OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_auth_gssapi_posix.h" | 5 #include "net/http/http_auth_gssapi_posix.h" |
6 | 6 |
7 #include <limits> | 7 #include <limits> |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/base64.h" | 10 #include "base/base64.h" |
11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
12 #include "base/format_macros.h" | 12 #include "base/format_macros.h" |
13 #include "base/logging.h" | 13 #include "base/logging.h" |
14 #include "base/strings/string_util.h" | 14 #include "base/strings/string_util.h" |
15 #include "base/strings/stringprintf.h" | 15 #include "base/strings/stringprintf.h" |
16 #include "base/threading/thread_restrictions.h" | 16 #include "base/threading/thread_restrictions.h" |
17 #include "net/base/net_errors.h" | 17 #include "net/base/net_errors.h" |
18 #include "net/base/net_util.h" | 18 #include "net/base/net_util.h" |
19 #include "net/http/http_auth_challenge_tokenizer.h" | 19 #include "net/http/http_auth_handler_negotiate_parse.h" |
20 | 20 |
21 // These are defined for the GSSAPI library: | 21 // These are defined for the GSSAPI library: |
22 // Paraphrasing the comments from gssapi.h: | 22 // Paraphrasing the comments from gssapi.h: |
23 // "The implementation must reserve static storage for a | 23 // "The implementation must reserve static storage for a |
24 // gss_OID_desc object for each constant. That constant | 24 // gss_OID_desc object for each constant. That constant |
25 // should be initialized to point to that gss_OID_desc." | 25 // should be initialized to point to that gss_OID_desc." |
26 // These are encoded using ASN.1 BER encoding. | 26 // These are encoded using ASN.1 BER encoding. |
27 namespace { | 27 namespace { |
28 | 28 |
29 static gss_OID_desc GSS_C_NT_USER_NAME_VAL = { | 29 static gss_OID_desc GSS_C_NT_USER_NAME_VAL = { |
(...skipping 650 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
680 bool HttpAuthGSSAPI::AllowsExplicitCredentials() const { | 680 bool HttpAuthGSSAPI::AllowsExplicitCredentials() const { |
681 return false; | 681 return false; |
682 } | 682 } |
683 | 683 |
684 void HttpAuthGSSAPI::Delegate() { | 684 void HttpAuthGSSAPI::Delegate() { |
685 can_delegate_ = true; | 685 can_delegate_ = true; |
686 } | 686 } |
687 | 687 |
688 HttpAuth::AuthorizationResult HttpAuthGSSAPI::ParseChallenge( | 688 HttpAuth::AuthorizationResult HttpAuthGSSAPI::ParseChallenge( |
689 HttpAuthChallengeTokenizer* tok) { | 689 HttpAuthChallengeTokenizer* tok) { |
690 // Verify the challenge's auth-scheme. | 690 if (scoped_sec_context_.get() == GSS_C_NO_CONTEXT) { |
691 if (!base::LowerCaseEqualsASCII(tok->scheme(), | 691 return net::ParseFirstNegotiateChallenge(scheme_, tok); |
692 base::StringToLowerASCII(scheme_).c_str())) | |
693 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | |
694 | |
695 std::string encoded_auth_token = tok->base64_param(); | |
696 | |
697 if (encoded_auth_token.empty()) { | |
698 // If a context has already been established, an empty Negotiate challenge | |
699 // should be treated as a rejection of the current attempt. | |
700 if (scoped_sec_context_.get() != GSS_C_NO_CONTEXT) | |
701 return HttpAuth::AUTHORIZATION_RESULT_REJECT; | |
702 DCHECK(decoded_server_auth_token_.empty()); | |
703 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; | |
704 } else { | 692 } else { |
Ryan Sleevi
2015/06/29 13:56:45
no else after return
aberent
2015/07/02 21:13:36
Done.
| |
705 // If a context has not already been established, additional tokens should | 693 std::string encoded_auth_token; |
706 // not be present in the auth challenge. | 694 return net::ParseAnotherNegotiateChallenge( |
707 if (scoped_sec_context_.get() == GSS_C_NO_CONTEXT) | 695 scheme_, tok, &encoded_auth_token, &decoded_server_auth_token_); |
708 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | |
709 } | 696 } |
710 | |
711 // Make sure the additional token is base64 encoded. | |
712 std::string decoded_auth_token; | |
713 bool base64_rv = base::Base64Decode(encoded_auth_token, &decoded_auth_token); | |
714 if (!base64_rv) | |
715 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | |
716 decoded_server_auth_token_ = decoded_auth_token; | |
717 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; | |
718 } | 697 } |
719 | 698 |
720 int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials, | 699 int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials, |
721 const std::string& spn, | 700 const std::string& spn, |
722 std::string* auth_token) { | 701 std::string* auth_token, |
702 const CompletionCallback& /*callback*/) { | |
723 DCHECK(auth_token); | 703 DCHECK(auth_token); |
724 | 704 |
725 gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; | 705 gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; |
726 input_token.length = decoded_server_auth_token_.length(); | 706 input_token.length = decoded_server_auth_token_.length(); |
727 input_token.value = (input_token.length > 0) ? | 707 input_token.value = (input_token.length > 0) ? |
728 const_cast<char*>(decoded_server_auth_token_.data()) : | 708 const_cast<char*>(decoded_server_auth_token_.data()) : |
729 NULL; | 709 NULL; |
730 gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; | 710 gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; |
731 ScopedBuffer scoped_output_token(&output_token, library_); | 711 ScopedBuffer scoped_output_token(&output_token, library_); |
732 int rv = GetNextSecurityToken(spn, &input_token, &output_token); | 712 int rv = GetNextSecurityToken(spn, &input_token, &output_token); |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
883 if (rv != OK) { | 863 if (rv != OK) { |
884 LOG(ERROR) << "Problem initializing context. \n" | 864 LOG(ERROR) << "Problem initializing context. \n" |
885 << DisplayExtendedStatus(library_, major_status, minor_status) | 865 << DisplayExtendedStatus(library_, major_status, minor_status) |
886 << '\n' | 866 << '\n' |
887 << DescribeContext(library_, scoped_sec_context_.get()); | 867 << DescribeContext(library_, scoped_sec_context_.get()); |
888 } | 868 } |
889 return rv; | 869 return rv; |
890 } | 870 } |
891 | 871 |
892 } // namespace net | 872 } // namespace net |
OLD | NEW |