diff options
| author | aberent <aberent@chromium.org> | 2015-07-09 07:45:53 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-07-09 14:46:25 +0000 |
| commit | ec894a5d76eadbe3cb489faed6469ff78e00aec8 (patch) | |
| tree | f5b0639517f3ede625e9d3ffe2507b63a29940e1 /net/http/http_auth_gssapi_posix.cc | |
| parent | 7bad5e0aa9bfbb0fa979ba94a5f92cfeeecafa8f (diff) | |
| download | chromium_src-ec894a5d76eadbe3cb489faed6469ff78e00aec8.zip chromium_src-ec894a5d76eadbe3cb489faed6469ff78e00aec8.tar.gz chromium_src-ec894a5d76eadbe3cb489faed6469ff78e00aec8.tar.bz2 | |
Support Kerberos on Android
As part of this, allow asynchronous token return. This should be
allowed anyway, but is particularly important on Android, where getting
a token may cause user interaction.
BUG=474943
Review URL: https://codereview.chromium.org/1128043007
Cr-Commit-Position: refs/heads/master@{#338039}
Diffstat (limited to 'net/http/http_auth_gssapi_posix.cc')
| -rw-r--r-- | net/http/http_auth_gssapi_posix.cc | 37 |
1 files changed, 8 insertions, 29 deletions
diff --git a/net/http/http_auth_gssapi_posix.cc b/net/http/http_auth_gssapi_posix.cc index 388cc64..0b87b33 100644 --- a/net/http/http_auth_gssapi_posix.cc +++ b/net/http/http_auth_gssapi_posix.cc @@ -16,7 +16,7 @@ #include "base/threading/thread_restrictions.h" #include "net/base/net_errors.h" #include "net/base/net_util.h" -#include "net/http/http_auth_challenge_tokenizer.h" +#include "net/http/http_auth_multi_round_parse.h" // These are defined for the GSSAPI library: // Paraphrasing the comments from gssapi.h: @@ -687,39 +687,18 @@ void HttpAuthGSSAPI::Delegate() { HttpAuth::AuthorizationResult HttpAuthGSSAPI::ParseChallenge( HttpAuthChallengeTokenizer* tok) { - // Verify the challenge's auth-scheme. - if (!base::LowerCaseEqualsASCII(tok->scheme(), - base::StringToLowerASCII(scheme_).c_str())) - return HttpAuth::AUTHORIZATION_RESULT_INVALID; - - std::string encoded_auth_token = tok->base64_param(); - - if (encoded_auth_token.empty()) { - // If a context has already been established, an empty Negotiate challenge - // should be treated as a rejection of the current attempt. - if (scoped_sec_context_.get() != GSS_C_NO_CONTEXT) - return HttpAuth::AUTHORIZATION_RESULT_REJECT; - DCHECK(decoded_server_auth_token_.empty()); - return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; - } else { - // If a context has not already been established, additional tokens should - // not be present in the auth challenge. - if (scoped_sec_context_.get() == GSS_C_NO_CONTEXT) - return HttpAuth::AUTHORIZATION_RESULT_INVALID; + if (scoped_sec_context_.get() == GSS_C_NO_CONTEXT) { + return net::ParseFirstRoundChallenge(scheme_, tok); } - - // Make sure the additional token is base64 encoded. - std::string decoded_auth_token; - bool base64_rv = base::Base64Decode(encoded_auth_token, &decoded_auth_token); - if (!base64_rv) - return HttpAuth::AUTHORIZATION_RESULT_INVALID; - decoded_server_auth_token_ = decoded_auth_token; - return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; + std::string encoded_auth_token; + return net::ParseLaterRoundChallenge(scheme_, tok, &encoded_auth_token, + &decoded_server_auth_token_); } int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials, const std::string& spn, - std::string* auth_token) { + std::string* auth_token, + const CompletionCallback& /*callback*/) { DCHECK(auth_token); gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; |