OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_auth_gssapi_posix.h" | 5 #include "net/http/http_auth_gssapi_posix.h" |
6 | 6 |
7 #include <limits> | 7 #include <limits> |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/base64.h" | 10 #include "base/base64.h" |
(...skipping 682 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
693 if (scoped_sec_context_.get() == GSS_C_NO_CONTEXT) { | 693 if (scoped_sec_context_.get() == GSS_C_NO_CONTEXT) { |
694 return net::ParseFirstRoundChallenge(scheme_, tok); | 694 return net::ParseFirstRoundChallenge(scheme_, tok); |
695 } | 695 } |
696 std::string encoded_auth_token; | 696 std::string encoded_auth_token; |
697 return net::ParseLaterRoundChallenge(scheme_, tok, &encoded_auth_token, | 697 return net::ParseLaterRoundChallenge(scheme_, tok, &encoded_auth_token, |
698 &decoded_server_auth_token_); | 698 &decoded_server_auth_token_); |
699 } | 699 } |
700 | 700 |
701 int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials, | 701 int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials, |
702 const std::string& spn, | 702 const std::string& spn, |
| 703 const std::string& channel_bindings, |
703 std::string* auth_token, | 704 std::string* auth_token, |
704 const CompletionCallback& /*callback*/) { | 705 const CompletionCallback& /*callback*/) { |
705 DCHECK(auth_token); | 706 DCHECK(auth_token); |
706 | 707 |
707 gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; | 708 gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; |
708 input_token.length = decoded_server_auth_token_.length(); | 709 input_token.length = decoded_server_auth_token_.length(); |
709 input_token.value = (input_token.length > 0) ? | 710 input_token.value = (input_token.length > 0) ? |
710 const_cast<char*>(decoded_server_auth_token_.data()) : | 711 const_cast<char*>(decoded_server_auth_token_.data()) : |
711 NULL; | 712 NULL; |
712 gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; | 713 gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; |
713 ScopedBuffer scoped_output_token(&output_token, library_); | 714 ScopedBuffer scoped_output_token(&output_token, library_); |
714 int rv = GetNextSecurityToken(spn, &input_token, &output_token); | 715 int rv = |
| 716 GetNextSecurityToken(spn, channel_bindings, &input_token, &output_token); |
715 if (rv != OK) | 717 if (rv != OK) |
716 return rv; | 718 return rv; |
717 | 719 |
718 // Base64 encode data in output buffer and prepend the scheme. | 720 // Base64 encode data in output buffer and prepend the scheme. |
719 std::string encode_input(static_cast<char*>(output_token.value), | 721 std::string encode_input(static_cast<char*>(output_token.value), |
720 output_token.length); | 722 output_token.length); |
721 std::string encode_output; | 723 std::string encode_output; |
722 base::Base64Encode(encode_input, &encode_output); | 724 base::Base64Encode(encode_input, &encode_output); |
723 *auth_token = scheme_ + " " + encode_output; | 725 *auth_token = scheme_ + " " + encode_output; |
724 return OK; | 726 return OK; |
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
812 GSS_S_UNSEQ_TOKEN | GSS_S_GAP_TOKEN)) | 814 GSS_S_UNSEQ_TOKEN | GSS_S_GAP_TOKEN)) |
813 return ERR_INVALID_RESPONSE; | 815 return ERR_INVALID_RESPONSE; |
814 | 816 |
815 // At this point, every documented status has been checked. | 817 // At this point, every documented status has been checked. |
816 return ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS; | 818 return ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS; |
817 } | 819 } |
818 | 820 |
819 } | 821 } |
820 | 822 |
821 int HttpAuthGSSAPI::GetNextSecurityToken(const std::string& spn, | 823 int HttpAuthGSSAPI::GetNextSecurityToken(const std::string& spn, |
| 824 const std::string& channel_bindings, |
822 gss_buffer_t in_token, | 825 gss_buffer_t in_token, |
823 gss_buffer_t out_token) { | 826 gss_buffer_t out_token) { |
824 // Create a name for the principal | 827 // Create a name for the principal |
