1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_auth_handler_ntlm.h"
16 #include "base/rand_util.h"
17 #include "base/strings/string_util.h"
18 #include "base/strings/sys_string_conversions.h"
19 #include "base/strings/utf_string_conversions.h"
20 #include "net/base/net_errors.h"
21 #include "net/base/net_util.h"
22 #include "net/base/zap.h"
23 #include "net/http/des.h"
24 #include "net/http/md4.h"
28 // Based on mozilla/security/manager/ssl/src/nsNTLMAuthModule.cpp,
32 // - The IS_BIG_ENDIAN code is not tested.
33 // - Enable the logging code or just delete it.
34 // - Delete or comment out the LM code, which hasn't been tested and isn't
37 /* ***** BEGIN LICENSE BLOCK *****
38 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
40 * The contents of this file are subject to the Mozilla Public License Version
41 * 1.1 (the "License"); you may not use this file except in compliance with
42 * the License. You may obtain a copy of the License at
43 * http://www.mozilla.org/MPL/
45 * Software distributed under the License is distributed on an "AS IS" basis,
46 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
47 * for the specific language governing rights and limitations under the
50 * The Original Code is Mozilla.
52 * The Initial Developer of the Original Code is IBM Corporation.
53 * Portions created by IBM Corporation are Copyright (C) 2003
54 * IBM Corporation. All Rights Reserved.
57 * Darin Fisher <darin@meer.net>
59 * Alternatively, the contents of this file may be used under the terms of
60 * either the GNU General Public License Version 2 or later (the "GPL"), or
61 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
62 * in which case the provisions of the GPL or the LGPL are applicable instead
63 * of those above. If you wish to allow use of your version of this file only
64 * under the terms of either the GPL or the LGPL, and not to allow others to
65 * use your version of this file under the terms of the MPL, indicate your
66 * decision by deleting the provisions above and replace them with the notice
67 * and other provisions required by the GPL or the LGPL. If you do not delete
68 * the provisions above, a recipient may use your version of this file under
69 * the terms of any one of the MPL, the GPL or the LGPL.
71 * ***** END LICENSE BLOCK ***** */
73 #if defined(ARCH_CPU_LITTLE_ENDIAN)
74 #define IS_LITTLE_ENDIAN 1
76 #elif defined(ARCH_CPU_BIG_ENDIAN)
77 #define IS_BIG_ENDIAN 1
78 #undef IS_LITTLE_ENDIAN
80 #error "Unknown endianness"
83 #define NTLM_LOG(x) ((void) 0)
85 //-----------------------------------------------------------------------------
86 // This file contains a cross-platform NTLM authentication implementation. It
87 // is based on documentation from: http://davenport.sourceforge.net/ntlm.html
88 //-----------------------------------------------------------------------------
91 NTLM_NegotiateUnicode
= 0x00000001,
92 NTLM_NegotiateOEM
= 0x00000002,
93 NTLM_RequestTarget
= 0x00000004,
94 NTLM_Unknown1
= 0x00000008,
95 NTLM_NegotiateSign
= 0x00000010,
96 NTLM_NegotiateSeal
= 0x00000020,
97 NTLM_NegotiateDatagramStyle
= 0x00000040,
98 NTLM_NegotiateLanManagerKey
= 0x00000080,
99 NTLM_NegotiateNetware
= 0x00000100,
100 NTLM_NegotiateNTLMKey
= 0x00000200,
101 NTLM_Unknown2
= 0x00000400,
102 NTLM_Unknown3
= 0x00000800,
103 NTLM_NegotiateDomainSupplied
= 0x00001000,
104 NTLM_NegotiateWorkstationSupplied
= 0x00002000,
105 NTLM_NegotiateLocalCall
= 0x00004000,
106 NTLM_NegotiateAlwaysSign
= 0x00008000,
107 NTLM_TargetTypeDomain
= 0x00010000,
108 NTLM_TargetTypeServer
= 0x00020000,
109 NTLM_TargetTypeShare
= 0x00040000,
110 NTLM_NegotiateNTLM2Key
= 0x00080000,
111 NTLM_RequestInitResponse
= 0x00100000,
112 NTLM_RequestAcceptResponse
= 0x00200000,
113 NTLM_RequestNonNTSessionKey
= 0x00400000,
114 NTLM_NegotiateTargetInfo
= 0x00800000,
115 NTLM_Unknown4
= 0x01000000,
116 NTLM_Unknown5
= 0x02000000,
117 NTLM_Unknown6
= 0x04000000,
118 NTLM_Unknown7
= 0x08000000,
119 NTLM_Unknown8
= 0x10000000,
120 NTLM_Negotiate128
= 0x20000000,
121 NTLM_NegotiateKeyExchange
= 0x40000000,
122 NTLM_Negotiate56
= 0x80000000
125 // We send these flags with our type 1 message.
