OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ | 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ |
6 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ | 6 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
11 #include "net/base/address_list.h" | 11 #include "net/base/address_list.h" |
12 #include "net/base/net_export.h" | 12 #include "net/base/net_export.h" |
13 #include "net/http/http_auth_handler.h" | 13 #include "net/http/http_auth_handler.h" |
14 #include "net/http/http_auth_handler_factory.h" | 14 #include "net/http/http_auth_handler_factory.h" |
15 | 15 |
16 #if defined(OS_ANDROID) | 16 #if defined(OS_ANDROID) |
17 #include "net/android/http_auth_negotiate_android.h" | 17 #include "net/android/http_auth_negotiate_android.h" |
18 #elif defined(OS_WIN) | 18 #elif defined(OS_WIN) |
19 #include "net/http/http_auth_sspi_win.h" | 19 #include "net/http/http_auth_sspi_win.h" |
20 #elif defined(OS_POSIX) | 20 #elif defined(OS_POSIX) |
21 #include "net/http/http_auth_gssapi_posix.h" | 21 #include "net/http/http_auth_gssapi_posix.h" |
22 #endif | 22 #endif |
23 | 23 |
24 namespace net { | 24 namespace net { |
25 | 25 |
26 class HostResolver; | 26 class HostResolver; |
27 class SingleRequestHostResolver; | 27 class SingleRequestHostResolver; |
28 class URLSecurityManager; | 28 class HttpAuthPreferences; |
asanka
2015/12/01 05:30:03
Nit: sort
aberent
2015/12/01 14:33:25
Done.
| |
29 | 29 |
30 // Handler for WWW-Authenticate: Negotiate protocol. | 30 // Handler for WWW-Authenticate: Negotiate protocol. |
31 // | 31 // |
32 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559 | 32 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559 |
33 // for more information about the protocol. | 33 // for more information about the protocol. |
34 | 34 |
35 class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler { | 35 class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler { |
36 public: | 36 public: |
37 #if defined(OS_ANDROID) | 37 #if defined(OS_ANDROID) |
38 typedef net::android::HttpAuthNegotiateAndroid AuthSystem; | 38 typedef net::android::HttpAuthNegotiateAndroid AuthSystem; |
39 // For Android this isn't a library, but for the Android Account type, which | |
40 // indirectly identifies the Kerberos/SPNEGO authentication app. | |
41 typedef const std::string AuthLibrary; | |
42 #elif defined(OS_WIN) | 39 #elif defined(OS_WIN) |
43 typedef SSPILibrary AuthLibrary; | 40 typedef SSPILibrary AuthLibrary; |
44 typedef HttpAuthSSPI AuthSystem; | 41 typedef HttpAuthSSPI AuthSystem; |
45 #elif defined(OS_POSIX) | 42 #elif defined(OS_POSIX) |
46 typedef GSSAPILibrary AuthLibrary; | 43 typedef GSSAPILibrary AuthLibrary; |
47 typedef HttpAuthGSSAPI AuthSystem; | 44 typedef HttpAuthGSSAPI AuthSystem; |
48 #endif | 45 #endif |
49 | 46 |
50 class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory { | 47 class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory { |
51 public: | 48 public: |
52 Factory(); | 49 Factory(); |
53 ~Factory() override; | 50 ~Factory() override; |
54 | 51 |
55 // |disable_cname_lookup()| and |set_disable_cname_lookup()| get/set whether | |
56 // the auth handlers generated by this factory should skip looking up the | |
57 // canonical DNS name of the the host that they are authenticating to when | |
58 // generating the SPN. The default value is false. | |
59 bool disable_cname_lookup() const { return disable_cname_lookup_; } | |
60 void set_disable_cname_lookup(bool disable_cname_lookup) { | |
61 disable_cname_lookup_ = disable_cname_lookup; | |
62 } | |
63 | |
64 // |use_port()| and |set_use_port()| get/set whether the auth handlers | |
65 // generated by this factory should include the port number of the server | |
66 // they are authenticating to when constructing a Kerberos SPN. The default | |
67 // value is false. | |
68 bool use_port() const { return use_port_; } | |
69 void set_use_port(bool use_port) { use_port_ = use_port; } | |
70 | |
71 void set_host_resolver(HostResolver* host_resolver); | 52 void set_host_resolver(HostResolver* host_resolver); |
72 | 53 |
54 #if !defined(OS_ANDROID) | |
73 // Sets the system library to use, thereby assuming ownership of | 55 // Sets the system library to use, thereby assuming ownership of |
74 // |auth_library|. | 56 // |auth_library|. |
75 void set_library(AuthLibrary* auth_provider) { | 57 void set_library(scoped_ptr<AuthLibrary> auth_provider) { |
76 auth_library_.reset(auth_provider); | 58 auth_library_ = auth_provider.Pass(); |
77 } | 59 } |
