| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ | 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ |
| 6 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ | 6 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ |
| 7 | 7 |
| 8 #include "build/build_config.h" | 8 #include "build/build_config.h" |
| 9 | 9 |
| 10 #include <string> | 10 #include <string> |
| 11 | 11 |
| 12 #include "net/base/address_list.h" |
| 12 #include "net/http/http_auth_handler.h" | 13 #include "net/http/http_auth_handler.h" |
| 13 #include "net/http/http_auth_handler_factory.h" | 14 #include "net/http/http_auth_handler_factory.h" |
| 14 | 15 |
| 15 #if defined(OS_WIN) | 16 #if defined(OS_WIN) |
| 16 #include "net/http/http_auth_sspi_win.h" | 17 #include "net/http/http_auth_sspi_win.h" |
| 17 #endif | 18 #endif |
| 18 | 19 |
| 19 namespace net { | 20 namespace net { |
| 20 | 21 |
| 22 class SingleRequestHostResolver; |
| 23 |
| 21 // Handler for WWW-Authenticate: Negotiate protocol. | 24 // Handler for WWW-Authenticate: Negotiate protocol. |
| 22 // | 25 // |
| 23 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559 | 26 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559 |
| 24 // for more information about the protocol. | 27 // for more information about the protocol. |
| 25 | 28 |
| 26 class HttpAuthHandlerNegotiate : public HttpAuthHandler { | 29 class HttpAuthHandlerNegotiate : public HttpAuthHandler { |
| 27 public: | 30 public: |
| 28 class Factory : public HttpAuthHandlerFactory { | 31 class Factory : public HttpAuthHandlerFactory { |
| 29 public: | 32 public: |
| 30 Factory(); | 33 Factory(); |
| 31 virtual ~Factory(); | 34 virtual ~Factory(); |
| 32 | 35 |
| 36 // |disable_cname_lookup()| and |set_disable_cname_lookup()| get/set whether |
| 37 // the auth handlers generated by this factory should skip looking up the |
| 38 // canonical DNS name of the the host that they are authenticating to when |
| 39 // generating the SPN. The default value is false. |
| 40 bool disable_cname_lookup() const { return disable_cname_lookup_; } |
| 41 void set_disable_cname_lookup(bool disable_cname_lookup) { |
| 42 disable_cname_lookup_ = disable_cname_lookup; |
| 43 } |
| 44 |
| 45 // |use_port()| and |set_use_port()| get/set whether the auth handlers |
| 46 // generated by this factory should include the port number of the server |
| 47 // they are authenticating to when constructing a Kerberos SPN. The default |
| 48 // value is false. |
| 49 bool use_port() const { return use_port_; } |
| 50 void set_use_port(bool use_port) { use_port_ = use_port; } |
| 51 |
| 33 virtual int CreateAuthHandler(HttpAuth::ChallengeTokenizer* challenge, | 52 virtual int CreateAuthHandler(HttpAuth::ChallengeTokenizer* challenge, |
| 34 HttpAuth::Target target, | 53 HttpAuth::Target target, |
| 35 const GURL& origin, | 54 const GURL& origin, |
| 36 scoped_refptr<HttpAuthHandler>* handler); | 55 scoped_refptr<HttpAuthHandler>* handler); |
| 37 | 56 |
| 38 #if defined(OS_WIN) | 57 #if defined(OS_WIN) |
| 39 // Set the SSPILibrary to use. Typically the only callers which need to | 58 // Set the SSPILibrary to use. Typically the only callers which need to |
| 40 // use this are unit tests which pass in a mocked-out version of the | 59 // use this are unit tests which pass in a mocked-out version of the |
| 41 // SSPI library. | 60 // SSPI library. |
| 42 // The caller is responsible for managing the lifetime of |*sspi_library|, | 61 // The caller is responsible for managing the lifetime of |*sspi_library|, |
| 43 // and the lifetime must exceed that of this Factory object and all | 62 // and the lifetime must exceed that of this Factory object and all |
