1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_ 6#define NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_ 7 8#include "build/build_config.h" 9 10// This contains the portable and the SSPI implementations for NTLM. 11// We use NTLM_SSPI for Windows, and NTLM_PORTABLE for other platforms. 12#if defined(OS_WIN) 13#define NTLM_SSPI 14#else 15#define NTLM_PORTABLE 16#endif 17 18#if defined(NTLM_SSPI) 19#define SECURITY_WIN32 1 20#include <windows.h> 21#include <security.h> 22#include "net/http/http_auth_sspi_win.h" 23#endif 24 25#include <string> 26 27#include "base/basictypes.h" 28#include "base/strings/string16.h" 29#include "net/http/http_auth_handler.h" 30#include "net/http/http_auth_handler_factory.h" 31 32namespace net { 33 34class URLSecurityManager; 35 36// Code for handling HTTP NTLM authentication. 37class NET_EXPORT_PRIVATE HttpAuthHandlerNTLM : public HttpAuthHandler { 38 public: 39 class Factory : public HttpAuthHandlerFactory { 40 public: 41 Factory(); 42 virtual ~Factory(); 43 44 virtual int CreateAuthHandler( 45 HttpAuthChallengeTokenizer* challenge, 46 HttpAuth::Target target, 47 const GURL& origin, 48 CreateReason reason, 49 int digest_nonce_count, 50 const BoundNetLog& net_log, 51 scoped_ptr<HttpAuthHandler>* handler) OVERRIDE; 52#if defined(NTLM_SSPI) 53 // Set the SSPILibrary to use. Typically the only callers which need to use 54 // this are unit tests which pass in a mocked-out version of the SSPI 55 // library. After the call |sspi_library| will be owned by this Factory and 56 // will be destroyed when the Factory is destroyed. 57 void set_sspi_library(SSPILibrary* sspi_library) { 58 sspi_library_.reset(sspi_library); 59 } 60#endif // defined(NTLM_SSPI) 61 private: 62#if defined(NTLM_SSPI) 63 ULONG max_token_length_; 64 bool first_creation_; 65 bool is_unsupported_; 66 scoped_ptr<SSPILibrary> sspi_library_; 67#endif // defined(NTLM_SSPI) 68 }; 69 70#if defined(NTLM_PORTABLE) 71 // A function that generates n random bytes in the output buffer. 72 typedef void (*GenerateRandomProc)(uint8* output, size_t n); 73 74 // A function that returns the local host name. Returns an empty string if 75 // the local host name is not available. 76 typedef std::string (*HostNameProc)(); 77 78 // For unit tests to override and restore the GenerateRandom and 79 // GetHostName functions. 80 class ScopedProcSetter { 81 public: 82 ScopedProcSetter(GenerateRandomProc random_proc, 83 HostNameProc host_name_proc) { 84 old_random_proc_ = SetGenerateRandomProc(random_proc); 85 old_host_name_proc_ = SetHostNameProc(host_name_proc); 86 } 87 88 ~ScopedProcSetter() { 89 SetGenerateRandomProc(old_random_proc_); 90 SetHostNameProc(old_host_name_proc_); 91 } 92 93 private: 94 GenerateRandomProc old_random_proc_; 95 HostNameProc old_host_name_proc_; 96 }; 97#endif 98 99#if defined(NTLM_PORTABLE) 100 HttpAuthHandlerNTLM(); 101#endif 102#if defined(NTLM_SSPI) 103 HttpAuthHandlerNTLM(SSPILibrary* sspi_library, ULONG max_token_length, 104 URLSecurityManager* url_security_manager); 105#endif 106 107 virtual bool NeedsIdentity() OVERRIDE; 108 109 virtual bool AllowsDefaultCredentials() OVERRIDE; 110 111 virtual HttpAuth::AuthorizationResult HandleAnotherChallenge( 112 HttpAuthChallengeTokenizer* challenge) OVERRIDE; 113 114 protected: 115 // This function acquires a credentials handle in the SSPI implementation. 116 // It does nothing in the portable implementation. 117 int InitializeBeforeFirstChallenge(); 118 119 virtual bool Init(HttpAuthChallengeTokenizer* tok) OVERRIDE; 120 121 virtual int GenerateAuthTokenImpl(const AuthCredentials* credentials, 122 const HttpRequestInfo* request, 123 const CompletionCallback& callback, 124 std::string* auth_token) OVERRIDE; 125 126 private: 127 virtual ~HttpAuthHandlerNTLM(); 128 129#if defined(NTLM_PORTABLE) 130 // For unit tests to override the GenerateRandom and GetHostName functions. 131 // Returns the old function. 132 static GenerateRandomProc SetGenerateRandomProc(GenerateRandomProc proc); 133 static HostNameProc SetHostNameProc(HostNameProc proc); 134#endif 135 136 // Parse the challenge, saving the results into this instance. 137 HttpAuth::AuthorizationResult ParseChallenge( 138 HttpAuthChallengeTokenizer* tok, bool initial_challenge); 139 140 // Given an input token received from the server, generate the next output 141 // token to be sent to the server. 142 int GetNextToken(const void* in_token, 143 uint32 in_token_len, 144 void** out_token, 145 uint32* out_token_len); 146 147 // Create an NTLM SPN to identify the |origin| server. 148 static std::string CreateSPN(const GURL& origin); 149 150#if defined(NTLM_SSPI) 151 HttpAuthSSPI auth_sspi_; 152#endif 153 154#if defined(NTLM_PORTABLE) 155 static GenerateRandomProc generate_random_proc_; 156 static HostNameProc get_host_name_proc_; 157#endif 158 159 base::string16 domain_; 160 AuthCredentials credentials_; 161 162 // The base64-encoded string following "NTLM" in the "WWW-Authenticate" or 163 // "Proxy-Authenticate" response header. 164 std::string auth_data_; 165 166#if defined(NTLM_SSPI) 167 URLSecurityManager* url_security_manager_; 168#endif 169}; 170 171} // namespace net 172 173#endif // NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_ 174