// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// See "SSPI Sample Application" at
// http://msdn.microsoft.com/en-us/library/aa918273.aspx
// and "NTLM Security Support Provider" at
// http://msdn.microsoft.com/en-us/library/aa923611.aspx.
#include "net/http/http_auth_handler_ntlm.h"
#include "base/string_util.h"
#include "net/base/net_errors.h"
#include "net/base/net_util.h"
#include "net/http/http_auth_sspi_win.h"
#include "net/http/url_security_manager.h"
#pragma comment(lib, "secur32.lib")
namespace net {
HttpAuthHandlerNTLM::HttpAuthHandlerNTLM(
SSPILibrary* sspi_library, ULONG max_token_length,
URLSecurityManager* url_security_manager)
: auth_sspi_(sspi_library, "NTLM", NTLMSP_NAME, max_token_length),
url_security_manager_(url_security_manager) {
}
HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() {
}
// Require identity on first pass instead of second.
bool HttpAuthHandlerNTLM::NeedsIdentity() {
return auth_sspi_.NeedsIdentity();
}
bool HttpAuthHandlerNTLM::AllowsDefaultCredentials() {
if (target_ == HttpAuth::AUTH_PROXY)
return true;
if (!url_security_manager_)
return false;
return url_security_manager_->CanUseDefaultCredentials(origin_);
}
HttpAuthHandlerNTLM::Factory::Factory()
: max_token_length_(0),
first_creation_(true),
is_unsupported_(false),
sspi_library_(NULL) {
}
HttpAuthHandlerNTLM::Factory::~Factory() {
}
int HttpAuthHandlerNTLM::Factory::CreateAuthHandler(
HttpAuth::ChallengeTokenizer* challenge,
HttpAuth::Target target,
const GURL& origin,
CreateReason reason,
int digest_nonce_count,
const BoundNetLog& net_log,
scoped_ptr<HttpAuthHandler>* handler) {
if (is_unsupported_ || reason == CREATE_PREEMPTIVE)
return ERR_UNSUPPORTED_AUTH_SCHEME;
if (max_token_length_ == 0) {
int rv = DetermineMaxTokenLength(sspi_library_, NTLMSP_NAME,
&max_token_length_);
if (rv == ERR_UNSUPPORTED_AUTH_SCHEME)
is_unsupported_ = true;
if (rv != OK)
return rv;
}
// TODO(cbentzel): Move towards model of parsing in the factory
// method and only constructing when valid.
scoped_ptr<HttpAuthHandler> tmp_handler(
new HttpAuthHandlerNTLM(sspi_library_, max_token_length_,
url_security_manager()));
if (!tmp_handler->InitFromChallenge(challenge, target, origin, net_log))
return ERR_INVALID_RESPONSE;
handler->swap(tmp_handler);
return OK;
}
} // namespace net