// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40284755): Remove this and spanify to fix the errors. #pragma allow_unsafe_buffers #endif #include "net/http/http_auth_gssapi_posix.h" #include <limits> #include <string> #include <string_view> #include "base/base64.h" #include "base/compiler_specific.h" #include "base/feature_list.h" #include "base/files/file_path.h" #include "base/format_macros.h" #include "base/logging.h" #include "base/memory/raw_ptr.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/threading/thread_restrictions.h" #include "base/values.h" #include "build/build_config.h" #include "net/base/features.h" #include "net/base/net_errors.h" #include "net/http/http_auth.h" #include "net/http/http_auth_gssapi_posix.h" #include "net/http/http_auth_multi_round_parse.h" #include "net/log/net_log_event_type.h" #include "net/log/net_log_values.h" #include "net/log/net_log_with_source.h" #include "net/net_buildflags.h" namespace net { DelegationType; // Exported mechanism for GSSAPI. We always use SPNEGO: // iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2) gss_OID_desc CHROME_GSS_SPNEGO_MECH_OID_DESC_VAL = …; gss_OID CHROME_GSS_SPNEGO_MECH_OID_DESC = …; OM_uint32 DelegationTypeToFlag(DelegationType delegation_type) { … } // ScopedBuffer releases a gss_buffer_t when it goes out of scope. class ScopedBuffer { … }; // ScopedName releases a gss_name_t when it goes out of scope. class ScopedName { … }; bool OidEquals(const gss_OID left, const gss_OID right) { … } base::Value::Dict GetGssStatusCodeValue(GSSAPILibrary* gssapi_lib, OM_uint32 status, OM_uint32 status_code_type) { … } base::Value::Dict GetGssStatusValue(GSSAPILibrary* gssapi_lib, std::string_view method, OM_uint32 major_status, OM_uint32 minor_status) { … } base::Value::Dict OidToValue(gss_OID oid) { … } base::Value::Dict GetDisplayNameValue(GSSAPILibrary* gssapi_lib, const gss_name_t gss_name) { … } base::Value::Dict ContextFlagsToValue(OM_uint32 flags) { … } base::Value::Dict GetContextStateAsValue(GSSAPILibrary* gssapi_lib, const gss_ctx_id_t context_handle) { … } namespace { // Return a NetLog value for the result of loading a library. base::Value::Dict LibraryLoadResultParams(std::string_view library_name, std::string_view load_result) { … } } // namespace GSSAPISharedLibrary::GSSAPISharedLibrary(const std::string& gssapi_library_name) : … { … } GSSAPISharedLibrary::~GSSAPISharedLibrary() { … } bool GSSAPISharedLibrary::Init(const NetLogWithSource& net_log) { … } bool GSSAPISharedLibrary::InitImpl(const NetLogWithSource& net_log) { … } base::NativeLibrary GSSAPISharedLibrary::LoadSharedLibrary( const NetLogWithSource& net_log) { … } namespace { base::Value::Dict BindFailureParams(std::string_view library_name, std::string_view method) { … } void* BindUntypedMethod(base::NativeLibrary lib, std::string_view library_name, const char* method, const NetLogWithSource& net_log) { … } template <typename T> bool BindMethod(base::NativeLibrary lib, std::string_view library_name, const char* method, T* receiver, const NetLogWithSource& net_log) { … } } // namespace bool GSSAPISharedLibrary::BindMethods(base::NativeLibrary lib, std::string_view name, const NetLogWithSource& net_log) { … } OM_uint32 GSSAPISharedLibrary::import_name( OM_uint32* minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, gss_name_t* output_name) { … } OM_uint32 GSSAPISharedLibrary::release_name( OM_uint32* minor_status, gss_name_t* input_name) { … } OM_uint32 GSSAPISharedLibrary::release_buffer( OM_uint32* minor_status, gss_buffer_t buffer) { … } OM_uint32 GSSAPISharedLibrary::display_name( OM_uint32* minor_status, const gss_name_t input_name, gss_buffer_t output_name_buffer, gss_OID* output_name_type) { … } OM_uint32 GSSAPISharedLibrary::display_status( OM_uint32* minor_status, OM_uint32 status_value, int status_type, const gss_OID mech_type, OM_uint32* message_context, gss_buffer_t status_string) { … } OM_uint32 GSSAPISharedLibrary::init_sec_context( OM_uint32* minor_status, const gss_cred_id_t initiator_cred_handle, gss_ctx_id_t* context_handle, const gss_name_t target_name, const gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, const gss_channel_bindings_t input_chan_bindings, const gss_buffer_t input_token, gss_OID* actual_mech_type, gss_buffer_t output_token, OM_uint32* ret_flags, OM_uint32* time_rec) { … } OM_uint32 GSSAPISharedLibrary::wrap_size_limit( OM_uint32* minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, OM_uint32 req_output_size, OM_uint32* max_input_size) { … } OM_uint32 GSSAPISharedLibrary::delete_sec_context( OM_uint32* minor_status, gss_ctx_id_t* context_handle, gss_buffer_t output_token) { … } OM_uint32 GSSAPISharedLibrary::inquire_context( OM_uint32* minor_status, const gss_ctx_id_t context_handle, gss_name_t* src_name, gss_name_t* targ_name, OM_uint32* lifetime_rec, gss_OID* mech_type, OM_uint32* ctx_flags, int* locally_initiated, int* open) { … } const std::string& GSSAPISharedLibrary::GetLibraryNameForTesting() { … } ScopedSecurityContext::ScopedSecurityContext(GSSAPILibrary* gssapi_lib) : … { … } ScopedSecurityContext::~ScopedSecurityContext() { … } HttpAuthGSSAPI::HttpAuthGSSAPI(GSSAPILibrary* library, gss_OID gss_oid) : … { … } HttpAuthGSSAPI::~HttpAuthGSSAPI() = default; bool HttpAuthGSSAPI::Init(const NetLogWithSource& net_log) { … } bool HttpAuthGSSAPI::NeedsIdentity() const { … } bool HttpAuthGSSAPI::AllowsExplicitCredentials() const { … } void HttpAuthGSSAPI::SetDelegation(DelegationType delegation_type) { … } HttpAuth::AuthorizationResult HttpAuthGSSAPI::ParseChallenge( HttpAuthChallengeTokenizer* tok) { … } int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials, const std::string& spn, const std::string& channel_bindings, std::string* auth_token, const NetLogWithSource& net_log, CompletionOnceCallback /*callback*/) { … } namespace { // GSSAPI status codes consist of a calling error (essentially, a programmer // bug), a routine error (defined by the RFC), and supplementary information, // all bitwise-or'ed together in different regions of the 32 bit return value. // This means a simple switch on the return codes is not sufficient. int MapImportNameStatusToError(OM_uint32 major_status) { … } int MapInitSecContextStatusToError(OM_uint32 major_status) { … } base::Value::Dict ImportNameErrorParams(GSSAPILibrary* library, std::string_view spn, OM_uint32 major_status, OM_uint32 minor_status) { … } base::Value::Dict InitSecContextErrorParams(GSSAPILibrary* library, gss_ctx_id_t context, OM_uint32 major_status, OM_uint32 minor_status) { … } } // anonymous namespace int HttpAuthGSSAPI::GetNextSecurityToken(const std::string& spn, const std::string& channel_bindings, gss_buffer_t in_token, gss_buffer_t out_token, const NetLogWithSource& net_log) { … } } // namespace net
Codebase Browser
chromium