Issue getting user/password with GetAuthenticationInfo in firebreath

Question

I'm trying to get user/password from Firebreath plugin with the use of NpapiBrowserHost.GetAuthenticationInfo method.

I need to do this for npapi based browsers (chrome / firefox / opera). So this is my code:

boost::shared_ptr<FB::Npapi::NpapiBrowserHost> npapihost = 
    FB::ptr_cast<FB::Npapi::NpapiBrowserHost>(m_host);
if(npapihost)
{
        char * username = NULL; uint32_t ulen = 0; 
        char * password = NULL; uint32_t plen = 0;
        NPError err = npapihost->GetAuthenticationInfo("http", 
                                               "xxx.yyy.com", 
                                                80, 
                                                "Basic", 
                                                "Knownnameofrealm", 
                                                &username, &ulen, 
                                                &password, &plen );

}

In Opera it works. In Chrome & Firefox it returns err = NPERR_GENERIC_ERROR, and ulen = 0, plen = 0 (username, password - bad ptr).

This code is executed from MypluginamePlugin::onPluginReady().

If you succeeded in getting credentials, please post code example.

PS Chrome according to chromium sources does not yet implement NPN_GetAuthenticationInfo https://code.google.com/p/chromium/issues/detail?id=23928

Answer 1

In Firefox I should use -1 instead of 80 for http (443 for https).

Simply speaking FF's password managing service stored all it's info inside a hashmap: Map entry = ( (key to auth. object) , (objects with single user auth. info) )

Each key is a string created as follows: (some pro stuff) + (scheme) + "://" + (host) + ":" + (port).
FF substituted INTERNET_DEFAULT_HTTP_PORT = 80 (INTERNET_DEFAULT_HTTPS_PORT = 443) with -1 while creating new map entry.

In Opera initially all worked fine.

In Chrome browser-side endpoint function is not implemented since stub creation at 2009.

In IE npapihost is not available. Although I didn't even have to mess with login/password extraction because default CInternetSession (wininet package) constructor does it automatically.