Chromium Code Reviews Chromium Code Reviews
Issue 1414313002:
Allow dynamic updating of authentication policies (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ | 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ |
| 6 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ | 6 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| 11 #include "net/base/address_list.h" | 11 #include "net/base/address_list.h" |
| 12 #include "net/base/net_export.h" | 12 #include "net/base/net_export.h" |
| 13 #include "net/http/http_auth_handler.h" | 13 #include "net/http/http_auth_handler.h" |
| 14 #include "net/http/http_auth_handler_factory.h" | 14 #include "net/http/http_auth_handler_factory.h" |
| 15 | 15 |
| 16 #if defined(OS_ANDROID) | 16 #if defined(OS_ANDROID) |
| 17 #include "net/android/http_auth_negotiate_android.h" | 17 #include "net/android/http_auth_negotiate_android.h" |
| 18 #elif defined(OS_WIN) | 18 #elif defined(OS_WIN) |
| 19 #include "net/http/http_auth_sspi_win.h" | 19 #include "net/http/http_auth_sspi_win.h" |
| 20 #elif defined(OS_POSIX) | 20 #elif defined(OS_POSIX) |
| 21 #include "net/http/http_auth_gssapi_posix.h" | 21 #include "net/http/http_auth_gssapi_posix.h" |
| 22 #endif | 22 #endif |
| 23 | 23 |
| 24 namespace net { | 24 namespace net { |
| 25 | 25 |
| 26 class HostResolver; | 26 class HostResolver; |
| 27 class SingleRequestHostResolver; | 27 class SingleRequestHostResolver; |
| 28 class URLSecurityManager; | 28 class HttpAuthPreferences; |
|
asanka
2015/12/01 05:30:03
Nit: sort
aberent
2015/12/01 14:33:25
Done.
| |
| 29 | 29 |
| 30 // Handler for WWW-Authenticate: Negotiate protocol. | 30 // Handler for WWW-Authenticate: Negotiate protocol. |
| 31 // | 31 // |
| 32 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559 | 32 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559 |
| 33 // for more information about the protocol. | 33 // for more information about the protocol. |
| 34 | 34 |
| 35 class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler { | 35 class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler { |
| 36 public: | 36 public: |
| 37 #if defined(OS_ANDROID) | 37 #if defined(OS_ANDROID) |
| 38 typedef net::android::HttpAuthNegotiateAndroid AuthSystem; | 38 typedef net::android::HttpAuthNegotiateAndroid AuthSystem; |
| 39 // For Android this isn't a library, but for the Android Account type, which | |
| 40 // indirectly identifies the Kerberos/SPNEGO authentication app. | |
| 41 typedef const std::string AuthLibrary; | |
| 42 #elif defined(OS_WIN) | 39 #elif defined(OS_WIN) |
| 43 typedef SSPILibrary AuthLibrary; | 40 typedef SSPILibrary AuthLibrary; |
| 44 typedef HttpAuthSSPI AuthSystem; | 41 typedef HttpAuthSSPI AuthSystem; |
| 45 #elif defined(OS_POSIX) | 42 #elif defined(OS_POSIX) |
| 46 typedef GSSAPILibrary AuthLibrary; | 43 typedef GSSAPILibrary AuthLibrary; |
| 47 typedef HttpAuthGSSAPI AuthSystem; | 44 typedef HttpAuthGSSAPI AuthSystem; |
| 48 #endif | 45 #endif |
| 49 | 46 |
| 50 class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory { | 47 class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory { |
| 51 public: | 48 public: |
| 52 Factory(); | 49 Factory(); |
| 53 ~Factory() override; | 50 ~Factory() override; |
| 54 | 51 |
| 55 // |disable_cname_lookup()| and |set_disable_cname_lookup()| get/set whether | |
| 56 // the auth handlers generated by this factory should skip looking up the | |
| 57 // canonical DNS name of the the host that they are authenticating to when | |
| 58 // generating the SPN. The default value is false. | |
| 59 bool disable_cname_lookup() const { return disable_cname_lookup_; } | |
| 60 void set_disable_cname_lookup(bool disable_cname_lookup) { | |
| 61 disable_cname_lookup_ = disable_cname_lookup; | |
| 62 } | |
| 63 | |
| 64 // |use_port()| and |set_use_port()| get/set whether the auth handlers | |
| 65 // generated by this factory should include the port number of the server | |
| 66 // they are authenticating to when constructing a Kerberos SPN. The default | |
| 67 // value is false. | |
| 68 bool use_port() const { return use_port_; } | |
| 69 void set_use_port(bool use_port) { use_port_ = use_port; } | |
| 70 | |
| 71 void set_host_resolver(HostResolver* host_resolver); | 52 void set_host_resolver(HostResolver* host_resolver); |
| 72 | 53 |
| 54 #if !defined(OS_ANDROID) | |
| 73 // Sets the system library to use, thereby assuming ownership of | 55 // Sets the system library to use, thereby assuming ownership of |
| 74 // |auth_library|. | 56 // |auth_library|. |
| 75 void set_library(AuthLibrary* auth_provider) { | 57 void set_library(scoped_ptr<AuthLibrary> auth_provider) { |
| 76 auth_library_.reset(auth_provider); | 58 auth_library_ = auth_provider.Pass(); |
