[net/auth] Log delegation and mutual auth flags.

Make life easier for log readers by surfacing whether credentials were delegated and whether mutual authentication was performed during a GSSAPI authentication handshake. R=eroman@chromium.org Bug: 884313 Change-Id: I203049c769efa88d22461e5870bc9490baf58a8f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1742508Reviewed-by: Eric Roman <eroman@chromium.org> Commit-Queue: Asanka Herath <asanka@chromium.org> Cr-Commit-Position: refs/heads/master@{#685028}

[net/auth] Log delegation and mutual auth flags.
Make life easier for log readers by surfacing whether credentials were delegated and whether mutual authentication was performed during a GSSAPI authentication handshake. R=eroman@chromium.org Bug: 884313 Change-Id: I203049c769efa88d22461e5870bc9490baf58a8f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1742508Reviewed-by: Eric Roman <eroman@chromium.org> Commit-Queue: Asanka Herath <asanka@chromium.org> Cr-Commit-Position: refs/heads/master@{#685028}
7cddd5ae · Asanka Herath · Commit Bot · 7f8332fb · 7cddd5ae · 7cddd5ae
Commit 7cddd5ae authored Aug 08, 2019 by Asanka Herath Committed by Commit Bot Aug 08, 2019
3 changed files
--- a/net/http/http_auth_gssapi_posix.cc
+++ b/net/http/http_auth_gssapi_posix.cc
@@ -261,9 +261,11 @@ base::Value GetDisplayNameValue(GSSAPILibrary* gssapi_lib,
 }
 base::Value ContextFlagsToValue(OM_uint32 flags) {
-  // TODO(asanka): This should break down known flags. At least the
+  base::Value rv{base::Value::Type::DICTIONARY};
-  // GSS_C_DELEG_FLAG.
+  rv.SetStringKey("value", base::StringPrintf("0x%08x", flags));
-  return base::Value(base::StringPrintf("%08x", flags));
+  rv.SetBoolKey("delegated", (flags & GSS_C_DELEG_FLAG) == GSS_C_DELEG_FLAG);
+  rv.SetBoolKey("mutual", (flags & GSS_C_MUTUAL_FLAG) == GSS_C_MUTUAL_FLAG);
+  return rv;
 }
 base::Value GetContextStateAsValue(GSSAPILibrary* gssapi_lib,

--- a/net/http/http_auth_gssapi_posix_unittest.cc
+++ b/net/http/http_auth_gssapi_posix_unittest.cc
@@ -632,7 +632,11 @@ TEST(HttpAuthGSSAPITest, GetContextStateAsValue_ValidContext) {
        "mechanism": {
          "oid": "<Empty OID>"
        },
-        "flags": "00000000",
+        "flags": {
+          "value": "0x00000000",
+          "delegated": false,
+          "mutual": false
+        },
        "open": false
      }
  )");

--- a/net/log/net_log_event_type_list.h
+++ b/net/log/net_log_event_type_list.h
@@ -2221,6 +2221,19 @@ EVENT_TYPE(SOCKS5_HANDSHAKE_READ)
 //               contains the error in the form of a GSSAPI Status.>
 //   }
 //
+// ** GSSAPI Context Flags
+//
+// Bitmask indicating properties of the negotiated security context. Values may
+// be only advisory if the "open" flag of the enclosing security context is
+// True. I.e. flags are not final until the security context is closed.
+//
+//   {
+//     "flags"     : <Flags. See RFC 2744 Section 5.19 for meanings. Flag
+//                    bitmasks can be found in RFC 2744 Appendix A.>
+//     "delegated" : <True if credentials were delegated to the target.>
+//     "mutual"    : <True if mutual authentication was successful.>
+//   }
+//
 // ** GSSAPI Context Description
 //
 // A serialization of the GSSAPI context. It takes the following form: