OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file contains common routines used by NTLM and Negotiate authentication | 5 // This file contains common routines used by NTLM and Negotiate authentication |
6 // using the SSPI API on Windows. | 6 // using the SSPI API on Windows. |
7 | 7 |
8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
10 | 10 |
11 // security.h needs to be included for CredHandle. Unfortunately CredHandle | 11 // security.h needs to be included for CredHandle. Unfortunately CredHandle |
12 // is a typedef and can't be forward declared. | 12 // is a typedef and can't be forward declared. |
13 #define SECURITY_WIN32 1 | 13 #define SECURITY_WIN32 1 |
14 #include <windows.h> | 14 #include <windows.h> |
15 #include <security.h> | 15 #include <security.h> |
16 | 16 |
17 #include <string> | 17 #include <string> |
18 | 18 |
19 #include "base/strings/string16.h" | 19 #include "base/strings/string16.h" |
| 20 #include "net/base/completion_callback.h" |
20 #include "net/base/net_export.h" | 21 #include "net/base/net_export.h" |
21 #include "net/http/http_auth.h" | 22 #include "net/http/http_auth.h" |
22 | 23 |
23 namespace net { | 24 namespace net { |
24 | 25 |
25 class HttpAuthChallengeTokenizer; | 26 class HttpAuthChallengeTokenizer; |
26 | 27 |
27 // SSPILibrary is introduced so unit tests can mock the calls to Windows' SSPI | 28 // SSPILibrary is introduced so unit tests can mock the calls to Windows' SSPI |
28 // implementation. The default implementation simply passes the arguments on to | 29 // implementation. The default implementation simply passes the arguments on to |
29 // the SSPI implementation provided by Secur32.dll. | 30 // the SSPI implementation provided by Secur32.dll. |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
113 ULONG max_token_length); | 114 ULONG max_token_length); |
114 ~HttpAuthSSPI(); | 115 ~HttpAuthSSPI(); |
115 | 116 |
116 bool NeedsIdentity() const; | 117 bool NeedsIdentity() const; |
117 | 118 |
118 bool AllowsExplicitCredentials() const; | 119 bool AllowsExplicitCredentials() const; |
119 | 120 |
120 HttpAuth::AuthorizationResult ParseChallenge( | 121 HttpAuth::AuthorizationResult ParseChallenge( |
121 HttpAuthChallengeTokenizer* tok); | 122 HttpAuthChallengeTokenizer* tok); |
122 | 123 |
123 // Generates an authentication token for the service specified by the | 124 // Generates an authentication token. |
124 // Service Principal Name |spn| and stores the value in |*auth_token|. | 125 // |
125 // If the return value is not |OK|, then the value of |*auth_token| is | 126 // The return value is an error code. The authentication token will be |
126 // unspecified. ERR_IO_PENDING is not a valid return code. | 127 // returned in |*auth_token|. If the result code is not |OK|, the value of |
| 128 // |*auth_token| is unspecified. |
| 129 // |
| 130 // If the operation cannot be completed synchronously, |ERR_IO_PENDING| will |
| 131 // be returned and the real result code will be passed to the completion |
| 132 // callback. Otherwise the result code is returned immediately from this |
| 133 // call. |
| 134 // |
| 135 // If the HttpAuthSPPI object is deleted before completion then the callback |
| 136 // will not be called. |
| 137 // |
| 138 // If no immediate result is returned then |auth_token| must remain valid |
| 139 // until the callback has been called. |
| 140 // |
| 141 // |spn| is the Service Principal Name of the server that the token is |
| 142 // being generated for. |
| 143 // |
127 // If this is the first round of a multiple round scheme, credentials are | 144 // If this is the first round of a multiple round scheme, credentials are |
128 // obtained using |*credentials|. If |credentials| is NULL, the credentials | 145 // obtained using |*credentials|. If |credentials| is NULL, the default |
129 // for the currently logged in user are used instead. | 146 // credentials are used instead. |
130 int GenerateAuthToken(const AuthCredentials* credentials, | 147 int GenerateAuthToken(const AuthCredentials* credentials, |
131 const std::string& spn, | 148 const std::string& spn, |
132 std::string* auth_token); | 149 std::string* auth_token, |
| 150 const CompletionCallback& callback); |
133 | 151 |
134 // Delegation is allowed on the Kerberos ticket. This allows certain servers | 152 // Delegation is allowed on the Kerberos ticket. This allows certain servers |
135 // to act as the user, such as an IIS server retrieiving data from a | 153 // to act as the user, such as an IIS server retrieving data from a |
136 // Kerberized MSSQL server. | 154 // Kerberized MSSQL server. |
137 void Delegate(); | 155 void Delegate(); |
138 | 156 |
139 private: | 157 private: |
140 int OnFirstRound(const AuthCredentials* credentials); | 158 int OnFirstRound(const AuthCredentials* credentials); |
141 | 159 |
142 int GetNextSecurityToken( | 160 int GetNextSecurityToken( |
143 const std::string& spn, | 161 const std::string& spn, |
144 const void* in_token, | 162 const void* in_token, |
145 int in_token_len, | 163 int in_token_len, |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
182 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem | 200 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem |
183 // in the underlying SSPI call. The details are logged, and |*max_token_length| | 201 // in the underlying SSPI call. The details are logged, and |*max_token_length| |
184 // is not changed. | 202 // is not changed. |
185 NET_EXPORT_PRIVATE int DetermineMaxTokenLength(SSPILibrary* library, | 203 NET_EXPORT_PRIVATE int DetermineMaxTokenLength(SSPILibrary* library, |
186 const std::wstring& package, | 204 const std::wstring& package, |
187 ULONG* max_token_length); | 205 ULONG* max_token_length); |
188 | 206 |
189 } // namespace net | 207 } // namespace net |
190 | 208 |
191 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 209 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
OLD | NEW |