| OLD | NEW |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file contains common routines used by NTLM and Negotiate authentication | 5 // This file contains common routines used by NTLM and Negotiate authentication |
| 6 // using the SSPI API on Windows. | 6 // using the SSPI API on Windows. |
| 7 | 7 |
| 8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
| 9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
| 10 #pragma once | 10 #pragma once |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 89 // unspecified. ERR_IO_PENDING is not a valid return code. | 89 // unspecified. ERR_IO_PENDING is not a valid return code. |
| 90 // If this is the first round of a multiple round scheme, credentials are | 90 // If this is the first round of a multiple round scheme, credentials are |
| 91 // obtained using |*username| and |*password|. If |username| and |password| | 91 // obtained using |*username| and |*password|. If |username| and |password| |
| 92 // are both NULL, the credentials for the currently logged in user are used | 92 // are both NULL, the credentials for the currently logged in user are used |
| 93 // instead. | 93 // instead. |
| 94 int GenerateAuthToken(const string16* username, | 94 int GenerateAuthToken(const string16* username, |
| 95 const string16* password, | 95 const string16* password, |
| 96 const std::wstring& spn, | 96 const std::wstring& spn, |
| 97 std::string* auth_token); | 97 std::string* auth_token); |
| 98 | 98 |
| 99 // Delegation is allowed on the Kerberos ticket. This allows certain servers |
| 100 // to act as the user, such as an IIS server retrieiving data from a |
| 101 // Kerberized MSSQL server. |
| 102 void Delegate(); |
| 103 |
| 99 private: | 104 private: |
| 100 int OnFirstRound(const string16* username, | 105 int OnFirstRound(const string16* username, |
| 101 const string16* password); | 106 const string16* password); |
| 102 | 107 |
| 103 int GetNextSecurityToken( | 108 int GetNextSecurityToken( |
| 104 const std::wstring& spn, | 109 const std::wstring& spn, |
| 105 const void* in_token, | 110 const void* in_token, |
| 106 int in_token_len, | 111 int in_token_len, |
| 107 void** out_token, | 112 void** out_token, |
| 108 int* out_token_len); | 113 int* out_token_len); |
| 109 | 114 |
| 110 void ResetSecurityContext(); | 115 void ResetSecurityContext(); |
| 111 | 116 |
| 112 SSPILibrary* library_; | 117 SSPILibrary* library_; |
| 113 std::string scheme_; | 118 std::string scheme_; |
| 114 SEC_WCHAR* security_package_; | 119 SEC_WCHAR* security_package_; |
| 115 std::string decoded_server_auth_token_; | 120 std::string decoded_server_auth_token_; |
| 116 ULONG max_token_length_; | 121 ULONG max_token_length_; |
| 117 CredHandle cred_; | 122 CredHandle cred_; |
| 118 CtxtHandle ctxt_; | 123 CtxtHandle ctxt_; |
| 124 bool can_delegate_; |
| 119 }; | 125 }; |
| 120 | 126 |
| 121 // Splits |combined| into domain and username. | 127 // Splits |combined| into domain and username. |
| 122 // If |combined| is of form "FOO\bar", |domain| will contain "FOO" and |user| | 128 // If |combined| is of form "FOO\bar", |domain| will contain "FOO" and |user| |
| 123 // will contain "bar". | 129 // will contain "bar". |
| 124 // If |combined| is of form "bar", |domain| will be empty and |user| will | 130 // If |combined| is of form "bar", |domain| will be empty and |user| will |
| 125 // contain "bar". | 131 // contain "bar". |
| 126 // |domain| and |user| must be non-NULL. | 132 // |domain| and |user| must be non-NULL. |
| 127 void SplitDomainAndUser(const string16& combined, | 133 void SplitDomainAndUser(const string16& combined, |
| 128 string16* domain, | 134 string16* domain, |
| (...skipping 13 matching lines...) Expand all Loading... |
| 142 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem | 148 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem |
| 143 // in the underlying SSPI call. The details are logged, and |*max_token_length| | 149 // in the underlying SSPI call. The details are logged, and |*max_token_length| |
| 144 // is not changed. | 150 // is not changed. |
| 145 int DetermineMaxTokenLength(SSPILibrary* library, | 151 int DetermineMaxTokenLength(SSPILibrary* library, |
| 146 const std::wstring& package, | 152 const std::wstring& package, |
| 147 ULONG* max_token_length); | 153 ULONG* max_token_length); |
| 148 | 154 |
| 149 } // namespace net | 155 } // namespace net |
| 150 | 156 |
| 151 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 157 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
| OLD | NEW |