| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/http/http_auth_handler_ntlm.h" | |
| 6 | |
| 7 #if !defined(NTLM_SSPI) | |
| 8 #include "base/base64.h" | |
| 9 #endif | |
| 10 #include "base/logging.h" | |
| 11 #include "base/strings/string_util.h" | |
| 12 #include "base/strings/utf_string_conversions.h" | |
| 13 #include "net/base/net_errors.h" | |
| 14 #include "net/base/net_util.h" | |
| 15 #include "net/http/http_auth_challenge_tokenizer.h" | |
| 16 | |
| 17 namespace net { | |
| 18 | |
| 19 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::HandleAnotherChallenge( | |
| 20 HttpAuthChallengeTokenizer* challenge) { | |
| 21 return ParseChallenge(challenge, false); | |
| 22 } | |
| 23 | |
| 24 bool HttpAuthHandlerNTLM::Init(HttpAuthChallengeTokenizer* tok) { | |
| 25 auth_scheme_ = HttpAuth::AUTH_SCHEME_NTLM; | |
| 26 score_ = 3; | |
| 27 properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED; | |
| 28 | |
| 29 return ParseChallenge(tok, true) == HttpAuth::AUTHORIZATION_RESULT_ACCEPT; | |
| 30 } | |
| 31 | |
| 32 int HttpAuthHandlerNTLM::GenerateAuthTokenImpl( | |
| 33 const AuthCredentials* credentials, const HttpRequestInfo* request, | |
| 34 const CompletionCallback& callback, std::string* auth_token) { | |
| 35 #if defined(NTLM_SSPI) | |
| 36 return auth_sspi_.GenerateAuthToken( | |
| 37 credentials, | |
| 38 CreateSPN(origin_), | |
| 39 auth_token); | |
| 40 #else // !defined(NTLM_SSPI) | |
| 41 // TODO(cbentzel): Shouldn't be hitting this case. | |
| 42 if (!credentials) { | |
| 43 LOG(ERROR) << "Username and password are expected to be non-NULL."; | |
| 44 return ERR_MISSING_AUTH_CREDENTIALS; | |
| 45 } | |
| 46 // TODO(wtc): See if we can use char* instead of void* for in_buf and | |
| 47 // out_buf. This change will need to propagate to GetNextToken, | |
| 48 // GenerateType1Msg, and GenerateType3Msg, and perhaps further. | |
| 49 const void* in_buf; | |
| 50 void* out_buf; | |
| 51 uint32 in_buf_len, out_buf_len; | |
| 52 std::string decoded_auth_data; | |
| 53 | |
| 54 // The username may be in the form "DOMAIN\user". Parse it into the two | |
| 55 // components. | |
| 56 base::string16 domain; | |
| 57 base::string16 user; | |
| 58 const base::string16& username = credentials->username(); | |
| 59 const base::char16 backslash_character = '\\'; | |
| 60 size_t backslash_idx = username.find(backslash_character); | |
| 61 if (backslash_idx == base::string16::npos) { | |
| 62 user = username; | |
| 63 } else { | |
| 64 domain = username.substr(0, backslash_idx); | |
| 65 user = username.substr(backslash_idx + 1); | |
| 66 } | |
| 67 domain_ = domain; | |
| 68 credentials_.Set(user, credentials->password()); | |
| 69 | |
| 70 // Initial challenge. | |
| 71 if (auth_data_.empty()) { | |
| 72 in_buf_len = 0; | |
| 73 in_buf = NULL; | |
| 74 int rv = InitializeBeforeFirstChallenge(); | |
| 75 if (rv != OK) | |
| 76 return rv; | |
| 77 } else { | |
| 78 if (!base::Base64Decode(auth_data_, &decoded_auth_data)) { | |
| 79 LOG(ERROR) << "Unexpected problem Base64 decoding."; | |
| 80 return ERR_UNEXPECTED; | |
| 81 } | |
| 82 in_buf_len = decoded_auth_data.length(); | |
| 83 in_buf = decoded_auth_data.data(); | |
| 84 } | |
| 85 | |
| 86 int rv = GetNextToken(in_buf, in_buf_len, &out_buf, &out_buf_len); | |
| 87 if (rv != OK) | |
| 88 return rv; | |
| 89 | |
| 90 // Base64 encode data in output buffer and prepend "NTLM ". | |
| 91 std::string encode_input(static_cast<char*>(out_buf), out_buf_len); | |
| 92 std::string encode_output; | |
| 93 base::Base64Encode(encode_input, &encode_output); | |
| 94 // OK, we are done with |out_buf| | |
| 95 free(out_buf); | |
| 96 *auth_token = std::string("NTLM ") + encode_output; | |
| 97 return OK; | |
| 98 #endif | |
| 99 } | |
| 100 | |
| 101 // The NTLM challenge header looks like: | |
| 102 // WWW-Authenticate: NTLM auth-data | |
| 103 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::ParseChallenge( | |
| 104 HttpAuthChallengeTokenizer* tok, bool initial_challenge) { | |
| 105 #if defined(NTLM_SSPI) | |
| 106 // auth_sspi_ contains state for whether or not this is the initial challenge. | |
| 107 return auth_sspi_.ParseChallenge(tok); | |
| 108 #else | |
| 109 // TODO(cbentzel): Most of the logic between SSPI, GSSAPI, and portable NTLM | |
| 110 // authentication parsing could probably be shared - just need to know if | |
| 111 // there was previously a challenge round. | |
| 112 // TODO(cbentzel): Write a test case to validate that auth_data_ is left empty | |
| 113 // in all failure conditions. | |
| 114 auth_data_.clear(); | |
| 115 | |
| 116 // Verify the challenge's auth-scheme. | |
| 117 if (!LowerCaseEqualsASCII(tok->scheme(), "ntlm")) | |
| 118 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | |
| 119 | |
| 120 std::string base64_param = tok->base64_param(); | |
| 121 if (base64_param.empty()) { | |
| 122 if (!initial_challenge) | |
| 123 return HttpAuth::AUTHORIZATION_RESULT_REJECT; | |
| 124 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; | |
| 125 } else { | |
| 126 if (initial_challenge) | |
| 127 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | |
| 128 } | |
| 129 | |
| 130 auth_data_ = base64_param; | |
| 131 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; | |
| 132 #endif // defined(NTLM_SSPI) | |
| 133 } | |
| 134 | |
| 135 // static | |
| 136 std::string HttpAuthHandlerNTLM::CreateSPN(const GURL& origin) { | |
| 137 // The service principal name of the destination server. See | |
| 138 // http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx | |
| 139 std::string target("HTTP/"); | |
| 140 target.append(GetHostAndPort(origin)); | |
| 141 return target; | |
| 142 } | |
| 143 | |
| 144 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master