summaryrefslogtreecommitdiffstats
path: root/net/http/http_auth_handler_ntlm_win.cc
Commit message (Collapse)AuthorAgeFilesLines
* Don't leak SSPILibraryDefault objectsasanka@chromium.org2011-09-131-3/+3
| | | | | | | | | | BUG=74413 TEST=Dr. Memory. Review URL: http://codereview.chromium.org/7864005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@100930 0039d316-1c4b-4281-b951-d872f2087c98
* Support specifying the GSSAPI library that will be used.danno@chromium.org2010-11-121-1/+1
| | | | | | | | | | | | This preference can be set either via command-line or via group policy. BUG=53625 TEST=unittests: ConfigurationPolicyPrefStore*; net_unittests: HttpAuthHandlerNegotiateTest.*:HttpAuthGSSAPIPOSIXTest.*; manually: start Chrome with command-line switch --gssapi-library-name=XYZ and see if this results in the Chrome process loading /usr/lib/whatever/XYZ as soon as an authenticated HTTP site is encountered. Review URL: http://codereview.chromium.org/4560001 Patch from Jakob Kummerow <jkummerow@google.com>. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65939 0039d316-1c4b-4281-b951-d872f2087c98
* Fix multi-round authentication.cbentzel@chromium.org2010-09-111-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | In the case of Negotiate, authentication can look like C: GET S: 401, WWW-Authenticate: Negotiate C: GET, WWW-Authorization: Negotiate <client_token_1> S: 401, WWW-Authenticate: Negotiate <server_token_1> C: GET, WWW-Authorization: Negotiate <client_token_2> S: 401, WWW-Authenticate: Negotiate <server_token_2> on that third challenge, the handler was reported as being in "the final round" and this was treated as a rejection of the authentication attempt. After that, the new challenge token was used by a new auth handler that hadn't established a security context, and an ERR_INVALID_HANDLE would be returned. This CL also does some prep work to correctly handle the "stale=true" value for Digest authentication, but I decided to defer the HttpAuthCache changes needed for that to a separate CL since this was large enough. BUG=53282 TEST=net_unittests. Unfortunately, I haven't been able to set up a proxy/server to do more than two auth challenges, but this does happen in the wild. Review URL: http://codereview.chromium.org/3360017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59188 0039d316-1c4b-4281-b951-d872f2087c98
* FBTF: Remove unneeded headers from base/ (part 7)thestig@chromium.org2010-08-271-1/+0
| | | | | | | | BUG=none TEST=none Review URL: http://codereview.chromium.org/3176026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57737 0039d316-1c4b-4281-b951-d872f2087c98
* Async support for HttpAuthHandler::GenerateAuthToken.cbentzel@chromium.org2010-06-101-13/+0
| | | | | | | | | | | | | | This CL changes the signature of GenerateAuthToken to support an async completion of GenerateAuthToken. At this point, all of the implementations complete synchronously, but a future version will change Negotiate to complete asynchronously. TEST=net_unittests BUG=42222 Review URL: http://codereview.chromium.org/2671001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49398 0039d316-1c4b-4281-b951-d872f2087c98
* HttpAuthHandler's are no longer refcounted.cbentzel@chromium.org2010-06-071-2/+2
| | | | | | | | | | | | Since HttpAuthHandler objects are no longer contained inside of the HttpAuthCache, the lifetime of the handlers is more clearly defined. TEST=net_unittests (including some changes) BUG=42222 Review URL: http://codereview.chromium.org/2635004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49052 0039d316-1c4b-4281-b951-d872f2087c98
* HttpAuthHandlers hold onto a bound net log.cbentzel@chromium.org2010-05-271-1/+2
| | | | | | | | | | | Although this doesn't have a behavioral impact in this CL, it is needed for additional logging which I'd like to add. BUG=34737 TEST=net_unittests Review URL: http://codereview.chromium.org/2288001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48391 0039d316-1c4b-4281-b951-d872f2087c98
* Lazy initialization of URLSecurityManager to reduce start-up time.ahendrickson@chromium.org2010-05-201-1/+1
| | | | | | | | | | | | | | | | This addresses XP perf bot regressions: http://build.chromium.org/buildbot/perf/xp-release-dual-core/startup/report.html?history=50&rev=44850&graph=warm http://build.chromium.org/buildbot/perf/xp-release-single-core/startup/report.html?history=80&rev=44930&graph=warm Had to remove const-ness from URLSecurityManager pointers. BUG=None. TEST=None. Review URL: http://codereview.chromium.org/2110016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47831 0039d316-1c4b-4281-b951-d872f2087c98
