| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file contains common routines used by NTLM and Negotiate authentication | 5 // This file contains common routines used by NTLM and Negotiate authentication |
| 6 // using the SSPI API on Windows. | 6 // using the SSPI API on Windows. |
| 7 | 7 |
| 8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
| 9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
| 10 | 10 |
| 11 // security.h needs to be included for CredHandle. Unfortunately CredHandle | 11 // security.h needs to be included for CredHandle. Unfortunately CredHandle |
| 12 // is a typedef and can't be forward declared. | 12 // is a typedef and can't be forward declared. |
| 13 #define SECURITY_WIN32 1 | 13 #define SECURITY_WIN32 1 |
| 14 #include <windows.h> | 14 #include <windows.h> |
| 15 #include <security.h> | 15 #include <security.h> |
| 16 | 16 |
| 17 #include <string> | 17 #include <string> |
| 18 | 18 |
| 19 #include "net/http/http_auth.h" | 19 #include "net/http/http_auth.h" |
| 20 | 20 |
| 21 class GURL; | |
| 22 | |
| 23 namespace net { | 21 namespace net { |
| 24 | 22 |
| 25 class HttpRequestInfo; | 23 class HttpRequestInfo; |
| 26 class ProxyInfo; | 24 class ProxyInfo; |
| 27 | 25 |
| 28 // SSPILibrary is introduced so unit tests can mock the calls to Windows' SSPI | 26 // SSPILibrary is introduced so unit tests can mock the calls to Windows' SSPI |
| 29 // implementation. The default implementation simply passes the arguments on to | 27 // implementation. The default implementation simply passes the arguments on to |
| 30 // the SSPI implementation provided by Secur32.dll. | 28 // the SSPI implementation provided by Secur32.dll. |
| 31 // NOTE(cbentzel): I considered replacing the Secur32.dll with a mock DLL, but | 29 // NOTE(cbentzel): I considered replacing the Secur32.dll with a mock DLL, but |
| 32 // decided that it wasn't worth the effort as this is unlikely to be performance | 30 // decided that it wasn't worth the effort as this is unlikely to be performance |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 82 ~HttpAuthSSPI(); | 80 ~HttpAuthSSPI(); |
| 83 | 81 |
| 84 bool NeedsIdentity() const; | 82 bool NeedsIdentity() const; |
| 85 bool IsFinalRound() const; | 83 bool IsFinalRound() const; |
| 86 | 84 |
| 87 bool ParseChallenge(HttpAuth::ChallengeTokenizer* tok); | 85 bool ParseChallenge(HttpAuth::ChallengeTokenizer* tok); |
| 88 | 86 |
| 89 // Generates an authentication token. | 87 // Generates an authentication token. |
| 90 // The return value is an error code. If it's not |OK|, the value of | 88 // The return value is an error code. If it's not |OK|, the value of |
| 91 // |*auth_token| is unspecified. | 89 // |*auth_token| is unspecified. |
| 90 // |spn| is the Service Principal Name of the server that the token is |
| 91 // being generated for. |
| 92 // If this is the first round of a multiple round scheme, credentials are | 92 // If this is the first round of a multiple round scheme, credentials are |
| 93 // obtained using |*username| and |*password|. If |username| and |password| | 93 // obtained using |*username| and |*password|. If |username| and |password| |
| 94 // are NULL, the default credentials are used instead. | 94 // are NULL, the default credentials are used instead. |
| 95 int GenerateAuthToken(const std::wstring* username, | 95 int GenerateAuthToken(const std::wstring* username, |
| 96 const std::wstring* password, | 96 const std::wstring* password, |
| 97 const GURL& origin, | 97 const std::wstring& spn, |
| 98 const HttpRequestInfo* request, | 98 const HttpRequestInfo* request, |
| 99 const ProxyInfo* proxy, | 99 const ProxyInfo* proxy, |
| 100 std::string* auth_token); | 100 std::string* auth_token); |
| 101 | 101 |
| 102 private: | 102 private: |
| 103 int OnFirstRound(const std::wstring* username, | 103 int OnFirstRound(const std::wstring* username, |
| 104 const std::wstring* password); | 104 const std::wstring* password); |
| 105 | 105 |
| 106 int GetNextSecurityToken( | 106 int GetNextSecurityToken( |
| 107 const GURL& origin, | 107 const std::wstring& spn, |
| 108 const void* in_token, | 108 const void* in_token, |
| 109 int in_token_len, | 109 int in_token_len, |
| 110 void** out_token, | 110 void** out_token, |
| 111 int* out_token_len); | 111 int* out_token_len); |
| 112 | 112 |
| 113 void ResetSecurityContext(); | 113 void ResetSecurityContext(); |
| 114 | 114 |
| 115 SSPILibrary* library_; | 115 SSPILibrary* library_; |
| 116 std::string scheme_; | 116 std::string scheme_; |
| 117 SEC_WCHAR* security_package_; | 117 SEC_WCHAR* security_package_; |
| (...skipping 28 matching lines...) Expand all Loading... |
| 146 // in the underlying SSPI call. The details are logged, and |*max_token_length| | 146 // in the underlying SSPI call. The details are logged, and |*max_token_length| |
| 147 // is not changed. | 147 // is not changed. |
| 148 int DetermineMaxTokenLength(SSPILibrary* library, | 148 int DetermineMaxTokenLength(SSPILibrary* library, |
| 149 const std::wstring& package, | 149 const std::wstring& package, |
| 150 ULONG* max_token_length); | 150 ULONG* max_token_length); |
| 151 | 151 |
| 152 } // namespace net | 152 } // namespace net |
| 153 | 153 |
| 154 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 154 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
| 155 | 155 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1535019:
Kerberos SPN generation for Negotiate challenges (Closed)
