| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_handler_negotiate.h" | 5 #include "net/http/http_auth_handler_negotiate.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
| (...skipping 21 matching lines...) Expand all Loading... |
| 32 } | 32 } |
| 33 | 33 |
| 34 void HttpAuthHandlerNegotiate::Factory::set_host_resolver( | 34 void HttpAuthHandlerNegotiate::Factory::set_host_resolver( |
| 35 HostResolver* resolver) { | 35 HostResolver* resolver) { |
| 36 resolver_ = resolver; | 36 resolver_ = resolver; |
| 37 } | 37 } |
| 38 | 38 |
| 39 int HttpAuthHandlerNegotiate::Factory::CreateAuthHandler( | 39 int HttpAuthHandlerNegotiate::Factory::CreateAuthHandler( |
| 40 HttpAuthChallengeTokenizer* challenge, | 40 HttpAuthChallengeTokenizer* challenge, |
| 41 HttpAuth::Target target, | 41 HttpAuth::Target target, |
| 42 const GURL& origin, | 42 const url::Origin& origin, |
| 43 CreateReason reason, | 43 CreateReason reason, |
| 44 int digest_nonce_count, | 44 int digest_nonce_count, |
| 45 const BoundNetLog& net_log, | 45 const BoundNetLog& net_log, |
| 46 scoped_ptr<HttpAuthHandler>* handler) { | 46 scoped_ptr<HttpAuthHandler>* handler) { |
| 47 #if defined(OS_WIN) | 47 #if defined(OS_WIN) |
| 48 if (is_unsupported_ || reason == CREATE_PREEMPTIVE) | 48 if (is_unsupported_ || reason == CREATE_PREEMPTIVE) |
| 49 return ERR_UNSUPPORTED_AUTH_SCHEME; | 49 return ERR_UNSUPPORTED_AUTH_SCHEME; |
| 50 if (max_token_length_ == 0) { | 50 if (max_token_length_ == 0) { |
| 51 int rv = DetermineMaxTokenLength(auth_library_.get(), NEGOSSP_NAME, | 51 int rv = DetermineMaxTokenLength(auth_library_.get(), NEGOSSP_NAME, |
| 52 &max_token_length_); | 52 &max_token_length_); |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 105 already_called_(false), | 105 already_called_(false), |
| 106 has_credentials_(false), | 106 has_credentials_(false), |
| 107 auth_token_(NULL), | 107 auth_token_(NULL), |
| 108 next_state_(STATE_NONE), | 108 next_state_(STATE_NONE), |
| 109 url_security_manager_(url_security_manager) { | 109 url_security_manager_(url_security_manager) { |
| 110 } | 110 } |
| 111 | 111 |
| 112 HttpAuthHandlerNegotiate::~HttpAuthHandlerNegotiate() { | 112 HttpAuthHandlerNegotiate::~HttpAuthHandlerNegotiate() { |
| 113 } | 113 } |
| 114 | 114 |
| 115 std::string HttpAuthHandlerNegotiate::CreateSPN( | 115 std::string HttpAuthHandlerNegotiate::CreateSPN(const AddressList& address_list, |
| 116 const AddressList& address_list, const GURL& origin) { | 116 const url::Origin& origin) { |
| 117 // Kerberos Web Server SPNs are in the form HTTP/<host>:<port> through SSPI, | 117 // Kerberos Web Server SPNs are in the form HTTP/<host>:<port> through SSPI, |
| 118 // and in the form HTTP@<host>:<port> through GSSAPI | 118 // and in the form HTTP@<host>:<port> through GSSAPI |
| 119 // http://msdn.microsoft.com/en-us/library/ms677601%28VS.85%29.aspx | 119 // http://msdn.microsoft.com/en-us/library/ms677601%28VS.85%29.aspx |
| 120 // | 120 // |
| 121 // However, reality differs from the specification. A good description of | 121 // However, reality differs from the specification. A good description of |
| 122 // the problems can be found here: | 122 // the problems can be found here: |
| 123 // http://blog.michelbarneveld.nl/michel/archive/2009/11/14/the-reason-why-k
b911149-and-kb908209-are-not-the-soluton.aspx | 123 // http://blog.michelbarneveld.nl/michel/archive/2009/11/14/the-reason-why-k
b911149-and-kb908209-are-not-the-soluton.aspx |
| 124 // | 124 // |
| 125 // Typically the <host> portion should be the canonical FQDN for the service. | 125 // Typically the <host> portion should be the canonical FQDN for the service. |
| 126 // If this could not be resolved, the original hostname in the URL will be | 126 // If this could not be resolved, the original hostname in the URL will be |
| 127 // attempted instead. However, some intranets register SPNs using aliases | 127 // attempted instead. However, some intranets register SPNs using aliases |
