OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file contains common routines used by NTLM and Negotiate authentication | 5 // This file contains common routines used by NTLM and Negotiate authentication |
6 // using the SSPI API on Windows. | 6 // using the SSPI API on Windows. |
7 | 7 |
8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
10 | 10 |
11 // security.h needs to be included for CredHandle. Unfortunately CredHandle | 11 // security.h needs to be included for CredHandle. Unfortunately CredHandle |
12 // is a typedef and can't be forward declared. | 12 // is a typedef and can't be forward declared. |
13 #define SECURITY_WIN32 1 | 13 #define SECURITY_WIN32 1 |
14 #include <windows.h> | 14 #include <windows.h> |
15 #include <security.h> | 15 #include <security.h> |
16 | 16 |
17 #include <string> | 17 #include <string> |
18 | 18 |
19 #include "base/strings/string16.h" | 19 #include "base/strings/string16.h" |
| 20 #include "net/base/completion_callback.h" |
20 #include "net/base/net_export.h" | 21 #include "net/base/net_export.h" |
21 #include "net/http/http_auth.h" | 22 #include "net/http/http_auth.h" |
22 | 23 |
23 namespace net { | 24 namespace net { |
24 | 25 |
25 class HttpAuthChallengeTokenizer; | 26 class HttpAuthChallengeTokenizer; |
26 | 27 |
27 // SSPILibrary is introduced so unit tests can mock the calls to Windows' SSPI | 28 // SSPILibrary is introduced so unit tests can mock the calls to Windows' SSPI |
28 // implementation. The default implementation simply passes the arguments on to | 29 // implementation. The default implementation simply passes the arguments on to |
29 // the SSPI implementation provided by Secur32.dll. | 30 // the SSPI implementation provided by Secur32.dll. |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
116 bool NeedsIdentity() const; | 117 bool NeedsIdentity() const; |
117 | 118 |
118 bool AllowsExplicitCredentials() const; | 119 bool AllowsExplicitCredentials() const; |
119 | 120 |
120 HttpAuth::AuthorizationResult ParseChallenge( | 121 HttpAuth::AuthorizationResult ParseChallenge( |
121 HttpAuthChallengeTokenizer* tok); | 122 HttpAuthChallengeTokenizer* tok); |
122 | 123 |
123 // Generates an authentication token for the service specified by the | 124 // Generates an authentication token for the service specified by the |
124 // Service Principal Name |spn| and stores the value in |*auth_token|. | 125 // Service Principal Name |spn| and stores the value in |*auth_token|. |
125 // If the return value is not |OK|, then the value of |*auth_token| is | 126 // If the return value is not |OK|, then the value of |*auth_token| is |
126 // unspecified. ERR_IO_PENDING is not a valid return code. | 127 // unspecified. |
| 128 // The function may return |IO_PENDING|, and call |callback| on completion. |
| 129 // |auth_token| must remain valid until the callback has been called. |
127 // If this is the first round of a multiple round scheme, credentials are | 130 // If this is the first round of a multiple round scheme, credentials are |
128 // obtained using |*credentials|. If |credentials| is NULL, the credentials | 131 // obtained using |*credentials|. If |credentials| is NULL, the credentials |
129 // for the currently logged in user are used instead. | 132 // for the currently logged in user are used instead. |
130 int GenerateAuthToken(const AuthCredentials* credentials, | 133 int GenerateAuthToken(const AuthCredentials* credentials, |
131 const std::string& spn, | 134 const std::string& spn, |
132 std::string* auth_token); | 135 std::string* auth_token, |
| 136 const CompletionCallback& callback); |
133 | 137 |
134 // Delegation is allowed on the Kerberos ticket. This allows certain servers | 138 // Delegation is allowed on the Kerberos ticket. This allows certain servers |
135 // to act as the user, such as an IIS server retrieiving data from a | 139 // to act as the user, such as an IIS server retrieiving data from a |
136 // Kerberized MSSQL server. | 140 // Kerberized MSSQL server. |
137 void Delegate(); | 141 void Delegate(); |
138 | 142 |
139 private: | 143 private: |
140 int OnFirstRound(const AuthCredentials* credentials); | 144 int OnFirstRound(const AuthCredentials* credentials); |
141 | 145 |
142 int GetNextSecurityToken( | 146 int GetNextSecurityToken( |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
182 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem | 186 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem |
183 // in the underlying SSPI call. The details are logged, and |*max_token_length| | 187 // in the underlying SSPI call. The details are logged, and |*max_token_length| |
184 // is not changed. | 188 // is not changed. |
185 NET_EXPORT_PRIVATE int DetermineMaxTokenLength(SSPILibrary* library, | 189 NET_EXPORT_PRIVATE int DetermineMaxTokenLength(SSPILibrary* library, |
186 const std::wstring& package, | 190 const std::wstring& package, |
187 ULONG* max_token_length); | 191 ULONG* max_token_length); |
188 | 192 |
189 } // namespace net | 193 } // namespace net |
190 | 194 |
191 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 195 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
OLD | NEW |