| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_gssapi_posix.h" | 5 #include "net/http/http_auth_gssapi_posix.h" |
| 6 | 6 |
| 7 #include <limits> | 7 #include <limits> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 682 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 693 if (scoped_sec_context_.get() == GSS_C_NO_CONTEXT) { | 693 if (scoped_sec_context_.get() == GSS_C_NO_CONTEXT) { |
| 694 return net::ParseFirstRoundChallenge(scheme_, tok); | 694 return net::ParseFirstRoundChallenge(scheme_, tok); |
| 695 } | 695 } |
| 696 std::string encoded_auth_token; | 696 std::string encoded_auth_token; |
| 697 return net::ParseLaterRoundChallenge(scheme_, tok, &encoded_auth_token, | 697 return net::ParseLaterRoundChallenge(scheme_, tok, &encoded_auth_token, |
| 698 &decoded_server_auth_token_); | 698 &decoded_server_auth_token_); |
| 699 } | 699 } |
| 700 | 700 |
| 701 int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials, | 701 int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials, |
| 702 const std::string& spn, | 702 const std::string& spn, |
| 703 const std::string& channel_bindings, |
| 703 std::string* auth_token, | 704 std::string* auth_token, |
| 704 const CompletionCallback& /*callback*/) { | 705 const CompletionCallback& /*callback*/) { |
| 705 DCHECK(auth_token); | 706 DCHECK(auth_token); |
| 706 | 707 |
| 707 gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; | 708 gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; |
| 708 input_token.length = decoded_server_auth_token_.length(); | 709 input_token.length = decoded_server_auth_token_.length(); |
| 709 input_token.value = (input_token.length > 0) ? | 710 input_token.value = (input_token.length > 0) ? |
| 710 const_cast<char*>(decoded_server_auth_token_.data()) : | 711 const_cast<char*>(decoded_server_auth_token_.data()) : |
| 711 NULL; | 712 NULL; |
| 712 gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; | 713 gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; |
| 713 ScopedBuffer scoped_output_token(&output_token, library_); | 714 ScopedBuffer scoped_output_token(&output_token, library_); |
| 714 int rv = GetNextSecurityToken(spn, &input_token, &output_token); | 715 int rv = |
| 716 GetNextSecurityToken(spn, channel_bindings, &input_token, &output_token); |
| 715 if (rv != OK) | 717 if (rv != OK) |
| 716 return rv; | 718 return rv; |
| 717 | 719 |
| 718 // Base64 encode data in output buffer and prepend the scheme. | 720 // Base64 encode data in output buffer and prepend the scheme. |
| 719 std::string encode_input(static_cast<char*>(output_token.value), | 721 std::string encode_input(static_cast<char*>(output_token.value), |
| 720 output_token.length); | 722 output_token.length); |
| 721 std::string encode_output; | 723 std::string encode_output; |
| 722 base::Base64Encode(encode_input, &encode_output); | 724 base::Base64Encode(encode_input, &encode_output); |
| 723 *auth_token = scheme_ + " " + encode_output; | 725 *auth_token = scheme_ + " " + encode_output; |
| 724 return OK; | 726 return OK; |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 812 GSS_S_UNSEQ_TOKEN | GSS_S_GAP_TOKEN)) | 814 GSS_S_UNSEQ_TOKEN | GSS_S_GAP_TOKEN)) |
| 813 return ERR_INVALID_RESPONSE; | 815 return ERR_INVALID_RESPONSE; |
| 814 | 816 |
| 815 // At this point, every documented status has been checked. | 817 // At this point, every documented status has been checked. |
| 816 return ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS; | 818 return ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS; |
| 817 } | 819 } |
| 818 | 820 |
| 819 } | 821 } |
| 820 | 822 |
| 821 int HttpAuthGSSAPI::GetNextSecurityToken(const std::string& spn, | 823 int HttpAuthGSSAPI::GetNextSecurityToken(const std::string& spn, |
| 824 const std::string& channel_bindings, |
| 822 gss_buffer_t in_token, | 825 gss_buffer_t in_token, |
| 823 gss_buffer_t out_token) { | 826 gss_buffer_t out_token) { |
| 824 // Create a name for the principal | 827 // Create a name for the principal |
| 825 // TODO(cbentzel): Just do this on the first pass? | 828 // TODO(cbentzel): Just do this on the first pass? |