* Remove handler from HttpAuthCache.cbentzel@chromium.org2010-05-201-1/+3
| | | | | | | | | | | This is part of a refactoring meant to simplify the connection phase of HttpNetworkTransaction. BUG=None TEST=net_unittests (which already includes unit tests for preemptive auth, as well as using values from cache). Review URL: http://codereview.chromium.org/2056003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47786 0039d316-1c4b-4281-b951-d872f2087c98
* Auto-format style pass over files.cbentzel@chromium.org2010-05-041-4/+4
| | | | | | | | | | | This is a refactor (actually reformat) only - no behavior change in place. BUG=NONE TEST=net_unittests.exe Review URL: http://codereview.chromium.org/1800003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@46349 0039d316-1c4b-4281-b951-d872f2087c98
* Refactored to pass the URLSecurityManager via the HttpAuthFactory class to ↵ahendrickson@chromium.org2010-04-161-6/+14
| | | | | | | | | | | | | the HttpNetworkSession. Fixed a bug where the command-line whitelist was not being propagated down to the URLSecurityManager. BUG=29596 TEST=None Review URL: http://codereview.chromium.org/1634005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44811 0039d316-1c4b-4281-b951-d872f2087c98
* Kerberos uses an SPN (Service Principal Name) to identify a server. This is ↵cbentzel@chromium.org2010-04-141-1/+1
| | | | | | | | | | | | | | | | | | | typically in the form "HTTP/host:port", with the ":port" suffix being optional, and the "HTTP/" prefix is fixed regardless of whether the service is accessed over HTTP or HTTPS. The issue this is fixing is that the URL host may be an incomplete domain name, a numerical address, or an alias for a canonical DNS name. By default, Chrome will skip adding the optional port to the SPN, and will use the canonical DNS name for the server (which may be the original server name if it is an A or AAAA record). This matches IE and Firefox's default behavior. Some intranets are set up so the original host name should be used rather than the canonical name. The canonical name resolution can be disabled with the --disable-spnego-cname-lookup command line flag. Some intranets are also set up so the optional port should be specified when it is non-standard (non 80 or 443). Use the --enable-spnego-port command line flag. BUG=29862 TEST=net_unittests.exe --gtest_filter="*CanonicalName*" Review URL: http://codereview.chromium.org/1535019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44526 0039d316-1c4b-4281-b951-d872f2087c98
* Removed filter checks in windows implementations of Negotiate and NTLM HTTP ↵cbentzel@chromium.org2010-03-311-7/+0
| | | | | | | | | | | Authentication handler creation. BUG=29596 TEST=None Review URL: http://codereview.chromium.org/1564002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43212 0039d316-1c4b-4281-b951-d872f2087c98
* On Windows, use IInternetSecurityManager to determine if it's OKwtc@chromium.org2010-03-291-16/+7
| | | | | | | | | | | | | | | | | | | | | | | to send the default credentials to a server, without prompting the user for permission, for HTTP NTLM or Negotiate authentication. It is always OK to send the default credentials to a proxy without prompting the user. Rename the AllowDefaultCredentials method of HttpAuthHandler to SupportsDefaultCredentials and redefine it to simply return if the authentication scheme supports the use of default credentials, as opposed to whether we may use the default credentials for a particular server or proxy. This CL contains the changes by cbentzel in http://codereview.chromium.org/1082001. R=cbentzel,cpu,stoyan BUG=29596 TEST=none Review URL: http://codereview.chromium.org/1343003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42960 0039d316-1c4b-4281-b951-d872f2087c98
* Added HttpAuthFilter.cbentzel@chromium.org2010-02-261-0/+7
| | | | | | | | | | | Original patch by ahendrickson@chromium.org (http://codereview.chromium.org/646068) BUG=29596 TEST=net_unittests.exe --gtest_filter="*HttpAuthFilterTest*" Review URL: http://codereview.chromium.org/660193 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40157 0039d316-1c4b-4281-b951-d872f2087c98
* Added SSPILibrary interface so unit tests can mock SSPI calls.cbentzel@chromium.org2010-02-251-8/+8
