| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file contains common routines used by NTLM and Negotiate authentication | 5 // This file contains common routines used by NTLM and Negotiate authentication |
| 6 // using the SSPI API on Windows. | 6 // using the SSPI API on Windows. |
| 7 | 7 |
| 8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
| 9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
| 10 | 10 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 51 unsigned long Reserved1, | 51 unsigned long Reserved1, |
| 52 unsigned long TargetDataRep, | 52 unsigned long TargetDataRep, |
| 53 PSecBufferDesc pInput, | 53 PSecBufferDesc pInput, |
| 54 unsigned long Reserved2, | 54 unsigned long Reserved2, |
| 55 PCtxtHandle phNewContext, | 55 PCtxtHandle phNewContext, |
| 56 PSecBufferDesc pOutput, | 56 PSecBufferDesc pOutput, |
| 57 unsigned long* contextAttr, | 57 unsigned long* contextAttr, |
| 58 PTimeStamp ptsExpiry) = 0; | 58 PTimeStamp ptsExpiry) = 0; |
| 59 | 59 |
| 60 virtual SECURITY_STATUS QuerySecurityPackageInfo(LPWSTR pszPackageName, | 60 virtual SECURITY_STATUS QuerySecurityPackageInfo(LPWSTR pszPackageName, |
| 61 PSecPkgInfoW *pkgInfo) = 0; | 61 PSecPkgInfoW* pkgInfo) = 0; |
| 62 | 62 |
| 63 virtual SECURITY_STATUS FreeCredentialsHandle(PCredHandle phCredential) = 0; | 63 virtual SECURITY_STATUS FreeCredentialsHandle(PCredHandle phCredential) = 0; |
| 64 | 64 |
| 65 virtual SECURITY_STATUS DeleteSecurityContext(PCtxtHandle phContext) = 0; | 65 virtual SECURITY_STATUS DeleteSecurityContext(PCtxtHandle phContext) = 0; |
| 66 | 66 |
| 67 virtual SECURITY_STATUS FreeContextBuffer(PVOID pvContextBuffer) = 0; | 67 virtual SECURITY_STATUS FreeContextBuffer(PVOID pvContextBuffer) = 0; |
| 68 }; | 68 }; |
| 69 | 69 |
| 70 class SSPILibraryDefault : public SSPILibrary { | 70 class SSPILibraryDefault : public SSPILibrary { |
| 71 public: | 71 public: |
| 72 SSPILibraryDefault() {} | 72 SSPILibraryDefault() {} |
| 73 virtual ~SSPILibraryDefault() {} | 73 virtual ~SSPILibraryDefault() {} |
| 74 | 74 |
| 75 virtual SECURITY_STATUS AcquireCredentialsHandle(LPWSTR pszPrincipal, | 75 virtual SECURITY_STATUS AcquireCredentialsHandle(LPWSTR pszPrincipal, |
| 76 LPWSTR pszPackage, | 76 LPWSTR pszPackage, |
| 77 unsigned long fCredentialUse, | 77 unsigned long fCredentialUse, |
| 78 void* pvLogonId, | 78 void* pvLogonId, |
| 79 void* pvAuthData, | 79 void* pvAuthData, |
| 80 SEC_GET_KEY_FN pGetKeyFn, | 80 SEC_GET_KEY_FN pGetKeyFn, |
| 81 void* pvGetKeyArgument, | 81 void* pvGetKeyArgument, |
| 82 PCredHandle phCredential, | 82 PCredHandle phCredential, |
| 83 PTimeStamp ptsExpiry) { | 83 PTimeStamp ptsExpiry) { |
| 84 return ::AcquireCredentialsHandle(pszPrincipal, pszPackage, fCredentialUse, | 84 return ::AcquireCredentialsHandle(pszPrincipal, |
| 85 pvLogonId, pvAuthData, pGetKeyFn, | 85 pszPackage, |
| 86 pvGetKeyArgument, phCredential, | 86 fCredentialUse, |
| 87 pvLogonId, |
| 88 pvAuthData, |
| 89 pGetKeyFn, |
| 90 pvGetKeyArgument, |
| 91 phCredential, |
| 87 ptsExpiry); | 92 ptsExpiry); |
| 88 } | 93 } |
| 89 | 94 |
| 90 virtual SECURITY_STATUS InitializeSecurityContext(PCredHandle phCredential, | 95 virtual SECURITY_STATUS InitializeSecurityContext(PCredHandle phCredential, |
| 91 PCtxtHandle phContext, | 96 PCtxtHandle phContext, |
| 92 SEC_WCHAR* pszTargetName, | 97 SEC_WCHAR* pszTargetName, |
| 93 unsigned long fContextReq, | 98 unsigned long fContextReq, |
