OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // See "SSPI Sample Application" at | 5 // See "SSPI Sample Application" at |
6 // http://msdn.microsoft.com/en-us/library/aa918273.aspx | 6 // http://msdn.microsoft.com/en-us/library/aa918273.aspx |
7 | 7 |
8 #include "net/http/http_auth_sspi_win.h" | 8 #include "net/http/http_auth_sspi_win.h" |
9 | 9 |
10 #include "base/base64.h" | 10 #include "base/base64.h" |
11 #include "base/logging.h" | 11 #include "base/logging.h" |
12 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
13 #include "base/strings/utf_string_conversions.h" | 13 #include "base/strings/utf_string_conversions.h" |
14 #include "net/base/net_errors.h" | 14 #include "net/base/net_errors.h" |
15 #include "net/http/http_auth.h" | 15 #include "net/http/http_auth.h" |
16 #include "net/http/http_auth_challenge_tokenizer.h" | 16 #include "net/http/http_auth_multi_round_parse.h" |
17 | 17 |
18 namespace net { | 18 namespace net { |
19 | 19 |
20 namespace { | 20 namespace { |
21 | 21 |
22 int MapAcquireCredentialsStatusToError(SECURITY_STATUS status, | 22 int MapAcquireCredentialsStatusToError(SECURITY_STATUS status, |
23 const SEC_WCHAR* package) { | 23 const SEC_WCHAR* package) { |
24 VLOG(1) << "AcquireCredentialsHandle returned 0x" << std::hex << status; | 24 VLOG(1) << "AcquireCredentialsHandle returned 0x" << std::hex << status; |
25 switch (status) { | 25 switch (status) { |
26 case SEC_E_OK: | 26 case SEC_E_OK: |
(...skipping 248 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
275 | 275 |
276 void HttpAuthSSPI::ResetSecurityContext() { | 276 void HttpAuthSSPI::ResetSecurityContext() { |
277 if (SecIsValidHandle(&ctxt_)) { | 277 if (SecIsValidHandle(&ctxt_)) { |
278 library_->DeleteSecurityContext(&ctxt_); | 278 library_->DeleteSecurityContext(&ctxt_); |
279 SecInvalidateHandle(&ctxt_); | 279 SecInvalidateHandle(&ctxt_); |
280 } | 280 } |
281 } | 281 } |
282 | 282 |
283 HttpAuth::AuthorizationResult HttpAuthSSPI::ParseChallenge( | 283 HttpAuth::AuthorizationResult HttpAuthSSPI::ParseChallenge( |
284 HttpAuthChallengeTokenizer* tok) { | 284 HttpAuthChallengeTokenizer* tok) { |
285 // Verify the challenge's auth-scheme. | 285 if (!SecIsValidHandle(&ctxt_)) { |
286 if (!base::LowerCaseEqualsASCII(tok->scheme(), | 286 return net::ParseFirstRoundChallenge(scheme_, tok); |
287 base::StringToLowerASCII(scheme_).c_str())) | |
288 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | |
289 | |
290 std::string encoded_auth_token = tok->base64_param(); | |
291 if (encoded_auth_token.empty()) { | |
292 // If a context has already been established, an empty challenge | |
293 // should be treated as a rejection of the current attempt. | |
294 if (SecIsValidHandle(&ctxt_)) | |
295 return HttpAuth::AUTHORIZATION_RESULT_REJECT; | |
296 DCHECK(decoded_server_auth_token_.empty()); | |
297 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; | |
298 } else { | |
299 // If a context has not already been established, additional tokens should | |
300 // not be present in the auth challenge. | |
301 if (!SecIsValidHandle(&ctxt_)) | |
302 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | |
303 } | 287 } |
304 | 288 std::string encoded_auth_token; |
305 std::string decoded_auth_token; | 289 return net::ParseLaterRoundChallenge(scheme_, tok, &encoded_auth_token, |
306 bool base64_rv = base::Base64Decode(encoded_auth_token, &decoded_auth_token); | 290 &decoded_server_auth_token_); |
307 if (!base64_rv) | |
308 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | |
309 decoded_server_auth_token_ = decoded_auth_token; | |
310 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; | |
311 } | 291 } |
312 | 292 |
313 int HttpAuthSSPI::GenerateAuthToken(const AuthCredentials* credentials, | 293 int HttpAuthSSPI::GenerateAuthToken(const AuthCredentials* credentials, |
314 const std::string& spn, | 294 const std::string& spn, |
315 std::string* auth_token) { | 295 std::string* auth_token, |
| 296 const CompletionCallback& /*callback*/) { |
316 // Initial challenge. | 297 // Initial challenge. |
317 if (!SecIsValidHandle(&cred_)) { | 298 if (!SecIsValidHandle(&cred_)) { |
318 int rv = OnFirstRound(credentials); | 299 int rv = OnFirstRound(credentials); |
319 if (rv != OK) | 300 if (rv != OK) |
320 return rv; | 301 return rv; |
321 } | 302 } |
322 | 303 |
323 DCHECK(SecIsValidHandle(&cred_)); | 304 DCHECK(SecIsValidHandle(&cred_)); |
324 void* out_buf; | 305 void* out_buf; |
325 int out_buf_len; | 306 int out_buf_len; |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
473 int token_length = pkg_info->cbMaxToken; | 454 int token_length = pkg_info->cbMaxToken; |
474 status = library->FreeContextBuffer(pkg_info); | 455 status = library->FreeContextBuffer(pkg_info); |
475 rv = MapFreeContextBufferStatusToError(status); | 456 rv = MapFreeContextBufferStatusToError(status); |
476 if (rv != OK) | 457 if (rv != OK) |
477 return rv; | 458 return rv; |
478 *max_token_length = token_length; | 459 *max_token_length = token_length; |
479 return OK; | 460 return OK; |
480 } | 461 } |
481 | 462 |
482 } // namespace net | 463 } // namespace net |
OLD | NEW |