| | | | | | | | | BUG=None TEST=net_unittests.exe --gtest_filter="*HttpAuthSSPI*" Review URL: http://codereview.chromium.org/650164 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40021 0039d316-1c4b-4281-b951-d872f2087c98
* Validate that an SSPI scheme is supported before generating a handler.cbentzel@chromium.org2010-02-221-1/+37
| | | | | | | | | | | | | | | | | When SSPI is used (for Windows builds), the NTLM and Negotiate handler factories determine the maximum token length the first time it is used. The SSPI call to determinine the maximum length also returns an error code if the scheme is unsupported. The factories remember if the scheme is unsupported and will not attempt to create any handlers. If the token length is found, it is remembered. If a different error occurs, don't create a handler this round, but try again in the future. BUG=None TEST=Manually used an incorrect auth scheme and validated that it worked. Working on a mock SSPI Library I can use for unit testing. Review URL: http://codereview.chromium.org/600129 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39600 0039d316-1c4b-4281-b951-d872f2087c98
* Add Single Sign On support to HTTP Authentication handlers.cbentzel@chromium.org2010-02-051-0/+25
| | | | | | | | | | | | | | | Currently this is implemented on Windows for the NTLM and Negotiate schemes. This CL does not introduce the hooks to actually use Single Sign On in response to a 401/407 request - that will come in a later CL. This behavior is disabled for now as well. BUG=29862 TEST=Ran unittests, and Chrome against a server with authentication challenges. Review URL: http://codereview.chromium.org/555174 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@38227 0039d316-1c4b-4281-b951-d872f2087c98
* Added WWW-Authenticate Negotate support using shared HttpAuthSspi.cbentzel@chromium.org2010-01-211-118/+3
| | | | | | | | | BUG=29862 TEST=None Review URL: http://codereview.chromium.org/551015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36785 0039d316-1c4b-4281-b951-d872f2087c98
* Abstracted and moved common SSPI functionality.cbentzel@chromium.org2010-01-081-45/+6
| | | | | | | | | | | The NTLM and Negotiate authentication schemes follow very similar code paths when using the SSPI API on Windows. BUG=29862 TEST=New unittest, plus manual NTLM Authentication testing. Review URL: http://codereview.chromium.org/505048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35791 0039d316-1c4b-4281-b951-d872f2087c98
* We should pass the service principal name (SPN) of thewtc@chromium.org2009-09-181-3/+8
| | | | | | | | | | | | | | | | format "HTTP/host:port" as the third argument (pszTargetName) to InitializeSecurityContext. This requires adding a host_and_port parameter to some methods. Remove obsolete (and incorrect) logging code in HttpNetworkTransaction::PrepareForAuthRestart(). R=eroman BUG=18009 TEST=none Review URL: http://codereview.chromium.org/206022 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26588 0039d316-1c4b-4281-b951-d872f2087c98
* [Second attempt of r25461]wtc@chromium.org2009-09-051-0/+188
| | | | | | | | | | | | | | | | | | | | | | | Use SSPI for NTLM authentication on Windows. Add an explicit embedded_identity_used_ boolean member to make sure we use the username/password in the URL only once for the transaction. This allows us to reset auth_identity_[target].source to HttpAuth::IDENT_SRC_NONE after auth failed. Initial patch by Arindam. Original review URL: http://codereview.chromium.org/159656 R=arindam,eroman BUG=19,18009,20560 TEST=1. Open a webpage that requests NTLM authentication on Windows. 2. New unit test for wrong auth identity in URL. Review URL: http://codereview.chromium.org/193022 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25564 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "Use SSPI for NTLM authentication on Windows."agl@chromium.org2009-09-041-188/+0
| | | | | | | This reverts commit r25461. It looks like it broke failed-auth.html git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25471 0039d316-1c4b-4281-b951-d872f2087c98
* Use SSPI for NTLM authentication on Windows.wtc@chromium.org2009-09-041-0/+188
Initial patch by Arindam. Original review URL: http://codereview.chromium.org/159656 R=arindam,eroman BUG=19,18009 TEST=open a webpage that requests NTLM authentication on Windows Review URL: http://codereview.chromium.org/173528 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25461 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-03-17 02:45:34 +0000