127 NTLM_TYPE1_FLAGS
= (NTLM_NegotiateUnicode
|
130 NTLM_NegotiateNTLMKey
|
131 NTLM_NegotiateAlwaysSign
|
132 NTLM_NegotiateNTLM2Key
)
135 static const char NTLM_SIGNATURE
[] = "NTLMSSP";
136 static const char NTLM_TYPE1_MARKER
[] = { 0x01, 0x00, 0x00, 0x00 };
137 static const char NTLM_TYPE2_MARKER
[] = { 0x02, 0x00, 0x00, 0x00 };
138 static const char NTLM_TYPE3_MARKER
[] = { 0x03, 0x00, 0x00, 0x00 };
141 NTLM_TYPE1_HEADER_LEN
= 32,
142 NTLM_TYPE2_HEADER_LEN
= 32,
143 NTLM_TYPE3_HEADER_LEN
= 64,
152 //-----------------------------------------------------------------------------
154 // The return value of this function controls whether or not the LM hash will
155 // be included in response to a NTLM challenge.
157 // In Mozilla, this function returns the value of the boolean preference
158 // "network.ntlm.send-lm-response". By default, the preference is disabled
159 // since servers should almost never need the LM hash, and the LM hash is what
160 // makes NTLM authentication less secure. See
161 // https://bugzilla.mozilla.org/show_bug.cgi?id=250691 for further details.
163 // We just return a hardcoded false.
164 static bool SendLM() {
168 //-----------------------------------------------------------------------------
170 #define LogFlags(x) ((void) 0)
171 #define LogBuf(a, b, c) ((void) 0)
172 #define LogToken(a, b, c) ((void) 0)
174 //-----------------------------------------------------------------------------
176 // Byte order swapping.
177 #define SWAP16(x) ((((x) & 0xff) << 8) | (((x) >> 8) & 0xff))
178 #define SWAP32(x) ((SWAP16((x) & 0xffff) << 16) | (SWAP16((x) >> 16)))
180 static void* WriteBytes(void* buf
, const void* data
, uint32 data_len
) {
181 memcpy(buf
, data
, data_len
);
182 return static_cast<char*>(buf
) + data_len
;
185 static void* WriteDWORD(void* buf
, uint32 dword
) {
187 // NTLM uses little endian on the wire.
188 dword
= SWAP32(dword
);
190 return WriteBytes(buf
, &dword
, sizeof(dword
));
193 static void* WriteSecBuf(void* buf
, uint16 length
, uint32 offset
) {
195 length
= SWAP16(length
);
196 offset
= SWAP32(offset
);
199 buf
= WriteBytes(buf
, &length
, sizeof(length
));
200 // MaxLen: 2 bytes. The sender should set it to the value of Len. The
201 // recipient must ignore it.
202 buf
= WriteBytes(buf
, &length
, sizeof(length
));
203 // BufferOffset: 4 bytes.
204 buf
= WriteBytes(buf
, &offset
, sizeof(offset
));
210 * WriteUnicodeLE copies a unicode string from one buffer to another. The
211 * resulting unicode string is in little-endian format. The input string is
212 * assumed to be in the native endianness of the local machine. It is safe
213 * to pass the same buffer as both input and output, which is a handy way to
214 * convert the unicode buffer to little-endian on big-endian platforms.
216 static void* WriteUnicodeLE(
217 void* buf
, const base::char16
* str
, uint32 str_len
) {
218 // Convert input string from BE to LE.
219 uint8
* cursor
= static_cast<uint8
*>(buf
);
220 const uint8
* input
= reinterpret_cast<const uint8
*>(str
);
221 for (uint32 i
= 0; i
< str_len
; ++i
, input
+= 2, cursor
+= 2) {
222 // Allow for the case where |buf == str|.
