Probably broke Win7 Tests (dbg)(6). http://build.chromium.org/p/chromium.win/builders...
[chromium-blink-merge.git] / net / http / http_auth_handler_ntlm.cc
blobde0fe290a3c53aad3e083373a2548cdaf98c1193
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_auth_handler_ntlm.h"
7 #if !defined(NTLM_SSPI)
8 #include "base/base64.h"
9 #endif
10 #include "base/logging.h"
11 #include "base/strings/string_util.h"
12 #include "base/strings/utf_string_conversions.h"
13 #include "net/base/net_errors.h"
14 #include "net/base/net_util.h"
15 #include "net/http/http_auth_challenge_tokenizer.h"
17 namespace net {
19 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::HandleAnotherChallenge(
20 HttpAuthChallengeTokenizer* challenge) {
21 return ParseChallenge(challenge, false);
24 bool HttpAuthHandlerNTLM::Init(HttpAuthChallengeTokenizer* tok) {
25 auth_scheme_ = HttpAuth::AUTH_SCHEME_NTLM;
26 score_ = 3;
27 properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED;
29 return ParseChallenge(tok, true) == HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
32 int HttpAuthHandlerNTLM::GenerateAuthTokenImpl(
33 const AuthCredentials* credentials, const HttpRequestInfo* request,
34 const CompletionCallback& callback, std::string* auth_token) {
35 #if defined(NTLM_SSPI)
36 return auth_sspi_.GenerateAuthToken(
37 credentials,
38 CreateSPN(origin_),
39 auth_token);
40 #else // !defined(NTLM_SSPI)
41 // TODO(cbentzel): Shouldn't be hitting this case.
42 if (!credentials) {
43 LOG(ERROR) << "Username and password are expected to be non-NULL.";
44 return ERR_MISSING_AUTH_CREDENTIALS;
46 // TODO(wtc): See if we can use char* instead of void* for in_buf and
47 // out_buf. This change will need to propagate to GetNextToken,
48 // GenerateType1Msg, and GenerateType3Msg, and perhaps further.
49 const void* in_buf;
50 void* out_buf;
51 uint32 in_buf_len, out_buf_len;
52 std::string decoded_auth_data;
54 // The username may be in the form "DOMAIN\user". Parse it into the two
55 // components.
56 base::string16 domain;
57 base::string16 user;
58 const base::string16& username = credentials->username();
59 const base::char16 backslash_character = '\\';
60 size_t backslash_idx = username.find(backslash_character);
61 if (backslash_idx == base::string16::npos) {
62 user = username;
63 } else {
64 domain = username.substr(0, backslash_idx);
65 user = username.substr(backslash_idx + 1);
67 domain_ = domain;
68 credentials_.Set(user, credentials->password());
70 // Initial challenge.
71 if (auth_data_.empty()) {
72 in_buf_len = 0;
73 in_buf = NULL;
74 int rv = InitializeBeforeFirstChallenge();
75 if (rv != OK)
76 return rv;
77 } else {
78 if (!base::Base64Decode(auth_data_, &decoded_auth_data)) {
79 LOG(ERROR) << "Unexpected problem Base64 decoding.";
80 return ERR_UNEXPECTED;
82 in_buf_len = decoded_auth_data.length();
83 in_buf = decoded_auth_data.data();
86 int rv = GetNextToken(in_buf, in_buf_len, &out_buf, &out_buf_len);
87 if (rv != OK)
88 return rv;
90 // Base64 encode data in output buffer and prepend "NTLM ".
91 std::string encode_input(static_cast<char*>(out_buf), out_buf_len);
92 std::string encode_output;
93 base::Base64Encode(encode_input, &encode_output);
94 // OK, we are done with |out_buf|
95 free(out_buf);
96 *auth_token = std::string("NTLM ") + encode_output;
97 return OK;
98 #endif
101 // The NTLM challenge header looks like:
102 // WWW-Authenticate: NTLM auth-data
103 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::ParseChallenge(
104 HttpAuthChallengeTokenizer* tok, bool initial_challenge) {
105 #if defined(NTLM_SSPI)
106 // auth_sspi_ contains state for whether or not this is the initial challenge.
107 return auth_sspi_.ParseChallenge(tok);
108 #else
109 // TODO(cbentzel): Most of the logic between SSPI, GSSAPI, and portable NTLM
110 // authentication parsing could probably be shared - just need to know if
111 // there was previously a challenge round.
112 // TODO(cbentzel): Write a test case to validate that auth_data_ is left empty
113 // in all failure conditions.
114 auth_data_.clear();
116 // Verify the challenge's auth-scheme.
117 if (!LowerCaseEqualsASCII(tok->scheme(), "ntlm"))
118 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
120 std::string base64_param = tok->base64_param();
121 if (base64_param.empty()) {
122 if (!initial_challenge)
123 return HttpAuth::AUTHORIZATION_RESULT_REJECT;
124 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
125 } else {
126 if (initial_challenge)
127 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
130 auth_data_ = base64_param;
131 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
132 #endif // defined(NTLM_SSPI)
135 // static
136 std::string HttpAuthHandlerNTLM::CreateSPN(const GURL& origin) {
137 // The service principal name of the destination server. See
138 // http://msdn.microsoft.com/en-us/library/ms677949%28VS.85%29.aspx
139 std::string target("HTTP/");
140 target.append(GetHostAndPort(origin));
141 return target;
144 } // namespace net