| 44 // HttpAuthHandler's that this Factory object creates. | 63 // HttpAuthHandler's that this Factory object creates. |
| 45 void set_sspi_library(SSPILibrary* sspi_library) { | 64 void set_sspi_library(SSPILibrary* sspi_library) { |
| 46 sspi_library_ = sspi_library; | 65 sspi_library_ = sspi_library; |
| 47 } | 66 } |
| 48 #endif // defined(OS_WIN) | 67 #endif // defined(OS_WIN) |
| 49 private: | 68 private: |
| 69 bool disable_cname_lookup_; |
| 70 bool use_port_; |
| 50 #if defined(OS_WIN) | 71 #if defined(OS_WIN) |
| 51 ULONG max_token_length_; | 72 ULONG max_token_length_; |
| 52 bool first_creation_; | 73 bool first_creation_; |
| 53 bool is_unsupported_; | 74 bool is_unsupported_; |
| 54 SSPILibrary* sspi_library_; | 75 SSPILibrary* sspi_library_; |
| 55 #endif // defined(OS_WIN) | 76 #endif // defined(OS_WIN) |
| 56 }; | 77 }; |
| 57 | 78 |
| 58 #if defined(OS_WIN) | 79 #if defined(OS_WIN) |
| 59 HttpAuthHandlerNegotiate(SSPILibrary* sspi_library, ULONG max_token_length); | 80 HttpAuthHandlerNegotiate(SSPILibrary* sspi_library, ULONG max_token_length, |
| 81 bool disable_cname_lookup, bool use_port); |
| 60 #else | 82 #else |
| 61 HttpAuthHandlerNegotiate(); | 83 HttpAuthHandlerNegotiate(); |
| 62 #endif | 84 #endif |
| 63 | 85 |
| 64 virtual bool NeedsIdentity(); | 86 virtual bool NeedsIdentity(); |
| 65 | 87 |
| 66 virtual bool IsFinalRound(); | 88 virtual bool IsFinalRound(); |
| 67 | 89 |
| 68 virtual bool SupportsDefaultCredentials(); | 90 virtual bool SupportsDefaultCredentials(); |
| 69 | 91 |
| 92 virtual bool NeedsCanonicalName(); |
| 93 |
| 70 virtual int GenerateAuthToken(const std::wstring& username, | 94 virtual int GenerateAuthToken(const std::wstring& username, |
| 71 const std::wstring& password, | 95 const std::wstring& password, |
| 72 const HttpRequestInfo* request, | 96 const HttpRequestInfo* request, |
| 73 const ProxyInfo* proxy, | 97 const ProxyInfo* proxy, |
| 74 std::string* auth_token); | 98 std::string* auth_token); |
| 75 | 99 |
| 76 virtual int GenerateDefaultAuthToken(const HttpRequestInfo* request, | 100 virtual int GenerateDefaultAuthToken(const HttpRequestInfo* request, |
| 77 const ProxyInfo* proxy, | 101 const ProxyInfo* proxy, |
| 78 std::string* auth_token); | 102 std::string* auth_token); |
| 79 | 103 |
| 104 virtual int ResolveCanonicalName(HostResolver* host_resolver, |
| 105 CompletionCallback* callback, |
| 106 const BoundNetLog& net_log); |
| 107 |
| 80 protected: | 108 protected: |
| 81 virtual bool Init(HttpAuth::ChallengeTokenizer* challenge); | 109 virtual bool Init(HttpAuth::ChallengeTokenizer* challenge); |
| 82 | 110 |
| 83 private: | 111 private: |
| 84 ~HttpAuthHandlerNegotiate(); | 112 ~HttpAuthHandlerNegotiate(); |
| 85 | 113 |
| 86 #if defined(OS_WIN) | 114 #if defined(OS_WIN) |
| 115 void OnResolveCanonicalName(int result); |
| 116 std::wstring CreateSPN(const AddressList& address_list, const GURL& orign); |
| 117 |
| 87 HttpAuthSSPI auth_sspi_; | 118 HttpAuthSSPI auth_sspi_; |
| 119 AddressList address_list_; |
| 120 scoped_ptr<SingleRequestHostResolver> single_resolve_; |
| 121 CompletionCallback* user_callback_; |
| 122 CompletionCallbackImpl<HttpAuthHandlerNegotiate> resolve_cname_callback_; |
| 123 bool disable_cname_lookup_; |
| 124 bool use_port_; |
| 125 std::wstring spn_; |
| 88 #endif | 126 #endif |
| 89 }; | 127 }; |
| 90 | 128 |
| 91 } // namespace net | 129 } // namespace net |
| 92 | 130 |
| 93 #endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ | 131 #endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1535019:
Kerberos SPN generation for Negotiate challenges (Closed)
