15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2011 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "build/build_config.h" 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/address_list.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_export.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/http/http_auth_handler.h" 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/http/http_auth_handler_factory.h" 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_WIN) 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/http/http_auth_sspi_win.h" 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#elif defined(OS_POSIX) 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/http/http_auth_gssapi_posix.h" 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class HostResolver; 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class SingleRequestHostResolver; 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class URLSecurityManager; 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Handler for WWW-Authenticate: Negotiate protocol. 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// for more information about the protocol. 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler { 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_WIN) 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) typedef SSPILibrary AuthLibrary; 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) typedef HttpAuthSSPI AuthSystem; 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#elif defined(OS_POSIX) 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) typedef GSSAPILibrary AuthLibrary; 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) typedef HttpAuthGSSAPI AuthSystem; 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory { 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Factory(); 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual ~Factory(); 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |disable_cname_lookup()| and |set_disable_cname_lookup()| get/set whether 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the auth handlers generated by this factory should skip looking up the 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // canonical DNS name of the the host that they are authenticating to when 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // generating the SPN. The default value is false. 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool disable_cname_lookup() const { return disable_cname_lookup_; } 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void set_disable_cname_lookup(bool disable_cname_lookup) { 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) disable_cname_lookup_ = disable_cname_lookup; 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |use_port()| and |set_use_port()| get/set whether the auth handlers 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // generated by this factory should include the port number of the server 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // they are authenticating to when constructing a Kerberos SPN. The default 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // value is false. 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool use_port() const { return use_port_; } 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void set_use_port(bool use_port) { use_port_ = use_port; } 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void set_host_resolver(HostResolver* host_resolver); 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Sets the system library to use, thereby assuming ownership of 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |auth_library|. 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void set_library(AuthLibrary* auth_library) { 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) auth_library_.reset(auth_library); 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual int CreateAuthHandler( 73a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) HttpAuthChallengeTokenizer* challenge, 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpAuth::Target target, 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const GURL& origin, 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CreateReason reason, 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int digest_nonce_count, 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const BoundNetLog& net_log, 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<HttpAuthHandler>* handler) OVERRIDE; 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool disable_cname_lookup_; 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool use_port_; 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HostResolver* resolver_; 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_WIN) 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ULONG max_token_length_; 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool first_creation_; 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool is_unsupported_; 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<AuthLibrary> auth_library_; 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpAuthHandlerNegotiate(AuthLibrary* sspi_library, 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_WIN) 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ULONG max_token_length, 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) URLSecurityManager* url_security_manager, 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HostResolver* host_resolver, 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool disable_cname_lookup, 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool use_port); 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual ~HttpAuthHandlerNegotiate(); 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // These are public for unit tests 105a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) std::string CreateSPN(const AddressList& address_list, const GURL& orign); 106a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) const std::string& spn() const { return spn_; } 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // HttpAuthHandler: 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual HttpAuth::AuthorizationResult HandleAnotherChallenge( 110a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) HttpAuthChallengeTokenizer* challenge) OVERRIDE; 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool NeedsIdentity() OVERRIDE; 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool AllowsDefaultCredentials() OVERRIDE; 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool AllowsExplicitCredentials() OVERRIDE; 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) protected: 116a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual bool Init(HttpAuthChallengeTokenizer* challenge) OVERRIDE; 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual int GenerateAuthTokenImpl(const AuthCredentials* credentials, 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const HttpRequestInfo* request, 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const CompletionCallback& callback, 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string* auth_token) OVERRIDE; 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enum State { 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) STATE_RESOLVE_CANONICAL_NAME, 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) STATE_RESOLVE_CANONICAL_NAME_COMPLETE, 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) STATE_GENERATE_AUTH_TOKEN, 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) STATE_GENERATE_AUTH_TOKEN_COMPLETE, 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) STATE_NONE, 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void OnIOComplete(int result); 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void DoCallback(int result); 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int DoLoop(int result); 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int DoResolveCanonicalName(); 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int DoResolveCanonicalNameComplete(int rv); 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int DoGenerateAuthToken(); 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int DoGenerateAuthTokenComplete(int rv); 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool CanDelegate() const; 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AuthSystem auth_system_; 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool disable_cname_lookup_; 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool use_port_; 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HostResolver* const resolver_; 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Members which are needed for DNS lookup + SPN. 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AddressList address_list_; 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SingleRequestHostResolver> single_resolve_; 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Things which should be consistent after first call to GenerateAuthToken. 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool already_called_; 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool has_credentials_; 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AuthCredentials credentials_; 155a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) std::string spn_; 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Things which vary each round. 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CompletionCallback callback_; 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string* auth_token_; 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) State next_state_; 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const URLSecurityManager* url_security_manager_; 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_ 169