[Second attempt of r25461]

Use SSPI for NTLM authentication on Windows.

Add an explicit embedded_identity_used_ boolean member to
make sure we use the username/password in the URL only once
for the transaction.  This allows us to reset
auth_identity_[target].source to HttpAuth::IDENT_SRC_NONE
after auth failed.

Initial patch by Arindam.

Original review URL: http://codereview.chromium.org/159656

R=arindam,eroman
BUG=19,18009,20560
TEST=1. Open a webpage that requests NTLM authentication
on Windows.  2. New unit test for wrong auth identity in
URL.
Review URL: http://codereview.chromium.org/193022

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25564 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 38 insertions, 3 deletions

diff --git a/net/http/http_auth_handler_ntlm.h b/net/http/http_auth_handler_ntlm.h
index 9b8a3b1..27a6666 100644
--- a/net/http/http_auth_handler_ntlm.h
+++ b/net/http/http_auth_handler_ntlm.h
@@ -5,20 +5,34 @@
 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_
 #define NET_HTTP_HTTP_AUTH_HANDLER_NTLM_H_
 
+#include "build/build_config.h"
+
+// This contains the portable and the SSPI implementations for NTLM.
+// We use NTLM_SSPI for Windows, and NTLM_PORTABLE for other platforms.
+#if defined(OS_WIN)
+#define NTLM_SSPI
+#else
+#define NTLM_PORTABLE
+#endif
+
+#if defined(NTLM_SSPI)
+#define SECURITY_WIN32 1
+#include <windows.h>
+#include <security.h>
+#endif
+
 #include <string>
 
 #include "base/basictypes.h"
-#include "base/scoped_ptr.h"
 #include "base/string16.h"
 #include "net/http/http_auth_handler.h"
 
 namespace net {
 
-class NTLMAuthModule;
-
 // Code for handling HTTP NTLM authentication.
 class HttpAuthHandlerNTLM : public HttpAuthHandler {
  public:
+#if defined(NTLM_PORTABLE)
   // A function that generates n random bytes in the output buffer.
   typedef void (*GenerateRandomProc)(uint8* output, size_t n);
 
@@ -45,6 +59,7 @@ class HttpAuthHandlerNTLM : public HttpAuthHandler {
     GenerateRandomProc old_random_proc_;
     HostNameProc old_host_name_proc_;
   };
+#endif
 
   HttpAuthHandlerNTLM();
 
@@ -52,6 +67,8 @@ class HttpAuthHandlerNTLM : public HttpAuthHandler {
 
   virtual bool NeedsIdentity();
 
+  virtual bool IsFinalRound();
+
   virtual std::string GenerateCredentials(const std::wstring& username,
                                           const std::wstring& password,
                                           const HttpRequestInfo* request,
@@ -63,11 +80,17 @@ class HttpAuthHandlerNTLM : public HttpAuthHandler {
     return ParseChallenge(challenge_begin, challenge_end);
   }
 
+  // This function acquires a credentials handle in the SSPI implementation.
+  // It does nothing in the portable implementation.
+  int InitializeBeforeFirstChallenge();
+
  private:
+#if defined(NTLM_PORTABLE)
   // For unit tests to override the GenerateRandom and GetHostName functions.
   // Returns the old function.
   static GenerateRandomProc SetGenerateRandomProc(GenerateRandomProc proc);
   static HostNameProc SetHostNameProc(HostNameProc proc);
+#endif
 
   // Parse the challenge, saving the results into this instance.
   // Returns true on success.
@@ -81,8 +104,14 @@ class HttpAuthHandlerNTLM : public HttpAuthHandler {
                    void** out_token,
                    uint32* out_token_len);
 
+#if defined(NTLM_SSPI)
+  void ResetSecurityContext();
+#endif
+
+#if defined(NTLM_PORTABLE)
   static GenerateRandomProc generate_random_proc_;
   static HostNameProc get_host_name_proc_;
+#endif
 
   string16 domain_;
   string16 username_;
@@ -91,6 +120,12 @@ class HttpAuthHandlerNTLM : public HttpAuthHandler {
   // The base64-encoded string following "NTLM" in the "WWW-Authenticate" or
   // "Proxy-Authenticate" response header.
   std::string auth_data_;
+
+#if defined(NTLM_SSPI)
+  ULONG max_token_len_;
+  CredHandle cred_;
+  CtxtHandle ctxt_;
+#endif
 };
 
 }  // namespace net