net/http/http_auth_handler.h - Issue 1535019: Kerberos SPN generation for Negotiate challenges

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/http/http_auth_handler.h

Issue 1535019: Kerberos SPN generation for Negotiate challenges (Closed)

Patch Set: Fix to GetCanonicalName that is another CL. Created 10 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/http/http_auth_handler.h

diff --git a/net/http/http_auth_handler.h b/net/http/http_auth_handler.h

index d2eae133204b7fa96f91a3a26b93bd17fabfc28e..663e04abd31e09b4161b413d50aff15cd1131a5d 100644

--- a/net/http/http_auth_handler.h

+++ b/net/http/http_auth_handler.h

@@ -8,10 +8,13 @@

#include <string>

#include "base/ref_counted.h"

+#include "net/base/completion_callback.h"

#include "net/http/http_auth.h"

namespace net {

+class BoundNetLog;

+class HostResolver;

class HttpRequestInfo;

class ProxyInfo;

@@ -81,6 +84,11 @@ class HttpAuthHandler : public base::RefCounted<HttpAuthHandler> {

// TODO(cbentzel): Add a pointer to Firefox documentation about risk.

virtual bool SupportsDefaultCredentials() { return false; }

+ // Returns whether the canonical DNS name for the origin host needs to be

+ // resolved. The Negotiate auth scheme typically uses the canonical DNS

+ // name when constructing the Kerberos SPN.

+ virtual bool NeedsCanonicalName() { return false; }

// TODO(cbentzel): Separate providing credentials from generating the

// authentication token in the API.

@@ -103,6 +111,14 @@ class HttpAuthHandler : public base::RefCounted<HttpAuthHandler> {

const ProxyInfo* proxy,

std::string* auth_token) = 0;

+ // Resolves the canonical name for the |origin_| host. The canonical

+ // name is used by the Negotiate scheme to generate a valid Kerberos

+ // SPN.

+ // The return value is a net error code.

+ virtual int ResolveCanonicalName(HostResolver* host_resolver,

+ CompletionCallback* callback,

+ const BoundNetLog& net_log);

protected:

enum Property {

ENCRYPTS_IDENTITY = 1 << 0,

@@ -121,14 +137,14 @@ class HttpAuthHandler : public base::RefCounted<HttpAuthHandler> {

// scheme_, realm_, score_, properties_

virtual bool Init(HttpAuth::ChallengeTokenizer* challenge) = 0;

- // The lowercase auth-scheme {"basic", "digest", "ntlm", ...}

+ // The lowercase auth-scheme {"basic", "digest", "ntlm", "negotiate"}

std::string scheme_;

// The realm. Used by "basic" and "digest".

std::string realm_;

// The {scheme, host, port} for the authentication target. Used by "ntlm"

- // to construct the service principal name.

+ // and "negotiate" to construct the service principal name.

GURL origin_;

// The score for this challenge. Higher numbers are better.

« no previous file with comments | « net/base/address_list.cc ('k') | net/http/http_auth_handler.cc » ('j') | no next file with comments »