223 uint8 temp
= input
[0];
224 cursor
[0] = input
[1];
231 static uint16
ReadUint16(const uint8
*& buf
) {
232 uint16 x
= (static_cast<uint16
>(buf
[0])) |
233 (static_cast<uint16
>(buf
[1]) << 8);
238 static uint32
ReadUint32(const uint8
*& buf
) {
239 uint32 x
= (static_cast<uint32
>(buf
[0])) |
240 (static_cast<uint32
>(buf
[1]) << 8) |
241 (static_cast<uint32
>(buf
[2]) << 16) |
242 (static_cast<uint32
>(buf
[3]) << 24);
247 //-----------------------------------------------------------------------------
249 // LM_Hash computes the LM hash of the given password.
254 // 16-byte result buffer
256 // Note: This function is not being used because our SendLM() function always
258 static void LM_Hash(const base::string16
& password
, uint8
* hash
) {
259 static const uint8 LM_MAGIC
[] = "KGS!@#$%";
261 // Convert password to OEM character set. We'll just use the native
262 // filesystem charset.
263 std::string passbuf
= base::SysWideToNativeMB(base::UTF16ToWide(password
));
264 base::StringToUpperASCII(&passbuf
);
265 passbuf
.resize(14, '\0');
268 DESMakeKey(reinterpret_cast<const uint8
*>(passbuf
.data()) , k1
);
269 DESMakeKey(reinterpret_cast<const uint8
*>(passbuf
.data()) + 7, k2
);
272 // Use password keys to hash LM magic string twice.
273 DESEncrypt(k1
, LM_MAGIC
, hash
);
274 DESEncrypt(k2
, LM_MAGIC
, hash
+ 8);
277 // NTLM_Hash computes the NTLM hash of the given password.
280 // null-terminated unicode password.
282 // 16-byte result buffer
283 static void NTLM_Hash(const base::string16
& password
, uint8
* hash
) {
285 uint32 len
= password
.length();
288 passbuf
= static_cast<uint8
*>(malloc(len
* 2));
289 WriteUnicodeLE(passbuf
, password
.data(), len
);
290 weak_crypto::MD4Sum(passbuf
, len
* 2, hash
);
292 ZapBuf(passbuf
, len
* 2);
295 weak_crypto::MD4Sum(reinterpret_cast<const uint8
*>(password
.data()),
296 password
.length() * 2, hash
);
300 //-----------------------------------------------------------------------------
302 // LM_Response generates the LM response given a 16-byte password hash and the
303 // challenge from the Type-2 message.
306 // 16-byte password hash
308 // 8-byte challenge from Type-2 message
310 // 24-byte buffer to contain the LM response upon return
311 static void LM_Response(const uint8
* hash
,
312 const uint8
* challenge
,
314 uint8 keybytes
[21], k1
[8], k2
[8], k3
[8];
316 memcpy(keybytes
, hash
, 16);
317 ZapBuf(keybytes
+ 16, 5);
319 DESMakeKey(keybytes
, k1
);
320 DESMakeKey(keybytes
+ 7, k2
);
321 DESMakeKey(keybytes
+ 14, k3
);
323 DESEncrypt(k1
, challenge
, response
);
324 DESEncrypt(k2
, challenge
, response
+ 8);
325 DESEncrypt(k3
, challenge
, response
+ 16);
328 //-----------------------------------------------------------------------------
330 // Returns OK or a network error code.
331 static int GenerateType1Msg(void** out_buf
, uint32
* out_len
) {
333 // Verify that buf_len is sufficient.
335 *out_len
= NTLM_TYPE1_HEADER_LEN
;
336 *out_buf
= malloc(*out_len
);
338 return ERR_OUT_OF_MEMORY
;
341 // Write out type 1 message.
343 void* cursor
= *out_buf
;
346 cursor
= WriteBytes(cursor
, NTLM_SIGNATURE
, sizeof(NTLM_SIGNATURE
));
349 cursor
= WriteBytes(cursor
, NTLM_TYPE1_MARKER
, sizeof(NTLM_TYPE1_MARKER
));
352 cursor
= WriteDWORD(cursor
, NTLM_TYPE1_FLAGS
);
355 // NOTE: It is common for the domain and workstation fields to be empty.
356 // This is true of Win2k clients, and my guess is that there is
357 // little utility to sending these strings before the charset has
358 // been negotiated. We follow suite -- anyways, it doesn't hurt
359 // to save some bytes on the wire ;-)
362 // 16 : supplied domain security buffer (empty)
363 cursor
= WriteSecBuf(cursor
, 0, 0);
365 // 24 : supplied workstation security buffer (empty)
366 cursor
= WriteSecBuf(cursor
, 0, 0);
372 uint32 flags
; // NTLM_Xxx bitwise combination
373 uint8 challenge
[8]; // 8 byte challenge
374 const void* target
; // target string (type depends on flags)
375 uint32 target_len
; // target length in bytes
378 // Returns OK or a network error code.
