[net/ntlm] Split out platform specific ntlm code.

There already existed http_auth_handler_ntlm_{portable,win}.cc. And yet there was platform specific code in http_auth_handler_ntlm.cc along with lots of preprocessor directives. This CL cleans out the rest of http_auth_handler_ntlm.cc so that that file only contains cross platform code. No changes in behavior. This CL just moves code around. R: mmenke@chromium.org Bug: 927182 Change-Id: I25e20a658ad4fa46e1e9929f992bad2dcbb6dd7a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1881323 Commit-Queue: Asanka Herath <asanka@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Cr-Commit-Position: refs/heads/master@{#710430}

[net/ntlm] Split out platform specific ntlm code.
There already existed http_auth_handler_ntlm_{portable,win}.cc. And yet there was platform specific code in http_auth_handler_ntlm.cc along with lots of preprocessor directives. This CL cleans out the rest of http_auth_handler_ntlm.cc so that that file only contains cross platform code. No changes in behavior. This CL just moves code around. R: mmenke@chromium.org Bug: 927182 Change-Id: I25e20a658ad4fa46e1e9929f992bad2dcbb6dd7a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1881323 Commit-Queue: Asanka Herath <asanka@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Cr-Commit-Position: refs/heads/master@{#710430}
eedfd932 · Asanka Herath · Commit Bot · f5f77a4f · eedfd932 · eedfd932
Commit eedfd932 authored Oct 29, 2019 by Asanka Herath Committed by Commit Bot Oct 29, 2019
3 changed files
--- a/net/http/http_auth_handler_ntlm.cc
+++ b/net/http/http_auth_handler_ntlm.cc
@@ -6,21 +6,17 @@
 #include <utility>
-#if !defined(NTLM_SSPI)
-#include "base/base64.h"
-#endif
-#include "base/logging.h"
-#include "base/strings/string_util.h"
-#include "base/strings/utf_string_conversions.h"
-#include "net/base/net_errors.h"
 #include "net/base/url_util.h"
 #include "net/cert/x509_util.h"
-#include "net/http/http_auth_challenge_tokenizer.h"
 #include "net/http/http_auth_scheme.h"
-#include "net/http/http_response_info.h"
+#include "net/ssl/ssl_info.h"
 namespace net {
+HttpAuthHandlerNTLM::Factory::Factory() = default;
+HttpAuthHandlerNTLM::Factory::~Factory() = default;
 bool HttpAuthHandlerNTLM::Init(HttpAuthChallengeTokenizer* tok,
                               const SSLInfo& ssl_info) {
  auth_scheme_ = HttpAuth::AUTH_SCHEME_NTLM;
@@ -34,108 +30,11 @@ bool HttpAuthHandlerNTLM::Init(HttpAuthChallengeTokenizer* tok,
  return ParseChallenge(tok, true) == HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
 }
-int HttpAuthHandlerNTLM::GenerateAuthTokenImpl(
-    const AuthCredentials* credentials,
-    const HttpRequestInfo* request,
-    CompletionOnceCallback callback,
-    std::string* auth_token) {
-#if defined(NTLM_SSPI)
-  return auth_sspi_.GenerateAuthToken(credentials, CreateSPN(origin_),
-                                      channel_bindings_, auth_token, net_log(),
-                                      std::move(callback));
-#else  // !defined(NTLM_SSPI)
-  // TODO(cbentzel): Shouldn't be hitting this case.
-  if (!credentials) {
-    LOG(ERROR) << "Username and password are expected to be non-nullptr.";
-    return ERR_MISSING_AUTH_CREDENTIALS;
-  }
-  // The username may be in the form "DOMAIN\user".  Parse it into the two
-  // components.
-  base::string16 domain;
-  base::string16 user;
-  const base::string16& username = credentials->username();
-  const base::char16 backslash_character = '\\';
-  size_t backslash_idx = username.find(backslash_character);
-  if (backslash_idx == base::string16::npos) {
-    user = username;
-  } else {
-    domain = username.substr(0, backslash_idx);
-    user = username.substr(backslash_idx + 1);
-  }
-  domain_ = domain;
-  credentials_.Set(user, credentials->password());
-  std::string decoded_auth_data;
-  if (auth_data_.empty()) {
-    // There is no |auth_data_| because the client sends the first message.
-    int rv = InitializeBeforeFirstChallenge();
-    if (rv != OK)
-      return rv;
-  } else {
-    // When |auth_data_| is present it contains the Challenge message.
