mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

fixes bug 231529 "Optionally enable unprompted NTLM authentication" r=cneberg sr=bryner

This commit is contained in:
darin%meer.net 2005-08-09 23:06:56 +00:00
Родитель 3c6ad0547d
Коммит d02cfd73b2
3 изменённых файлов: 80 добавлений и 22 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

59
extensions/auth/nsAuthFactory.cpp
Просмотреть файл

@ -39,12 +39,12 @@
//-----------------------------------------------------------------------------
#define NS_HTTPNEGOTIATEAUTH_CID \
{ /* 75c80fd0-accb-432c-af59-ec60668c3990 */ \
0x75c80fd0, \
0xaccb, \
0x432c, \
{0xaf, 0x59, 0xec, 0x60, 0x66, 0x8c, 0x39, 0x90} \
#define NS_HTTPNEGOTIATEAUTH_CID \
{ /* 75c80fd0-accb-432c-af59-ec60668c3990 */ \
0x75c80fd0, \
0xaccb, \
0x432c, \
{0xaf, 0x59, 0xec, 0x60, 0x66, 0x8c, 0x39, 0x90} \
}
#include "nsHttpNegotiateAuth.h"
@ -52,23 +52,51 @@ NS_GENERIC_FACTORY_CONSTRUCTOR(nsHttpNegotiateAuth)
//-----------------------------------------------------------------------------
#define NS_NEGOTIATEAUTH_CID \
{ /* 96ec4163-efc8-407a-8735-007fb26be4e8 */ \
0x96ec4163, \
0xefc8, \
0x407a, \
{0x87, 0x35, 0x00, 0x7f, 0xb2, 0x6b, 0xe4, 0xe8} \
#define NS_NEGOTIATEAUTH_CID \
{ /* 96ec4163-efc8-407a-8735-007fb26be4e8 */ \
0x96ec4163, \
0xefc8, \
0x407a, \
{0x87, 0x35, 0x00, 0x7f, 0xb2, 0x6b, 0xe4, 0xe8} \
}
#if defined( USE_GSSAPI )
#include "nsNegotiateAuthGSSAPI.h"
#elif defined( USE_SSPI )
#include "nsNegotiateAuthSSPI.h"
static NS_METHOD
nsSysNTLMAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
{
if (outer)
return NS_ERROR_NO_AGGREGATION;
nsNegotiateAuth *auth = new nsNegotiateAuth(PR_TRUE);
if (!auth)
return NS_ERROR_OUT_OF_MEMORY;
NS_ADDREF(auth);
nsresult rv = auth->QueryInterface(iid, result);
NS_RELEASE(auth);
return rv;
}
#define NS_SYSNTLMAUTH_CID \
{ /* dc195987-6e9a-47bc-b1fd-ab895d398833 */ \
0xdc195987, \
0x6e9a, \
0x47bc, \
{0xb1, 0xfd, 0xab, 0x89, 0x5d, 0x39, 0x88, 0x33} \
}
#else
#error "missing implementation"
#endif
NS_GENERIC_FACTORY_CONSTRUCTOR(nsNegotiateAuth)
//-----------------------------------------------------------------------------
static nsModuleComponentInfo components[] = {
@ -77,6 +105,13 @@ static nsModuleComponentInfo components[] = {
NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate",
nsNegotiateAuthConstructor
},
#if defined( USE_SSPI )
{ "nsNegotiateAuthNTLM",
NS_SYSNTLMAUTH_CID,
NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm",
nsSysNTLMAuthConstructor
},
#endif
{ "nsHttpNegotiateAuth",
NS_HTTPNEGOTIATEAUTH_CID,
NS_HTTP_AUTHENTICATOR_CONTRACTID_PREFIX "negotiate",

34
extensions/auth/nsAuthSSPI.cpp
Просмотреть файл

@ -163,8 +163,9 @@ MakeSN(const char *principal, nsCString &result)
//-----------------------------------------------------------------------------
nsNegotiateAuth::nsNegotiateAuth()
nsNegotiateAuth::nsNegotiateAuth(PRBool useNTLM)
: mServiceFlags(REQ_DEFAULT)
, mUseNTLM(useNTLM)
{
memset(&mCred, 0, sizeof(mCred));
memset(&mCtxt, 0, sizeof(mCtxt));
@ -205,8 +206,10 @@ nsNegotiateAuth::Init(const char *serviceName,
// we don't expect to be passed any user credentials
NS_ASSERTION(!domain && !username && !password, "unexpected credentials");
// it's critial that the caller supply a service name to be used
NS_ENSURE_TRUE(serviceName && *serviceName, NS_ERROR_INVALID_ARG);
// if we're configured for SPNEGO, then it's critial that the caller
// supply a service name to be used.
if (!mUseNTLM)
NS_ENSURE_TRUE(serviceName && *serviceName, NS_ERROR_INVALID_ARG);
nsresult rv;
@ -217,16 +220,23 @@ nsNegotiateAuth::Init(const char *serviceName,
return rv;
}
rv = MakeSN(serviceName, mServiceName);
if (NS_FAILED(rv))
return rv;
mServiceFlags = serviceFlags;
SEC_CHAR *package;
if (mUseNTLM)
package = "NTLM";
else {
package = "Negotiate";
rv = MakeSN(serviceName, mServiceName);
if (NS_FAILED(rv))
return rv;
mServiceFlags = serviceFlags;
}
TimeStamp useBefore;
SECURITY_STATUS rc;
rc = (sspi->AcquireCredentialsHandle)(NULL,
"Negotiate",
package,
SECPKG_CRED_OUTBOUND,
NULL,
NULL,
@ -293,9 +303,15 @@ nsNegotiateAuth::GetNextToken(const void *inToken,
return NS_ERROR_OUT_OF_MEMORY;
memset(ob.pvBuffer, 0, ob.cbBuffer);
SEC_CHAR *sn;
if (mUseNTLM)
sn = NULL;
else
sn = (SEC_CHAR *) mServiceName.get();
rc = (sspi->InitializeSecurityContext)(&mCred,
ctxIn,
(SEC_CHAR *) mServiceName.get(),
sn,
ctxReq,
0,
SECURITY_NATIVE_DREP,

9
extensions/auth/nsAuthSSPI.h
Просмотреть файл

@ -50,13 +50,19 @@
// The nsNegotiateAuth class provides responses for the GSS-API Negotiate method
// as specified by Microsoft in draft-brezak-spnego-http-04.txt
// It can also be configured to talk raw NTLM. This implementation of NTLM has
// the advantage of being able to access the user's logon credentials. This
// implementation of NTLM should only be used for single-signon. It should be
// avoided when authenticating over the internet since it may use a lower-grade
// version of password hashing depending on the version of Windows being used.
class nsNegotiateAuth : public nsIAuthModule
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIAUTHMODULE
nsNegotiateAuth();
nsNegotiateAuth(PRBool useNTLM = PR_FALSE);
private:
~nsNegotiateAuth();
@ -68,6 +74,7 @@ private:
CtxtHandle mCtxt;
nsCString mServiceName;
PRUint32 mServiceFlags;
PRBool mUseNTLM;
};
#endif /* nsNegotiateAuthSSPI_h__ */