Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(762)

Side by Side Diff: net/http/http_auth_sspi_win.h

Issue 3155046: Add support for delegated Kerberos tickets during Negotiate authentication. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/http/http_auth_handler_negotiate.cc ('k') | net/http/http_auth_sspi_win.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file contains common routines used by NTLM and Negotiate authentication 5 // This file contains common routines used by NTLM and Negotiate authentication
6 // using the SSPI API on Windows. 6 // using the SSPI API on Windows.
7 7
8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ 8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ 9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
10 #pragma once 10 #pragma once
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
89 // unspecified. ERR_IO_PENDING is not a valid return code. 89 // unspecified. ERR_IO_PENDING is not a valid return code.
90 // If this is the first round of a multiple round scheme, credentials are 90 // If this is the first round of a multiple round scheme, credentials are
91 // obtained using |*username| and |*password|. If |username| and |password| 91 // obtained using |*username| and |*password|. If |username| and |password|
92 // are both NULL, the credentials for the currently logged in user are used 92 // are both NULL, the credentials for the currently logged in user are used
93 // instead. 93 // instead.
94 int GenerateAuthToken(const string16* username, 94 int GenerateAuthToken(const string16* username,
95 const string16* password, 95 const string16* password,
96 const std::wstring& spn, 96 const std::wstring& spn,
97 std::string* auth_token); 97 std::string* auth_token);
98 98
99 // Delegation is allowed on the Kerberos ticket. This allows certain servers
100 // to act as the user, such as an IIS server retrieiving data from a
101 // Kerberized MSSQL server.
102 void Delegate();
103
99 private: 104 private:
100 int OnFirstRound(const string16* username, 105 int OnFirstRound(const string16* username,
101 const string16* password); 106 const string16* password);
102 107
103 int GetNextSecurityToken( 108 int GetNextSecurityToken(
104 const std::wstring& spn, 109 const std::wstring& spn,
105 const void* in_token, 110 const void* in_token,
106 int in_token_len, 111 int in_token_len,
107 void** out_token, 112 void** out_token,
108 int* out_token_len); 113 int* out_token_len);
109 114
110 void ResetSecurityContext(); 115 void ResetSecurityContext();
111 116
112 SSPILibrary* library_; 117 SSPILibrary* library_;
113 std::string scheme_; 118 std::string scheme_;
114 SEC_WCHAR* security_package_; 119 SEC_WCHAR* security_package_;
115 std::string decoded_server_auth_token_; 120 std::string decoded_server_auth_token_;
116 ULONG max_token_length_; 121 ULONG max_token_length_;
117 CredHandle cred_; 122 CredHandle cred_;
118 CtxtHandle ctxt_; 123 CtxtHandle ctxt_;
124 bool can_delegate_;
119 }; 125 };
120 126
121 // Splits |combined| into domain and username. 127 // Splits |combined| into domain and username.
122 // If |combined| is of form "FOO\bar", |domain| will contain "FOO" and |user| 128 // If |combined| is of form "FOO\bar", |domain| will contain "FOO" and |user|
123 // will contain "bar". 129 // will contain "bar".
124 // If |combined| is of form "bar", |domain| will be empty and |user| will 130 // If |combined| is of form "bar", |domain| will be empty and |user| will
125 // contain "bar". 131 // contain "bar".
126 // |domain| and |user| must be non-NULL. 132 // |domain| and |user| must be non-NULL.
127 void SplitDomainAndUser(const string16& combined, 133 void SplitDomainAndUser(const string16& combined,
128 string16* domain, 134 string16* domain,
(...skipping 13 matching lines...) Expand all
142 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem 148 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem
143 // in the underlying SSPI call. The details are logged, and |*max_token_length| 149 // in the underlying SSPI call. The details are logged, and |*max_token_length|
144 // is not changed. 150 // is not changed.
145 int DetermineMaxTokenLength(SSPILibrary* library, 151 int DetermineMaxTokenLength(SSPILibrary* library,
146 const std::wstring& package, 152 const std::wstring& package,
147 ULONG* max_token_length); 153 ULONG* max_token_length);
148 154
149 } // namespace net 155 } // namespace net
150 156
151 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ 157 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
OLDNEW
« no previous file with comments | « net/http/http_auth_handler_negotiate.cc ('k') | net/http/http_auth_sspi_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698