1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // See "SSPI Sample Application" at
6 // http://msdn.microsoft.com/en-us/library/aa918273.aspx
7 // and "NTLM Security Support Provider" at
8 // http://msdn.microsoft.com/en-us/library/aa923611.aspx.
10 #include "net/http/http_auth_handler_ntlm.h"
12 #include "base/strings/string_util.h"
13 #include "net/base/net_errors.h"
14 #include "net/base/net_util.h"
15 #include "net/http/http_auth_sspi_win.h"
16 #include "net/http/url_security_manager.h"
18 #pragma comment(lib, "secur32.lib")
22 HttpAuthHandlerNTLM::HttpAuthHandlerNTLM(
23 SSPILibrary
* sspi_library
, ULONG max_token_length
,
24 URLSecurityManager
* url_security_manager
)
25 : auth_sspi_(sspi_library
, "NTLM", NTLMSP_NAME
, max_token_length
),
26 url_security_manager_(url_security_manager
) {
29 HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() {
32 // Require identity on first pass instead of second.
33 bool HttpAuthHandlerNTLM::NeedsIdentity() {
34 return auth_sspi_
.NeedsIdentity();
37 bool HttpAuthHandlerNTLM::AllowsDefaultCredentials() {
38 if (target_
== HttpAuth::AUTH_PROXY
)
40 if (!url_security_manager_
)
42 return url_security_manager_
->CanUseDefaultCredentials(origin_
);
45 HttpAuthHandlerNTLM::Factory::Factory()
46 : max_token_length_(0),
47 first_creation_(true),
48 is_unsupported_(false) {
51 HttpAuthHandlerNTLM::Factory::~Factory() {
54 int HttpAuthHandlerNTLM::Factory::CreateAuthHandler(
55 HttpAuthChallengeTokenizer
* challenge
,
56 HttpAuth::Target target
,
59 int digest_nonce_count
,
60 const BoundNetLog
& net_log
,
61 scoped_ptr
<HttpAuthHandler
>* handler
) {
62 if (is_unsupported_
|| reason
== CREATE_PREEMPTIVE
)
63 return ERR_UNSUPPORTED_AUTH_SCHEME
;
64 if (max_token_length_
== 0) {
65 int rv
= DetermineMaxTokenLength(sspi_library_
.get(), NTLMSP_NAME
,
67 if (rv
== ERR_UNSUPPORTED_AUTH_SCHEME
)
68 is_unsupported_
= true;
72 // TODO(cbentzel): Move towards model of parsing in the factory
73 // method and only constructing when valid.
74 scoped_ptr
<HttpAuthHandler
> tmp_handler(
75 new HttpAuthHandlerNTLM(sspi_library_
.get(), max_token_length_
,
76 url_security_manager()));
77 if (!tmp_handler
->InitFromChallenge(challenge
, target
, origin
, net_log
))
78 return ERR_INVALID_RESPONSE
;
79 handler
->swap(tmp_handler
);