Skip to content

add code for kerberos strategy with user token as input(straight) & m… #299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Jan 20, 2021
Merged

add code for kerberos strategy with user token as input(straight) & m… #299

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
d3f4879
add code for kerberos strategy with user token as input(straight) & m…
ajainaus Jan 5, 2021
c402e52
add function to get kerberos user token
ajainaus Jan 6, 2021
303ec0f
add proxy connection type
ajainaus Jan 11, 2021
f9776c6
add ntlm proxy strategy type
ajainaus Jan 11, 2021
70c3578
add proxy connection type
ajainaus Jan 11, 2021
9481f80
add ntlm strategy
ajainaus Jan 11, 2021
02c6f57
remove the exception for wd4221 warning from CMakeList.txt file
ajainaus Jan 14, 2021
01c647a
add callback functions
ajainaus Jan 14, 2021
0eabcb8
add callback functions
ajainaus Jan 14, 2021
0d1888c
modify header generation function for ntlm & kerberos
ajainaus Jan 14, 2021
1a4cdcb
comment api for callback functions and add callback function thru con…
ajainaus Jan 15, 2021
f905b7f
remove enum define for sub-state,comment callback function API's and …
ajainaus Jan 15, 2021
af85724
add ntlm adaptive strategy as a part of kerberos chain and rename fun…
ajainaus Jan 20, 2021
2bb27de
Merge branch 'ProxyRequestFlowMerge' into ProxyRequestFlow-SA
bretambrose Jan 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
103 changes: 100 additions & 3 deletions include/aws/http/proxy_strategy.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,29 @@ struct aws_http_header;
struct aws_http_proxy_strategy;
struct aws_http_proxy_strategy_factory;

/*SA-Added Start*/

/*enum defination for callback state*/
enum proxy_strategy_callback_state {
AWS_KERB_TOKEN,
AWS_NTLM_CRED,
AWS_NTLM_RESP,
};

/**
* User-supplied callback function that send data to user
*(example NTLM challenge received from proxy server)
*/
typedef void (*aws_http_proxy_send_user_data_callback_fn)(size_t data_length, uint8_t *data, void *userdata);

/**
* User-supplied callback function that gets user data depending on callback state
*(example NTLM credentials/response)
*/
typedef char* (*aws_http_proxy_get_user_data_callback_fn)(int callback_state, void *userdata);
Copy link
Contributor

@bretambrose bretambrose Jan 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll need these callbacks to support async execution, as it is they can only be used synchronously. We'll want to pass the completion functions (terminate, continue) here as well and then it's the responsibilty of the callback implementer to invoke the right function when the data is ready.


/*SA-Added End*/

/**
* Proxy strategy logic must call this function to indicate an unsuccessful outcome
*/
Expand Down Expand Up @@ -185,12 +208,37 @@ struct aws_http_proxy_strategy_factory_tunneling_adaptive_test_options {
*/
struct aws_http_proxy_strategy_factory_tunneling_kerberos_options {
bool placeholder;
aws_http_proxy_send_user_data_callback_fn func_1;
aws_http_proxy_get_user_data_callback_fn func_2;
void *userData;
};

struct aws_http_proxy_strategy_factory_tunneling_adaptive_kerberos_options {
struct aws_http_proxy_strategy_factory_tunneling_kerberos_options kerberos_options;
};

/*SA-Added Start*/
struct aws_http_proxy_strategy_factory_kerberos_auth_config {

/* type of proxy connection being established, must be forwarding or tunnel */
enum aws_http_proxy_connection_type proxy_connection_type;

/* user token to use in kerberos authentication which is base64 encoded and provided by user*/
struct aws_byte_cursor user_token;
Copy link
Contributor

@bretambrose bretambrose Jan 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be better to pass in an (async-ready) function that fetches the user token rather than the user token itself. As it stands, I don't think this would support long-term connections because eventually the token expires and there's no sensible way to get a refreshed one.

};

struct aws_http_proxy_strategy_factory_tunneling_ntlm_options {
bool placeholder;
aws_http_proxy_send_user_data_callback_fn func_1;
aws_http_proxy_get_user_data_callback_fn func_2;
void *userData;
};

struct aws_http_proxy_strategy_factory_tunneling_adaptive_ntlm_options {
struct aws_http_proxy_strategy_factory_tunneling_ntlm_options ntlm_options;
};

/*SA-Added End*/
AWS_EXTERN_C_BEGIN

/**
Expand Down Expand Up @@ -302,16 +350,65 @@ struct aws_http_proxy_strategy_factory *aws_http_proxy_strategy_factory_new_tunn
* This is an experimental API.
*
* Constructor for a WIP adaptive tunneling proxy strategy. This strategy attempts a vanilla CONNECT and if that
* fails it attempts a kerberos-oriented CONNECT (if applicable).
* fails it attempts a kerberos-oriented CONNECT request followed by a NTLM-oriented CONNECT request (if applicable).
*
* @param allocator memory allocator to use
* @param config configuration options for the strategy factory
* @return a new proxy strategy factory if successfully constructed, otherwise NULL
*/
AWS_HTTP_API
struct aws_http_proxy_strategy_factory *aws_http_proxy_strategy_factory_new_tunneling_adaptive_kerberos_ntlm(
struct aws_allocator *allocator,
struct aws_http_proxy_strategy_factory_tunneling_adaptive_kerberos_options *kerberos_config,
struct aws_http_proxy_strategy_factory_tunneling_adaptive_ntlm_options *ntlm_config);

/*SA-Added Start*/

/**
* A constructor for a proxy strategy factory that performs kerberos authentication by adding the appropriate
* header and header value to requests or CONNECT requests.
*
* @param allocator memory allocator to use
* @param config kerberos authentication configuration info
* @return a new proxy strategy factory if successfully constructed, otherwise NULL
*/
AWS_HTTP_API
struct aws_http_proxy_strategy_factory *aws_http_proxy_strategy_factory_new_kerberos_auth(
struct aws_allocator *allocator,
struct aws_http_proxy_strategy_factory_kerberos_auth_config *config);

/**
* This is an experimental API.
*
* Constructor for a WIP adaptive tunneling NTLM proxy strategy. This strategy attempts a vanilla CONNECT and if that
* fails it attempts a ntlm-oriented CONNECT (if applicable).
*
* @param allocator memory allocator to use
* @param config configuration options for the strategy factory
* @return a new proxy strategy factory if successfully constructed, otherwise NULL
*/
AWS_HTTP_API
struct aws_http_proxy_strategy_factory *aws_http_proxy_strategy_factory_new_tunneling_adaptive_kerberos(
struct aws_http_proxy_strategy_factory *aws_http_proxy_strategy_factory_new_tunneling_adaptive_ntlm(
struct aws_allocator *allocator,
struct aws_http_proxy_strategy_factory_tunneling_adaptive_kerberos_options *config);
struct aws_http_proxy_strategy_factory_tunneling_adaptive_ntlm_options *config);

/**
* This is an experimental API.
*
* Constructor for callback functions
*
* @param callback function for sending user data to user, example - NTLM chalenge
* @param callback function for getting user data, example - NTLM Cred,NTLM Response, Kerberos Token
* @return NULL
*/
/*
AWS_HTTP_API
int aws_http_proxy_connection_configure_callback(
aws_http_proxy_send_user_data_callback_fn func_1,
aws_http_proxy_get_user_data_callback_fn func_2,
void *userdata);
*/
/*SA-Added End*/

AWS_EXTERN_C_END

Expand Down
Loading