1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // See "SSPI Sample Application" at 6 // http://msdn.microsoft.com/en-us/library/aa918273.aspx 7 // and "NTLM Security Support Provider" at 8 // http://msdn.microsoft.com/en-us/library/aa923611.aspx. 9 10 #include "net/http/http_auth_handler_ntlm.h" 11 12 #include "base/strings/string_util.h" 13 #include "net/base/net_errors.h" 14 #include "net/base/net_util.h" 15 #include "net/http/http_auth_sspi_win.h" 16 #include "net/http/url_security_manager.h" 17 18 #pragma comment(lib, "secur32.lib") 19 20 namespace net { 21 22 HttpAuthHandlerNTLM::HttpAuthHandlerNTLM( 23 SSPILibrary* sspi_library, ULONG max_token_length, 24 URLSecurityManager* url_security_manager) 25 : auth_sspi_(sspi_library, "NTLM", NTLMSP_NAME, max_token_length), 26 url_security_manager_(url_security_manager) { 27 } 28 29 HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() { 30 } 31 32 // Require identity on first pass instead of second. 33 bool HttpAuthHandlerNTLM::NeedsIdentity() { 34 return auth_sspi_.NeedsIdentity(); 35 } 36 37 bool HttpAuthHandlerNTLM::AllowsDefaultCredentials() { 38 if (target_ == HttpAuth::AUTH_PROXY) 39 return true; 40 if (!url_security_manager_) 41 return false; 42 return url_security_manager_->CanUseDefaultCredentials(origin_); 43 } 44 45 HttpAuthHandlerNTLM::Factory::Factory() 46 : max_token_length_(0), 47 first_creation_(true), 48 is_unsupported_(false) { 49 } 50 51 HttpAuthHandlerNTLM::Factory::~Factory() { 52 } 53 54 int HttpAuthHandlerNTLM::Factory::CreateAuthHandler( 55 HttpAuth::ChallengeTokenizer* challenge, 56 HttpAuth::Target target, 57 const GURL& origin, 58 CreateReason reason, 59 int digest_nonce_count, 60 const BoundNetLog& net_log, 61 scoped_ptr<HttpAuthHandler>* handler) { 62 if (is_unsupported_ || reason == CREATE_PREEMPTIVE) 63 return ERR_UNSUPPORTED_AUTH_SCHEME; 64 if (max_token_length_ == 0) { 65 int rv = DetermineMaxTokenLength(sspi_library_.get(), NTLMSP_NAME, 66 &max_token_length_); 67 if (rv == ERR_UNSUPPORTED_AUTH_SCHEME) 68 is_unsupported_ = true; 69 if (rv != OK) 70 return rv; 71 } 72 // TODO(cbentzel): Move towards model of parsing in the factory 73 // method and only constructing when valid. 74 scoped_ptr<HttpAuthHandler> tmp_handler( 75 new HttpAuthHandlerNTLM(sspi_library_.get(), max_token_length_, 76 url_security_manager())); 77 if (!tmp_handler->InitFromChallenge(challenge, target, origin, net_log)) 78 return ERR_INVALID_RESPONSE; 79 handler->swap(tmp_handler); 80 return OK; 81 } 82 83 } // namespace net 84