-    if (!base::Base64Decode(auth_data_, &decoded_auth_data)) {
-      LOG(ERROR) << "Unexpected problem Base64 decoding.";
-      return ERR_UNEXPECTED;
-    }
-  }
-  std::vector<uint8_t> next_token =
-      GetNextToken(base::as_bytes(base::make_span(decoded_auth_data)));
-  if (next_token.empty())
-    return ERR_UNEXPECTED;
-  // Base64 encode data in output buffer and prepend "NTLM ".
-  std::string encode_output;
-  base::Base64Encode(
-      base::StringPiece(reinterpret_cast<const char*>(next_token.data()),
-                        next_token.size()),
-      &encode_output);
-  *auth_token = std::string("NTLM ") + encode_output;
-  return OK;
-#endif
-}
 HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::HandleAnotherChallengeImpl(
    HttpAuthChallengeTokenizer* challenge) {
  return ParseChallenge(challenge, false);
 }
-// The NTLM challenge header looks like:
-//   WWW-Authenticate: NTLM auth-data
-HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::ParseChallenge(
-    HttpAuthChallengeTokenizer* tok, bool initial_challenge) {
-#if defined(NTLM_SSPI)
-  // auth_sspi_ contains state for whether or not this is the initial challenge.
-  return auth_sspi_.ParseChallenge(tok);
-#else
-  // TODO(cbentzel): Most of the logic between SSPI, GSSAPI, and portable NTLM
-  // authentication parsing could probably be shared - just need to know if
-  // there was previously a challenge round.
-  // TODO(cbentzel): Write a test case to validate that auth_data_ is left empty
-  // in all failure conditions.
-  auth_data_.clear();
-  // Verify the challenge's auth-scheme.
-  if (!base::LowerCaseEqualsASCII(tok->scheme(), kNtlmAuthScheme))
-    return HttpAuth::AUTHORIZATION_RESULT_INVALID;
-  std::string base64_param = tok->base64_param();
-  if (base64_param.empty()) {
-    if (!initial_challenge)
-      return HttpAuth::AUTHORIZATION_RESULT_REJECT;
-    return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
-  } else {
-    if (initial_challenge)
-      return HttpAuth::AUTHORIZATION_RESULT_INVALID;
-  }
-  auth_data_ = base64_param;
-  return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
-#endif  // defined(NTLM_SSPI)
-}
 // static
 std::string HttpAuthHandlerNTLM::CreateSPN(const GURL& origin) {
  // The service principal name of the destination server.  See

--- a/net/http/http_auth_handler_ntlm_portable.cc
+++ b/net/http/http_auth_handler_ntlm_portable.cc
@@ -4,14 +4,17 @@
 #include "net/http/http_auth_handler_ntlm.h"
+#include "base/base64.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/rand_util.h"
 #include "base/time/time.h"
 #include "net/base/net_errors.h"
 #include "net/base/network_interfaces.h"
 #include "net/dns/host_resolver.h"
+#include "net/http/http_auth_challenge_tokenizer.h"
 #include "net/http/http_auth_handler_ntlm.h"
 #include "net/http/http_auth_preferences.h"
+#include "net/http/http_auth_scheme.h"
 #include "net/ssl/ssl_info.h"
 namespace net {
@@ -28,6 +31,31 @@ void GenerateRandom(uint8_t* output, size_t n) {
 }  // namespace
+int HttpAuthHandlerNTLM::Factory::CreateAuthHandler(
+    HttpAuthChallengeTokenizer* challenge,
+    HttpAuth::Target target,
+    const SSLInfo& ssl_info,
+    const GURL& origin,
+    CreateReason reason,
+    int digest_nonce_count,
+    const NetLogWithSource& net_log,
+    HostResolver* host_resolver,
+    std::unique_ptr<HttpAuthHandler>* handler) {
+  if (reason == CREATE_PREEMPTIVE)
+    return ERR_UNSUPPORTED_AUTH_SCHEME;
+  // TODO(cbentzel): Move towards model of parsing in the factory
+  //                 method and only constructing when valid.
+  // NOTE: Default credentials are not supported for the portable implementation
+  // of NTLM.
