mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 19:35:51 +00:00
fixes bug 231529 "Optionally enable unprompted NTLM authentication" r=cneberg sr=bryner
This commit is contained in:
parent
3c6ad0547d
commit
d02cfd73b2
@ -39,12 +39,12 @@
|
||||
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#define NS_HTTPNEGOTIATEAUTH_CID \
|
||||
{ /* 75c80fd0-accb-432c-af59-ec60668c3990 */ \
|
||||
0x75c80fd0, \
|
||||
0xaccb, \
|
||||
0x432c, \
|
||||
{0xaf, 0x59, 0xec, 0x60, 0x66, 0x8c, 0x39, 0x90} \
|
||||
#define NS_HTTPNEGOTIATEAUTH_CID \
|
||||
{ /* 75c80fd0-accb-432c-af59-ec60668c3990 */ \
|
||||
0x75c80fd0, \
|
||||
0xaccb, \
|
||||
0x432c, \
|
||||
{0xaf, 0x59, 0xec, 0x60, 0x66, 0x8c, 0x39, 0x90} \
|
||||
}
|
||||
|
||||
#include "nsHttpNegotiateAuth.h"
|
||||
@ -52,23 +52,51 @@ NS_GENERIC_FACTORY_CONSTRUCTOR(nsHttpNegotiateAuth)
|
||||
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#define NS_NEGOTIATEAUTH_CID \
|
||||
{ /* 96ec4163-efc8-407a-8735-007fb26be4e8 */ \
|
||||
0x96ec4163, \
|
||||
0xefc8, \
|
||||
0x407a, \
|
||||
{0x87, 0x35, 0x00, 0x7f, 0xb2, 0x6b, 0xe4, 0xe8} \
|
||||
#define NS_NEGOTIATEAUTH_CID \
|
||||
{ /* 96ec4163-efc8-407a-8735-007fb26be4e8 */ \
|
||||
0x96ec4163, \
|
||||
0xefc8, \
|
||||
0x407a, \
|
||||
{0x87, 0x35, 0x00, 0x7f, 0xb2, 0x6b, 0xe4, 0xe8} \
|
||||
}
|
||||
|
||||
#if defined( USE_GSSAPI )
|
||||
#include "nsNegotiateAuthGSSAPI.h"
|
||||
|
||||
#elif defined( USE_SSPI )
|
||||
#include "nsNegotiateAuthSSPI.h"
|
||||
|
||||
static NS_METHOD
|
||||
nsSysNTLMAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
|
||||
{
|
||||
if (outer)
|
||||
return NS_ERROR_NO_AGGREGATION;
|
||||
|
||||
nsNegotiateAuth *auth = new nsNegotiateAuth(PR_TRUE);
|
||||
if (!auth)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
NS_ADDREF(auth);
|
||||
nsresult rv = auth->QueryInterface(iid, result);
|
||||
NS_RELEASE(auth);
|
||||
return rv;
|
||||
}
|
||||
|
||||
#define NS_SYSNTLMAUTH_CID \
|
||||
{ /* dc195987-6e9a-47bc-b1fd-ab895d398833 */ \
|
||||
0xdc195987, \
|
||||
0x6e9a, \
|
||||
0x47bc, \
|
||||
{0xb1, 0xfd, 0xab, 0x89, 0x5d, 0x39, 0x88, 0x33} \
|
||||
}
|
||||
|
||||
#else
|
||||
#error "missing implementation"
|
||||
#endif
|
||||
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsNegotiateAuth)
|
||||
|
||||
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
static nsModuleComponentInfo components[] = {
|
||||
@ -77,6 +105,13 @@ static nsModuleComponentInfo components[] = {
|
||||
NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate",
|
||||
nsNegotiateAuthConstructor
|
||||
},
|
||||
#if defined( USE_SSPI )
|
||||
{ "nsNegotiateAuthNTLM",
|
||||
NS_SYSNTLMAUTH_CID,
|
||||
NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm",
|
||||
nsSysNTLMAuthConstructor
|
||||
},
|
||||
#endif
|
||||
{ "nsHttpNegotiateAuth",
|
||||
NS_HTTPNEGOTIATEAUTH_CID,
|
||||
NS_HTTP_AUTHENTICATOR_CONTRACTID_PREFIX "negotiate",
|
||||
|
@ -163,8 +163,9 @@ MakeSN(const char *principal, nsCString &result)
|
||||
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
nsNegotiateAuth::nsNegotiateAuth()
|
||||
nsNegotiateAuth::nsNegotiateAuth(PRBool useNTLM)
|
||||
: mServiceFlags(REQ_DEFAULT)
|
||||
, mUseNTLM(useNTLM)
|
||||
{
|
||||
memset(&mCred, 0, sizeof(mCred));
|
||||
memset(&mCtxt, 0, sizeof(mCtxt));
|
||||
@ -205,8 +206,10 @@ nsNegotiateAuth::Init(const char *serviceName,
|
||||
// we don't expect to be passed any user credentials
|
||||
NS_ASSERTION(!domain && !username && !password, "unexpected credentials");
|
||||
|
||||
// it's critial that the caller supply a service name to be used
|
||||
NS_ENSURE_TRUE(serviceName && *serviceName, NS_ERROR_INVALID_ARG);
|
||||
// if we're configured for SPNEGO, then it's critial that the caller
|
||||
// supply a service name to be used.
