1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // This file contains common routines used by NTLM and Negotiate authentication 6 // using the SSPI API on Windows. 7 8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ 9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ 10 11 // security.h needs to be included for CredHandle. Unfortunately CredHandle 12 // is a typedef and can't be forward declared. 13 #define SECURITY_WIN32 1 14 #include <windows.h> 15 #include <security.h> 16 17 #include <string> 18 19 class GURL; 20 21 namespace net { 22 23 class HttpRequestInfo; 24 class ProxyInfo; 25 26 class HttpAuthSSPI { 27 public: 28 HttpAuthSSPI(const std::string& scheme, 29 SEC_WCHAR* security_package); 30 ~HttpAuthSSPI(); 31 32 bool NeedsIdentity() const; 33 bool IsFinalRound() const; 34 35 bool ParseChallenge(std::string::const_iterator challenge_begin, 36 std::string::const_iterator challenge_end); 37 38 int GenerateCredentials(const std::wstring& username, 39 const std::wstring& password, 40 const GURL& origin, 41 const HttpRequestInfo* request, 42 const ProxyInfo* proxy, 43 std::string* out_credentials); 44 45 private: 46 int OnFirstRound(const std::wstring& domain, 47 const std::wstring& user, 48 const std::wstring& password); 49 50 int GetNextSecurityToken( 51 const GURL& origin, 52 const void* in_token, 53 int in_token_len, 54 void** out_token, 55 int* out_token_len); 56 57 void ResetSecurityContext(); 58 std::string scheme_; 59 SEC_WCHAR* security_package_; 60 std::string decoded_server_auth_token_; 61 ULONG max_token_length_; 62 CredHandle cred_; 63 CtxtHandle ctxt_; 64 }; 65 66 // Splits |combined| into domain and username. 67 // If |combined| is of form "FOO\bar", |domain| will contain "FOO" and |user| 68 // will contain "bar". 69 // If |combined| is of form "bar", |domain| will be empty and |user| will 70 // contain "bar". 71 // |domain| and |user| must be non-NULL. 72 void SplitDomainAndUser(const std::wstring& combined, 73 std::wstring* domain, 74 std::wstring* user); 75 76 // Determines the max token length for a particular SSPI package. 77 // If the return value is not OK, than the value of max_token_length 78 // is undefined. 79 // |max_token_length| must be non-NULL. 80 int DetermineMaxTokenLength(const std::wstring& package, 81 ULONG* max_token_length); 82 83 // Acquire credentials for a user. 84 int AcquireCredentials(const SEC_WCHAR* package, 85 const std::wstring& domain, 86 const std::wstring& user, 87 const std::wstring& password, 88 CredHandle* cred); 89 90 } // namespace net 91 #endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_ 92 93