net/http/http_auth_sspi_win.cc - Issue 1535019: Kerberos SPN generation for Negotiate challenges

Side by Side Diff: net/http/http_auth_sspi_win.cc

Issue 1535019: Kerberos SPN generation for Negotiate challenges (Closed)

Patch Set: Fix to GetCanonicalName that is another CL. Created 10 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // See "SSPI Sample Application" at	5 // See "SSPI Sample Application" at

6 // http://msdn.microsoft.com/en-us/library/aa918273.aspx	6 // http://msdn.microsoft.com/en-us/library/aa918273.aspx

7	7

8 #include "net/http/http_auth_sspi_win.h"	8 #include "net/http/http_auth_sspi_win.h"

9	9

10 #include "base/base64.h"	10 #include "base/base64.h"

11 #include "base/logging.h"	11 #include "base/logging.h"

12 #include "base/singleton.h"	12 #include "base/singleton.h"

13 #include "base/string_util.h"	13 #include "base/string_util.h"

14 #include "net/base/net_errors.h"	14 #include "net/base/net_errors.h"

15 #include "net/base/net_util.h"

16 #include "net/http/http_auth.h"	15 #include "net/http/http_auth.h"

17	16

18 namespace net {	17 namespace net {

19	18

20 namespace {	19 namespace {

21	20

22 int MapAcquireCredentialsStatusToError(SECURITY_STATUS status,	21 int MapAcquireCredentialsStatusToError(SECURITY_STATUS status,

23 const SEC_WCHAR* package) {	22 const SEC_WCHAR* package) {

24 switch (status) {	23 switch (status) {

25 case SEC_E_OK:	24 case SEC_E_OK:

(...skipping 129 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
155 if (!base64_rv) {	154 if (!base64_rv) {

156 LOG(ERROR) << "Base64 decoding of auth token failed.";	155 LOG(ERROR) << "Base64 decoding of auth token failed.";

157 return false;	156 return false;

158 }	157 }

159 decoded_server_auth_token_ = decoded_auth_token;	158 decoded_server_auth_token_ = decoded_auth_token;

160 return true;	159 return true;

161 }	160 }

162	161

163 int HttpAuthSSPI::GenerateAuthToken(const std::wstring* username,	162 int HttpAuthSSPI::GenerateAuthToken(const std::wstring* username,

164 const std::wstring* password,	163 const std::wstring* password,

165 const GURL& origin,	164 const std::wstring& spn,

166 const HttpRequestInfo* request,	165 const HttpRequestInfo* request,

167 const ProxyInfo* proxy,	166 const ProxyInfo* proxy,

168 std::string* auth_token) {	167 std::string* auth_token) {

169 DCHECK((username == NULL) == (password == NULL));	168 DCHECK((username == NULL) == (password == NULL));

170	169

171 // Initial challenge.	170 // Initial challenge.

172 if (!IsFinalRound()) {	171 if (!IsFinalRound()) {

173 int rv = OnFirstRound(username, password);	172 int rv = OnFirstRound(username, password);

174 if (rv != OK)	173 if (rv != OK)

175 return rv;	174 return rv;

176 }	175 }

177	176

178 void* out_buf;	177 void* out_buf;

179 int out_buf_len;	178 int out_buf_len;

180 int rv = GetNextSecurityToken(	179 int rv = GetNextSecurityToken(

181 origin,	180 spn,

182 static_cast<void >(const_cast<char >(	181 static_cast<void >(const_cast<char >(

183 decoded_server_auth_token_.c_str())),	182 decoded_server_auth_token_.c_str())),

184 decoded_server_auth_token_.length(),	183 decoded_server_auth_token_.length(),

185 &out_buf,	184 &out_buf,

186 &out_buf_len);	185 &out_buf_len);

187 if (rv != OK)	186 if (rv != OK)

188 return rv;	187 return rv;

189	188

190 // Base64 encode data in output buffer and prepend the scheme.	189 // Base64 encode data in output buffer and prepend the scheme.

