// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // See "SSPI Sample Application" at // http://msdn.microsoft.com/en-us/library/aa918273.aspx // and "NTLM Security Support Provider" at // http://msdn.microsoft.com/en-us/library/aa923611.aspx. #include "net/http/http_auth_handler_ntlm.h" #include "base/string_util.h" #include "net/base/net_errors.h" #include "net/base/net_util.h" #include "net/http/http_auth_sspi_win.h" #include "net/http/url_security_manager.h" #pragma comment(lib, "secur32.lib") namespace net { HttpAuthHandlerNTLM::HttpAuthHandlerNTLM( SSPILibrary* sspi_library, ULONG max_token_length, URLSecurityManager* url_security_manager) : auth_sspi_(sspi_library, "NTLM", NTLMSP_NAME, max_token_length), url_security_manager_(url_security_manager) { } HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() { } // Require identity on first pass instead of second. bool HttpAuthHandlerNTLM::NeedsIdentity() { return auth_sspi_.NeedsIdentity(); } bool HttpAuthHandlerNTLM::AllowsDefaultCredentials() { if (target_ == HttpAuth::AUTH_PROXY) return true; if (!url_security_manager_) return false; return url_security_manager_->CanUseDefaultCredentials(origin_); } HttpAuthHandlerNTLM::Factory::Factory() : max_token_length_(0), first_creation_(true), is_unsupported_(false), sspi_library_(NULL) { } HttpAuthHandlerNTLM::Factory::~Factory() { } int HttpAuthHandlerNTLM::Factory::CreateAuthHandler( HttpAuth::ChallengeTokenizer* challenge, HttpAuth::Target target, const GURL& origin, CreateReason reason, int digest_nonce_count, const BoundNetLog& net_log, scoped_ptr* handler) { if (is_unsupported_ || reason == CREATE_PREEMPTIVE) return ERR_UNSUPPORTED_AUTH_SCHEME; if (max_token_length_ == 0) { int rv = DetermineMaxTokenLength(sspi_library_, NTLMSP_NAME, &max_token_length_); if (rv == ERR_UNSUPPORTED_AUTH_SCHEME) is_unsupported_ = true; if (rv != OK) return rv; } // TODO(cbentzel): Move towards model of parsing in the factory // method and only constructing when valid. scoped_ptr tmp_handler( new HttpAuthHandlerNTLM(sspi_library_, max_token_length_, url_security_manager())); if (!tmp_handler->InitFromChallenge(challenge, target, origin, net_log)) return ERR_INVALID_RESPONSE; handler->swap(tmp_handler); return OK; } } // namespace net