OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_ | 5 #ifndef NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_ |
6 #define NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_ | 6 #define NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/gtest_prod_util.h" | 10 #include "base/gtest_prod_util.h" |
11 #include "base/native_library.h" | 11 #include "base/native_library.h" |
12 #include "net/base/completion_callback.h" | |
cbentzel
2015/06/30 12:53:55
Could CompletionCallback just be forward declared
aberent
2015/07/02 21:13:36
Done.
aberent
2015/07/03 16:21:15
Unfortunately it turns it it can't be, since it is
cbentzel
2015/07/08 18:27:11
Acknowledged.
| |
12 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
13 #include "net/http/http_auth.h" | 14 #include "net/http/http_auth.h" |
14 | 15 |
15 #if defined(OS_MACOSX) | 16 #if defined(OS_MACOSX) |
16 // The OSX 10.9+ SDKs mark the functions in Kereberos.framework as deprecated, | 17 // The OSX 10.9+ SDKs mark the functions in Kereberos.framework as deprecated, |
17 // so the warnings must be manually suppressed. | 18 // so the warnings must be manually suppressed. |
18 #if defined(MAC_OS_X_VERSION_10_9) && \ | 19 #if defined(MAC_OS_X_VERSION_10_9) && \ |
19 MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_9 | 20 MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_9 |
20 #define GSSKRB_APPLE_DEPRECATED(x) | 21 #define GSSKRB_APPLE_DEPRECATED(x) |
21 #endif | 22 #endif |
22 | 23 |
23 // Chrome supports OSX 10.6, which doesn't have access to GSS.framework. Chrome | 24 // Chrome supports OSX 10.6, which doesn't have access to GSS.framework. Chrome |
24 // always dlopens libgssapi_krb5.dylib, which is provided by | 25 // always dlopens libgssapi_krb5.dylib, which is provided by |
25 // Kerberos.framework. On OSX 10.7+ this is an ABI comptabile shim that loads | 26 // Kerberos.framework. On OSX 10.7+ this is an ABI compatible shim that loads |
26 // GSS.framework. | 27 // GSS.framework. |
27 #include <Kerberos/gssapi.h> | 28 #include <Kerberos/gssapi.h> |
28 #elif defined(OS_FREEBSD) | 29 #elif defined(OS_FREEBSD) |
29 #include <gssapi/gssapi.h> | 30 #include <gssapi/gssapi.h> |
30 #else | 31 #else |
31 #include <gssapi.h> | 32 #include <gssapi.h> |
32 #endif | 33 #endif |
33 | 34 |
34 namespace net { | 35 namespace net { |
35 | 36 |
(...skipping 203 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
239 bool Init(); | 240 bool Init(); |
240 | 241 |
241 bool NeedsIdentity() const; | 242 bool NeedsIdentity() const; |
242 | 243 |
243 bool AllowsExplicitCredentials() const; | 244 bool AllowsExplicitCredentials() const; |
244 | 245 |
245 HttpAuth::AuthorizationResult ParseChallenge( | 246 HttpAuth::AuthorizationResult ParseChallenge( |
246 HttpAuthChallengeTokenizer* tok); | 247 HttpAuthChallengeTokenizer* tok); |
247 | 248 |
248 // Generates an authentication token. | 249 // Generates an authentication token. |
249 // The return value is an error code. If it's not |OK|, the value of | 250 // |
251 // The return value is an error code. The authentication token will be | |
252 // returned in |*auth_token|. If the result code is not |OK|, the value of | |
250 // |*auth_token| is unspecified. | 253 // |*auth_token| is unspecified. |
254 // | |
255 // If the operation cannot be completed synchronously, |ERR_IO_PENDING| will | |
256 // be returned and the real result code will be passed to the completion | |
257 // callback. Otherwise the result code is returned immediately from this | |
258 // call. | |
259 // | |
260 // If the HttpAuthGSSAPI object is deleted before completion then the callback | |
261 // will not be called. | |
262 // | |
263 // If no immediate result is returned then |auth_token| must remain valid | |
264 // until the callback has been called. | |
265 // | |
251 // |spn| is the Service Principal Name of the server that the token is | 266 // |spn| is the Service Principal Name of the server that the token is |
252 // being generated for. | 267 // being generated for. |
268 // | |
253 // If this is the first round of a multiple round scheme, credentials are | 269 // If this is the first round of a multiple round scheme, credentials are |
254 // obtained using |*credentials|. If |credentials| is NULL, the default | 270 // obtained using |*credentials|. If |credentials| is NULL, the default |
255 // credentials are used instead. | 271 // credentials are used instead. |
256 int GenerateAuthToken(const AuthCredentials* credentials, | 272 int GenerateAuthToken(const AuthCredentials* credentials, |
257 const std::string& spn, | 273 const std::string& spn, |
258 std::string* auth_token); | 274 std::string* auth_token, |
275 const CompletionCallback& callback); | |
259 | 276 |
260 // Delegation is allowed on the Kerberos ticket. This allows certain servers | 277 // Delegation is allowed on the Kerberos ticket. This allows certain servers |
261 // to act as the user, such as an IIS server retrieiving data from a | 278 // to act as the user, such as an IIS server retrieving data from a |
262 // Kerberized MSSQL server. | 279 // Kerberized MSSQL server. |
263 void Delegate(); | 280 void Delegate(); |
264 | 281 |
265 private: | 282 private: |
266 int GetNextSecurityToken(const std::string& spn, | 283 int GetNextSecurityToken(const std::string& spn, |
267 gss_buffer_t in_token, | 284 gss_buffer_t in_token, |
268 gss_buffer_t out_token); | 285 gss_buffer_t out_token); |
269 | 286 |
270 std::string scheme_; | 287 std::string scheme_; |
271 gss_OID gss_oid_; | 288 gss_OID gss_oid_; |
272 GSSAPILibrary* library_; | 289 GSSAPILibrary* library_; |
273 std::string decoded_server_auth_token_; | 290 std::string decoded_server_auth_token_; |
274 ScopedSecurityContext scoped_sec_context_; | 291 ScopedSecurityContext scoped_sec_context_; |
275 bool can_delegate_; | 292 bool can_delegate_; |
276 }; | 293 }; |
277 | 294 |
278 } // namespace net | 295 } // namespace net |
279 | 296 |
280 #endif // NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_ | 297 #endif // NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_ |
OLD | NEW |