191 std::string encode_input(static_cast<char*>(out_buf), out_buf_len);	190 std::string encode_input(static_cast<char*>(out_buf), out_buf_len);

(...skipping 24 matching lines...) Expand all Loading...
216 } else {	215 } else {

217 rv = AcquireDefaultCredentials(library_, security_package_, &cred_);	216 rv = AcquireDefaultCredentials(library_, security_package_, &cred_);

218 if (rv != OK)	217 if (rv != OK)

219 return rv;	218 return rv;

220 }	219 }

221	220

222 return rv;	221 return rv;

223 }	222 }

224	223

225 int HttpAuthSSPI::GetNextSecurityToken(	224 int HttpAuthSSPI::GetNextSecurityToken(

226 const GURL& origin,	225 const std::wstring& spn,

227 const void * in_token,	226 const void * in_token,

228 int in_token_len,	227 int in_token_len,

229 void** out_token,	228 void** out_token,

230 int* out_token_len) {	229 int* out_token_len) {

231 SECURITY_STATUS status;	230 SECURITY_STATUS status;

232 TimeStamp expiry;	231 TimeStamp expiry;

233	232

234 DWORD ctxt_attr;	233 DWORD ctxt_attr;

235 CtxtHandle* ctxt_ptr;	234 CtxtHandle* ctxt_ptr;

236 SecBufferDesc in_buffer_desc, out_buffer_desc;	235 SecBufferDesc in_buffer_desc, out_buffer_desc;

(...skipping 25 matching lines...) Expand all Loading...
262 // Prepare output buffer.	261 // Prepare output buffer.

263 out_buffer_desc.ulVersion = SECBUFFER_VERSION;	262 out_buffer_desc.ulVersion = SECBUFFER_VERSION;

264 out_buffer_desc.cBuffers = 1;	263 out_buffer_desc.cBuffers = 1;

265 out_buffer_desc.pBuffers = &out_buffer;	264 out_buffer_desc.pBuffers = &out_buffer;

266 out_buffer.BufferType = SECBUFFER_TOKEN;	265 out_buffer.BufferType = SECBUFFER_TOKEN;

267 out_buffer.cbBuffer = max_token_length_;	266 out_buffer.cbBuffer = max_token_length_;

268 out_buffer.pvBuffer = malloc(out_buffer.cbBuffer);	267 out_buffer.pvBuffer = malloc(out_buffer.cbBuffer);

269 if (!out_buffer.pvBuffer)	268 if (!out_buffer.pvBuffer)

270 return ERR_OUT_OF_MEMORY;	269 return ERR_OUT_OF_MEMORY;

271	270

272 // The service principal name of the destination server. See

273 // http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx

274 std::wstring target(L"HTTP/");

275 target.append(ASCIIToWide(GetHostAndPort(origin)));

276 wchar_t* target_name = const_cast<wchar_t*>(target.c_str());

277

278 // This returns a token that is passed to the remote server.	271 // This returns a token that is passed to the remote server.

279 status = library_->InitializeSecurityContext(	272 status = library_->InitializeSecurityContext(

280 &cred_, // phCredential	273 &cred_, // phCredential

281 ctxt_ptr, // phContext	274 ctxt_ptr, // phContext

282 target_name, // pszTargetName	275 const_cast<wchar_t *>(spn.c_str()), // pszTargetName

283 0, // fContextReq	276 0, // fContextReq

284 0, // Reserved1 (must be 0)	277 0, // Reserved1 (must be 0)

285 SECURITY_NATIVE_DREP, // TargetDataRep	278 SECURITY_NATIVE_DREP, // TargetDataRep

286 in_buffer_desc_ptr, // pInput	279 in_buffer_desc_ptr, // pInput

287 0, // Reserved2 (must be 0)	280 0, // Reserved2 (must be 0)

288 &ctxt_, // phNewContext	281 &ctxt_, // phNewContext

289 &out_buffer_desc, // pOutput	282 &out_buffer_desc, // pOutput

290 &ctxt_attr, // pfContextAttr	283 &ctxt_attr, // pfContextAttr

291 &expiry); // ptsExpiry	284 &expiry); // ptsExpiry

292 // On success, the function returns SEC_I_CONTINUE_NEEDED on the first call	285 // On success, the function returns SEC_I_CONTINUE_NEEDED on the first call

(...skipping 125 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
418 private:	411 private:

419 friend struct DefaultSingletonTraits<SSPILibraryDefault>;	412 friend struct DefaultSingletonTraits<SSPILibraryDefault>;

420 };	413 };

421	414

422 // static	415 // static

423 SSPILibrary* SSPILibrary::GetDefault() {	416 SSPILibrary* SSPILibrary::GetDefault() {

424 return Singleton<SSPILibraryDefault>::get();	417 return Singleton<SSPILibraryDefault>::get();

425 }	418 }

426	419

427 } // namespace net	420 } // namespace net

OLD	NEW

« no previous file with comments | « net/http/http_auth_sspi_win.h ('k') | net/http/http_network_transaction.h » ('j') | no next file with comments »