379 // TODO(wtc): This function returns ERR_UNEXPECTED when the input message is
380 // invalid. We should return a better error code.
381 static int ParseType2Msg(const void* in_buf
, uint32 in_len
, Type2Msg
* msg
) {
382 // Make sure in_buf is long enough to contain a meaningful type2 msg.
384 // 0 NTLMSSP Signature
385 // 8 NTLM Message Type
389 // 32 end of header, start of optional data blocks
391 if (in_len
< NTLM_TYPE2_HEADER_LEN
)
392 return ERR_UNEXPECTED
;
394 const uint8
* cursor
= (const uint8
*) in_buf
;
396 // verify NTLMSSP signature
397 if (memcmp(cursor
, NTLM_SIGNATURE
, sizeof(NTLM_SIGNATURE
)) != 0)
398 return ERR_UNEXPECTED
;
399 cursor
+= sizeof(NTLM_SIGNATURE
);
401 // verify Type-2 marker
402 if (memcmp(cursor
, NTLM_TYPE2_MARKER
, sizeof(NTLM_TYPE2_MARKER
)) != 0)
403 return ERR_UNEXPECTED
;
404 cursor
+= sizeof(NTLM_TYPE2_MARKER
);
406 // read target name security buffer
407 uint32 target_len
= ReadUint16(cursor
);
408 ReadUint16(cursor
); // discard next 16-bit value
409 uint32 offset
= ReadUint32(cursor
); // get offset from in_buf
412 // Check the offset / length combo is in range of the input buffer, including
413 // integer overflow checking.
414 if (offset
+ target_len
> offset
&& offset
+ target_len
<= in_len
) {
415 msg
->target_len
= target_len
;
416 msg
->target
= ((const uint8
*) in_buf
) + offset
;
420 msg
->flags
= ReadUint32(cursor
);
423 memcpy(msg
->challenge
, cursor
, sizeof(msg
->challenge
));
424 cursor
+= sizeof(msg
->challenge
);
426 NTLM_LOG(("NTLM type 2 message:\n"));
427 LogBuf("target", (const uint8
*) msg
->target
, msg
->target_len
);
428 LogBuf("flags", (const uint8
*) &msg
->flags
, 4);
429 LogFlags(msg
->flags
);
430 LogBuf("challenge", msg
->challenge
, sizeof(msg
->challenge
));
432 // We currently do not implement LMv2/NTLMv2 or NTLM2 responses,
433 // so we can ignore target information. We may want to enable
434 // support for these alternate mechanisms in the future.
438 static void GenerateRandom(uint8
* output
, size_t n
) {
439 for (size_t i
= 0; i
< n
; ++i
)
440 output
[i
] = base::RandInt(0, 255);
443 // Returns OK or a network error code.
444 static int GenerateType3Msg(const base::string16
& domain
,
445 const base::string16
& username
,
446 const base::string16
& password
,
447 const std::string
& hostname
,
448 const void* rand_8_bytes
,
453 // in_buf contains Type-2 msg (the challenge) from server.
458 rv
= ParseType2Msg(in_buf
, in_len
, &msg
);
462 bool unicode
= (msg
.flags
& NTLM_NegotiateUnicode
) != 0;
464 // Temporary buffers for unicode strings
466 base::string16 ucs_domain_buf
, ucs_user_buf
;
468 base::string16 ucs_host_buf
;
469 // Temporary buffers for oem strings
470 std::string oem_domain_buf
, oem_user_buf
;
471 // Pointers and lengths for the string buffers; encoding is unicode if
472 // the "negotiate unicode" flag was set in the Type-2 message.
