1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_auth_handler_ntlm.h"
7 #if !defined(NTLM_SSPI)
8 #include "base/base64.h"
10 #include "base/logging.h"
11 #include "base/strings/string_util.h"
12 #include "base/strings/utf_string_conversions.h"
13 #include "net/base/net_errors.h"
14 #include "net/base/net_util.h"
15 #include "net/http/http_auth_challenge_tokenizer.h"
19 HttpAuth::AuthorizationResult
HttpAuthHandlerNTLM::HandleAnotherChallenge(
20 HttpAuthChallengeTokenizer
* challenge
) {
21 return ParseChallenge(challenge
, false);
24 bool HttpAuthHandlerNTLM::Init(HttpAuthChallengeTokenizer
* tok
) {
25 auth_scheme_
= HttpAuth::AUTH_SCHEME_NTLM
;
27 properties_
= ENCRYPTS_IDENTITY
| IS_CONNECTION_BASED
;
29 return ParseChallenge(tok
, true) == HttpAuth::AUTHORIZATION_RESULT_ACCEPT
;
32 int HttpAuthHandlerNTLM::GenerateAuthTokenImpl(
33 const AuthCredentials
* credentials
, const HttpRequestInfo
* request
,
34 const CompletionCallback
& callback
, std::string
* auth_token
) {
35 #if defined(NTLM_SSPI)
36 return auth_sspi_
.GenerateAuthToken(
40 #else // !defined(NTLM_SSPI)
41 // TODO(cbentzel): Shouldn't be hitting this case.
43 LOG(ERROR
) << "Username and password are expected to be non-NULL.";
44 return ERR_MISSING_AUTH_CREDENTIALS
;
46 // TODO(wtc): See if we can use char* instead of void* for in_buf and
47 // out_buf. This change will need to propagate to GetNextToken,
48 // GenerateType1Msg, and GenerateType3Msg, and perhaps further.
51 uint32 in_buf_len
, out_buf_len
;
52 std::string decoded_auth_data
;
54 // The username may be in the form "DOMAIN\user". Parse it into the two
56 base::string16 domain
;
58 const base::string16
& username
= credentials
->username();
59 const base::char16 backslash_character
= '\\';
60 size_t backslash_idx
= username
.find(backslash_character
);
61 if (backslash_idx
== base::string16::npos
) {
64 domain
= username
.substr(0, backslash_idx
);
65 user
= username
.substr(backslash_idx
+ 1);
68 credentials_
.Set(user
, credentials
->password());
71 if (auth_data_
.empty()) {
74 int rv
= InitializeBeforeFirstChallenge();
78 if (!base::Base64Decode(auth_data_
, &decoded_auth_data
)) {
79 LOG(ERROR
) << "Unexpected problem Base64 decoding.";
80 return ERR_UNEXPECTED
;
82 in_buf_len
= decoded_auth_data
.length();
83 in_buf
= decoded_auth_data
.data();
86 int rv
= GetNextToken(in_buf
, in_buf_len
, &out_buf
, &out_buf_len
);
90 // Base64 encode data in output buffer and prepend "NTLM ".
91 std::string
encode_input(static_cast<char*>(out_buf
), out_buf_len
);
92 std::string encode_output
;
93 base::Base64Encode(encode_input
, &encode_output
);
94 // OK, we are done with |out_buf|
96 *auth_token
= std::string("NTLM ") + encode_output
;
101 // The NTLM challenge header looks like:
102 // WWW-Authenticate: NTLM auth-data
103 HttpAuth::AuthorizationResult
HttpAuthHandlerNTLM::ParseChallenge(
104 HttpAuthChallengeTokenizer
* tok
, bool initial_challenge
) {
105 #if defined(NTLM_SSPI)
106 // auth_sspi_ contains state for whether or not this is the initial challenge.
107 return auth_sspi_
.ParseChallenge(tok
);
109 // TODO(cbentzel): Most of the logic between SSPI, GSSAPI, and portable NTLM
110 // authentication parsing could probably be shared - just need to know if
111 // there was previously a challenge round.
112 // TODO(cbentzel): Write a test case to validate that auth_data_ is left empty
113 // in all failure conditions.
116 // Verify the challenge's auth-scheme.
117 if (!LowerCaseEqualsASCII(tok
->scheme(), "ntlm"))
118 return HttpAuth::AUTHORIZATION_RESULT_INVALID
;
120 std::string base64_param
= tok
->base64_param();
121 if (base64_param
.empty()) {
122 if (!initial_challenge
)
123 return HttpAuth::AUTHORIZATION_RESULT_REJECT
;
124 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT
;
126 if (initial_challenge
)
127 return HttpAuth::AUTHORIZATION_RESULT_INVALID
;
130 auth_data_
= base64_param
;
131 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT
;
132 #endif // defined(NTLM_SSPI)
136 std::string
HttpAuthHandlerNTLM::CreateSPN(const GURL
& origin
) {
137 // The service principal name of the destination server. See
138 // http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx
139 std::string
target("HTTP/");
140 target
.append(GetHostAndPort(origin
));