| 128 // for the same canonical DNS name to allow multiple web services to reside | 128 // for the same canonical DNS name to allow multiple web services to reside |
| 129 // on the same host machine without requiring different ports. IE6 and IE7 | 129 // on the same host machine without requiring different ports. IE6 and IE7 |
| 130 // have hotpatches that allow the default behavior to be overridden. | 130 // have hotpatches that allow the default behavior to be overridden. |
| 131 // http://support.microsoft.com/kb/911149 | 131 // http://support.microsoft.com/kb/911149 |
| 132 // http://support.microsoft.com/kb/938305 | 132 // http://support.microsoft.com/kb/938305 |
| 133 // | 133 // |
| 134 // According to the spec, the <port> option should be included if it is a | 134 // According to the spec, the <port> option should be included if it is a |
| 135 // non-standard port (i.e. not 80 or 443 in the HTTP case). However, | 135 // non-standard port (i.e. not 80 or 443 in the HTTP case). However, |
| 136 // historically browsers have not included the port, even on non-standard | 136 // historically browsers have not included the port, even on non-standard |
| 137 // ports. IE6 required a hotpatch and a registry setting to enable | 137 // ports. IE6 required a hotpatch and a registry setting to enable |
| 138 // including non-standard ports, and IE7 and IE8 also require the same | 138 // including non-standard ports, and IE7 and IE8 also require the same |
| 139 // registry setting, but no hotpatch. Firefox does not appear to have an | 139 // registry setting, but no hotpatch. Firefox does not appear to have an |
| 140 // option to include non-standard ports as of 3.6. | 140 // option to include non-standard ports as of 3.6. |
| 141 // http://support.microsoft.com/kb/908209 | 141 // http://support.microsoft.com/kb/908209 |
| 142 // | 142 // |
| 143 // Without any command-line flags, Chrome matches the behavior of Firefox | 143 // Without any command-line flags, Chrome matches the behavior of Firefox |
| 144 // and IE. Users can override the behavior so aliases are allowed and | 144 // and IE. Users can override the behavior so aliases are allowed and |
| 145 // non-standard ports are included. | 145 // non-standard ports are included. |
| 146 int port = origin.EffectiveIntPort(); | 146 int port = origin.port(); |
| 147 std::string server = address_list.canonical_name(); | 147 std::string server = address_list.canonical_name(); |
| 148 if (server.empty()) | 148 if (server.empty()) |
| 149 server = origin.host(); | 149 server = origin.host(); |
| 150 #if defined(OS_WIN) | 150 #if defined(OS_WIN) |
| 151 static const char kSpnSeparator = '/'; | 151 static const char kSpnSeparator = '/'; |
| 152 #elif defined(OS_POSIX) | 152 #elif defined(OS_POSIX) |
| 153 static const char kSpnSeparator = '@'; | 153 static const char kSpnSeparator = '@'; |
| 154 #endif | 154 #endif |
| 155 if (port != 80 && port != 443 && use_port_) { | 155 if (port != 80 && port != 443 && use_port_) { |
| 156 return base::StringPrintf("HTTP%c%s:%d", kSpnSeparator, server.c_str(), | 156 return base::StringPrintf("HTTP%c%s:%d", kSpnSeparator, server.c_str(), |
| (...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 328 bool HttpAuthHandlerNegotiate::CanDelegate() const { | 328 bool HttpAuthHandlerNegotiate::CanDelegate() const { |
| 329 // TODO(cbentzel): Should delegation be allowed on proxies? | 329 // TODO(cbentzel): Should delegation be allowed on proxies? |
| 330 if (target_ == HttpAuth::AUTH_PROXY) | 330 if (target_ == HttpAuth::AUTH_PROXY) |
| 331 return false; | 331 return false; |
| 332 if (!url_security_manager_) | 332 if (!url_security_manager_) |
| 333 return false; | 333 return false; |
| 334 return url_security_manager_->CanDelegate(origin_); | 334 return url_security_manager_->CanDelegate(origin_); |
| 335 } | 335 } |
| 336 | 336 |
| 337 } // namespace net | 337 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
