1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_
6#define NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_
7
8#include "build/build_config.h"
9
10// This contains the portable and the SSPI implementations for NTLM.
11// We use NTLM_SSPI for Windows, and NTLM_PORTABLE for other platforms.
12#if defined(OS_WIN)
13#define NTLM_SSPI
14#else
15#define NTLM_PORTABLE
16#endif
17
18#if defined(NTLM_SSPI)
19#define SECURITY_WIN32 1
20#include <windows.h>
21#include <security.h>
22#include "net/http/http_auth_sspi_win.h"
23#endif
24
25#include <string>
26
27#include "base/basictypes.h"
28#include "base/strings/string16.h"
29#include "net/http/http_auth_handler.h"
30#include "net/http/http_auth_handler_factory.h"
31
32namespace net {
33
34class URLSecurityManager;
35
36// Code for handling HTTP NTLM authentication.
37class NET_EXPORT_PRIVATE HttpAuthHandlerNTLM : public HttpAuthHandler {
38 public:
39  class Factory : public HttpAuthHandlerFactory {
40   public:
41    Factory();
42    virtual ~Factory();
43
44    virtual int CreateAuthHandler(
45        HttpAuthChallengeTokenizer* challenge,
46        HttpAuth::Target target,
47        const GURL& origin,
48        CreateReason reason,
49        int digest_nonce_count,
50        const BoundNetLog& net_log,
51        scoped_ptr<HttpAuthHandler>* handler) OVERRIDE;
52#if defined(NTLM_SSPI)
53    // Set the SSPILibrary to use. Typically the only callers which need to use
54    // this are unit tests which pass in a mocked-out version of the SSPI
55    // library.  After the call |sspi_library| will be owned by this Factory and
56    // will be destroyed when the Factory is destroyed.
57    void set_sspi_library(SSPILibrary* sspi_library) {
58      sspi_library_.reset(sspi_library);
59    }
60#endif  // defined(NTLM_SSPI)
61   private:
62#if defined(NTLM_SSPI)
63    ULONG max_token_length_;
64    bool first_creation_;
65    bool is_unsupported_;
66    scoped_ptr<SSPILibrary> sspi_library_;
67#endif  // defined(NTLM_SSPI)
68  };
69
70#if defined(NTLM_PORTABLE)
71  // A function that generates n random bytes in the output buffer.
72  typedef void (*GenerateRandomProc)(uint8* output, size_t n);
73
74  // A function that returns the local host name. Returns an empty string if
75  // the local host name is not available.
76  typedef std::string (*HostNameProc)();
77
78  // For unit tests to override and restore the GenerateRandom and
79  // GetHostName functions.
80  class ScopedProcSetter {
81   public:
82    ScopedProcSetter(GenerateRandomProc random_proc,
83                     HostNameProc host_name_proc) {
84      old_random_proc_ = SetGenerateRandomProc(random_proc);
85      old_host_name_proc_ = SetHostNameProc(host_name_proc);
86    }
87
88    ~ScopedProcSetter() {
89      SetGenerateRandomProc(old_random_proc_);
90      SetHostNameProc(old_host_name_proc_);
91    }
92
93   private:
94    GenerateRandomProc old_random_proc_;
95    HostNameProc old_host_name_proc_;
96  };
97#endif
98
99#if defined(NTLM_PORTABLE)
100  HttpAuthHandlerNTLM();
101#endif
102#if defined(NTLM_SSPI)
103  HttpAuthHandlerNTLM(SSPILibrary* sspi_library, ULONG max_token_length,
104                      URLSecurityManager* url_security_manager);
105#endif
106
107  virtual bool NeedsIdentity() OVERRIDE;
108
109  virtual bool AllowsDefaultCredentials() OVERRIDE;
110
111  virtual HttpAuth::AuthorizationResult HandleAnotherChallenge(
112      HttpAuthChallengeTokenizer* challenge) OVERRIDE;
113
114 protected:
115  // This function acquires a credentials handle in the SSPI implementation.
116  // It does nothing in the portable implementation.
117  int InitializeBeforeFirstChallenge();
118
119  virtual bool Init(HttpAuthChallengeTokenizer* tok) OVERRIDE;
120
121  virtual int GenerateAuthTokenImpl(const AuthCredentials* credentials,
122                                    const HttpRequestInfo* request,
123                                    const CompletionCallback& callback,
124                                    std::string* auth_token) OVERRIDE;
125
126 private:
127  virtual ~HttpAuthHandlerNTLM();
128
129#if defined(NTLM_PORTABLE)
130  // For unit tests to override the GenerateRandom and GetHostName functions.
131  // Returns the old function.
132  static GenerateRandomProc SetGenerateRandomProc(GenerateRandomProc proc);
133  static HostNameProc SetHostNameProc(HostNameProc proc);
134#endif
135
136  // Parse the challenge, saving the results into this instance.
137  HttpAuth::AuthorizationResult ParseChallenge(
138      HttpAuthChallengeTokenizer* tok, bool initial_challenge);
139
140  // Given an input token received from the server, generate the next output
141  // token to be sent to the server.
142  int GetNextToken(const void* in_token,
143                   uint32 in_token_len,
144                   void** out_token,
145                   uint32* out_token_len);
146
147  // Create an NTLM SPN to identify the |origin| server.
148  static std::string CreateSPN(const GURL& origin);
149
150#if defined(NTLM_SSPI)
151  HttpAuthSSPI auth_sspi_;
152#endif
153
154#if defined(NTLM_PORTABLE)
155  static GenerateRandomProc generate_random_proc_;
156  static HostNameProc get_host_name_proc_;
157#endif
158
159  base::string16 domain_;
160  AuthCredentials credentials_;
161
162  // The base64-encoded string following "NTLM" in the "WWW-Authenticate" or
163  // "Proxy-Authenticate" response header.
164  std::string auth_data_;
165
166#if defined(NTLM_SSPI)
167  URLSecurityManager* url_security_manager_;
168#endif
169};
170
171}  // namespace net
172
173#endif  // NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_
174