Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(727)

Side by Side Diff: net/http/http_auth_gssapi_posix.cc

Issue 3155046: Add support for delegated Kerberos tickets during Negotiate authentication. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/http/http_auth_gssapi_posix.h ('k') | net/http/http_auth_handler_negotiate.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_auth_gssapi_posix.h" 5 #include "net/http/http_auth_gssapi_posix.h"
6 6
7 #include <limits> 7 #include <limits>
8 #include <string> 8 #include <string>
9 9
10 #include "base/base64.h" 10 #include "base/base64.h"
(...skipping 659 matching lines...) Expand 10 before | Expand all | Expand 10 after
670 security_context_ = GSS_C_NO_CONTEXT; 670 security_context_ = GSS_C_NO_CONTEXT;
671 } 671 }
672 } 672 }
673 673
674 HttpAuthGSSAPI::HttpAuthGSSAPI(GSSAPILibrary* library, 674 HttpAuthGSSAPI::HttpAuthGSSAPI(GSSAPILibrary* library,
675 const std::string& scheme, 675 const std::string& scheme,
676 gss_OID gss_oid) 676 gss_OID gss_oid)
677 : scheme_(scheme), 677 : scheme_(scheme),
678 gss_oid_(gss_oid), 678 gss_oid_(gss_oid),
679 library_(library), 679 library_(library),
680 scoped_sec_context_(library) { 680 scoped_sec_context_(library),
681 can_delegate_(false) {
681 DCHECK(library_); 682 DCHECK(library_);
682 } 683 }
683 684
684 HttpAuthGSSAPI::~HttpAuthGSSAPI() { 685 HttpAuthGSSAPI::~HttpAuthGSSAPI() {
685 } 686 }
686 687
687 bool HttpAuthGSSAPI::Init() { 688 bool HttpAuthGSSAPI::Init() {
688 if (!library_) 689 if (!library_)
689 return false; 690 return false;
690 return library_->Init(); 691 return library_->Init();
691 } 692 }
692 693
693 bool HttpAuthGSSAPI::NeedsIdentity() const { 694 bool HttpAuthGSSAPI::NeedsIdentity() const {
694 return decoded_server_auth_token_.empty(); 695 return decoded_server_auth_token_.empty();
695 } 696 }
696 697
697 bool HttpAuthGSSAPI::IsFinalRound() const { 698 bool HttpAuthGSSAPI::IsFinalRound() const {
698 return !NeedsIdentity(); 699 return !NeedsIdentity();
699 } 700 }
700 701
702 void HttpAuthGSSAPI::Delegate() {
703 can_delegate_ = true;
704 }
705
701 bool HttpAuthGSSAPI::ParseChallenge(HttpAuth::ChallengeTokenizer* tok) { 706 bool HttpAuthGSSAPI::ParseChallenge(HttpAuth::ChallengeTokenizer* tok) {
702 // Verify the challenge's auth-scheme. 707 // Verify the challenge's auth-scheme.
703 if (!tok->valid() || 708 if (!tok->valid() ||
704 !LowerCaseEqualsASCII(tok->scheme(), StringToLowerASCII(scheme_).c_str())) 709 !LowerCaseEqualsASCII(tok->scheme(), StringToLowerASCII(scheme_).c_str()))
705 return false; 710 return false;
706 711
707 tok->set_expect_base64_token(true); 712 tok->set_expect_base64_token(true);
708 if (!tok->GetNext()) { 713 if (!tok->GetNext()) {
709 decoded_server_auth_token_.clear(); 714 decoded_server_auth_token_.clear();
710 return true; 715 return true;
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after
792 << std::endl 797 << std::endl
793 << DisplayExtendedStatus(library_, 798 << DisplayExtendedStatus(library_,
794 major_status, 799 major_status,
795 minor_status); 800 minor_status);
796 return ERR_UNEXPECTED; 801 return ERR_UNEXPECTED;
797 } 802 }
798 ScopedName scoped_name(principal_name, library_); 803 ScopedName scoped_name(principal_name, library_);
799 804
800 // Continue creating a security context. 805 // Continue creating a security context.
801 OM_uint32 req_flags = 0; 806 OM_uint32 req_flags = 0;
807 if (can_delegate_)
808 req_flags |= GSS_C_DELEG_FLAG;
802 major_status = library_->init_sec_context( 809 major_status = library_->init_sec_context(
803 &minor_status, 810 &minor_status,
804 GSS_C_NO_CREDENTIAL, 811 GSS_C_NO_CREDENTIAL,
805 scoped_sec_context_.receive(), 812 scoped_sec_context_.receive(),
806 principal_name, 813 principal_name,
807 gss_oid_, 814 gss_oid_,
808 req_flags, 815 req_flags,
809 GSS_C_INDEFINITE, 816 GSS_C_INDEFINITE,
810 GSS_C_NO_CHANNEL_BINDINGS, 817 GSS_C_NO_CHANNEL_BINDINGS,
811 in_token, 818 in_token,
(...skipping 10 matching lines...) Expand all
822 minor_status) 829 minor_status)
823 << std::endl 830 << std::endl
824 << DescribeContext(library_, scoped_sec_context_.get()); 831 << DescribeContext(library_, scoped_sec_context_.get());
825 return ERR_MISSING_AUTH_CREDENTIALS; 832 return ERR_MISSING_AUTH_CREDENTIALS;
826 } 833 }
827 834
828 return OK; 835 return OK;
829 } 836 }
830 837
831 } // namespace net 838 } // namespace net
OLDNEW
« no previous file with comments | « net/http/http_auth_gssapi_posix.h ('k') | net/http/http_auth_handler_negotiate.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698