1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/http/http_auth_handler_ntlm.h"
#include "base/string_util.h"
#include "net/base/base64.h"
#include "net/base/net_errors.h"
namespace net {
std::string HttpAuthHandlerNTLM::GenerateCredentials(
const std::wstring& username,
const std::wstring& password,
const HttpRequestInfo* request,
const ProxyInfo* proxy) {
// TODO(wtc): See if we can use char* instead of void* for in_buf and
// out_buf. This change will need to propagate to GetNextToken,
// GenerateType1Msg, and GenerateType3Msg, and perhaps further.
const void* in_buf;
void* out_buf;
uint32 in_buf_len, out_buf_len;
std::string decoded_auth_data;
// |username| may be in the form "DOMAIN\user". Parse it into the two
// components.
std::wstring domain;
std::wstring user;
size_t backslash_idx = username.find(L'\\');
if (backslash_idx == std::wstring::npos) {
user = username;
} else {
domain = username.substr(0, backslash_idx);
user = username.substr(backslash_idx + 1);
}
domain_ = WideToUTF16(domain);
username_ = WideToUTF16(user);
password_ = WideToUTF16(password);
// Initial challenge.
if (auth_data_.empty()) {
in_buf_len = 0;
in_buf = NULL;
int rv = InitializeBeforeFirstChallenge();
if (rv != OK)
return std::string();
} else {
// Decode |auth_data_| into the input buffer.
int len = auth_data_.length();
// Strip off any padding.
// (See https://bugzilla.mozilla.org/show_bug.cgi?id=230351.)
//
// Our base64 decoder requires that the length be a multiple of 4.
while (len > 0 && len % 4 != 0 && auth_data_[len - 1] == '=')
len--;
auth_data_.erase(len);
if (!Base64Decode(auth_data_, &decoded_auth_data))
return std::string(); // Improper base64 encoding
in_buf_len = decoded_auth_data.length();
in_buf = decoded_auth_data.data();
}
int rv = GetNextToken(in_buf, in_buf_len, &out_buf, &out_buf_len);
if (rv != OK)
return std::string();
// Base64 encode data in output buffer and prepend "NTLM ".
std::string encode_input(static_cast<char*>(out_buf), out_buf_len);
std::string encode_output;
bool ok = Base64Encode(encode_input, &encode_output);
// OK, we are done with |out_buf|
free(out_buf);
if (!ok)
return std::string();
return std::string("NTLM ") + encode_output;
}
// The NTLM challenge header looks like:
// WWW-Authenticate: NTLM auth-data
bool HttpAuthHandlerNTLM::ParseChallenge(
std::string::const_iterator challenge_begin,
std::string::const_iterator challenge_end) {
scheme_ = "ntlm";
score_ = 3;
properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED;
auth_data_.clear();
// Verify the challenge's auth-scheme.
HttpAuth::ChallengeTokenizer challenge_tok(challenge_begin, challenge_end);
if (!challenge_tok.valid() ||
!LowerCaseEqualsASCII(challenge_tok.scheme(), "ntlm"))
return false;
// Extract the auth-data. We can't use challenge_tok.GetNext() because
// auth-data is base64-encoded and may contain '=' padding at the end,
// which would be mistaken for a name=value pair.
challenge_begin += 4; // Skip over "NTLM".
HttpUtil::TrimLWS(&challenge_begin, &challenge_end);
auth_data_.assign(challenge_begin, challenge_end);
return true;
}
} // namespace net
|
