net/http/http_auth_gssapi_posix.h - Issue 1408433006: Support tls-server-end-point channel bindings for HTTP authentication.

Side by Side Diff: net/http/http_auth_gssapi_posix.h

Issue 1408433006: Support tls-server-end-point channel bindings for HTTP authentication. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Narrower dependencies, update comments, address review comments. Created 4 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_	5 #ifndef NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_

6 #define NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_	6 #define NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_

7	7

8 #include <string>	8 #include <string>

9	9

10 #include "base/gtest_prod_util.h"	10 #include "base/gtest_prod_util.h"

(...skipping 254 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
265 // until the callback has been called.	265 // until the callback has been called.

266 //	266 //

267 // \|spn\| is the Service Principal Name of the server that the token is	267 // \|spn\| is the Service Principal Name of the server that the token is

268 // being generated for.	268 // being generated for.

269 //	269 //

270 // If this is the first round of a multiple round scheme, credentials are	270 // If this is the first round of a multiple round scheme, credentials are

271 // obtained using \|*credentials\|. If \|credentials\| is NULL, the default	271 // obtained using \|*credentials\|. If \|credentials\| is NULL, the default

272 // credentials are used instead.	272 // credentials are used instead.

273 int GenerateAuthToken(const AuthCredentials* credentials,	273 int GenerateAuthToken(const AuthCredentials* credentials,

274 const std::string& spn,	274 const std::string& spn,

	275 const std::string& channel_bindings,

275 std::string* auth_token,	276 std::string* auth_token,

276 const CompletionCallback& callback);	277 const CompletionCallback& callback);

277	278

278 // Delegation is allowed on the Kerberos ticket. This allows certain servers	279 // Delegation is allowed on the Kerberos ticket. This allows certain servers

279 // to act as the user, such as an IIS server retrieving data from a	280 // to act as the user, such as an IIS server retrieving data from a

280 // Kerberized MSSQL server.	281 // Kerberized MSSQL server.

281 void Delegate();	282 void Delegate();

282	283

283 private:	284 private:

284 int GetNextSecurityToken(const std::string& spn,	285 int GetNextSecurityToken(const std::string& spn,

	286 const std::string& channel_bindings,

285 gss_buffer_t in_token,	287 gss_buffer_t in_token,

286 gss_buffer_t out_token);	288 gss_buffer_t out_token);

287	289

288 std::string scheme_;	290 std::string scheme_;

289 gss_OID gss_oid_;	291 gss_OID gss_oid_;

290 GSSAPILibrary* library_;	292 GSSAPILibrary* library_;

291 std::string decoded_server_auth_token_;	293 std::string decoded_server_auth_token_;

292 ScopedSecurityContext scoped_sec_context_;	294 ScopedSecurityContext scoped_sec_context_;

293 bool can_delegate_;	295 bool can_delegate_;

294 };	296 };

295	297

296 } // namespace net	298 } // namespace net

297	299

298 #endif // NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_	300 #endif // NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_

OLD	NEW

« net/cert/x509_util_openssl.cc ('K') | « net/http/http_auth_controller_unittest.cc ('k') | net/http/http_auth_gssapi_posix.cc » ('j') | no next file with comments »