Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(92)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_auth_handler_ntlm.cc

Issue 1408433006: Support tls-server-end-point channel bindings for HTTP authentication. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Narrower dependencies, update comments, address review comments. Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/x509_util_openssl.cc ('K') | « net/http/http_auth_handler_ntlm.h ('k') | net/http/http_auth_handler_ntlm_portable.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_auth_handler_ntlm.h" 5 #include "net/http/http_auth_handler_ntlm.h"
6 6
7 #if !defined(NTLM_SSPI) 7 #if !defined(NTLM_SSPI)
8 #include "base/base64.h" 8 #include "base/base64.h"
9 #endif 9 #endif
10 #include "base/logging.h" 10 #include "base/logging.h"
11 #include "base/strings/string_util.h" 11 #include "base/strings/string_util.h"
12 #include "base/strings/utf_string_conversions.h" 12 #include "base/strings/utf_string_conversions.h"
13 #include "net/base/net_errors.h" 13 #include "net/base/net_errors.h"
14 #include "net/base/url_util.h" 14 #include "net/base/url_util.h"
15 #include "net/cert/x509_util.h"
15 #include "net/http/http_auth_challenge_tokenizer.h" 16 #include "net/http/http_auth_challenge_tokenizer.h"
16 #include "net/http/http_auth_scheme.h" 17 #include "net/http/http_auth_scheme.h"
18 #include "net/http/http_response_info.h"
17 19
18 namespace net { 20 namespace net {
19 21
20 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::HandleAnotherChallenge( 22 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::HandleAnotherChallenge(
21 HttpAuthChallengeTokenizer* challenge) { 23 HttpAuthChallengeTokenizer* challenge) {
22 return ParseChallenge(challenge, false); 24 return ParseChallenge(challenge, false);
23 } 25 }
24 26
25 bool HttpAuthHandlerNTLM::Init(HttpAuthChallengeTokenizer* tok) { 27 bool HttpAuthHandlerNTLM::Init(HttpAuthChallengeTokenizer* tok,
28 const SSLInfo& ssl_info) {
26 auth_scheme_ = HttpAuth::AUTH_SCHEME_NTLM; 29 auth_scheme_ = HttpAuth::AUTH_SCHEME_NTLM;
27 score_ = 3; 30 score_ = 3;
28 properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED; 31 properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED;
29 32
33 if (ssl_info.is_valid())
34 x509_util::GetTLSServerEndPointChannelBinding(*ssl_info.cert,
35 &channel_bindings_);
36
30 return ParseChallenge(tok, true) == HttpAuth::AUTHORIZATION_RESULT_ACCEPT; 37 return ParseChallenge(tok, true) == HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
31 } 38 }
32 39
33 int HttpAuthHandlerNTLM::GenerateAuthTokenImpl( 40 int HttpAuthHandlerNTLM::GenerateAuthTokenImpl(
34 const AuthCredentials* credentials, const HttpRequestInfo* request, 41 const AuthCredentials* credentials, const HttpRequestInfo* request,
35 const CompletionCallback& callback, std::string* auth_token) { 42 const CompletionCallback& callback, std::string* auth_token) {
36 #if defined(NTLM_SSPI) 43 #if defined(NTLM_SSPI)
37 return auth_sspi_.GenerateAuthToken(credentials, CreateSPN(origin_), 44 return auth_sspi_.GenerateAuthToken(credentials, CreateSPN(origin_),
38 auth_token, callback); 45 channel_bindings_, auth_token, callback);
39 #else // !defined(NTLM_SSPI) 46 #else // !defined(NTLM_SSPI)
40 // TODO(cbentzel): Shouldn't be hitting this case. 47 // TODO(cbentzel): Shouldn't be hitting this case.
41 if (!credentials) { 48 if (!credentials) {
42 LOG(ERROR) << "Username and password are expected to be non-NULL."; 49 LOG(ERROR) << "Username and password are expected to be non-NULL.";
43 return ERR_MISSING_AUTH_CREDENTIALS; 50 return ERR_MISSING_AUTH_CREDENTIALS;
44 } 51 }
45 // TODO(wtc): See if we can use char* instead of void* for in_buf and 52 // TODO(wtc): See if we can use char* instead of void* for in_buf and
46 // out_buf. This change will need to propagate to GetNextToken, 53 // out_buf. This change will need to propagate to GetNextToken,
47 // GenerateType1Msg, and GenerateType3Msg, and perhaps further. 54 // GenerateType1Msg, and GenerateType3Msg, and perhaps further.
48 const void* in_buf; 55 const void* in_buf;
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
134 // static 141 // static
135 std::string HttpAuthHandlerNTLM::CreateSPN(const GURL& origin) { 142 std::string HttpAuthHandlerNTLM::CreateSPN(const GURL& origin) {
136 // The service principal name of the destination server. See 143 // The service principal name of the destination server. See
137 // http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx 144 // http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx
138 std::string target("HTTP/"); 145 std::string target("HTTP/");
139 target.append(GetHostAndPort(origin)); 146 target.append(GetHostAndPort(origin));
140 return target; 147 return target;
141 } 148 }
142 149
143 } // namespace net 150 } // namespace net
OLDNEW
« net/cert/x509_util_openssl.cc ('K') | « net/http/http_auth_handler_ntlm.h ('k') | net/http/http_auth_handler_ntlm_portable.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698