Include SSPI support for NTLM authentication.

net/http/http_auth_handler_ntlm.h

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_
 #define NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_
 
 #include <string>
 
+#include "build/build_config.h"
+// This contains the portable and the SSPI implementation for NTLM.
+// We use NTLM_PORTABLE for Linux and OSX, for windows NTLM_SSPI is preferred.
+#if defined(OS_WIN)
+#define NTLM_SSPI
+#elif defined(OS_MACOSX) || defined(OS_LINUX)
+#define NTLM_PORTABLE
+#endif
+
+#if defined(NTLM_SSPI)
+#include <windows.h>
+#define SECURITY_WIN32
+#include <security.h>
+#endif
+
 #include "base/basictypes.h"
 #include "base/scoped_ptr.h"
 #include "base/string16.h"
 #include "net/http/http_auth_handler.h"
+#include "net/base/net_errors.h"
 
 namespace net {
 
+static inline void ZapBuf(void* buf, size_t buf_len) {
+  memset(buf, 0, buf_len);
+}
+
+// TODO(wtc): Can we implement ZapString as
+// s.replace(0, s.size(), s.size(), '\0)?
+static inline void ZapString(std::string* s) {
+  ZapBuf(&(*s)[0], s->length());
+}
+
+static inline void ZapString(string16* s) {
+  ZapBuf(&(*s)[0], s->length() * 2);
+}
+
 class NTLMAuthModule;
 
 // Code for handling HTTP NTLM authentication.
 class HttpAuthHandlerNTLM : public HttpAuthHandler {
  public:
+
+#if defined(NTLM_PORTABLE)
   // A function that generates n random bytes in the output buffer.
   typedef void (*GenerateRandomProc)(uint8* output, size_t n);
 
   // A function that returns the local host name. Returns an empty string if
   // the local host name is not available.
   typedef std::string (*HostNameProc)();
 
   // For unit tests to override and restore the GenerateRandom and
   // GetHostName functions.
   class ScopedProcSetter {
    public:
     ScopedProcSetter(GenerateRandomProc random_proc,
                      HostNameProc host_name_proc) {
       old_random_proc_ = SetGenerateRandomProc(random_proc);
       old_host_name_proc_ = SetHostNameProc(host_name_proc);
     }
 
     ~ScopedProcSetter() {
       SetGenerateRandomProc(old_random_proc_);
       SetHostNameProc(old_host_name_proc_);
     }
 
    private:
     GenerateRandomProc old_random_proc_;
     HostNameProc old_host_name_proc_;
   };
+#endif
 
   HttpAuthHandlerNTLM();
 
   virtual ~HttpAuthHandlerNTLM();
 
   virtual bool NeedsIdentity();
 
   virtual std::string GenerateCredentials(const std::wstring& username,
                                           const std::wstring& password,
                                           const HttpRequestInfo* request,
                                           const ProxyInfo* proxy);
 
  protected:
   virtual bool Init(std::string::const_iterator challenge_begin,
                     std::string::const_iterator challenge_end) {
     return ParseChallenge(challenge_begin, challenge_end);
   }
 
+  // This function is implemented in the SSPI layer to get Credentials
+  int InitializeBeforeFirstChallenge();
+
  private:
+#if defined(NTLM_PORTABLE)
   // For unit tests to override the GenerateRandom and GetHostName functions.
   // Returns the old function.
   static GenerateRandomProc SetGenerateRandomProc(GenerateRandomProc proc);
   static HostNameProc SetHostNameProc(HostNameProc proc);
+#endif
 
   // Parse the challenge, saving the results into this instance.
   // Returns true on success.
   bool ParseChallenge(std::string::const_iterator challenge_begin,
                       std::string::const_iterator challenge_end);
 
   // Given an input token received from the server, generate the next output
   // token to be sent to the server.
   int GetNextToken(const void* in_token,
                    uint32 in_token_len,
                    void** out_token,
                    uint32* out_token_len);
 
+#if defined(NTLM_SSPI)
+  void ResetSecurityContext();
+#endif
+
+#if defined(NTLM_PORTABLE)
   static GenerateRandomProc generate_random_proc_;
   static HostNameProc get_host_name_proc_;
+#endif
 
+ protected:
   string16 domain_;
   string16 username_;
   string16 password_;
 
   // The base64-encoded string following "NTLM" in the "WWW-Authenticate" or
   // "Proxy-Authenticate" response header.
   std::string auth_data_;
+
+#if defined(NTLM_SSPI)
+  ULONG max_token_len_;
+  CredHandle cred_;
+  CtxtHandle ctxt_;
+#endif
 };
 
 }  // namespace net
 
 #endif  // NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_