diff options
author | cbentzel@chromium.org <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-20 01:56:36 +0000 |
---|---|---|
committer | cbentzel@chromium.org <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-20 01:56:36 +0000 |
commit | cf5804412f3a525a35a7549bb557bc20d3243499 (patch) | |
tree | 05cf72fc3732f7f31ea0ab50fa18b94da7fe6cb4 /net | |
parent | 5f19c7b31a1a80744f1639a2a642b879bcf9d96b (diff) | |
download | chromium_src-cf5804412f3a525a35a7549bb557bc20d3243499.zip chromium_src-cf5804412f3a525a35a7549bb557bc20d3243499.tar.gz chromium_src-cf5804412f3a525a35a7549bb557bc20d3243499.tar.bz2 |
Use different separators for service-type and service-name in Kerberos SPN.
GSSAPI expects SPNs to be in the form HTTP@<server_name> and SSPI expects
SPNs to be in the form HTTP/<server_name>.
BUG=33033
TEST=net_unittests --gtest_filter="*HttpAuthHandlerNegotiate*", go against Kerberized server on Linux or OSX and see that the TGS is retrieved correctly.
Review URL: http://codereview.chromium.org/3055001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52984 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
-rw-r--r-- | net/http/http_auth_handler_negotiate.cc | 13 | ||||
-rw-r--r-- | net/http/http_auth_handler_negotiate_unittest.cc | 20 |
2 files changed, 30 insertions, 3 deletions
diff --git a/net/http/http_auth_handler_negotiate.cc b/net/http/http_auth_handler_negotiate.cc index 3685346..d7a9c50 100644 --- a/net/http/http_auth_handler_negotiate.cc +++ b/net/http/http_auth_handler_negotiate.cc @@ -113,7 +113,8 @@ bool HttpAuthHandlerNegotiate::AllowsDefaultCredentials() { std::wstring HttpAuthHandlerNegotiate::CreateSPN( const AddressList& address_list, const GURL& origin) { - // Kerberos SPNs are in the form HTTP/<host>:<port> + // Kerberos Web Server SPNs are in the form HTTP/<host>:<port> through SSPI, + // and in the form HTTP@<host>:<port> through GSSAPI // http://msdn.microsoft.com/en-us/library/ms677601%28VS.85%29.aspx // // However, reality differs from the specification. A good description of @@ -145,10 +146,16 @@ std::wstring HttpAuthHandlerNegotiate::CreateSPN( std::string server; if (!address_list.GetCanonicalName(&server)) server = origin.host(); +#if defined(OS_WIN) + static const char kSpnSeparator = '/'; +#elif defined(OS_POSIX) + static const char kSpnSeparator = '@'; +#endif if (port != 80 && port != 443 && use_port_) { - return ASCIIToWide(StringPrintf("HTTP/%s:%d", server.c_str(), port)); + return ASCIIToWide(StringPrintf("HTTP%c%s:%d", kSpnSeparator, + server.c_str(), port)); } else { - return ASCIIToWide(StringPrintf("HTTP/%s", server.c_str())); + return ASCIIToWide(StringPrintf("HTTP%c%s", kSpnSeparator, server.c_str())); } } diff --git a/net/http/http_auth_handler_negotiate_unittest.cc b/net/http/http_auth_handler_negotiate_unittest.cc index 2646ee6..a95eb44 100644 --- a/net/http/http_auth_handler_negotiate_unittest.cc +++ b/net/http/http_auth_handler_negotiate_unittest.cc @@ -196,7 +196,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCname) { EXPECT_EQ(OK, auth_handler->GenerateAuthToken(&username, &password, &request_info, &callback, &token)); +#if defined(OS_WIN) EXPECT_EQ(L"HTTP/alias", auth_handler->spn()); +#elif defined(OS_POSIX) + EXPECT_EQ(L"HTTP@alias", auth_handler->spn()); +#endif } TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameStandardPort) { @@ -212,7 +216,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameStandardPort) { EXPECT_EQ(OK, auth_handler->GenerateAuthToken(&username, &password, &request_info, &callback, &token)); +#if defined(OS_WIN) EXPECT_EQ(L"HTTP/alias", auth_handler->spn()); +#elif defined(OS_POSIX) + EXPECT_EQ(L"HTTP@alias", auth_handler->spn()); +#endif } TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameNonstandardPort) { @@ -228,7 +236,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameNonstandardPort) { EXPECT_EQ(OK, auth_handler->GenerateAuthToken(&username, &password, &request_info, &callback, &token)); +#if defined(OS_WIN) EXPECT_EQ(L"HTTP/alias:500", auth_handler->spn()); +#elif defined(OS_POSIX) + EXPECT_EQ(L"HTTP@alias:500", auth_handler->spn()); +#endif } TEST_F(HttpAuthHandlerNegotiateTest, CnameSync) { @@ -244,7 +256,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, CnameSync) { EXPECT_EQ(OK, auth_handler->GenerateAuthToken(&username, &password, &request_info, &callback, &token)); +#if defined(OS_WIN) EXPECT_EQ(L"HTTP/canonical.example.com", auth_handler->spn()); +#elif defined(OS_POSIX) + EXPECT_EQ(L"HTTP@canonical.example.com", auth_handler->spn()); +#endif } TEST_F(HttpAuthHandlerNegotiateTest, CnameAsync) { @@ -260,7 +276,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, CnameAsync) { EXPECT_EQ(ERR_IO_PENDING, auth_handler->GenerateAuthToken( &username, &password, &request_info, &callback, &token)); EXPECT_EQ(OK, callback.WaitForResult()); +#if defined(OS_WIN) EXPECT_EQ(L"HTTP/canonical.example.com", auth_handler->spn()); +#elif defined(OS_POSIX) + EXPECT_EQ(L"HTTP@canonical.example.com", auth_handler->spn()); +#endif } } // namespace net |