHandler> { | 24 class HttpAuthHandler : public base::RefCounted<HttpAuthHandler> { |
| 22 public: | 25 public: |
| 23 // Initializes the handler using a challenge issued by a server. | 26 // Initializes the handler using a challenge issued by a server. |
| 24 // |challenge| must be non-NULL and have already tokenized the | 27 // |challenge| must be non-NULL and have already tokenized the |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 74 // single-round schemes. | 77 // single-round schemes. |
| 75 virtual bool IsFinalRound() { return true; } | 78 virtual bool IsFinalRound() { return true; } |
| 76 | 79 |
| 77 // Returns whether the authentication scheme supports the use of default | 80 // Returns whether the authentication scheme supports the use of default |
| 78 // credentials. If true, the user does not need to be prompted for | 81 // credentials. If true, the user does not need to be prompted for |
| 79 // username and password to establish credentials. | 82 // username and password to establish credentials. |
| 80 // NOTE: SSO is a potential security risk. | 83 // NOTE: SSO is a potential security risk. |
| 81 // TODO(cbentzel): Add a pointer to Firefox documentation about risk. | 84 // TODO(cbentzel): Add a pointer to Firefox documentation about risk. |
| 82 virtual bool SupportsDefaultCredentials() { return false; } | 85 virtual bool SupportsDefaultCredentials() { return false; } |
| 83 | 86 |
| 87 // Returns whether the canonical DNS name for the origin host needs to be |
| 88 // resolved. The Negotiate auth scheme typically uses the canonical DNS |
| 89 // name when constructing the Kerberos SPN. |
| 90 virtual bool NeedsCanonicalName() { return false; } |
| 91 |
| 84 // TODO(cbentzel): Separate providing credentials from generating the | 92 // TODO(cbentzel): Separate providing credentials from generating the |
| 85 // authentication token in the API. | 93 // authentication token in the API. |
| 86 | 94 |
| 87 // Generates an authentication token. | 95 // Generates an authentication token. |
| 88 // The return value is an error code. If the code is not |OK|, the value of | 96 // The return value is an error code. If the code is not |OK|, the value of |
| 89 // |*auth_token| is unspecified. | 97 // |*auth_token| is unspecified. |
| 90 // |auth_token| is a return value and must be non-NULL. | 98 // |auth_token| is a return value and must be non-NULL. |
| 91 virtual int GenerateAuthToken(const std::wstring& username, | 99 virtual int GenerateAuthToken(const std::wstring& username, |
| 92 const std::wstring& password, | 100 const std::wstring& password, |
| 93 const HttpRequestInfo* request, | 101 const HttpRequestInfo* request, |
| 94 const ProxyInfo* proxy, | 102 const ProxyInfo* proxy, |
| 95 std::string* auth_token) = 0; | 103 std::string* auth_token) = 0; |
| 96 | 104 |
| 97 // Generates an authentication token using default credentials. | 105 // Generates an authentication token using default credentials. |
| 98 // The return value is an error code. If the code is not |OK|, the value of | 106 // The return value is an error code. If the code is not |OK|, the value of |
| 99 // |*auth_token| is unspecified. | 107 // |*auth_token| is unspecified. |
| 100 // |auth_token| is a return value and must be non-NULL. | 108 // |auth_token| is a return value and must be non-NULL. |
| 101 // This should only be called if |SupportsDefaultCredentials| returns true. | 109 // This should only be called if |SupportsDefaultCredentials| returns true. |
| 102 virtual int GenerateDefaultAuthToken(const HttpRequestInfo* request, | 110 virtual int GenerateDefaultAuthToken(const HttpRequestInfo* request, |
| 103 const ProxyInfo* proxy, | 111 const ProxyInfo* proxy, |
| 104 std::string* auth_token) = 0; | 112 std::string* auth_token) = 0; |
| 105 | 113 |
| 114 // Resolves the canonical name for the |origin_| host. The canonical |
| 115 // name is used by the Negotiate scheme to generate a valid Kerberos |
| 116 // SPN. |
| 117 // The return value is a net error code. |
| 118 virtual int ResolveCanonicalName(HostResolver* host_resolver, |
| 119 CompletionCallback* callback, |
| 120 const BoundNetLog& net_log); |
| 121 |
| 106 protected: | 122 protected: |
| 107 enum Property { | 123 enum Property { |
| 108 ENCRYPTS_IDENTITY = 1 << 0, | 124 ENCRYPTS_IDENTITY = 1 << 0, |
| 109 IS_CONNECTION_BASED = 1 << 1, | 125 IS_CONNECTION_BASED = 1 << 1, |
| 110 }; | 126 }; |
| 111 | 127 |
| 112 friend class base::RefCounted<HttpAuthHandler>; | 128 friend class base::RefCounted<HttpAuthHandler>; |
| 113 | 129 |
| 114 virtual ~HttpAuthHandler() { } | 130 virtual ~HttpAuthHandler() { } |
| 115 | 131 |
| 116 // Initializes the handler using a challenge issued by a server. | 132 // Initializes the handler using a challenge issued by a server. |
| 117 // |challenge| must be non-NULL and have already tokenized the | 133 // |challenge| must be non-NULL and have already tokenized the |
| 118 // authentication scheme, but none of the tokens occuring after the | 134 // authentication scheme, but none of the tokens occuring after the |
| 119 // authentication scheme. | 135 // authentication scheme. |
| 120 // Implementations are expcted to initialize the following members: | 136 // Implementations are expcted to initialize the following members: |
| 121 // scheme_, realm_, score_, properties_ | 137 // scheme_, realm_, score_, properties_ |
| 122 virtual bool Init(HttpAuth::ChallengeTokenizer* challenge) = 0; | 138 virtual bool Init(HttpAuth::ChallengeTokenizer* challenge) = 0; |
| 123 | 139 |
| 124 // The lowercase auth-scheme {"basic", "digest", "ntlm", ...} | 140 // The lowercase auth-scheme {"basic", "digest", "ntlm", "negotiate"} |
| 125 std::string scheme_; | 141 std::string scheme_; |
| 126 | 142 |
| 127 // The realm. Used by "basic" and "digest". | 143 // The realm. Used by "basic" and "digest". |
| 128 std::string realm_; | 144 std::string realm_; |
| 129 | 145 |
| 130 // The {scheme, host, port} for the authentication target. Used by "ntlm" | 146 // The {scheme, host, port} for the authentication target. Used by "ntlm" |
| 131 // to construct the service principal name. | 147 // and "negotiate" to construct the service principal name. |
| 132 GURL origin_; | 148 GURL origin_; |
| 133 | 149 |
| 134 // The score for this challenge. Higher numbers are better. | 150 // The score for this challenge. Higher numbers are better. |
| 135 int score_; | 151 int score_; |
| 136 | 152 |
| 137 // Whether this authentication request is for a proxy server, or an | 153 // Whether this authentication request is for a proxy server, or an |
| 138 // origin server. | 154 // origin server. |
| 139 HttpAuth::Target target_; | 155 HttpAuth::Target target_; |
| 140 | 156 |
| 141 // A bitmask of the properties of the authentication scheme. | 157 // A bitmask of the properties of the authentication scheme. |
| 142 int properties_; | 158 int properties_; |
| 143 }; | 159 }; |
| 144 | 160 |
| 145 } // namespace net | 161 } // namespace net |
| 146 | 162 |
| 147 #endif // NET_HTTP_HTTP_AUTH_HANDLER_H_ | 163 #endif // NET_HTTP_HTTP_AUTH_HANDLER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1535019:
Kerberos SPN generation for Negotiate challenges (Closed)