825 // TODO(cbentzel): Just do this on the first pass? | 828 // TODO(cbentzel): Just do this on the first pass? |
826 std::string spn_principal = spn; | 829 std::string spn_principal = spn; |
827 gss_buffer_desc spn_buffer = GSS_C_EMPTY_BUFFER; | 830 gss_buffer_desc spn_buffer = GSS_C_EMPTY_BUFFER; |
828 spn_buffer.value = const_cast<char*>(spn_principal.c_str()); | 831 spn_buffer.value = const_cast<char*>(spn_principal.c_str()); |
829 spn_buffer.length = spn_principal.size() + 1; | 832 spn_buffer.length = spn_principal.size() + 1; |
830 OM_uint32 minor_status = 0; | 833 OM_uint32 minor_status = 0; |
831 gss_name_t principal_name = GSS_C_NO_NAME; | 834 gss_name_t principal_name = GSS_C_NO_NAME; |
832 OM_uint32 major_status = library_->import_name( | 835 OM_uint32 major_status = library_->import_name( |
833 &minor_status, | 836 &minor_status, |
834 &spn_buffer, | 837 &spn_buffer, |
835 GSS_C_NT_HOSTBASED_SERVICE, | 838 GSS_C_NT_HOSTBASED_SERVICE, |
836 &principal_name); | 839 &principal_name); |
837 int rv = MapImportNameStatusToError(major_status); | 840 int rv = MapImportNameStatusToError(major_status); |
838 if (rv != OK) { | 841 if (rv != OK) { |
839 LOG(ERROR) << "Problem importing name from " | 842 LOG(ERROR) << "Problem importing name from " |
840 << "spn \"" << spn_principal << "\"\n" | 843 << "spn \"" << spn_principal << "\"\n" |
841 << DisplayExtendedStatus(library_, major_status, minor_status); | 844 << DisplayExtendedStatus(library_, major_status, minor_status); |
842 return rv; | 845 return rv; |
843 } | 846 } |
844 ScopedName scoped_name(principal_name, library_); | 847 ScopedName scoped_name(principal_name, library_); |
845 | 848 |
| 849 std::vector<char> channel_bindings_data; |
| 850 scoped_ptr<gss_channel_bindings_struct> gss_channel_bindings; |
| 851 if (!channel_bindings.empty()) { |
| 852 gss_channel_bindings.reset(new gss_channel_bindings_struct); |
| 853 memset(gss_channel_bindings.get(), 0, sizeof(gss_channel_bindings_struct)); |
| 854 channel_bindings_data.assign(channel_bindings.begin(), |
| 855 channel_bindings.end()); |
| 856 gss_channel_bindings->application_data.value = |
| 857 &channel_bindings_data.front(); |
| 858 gss_channel_bindings->application_data.length = |
| 859 channel_bindings_data.size(); |
| 860 } |
| 861 |
846 // Continue creating a security context. | 862 // Continue creating a security context. |
847 OM_uint32 req_flags = 0; | 863 OM_uint32 req_flags = 0; |
848 if (can_delegate_) | 864 if (can_delegate_) |
849 req_flags |= GSS_C_DELEG_FLAG; | 865 req_flags |= GSS_C_DELEG_FLAG; |
850 major_status = library_->init_sec_context( | 866 major_status = library_->init_sec_context( |
851 &minor_status, | 867 &minor_status, GSS_C_NO_CREDENTIAL, scoped_sec_context_.receive(), |
852 GSS_C_NO_CREDENTIAL, | 868 principal_name, gss_oid_, req_flags, GSS_C_INDEFINITE, |
853 scoped_sec_context_.receive(), | 869 gss_channel_bindings ? gss_channel_bindings.get() |
854 principal_name, | 870 : GSS_C_NO_CHANNEL_BINDINGS, |
855 gss_oid_, | |
856 req_flags, | |
857 GSS_C_INDEFINITE, | |
858 GSS_C_NO_CHANNEL_BINDINGS, | |
859 in_token, | 871 in_token, |
860 NULL, // actual_mech_type | 872 nullptr, // actual_mech_type |
861 out_token, | 873 out_token, |
862 NULL, // ret flags | 874 nullptr, // ret flags |
863 NULL); | 875 nullptr); |
864 rv = MapInitSecContextStatusToError(major_status); | 876 rv = MapInitSecContextStatusToError(major_status); |
865 if (rv != OK) { | 877 if (rv != OK) { |
866 LOG(ERROR) << "Problem initializing context. \n" | 878 LOG(ERROR) << "Problem initializing context. \n" |
867 << DisplayExtendedStatus(library_, major_status, minor_status) | 879 << DisplayExtendedStatus(library_, major_status, minor_status) |
868 << '\n' | 880 << '\n' |
869 << DescribeContext(library_, scoped_sec_context_.get()); | 881 << DescribeContext(library_, scoped_sec_context_.get()); |
870 } | 882 } |
871 return rv; | 883 return rv; |
872 } | 884 } |
873 | 885 |
874 } // namespace net | 886 } // namespace net |
OLD | NEW |