| 77 } | 59 } |
| 60 #endif | |
| 78 | 61 |
| 62 // HttpAuthHandlerFactory overrides | |
| 79 int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge, | 63 int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge, |
| 80 HttpAuth::Target target, | 64 HttpAuth::Target target, |
| 81 const GURL& origin, | 65 const GURL& origin, |
| 82 CreateReason reason, | 66 CreateReason reason, |
| 83 int digest_nonce_count, | 67 int digest_nonce_count, |
| 84 const BoundNetLog& net_log, | 68 const BoundNetLog& net_log, |
| 85 scoped_ptr<HttpAuthHandler>* handler) override; | 69 scoped_ptr<HttpAuthHandler>* handler) override; |
| 86 | 70 |
| 87 private: | 71 private: |
| 88 bool disable_cname_lookup_; | |
| 89 bool use_port_; | |
| 90 HostResolver* resolver_; | 72 HostResolver* resolver_; |
| 91 #if defined(OS_WIN) | 73 #if defined(OS_WIN) |
| 92 ULONG max_token_length_; | 74 ULONG max_token_length_; |
| 93 #endif | 75 #endif |
| 94 bool is_unsupported_; | 76 bool is_unsupported_; |
| 77 #if !defined(OS_ANDROID) | |
| 95 scoped_ptr<AuthLibrary> auth_library_; | 78 scoped_ptr<AuthLibrary> auth_library_; |
| 79 #endif | |
| 96 }; | 80 }; |
| 97 | 81 |
| 98 HttpAuthHandlerNegotiate(AuthLibrary* auth_library, | 82 HttpAuthHandlerNegotiate( |
| 83 #if !defined(OS_ANDROID) | |
| 84 AuthLibrary* auth_library, | |
| 85 #endif | |
| 99 #if defined(OS_WIN) | 86 #if defined(OS_WIN) |
| 100 ULONG max_token_length, | 87 ULONG max_token_length, |
| 101 #endif | 88 #endif |
| 102 URLSecurityManager* url_security_manager, | 89 const HttpAuthPreferences* prefs, |
| 103 HostResolver* host_resolver, | 90 HostResolver* host_resolver); |
| 104 bool disable_cname_lookup, | |
| 105 bool use_port); | |
| 106 | 91 |
| 107 ~HttpAuthHandlerNegotiate() override; | 92 ~HttpAuthHandlerNegotiate() override; |
| 108 | 93 |
| 109 // These are public for unit tests | 94 // These are public for unit tests |
| 110 std::string CreateSPN(const AddressList& address_list, const GURL& orign); | 95 std::string CreateSPN(const AddressList& address_list, const GURL& orign); |
| 111 const std::string& spn() const { return spn_; } | 96 const std::string& spn() const { return spn_; } |
| 112 | 97 |
| 113 // HttpAuthHandler: | 98 // HttpAuthHandler: |
| 114 HttpAuth::AuthorizationResult HandleAnotherChallenge( | 99 HttpAuth::AuthorizationResult HandleAnotherChallenge( |
| 115 HttpAuthChallengeTokenizer* challenge) override; | 100 HttpAuthChallengeTokenizer* challenge) override; |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 138 void DoCallback(int result); | 123 void DoCallback(int result); |
| 139 int DoLoop(int result); | 124 int DoLoop(int result); |
| 140 | 125 |
| 141 int DoResolveCanonicalName(); | 126 int DoResolveCanonicalName(); |
| 142 int DoResolveCanonicalNameComplete(int rv); | 127 int DoResolveCanonicalNameComplete(int rv); |
| 143 int DoGenerateAuthToken(); | 128 int DoGenerateAuthToken(); |
| 144 int DoGenerateAuthTokenComplete(int rv); | 129 int DoGenerateAuthTokenComplete(int rv); |
| 145 bool CanDelegate() const; | 130 bool CanDelegate() const; |
| 146 | 131 |
| 147 AuthSystem auth_system_; | 132 AuthSystem auth_system_; |
| 148 bool disable_cname_lookup_; | |
| 149 bool use_port_; | |
| 150 HostResolver* const resolver_; | 133 HostResolver* const resolver_; |
| 151 | 134 |
| 152 // Members which are needed for DNS lookup + SPN. | 135 // Members which are needed for DNS lookup + SPN. |
| 153 AddressList address_list_; | 136 AddressList address_list_; |
| 154 scoped_ptr<SingleRequestHostResolver> single_resolve_; | 137 scoped_ptr<SingleRequestHostResolver> single_resolve_; |
| 155 | 138 |
| 156 // Things which should be consistent after first call to GenerateAuthToken. | 139 // Things which should be consistent after first call to GenerateAuthToken. |
| 157 bool already_called_; | 140 bool already_called_; |
| 158 bool has_credentials_; | 141 bool has_credentials_; |
| 159 AuthCredentials credentials_; | 142 AuthCredentials credentials_; |
| 160 std::string spn_; | 143 std::string spn_; |
| 161 | 144 |
| 162 // Things which vary each round. | 145 // Things which vary each round. |
| 163 CompletionCallback callback_; | 146 CompletionCallback callback_; |
| 164 std::string* auth_token_; | 147 std::string* auth_token_; |
| 165 | 148 |
| 166 State next_state_; | 149 State next_state_; |
| 167 | 150 |
| 168 const URLSecurityManager* url_security_manager_; | 151 const HttpAuthPreferences* http_auth_preferences_; |
| 169 }; | 152 }; |
| 170 | 153 |
| 171 } // namespace net | 154 } // namespace net |
| 172 | 155 |
| 173 #endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ | 156 #endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ |
| OLD | NEW |
