summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorcbentzel@chromium.org <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-07-20 01:56:36 +0000
committercbentzel@chromium.org <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-07-20 01:56:36 +0000
commitcf5804412f3a525a35a7549bb557bc20d3243499 (patch)
tree05cf72fc3732f7f31ea0ab50fa18b94da7fe6cb4 /net
parent5f19c7b31a1a80744f1639a2a642b879bcf9d96b (diff)
downloadchromium_src-cf5804412f3a525a35a7549bb557bc20d3243499.zip
chromium_src-cf5804412f3a525a35a7549bb557bc20d3243499.tar.gz
chromium_src-cf5804412f3a525a35a7549bb557bc20d3243499.tar.bz2
Use different separators for service-type and service-name in Kerberos SPN.
GSSAPI expects SPNs to be in the form HTTP@<server_name> and SSPI expects SPNs to be in the form HTTP/<server_name>. BUG=33033 TEST=net_unittests --gtest_filter="*HttpAuthHandlerNegotiate*", go against Kerberized server on Linux or OSX and see that the TGS is retrieved correctly. Review URL: http://codereview.chromium.org/3055001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52984 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
-rw-r--r--net/http/http_auth_handler_negotiate.cc13
-rw-r--r--net/http/http_auth_handler_negotiate_unittest.cc20
2 files changed, 30 insertions, 3 deletions
diff --git a/net/http/http_auth_handler_negotiate.cc b/net/http/http_auth_handler_negotiate.cc
index 3685346..d7a9c50 100644
--- a/net/http/http_auth_handler_negotiate.cc
+++ b/net/http/http_auth_handler_negotiate.cc
@@ -113,7 +113,8 @@ bool HttpAuthHandlerNegotiate::AllowsDefaultCredentials() {
std::wstring HttpAuthHandlerNegotiate::CreateSPN(
const AddressList& address_list, const GURL& origin) {
- // Kerberos SPNs are in the form HTTP/<host>:<port>
+ // Kerberos Web Server SPNs are in the form HTTP/<host>:<port> through SSPI,
+ // and in the form HTTP@<host>:<port> through GSSAPI
// http://msdn.microsoft.com/en-us/library/ms677601%28VS.85%29.aspx
//
// However, reality differs from the specification. A good description of
@@ -145,10 +146,16 @@ std::wstring HttpAuthHandlerNegotiate::CreateSPN(
std::string server;
if (!address_list.GetCanonicalName(&server))
server = origin.host();
+#if defined(OS_WIN)
+ static const char kSpnSeparator = '/';
+#elif defined(OS_POSIX)
+ static const char kSpnSeparator = '@';
+#endif
if (port != 80 && port != 443 && use_port_) {
- return ASCIIToWide(StringPrintf("HTTP/%s:%d", server.c_str(), port));
+ return ASCIIToWide(StringPrintf("HTTP%c%s:%d", kSpnSeparator,
+ server.c_str(), port));
} else {
- return ASCIIToWide(StringPrintf("HTTP/%s", server.c_str()));
+ return ASCIIToWide(StringPrintf("HTTP%c%s", kSpnSeparator, server.c_str()));
}
}
diff --git a/net/http/http_auth_handler_negotiate_unittest.cc b/net/http/http_auth_handler_negotiate_unittest.cc
index 2646ee6..a95eb44 100644
--- a/net/http/http_auth_handler_negotiate_unittest.cc
+++ b/net/http/http_auth_handler_negotiate_unittest.cc
@@ -196,7 +196,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCname) {
EXPECT_EQ(OK, auth_handler->GenerateAuthToken(&username, &password,
&request_info,
&callback, &token));
+#if defined(OS_WIN)
EXPECT_EQ(L"HTTP/alias", auth_handler->spn());
+#elif defined(OS_POSIX)
+ EXPECT_EQ(L"HTTP@alias", auth_handler->spn());
+#endif
}
TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameStandardPort) {
@@ -212,7 +216,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameStandardPort) {
EXPECT_EQ(OK, auth_handler->GenerateAuthToken(&username, &password,
&request_info,
&callback, &token));
+#if defined(OS_WIN)
EXPECT_EQ(L"HTTP/alias", auth_handler->spn());
+#elif defined(OS_POSIX)
+ EXPECT_EQ(L"HTTP@alias", auth_handler->spn());
+#endif
}
TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameNonstandardPort) {
@@ -228,7 +236,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameNonstandardPort) {
EXPECT_EQ(OK, auth_handler->GenerateAuthToken(&username, &password,
&request_info,
&callback, &token));
+#if defined(OS_WIN)
EXPECT_EQ(L"HTTP/alias:500", auth_handler->spn());
+#elif defined(OS_POSIX)
+ EXPECT_EQ(L"HTTP@alias:500", auth_handler->spn());
+#endif
}
TEST_F(HttpAuthHandlerNegotiateTest, CnameSync) {
@@ -244,7 +256,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, CnameSync) {
EXPECT_EQ(OK, auth_handler->GenerateAuthToken(&username, &password,
&request_info,
&callback, &token));
+#if defined(OS_WIN)
EXPECT_EQ(L"HTTP/canonical.example.com", auth_handler->spn());
+#elif defined(OS_POSIX)
+ EXPECT_EQ(L"HTTP@canonical.example.com", auth_handler->spn());
+#endif
}
TEST_F(HttpAuthHandlerNegotiateTest, CnameAsync) {
@@ -260,7 +276,11 @@ TEST_F(HttpAuthHandlerNegotiateTest, CnameAsync) {
EXPECT_EQ(ERR_IO_PENDING, auth_handler->GenerateAuthToken(
&username, &password, &request_info, &callback, &token));
EXPECT_EQ(OK, callback.WaitForResult());
+#if defined(OS_WIN)
EXPECT_EQ(L"HTTP/canonical.example.com", auth_handler->spn());
+#elif defined(OS_POSIX)
+ EXPECT_EQ(L"HTTP@canonical.example.com", auth_handler->spn());
+#endif
}
} // namespace net