+  std::unique_ptr<HttpAuthHandler> tmp_handler(
+      new HttpAuthHandlerNTLM(http_auth_preferences()));
+  if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin,
+                                      net_log))
+    return ERR_INVALID_RESPONSE;
+  handler->swap(tmp_handler);
+  return OK;
+}
 // static
 HttpAuthHandlerNTLM::GetMSTimeProc HttpAuthHandlerNTLM::get_ms_time_proc_ =
    GetMSTime;
@@ -63,6 +91,63 @@ int HttpAuthHandlerNTLM::InitializeBeforeFirstChallenge() {
  return OK;
 }
+int HttpAuthHandlerNTLM::GenerateAuthTokenImpl(
+    const AuthCredentials* credentials,
+    const HttpRequestInfo* request,
+    CompletionOnceCallback callback,
+    std::string* auth_token) {
+  // TODO(cbentzel): Shouldn't be hitting this case.
+  if (!credentials) {
+    LOG(ERROR) << "Username and password are expected to be non-nullptr.";
+    return ERR_MISSING_AUTH_CREDENTIALS;
+  }
+  // The username may be in the form "DOMAIN\user".  Parse it into the two
+  // components.
+  base::string16 domain;
+  base::string16 user;
+  const base::string16& username = credentials->username();
+  const base::char16 backslash_character = '\\';
+  size_t backslash_idx = username.find(backslash_character);
+  if (backslash_idx == base::string16::npos) {
+    user = username;
+  } else {
+    domain = username.substr(0, backslash_idx);
+    user = username.substr(backslash_idx + 1);
+  }
+  domain_ = domain;
+  credentials_.Set(user, credentials->password());
+  std::string decoded_auth_data;
+  if (auth_data_.empty()) {
+    // There is no |auth_data_| because the client sends the first message.
+    int rv = InitializeBeforeFirstChallenge();
+    if (rv != OK)
+      return rv;
+  } else {
+    // When |auth_data_| is present it contains the Challenge message.
+    if (!base::Base64Decode(auth_data_, &decoded_auth_data)) {
+      LOG(ERROR) << "Unexpected problem Base64 decoding.";
+      return ERR_UNEXPECTED;
+    }
+  }
+  std::vector<uint8_t> next_token =
+      GetNextToken(base::as_bytes(base::make_span(decoded_auth_data)));
+  if (next_token.empty())
+    return ERR_UNEXPECTED;
+  // Base64 encode data in output buffer and prepend "NTLM ".
+  std::string encode_output;
+  base::Base64Encode(
+      base::StringPiece(reinterpret_cast<const char*>(next_token.data()),
+                        next_token.size()),
+      &encode_output);
+  *auth_token = std::string("NTLM ") + encode_output;
+  return OK;
+}
 HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() = default;
 // static
@@ -89,10 +174,6 @@ HttpAuthHandlerNTLM::HostNameProc HttpAuthHandlerNTLM::SetHostNameProc(
  return old_proc;
 }
-HttpAuthHandlerNTLM::Factory::Factory() = default;
-HttpAuthHandlerNTLM::Factory::~Factory() = default;
 std::vector<uint8_t> HttpAuthHandlerNTLM::GetNextToken(
    base::span<const uint8_t> in_token) {
  // If in_token is non-empty, then assume it contains a challenge message,
@@ -115,29 +196,27 @@ std::vector<uint8_t> HttpAuthHandlerNTLM::GetNextToken(
      in_token);
 }
-int HttpAuthHandlerNTLM::Factory::CreateAuthHandler(
+HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::ParseChallenge(
-    HttpAuthChallengeTokenizer* challenge,
+    HttpAuthChallengeTokenizer* tok,
-    HttpAuth::Target target,
+    bool initial_challenge) {
-    const SSLInfo& ssl_info,
+  auth_data_.clear();
-    const GURL& origin,
-    CreateReason reason,
+  // Verify the challenge's auth-scheme.
-    int digest_nonce_count,
+  if (!base::LowerCaseEqualsASCII(tok->scheme(), kNtlmAuthScheme))
-    const NetLogWithSource& net_log,
+    return HttpAuth::AUTHORIZATION_RESULT_INVALID;
-    HostResolver* host_resolver,
-    std::unique_ptr<HttpAuthHandler>* handler) {
+  std::string base64_param = tok->base64_param();
-  if (reason == CREATE_PREEMPTIVE)
+  if (base64_param.empty()) {
-    return ERR_UNSUPPORTED_AUTH_SCHEME;
+    if (!initial_challenge)
-  // TODO(cbentzel): Move towards model of parsing in the factory
+      return HttpAuth::AUTHORIZATION_RESULT_REJECT;
-  //                 method and only constructing when valid.
