Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Side by Side Diff: net/http/http_auth_handler_ntlm.cc

Issue 3360017: Fix multi-round authentication.... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: SocketStream fix Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/http/http_auth_handler_ntlm.h ('k') | net/http/http_auth_handler_ntlm_portable.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_auth_handler_ntlm.h" 5 #include "net/http/http_auth_handler_ntlm.h"
6 6
7 #if !defined(NTLM_SSPI) 7 #if !defined(NTLM_SSPI)
8 #include "base/base64.h" 8 #include "base/base64.h"
9 #endif 9 #endif
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
85 free(out_buf); 85 free(out_buf);
86 if (!base64_rv) { 86 if (!base64_rv) {
87 LOG(ERROR) << "Unexpected problem Base64 encoding."; 87 LOG(ERROR) << "Unexpected problem Base64 encoding.";
88 return ERR_UNEXPECTED; 88 return ERR_UNEXPECTED;
89 } 89 }
90 *auth_token = std::string("NTLM ") + encode_output; 90 *auth_token = std::string("NTLM ") + encode_output;
91 return OK; 91 return OK;
92 #endif 92 #endif
93 } 93 }
94 94
95 bool HttpAuthHandlerNTLM::Init(HttpAuth::ChallengeTokenizer* tok) {
96 scheme_ = "ntlm";
97 score_ = 3;
98 properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED;
99
100 return ParseChallenge(tok, true) == HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
101 }
102
103 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::HandleAnotherChallenge(
104 HttpAuth::ChallengeTokenizer* challenge) {
105 return ParseChallenge(challenge, false);
106 }
107
95 // The NTLM challenge header looks like: 108 // The NTLM challenge header looks like:
96 // WWW-Authenticate: NTLM auth-data 109 // WWW-Authenticate: NTLM auth-data
97 bool HttpAuthHandlerNTLM::ParseChallenge( 110 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::ParseChallenge(
98 HttpAuth::ChallengeTokenizer* tok) { 111 HttpAuth::ChallengeTokenizer* tok, bool initial_challenge) {
99 scheme_ = "ntlm";
100 score_ = 3;
101 properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED;
102
103 #if defined(NTLM_SSPI) 112 #if defined(NTLM_SSPI)
113 // auth_sspi_ contains state for whether or not this is the initial challenge.
104 return auth_sspi_.ParseChallenge(tok); 114 return auth_sspi_.ParseChallenge(tok);
105 #else 115 #else
116 // TODO(cbentzel): Most of the logic between SSPI, GSSAPI, and portable NTLM
117 // authentication parsing could probably be shared - just need to know if
118 // there was previously a challenge round.
106 auth_data_.clear(); 119 auth_data_.clear();
107 120
108 // Verify the challenge's auth-scheme. 121 // Verify the challenge's auth-scheme.
109 if (!tok->valid() || !LowerCaseEqualsASCII(tok->scheme(), "ntlm")) 122 if (!tok->valid() || !LowerCaseEqualsASCII(tok->scheme(), "ntlm"))
110 return false; 123 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
111 124
112 tok->set_expect_base64_token(true); 125 tok->set_expect_base64_token(true);
113 if (tok->GetNext()) 126 if (!tok->GetNext()) {
114 auth_data_.assign(tok->value_begin(), tok->value_end()); 127 if (!initial_challenge)
115 return true; 128 return HttpAuth::AUTHORIZATION_RESULT_REJECT;
129 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
130 } else {
131 if (initial_challenge)
132 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
133 }
134
135 auth_data_.assign(tok->value_begin(), tok->value_end());
136 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
116 #endif // defined(NTLM_SSPI) 137 #endif // defined(NTLM_SSPI)
117 } 138 }
118 139
119 // static 140 // static
120 std::wstring HttpAuthHandlerNTLM::CreateSPN(const GURL& origin) { 141 std::wstring HttpAuthHandlerNTLM::CreateSPN(const GURL& origin) {
121 // The service principal name of the destination server. See 142 // The service principal name of the destination server. See
122 // http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx 143 // http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx
123 std::wstring target(L"HTTP/"); 144 std::wstring target(L"HTTP/");
124 target.append(ASCIIToWide(GetHostAndPort(origin))); 145 target.append(ASCIIToWide(GetHostAndPort(origin)));
125 return target; 146 return target;
126 } 147 }
127 148
128 } // namespace net 149 } // namespace net
OLDNEW
« no previous file with comments | « net/http/http_auth_handler_ntlm.h ('k') | net/http/http_auth_handler_ntlm_portable.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698