Backed out 3 changesets (bug 1502774) for mingwclang bustages on include/sspi.h. CLOSED TREE
authorNarcis Beleuzu <nbeleuzu@mozilla.com>
Mon, 29 Oct 2018 17:01:21 +0200
changeset 502544 af20bba72e84ae85bcf3bdbb65f4bcdb1e8c1dc5
parent 502543 814e566c6878c80c6077d409914ec6bd5bd2c017
child 502545 c7d1909cd2aed3392f0e9ab82e9847701a2a75e8
push id1905
push userffxbld-merge
push dateMon, 21 Jan 2019 12:33:13 +0000
treeherdermozilla-release@c2fca1944d8c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1502774
milestone65.0a1
backs outa1f9c46668550d18322337e43b361e48a28694dd
07648e9d8400ee9b0c5ac84c76d8c2f7de94db83
b403c3c786eebc231f1069612a1c820440b798fe
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 3 changesets (bug 1502774) for mingwclang bustages on include/sspi.h. CLOSED TREE Backed out changeset a1f9c4666855 (bug 1502774) Backed out changeset 07648e9d8400 (bug 1502774) Backed out changeset b403c3c786ee (bug 1502774)
extensions/auth/moz.build
extensions/auth/nsAuthFactory.cpp
extensions/auth/nsAuthSASL.cpp
extensions/auth/nsHttpNegotiateAuth.cpp
extensions/auth/nsHttpNegotiateAuth.h
extensions/auth/nsIAuthModule.cpp
netwerk/base/nsIAuthModule.idl
netwerk/build/moz.build
netwerk/build/nsNetModule.cpp
netwerk/protocol/http/moz.build
netwerk/protocol/http/nsHttpBasicAuth.cpp
netwerk/protocol/http/nsHttpBasicAuth.h
netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
netwerk/protocol/http/nsHttpDigestAuth.cpp
netwerk/protocol/http/nsHttpDigestAuth.h
netwerk/protocol/http/nsHttpNTLMAuth.cpp
netwerk/protocol/http/nsHttpNTLMAuth.h
netwerk/protocol/http/nsHttpTransaction.cpp
netwerk/protocol/http/nsIHttpAuthenticator.idl
security/manager/ssl/nsNSSModule.cpp
security/manager/ssl/nsNTLMAuthModule.h
--- a/extensions/auth/moz.build
+++ b/extensions/auth/moz.build
@@ -1,17 +1,17 @@
 # -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 UNIFIED_SOURCES += [
+    'nsAuthFactory.cpp',
     'nsAuthGSSAPI.cpp',
-    'nsIAuthModule.cpp',
 ]
 
 SOURCES += [
     'nsAuthSASL.cpp',
     'nsHttpNegotiateAuth.cpp', # contains constants whose names conflict with constants in other files
 ]
 
 if CONFIG['OS_ARCH'] == 'WINNT':
@@ -21,16 +21,15 @@ if CONFIG['OS_ARCH'] == 'WINNT':
     DEFINES['USE_SSPI'] = True
 else:
     UNIFIED_SOURCES += [
         'nsAuthSambaNTLM.cpp',
     ]
 
 LOCAL_INCLUDES += [
     '/netwerk/dns', # For nsDNSService2.h
-    '/security/manager/ssl',
 ]
 
 FINAL_LIBRARY = 'xul'
 
 with Files('**'):
     BUG_COMPONENT = ('Core', 'Networking')
 
