--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsub...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/833a94d7-893f-4e5b-903d-9fb9a6144e6c%40chromium.org.
I wrote a design doc:Suggestions and comments are welcome!
On Friday, January 19, 2018 at 9:03:24 PM UTC-8, Matt Menke wrote:Right, we can only pass back some metadata about the request (URL, request ID, auth challenge, etc), and then have the login handler use that to generate a reply.
There's another problem here:We need to load a dll in the network process to handle some forms of auth (See IOThread::CreateDefaultAuthHandlerFactory).
That is presumably not something we want the network process doing,
so we'll need an API for the browser process to provide that information. I don't think we're going to want two completely separate paths for the different types of auth (NTLM/Negotiate where we use system credentials and that dll, and digest/basic where we prompt for a password), so I think we're going to need some reworking of net before we're ready for this.
On Fri, Jan 19, 2018 at 9:26 PM, <jun...@chromium.org> wrote:
And this is the draft CL:https://chromium-review.googlesource.com/c/chromium/src/+/877512
On Friday, January 19, 2018 at 5:54:54 PM UTC-8, jun...@chromium.org wrote:I am working on the following issue:and it seems that in NetworkServiceClient (on the browser process) I need to create a LoginHandler:and its constructor takes two arguments:(net::AuthChallengeInfo* auth_info, net::URLRequest* request)The net::AuthChallengeInfo can be passed from URLLoader in the network side using mojom typemapping, but it seems the URLRequest is not possible to typemap. Any suggestion of how to solve this problem? Thanks a lot!
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsubscribe...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/833a94d7-893f-4e5b-903d-9fb9a6144e6c%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsub...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/a5322bd4-1d4f-4ec6-8aa9-06d65cb6cfa5%40chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service...@chromium.org.
To post to this group, send email to network-s...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/833a94d7-893f-4e5b-903d-9fb9a6144e6c%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service...@chromium.org.
To post to this group, send email to network-s...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/a5322bd4-1d4f-4ec6-8aa9-06d65cb6cfa5%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service...@chromium.org.
To post to this group, send email to network-s...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/CALhVsw2T1JSspxcVRiiwq1A-_3ZMd438BBeC6s7ZGhpc8JSW_Q%40mail.gmail.com.
+Asanka Herath who knows a lot about GSSAPI libraries.On Tue, Jan 30, 2018 at 12:08 PM John Abd-El-Malek <j...@chromium.org> wrote:On Fri, Jan 26, 2018 at 12:44 PM, <jun...@chromium.org> wrote:I wrote a design doc:Suggestions and comments are welcome!
On Friday, January 19, 2018 at 9:03:24 PM UTC-8, Matt Menke wrote:Right, we can only pass back some metadata about the request (URL, request ID, auth challenge, etc), and then have the login handler use that to generate a reply.+1, you can follow the pattern you used for URLLoader::OnCertificateRequested.There's another problem here:We need to load a dll in the network process to handle some forms of auth (See IOThread::CreateDefaultAuthHandlerFactory).To make sure I'm following, are you referring to the gssapi_library_name_ code on posix?That is presumably not something we want the network process doing,Who writes the GSSAPI library? It looks like it can be used on ChromeOS, so does that mean that if we're not the authors, we understand its dependencies pretty well?
so we'll need an API for the browser process to provide that information. I don't think we're going to want two completely separate paths for the different types of auth (NTLM/Negotiate where we use system credentials and that dll, and digest/basic where we prompt for a password), so I think we're going to need some reworking of net before we're ready for this.
On Tue, Jan 30, 2018 at 12:13 PM Chris Bentzel <cben...@chromium.org> wrote:+Asanka Herath who knows a lot about GSSAPI libraries.On Tue, Jan 30, 2018 at 12:08 PM John Abd-El-Malek <j...@chromium.org> wrote:On Fri, Jan 26, 2018 at 12:44 PM, <jun...@chromium.org> wrote:I wrote a design doc:Suggestions and comments are welcome!