473 const void* domain_ptr
;
474 const void* user_ptr
;
475 const void* host_ptr
;
476 uint32 domain_len
, user_len
, host_len
;
483 ucs_domain_buf
= domain
;
484 domain_ptr
= ucs_domain_buf
.data();
485 domain_len
= ucs_domain_buf
.length() * 2;
486 WriteUnicodeLE(const_cast<void*>(domain_ptr
),
487 (const base::char16
*) domain_ptr
,
488 ucs_domain_buf
.length());
490 domain_ptr
= domain
.data();
491 domain_len
= domain
.length() * 2;
494 oem_domain_buf
= base::SysWideToNativeMB(base::UTF16ToWide(domain
));
495 domain_ptr
= oem_domain_buf
.data();
496 domain_len
= oem_domain_buf
.length();
504 ucs_user_buf
= username
;
505 user_ptr
= ucs_user_buf
.data();
506 user_len
= ucs_user_buf
.length() * 2;
507 WriteUnicodeLE(const_cast<void*>(user_ptr
), (const base::char16
*) user_ptr
,
508 ucs_user_buf
.length());
510 user_ptr
= username
.data();
511 user_len
= username
.length() * 2;
514 oem_user_buf
= base::SysWideToNativeMB(base::UTF16ToWide(username
));
515 user_ptr
= oem_user_buf
.data();
516 user_len
= oem_user_buf
.length();
520 // Get workstation name (use local machine's hostname).
523 // hostname is ASCII, so we can do a simple zero-pad expansion:
524 ucs_host_buf
.assign(hostname
.begin(), hostname
.end());
525 host_ptr
= ucs_host_buf
.data();
526 host_len
= ucs_host_buf
.length() * 2;
528 WriteUnicodeLE(const_cast<void*>(host_ptr
), (const base::char16
*) host_ptr
,
529 ucs_host_buf
.length());
532 host_ptr
= hostname
.data();
533 host_len
= hostname
.length();
537 // Now that we have generated all of the strings, we can allocate out_buf.
539 *out_len
= NTLM_TYPE3_HEADER_LEN
+ host_len
+ domain_len
+ user_len
+
540 LM_RESP_LEN
+ NTLM_RESP_LEN
;
541 *out_buf
= malloc(*out_len
);
543 return ERR_OUT_OF_MEMORY
;
546 // Next, we compute the LM and NTLM responses.
548 uint8 lm_resp
[LM_RESP_LEN
];
549 uint8 ntlm_resp
[NTLM_RESP_LEN
];
550 uint8 ntlm_hash
[NTLM_HASH_LEN
];
551 if (msg
.flags
& NTLM_NegotiateNTLM2Key
) {
552 // compute NTLM2 session response
553 base::MD5Digest session_hash
;
556 memcpy(lm_resp
, rand_8_bytes
, 8);
557 memset(lm_resp
+ 8, 0, LM_RESP_LEN
- 8);
559 memcpy(temp
, msg
.challenge
, 8);
560 memcpy(temp
+ 8, lm_resp
, 8);
561 base::MD5Sum(temp
, 16, &session_hash
);
563 NTLM_Hash(password
, ntlm_hash
);
564 LM_Response(ntlm_hash
, session_hash
.a
, ntlm_resp
);
566 NTLM_Hash(password
, ntlm_hash
);
567 LM_Response(ntlm_hash
, msg
.challenge
, ntlm_resp
);
570 uint8 lm_hash
[LM_HASH_LEN
];
571 LM_Hash(password
, lm_hash
);
572 LM_Response(lm_hash
, msg
.challenge
, lm_resp
);
574 // According to http://davenport.sourceforge.net/ntlm.html#ntlmVersion2,
575 // the correct way to not send the LM hash is to send the NTLM hash twice
576 // in both the LM and NTLM response fields.
