| OLD | NEW |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_handler_ntlm.h" | 5 #include "net/http/http_auth_handler_ntlm.h" |
| 6 | 6 |
| 7 #if !defined(NTLM_SSPI) | 7 #if !defined(NTLM_SSPI) |
| 8 #include "base/base64.h" | 8 #include "base/base64.h" |
| 9 #endif | 9 #endif |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 85 free(out_buf); | 85 free(out_buf); |
| 86 if (!base64_rv) { | 86 if (!base64_rv) { |
| 87 LOG(ERROR) << "Unexpected problem Base64 encoding."; | 87 LOG(ERROR) << "Unexpected problem Base64 encoding."; |
| 88 return ERR_UNEXPECTED; | 88 return ERR_UNEXPECTED; |
| 89 } | 89 } |
| 90 *auth_token = std::string("NTLM ") + encode_output; | 90 *auth_token = std::string("NTLM ") + encode_output; |
| 91 return OK; | 91 return OK; |
| 92 #endif | 92 #endif |
| 93 } | 93 } |
| 94 | 94 |
| 95 bool HttpAuthHandlerNTLM::Init(HttpAuth::ChallengeTokenizer* tok) { |
| 96 scheme_ = "ntlm"; |
| 97 score_ = 3; |
| 98 properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED; |
| 99 |
| 100 return ParseChallenge(tok, true) == HttpAuth::AUTHORIZATION_RESULT_ACCEPT; |
| 101 } |
| 102 |
| 103 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::HandleAnotherChallenge( |
| 104 HttpAuth::ChallengeTokenizer* challenge) { |
| 105 return ParseChallenge(challenge, false); |
| 106 } |
| 107 |
| 95 // The NTLM challenge header looks like: | 108 // The NTLM challenge header looks like: |
| 96 // WWW-Authenticate: NTLM auth-data | 109 // WWW-Authenticate: NTLM auth-data |
| 97 bool HttpAuthHandlerNTLM::ParseChallenge( | 110 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::ParseChallenge( |
| 98 HttpAuth::ChallengeTokenizer* tok) { | 111 HttpAuth::ChallengeTokenizer* tok, bool initial_challenge) { |
| 99 scheme_ = "ntlm"; | |
| 100 score_ = 3; | |
| 101 properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED; | |
| 102 | |
| 103 #if defined(NTLM_SSPI) | 112 #if defined(NTLM_SSPI) |
| 113 // auth_sspi_ contains state for whether or not this is the initial challenge. |
| 104 return auth_sspi_.ParseChallenge(tok); | 114 return auth_sspi_.ParseChallenge(tok); |
| 105 #else | 115 #else |
| 116 // TODO(cbentzel): Most of the logic between SSPI, GSSAPI, and portable NTLM |
| 117 // authentication parsing could probably be shared - just need to know if |
| 118 // there was previously a challenge round. |
| 106 auth_data_.clear(); | 119 auth_data_.clear(); |
| 107 | 120 |
| 108 // Verify the challenge's auth-scheme. | 121 // Verify the challenge's auth-scheme. |
| 109 if (!tok->valid() || !LowerCaseEqualsASCII(tok->scheme(), "ntlm")) | 122 if (!tok->valid() || !LowerCaseEqualsASCII(tok->scheme(), "ntlm")) |
| 110 return false; | 123 return HttpAuth::AUTHORIZATION_RESULT_INVALID; |
| 111 | 124 |
| 112 tok->set_expect_base64_token(true); | 125 tok->set_expect_base64_token(true); |
| 113 if (tok->GetNext()) | 126 if (!tok->GetNext()) { |
| 114 auth_data_.assign(tok->value_begin(), tok->value_end()); | 127 if (!initial_challenge) |
| 115 return true; | 128 return HttpAuth::AUTHORIZATION_RESULT_REJECT; |
| 129 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; |
| 130 } else { |
| 131 if (initial_challenge) |
| 132 return HttpAuth::AUTHORIZATION_RESULT_INVALID; |
| 133 } |
| 134 |
| 135 auth_data_.assign(tok->value_begin(), tok->value_end()); |
| 136 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; |
| 116 #endif // defined(NTLM_SSPI) | 137 #endif // defined(NTLM_SSPI) |
| 117 } | 138 } |
| 118 | 139 |
| 119 // static | 140 // static |
| 120 std::wstring HttpAuthHandlerNTLM::CreateSPN(const GURL& origin) { | 141 std::wstring HttpAuthHandlerNTLM::CreateSPN(const GURL& origin) { |
| 121 // The service principal name of the destination server. See | 142 // The service principal name of the destination server. See |
| 122 // http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx | 143 // http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx |
| 123 std::wstring target(L"HTTP/"); | 144 std::wstring target(L"HTTP/"); |
| 124 target.append(ASCIIToWide(GetHostAndPort(origin))); | 145 target.append(ASCIIToWide(GetHostAndPort(origin))); |
| 125 return target; | 146 return target; |
| 126 } | 147 } |
| 127 | 148 |
| 128 } // namespace net | 149 } // namespace net |
| OLD | NEW |