On Friday, January 19, 2018 at 9:03:24 PM UTC-8, Matt Menke wrote:Right, we can only pass back some metadata about the request (URL, request ID, auth challenge, etc), and then have the login handler use that to generate a reply.+1, you can follow the pattern you used for URLLoader::OnCertificateRequested.There's another problem here:We need to load a dll in the network process to handle some forms of auth (See IOThread::CreateDefaultAuthHandlerFactory).To make sure I'm following, are you referring to the gssapi_library_name_ code on posix?That is presumably not something we want the network process doing,Who writes the GSSAPI library? It looks like it can be used on ChromeOS, so does that mean that if we're not the authors, we understand its dependencies pretty well?The GSSAPI library is typically what's installed and configured on the local system. On Linux it could be either Heimdal or the MIT Kerberos library depending on what the user chose to install. On Mac it is Heimdal, which is part of the system. On ChromeOS we now bundle MIT Keberos as apart of the Chrome AD effort.
so we'll need an API for the browser process to provide that information. I don't think we're going to want two completely separate paths for the different types of auth (NTLM/Negotiate where we use system credentials and that dll, and digest/basic where we prompt for a password), so I think we're going to need some reworking of net before we're ready for this.Negotiate can use explicit credentials as well as ambient credentials.
On Fri, Jan 19, 2018 at 9:26 PM, <jun...@chromium.org> wrote:
And this is the draft CL:https://chromium-review.googlesource.com/c/chromium/src/+/877512
On Friday, January 19, 2018 at 5:54:54 PM UTC-8, jun...@chromium.org wrote:I am working on the following issue:and it seems that in NetworkServiceClient (on the browser process) I need to create a LoginHandler:and its constructor takes two arguments:(net::AuthChallengeInfo* auth_info, net::URLRequest* request)The net::AuthChallengeInfo can be passed from URLLoader in the network side using mojom typemapping, but it seems the URLRequest is not possible to typemap. Any suggestion of how to solve this problem? Thanks a lot!
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsub...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/833a94d7-893f-4e5b-903d-9fb9a6144e6c%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsub...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/a5322bd4-1d4f-4ec6-8aa9-06d65cb6cfa5%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsub...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
On Tue, Jan 30, 2018 at 5:34 PM, Asanka Herath <asa...@chromium.org> wrote:On Tue, Jan 30, 2018 at 12:13 PM Chris Bentzel <cben...@chromium.org> wrote:+Asanka Herath who knows a lot about GSSAPI libraries.On Tue, Jan 30, 2018 at 12:08 PM John Abd-El-Malek <j...@chromium.org> wrote:On Fri, Jan 26, 2018 at 12:44 PM, <jun...@chromium.org> wrote:I wrote a design doc:Suggestions and comments are welcome!
On Friday, January 19, 2018 at 9:03:24 PM UTC-8, Matt Menke wrote:Right, we can only pass back some metadata about the request (URL, request ID, auth challenge, etc), and then have the login handler use that to generate a reply.+1, you can follow the pattern you used for URLLoader::OnCertificateRequested.There's another problem here:We need to load a dll in the network process to handle some forms of auth (See IOThread::CreateDefaultAuthHandlerFactory).To make sure I'm following, are you referring to the gssapi_library_name_ code on posix?That is presumably not something we want the network process doing,Who writes the GSSAPI library? It looks like it can be used on ChromeOS, so does that mean that if we're not the authors, we understand its dependencies pretty well?The GSSAPI library is typically what's installed and configured on the local system. On Linux it could be either Heimdal or the MIT Kerberos library depending on what the user chose to install. On Mac it is Heimdal, which is part of the system. On ChromeOS we now bundle MIT Keberos as apart of the Chrome AD effort.Thanks. The good part is that these are open source. The unknown part is how sandboxable they are, but hopefully the former makes it easier to figure this out.
so we'll need an API for the browser process to provide that information. I don't think we're going to want two completely separate paths for the different types of auth (NTLM/Negotiate where we use system credentials and that dll, and digest/basic where we prompt for a password), so I think we're going to need some reworking of net before we're ready for this.Negotiate can use explicit credentials as well as ambient credentials.
