diff options
author | cbentzel@chromium.org <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-14 20:12:45 +0000 |
---|---|---|
committer | cbentzel@chromium.org <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-14 20:12:45 +0000 |
commit | e5ae96a15b687fffe178eb8c4a7ea79a1ddd679c (patch) | |
tree | 4ffb7e20097a482248f465eef2a7540d79d58e8f /net/http/http_auth_sspi_win.h | |
parent | da5922762971a646407390f5c8d88a2447b2effc (diff) | |
download | chromium_src-e5ae96a15b687fffe178eb8c4a7ea79a1ddd679c.zip chromium_src-e5ae96a15b687fffe178eb8c4a7ea79a1ddd679c.tar.gz chromium_src-e5ae96a15b687fffe178eb8c4a7ea79a1ddd679c.tar.bz2 |
Kerberos uses an SPN (Service Principal Name) to identify a server. This is typically in the form "HTTP/host:port", with the ":port" suffix being optional, and the "HTTP/" prefix is fixed regardless of whether the service is accessed over HTTP or HTTPS.
The issue this is fixing is that the URL host may be an incomplete domain name, a numerical address, or an alias for a canonical DNS name.
By default, Chrome will skip adding the optional port to the SPN, and will use the canonical DNS name for the server (which may be the original server name if it is an A or AAAA record). This matches IE and Firefox's default behavior.
Some intranets are set up so the original host name should be used rather than the canonical name. The canonical name resolution can be disabled with the --disable-spnego-cname-lookup command line flag.
Some intranets are also set up so the optional port should be specified when it is non-standard (non 80 or 443). Use the --enable-spnego-port command line flag.
BUG=29862
TEST=net_unittests.exe --gtest_filter="*CanonicalName*"
Review URL: http://codereview.chromium.org/1535019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44526 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http/http_auth_sspi_win.h')
-rw-r--r-- | net/http/http_auth_sspi_win.h | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/net/http/http_auth_sspi_win.h b/net/http/http_auth_sspi_win.h index c925920..a6fb49e 100644 --- a/net/http/http_auth_sspi_win.h +++ b/net/http/http_auth_sspi_win.h @@ -18,8 +18,6 @@ #include "net/http/http_auth.h" -class GURL; - namespace net { class HttpRequestInfo; @@ -89,12 +87,14 @@ class HttpAuthSSPI { // Generates an authentication token. // The return value is an error code. If it's not |OK|, the value of // |*auth_token| is unspecified. + // |spn| is the Service Principal Name of the server that the token is + // being generated for. // If this is the first round of a multiple round scheme, credentials are // obtained using |*username| and |*password|. If |username| and |password| // are NULL, the default credentials are used instead. int GenerateAuthToken(const std::wstring* username, const std::wstring* password, - const GURL& origin, + const std::wstring& spn, const HttpRequestInfo* request, const ProxyInfo* proxy, std::string* auth_token); @@ -104,7 +104,7 @@ class HttpAuthSSPI { const std::wstring* password); int GetNextSecurityToken( - const GURL& origin, + const std::wstring& spn, const void* in_token, int in_token_len, void** out_token, |