+    return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
-  // NOTE: Default credentials are not supported for the portable implementation
+  } else {
-  // of NTLM.
+    if (initial_challenge)
-  std::unique_ptr<HttpAuthHandler> tmp_handler(
+      return HttpAuth::AUTHORIZATION_RESULT_INVALID;
-      new HttpAuthHandlerNTLM(http_auth_preferences()));
+  }
-  if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin,
-                                      net_log))
+  auth_data_ = base64_param;
-    return ERR_INVALID_RESPONSE;
+  return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
-  handler->swap(tmp_handler);
-  return OK;
 }
 }  // namespace net
--- a/net/http/http_auth_handler_ntlm_win.cc
+++ b/net/http/http_auth_handler_ntlm_win.cc
@@ -17,12 +17,45 @@
 namespace net {
+int HttpAuthHandlerNTLM::Factory::CreateAuthHandler(
+    HttpAuthChallengeTokenizer* challenge,
+    HttpAuth::Target target,
+    const SSLInfo& ssl_info,
+    const GURL& origin,
+    CreateReason reason,
+    int digest_nonce_count,
+    const NetLogWithSource& net_log,
+    HostResolver* host_resolver,
+    std::unique_ptr<HttpAuthHandler>* handler) {
+  if (reason == CREATE_PREEMPTIVE)
+    return ERR_UNSUPPORTED_AUTH_SCHEME;
+  // TODO(cbentzel): Move towards model of parsing in the factory
+  //                 method and only constructing when valid.
+  std::unique_ptr<HttpAuthHandler> tmp_handler(
+      new HttpAuthHandlerNTLM(sspi_library_.get(), http_auth_preferences()));
+  if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin,
+                                      net_log))
+    return ERR_INVALID_RESPONSE;
+  handler->swap(tmp_handler);
+  return OK;
+}
 HttpAuthHandlerNTLM::HttpAuthHandlerNTLM(
    SSPILibrary* sspi_library,
    const HttpAuthPreferences* http_auth_preferences)
    : auth_sspi_(sspi_library, "NTLM"),
      http_auth_preferences_(http_auth_preferences) {}
+int HttpAuthHandlerNTLM::GenerateAuthTokenImpl(
+    const AuthCredentials* credentials,
+    const HttpRequestInfo* request,
+    CompletionOnceCallback callback,
+    std::string* auth_token) {
+  return auth_sspi_.GenerateAuthToken(credentials, CreateSPN(origin_),
+                                      channel_bindings_, auth_token, net_log(),
+                                      std::move(callback));
+}
 HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() {
 }
@@ -39,30 +72,11 @@ bool HttpAuthHandlerNTLM::AllowsDefaultCredentials() {
  return http_auth_preferences_->CanUseDefaultCredentials(origin_);
 }
-HttpAuthHandlerNTLM::Factory::Factory() {}
+HttpAuth::AuthorizationResult HttpAuthHandlerNTLM::ParseChallenge(
-HttpAuthHandlerNTLM::Factory::~Factory() {}
+    HttpAuthChallengeTokenizer* tok,
+    bool initial_challenge) {
-int HttpAuthHandlerNTLM::Factory::CreateAuthHandler(
+  // auth_sspi_ contains state for whether or not this is the initial challenge.
-    HttpAuthChallengeTokenizer* challenge,
+  return auth_sspi_.ParseChallenge(tok);
-    HttpAuth::Target target,
-    const SSLInfo& ssl_info,
-    const GURL& origin,
-    CreateReason reason,
-    int digest_nonce_count,
-    const NetLogWithSource& net_log,
-    HostResolver* host_resolver,
-    std::unique_ptr<HttpAuthHandler>* handler) {
-  if (reason == CREATE_PREEMPTIVE)
-    return ERR_UNSUPPORTED_AUTH_SCHEME;
-  // TODO(cbentzel): Move towards model of parsing in the factory
-  //                 method and only constructing when valid.
-  std::unique_ptr<HttpAuthHandler> tmp_handler(
-      new HttpAuthHandlerNTLM(sspi_library_.get(), http_auth_preferences()));
-  if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin,
-                                      net_log))
-    return ERR_INVALID_RESPONSE;
-  handler->swap(tmp_handler);
-  return OK;
 }
 }  // namespace net