On Fri, Jan 19, 2018 at 9:26 PM, <jun...@chromium.org> wrote:
And this is the draft CL:https://chromium-review.googlesource.com/c/chromium/src/+/877512
On Friday, January 19, 2018 at 5:54:54 PM UTC-8, jun...@chromium.org wrote:I am working on the following issue:and it seems that in NetworkServiceClient (on the browser process) I need to create a LoginHandler:and its constructor takes two arguments:(net::AuthChallengeInfo* auth_info, net::URLRequest* request)The net::AuthChallengeInfo can be passed from URLLoader in the network side using mojom typemapping, but it seems the URLRequest is not possible to typemap. Any suggestion of how to solve this problem? Thanks a lot!
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsubscribe...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/833a94d7-893f-4e5b-903d-9fb9a6144e6c%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsubscribe...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/a5322bd4-1d4f-4ec6-8aa9-06d65cb6cfa5%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsubscribe...@chromium.org.
On Wed, Jan 31, 2018 at 8:02 AM, John Abd-El-Malek <j...@chromium.org> wrote:On Tue, Jan 30, 2018 at 5:34 PM, Asanka Herath <asa...@chromium.org> wrote:On Tue, Jan 30, 2018 at 12:13 PM Chris Bentzel <cben...@chromium.org> wrote:+Asanka Herath who knows a lot about GSSAPI libraries.On Tue, Jan 30, 2018 at 12:08 PM John Abd-El-Malek <j...@chromium.org> wrote:On Fri, Jan 26, 2018 at 12:44 PM, <jun...@chromium.org> wrote:I wrote a design doc:Suggestions and comments are welcome!
On Friday, January 19, 2018 at 9:03:24 PM UTC-8, Matt Menke wrote:Right, we can only pass back some metadata about the request (URL, request ID, auth challenge, etc), and then have the login handler use that to generate a reply.+1, you can follow the pattern you used for URLLoader::OnCertificateRequested.There's another problem here:We need to load a dll in the network process to handle some forms of auth (See IOThread::CreateDefaultAuthHandlerFactory).To make sure I'm following, are you referring to the gssapi_library_name_ code on posix?That is presumably not something we want the network process doing,Who writes the GSSAPI library? It looks like it can be used on ChromeOS, so does that mean that if we're not the authors, we understand its dependencies pretty well?The GSSAPI library is typically what's installed and configured on the local system. On Linux it could be either Heimdal or the MIT Kerberos library depending on what the user chose to install. On Mac it is Heimdal, which is part of the system. On ChromeOS we now bundle MIT Keberos as apart of the Chrome AD effort.Thanks. The good part is that these are open source. The unknown part is how sandboxable they are, but hopefully the former makes it easier to figure this out.+Tom explicitlyAlso one other question: do we have any integration tests that depend on the GSSAPI library being loaded?
so we'll need an API for the browser process to provide that information. I don't think we're going to want two completely separate paths for the different types of auth (NTLM/Negotiate where we use system credentials and that dll, and digest/basic where we prompt for a password), so I think we're going to need some reworking of net before we're ready for this.Negotiate can use explicit credentials as well as ambient credentials.
On Fri, Jan 19, 2018 at 9:26 PM, <jun...@chromium.org> wrote:
And this is the draft CL:https://chromium-review.googlesource.com/c/chromium/src/+/877512
On Friday, January 19, 2018 at 5:54:54 PM UTC-8, jun...@chromium.org wrote:I am working on the following issue:and it seems that in NetworkServiceClient (on the browser process) I need to create a LoginHandler:and its constructor takes two arguments:(net::AuthChallengeInfo* auth_info, net::URLRequest* request)The net::AuthChallengeInfo can be passed from URLLoader in the network side using mojom typemapping, but it seems the URLRequest is not possible to typemap. Any suggestion of how to solve this problem? Thanks a lot!
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service...@chromium.org.
To post to this group, send email to network-s...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/833a94d7-893f-4e5b-903d-9fb9a6144e6c%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service...@chromium.org.
To post to this group, send email to network-s...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/a5322bd4-1d4f-4ec6-8aa9-06d65cb6cfa5%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service...@chromium.org.
To post to this group, send email to network-s...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/CALhVsw2T1JSspxcVRiiwq1A-_3ZMd438BBeC6s7ZGhpc8JSW_Q%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service...@chromium.org.
To post to this group, send email to network-s...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/CALhVsw1VK5xfcn1c_C5y5%2Bt-dFY3B_sbdQ4nkGiWSCYJYJVRkw%40mail.gmail.com.