| 94 unsigned long Reserved1, | 99 unsigned long Reserved1, |
| 95 unsigned long TargetDataRep, | 100 unsigned long TargetDataRep, |
| 96 PSecBufferDesc pInput, | 101 PSecBufferDesc pInput, |
| 97 unsigned long Reserved2, | 102 unsigned long Reserved2, |
| 98 PCtxtHandle phNewContext, | 103 PCtxtHandle phNewContext, |
| 99 PSecBufferDesc pOutput, | 104 PSecBufferDesc pOutput, |
| 100 unsigned long* contextAttr, | 105 unsigned long* contextAttr, |
| 101 PTimeStamp ptsExpiry) { | 106 PTimeStamp ptsExpiry) { |
| 102 return ::InitializeSecurityContext(phCredential, phContext, pszTargetName, | 107 return ::InitializeSecurityContext(phCredential, |
| 103 fContextReq, Reserved1, TargetDataRep, | 108 phContext, |
| 104 pInput, Reserved2, phNewContext, pOutput, | 109 pszTargetName, |
| 105 contextAttr, ptsExpiry); | 110 fContextReq, |
| 111 Reserved1, |
| 112 TargetDataRep, |
| 113 pInput, |
| 114 Reserved2, |
| 115 phNewContext, |
| 116 pOutput, |
| 117 contextAttr, |
| 118 ptsExpiry); |
| 106 } | 119 } |
| 107 | 120 |
| 108 virtual SECURITY_STATUS QuerySecurityPackageInfo(LPWSTR pszPackageName, | 121 virtual SECURITY_STATUS QuerySecurityPackageInfo(LPWSTR pszPackageName, |
| 109 PSecPkgInfoW *pkgInfo) { | 122 PSecPkgInfoW* pkgInfo) { |
| 110 return ::QuerySecurityPackageInfo(pszPackageName, pkgInfo); | 123 return ::QuerySecurityPackageInfo(pszPackageName, pkgInfo); |
| 111 } | 124 } |
| 112 | 125 |
| 113 virtual SECURITY_STATUS FreeCredentialsHandle(PCredHandle phCredential) { | 126 virtual SECURITY_STATUS FreeCredentialsHandle(PCredHandle phCredential) { |
| 114 return ::FreeCredentialsHandle(phCredential); | 127 return ::FreeCredentialsHandle(phCredential); |
| 115 } | 128 } |
| 116 | 129 |
| 117 virtual SECURITY_STATUS DeleteSecurityContext(PCtxtHandle phContext) { | 130 virtual SECURITY_STATUS DeleteSecurityContext(PCtxtHandle phContext) { |
| 118 return ::DeleteSecurityContext(phContext); | 131 return ::DeleteSecurityContext(phContext); |
| 119 } | 132 } |
| 120 | 133 |
| 121 virtual SECURITY_STATUS FreeContextBuffer(PVOID pvContextBuffer) { | 134 virtual SECURITY_STATUS FreeContextBuffer(PVOID pvContextBuffer) { |
| 122 return ::FreeContextBuffer(pvContextBuffer); | 135 return ::FreeContextBuffer(pvContextBuffer); |
| 123 } | 136 } |
| 124 }; | 137 }; |
| 125 | 138 |
| 126 class NET_EXPORT_PRIVATE HttpAuthSSPI { | 139 class NET_EXPORT_PRIVATE HttpAuthSSPI { |
| 127 public: | 140 public: |
| 128 HttpAuthSSPI(SSPILibrary* sspi_library, | 141 HttpAuthSSPI(SSPILibrary* sspi_library, |
| 129 const std::string& scheme, | 142 const std::string& scheme, |
| 130 const SEC_WCHAR* security_package, | 143 const SEC_WCHAR* security_package, |
| 131 ULONG max_token_length); | 144 ULONG max_token_length); |
| 132 ~HttpAuthSSPI(); | 145 ~HttpAuthSSPI(); |
| 133 | 146 |
| 134 bool NeedsIdentity() const; | 147 bool NeedsIdentity() const; |
| 135 | 148 |
| 136 bool AllowsExplicitCredentials() const; | 149 bool AllowsExplicitCredentials() const; |
| 137 | 150 |
| 138 HttpAuth::AuthorizationResult ParseChallenge( | 151 HttpAuth::AuthorizationResult ParseChallenge(HttpAuthChallengeTokenizer* tok); |
| 139 HttpAuthChallengeTokenizer* tok); | |
| 140 | 152 |
| 141 // Generates an authentication token for the service specified by the | 153 // Generates an authentication token for the service specified by the |
| 142 // Service Principal Name |spn| and stores the value in |*auth_token|. | 154 // Service Principal Name |spn| and stores the value in |*auth_token|. |
