1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// This file contains common routines used by NTLM and Negotiate authentication
// using the SSPI API on Windows.
#ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
#define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
// security.h needs to be included for CredHandle. Unfortunately CredHandle
// is a typedef and can't be forward declared.
#define SECURITY_WIN32 1
#include <windows.h>
#include <security.h>
#include <string>
class GURL;
namespace net {
class HttpRequestInfo;
class ProxyInfo;
class HttpAuthSSPI {
public:
HttpAuthSSPI(const std::string& scheme,
SEC_WCHAR* security_package);
~HttpAuthSSPI();
bool NeedsIdentity() const;
bool IsFinalRound() const;
bool ParseChallenge(std::string::const_iterator challenge_begin,
std::string::const_iterator challenge_end);
// Generates an authentication token.
// The return value is an error code. If it's not |OK|, the value of
// |*auth_token| is unspecified.
// If this is the first round of a multiple round scheme, credentials are
// obtained using |*username| and |*password|. If |username| and |password|
// are NULL, the default credentials are used instead.
int GenerateAuthToken(const std::wstring* username,
const std::wstring* password,
const GURL& origin,
const HttpRequestInfo* request,
const ProxyInfo* proxy,
std::string* auth_token);
private:
int OnFirstRound(const std::wstring* username,
const std::wstring* password);
int GetNextSecurityToken(
const GURL& origin,
const void* in_token,
int in_token_len,
void** out_token,
int* out_token_len);
void ResetSecurityContext();
std::string scheme_;
SEC_WCHAR* security_package_;
std::string decoded_server_auth_token_;
ULONG max_token_length_;
CredHandle cred_;
CtxtHandle ctxt_;
};
// Splits |combined| into domain and username.
// If |combined| is of form "FOO\bar", |domain| will contain "FOO" and |user|
// will contain "bar".
// If |combined| is of form "bar", |domain| will be empty and |user| will
// contain "bar".
// |domain| and |user| must be non-NULL.
void SplitDomainAndUser(const std::wstring& combined,
std::wstring* domain,
std::wstring* user);
// Determines the max token length for a particular SSPI package.
// If the return value is not OK, than the value of max_token_length
// is undefined.
// |max_token_length| must be non-NULL.
int DetermineMaxTokenLength(const std::wstring& package,
ULONG* max_token_length);
} // namespace net
#endif // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
|
