1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
|
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// This file contains common routines used by NTLM and Negotiate authentication
// using the SSPI API on Windows.
#ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
#define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
#pragma once
// security.h needs to be included for CredHandle. Unfortunately CredHandle
// is a typedef and can't be forward declared.
#define SECURITY_WIN32 1
#include <windows.h>
#include <security.h>
#include <string>
#include "base/string16.h"
#include "net/base/net_api.h"
#include "net/http/http_auth.h"
namespace net {
// SSPILibrary is introduced so unit tests can mock the calls to Windows' SSPI
// implementation. The default implementation simply passes the arguments on to
// the SSPI implementation provided by Secur32.dll.
// NOTE(cbentzel): I considered replacing the Secur32.dll with a mock DLL, but
// decided that it wasn't worth the effort as this is unlikely to be performance
// sensitive code.
class SSPILibrary {
public:
virtual ~SSPILibrary() {}
virtual SECURITY_STATUS AcquireCredentialsHandle(LPWSTR pszPrincipal,
LPWSTR pszPackage,
unsigned long fCredentialUse,
void* pvLogonId,
void* pvAuthData,
SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument,
PCredHandle phCredential,
PTimeStamp ptsExpiry) = 0;
virtual SECURITY_STATUS InitializeSecurityContext(PCredHandle phCredential,
PCtxtHandle phContext,
SEC_WCHAR* pszTargetName,
unsigned long fContextReq,
unsigned long Reserved1,
unsigned long TargetDataRep,
PSecBufferDesc pInput,
unsigned long Reserved2,
PCtxtHandle phNewContext,
PSecBufferDesc pOutput,
unsigned long* contextAttr,
PTimeStamp ptsExpiry) = 0;
virtual SECURITY_STATUS QuerySecurityPackageInfo(LPWSTR pszPackageName,
PSecPkgInfoW *pkgInfo) = 0;
virtual SECURITY_STATUS FreeCredentialsHandle(PCredHandle phCredential) = 0;
virtual SECURITY_STATUS DeleteSecurityContext(PCtxtHandle phContext) = 0;
virtual SECURITY_STATUS FreeContextBuffer(PVOID pvContextBuffer) = 0;
};
class SSPILibraryDefault : public SSPILibrary {
public:
SSPILibraryDefault() {}
virtual ~SSPILibraryDefault() {}
virtual SECURITY_STATUS AcquireCredentialsHandle(LPWSTR pszPrincipal,
LPWSTR pszPackage,
unsigned long fCredentialUse,
void* pvLogonId,
void* pvAuthData,
SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument,
PCredHandle phCredential,
PTimeStamp ptsExpiry) {
return ::AcquireCredentialsHandle(pszPrincipal, pszPackage, fCredentialUse,
pvLogonId, pvAuthData, pGetKeyFn,
pvGetKeyArgument, phCredential,
ptsExpiry);
}
virtual SECURITY_STATUS InitializeSecurityContext(PCredHandle phCredential,
PCtxtHandle phContext,
SEC_WCHAR* pszTargetName,
unsigned long fContextReq,
unsigned long Reserved1,
unsigned long TargetDataRep,
PSecBufferDesc pInput,
unsigned long Reserved2,
PCtxtHandle phNewContext,
PSecBufferDesc pOutput,
unsigned long* contextAttr,
PTimeStamp ptsExpiry) {
return ::InitializeSecurityContext(phCredential, phContext, pszTargetName,
fContextReq, Reserved1, TargetDataRep,
pInput, Reserved2, phNewContext, pOutput,
contextAttr, ptsExpiry);
}
virtual SECURITY_STATUS QuerySecurityPackageInfo(LPWSTR pszPackageName,
PSecPkgInfoW *pkgInfo) {
return ::QuerySecurityPackageInfo(pszPackageName, pkgInfo);
}
virtual SECURITY_STATUS FreeCredentialsHandle(PCredHandle phCredential) {
return ::FreeCredentialsHandle(phCredential);
}
virtual SECURITY_STATUS DeleteSecurityContext(PCtxtHandle phContext) {
return ::DeleteSecurityContext(phContext);
}
virtual SECURITY_STATUS FreeContextBuffer(PVOID pvContextBuffer) {
return ::FreeContextBuffer(pvContextBuffer);
}
};
class NET_TEST HttpAuthSSPI {
public:
HttpAuthSSPI(SSPILibrary* sspi_library,
const std::string& scheme,
SEC_WCHAR* security_package,
ULONG max_token_length);
~HttpAuthSSPI();
bool NeedsIdentity() const;
HttpAuth::AuthorizationResult ParseChallenge(
HttpAuth::ChallengeTokenizer* tok);
// Generates an authentication token for the service specified by the
// Service Principal Name |spn| and stores the value in |*auth_token|.
// If the return value is not |OK|, then the value of |*auth_token| is
// unspecified. ERR_IO_PENDING is not a valid return code.
// If this is the first round of a multiple round scheme, credentials are
// obtained using |*username| and |*password|. If |username| and |password|
// are both NULL, the credentials for the currently logged in user are used
// instead.
int GenerateAuthToken(const string16* username,
const string16* password,
const std::wstring& spn,
std::string* auth_token);
// Delegation is allowed on the Kerberos ticket. This allows certain servers
// to act as the user, such as an IIS server retrieiving data from a
// Kerberized MSSQL server.
void Delegate();
private:
int OnFirstRound(const string16* username, const string16* password);
int GetNextSecurityToken(
const std::wstring& spn,
const void* in_token,
int in_token_len,
void** out_token,
int* out_token_len);
void ResetSecurityContext();
SSPILibrary* library_;
std::string scheme_;
SEC_WCHAR* security_package_;
std::string decoded_server_auth_token_;
ULONG max_token_length_;
CredHandle cred_;
CtxtHandle ctxt_;
bool can_delegate_;
};
// Splits |combined| into domain and username.
// If |combined| is of form "FOO\bar", |domain| will contain "FOO" and |user|
// will contain "bar".
// If |combined| is of form "bar", |domain| will be empty and |user| will
// contain "bar".
// |domain| and |user| must be non-NULL.
NET_TEST void SplitDomainAndUser(const string16& combined,
string16* domain,
string16* user);
// Determines the maximum token length in bytes for a particular SSPI package.
//
// |library| and |max_token_length| must be non-NULL pointers to valid objects.
//
// If the return value is OK, |*max_token_length| contains the maximum token
// length in bytes.
//
// If the return value is ERR_UNSUPPORTED_AUTH_SCHEME, |package| is not an
// known SSPI authentication scheme on this system. |*max_token_length| is not
// changed.
//
// If the return value is ERR_UNEXPECTED, there was an unanticipated problem
// in the underlying SSPI call. The details are logged, and |*max_token_length|
// is not changed.
NET_TEST int DetermineMaxTokenLength(SSPILibrary* library,
const std::wstring& package,
ULONG* max_token_length);
} // namespace net
#endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
|