| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_handler_ntlm.h" | 5 #include "net/http/http_auth_handler_ntlm.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 // For gethostname | 8 // For gethostname |
| 9 #if defined(OS_POSIX) | 9 #if defined(OS_POSIX) |
| 10 #include <unistd.h> | 10 #include <unistd.h> |
| 11 #elif defined(OS_WIN) | 11 #elif defined(OS_WIN) |
| 12 #include <winsock2.h> | 12 #include <winsock2.h> |
| 13 #endif | 13 #endif |
| 14 | 14 |
| 15 #include "base/md5.h" | 15 #include "base/md5.h" |
| 16 #include "base/rand_util.h" | 16 #include "base/rand_util.h" |
| 17 #include "base/strings/string_util.h" | 17 #include "base/strings/string_util.h" |
| 18 #include "base/strings/sys_string_conversions.h" | 18 #include "base/strings/sys_string_conversions.h" |
| 19 #include "base/strings/utf_string_conversions.h" | 19 #include "base/strings/utf_string_conversions.h" |
| 20 #include "net/base/net_errors.h" | 20 #include "net/base/net_errors.h" |
| 21 #include "net/base/network_interfaces.h" | 21 #include "net/base/network_interfaces.h" |
| 22 #include "net/base/zap.h" | |
| 23 #include "net/http/des.h" | 22 #include "net/http/des.h" |
| 24 #include "net/http/md4.h" | 23 #include "net/http/md4.h" |
| 25 | 24 |
| 26 namespace net { | 25 namespace net { |
| 27 | 26 |
| 28 // Based on mozilla/security/manager/ssl/src/nsNTLMAuthModule.cpp, | 27 // Based on mozilla/security/manager/ssl/src/nsNTLMAuthModule.cpp, |
| 29 // CVS rev. 1.14. | 28 // CVS rev. 1.14. |
| 30 // | 29 // |
| 31 // TODO(wtc): | 30 // TODO(wtc): |
| 32 // - The IS_BIG_ENDIAN code is not tested. | 31 // - The IS_BIG_ENDIAN code is not tested. |
| (...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 238 // 16-byte result buffer | 237 // 16-byte result buffer |
| 239 static void NTLM_Hash(const base::string16& password, uint8_t* hash) { | 238 static void NTLM_Hash(const base::string16& password, uint8_t* hash) { |
| 240 #ifdef IS_BIG_ENDIAN | 239 #ifdef IS_BIG_ENDIAN |
| 241 uint32_t len = password.length(); | 240 uint32_t len = password.length(); |
| 242 uint8_t* passbuf; | 241 uint8_t* passbuf; |
| 243 | 242 |
| 244 passbuf = static_cast<uint8_t*>(malloc(len * 2)); | 243 passbuf = static_cast<uint8_t*>(malloc(len * 2)); |
| 245 WriteUnicodeLE(passbuf, password.data(), len); | 244 WriteUnicodeLE(passbuf, password.data(), len); |
| 246 weak_crypto::MD4Sum(passbuf, len * 2, hash); | 245 weak_crypto::MD4Sum(passbuf, len * 2, hash); |
| 247 | 246 |
| 248 ZapBuf(passbuf, len * 2); | |
| 249 free(passbuf); | 247 free(passbuf); |
| 250 #else | 248 #else |
| 251 weak_crypto::MD4Sum(reinterpret_cast<const uint8_t*>(password.data()), | 249 weak_crypto::MD4Sum(reinterpret_cast<const uint8_t*>(password.data()), |
| 252 password.length() * 2, hash); | 250 password.length() * 2, hash); |
| 253 #endif | 251 #endif |
| 254 } | 252 } |
| 255 | 253 |
| 256 //----------------------------------------------------------------------------- | 254 //----------------------------------------------------------------------------- |
| 257 | 255 |
| 258 // LM_Response generates the LM response given a 16-byte password hash and the | 256 // LM_Response generates the LM response given a 16-byte password hash and the |
| 259 // challenge from the Type-2 message. | 257 // challenge from the Type-2 message. |
| 260 // | 258 // |
| 261 // param hash | 259 // param hash |
| 262 // 16-byte password hash | 260 // 16-byte password hash |
| 263 // param challenge | 261 // param challenge |
| 264 // 8-byte challenge from Type-2 message | 262 // 8-byte challenge from Type-2 message |
