Use SSPI for NTLM authentication on Windows....

net/http/http_auth_handler_ntlm_portable.cc

Index: net/http/http_auth_handler_ntlm_portable.cc
===================================================================
--- net/http/http_auth_handler_ntlm_portable.cc	(revision 24540)
+++ net/http/http_auth_handler_ntlm_portable.cc	(working copy)
@@ -16,7 +16,6 @@
 #include "base/rand_util.h"
 #include "base/string_util.h"
 #include "base/sys_string_conversions.h"
-#include "net/base/base64.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
 #include "net/http/des.h"
@@ -654,69 +653,8 @@
   return !auth_data_.empty();
 }
 
-std::string HttpAuthHandlerNTLM::GenerateCredentials(
-    const std::wstring& username,
-    const std::wstring& password,
-    const HttpRequestInfo* request,
-    const ProxyInfo* proxy) {
-  // TODO(wtc): See if we can use char* instead of void* for in_buf and
-  // out_buf.  This change will need to propagate to GetNextToken,
-  // GenerateType1Msg, and GenerateType3Msg, and perhaps further.
-  const void* in_buf;
-  void* out_buf;
-  uint32 in_buf_len, out_buf_len;
-  std::string decoded_auth_data;
-
-  // |username| may be in the form "DOMAIN\user".  Parse it into the two
-  // components.
-  std::wstring domain;
-  std::wstring user;
-  size_t backslash_idx = username.find(L'\\');
-  if (backslash_idx == std::wstring::npos) {
-    user = username;
-  } else {
-    domain = username.substr(0, backslash_idx);
-    user = username.substr(backslash_idx + 1);
-  }
-  domain_ = WideToUTF16(domain);
-  username_ = WideToUTF16(user);
-  password_ = WideToUTF16(password);
-
-  // Initial challenge.
-  if (auth_data_.empty()) {
-    in_buf_len = 0;
-    in_buf = NULL;
-  } else {
-    // Decode |auth_data_| into the input buffer.
-    int len = auth_data_.length();
-
-    // Strip off any padding.
-    // (See https://bugzilla.mozilla.org/show_bug.cgi?id=230351.)
-    //
-    // Our base64 decoder requires that the length be a multiple of 4.
-    while (len > 0 && len % 4 != 0 && auth_data_[len - 1] == '=')
-      len--;
-    auth_data_.erase(len);
-
-    if (!Base64Decode(auth_data_, &decoded_auth_data))
-      return std::string();  // Improper base64 encoding
-    in_buf_len = decoded_auth_data.length();
-    in_buf = decoded_auth_data.data();
-  }
-
-  int rv = GetNextToken(in_buf, in_buf_len, &out_buf, &out_buf_len);
-  if (rv != OK)
-    return std::string();
-
-  // Base64 encode data in output buffer and prepend "NTLM ".
-  std::string encode_input(static_cast<char*>(out_buf), out_buf_len);
-  std::string encode_output;
-  bool ok = Base64Encode(encode_input, &encode_output);
-  // OK, we are done with |out_buf|
-  free(out_buf);
-  if (!ok)
-    return std::string();
-  return std::string("NTLM ") + encode_output;
+bool HttpAuthHandlerNTLM::IsFinalRound() {
+  return !auth_data_.empty();
 }
 
 // static
@@ -736,33 +674,6 @@
   return old_proc;
 }
 
-// The NTLM challenge header looks like:
-//   WWW-Authenticate: NTLM auth-data
-bool HttpAuthHandlerNTLM::ParseChallenge(
-    std::string::const_iterator challenge_begin,
-    std::string::const_iterator challenge_end) {
-  scheme_ = "ntlm";
-  score_ = 3;
-  properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED;
-  auth_data_.clear();
-
-  // Verify the challenge's auth-scheme.
-  HttpAuth::ChallengeTokenizer challenge_tok(challenge_begin, challenge_end);
-  if (!challenge_tok.valid() ||
-      !LowerCaseEqualsASCII(challenge_tok.scheme(), "ntlm"))
-    return false;
-
-  // Extract the auth-data.  We can't use challenge_tok.GetNext() because
-  // auth-data is base64-encoded and may contain '=' padding at the end,
-  // which would be mistaken for a name=value pair.
-  challenge_begin += 4;  // Skip over "NTLM".
-  HttpUtil::TrimLWS(&challenge_begin, &challenge_end);
-
-  auth_data_.assign(challenge_begin, challenge_end);
-
-  return true;
-}
-
 int HttpAuthHandlerNTLM::GetNextToken(const void* in_token,
                                       uint32 in_token_len,
                                       void** out_token,
@@ -789,4 +700,8 @@
   return rv;
 }
 
+int HttpAuthHandlerNTLM::InitializeBeforeFirstChallenge() {
+  return OK;
+}
+
 }  // namespace net