diff options
| author | ahendrickson@google.com <ahendrickson@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-14 12:05:46 +0000 |
|---|---|---|
| committer | ahendrickson@google.com <ahendrickson@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-14 12:05:46 +0000 |
| commit | cdefd290237bd985d2bc8bfd133e184da524f12c (patch) | |
| tree | 87ee8e3a3dc53757ab0072cf3267375a859b864b /net/http/http_auth_gssapi_posix.h | |
| parent | d0f4b0e5b86ef0ef181d0b23257f321ae2e9fc51 (diff) | |
| download | chromium_src-cdefd290237bd985d2bc8bfd133e184da524f12c.zip chromium_src-cdefd290237bd985d2bc8bfd133e184da524f12c.tar.gz chromium_src-cdefd290237bd985d2bc8bfd133e184da524f12c.tar.bz2 | |
Improved library loading to bypass libraries that don't contain all the function symbols we need.
Warnings on GSSAPI load failure.
Fixed potential memory leak.
BUG=33033.
TEST=None.
Review URL: http://codereview.chromium.org/2706003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49678 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http/http_auth_gssapi_posix.h')
| -rw-r--r-- | net/http/http_auth_gssapi_posix.h | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/net/http/http_auth_gssapi_posix.h b/net/http/http_auth_gssapi_posix.h index 4d62614..74089ba 100644 --- a/net/http/http_auth_gssapi_posix.h +++ b/net/http/http_auth_gssapi_posix.h @@ -33,6 +33,8 @@ class GSSAPILibrary { virtual ~GSSAPILibrary() {} // Initializes the library, including any necessary dynamic libraries. + // This is done separately from construction (which happens at startup time) + // in order to delay work until the class is actually needed. virtual bool Init() = 0; // These methods match the ones in the GSSAPI library. @@ -75,6 +77,10 @@ class GSSAPILibrary { gss_qop_t qop_req, OM_uint32 req_output_size, OM_uint32* max_input_size) = 0; + virtual OM_uint32 delete_sec_context( + OM_uint32* minor_status, + gss_ctx_id_t* context_handle, + gss_buffer_t output_token) = 0; // Get the default GSSPILibrary instance. The object returned is a singleton // instance, and the caller should not delete it. @@ -128,13 +134,20 @@ class GSSAPISharedLibrary : public GSSAPILibrary { gss_qop_t qop_req, OM_uint32 req_output_size, OM_uint32* max_input_size); + virtual OM_uint32 delete_sec_context( + OM_uint32* minor_status, + gss_ctx_id_t* context_handle, + gss_buffer_t output_token); private: FRIEND_TEST_ALL_PREFIXES(HttpAuthGSSAPIPOSIXTest, GSSAPIStartup); bool InitImpl(); - static base::NativeLibrary LoadSharedObject(); - bool BindMethods(); + // Finds a usable dynamic library for GSSAPI and loads it. The criteria are: + // 1. The library must exist. + // 2. The library must export the functions we need. + base::NativeLibrary LoadSharedLibrary(); + bool BindMethods(base::NativeLibrary lib); bool initialized_; @@ -148,8 +161,26 @@ class GSSAPISharedLibrary : public GSSAPILibrary { gss_display_status_type display_status_; gss_init_sec_context_type init_sec_context_; gss_wrap_size_limit_type wrap_size_limit_; + gss_delete_sec_context_type delete_sec_context_; +}; + +// ScopedSecurityContext releases a gss_ctx_id_t when it goes out of +// scope. +class ScopedSecurityContext { + public: + ScopedSecurityContext(GSSAPILibrary* gssapi_lib); + ~ScopedSecurityContext(); + + gss_ctx_id_t* receive() { return &security_context_; } + + private: + gss_ctx_id_t security_context_; + GSSAPILibrary* gssapi_lib_; + + DISALLOW_COPY_AND_ASSIGN(ScopedSecurityContext); }; + // TODO(cbentzel): Share code with HttpAuthSSPI. class HttpAuthGSSAPI { public: @@ -176,7 +207,7 @@ class HttpAuthGSSAPI { const std::wstring& spn, const HttpRequestInfo* request, const ProxyInfo* proxy, - std::string* out_credentials); + std::string* auth_token); private: int OnFirstRound(const std::wstring* username, @@ -191,7 +222,7 @@ class HttpAuthGSSAPI { gss_OID gss_oid_; GSSAPILibrary* library_; std::string decoded_server_auth_token_; - gss_ctx_id_t sec_context_; + ScopedSecurityContext scoped_sec_context_; }; } // namespace net |