|
||||
if (!mUseNTLM)
|
||||
NS_ENSURE_TRUE(serviceName && *serviceName, NS_ERROR_INVALID_ARG);
|
||||
|
||||
nsresult rv;
|
||||
|
||||
@ -217,16 +220,23 @@ nsNegotiateAuth::Init(const char *serviceName,
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = MakeSN(serviceName, mServiceName);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
mServiceFlags = serviceFlags;
|
||||
SEC_CHAR *package;
|
||||
if (mUseNTLM)
|
||||
package = "NTLM";
|
||||
else {
|
||||
package = "Negotiate";
|
||||
|
||||
rv = MakeSN(serviceName, mServiceName);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
mServiceFlags = serviceFlags;
|
||||
}
|
||||
|
||||
TimeStamp useBefore;
|
||||
SECURITY_STATUS rc;
|
||||
|
||||
rc = (sspi->AcquireCredentialsHandle)(NULL,
|
||||
"Negotiate",
|
||||
package,
|
||||
SECPKG_CRED_OUTBOUND,
|
||||
NULL,
|
||||
NULL,
|
||||
@ -293,9 +303,15 @@ nsNegotiateAuth::GetNextToken(const void *inToken,
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
memset(ob.pvBuffer, 0, ob.cbBuffer);
|
||||
|
||||
SEC_CHAR *sn;
|
||||
if (mUseNTLM)
|
||||
sn = NULL;
|
||||
else
|
||||
sn = (SEC_CHAR *) mServiceName.get();
|
||||
|
||||
rc = (sspi->InitializeSecurityContext)(&mCred,
|
||||
ctxIn,
|
||||
(SEC_CHAR *) mServiceName.get(),
|
||||
sn,
|
||||
ctxReq,
|
||||
0,
|
||||
SECURITY_NATIVE_DREP,
|
||||
|
@ -50,13 +50,19 @@
|
||||
// The nsNegotiateAuth class provides responses for the GSS-API Negotiate method
|
||||
// as specified by Microsoft in draft-brezak-spnego-http-04.txt
|
||||
|
||||
// It can also be configured to talk raw NTLM. This implementation of NTLM has
|
||||
// the advantage of being able to access the user's logon credentials. This
|
||||
// implementation of NTLM should only be used for single-signon. It should be
|
||||
// avoided when authenticating over the internet since it may use a lower-grade
|
||||
// version of password hashing depending on the version of Windows being used.
|
||||
|
||||
class nsNegotiateAuth : public nsIAuthModule
|
||||
{
|
||||
public:
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSIAUTHMODULE
|
||||
|
||||
nsNegotiateAuth();
|
||||
nsNegotiateAuth(PRBool useNTLM = PR_FALSE);
|
||||
|
||||
private:
|
||||
~nsNegotiateAuth();
|
||||
@ -68,6 +74,7 @@ private:
|
||||
CtxtHandle mCtxt;
|
||||
nsCString mServiceName;
|
||||
PRUint32 mServiceFlags;
|
||||
PRBool mUseNTLM;
|
||||
};
|
||||
|
||||
#endif /* nsNegotiateAuthSSPI_h__ */
|
||||
|
Loading…
Reference in New Issue
Block a user