60 #endif | |
78 | 61 |
62 // HttpAuthHandlerFactory overrides | |
79 int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge, | 63 int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge, |
80 HttpAuth::Target target, | 64 HttpAuth::Target target, |
81 const GURL& origin, | 65 const GURL& origin, |
82 CreateReason reason, | 66 CreateReason reason, |
83 int digest_nonce_count, | 67 int digest_nonce_count, |
84 const BoundNetLog& net_log, | 68 const BoundNetLog& net_log, |
85 scoped_ptr<HttpAuthHandler>* handler) override; | 69 scoped_ptr<HttpAuthHandler>* handler) override; |
86 | 70 |
87 private: | 71 private: |
88 bool disable_cname_lookup_; | |
89 bool use_port_; | |
90 HostResolver* resolver_; | 72 HostResolver* resolver_; |
91 #if defined(OS_WIN) | 73 #if defined(OS_WIN) |
92 ULONG max_token_length_; | 74 ULONG max_token_length_; |
93 #endif | 75 #endif |
94 bool is_unsupported_; | 76 bool is_unsupported_; |
77 #if !defined(OS_ANDROID) | |
95 scoped_ptr<AuthLibrary> auth_library_; | 78 scoped_ptr<AuthLibrary> auth_library_; |
79 #endif | |
96 }; | 80 }; |
97 | 81 |
98 HttpAuthHandlerNegotiate(AuthLibrary* auth_library, | 82 HttpAuthHandlerNegotiate( |
83 #if !defined(OS_ANDROID) | |
84 AuthLibrary* auth_library, | |
85 #endif | |
99 #if defined(OS_WIN) | 86 #if defined(OS_WIN) |
100 ULONG max_token_length, | 87 ULONG max_token_length, |
101 #endif | 88 #endif |
102 URLSecurityManager* url_security_manager, | 89 const HttpAuthPreferences* prefs, |
103 HostResolver* host_resolver, | 90 HostResolver* host_resolver); |
104 bool disable_cname_lookup, | |
105 bool use_port); | |
106 | 91 |
107 ~HttpAuthHandlerNegotiate() override; | 92 ~HttpAuthHandlerNegotiate() override; |
108 | 93 |
109 // These are public for unit tests | 94 // These are public for unit tests |
110 std::string CreateSPN(const AddressList& address_list, const GURL& orign); | 95 std::string CreateSPN(const AddressList& address_list, const GURL& orign); |
111 const std::string& spn() const { return spn_; } | 96 const std::string& spn() const { return spn_; } |
112 | 97 |
113 // HttpAuthHandler: | 98 // HttpAuthHandler: |
114 HttpAuth::AuthorizationResult HandleAnotherChallenge( | 99 HttpAuth::AuthorizationResult HandleAnotherChallenge( |
115 HttpAuthChallengeTokenizer* challenge) override; | 100 HttpAuthChallengeTokenizer* challenge) override; |
(...skipping 22 matching lines...) Expand all Loading... | |
138 void DoCallback(int result); | 123 void DoCallback(int result); |
139 int DoLoop(int result); | 124 int DoLoop(int result); |
140 | 125 |
141 int DoResolveCanonicalName(); | 126 int DoResolveCanonicalName(); |
142 int DoResolveCanonicalNameComplete(int rv); | 127 int DoResolveCanonicalNameComplete(int rv); |
143 int DoGenerateAuthToken(); | 128 int DoGenerateAuthToken(); |
144 int DoGenerateAuthTokenComplete(int rv); | 129 int DoGenerateAuthTokenComplete(int rv); |
145 bool CanDelegate() const; | 130 bool CanDelegate() const; |
146 | 131 |
147 AuthSystem auth_system_; | 132 AuthSystem auth_system_; |
148 bool disable_cname_lookup_; | |
149 bool use_port_; | |
150 HostResolver* const resolver_; | 133 HostResolver* const resolver_; |
151 | 134 |
152 // Members which are needed for DNS lookup + SPN. | 135 // Members which are needed for DNS lookup + SPN. |
153 AddressList address_list_; | 136 AddressList address_list_; |
154 scoped_ptr<SingleRequestHostResolver> single_resolve_; | 137 scoped_ptr<SingleRequestHostResolver> single_resolve_; |
155 | 138 |
156 // Things which should be consistent after first call to GenerateAuthToken. | 139 // Things which should be consistent after first call to GenerateAuthToken. |
157 bool already_called_; | 140 bool already_called_; |
158 bool has_credentials_; | 141 bool has_credentials_; |
159 AuthCredentials credentials_; | 142 AuthCredentials credentials_; |
160 std::string spn_; | 143 std::string spn_; |
161 | 144 |
162 // Things which vary each round. | 145 // Things which vary each round. |
163 CompletionCallback callback_; | 146 CompletionCallback callback_; |
164 std::string* auth_token_; | 147 std::string* auth_token_; |
165 | 148 |
166 State next_state_; | 149 State next_state_; |
167 | 150 |
168 const URLSecurityManager* url_security_manager_; | 151 const HttpAuthPreferences* http_auth_preferences_; |
169 }; | 152 }; |
170 | 153 |
171 } // namespace net | 154 } // namespace net |
172 | 155 |
173 #endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ | 156 #endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ |
OLD | NEW |