src/net/http/http_auth_handler_negotiate.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
   6 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
   7
   8 #include <string>
   9
  10 #include "build/build_config.h"
  11 #include "net/base/address_list.h"
  12 #include "net/base/net_export.h"
  13 #include "net/http/http_auth_handler.h"
  14 #include "net/http/http_auth_handler_factory.h"
  15
  16 #if defined(OS_WIN)
  17 #include "net/http/http_auth_sspi_win.h"
  18 #elif defined(OS_POSIX)
  19 #include "net/http/http_auth_gssapi_posix.h"
  20 #endif
  21
  22 namespace net {
  23
  24 class HostResolver;
  25 class SingleRequestHostResolver;
  26 class URLSecurityManager;
  27
  28 // Handler for WWW-Authenticate: Negotiate protocol.
  29 //
  30 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
  31 // for more information about the protocol.
  32
  33 class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
  34  public:
  35 #if defined(OS_WIN)
  36   typedef SSPILibrary AuthLibrary;
  37   typedef HttpAuthSSPI AuthSystem;
  38 #elif defined(OS_POSIX)
  39   typedef GSSAPILibrary AuthLibrary;
  40   typedef HttpAuthGSSAPI AuthSystem;
  41 #endif
  42
  43   class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory {
  44    public:
  45     Factory();
  46     ~Factory() override;
  47
  48     // |disable_cname_lookup()| and |set_disable_cname_lookup()| get/set whether
  49     // the auth handlers generated by this factory should skip looking up the
  50     // canonical DNS name of the the host that they are authenticating to when
  51     // generating the SPN. The default value is false.
  52     bool disable_cname_lookup() const { return disable_cname_lookup_; }
  53     void set_disable_cname_lookup(bool disable_cname_lookup) {
  54       disable_cname_lookup_ = disable_cname_lookup;
  55     }
  56
  57     // |use_port()| and |set_use_port()| get/set whether the auth handlers
  58     // generated by this factory should include the port number of the server
  59     // they are authenticating to when constructing a Kerberos SPN. The default
  60     // value is false.
  61     bool use_port() const { return use_port_; }
  62     void set_use_port(bool use_port) { use_port_ = use_port; }
  63
  64     void set_host_resolver(HostResolver* host_resolver);
  65
  66     // Sets the system library to use, thereby assuming ownership of
  67     // |auth_library|.
  68     void set_library(AuthLibrary* auth_library) {
  69       auth_library_.reset(auth_library);
  70     }
  71
  72     int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge,
  73                           HttpAuth::Target target,
  74                           const GURL& origin,
  75                           CreateReason reason,
  76                           int digest_nonce_count,
  77                           const BoundNetLog& net_log,
  78                           scoped_ptr<HttpAuthHandler>* handler) override;
  79
  80    private:
  81     bool disable_cname_lookup_;
  82     bool use_port_;
  83     HostResolver* resolver_;
  84 #if defined(OS_WIN)
  85     ULONG max_token_length_;
  86     bool first_creation_;
  87 #endif
  88     bool is_unsupported_;
  89     scoped_ptr<AuthLibrary> auth_library_;
  90   };
  91
  92   HttpAuthHandlerNegotiate(AuthLibrary* sspi_library,
  93 #if defined(OS_WIN)
  94                            ULONG max_token_length,
  95 #endif
  96                            URLSecurityManager* url_security_manager,
  97                            HostResolver* host_resolver,
  98                            bool disable_cname_lookup,
  99                            bool use_port);
 100
 101   ~HttpAuthHandlerNegotiate() override;
 102
 103   // These are public for unit tests
 104   std::string CreateSPN(const AddressList& address_list, const GURL& orign);
 105   const std::string& spn() const { return spn_; }
 106
 107   // HttpAuthHandler:
 108   HttpAuth::AuthorizationResult HandleAnotherChallenge(
 109       HttpAuthChallengeTokenizer* challenge) override;
 110   bool NeedsIdentity() override;
 111   bool AllowsDefaultCredentials() override;
 112   bool AllowsExplicitCredentials() override;
 113
 114  protected:
 115   bool Init(HttpAuthChallengeTokenizer* challenge) override;
 116
 117   int GenerateAuthTokenImpl(const AuthCredentials* credentials,
 118                             const HttpRequestInfo* request,
 119                             const CompletionCallback& callback,
 120                             std::string* auth_token) override;
 121
 122  private:
 123   enum State {
 124     STATE_RESOLVE_CANONICAL_NAME,
 125     STATE_RESOLVE_CANONICAL_NAME_COMPLETE,
 126     STATE_GENERATE_AUTH_TOKEN,
 127     STATE_GENERATE_AUTH_TOKEN_COMPLETE,
 128     STATE_NONE,
 129   };
 130
 131   void OnIOComplete(int result);
 132   void DoCallback(int result);
 133   int DoLoop(int result);
 134
 135   int DoResolveCanonicalName();
 136   int DoResolveCanonicalNameComplete(int rv);
 137   int DoGenerateAuthToken();
 138   int DoGenerateAuthTokenComplete(int rv);
 139   bool CanDelegate() const;
 140
 141   AuthSystem auth_system_;
 142   bool disable_cname_lookup_;
 143   bool use_port_;
 144   HostResolver* const resolver_;
 145
 146   // Members which are needed for DNS lookup + SPN.
 147   AddressList address_list_;
 148   scoped_ptr<SingleRequestHostResolver> single_resolve_;
 149
 150   // Things which should be consistent after first call to GenerateAuthToken.
 151   bool already_called_;
 152   bool has_credentials_;
 153   AuthCredentials credentials_;
 154   std::string spn_;
 155
 156   // Things which vary each round.
 157   CompletionCallback callback_;
 158   std::string* auth_token_;
 159
 160   State next_state_;
 161
 162   const URLSecurityManager* url_security_manager_;
 163 };
 164
 165 }  // namespace net
 166
 167 #endif  // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_