OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_auth_handler_ntlm.h" | 5 #include "net/http/http_auth_handler_ntlm.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 // For gethostname | 8 // For gethostname |
9 #if defined(OS_POSIX) | 9 #if defined(OS_POSIX) |
10 #include <unistd.h> | 10 #include <unistd.h> |
11 #elif defined(OS_WIN) | 11 #elif defined(OS_WIN) |
12 #include <winsock2.h> | 12 #include <winsock2.h> |
13 #endif | 13 #endif |
14 | 14 |
15 #include "base/md5.h" | 15 #include "base/md5.h" |
16 #include "base/rand_util.h" | 16 #include "base/rand_util.h" |
17 #include "base/strings/string_util.h" | 17 #include "base/strings/string_util.h" |
18 #include "base/strings/sys_string_conversions.h" | 18 #include "base/strings/sys_string_conversions.h" |
19 #include "base/strings/utf_string_conversions.h" | 19 #include "base/strings/utf_string_conversions.h" |
20 #include "net/base/net_errors.h" | 20 #include "net/base/net_errors.h" |
21 #include "net/base/network_interfaces.h" | 21 #include "net/base/network_interfaces.h" |
22 #include "net/base/zap.h" | |
23 #include "net/http/des.h" | 22 #include "net/http/des.h" |
24 #include "net/http/md4.h" | 23 #include "net/http/md4.h" |
25 | 24 |
26 namespace net { | 25 namespace net { |
27 | 26 |
28 // Based on mozilla/security/manager/ssl/src/nsNTLMAuthModule.cpp, | 27 // Based on mozilla/security/manager/ssl/src/nsNTLMAuthModule.cpp, |
29 // CVS rev. 1.14. | 28 // CVS rev. 1.14. |
30 // | 29 // |
31 // TODO(wtc): | 30 // TODO(wtc): |
32 // - The IS_BIG_ENDIAN code is not tested. | 31 // - The IS_BIG_ENDIAN code is not tested. |
(...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
238 // 16-byte result buffer | 237 // 16-byte result buffer |
239 static void NTLM_Hash(const base::string16& password, uint8_t* hash) { | 238 static void NTLM_Hash(const base::string16& password, uint8_t* hash) { |
240 #ifdef IS_BIG_ENDIAN | 239 #ifdef IS_BIG_ENDIAN |
241 uint32_t len = password.length(); | 240 uint32_t len = password.length(); |
242 uint8_t* passbuf; | 241 uint8_t* passbuf; |
243 | 242 |
244 passbuf = static_cast<uint8_t*>(malloc(len * 2)); | 243 passbuf = static_cast<uint8_t*>(malloc(len * 2)); |
245 WriteUnicodeLE(passbuf, password.data(), len); | 244 WriteUnicodeLE(passbuf, password.data(), len); |
246 weak_crypto::MD4Sum(passbuf, len * 2, hash); | 245 weak_crypto::MD4Sum(passbuf, len * 2, hash); |
247 | 246 |
248 ZapBuf(passbuf, len * 2); | |
249 free(passbuf); | 247 free(passbuf); |
250 #else | 248 #else |
251 weak_crypto::MD4Sum(reinterpret_cast<const uint8_t*>(password.data()), | 249 weak_crypto::MD4Sum(reinterpret_cast<const uint8_t*>(password.data()), |
252 password.length() * 2, hash); | 250 password.length() * 2, hash); |
253 #endif | 251 #endif |
254 } | 252 } |
255 | 253 |
256 //----------------------------------------------------------------------------- | 254 //----------------------------------------------------------------------------- |
257 | 255 |
258 // LM_Response generates the LM response given a 16-byte password hash and the | 256 // LM_Response generates the LM response given a 16-byte password hash and the |
259 // challenge from the Type-2 message. | 257 // challenge from the Type-2 message. |
260 // | 258 // |
261 // param hash | 259 // param hash |
262 // 16-byte password hash | 260 // 16-byte password hash |
263 // param challenge | 261 // param challenge |
