net/http/http_auth_gssapi_posix.h - Issue 1736009: Preliminary support for GSSAPI (Linux and Mac OS X).

Side by Side Diff: net/http/http_auth_gssapi_posix.h

Issue 1736009: Preliminary support for GSSAPI (Linux and Mac OS X). (Closed) Base URL: http://src.chromium.org/svn/trunk/src/

Patch Set: Bug and style fixes. Created 10 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_

	6 #define NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_

	7

	8 #include <string>

	9

	10 #include "base/gtest_prod_util.h"

	11 #include "base/native_library.h"

	12 #include "net/http/http_auth.h"

	13

	14 #define GSS_USE_FUNCTION_POINTERS

	15 #include "net/third_party/gssapi/gssapi.h"

	16

	17 class GURL;

	18

	19 namespace net {

	20

	21 class HttpRequestInfo;

	22 class ProxyInfo;

	23

	24 // GSSAPILibrary is introduced so unit tests can mock the calls to the GSSAPI

	25 // library. The default implementation attempts to load one of the standard

	26 // GSSAPI library implementations, then simply passes the arguments on to

	27 // that implementation.

	28 class GSSAPILibrary {

	29 public:

	30 virtual ~GSSAPILibrary() {}

	31

	32 // Initializes the library, including any necessary dynamic libraries.

	33 virtual bool Init() = 0;

	34

	35 // These methods match the ones in the GSSAPI library.

	36 virtual gssapi::OM_uint32 import_name(

	37 gssapi::OM_uint32* minor_status,

	38 const gssapi::gss_buffer_t input_name_buffer,

	39 const gssapi::gss_OID input_name_type,

	40 gssapi::gss_name_t* output_name) = 0;

	41 virtual gssapi::OM_uint32 release_name(

	42 gssapi::OM_uint32* minor_status,

	43 gssapi::gss_name_t* input_name) = 0;

	44 virtual gssapi::OM_uint32 release_buffer(

	45 gssapi::OM_uint32* minor_status,

	46 gssapi::gss_buffer_t buffer) = 0;

	47 virtual gssapi::OM_uint32 display_status(

	48 gssapi::OM_uint32* minor_status,

	49 gssapi::OM_uint32 status_value,

	50 int status_type,

	51 const gssapi::gss_OID mech_type,

	52 gssapi::OM_uint32* message_contex,

	53 gssapi::gss_buffer_t status_string) = 0;

	54 virtual gssapi::OM_uint32 init_sec_context(

	55 gssapi::OM_uint32* minor_status,

	56 const gssapi::gss_cred_id_t initiator_cred_handle,

	57 gssapi::gss_ctx_id_t* context_handle,

	58 const gssapi::gss_name_t target_name,

	59 const gssapi::gss_OID mech_type,

	60 gssapi::OM_uint32 req_flags,

	61 gssapi::OM_uint32 time_req,

	62 const gssapi::gss_channel_bindings_t input_chan_bindings,

	63 const gssapi::gss_buffer_t input_token,

	64 gssapi::gss_OID* actual_mech_type,

	65 gssapi::gss_buffer_t output_token,

	66 gssapi::OM_uint32* ret_flags,

	67 gssapi::OM_uint32* time_rec) = 0;

	68 virtual gssapi::OM_uint32 wrap_size_limit(

	69 gssapi::OM_uint32* minor_status,

	70 const gssapi::gss_ctx_id_t context_handle,

	71 int conf_req_flag,

	72 gssapi::gss_qop_t qop_req,

	73 gssapi::OM_uint32 req_output_size,

	74 gssapi::OM_uint32* max_input_size) = 0;

	75

	76 // Get the default GSSPILibrary instance. The object returned is a singleton

	77 // instance, and the caller should not delete it.

	78 static GSSAPILibrary* GetDefault();

	79 };

	80

	81 // GSSAPISharedLibrary class is defined here so that unit tests can access it.

	82 class GSSAPISharedLibrary : public GSSAPILibrary {

	83 public:

	84 GSSAPISharedLibrary();

	85 virtual ~GSSAPISharedLibrary();

	86

	87 // GSSAPILibrary methods:

	88 virtual bool Init();

	89 virtual gssapi::OM_uint32 import_name(

	90 gssapi::OM_uint32* minor_status,

	91 const gssapi::gss_buffer_t input_name_buffer,

	92 const gssapi::gss_OID input_name_type,

	93 gssapi::gss_name_t* output_name);

	94 virtual gssapi::OM_uint32 release_name(

	95 gssapi::OM_uint32* minor_status,

	96 gssapi::gss_name_t* input_name);

	97 virtual gssapi::OM_uint32 release_buffer(

	98 gssapi::OM_uint32* minor_status,

	99 gssapi::gss_buffer_t buffer);

