Home | History | Annotate | Download | only in http 
      1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 // This file contains common routines used by NTLM and Negotiate authentication
      6 // using the SSPI API on Windows.
      7 
      8 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
      9 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
     10 
     11 // security.h needs to be included for CredHandle. Unfortunately CredHandle
     12 // is a typedef and can't be forward declared.
     13 #define SECURITY_WIN32 1
     14 #include <windows.h>
     15 #include <security.h>
     16 
     17 #include <string>
     18 
     19 class GURL;
     20 
     21 namespace net {
     22 
     23 class HttpRequestInfo;
     24 class ProxyInfo;
     25 
     26 class HttpAuthSSPI {
     27  public:
     28   HttpAuthSSPI(const std::string& scheme,
     29                SEC_WCHAR* security_package);
     30   ~HttpAuthSSPI();
     31 
     32   bool NeedsIdentity() const;
     33   bool IsFinalRound() const;
     34 
     35   bool ParseChallenge(std::string::const_iterator challenge_begin,
     36                       std::string::const_iterator challenge_end);
     37 
     38   int GenerateCredentials(const std::wstring& username,
     39                           const std::wstring& password,
     40                           const GURL& origin,
     41                           const HttpRequestInfo* request,
     42                           const ProxyInfo* proxy,
     43                           std::string* out_credentials);
     44 
     45  private:
     46   int OnFirstRound(const std::wstring& domain,
     47                    const std::wstring& user,
     48                    const std::wstring& password);
     49 
     50   int GetNextSecurityToken(
     51       const GURL& origin,
     52       const void* in_token,
     53       int in_token_len,
     54       void** out_token,
     55       int* out_token_len);
     56 
     57   void ResetSecurityContext();
     58   std::string scheme_;
     59   SEC_WCHAR* security_package_;
     60   std::string decoded_server_auth_token_;
     61   ULONG max_token_length_;
     62   CredHandle cred_;
     63   CtxtHandle ctxt_;
     64 };
     65 
     66 // Splits |combined| into domain and username.
     67 // If |combined| is of form "FOO\bar", |domain| will contain "FOO" and |user|
     68 // will contain "bar".
     69 // If |combined| is of form "bar", |domain| will be empty and |user| will
     70 // contain "bar".
     71 // |domain| and |user| must be non-NULL.
     72 void SplitDomainAndUser(const std::wstring& combined,
     73                         std::wstring* domain,
     74                         std::wstring* user);
     75 
     76 // Determines the max token length for a particular SSPI package.
     77 // If the return value is not OK, than the value of max_token_length
     78 // is undefined.
     79 // |max_token_length| must be non-NULL.
     80 int DetermineMaxTokenLength(const std::wstring& package,
     81                             ULONG* max_token_length);
     82 
     83 // Acquire credentials for a user.
     84 int AcquireCredentials(const SEC_WCHAR* package,
     85                        const std::wstring& domain,
     86                        const std::wstring& user,
     87                        const std::wstring& password,
     88                        CredHandle* cred);
     89 
     90 }  // namespace net
     91 #endif  // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
     92 
     93