Use SSPI for NTLM authentication on Windows....

net/http/http_auth_handler_ntlm_portable.cc

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_auth_handler_ntlm.h"
 
 #include <stdlib.h>
 // For gethostname
 #if defined(OS_POSIX)
 #include <unistd.h>
 #elif defined(OS_WIN)
 #include <winsock2.h>
 #endif
 
 #include "base/md5.h"
 #include "base/rand_util.h"
 #include "base/string_util.h"
 #include "base/sys_string_conversions.h"
-#include "net/base/base64.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
 #include "net/http/des.h"
 #include "net/http/md4.h"
 
 namespace net {
 
 // Based on mozilla/security/manager/ssl/src/nsNTLMAuthModule.cpp,
 // CVS rev. 1.14.
 //
@@ skipping 617 matching lines @@
 HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() {
   // Wipe our copy of the password from memory, to reduce the chance of being
   // written to the paging file on disk.
   ZapString(&password_);
 }
 
 bool HttpAuthHandlerNTLM::NeedsIdentity() {
   return !auth_data_.empty();
 }
 
-std::string HttpAuthHandlerNTLM::GenerateCredentials(
-    const std::wstring& username,
-    const std::wstring& password,
-    const HttpRequestInfo* request,
-    const ProxyInfo* proxy) {
-  // TODO(wtc): See if we can use char* instead of void* for in_buf and
-  // out_buf.  This change will need to propagate to GetNextToken,
-  // GenerateType1Msg, and GenerateType3Msg, and perhaps further.
-  const void* in_buf;
-  void* out_buf;
-  uint32 in_buf_len, out_buf_len;
-  std::string decoded_auth_data;
-
-  // |username| may be in the form "DOMAIN\user".  Parse it into the two
-  // components.
-  std::wstring domain;
-  std::wstring user;
-  size_t backslash_idx = username.find(L'\\');
-  if (backslash_idx == std::wstring::npos) {
-    user = username;
-  } else {
-    domain = username.substr(0, backslash_idx);
-    user = username.substr(backslash_idx + 1);
-  }
-  domain_ = WideToUTF16(domain);
-  username_ = WideToUTF16(user);
-  password_ = WideToUTF16(password);
-
-  // Initial challenge.
-  if (auth_data_.empty()) {
-    in_buf_len = 0;
-    in_buf = NULL;
-  } else {
-    // Decode |auth_data_| into the input buffer.
-    int len = auth_data_.length();
-
-    // Strip off any padding.
-    // (See https://bugzilla.mozilla.org/show_bug.cgi?id=230351.)
-    //
-    // Our base64 decoder requires that the length be a multiple of 4.
-    while (len > 0 && len % 4 != 0 && auth_data_[len - 1] == '=')
-      len--;
-    auth_data_.erase(len);
-
-    if (!Base64Decode(auth_data_, &decoded_auth_data))
-      return std::string();  // Improper base64 encoding
-    in_buf_len = decoded_auth_data.length();
-    in_buf = decoded_auth_data.data();
-  }
-
-  int rv = GetNextToken(in_buf, in_buf_len, &out_buf, &out_buf_len);
-  if (rv != OK)
-    return std::string();
-
-  // Base64 encode data in output buffer and prepend "NTLM ".
-  std::string encode_input(static_cast<char*>(out_buf), out_buf_len);
-  std::string encode_output;
-  bool ok = Base64Encode(encode_input, &encode_output);
-  // OK, we are done with |out_buf|
-  free(out_buf);
-  if (!ok)
-    return std::string();
-  return std::string("NTLM ") + encode_output;
+bool HttpAuthHandlerNTLM::IsFinalRound() {
+  return !auth_data_.empty();
 }
 
 // static
 HttpAuthHandlerNTLM::GenerateRandomProc
 HttpAuthHandlerNTLM::SetGenerateRandomProc(
     GenerateRandomProc proc) {
   GenerateRandomProc old_proc = generate_random_proc_;
   generate_random_proc_ = proc;
   return old_proc;
 }
 
 // static
 HttpAuthHandlerNTLM::HostNameProc HttpAuthHandlerNTLM::SetHostNameProc(
     HostNameProc proc) {
   HostNameProc old_proc = get_host_name_proc_;
   get_host_name_proc_ = proc;
   return old_proc;
 }
 
-// The NTLM challenge header looks like:
-//   WWW-Authenticate: NTLM auth-data
-bool HttpAuthHandlerNTLM::ParseChallenge(
-    std::string::const_iterator challenge_begin,
-    std::string::const_iterator challenge_end) {
-  scheme_ = "ntlm";
-  score_ = 3;
-  properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED;
-  auth_data_.clear();
-
-  // Verify the challenge's auth-scheme.
-  HttpAuth::ChallengeTokenizer challenge_tok(challenge_begin, challenge_end);
-  if (!challenge_tok.valid() ||
-      !LowerCaseEqualsASCII(challenge_tok.scheme(), "ntlm"))
-    return false;
-
-  // Extract the auth-data.  We can't use challenge_tok.GetNext() because
-  // auth-data is base64-encoded and may contain '=' padding at the end,
-  // which would be mistaken for a name=value pair.
-  challenge_begin += 4;  // Skip over "NTLM".
-  HttpUtil::TrimLWS(&challenge_begin, &challenge_end);
-
-  auth_data_.assign(challenge_begin, challenge_end);
-
-  return true;
-}
-
 int HttpAuthHandlerNTLM::GetNextToken(const void* in_token,
                                       uint32 in_token_len,
                                       void** out_token,
                                       uint32* out_token_len) {
   int rv;
 
   // If in_token is non-null, then assume it contains a type 2 message...
   if (in_token) {
     LogToken("in-token", in_token, in_token_len);
     std::string hostname = get_host_name_proc_();
     if (hostname.empty())
       return ERR_UNEXPECTED;
     uint8 rand_buf[8];
     generate_random_proc_(rand_buf, 8);
     rv = GenerateType3Msg(domain_, username_, password_, hostname, rand_buf,
                           in_token, in_token_len, out_token, out_token_len);
   } else {
     rv = GenerateType1Msg(out_token, out_token_len);
   }
 
   if (rv == OK)
     LogToken("out-token", *out_token, *out_token_len);
 
   return rv;
 }
 
+int HttpAuthHandlerNTLM::InitializeBeforeFirstChallenge() {
+  return OK;
+}
+
 }  // namespace net