| 826 std::string spn_principal = spn; | 829 std::string spn_principal = spn; |
| 827 gss_buffer_desc spn_buffer = GSS_C_EMPTY_BUFFER; | 830 gss_buffer_desc spn_buffer = GSS_C_EMPTY_BUFFER; |
| 828 spn_buffer.value = const_cast<char*>(spn_principal.c_str()); | 831 spn_buffer.value = const_cast<char*>(spn_principal.c_str()); |
| 829 spn_buffer.length = spn_principal.size() + 1; | 832 spn_buffer.length = spn_principal.size() + 1; |
| 830 OM_uint32 minor_status = 0; | 833 OM_uint32 minor_status = 0; |
| 831 gss_name_t principal_name = GSS_C_NO_NAME; | 834 gss_name_t principal_name = GSS_C_NO_NAME; |
| 832 OM_uint32 major_status = library_->import_name( | 835 OM_uint32 major_status = library_->import_name( |
| 833 &minor_status, | 836 &minor_status, |
| 834 &spn_buffer, | 837 &spn_buffer, |
| 835 GSS_C_NT_HOSTBASED_SERVICE, | 838 GSS_C_NT_HOSTBASED_SERVICE, |
| 836 &principal_name); | 839 &principal_name); |
| 837 int rv = MapImportNameStatusToError(major_status); | 840 int rv = MapImportNameStatusToError(major_status); |
| 838 if (rv != OK) { | 841 if (rv != OK) { |
| 839 LOG(ERROR) << "Problem importing name from " | 842 LOG(ERROR) << "Problem importing name from " |
| 840 << "spn \"" << spn_principal << "\"\n" | 843 << "spn \"" << spn_principal << "\"\n" |
| 841 << DisplayExtendedStatus(library_, major_status, minor_status); | 844 << DisplayExtendedStatus(library_, major_status, minor_status); |
| 842 return rv; | 845 return rv; |
| 843 } | 846 } |
| 844 ScopedName scoped_name(principal_name, library_); | 847 ScopedName scoped_name(principal_name, library_); |
| 845 | 848 |
| 849 std::vector<char> channel_bindings_data; |
| 850 scoped_ptr<gss_channel_bindings_struct> gss_channel_bindings; |
| 851 if (!channel_bindings.empty()) { |
| 852 gss_channel_bindings.reset(new gss_channel_bindings_struct); |
| 853 memset(gss_channel_bindings.get(), 0, sizeof(gss_channel_bindings_struct)); |
| 854 channel_bindings_data.assign(channel_bindings.begin(), |
| 855 channel_bindings.end()); |
| 856 gss_channel_bindings->application_data.value = channel_bindings_data.data(); |
| 857 gss_channel_bindings->application_data.length = |
| 858 channel_bindings_data.size(); |
| 859 } |
| 860 |
| 846 // Continue creating a security context. | 861 // Continue creating a security context. |
| 847 OM_uint32 req_flags = 0; | 862 OM_uint32 req_flags = 0; |
| 848 if (can_delegate_) | 863 if (can_delegate_) |
| 849 req_flags |= GSS_C_DELEG_FLAG; | 864 req_flags |= GSS_C_DELEG_FLAG; |
| 850 major_status = library_->init_sec_context( | 865 major_status = library_->init_sec_context( |
| 851 &minor_status, | 866 &minor_status, GSS_C_NO_CREDENTIAL, scoped_sec_context_.receive(), |
| 852 GSS_C_NO_CREDENTIAL, | 867 principal_name, gss_oid_, req_flags, GSS_C_INDEFINITE, |
| 853 scoped_sec_context_.receive(), | 868 gss_channel_bindings ? gss_channel_bindings.get() |
| 854 principal_name, | 869 : GSS_C_NO_CHANNEL_BINDINGS, |
| 855 gss_oid_, | |
| 856 req_flags, | |
| 857 GSS_C_INDEFINITE, | |
| 858 GSS_C_NO_CHANNEL_BINDINGS, | |
| 859 in_token, | 870 in_token, |
| 860 NULL, // actual_mech_type | 871 nullptr, // actual_mech_type |
| 861 out_token, | 872 out_token, |
| 862 NULL, // ret flags | 873 nullptr, // ret flags |
| 863 NULL); | 874 nullptr); |
| 864 rv = MapInitSecContextStatusToError(major_status); | 875 rv = MapInitSecContextStatusToError(major_status); |
| 865 if (rv != OK) { | 876 if (rv != OK) { |
| 866 LOG(ERROR) << "Problem initializing context. \n" | 877 LOG(ERROR) << "Problem initializing context. \n" |
| 867 << DisplayExtendedStatus(library_, major_status, minor_status) | 878 << DisplayExtendedStatus(library_, major_status, minor_status) |
| 868 << '\n' | 879 << '\n' |
| 869 << DescribeContext(library_, scoped_sec_context_.get()); | 880 << DescribeContext(library_, scoped_sec_context_.get()); |
| 870 } | 881 } |
| 871 return rv; | 882 return rv; |
| 872 } | 883 } |
| 873 | 884 |
| 874 } // namespace net | 885 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1408433006:
Support tls-server-end-point channel bindings for HTTP authentication. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master