577 LM_Response(ntlm_hash
, msg
.challenge
, lm_resp
);
582 // Finally, we assemble the Type-3 msg :-)
584 void* cursor
= *out_buf
;
588 cursor
= WriteBytes(cursor
, NTLM_SIGNATURE
, sizeof(NTLM_SIGNATURE
));
591 cursor
= WriteBytes(cursor
, NTLM_TYPE3_MARKER
, sizeof(NTLM_TYPE3_MARKER
));
593 // 12 : LM response sec buf
594 offset
= NTLM_TYPE3_HEADER_LEN
+ domain_len
+ user_len
+ host_len
;
595 cursor
= WriteSecBuf(cursor
, LM_RESP_LEN
, offset
);
596 memcpy(static_cast<uint8
*>(*out_buf
) + offset
, lm_resp
, LM_RESP_LEN
);
598 // 20 : NTLM response sec buf
599 offset
+= LM_RESP_LEN
;
600 cursor
= WriteSecBuf(cursor
, NTLM_RESP_LEN
, offset
);
601 memcpy(static_cast<uint8
*>(*out_buf
) + offset
, ntlm_resp
, NTLM_RESP_LEN
);
603 // 28 : domain name sec buf
604 offset
= NTLM_TYPE3_HEADER_LEN
;
605 cursor
= WriteSecBuf(cursor
, domain_len
, offset
);
606 memcpy(static_cast<uint8
*>(*out_buf
) + offset
, domain_ptr
, domain_len
);
608 // 36 : user name sec buf
609 offset
+= domain_len
;
610 cursor
= WriteSecBuf(cursor
, user_len
, offset
);
611 memcpy(static_cast<uint8
*>(*out_buf
) + offset
, user_ptr
, user_len
);
613 // 44 : workstation (host) name sec buf
615 cursor
= WriteSecBuf(cursor
, host_len
, offset
);
616 memcpy(static_cast<uint8
*>(*out_buf
) + offset
, host_ptr
, host_len
);
618 // 52 : session key sec buf (not used)
619 cursor
= WriteSecBuf(cursor
, 0, 0);
621 // 60 : negotiated flags
622 cursor
= WriteDWORD(cursor
, msg
.flags
& NTLM_TYPE1_FLAGS
);
627 // NTLM authentication is specified in "NTLM Over HTTP Protocol Specification"
631 HttpAuthHandlerNTLM::GenerateRandomProc
632 HttpAuthHandlerNTLM::generate_random_proc_
= GenerateRandom
;
635 HttpAuthHandlerNTLM::HostNameProc
636 HttpAuthHandlerNTLM::get_host_name_proc_
= GetHostName
;
638 HttpAuthHandlerNTLM::HttpAuthHandlerNTLM() {
641 bool HttpAuthHandlerNTLM::NeedsIdentity() {
642 // This gets called for each round-trip. Only require identity on
643 // the first call (when auth_data_ is empty). On subsequent calls,
644 // we use the initially established identity.
645 return auth_data_
.empty();
648 bool HttpAuthHandlerNTLM::AllowsDefaultCredentials() {
649 // Default credentials are not supported in the portable implementation of
650 // NTLM, but are supported in the SSPI implementation.
654 int HttpAuthHandlerNTLM::InitializeBeforeFirstChallenge() {
658 HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() {
663 HttpAuthHandlerNTLM::GenerateRandomProc
664 HttpAuthHandlerNTLM::SetGenerateRandomProc(
665 GenerateRandomProc proc
) {
666 GenerateRandomProc old_proc
= generate_random_proc_
;
667 generate_random_proc_
= proc
;
672 HttpAuthHandlerNTLM::HostNameProc
HttpAuthHandlerNTLM::SetHostNameProc(
674 HostNameProc old_proc
= get_host_name_proc_
;
675 get_host_name_proc_
= proc
;
679 HttpAuthHandlerNTLM::Factory::Factory() {
682 HttpAuthHandlerNTLM::Factory::~Factory() {
685 int HttpAuthHandlerNTLM::GetNextToken(const void* in_token
,
688 uint32
* out_token_len
) {
691 // If in_token is non-null, then assume it contains a type 2 message...
693 LogToken("in-token", in_token
, in_token_len
);
694 std::string hostname
= get_host_name_proc_();
695 if (hostname
.empty())
696 return ERR_UNEXPECTED
;
698 generate_random_proc_(rand_buf
, 8);
699 rv
= GenerateType3Msg(domain_
,
700 credentials_
.username(), credentials_
.password(),
702 in_token
, in_token_len
, out_token
, out_token_len
);
704 rv
= GenerateType1Msg(out_token
, out_token_len
);
708 LogToken("out-token", *out_token
, *out_token_len
);
713 int HttpAuthHandlerNTLM::Factory::CreateAuthHandler(
714 HttpAuthChallengeTokenizer
* challenge
,
715 HttpAuth::Target target
,
718 int digest_nonce_count
,
719 const BoundNetLog
& net_log
,
720 scoped_ptr
<HttpAuthHandler
>* handler
) {
721 if (reason
== CREATE_PREEMPTIVE
)
722 return ERR_UNSUPPORTED_AUTH_SCHEME
;
723 // TODO(cbentzel): Move towards model of parsing in the factory
724 // method and only constructing when valid.
725 // NOTE: Default credentials are not supported for the portable implementation
727 scoped_ptr
<HttpAuthHandler
> tmp_handler(new HttpAuthHandlerNTLM
);
728 if (!tmp_handler
->InitFromChallenge(challenge
, target
, origin
, net_log
))
729 return ERR_INVALID_RESPONSE
;
730 handler
->swap(tmp_handler
);