Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(368)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_auth_gssapi_posix.cc

Issue 1128043007: Support Kerberos on Android (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix Android GN build Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/http/http_auth_gssapi_posix.h ('K') | « net/http/http_auth_gssapi_posix.h ('k') | net/http/http_auth_gssapi_posix_unittest.cc » ('j') | net/http/http_auth_handler_factory.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_auth_gssapi_posix.h" 5 #include "net/http/http_auth_gssapi_posix.h"
6 6
7 #include <limits> 7 #include <limits>
8 #include <string> 8 #include <string>
9 9
10 #include "base/base64.h" 10 #include "base/base64.h"
11 #include "base/files/file_path.h" 11 #include "base/files/file_path.h"
12 #include "base/format_macros.h" 12 #include "base/format_macros.h"
13 #include "base/logging.h" 13 #include "base/logging.h"
14 #include "base/strings/string_util.h" 14 #include "base/strings/string_util.h"
15 #include "base/strings/stringprintf.h" 15 #include "base/strings/stringprintf.h"
16 #include "base/threading/thread_restrictions.h" 16 #include "base/threading/thread_restrictions.h"
17 #include "net/base/net_errors.h" 17 #include "net/base/net_errors.h"
18 #include "net/base/net_util.h" 18 #include "net/base/net_util.h"
19 #include "net/http/http_auth_challenge_tokenizer.h" 19 #include "net/http/http_auth_handler_negotiate_parse.h"
20 20
21 // These are defined for the GSSAPI library: 21 // These are defined for the GSSAPI library:
22 // Paraphrasing the comments from gssapi.h: 22 // Paraphrasing the comments from gssapi.h:
23 // "The implementation must reserve static storage for a 23 // "The implementation must reserve static storage for a
24 // gss_OID_desc object for each constant. That constant 24 // gss_OID_desc object for each constant. That constant
25 // should be initialized to point to that gss_OID_desc." 25 // should be initialized to point to that gss_OID_desc."
26 // These are encoded using ASN.1 BER encoding. 26 // These are encoded using ASN.1 BER encoding.
27 namespace { 27 namespace {
28 28
29 static gss_OID_desc GSS_C_NT_USER_NAME_VAL = { 29 static gss_OID_desc GSS_C_NT_USER_NAME_VAL = {
(...skipping 650 matching lines...) Expand 10 before | Expand all | Expand 10 after
680 bool HttpAuthGSSAPI::AllowsExplicitCredentials() const { 680 bool HttpAuthGSSAPI::AllowsExplicitCredentials() const {
681 return false; 681 return false;
682 } 682 }
683 683
684 void HttpAuthGSSAPI::Delegate() { 684 void HttpAuthGSSAPI::Delegate() {
685 can_delegate_ = true; 685 can_delegate_ = true;
686 } 686 }
687 687
688 HttpAuth::AuthorizationResult HttpAuthGSSAPI::ParseChallenge( 688 HttpAuth::AuthorizationResult HttpAuthGSSAPI::ParseChallenge(
689 HttpAuthChallengeTokenizer* tok) { 689 HttpAuthChallengeTokenizer* tok) {
690 // Verify the challenge's auth-scheme. 690 if (scoped_sec_context_.get() == GSS_C_NO_CONTEXT) {
691 if (!base::LowerCaseEqualsASCII(tok->scheme(), 691 return net::ParseFirstNegotiateChallenge(scheme_, tok);
692 base::StringToLowerASCII(scheme_).c_str()))
693 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
694
695 std::string encoded_auth_token = tok->base64_param();
696
697 if (encoded_auth_token.empty()) {
698 // If a context has already been established, an empty Negotiate challenge
699 // should be treated as a rejection of the current attempt.
700 if (scoped_sec_context_.get() != GSS_C_NO_CONTEXT)
701 return HttpAuth::AUTHORIZATION_RESULT_REJECT;
702 DCHECK(decoded_server_auth_token_.empty());
703 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
704 } else { 692 } else {
Ryan Sleevi 2015/06/29 13:56:45 no else after return
aberent 2015/07/02 21:13:36 Done.
705 // If a context has not already been established, additional tokens should 693 std::string encoded_auth_token;
706 // not be present in the auth challenge. 694 return net::ParseAnotherNegotiateChallenge(
707 if (scoped_sec_context_.get() == GSS_C_NO_CONTEXT) 695 scheme_, tok, &encoded_auth_token, &decoded_server_auth_token_);
708 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
709 } 696 }
710
711 // Make sure the additional token is base64 encoded.
712 std::string decoded_auth_token;
713 bool base64_rv = base::Base64Decode(encoded_auth_token, &decoded_auth_token);
714 if (!base64_rv)
715 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
716 decoded_server_auth_token_ = decoded_auth_token;
717 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
718 } 697 }
719 698
720 int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials, 699 int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials,
721 const std::string& spn, 700 const std::string& spn,
722 std::string* auth_token) { 701 std::string* auth_token,
702 const CompletionCallback& /*callback*/) {
723 DCHECK(auth_token); 703 DCHECK(auth_token);
724 704
725 gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; 705 gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
726 input_token.length = decoded_server_auth_token_.length(); 706 input_token.length = decoded_server_auth_token_.length();
727 input_token.value = (input_token.length > 0) ? 707 input_token.value = (input_token.length > 0) ?
728 const_cast<char*>(decoded_server_auth_token_.data()) : 708 const_cast<char*>(decoded_server_auth_token_.data()) :
729 NULL; 709 NULL;
730 gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; 710 gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
731 ScopedBuffer scoped_output_token(&output_token, library_); 711 ScopedBuffer scoped_output_token(&output_token, library_);
732 int rv = GetNextSecurityToken(spn, &input_token, &output_token); 712 int rv = GetNextSecurityToken(spn, &input_token, &output_token);
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after
883 if (rv != OK) { 863 if (rv != OK) {
884 LOG(ERROR) << "Problem initializing context. \n" 864 LOG(ERROR) << "Problem initializing context. \n"
885 << DisplayExtendedStatus(library_, major_status, minor_status) 865 << DisplayExtendedStatus(library_, major_status, minor_status)
886 << '\n' 866 << '\n'
887 << DescribeContext(library_, scoped_sec_context_.get()); 867 << DescribeContext(library_, scoped_sec_context_.get());
888 } 868 }
889 return rv; 869 return rv;
890 } 870 }
891 871
892 } // namespace net 872 } // namespace net
OLDNEW
« net/http/http_auth_gssapi_posix.h ('K') | « net/http/http_auth_gssapi_posix.h ('k') | net/http/http_auth_gssapi_posix_unittest.cc » ('j') | net/http/http_auth_handler_factory.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698