search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Windows should animate when they are about to get docked at screen edges.
[chromium-blink-merge.git] / net / http / http_auth_handler_ntlm.cc
blob4c04234e22ef83160d98f3375339a2e917b602e5
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_auth_handler_ntlm.h"
6
7 #if !defined(NTLM_SSPI)
8 #include "base/base64.h"
9 #endif
10 #include "base/logging.h"
11 #include "base/strings/string_util.h"
12 #include "base/strings/utf_string_conversions.h"
13 #include "net/base/net_errors.h"
14 #include "net/base/net_util.h"
15
16 namespace net {
17
18 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::HandleAnotherChallenge(
19 HttpAuth::ChallengeTokenizer* challenge) {
20 return ParseChallenge(challenge, false);
21 }
22
23 bool HttpAuthHandlerNTLM::Init(HttpAuth::ChallengeTokenizer* tok) {
24 auth_scheme_ = HttpAuth::AUTH_SCHEME_NTLM;
25 score_ = 3;
26 properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED;
27
28 return ParseChallenge(tok, true) == HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
29 }
30
31 int HttpAuthHandlerNTLM::GenerateAuthTokenImpl(
32 const AuthCredentials* credentials, const HttpRequestInfo* request,
33 const CompletionCallback& callback, std::string* auth_token) {
34 #if defined(NTLM_SSPI)
35 return auth_sspi_.GenerateAuthToken(
36 credentials,
37 CreateSPN(origin_),
38 auth_token);
39 #else // !defined(NTLM_SSPI)
40 // TODO(cbentzel): Shouldn't be hitting this case.
41 if (!credentials) {
42 LOG(ERROR) << "Username and password are expected to be non-NULL.";
43 return ERR_MISSING_AUTH_CREDENTIALS;
44 }
45 // TODO(wtc): See if we can use char* instead of void* for in_buf and
46 // out_buf. This change will need to propagate to GetNextToken,
47 // GenerateType1Msg, and GenerateType3Msg, and perhaps further.
48 const void* in_buf;
49 void* out_buf;
50 uint32 in_buf_len, out_buf_len;
51 std::string decoded_auth_data;
52
53 // The username may be in the form "DOMAIN\user". Parse it into the two
54 // components.
55 base::string16 domain;
56 base::string16 user;
57 const base::string16& username = credentials->username();
58 const base::char16 backslash_character = '\\';
59 size_t backslash_idx = username.find(backslash_character);
60 if (backslash_idx == base::string16::npos) {
61 user = username;
62 } else {
63 domain = username.substr(0, backslash_idx);
64 user = username.substr(backslash_idx + 1);
65 }
66 domain_ = domain;
67 credentials_.Set(user, credentials->password());
68
69 // Initial challenge.
70 if (auth_data_.empty()) {
71 in_buf_len = 0;
72 in_buf = NULL;
73 int rv = InitializeBeforeFirstChallenge();
74 if (rv != OK)
75 return rv;
76 } else {
77 if (!base::Base64Decode(auth_data_, &decoded_auth_data)) {
78 LOG(ERROR) << "Unexpected problem Base64 decoding.";
79 return ERR_UNEXPECTED;
80 }
81 in_buf_len = decoded_auth_data.length();
82 in_buf = decoded_auth_data.data();
83 }
84
85 int rv = GetNextToken(in_buf, in_buf_len, &out_buf, &out_buf_len);
86 if (rv != OK)
87 return rv;
88
89 // Base64 encode data in output buffer and prepend "NTLM ".
90 std::string encode_input(static_cast<char*>(out_buf), out_buf_len);
91 std::string encode_output;
92 bool base64_rv = base::Base64Encode(encode_input, &encode_output);
93 // OK, we are done with |out_buf|
94 free(out_buf);
95 if (!base64_rv) {
96 LOG(ERROR) << "Unexpected problem Base64 encoding.";
97 return ERR_UNEXPECTED;
98 }
99 *auth_token = std::string("NTLM ") + encode_output;
100 return OK;
101 #endif
102 }
103
104 // The NTLM challenge header looks like:
105 // WWW-Authenticate: NTLM auth-data
106 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::ParseChallenge(
107 HttpAuth::ChallengeTokenizer* tok, bool initial_challenge) {
108 #if defined(NTLM_SSPI)
109 // auth_sspi_ contains state for whether or not this is the initial challenge.
110 return auth_sspi_.ParseChallenge(tok);
111 #else
112 // TODO(cbentzel): Most of the logic between SSPI, GSSAPI, and portable NTLM
113 // authentication parsing could probably be shared - just need to know if
114 // there was previously a challenge round.
115 // TODO(cbentzel): Write a test case to validate that auth_data_ is left empty
116 // in all failure conditions.
117 auth_data_.clear();
118
119 // Verify the challenge's auth-scheme.
120 if (!LowerCaseEqualsASCII(tok->scheme(), "ntlm"))
121 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
122
123 std::string base64_param = tok->base64_param();
124 if (base64_param.empty()) {
125 if (!initial_challenge)
126 return HttpAuth::AUTHORIZATION_RESULT_REJECT;
127 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
128 } else {
129 if (initial_challenge)
130 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
131 }
132
133 auth_data_ = base64_param;
134 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
135 #endif // defined(NTLM_SSPI)
136 }
137
138 // static
139 std::wstring HttpAuthHandlerNTLM::CreateSPN(const GURL& origin) {
140 // The service principal name of the destination server. See
141 // http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx
142 std::wstring target(L"HTTP/");
143 target.append(ASCIIToWide(GetHostAndPort(origin)));
144 return target;
145 }
146
147 } // namespace net