diff options
author | cbentzel@chromium.org <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-14 20:12:45 +0000 |
---|---|---|
committer | cbentzel@chromium.org <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-14 20:12:45 +0000 |
commit | e5ae96a15b687fffe178eb8c4a7ea79a1ddd679c (patch) | |
tree | 4ffb7e20097a482248f465eef2a7540d79d58e8f /net/http/http_auth_handler_ntlm.cc | |
parent | da5922762971a646407390f5c8d88a2447b2effc (diff) | |
download | chromium_src-e5ae96a15b687fffe178eb8c4a7ea79a1ddd679c.zip chromium_src-e5ae96a15b687fffe178eb8c4a7ea79a1ddd679c.tar.gz chromium_src-e5ae96a15b687fffe178eb8c4a7ea79a1ddd679c.tar.bz2 |
Kerberos uses an SPN (Service Principal Name) to identify a server. This is typically in the form "HTTP/host:port", with the ":port" suffix being optional, and the "HTTP/" prefix is fixed regardless of whether the service is accessed over HTTP or HTTPS.
The issue this is fixing is that the URL host may be an incomplete domain name, a numerical address, or an alias for a canonical DNS name.
By default, Chrome will skip adding the optional port to the SPN, and will use the canonical DNS name for the server (which may be the original server name if it is an A or AAAA record). This matches IE and Firefox's default behavior.
Some intranets are set up so the original host name should be used rather than the canonical name. The canonical name resolution can be disabled with the --disable-spnego-cname-lookup command line flag.
Some intranets are also set up so the optional port should be specified when it is non-standard (non 80 or 443). Use the --enable-spnego-port command line flag.
BUG=29862
TEST=net_unittests.exe --gtest_filter="*CanonicalName*"
Review URL: http://codereview.chromium.org/1535019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44526 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http/http_auth_handler_ntlm.cc')
-rw-r--r-- | net/http/http_auth_handler_ntlm.cc | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/net/http/http_auth_handler_ntlm.cc b/net/http/http_auth_handler_ntlm.cc index dab239d..ed3eb3a 100644 --- a/net/http/http_auth_handler_ntlm.cc +++ b/net/http/http_auth_handler_ntlm.cc @@ -9,6 +9,7 @@ #include "base/string_util.h" #include "base/utf_string_conversions.h" #include "net/base/net_errors.h" +#include "net/base/net_util.h" namespace net { @@ -22,7 +23,7 @@ int HttpAuthHandlerNTLM::GenerateAuthToken( return auth_sspi_.GenerateAuthToken( &username, &password, - origin_, + CreateSPN(origin_), request, proxy, auth_token); @@ -109,4 +110,13 @@ bool HttpAuthHandlerNTLM::ParseChallenge( #endif // defined(NTLM_SSPI) } +// static +std::wstring HttpAuthHandlerNTLM::CreateSPN(const GURL& origin) { + // The service principal name of the destination server. See + // http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx + std::wstring target(L"HTTP/"); + target.append(ASCIIToWide(GetHostAndPort(origin))); + return target; +} + } // namespace net |