| 265 // param response | 263 // param response |
| 266 // 24-byte buffer to contain the LM response upon return | 264 // 24-byte buffer to contain the LM response upon return |
| 267 static void LM_Response(const uint8_t* hash, | 265 static void LM_Response(const uint8_t* hash, |
| 268 const uint8_t* challenge, | 266 const uint8_t* challenge, |
| 269 uint8_t* response) { | 267 uint8_t* response) { |
| 270 uint8_t keybytes[21], k1[8], k2[8], k3[8]; | 268 uint8_t keybytes[21], k1[8], k2[8], k3[8]; |
| 271 | 269 |
| 272 memcpy(keybytes, hash, 16); | 270 memcpy(keybytes, hash, 16); |
| 273 ZapBuf(keybytes + 16, 5); | 271 memset(keybytes + 16, 0, 5); |
| 274 | 272 |
| 275 DESMakeKey(keybytes, k1); | 273 DESMakeKey(keybytes, k1); |
| 276 DESMakeKey(keybytes + 7, k2); | 274 DESMakeKey(keybytes + 7, k2); |
| 277 DESMakeKey(keybytes + 14, k3); | 275 DESMakeKey(keybytes + 14, k3); |
| 278 | 276 |
| 279 DESEncrypt(k1, challenge, response); | 277 DESEncrypt(k1, challenge, response); |
| 280 DESEncrypt(k2, challenge, response + 8); | 278 DESEncrypt(k2, challenge, response + 8); |
| 281 DESEncrypt(k3, challenge, response + 16); | 279 DESEncrypt(k3, challenge, response + 16); |
| 282 } | 280 } |
| 283 | 281 |
| (...skipping 303 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 587 bool HttpAuthHandlerNTLM::AllowsDefaultCredentials() { | 585 bool HttpAuthHandlerNTLM::AllowsDefaultCredentials() { |
| 588 // Default credentials are not supported in the portable implementation of | 586 // Default credentials are not supported in the portable implementation of |
| 589 // NTLM, but are supported in the SSPI implementation. | 587 // NTLM, but are supported in the SSPI implementation. |
| 590 return false; | 588 return false; |
| 591 } | 589 } |
| 592 | 590 |
| 593 int HttpAuthHandlerNTLM::InitializeBeforeFirstChallenge() { | 591 int HttpAuthHandlerNTLM::InitializeBeforeFirstChallenge() { |
| 594 return OK; | 592 return OK; |
| 595 } | 593 } |
| 596 | 594 |
| 597 HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() { | 595 HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() {} |
| 598 credentials_.Zap(); | |
| 599 } | |
| 600 | 596 |
| 601 // static | 597 // static |
| 602 HttpAuthHandlerNTLM::GenerateRandomProc | 598 HttpAuthHandlerNTLM::GenerateRandomProc |
| 603 HttpAuthHandlerNTLM::SetGenerateRandomProc(GenerateRandomProc proc) { | 599 HttpAuthHandlerNTLM::SetGenerateRandomProc(GenerateRandomProc proc) { |
| 604 GenerateRandomProc old_proc = generate_random_proc_; | 600 GenerateRandomProc old_proc = generate_random_proc_; |
| 605 generate_random_proc_ = proc; | 601 generate_random_proc_ = proc; |
| 606 return old_proc; | 602 return old_proc; |
| 607 } | 603 } |
| 608 | 604 |
| 609 // static | 605 // static |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 662 // of NTLM. | 658 // of NTLM. |
| 663 std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM); | 659 std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM); |
| 664 if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin, | 660 if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin, |
| 665 net_log)) | 661 net_log)) |
| 666 return ERR_INVALID_RESPONSE; | 662 return ERR_INVALID_RESPONSE; |
| 667 handler->swap(tmp_handler); | 663 handler->swap(tmp_handler); |
| 668 return OK; | 664 return OK; |
| 669 } | 665 } |
| 670 | 666 |
| 671 } // namespace net | 667 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2926333002:
Remove unnecessary attempts at memory cleaning (Closed)