| 143 // If the return value is not |OK|, then the value of |*auth_token| is | 155 // If the return value is not |OK|, then the value of |*auth_token| is |
| 144 // unspecified. ERR_IO_PENDING is not a valid return code. | 156 // unspecified. ERR_IO_PENDING is not a valid return code. |
| 145 // If this is the first round of a multiple round scheme, credentials are | 157 // If this is the first round of a multiple round scheme, credentials are |
| 146 // obtained using |*credentials|. If |credentials| is NULL, the credentials | 158 // obtained using |*credentials|. If |credentials| is NULL, the credentials |
| 147 // for the currently logged in user are used instead. | 159 // for the currently logged in user are used instead. |
| 148 int GenerateAuthToken(const AuthCredentials* credentials, | 160 int GenerateAuthToken(const AuthCredentials* credentials, |
| 149 const std::string& spn, | 161 const std::string& spn, |
| 150 std::string* auth_token); | 162 std::string* auth_token); |
| 151 | 163 |
| 152 // Delegation is allowed on the Kerberos ticket. This allows certain servers | 164 // Delegation is allowed on the Kerberos ticket. This allows certain servers |
| 153 // to act as the user, such as an IIS server retrieiving data from a | 165 // to act as the user, such as an IIS server retrieiving data from a |
| 154 // Kerberized MSSQL server. | 166 // Kerberized MSSQL server. |
| 155 void Delegate(); | 167 void Delegate(); |
| 156 | 168 |
| 157 private: | 169 private: |
| 158 int OnFirstRound(const AuthCredentials* credentials); | 170 int OnFirstRound(const AuthCredentials* credentials); |
| 159 | 171 |
| 160 int GetNextSecurityToken( | 172 int GetNextSecurityToken(const std::string& spn, |
| 161 const std::string& spn, | 173 const void* in_token, |
| 162 const void* in_token, | 174 int in_token_len, |
| 163 int in_token_len, | 175 void** out_token, |
| 164 void** out_token, | 176 int* out_token_len); |
| 165 int* out_token_len); | |
| 166 | 177 |
| 167 void ResetSecurityContext(); | 178 void ResetSecurityContext(); |
| 168 | 179 |
| 169 SSPILibrary* library_; | 180 SSPILibrary* library_; |
| 170 std::string scheme_; | 181 std::string scheme_; |
| 171 const SEC_WCHAR* security_package_; | 182 const SEC_WCHAR* security_package_; |
| 172 std::string decoded_server_auth_token_; | 183 std::string decoded_server_auth_token_; |
| 173 ULONG max_token_length_; | 184 ULONG max_token_length_; |
| 174 CredHandle cred_; | 185 CredHandle cred_; |
| 175 CtxtHandle ctxt_; | 186 CtxtHandle ctxt_; |
| (...skipping 24 matching lines...) Expand all Loading... |
| 200 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem | 211 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem |
| 201 // in the underlying SSPI call. The details are logged, and |*max_token_length| | 212 // in the underlying SSPI call. The details are logged, and |*max_token_length| |
| 202 // is not changed. | 213 // is not changed. |
| 203 NET_EXPORT_PRIVATE int DetermineMaxTokenLength(SSPILibrary* library, | 214 NET_EXPORT_PRIVATE int DetermineMaxTokenLength(SSPILibrary* library, |
| 204 const std::wstring& package, | 215 const std::wstring& package, |
| 205 ULONG* max_token_length); | 216 ULONG* max_token_length); |
| 206 | 217 |
| 207 } // namespace net | 218 } // namespace net |
| 208 | 219 |
| 209 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ | 220 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
