| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file contains common routines used by NTLM and Negotiate authentication | 5 // This file contains common routines used by NTLM and Negotiate authentication |
| 6 // using the SSPI API on Windows. | 6 // using the SSPI API on Windows. |
| 7 | 7 |
| 8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
| 9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
| 10 | 10 |
| 11 // security.h needs to be included for CredHandle. Unfortunately CredHandle | 11 // security.h needs to be included for CredHandle. Unfortunately CredHandle |
| 12 // is a typedef and can't be forward declared. | 12 // is a typedef and can't be forward declared. |
| 13 #define SECURITY_WIN32 1 | 13 #define SECURITY_WIN32 1 |
| 14 #include <windows.h> | 14 #include <windows.h> |
| 15 #include <security.h> | 15 #include <security.h> |
| 16 | 16 |
| 17 #include <string> | 17 #include <string> |
| 18 | 18 |
| 19 #include "base/strings/string16.h" | 19 #include "base/strings/string16.h" |
| 20 #include "net/base/completion_callback.h" |
| 20 #include "net/base/net_export.h" | 21 #include "net/base/net_export.h" |
| 21 #include "net/http/http_auth.h" | 22 #include "net/http/http_auth.h" |
| 22 | 23 |
| 23 namespace net { | 24 namespace net { |
| 24 | 25 |
| 25 class HttpAuthChallengeTokenizer; | 26 class HttpAuthChallengeTokenizer; |
| 26 | 27 |
| 27 // SSPILibrary is introduced so unit tests can mock the calls to Windows' SSPI | 28 // SSPILibrary is introduced so unit tests can mock the calls to Windows' SSPI |
| 28 // implementation. The default implementation simply passes the arguments on to | 29 // implementation. The default implementation simply passes the arguments on to |
| 29 // the SSPI implementation provided by Secur32.dll. | 30 // the SSPI implementation provided by Secur32.dll. |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 116 bool NeedsIdentity() const; | 117 bool NeedsIdentity() const; |
| 117 | 118 |
| 118 bool AllowsExplicitCredentials() const; | 119 bool AllowsExplicitCredentials() const; |
| 119 | 120 |
| 120 HttpAuth::AuthorizationResult ParseChallenge( | 121 HttpAuth::AuthorizationResult ParseChallenge( |
| 121 HttpAuthChallengeTokenizer* tok); | 122 HttpAuthChallengeTokenizer* tok); |
| 122 | 123 |
| 123 // Generates an authentication token for the service specified by the | 124 // Generates an authentication token for the service specified by the |
| 124 // Service Principal Name |spn| and stores the value in |*auth_token|. | 125 // Service Principal Name |spn| and stores the value in |*auth_token|. |
| 125 // If the return value is not |OK|, then the value of |*auth_token| is | 126 // If the return value is not |OK|, then the value of |*auth_token| is |
| 126 // unspecified. ERR_IO_PENDING is not a valid return code. | 127 // unspecified. |
| 128 // The function may return |IO_PENDING|, and call |callback| on completion. |
| 129 // |auth_token| must remain valid until the callback has been called. |
| 127 // If this is the first round of a multiple round scheme, credentials are | 130 // If this is the first round of a multiple round scheme, credentials are |
| 128 // obtained using |*credentials|. If |credentials| is NULL, the credentials | 131 // obtained using |*credentials|. If |credentials| is NULL, the credentials |
| 129 // for the currently logged in user are used instead. | 132 // for the currently logged in user are used instead. |
| 130 int GenerateAuthToken(const AuthCredentials* credentials, | 133 int GenerateAuthToken(const AuthCredentials* credentials, |
| 131 const std::string& spn, | 134 const std::string& spn, |
| 132 std::string* auth_token); | 135 std::string* auth_token, |
| 136 const CompletionCallback& callback); |
| 133 | 137 |
| 134 // Delegation is allowed on the Kerberos ticket. This allows certain servers | 138 // Delegation is allowed on the Kerberos ticket. This allows certain servers |
| 135 // to act as the user, such as an IIS server retrieiving data from a | 139 // to act as the user, such as an IIS server retrieiving data from a |
| 136 // Kerberized MSSQL server. | 140 // Kerberized MSSQL server. |
| 137 void Delegate(); | 141 void Delegate(); |
| 138 | 142 |
| 139 private: | 143 private: |
| 140 int OnFirstRound(const AuthCredentials* credentials); | 144 int OnFirstRound(const AuthCredentials* credentials); |
| 141 | 145 |
| 142 int GetNextSecurityToken( | 146 int GetNextSecurityToken( |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 182 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem | 186 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem |
| 183 // in the underlying SSPI call. The details are logged, and |*max_token_length| | 187 // in the underlying SSPI call. The details are logged, and |*max_token_length| |
| 184 // is not changed. | 188 // is not changed. |
| 185 NET_EXPORT_PRIVATE int DetermineMaxTokenLength(SSPILibrary* library, | 189 NET_EXPORT_PRIVATE int DetermineMaxTokenLength(SSPILibrary* library, |
| 186 const std::wstring& package, | 190 const std::wstring& package, |
| 187 ULONG* max_token_length); | 191 ULONG* max_token_length); |
| 188 | 192 |
| 189 } // namespace net | 193 } // namespace net |
| 190 | 194 |
| 191 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 195 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1128043007:
Support Kerberos on Android (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master