OLD | NEW |
(Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 // Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol |
| 6 // Specification version 28.0 [1]. Additional NTLM reference [2]. |
| 7 // |
| 8 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx |
| 9 // [2] http://davenport.sourceforge.net/ntlm.html |
| 10 |
| 11 #ifndef NET_BASE_NTLM_CLIENT_H_ |
| 12 #define NET_BASE_NTLM_CLIENT_H_ |
| 13 |
| 14 #include <stddef.h> |
| 15 #include <stdint.h> |
| 16 |
| 17 #include <memory> |
| 18 #include <string> |
| 19 |
| 20 #include "base/strings/string16.h" |
| 21 #include "base/strings/string_piece.h" |
| 22 #include "net/base/net_export.h" |
| 23 #include "net/ntlm/ntlm_constants.h" |
| 24 |
| 25 namespace net { |
| 26 namespace ntlm { |
| 27 |
| 28 // Provides an implementation of an NTLMv1 Client. |
| 29 // |
| 30 // The implementation supports NTLMv1 with extended session security (NTLM2). |
| 31 class NET_EXPORT_PRIVATE NtlmClient { |
| 32 public: |
| 33 NtlmClient(); |
| 34 ~NtlmClient(); |
| 35 |
| 36 // Returns a |Buffer| containing the Negotiate message. |
| 37 Buffer GetNegotiateMessage() const; |
| 38 |
| 39 // Returns a |Buffer| containing the Authenticate message. If the method |
| 40 // fails an empty |Buffer| is returned. |
| 41 // |
| 42 // |hostname| can be a short NetBIOS name or an FQDN, however the server will |
| 43 // only inspect this field if the default domain policy is to restrict NTLM. |
| 44 // In this case the hostname will be compared to a whitelist stored in this |
| 45 // group policy [1]. |
| 46 // |client_challenge| must contain 8 bytes of random data. |
| 47 // |server_challenge_message| is the full content of the challenge message |
| 48 // sent by the server. |
| 49 // |
| 50 // [1] - https://technet.microsoft.com/en-us/library/jj852267(v=ws.11).aspx |
| 51 Buffer GenerateAuthenticateMessage( |
| 52 const base::string16& domain, |
| 53 const base::string16& username, |
| 54 const base::string16& password, |
| 55 const std::string& hostname, |
| 56 const uint8_t* client_challenge, |
| 57 const Buffer& server_challenge_message) const; |
| 58 |
| 59 private: |
| 60 // Calculates the lengths and offset for all the payloads in the message. |
| 61 void CalculatePayloadLayout(bool is_unicode, |
| 62 const base::string16& domain, |
| 63 const base::string16& username, |
| 64 const std::string& hostname, |
| 65 SecurityBuffer* lm_info, |
| 66 SecurityBuffer* ntlm_info, |
| 67 SecurityBuffer* domain_info, |
| 68 SecurityBuffer* username_info, |
| 69 SecurityBuffer* hostname_info, |
| 70 size_t* authenticate_message_len) const; |
| 71 |
| 72 // Returns the length of the header part of the Authenticate message. |
| 73 // NOTE: When NTLMv2 support is added this is no longer a fixed value. |
| 74 size_t GetAuthenticateHeaderLength() const; |
| 75 |
| 76 // Returns the length of the NTLM response. |
| 77 // NOTE: When NTLMv2 support is added this is no longer a fixed value. |
| 78 size_t GetNtlmResponseLength() const; |
| 79 |
| 80 // Generates the negotiate message (which is always the same) into |
| 81 // |negotiate_message_|. |
| 82 void GenerateNegotiateMessage(); |
| 83 |
| 84 NegotiateFlags negotiate_flags_; |
| 85 Buffer negotiate_message_; |
| 86 |
| 87 DISALLOW_COPY_AND_ASSIGN(NtlmClient); |
| 88 }; |
| 89 |
| 90 } // namespace ntlm |
| 91 } // namespace net |
| 92 |
| 93 #endif // NET_BASE_NTLM_CLIENT_H_ |
OLD | NEW |