264 // 8-byte challenge from Type-2 message | 262 // 8-byte challenge from Type-2 message |
265 // param response | 263 // param response |
266 // 24-byte buffer to contain the LM response upon return | 264 // 24-byte buffer to contain the LM response upon return |
267 static void LM_Response(const uint8_t* hash, | 265 static void LM_Response(const uint8_t* hash, |
268 const uint8_t* challenge, | 266 const uint8_t* challenge, |
269 uint8_t* response) { | 267 uint8_t* response) { |
270 uint8_t keybytes[21], k1[8], k2[8], k3[8]; | 268 uint8_t keybytes[21], k1[8], k2[8], k3[8]; |
271 | 269 |
272 memcpy(keybytes, hash, 16); | 270 memcpy(keybytes, hash, 16); |
273 ZapBuf(keybytes + 16, 5); | 271 memset(keybytes + 16, 0, 5); |
274 | 272 |
275 DESMakeKey(keybytes, k1); | 273 DESMakeKey(keybytes, k1); |
276 DESMakeKey(keybytes + 7, k2); | 274 DESMakeKey(keybytes + 7, k2); |
277 DESMakeKey(keybytes + 14, k3); | 275 DESMakeKey(keybytes + 14, k3); |
278 | 276 |
279 DESEncrypt(k1, challenge, response); | 277 DESEncrypt(k1, challenge, response); |
280 DESEncrypt(k2, challenge, response + 8); | 278 DESEncrypt(k2, challenge, response + 8); |
281 DESEncrypt(k3, challenge, response + 16); | 279 DESEncrypt(k3, challenge, response + 16); |
282 } | 280 } |
283 | 281 |
(...skipping 303 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
587 bool HttpAuthHandlerNTLM::AllowsDefaultCredentials() { | 585 bool HttpAuthHandlerNTLM::AllowsDefaultCredentials() { |
588 // Default credentials are not supported in the portable implementation of | 586 // Default credentials are not supported in the portable implementation of |
589 // NTLM, but are supported in the SSPI implementation. | 587 // NTLM, but are supported in the SSPI implementation. |
590 return false; | 588 return false; |
591 } | 589 } |
592 | 590 |
593 int HttpAuthHandlerNTLM::InitializeBeforeFirstChallenge() { | 591 int HttpAuthHandlerNTLM::InitializeBeforeFirstChallenge() { |
594 return OK; | 592 return OK; |
595 } | 593 } |
596 | 594 |
597 HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() { | 595 HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() {} |
598 credentials_.Zap(); | |
599 } | |
600 | 596 |
601 // static | 597 // static |
602 HttpAuthHandlerNTLM::GenerateRandomProc | 598 HttpAuthHandlerNTLM::GenerateRandomProc |
603 HttpAuthHandlerNTLM::SetGenerateRandomProc(GenerateRandomProc proc) { | 599 HttpAuthHandlerNTLM::SetGenerateRandomProc(GenerateRandomProc proc) { |
604 GenerateRandomProc old_proc = generate_random_proc_; | 600 GenerateRandomProc old_proc = generate_random_proc_; |
605 generate_random_proc_ = proc; | 601 generate_random_proc_ = proc; |
606 return old_proc; | 602 return old_proc; |
607 } | 603 } |
608 | 604 |
609 // static | 605 // static |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
662 // of NTLM. | 658 // of NTLM. |
663 std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM); | 659 std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM); |
664 if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin, | 660 if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin, |
665 net_log)) | 661 net_log)) |
666 return ERR_INVALID_RESPONSE; | 662 return ERR_INVALID_RESPONSE; |
667 handler->swap(tmp_handler); | 663 handler->swap(tmp_handler); |
668 return OK; | 664 return OK; |
669 } | 665 } |
670 | 666 |
671 } // namespace net | 667 } // namespace net |
OLD | NEW |