	100 virtual gssapi::OM_uint32 display_status(

	101 gssapi::OM_uint32* minor_status,

	102 gssapi::OM_uint32 status_value,

	103 int status_type,

	104 const gssapi::gss_OID mech_type,

	105 gssapi::OM_uint32* message_contex,

	106 gssapi::gss_buffer_t status_string);

	107 virtual gssapi::OM_uint32 init_sec_context(

	108 gssapi::OM_uint32* minor_status,

	109 const gssapi::gss_cred_id_t initiator_cred_handle,

	110 gssapi::gss_ctx_id_t* context_handle,

	111 const gssapi::gss_name_t target_name,

	112 const gssapi::gss_OID mech_type,

	113 gssapi::OM_uint32 req_flags,

	114 gssapi::OM_uint32 time_req,

	115 const gssapi::gss_channel_bindings_t input_chan_bindings,

	116 const gssapi::gss_buffer_t input_token,

	117 gssapi::gss_OID* actual_mech_type,

	118 gssapi::gss_buffer_t output_token,

	119 gssapi::OM_uint32* ret_flags,

	120 gssapi::OM_uint32* time_rec);

	121 virtual gssapi::OM_uint32 wrap_size_limit(

	122 gssapi::OM_uint32* minor_status,

	123 const gssapi::gss_ctx_id_t context_handle,

	124 int conf_req_flag,

	125 gssapi::gss_qop_t qop_req,

	126 gssapi::OM_uint32 req_output_size,

	127 gssapi::OM_uint32* max_input_size);

	128

	129 private:

	130 FRIEND_TEST_ALL_PREFIXES(HttpAuthGSSAPIPOSIXTest, GSSAPIStartup);

	131

	132 bool InitImpl();

	133 static base::NativeLibrary LoadSharedObject();

	134 bool BindMethods();

	135

	136 bool initialized_;

	137

	138 // Need some way to invalidate the library.

	139 base::NativeLibrary gssapi_library_;

	140

	141 // Function pointers

	142 gssapi::gss_import_name_type import_name_;

	143 gssapi::gss_release_name_type release_name_;

	144 gssapi::gss_release_buffer_type release_buffer_;

	145 gssapi::gss_display_status_type display_status_;

	146 gssapi::gss_init_sec_context_type init_sec_context_;

	147 gssapi::gss_wrap_size_limit_type wrap_size_limit_;

	148 };

	149

	150 // TODO(cbentzel): Share code with HttpAuthSSPI.

	151 class HttpAuthGSSAPI {

	152 public:

	153 HttpAuthGSSAPI(GSSAPILibrary* library,

	154 const std::string& scheme,

	155 const gssapi::gss_OID gss_oid);

	156 ~HttpAuthGSSAPI();

	157

	158 bool NeedsIdentity() const;

	159 bool IsFinalRound() const;

	160

	161 bool ParseChallenge(HttpAuth::ChallengeTokenizer* tok);

	162

	163 // Generates an authentication token.

	164 // The return value is an error code. If it's not \|OK\|, the value of

	165 // \|*auth_token\| is unspecified.

	166 // \|spn\| is the Service Principal Name of the server that the token is

	167 // being generated for.

	168 // If this is the first round of a multiple round scheme, credentials are

	169 // obtained using \|username\| and \|password\|. If \|username\| and \|password\|

	170 // are NULL, the default credentials are used instead.

	171 int GenerateAuthToken(const std::wstring* username,

	172 const std::wstring* password,

	173 const std::wstring& spn,

	174 const HttpRequestInfo* request,

	175 const ProxyInfo* proxy,

	176 std::string* out_credentials);
	wtc 2010/06/04 21:10:34 Please rename out_credentials to auth_token to mat Please rename out_credentials to auth_token to match the comment at line 165 above (or you can change the comment to match the code).
	177

	178 private:

	179 int OnFirstRound(const std::wstring* username,

	180 const std::wstring* password);

	181 int GetNextSecurityToken(const std::wstring& spn,

	182 gssapi::gss_buffer_t in_token,

	183 gssapi::gss_buffer_t out_token);

	184

	185 std::string scheme_;

	186 std::wstring username_;

	187 std::wstring password_;

	188 gssapi::gss_OID gss_oid_;

	189 GSSAPILibrary* library_;

	190 std::string decoded_server_auth_token_;

	191 gssapi::gss_ctx_id_t sec_context_;

	192 };

	193

	194 } // namespace net

	195

	196 #endif // NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_

OLD	NEW

« no previous file with comments | « no previous file | net/http/http_auth_gssapi_posix.cc » ('j') | net/http/http_auth_gssapi_posix.cc » ('J')