1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_ 6 #define NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_ 7 8 #include "build/build_config.h" 9 10 // This contains the portable and the SSPI implementations for NTLM. 11 // We use NTLM_SSPI for Windows, and NTLM_PORTABLE for other platforms. 12 #if defined(OS_WIN) 13 #define NTLM_SSPI 14 #else 15 #define NTLM_PORTABLE 16 #endif 17 18 #if defined(NTLM_SSPI) 19 #define SECURITY_WIN32 1 20 #include <windows.h> 21 #include <security.h> 22 #include "net/http/http_auth_sspi_win.h" 23 #endif 24 25 #include <string> 26 27 #include "base/basictypes.h" 28 #include "base/strings/string16.h" 29 #include "net/http/http_auth_handler.h" 30 #include "net/http/http_auth_handler_factory.h" 31 32 namespace net { 33 34 class URLSecurityManager; 35 36 // Code for handling HTTP NTLM authentication. 37 class NET_EXPORT_PRIVATE HttpAuthHandlerNTLM : public HttpAuthHandler { 38 public: 39 class Factory : public HttpAuthHandlerFactory { 40 public: 41 Factory(); 42 virtual ~Factory(); 43 44 virtual int CreateAuthHandler( 45 HttpAuth::ChallengeTokenizer* challenge, 46 HttpAuth::Target target, 47 const GURL& origin, 48 CreateReason reason, 49 int digest_nonce_count, 50 const BoundNetLog& net_log, 51 scoped_ptr<HttpAuthHandler>* handler) OVERRIDE; 52 #if defined(NTLM_SSPI) 53 // Set the SSPILibrary to use. Typically the only callers which need to use 54 // this are unit tests which pass in a mocked-out version of the SSPI 55 // library. After the call |sspi_library| will be owned by this Factory and 56 // will be destroyed when the Factory is destroyed. 57 void set_sspi_library(SSPILibrary* sspi_library) { 58 sspi_library_.reset(sspi_library); 59 } 60 #endif // defined(NTLM_SSPI) 61 private: 62 #if defined(NTLM_SSPI) 63 ULONG max_token_length_; 64 bool first_creation_; 65 bool is_unsupported_; 66 scoped_ptr<SSPILibrary> sspi_library_; 67 #endif // defined(NTLM_SSPI) 68 }; 69 70 #if defined(NTLM_PORTABLE) 71 // A function that generates n random bytes in the output buffer. 72 typedef void (*GenerateRandomProc)(uint8* output, size_t n); 73 74 // A function that returns the local host name. Returns an empty string if 75 // the local host name is not available. 76 typedef std::string (*HostNameProc)(); 77 78 // For unit tests to override and restore the GenerateRandom and 79 // GetHostName functions. 80 class ScopedProcSetter { 81 public: 82 ScopedProcSetter(GenerateRandomProc random_proc, 83 HostNameProc host_name_proc) { 84 old_random_proc_ = SetGenerateRandomProc(random_proc); 85 old_host_name_proc_ = SetHostNameProc(host_name_proc); 86 } 87 88 ~ScopedProcSetter() { 89 SetGenerateRandomProc(old_random_proc_); 90 SetHostNameProc(old_host_name_proc_); 91 } 92 93 private: 94 GenerateRandomProc old_random_proc_; 95 HostNameProc old_host_name_proc_; 96 }; 97 #endif 98 99 #if defined(NTLM_PORTABLE) 100 HttpAuthHandlerNTLM(); 101 #endif 102 #if defined(NTLM_SSPI) 103 HttpAuthHandlerNTLM(SSPILibrary* sspi_library, ULONG max_token_length, 104 URLSecurityManager* url_security_manager); 105 #endif 106 107 virtual bool NeedsIdentity() OVERRIDE; 108 109 virtual bool AllowsDefaultCredentials() OVERRIDE; 110 111 virtual HttpAuth::AuthorizationResult HandleAnotherChallenge( 112 HttpAuth::ChallengeTokenizer* challenge) OVERRIDE; 113 114 protected: 115 // This function acquires a credentials handle in the SSPI implementation. 116 // It does nothing in the portable implementation. 117 int InitializeBeforeFirstChallenge(); 118 119 virtual bool Init(HttpAuth::ChallengeTokenizer* tok) OVERRIDE; 120 121 virtual int GenerateAuthTokenImpl(const AuthCredentials* credentials, 122 const HttpRequestInfo* request, 123 const CompletionCallback& callback, 124 std::string* auth_token) OVERRIDE; 125 126 private: 127 virtual ~HttpAuthHandlerNTLM(); 128 129 #if defined(NTLM_PORTABLE) 130 // For unit tests to override the GenerateRandom and GetHostName functions. 131 // Returns the old function. 132 static GenerateRandomProc SetGenerateRandomProc(GenerateRandomProc proc); 133 static HostNameProc SetHostNameProc(HostNameProc proc); 134 #endif 135 136 // Parse the challenge, saving the results into this instance. 137 HttpAuth::AuthorizationResult ParseChallenge( 138 HttpAuth::ChallengeTokenizer* tok, bool initial_challenge); 139 140 // Given an input token received from the server, generate the next output 141 // token to be sent to the server. 142 int GetNextToken(const void* in_token, 143 uint32 in_token_len, 144 void** out_token, 145 uint32* out_token_len); 146 147 // Create an NTLM SPN to identify the |origin| server. 148 static std::wstring CreateSPN(const GURL& origin); 149 150 #if defined(NTLM_SSPI) 151 HttpAuthSSPI auth_sspi_; 152 #endif 153 154 #if defined(NTLM_PORTABLE) 155 static GenerateRandomProc generate_random_proc_; 156 static HostNameProc get_host_name_proc_; 157 #endif 158 159 base::string16 domain_; 160 AuthCredentials credentials_; 161 162 // The base64-encoded string following "NTLM" in the "WWW-Authenticate" or 163 // "Proxy-Authenticate" response header. 164 std::string auth_data_; 165 166 #if defined(NTLM_SSPI) 167 URLSecurityManager* url_security_manager_; 168 #endif 169 }; 170 171 } // namespace net 172 173 #endif // NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_ 174