rename from extensions/auth/nsIAuthModule.cpp
rename to extensions/auth/nsAuthFactory.cpp
--- a/extensions/auth/nsIAuthModule.cpp
+++ b/extensions/auth/nsAuthFactory.cpp
@@ -1,66 +1,247 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include "nsCRT.h"
-#include "nsIAuthModule.h"
+#include "mozilla/ModuleUtils.h"
+#include "nsAuth.h"
+
+//-----------------------------------------------------------------------------
+
+#define NS_HTTPNEGOTIATEAUTH_CID                   \
+{ /* 75c80fd0-accb-432c-af59-ec60668c3990 */       \
+  0x75c80fd0,                                      \
+  0xaccb,                                          \
+  0x432c,                                          \
+  {0xaf, 0x59, 0xec, 0x60, 0x66, 0x8c, 0x39, 0x90} \
+}
+
+#include "nsHttpNegotiateAuth.h"
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsHttpNegotiateAuth)
+//-----------------------------------------------------------------------------
+
+#define NS_NEGOTIATEAUTH_CID                       \
+{ /* 96ec4163-efc8-407a-8735-007fb26be4e8 */       \
+  0x96ec4163,                                      \
+  0xefc8,                                          \
+  0x407a,                                          \
+  {0x87, 0x35, 0x00, 0x7f, 0xb2, 0x6b, 0xe4, 0xe8} \
+}
+#define NS_GSSAUTH_CID                             \
+{ /* dc8e21a0-03e4-11da-8cd6-0800200c9a66 */       \
+  0xdc8e21a0,                                      \
+  0x03e4,                                          \
+  0x11da,                                          \
+  {0x8c, 0xd6, 0x08, 0x00, 0x20, 0x0c, 0x9a, 0x66} \
+}
 
 #include "nsAuthGSSAPI.h"
+
 #if defined( USE_SSPI )
 #include "nsAuthSSPI.h"
-#else
-#include "nsAuthSambaNTLM.h"
-#endif
-#include "nsAuthSASL.h"
-#include "nsNTLMAuthModule.h"
-#include "nsNSSComponent.h"
+
+static nsresult
+nsSysNTLMAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
+{
+  if (outer)
+    return NS_ERROR_NO_AGGREGATION;
 
-// static
-already_AddRefed<nsIAuthModule>
-nsIAuthModule::CreateInstance(const char* aType)
+  nsAuthSSPI *auth = new nsAuthSSPI(PACKAGE_TYPE_NTLM);
+  if (!auth)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  NS_ADDREF(auth);
+  nsresult rv = auth->QueryInterface(iid, result);
+  NS_RELEASE(auth);
+  return rv;
+}
+
+static nsresult
+nsKerbSSPIAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
 {
-  nsCOMPtr<nsIAuthModule> auth;
-  if (!nsCRT::strcmp(aType, "kerb-gss")) {
-    auth = new nsAuthGSSAPI(PACKAGE_TYPE_KERBEROS);
-  } else if (!nsCRT::strcmp(aType, "negotiate-gss")) {
-    auth = new nsAuthGSSAPI(PACKAGE_TYPE_NEGOTIATE);
-#if defined( USE_SSPI )
-  } else if (!nsCRT::strcmp(aType, "negotiate-sspi")) {
-    auth = new nsAuthSSPI();
-  } else if (!nsCRT::strcmp(aType, "kerb-sspi")) {
-    auth = new nsAuthSSPI(PACKAGE_TYPE_KERBEROS);
-  } else if (!nsCRT::strcmp(aType, "sys-ntlm")) {
-    auth = new nsAuthSSPI(PACKAGE_TYPE_NTLM);
-#elif !defined(XP_MACOSX)
-  } else if (!nsCRT::strcmp(aType, "sys-ntlm")) {
-    RefPtr<nsAuthSambaNTLM> sambaAuth = new nsAuthSambaNTLM();
+  if (outer)
+    return NS_ERROR_NO_AGGREGATION;
+
+  nsAuthSSPI *auth = new nsAuthSSPI(PACKAGE_TYPE_KERBEROS);
+  if (!auth)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  NS_ADDREF(auth);
+  nsresult rv = auth->QueryInterface(iid, result);
+  NS_RELEASE(auth);
+  return rv;
+}
+
+#define NS_SYSNTLMAUTH_CID                         \
+{ /* dc195987-6e9a-47bc-b1fd-ab895d398833 */       \
+  0xdc195987,                                      \
+  0x6e9a,                                          \
+  0x47bc,                                          \
+  {0xb1, 0xfd, 0xab, 0x89, 0x5d, 0x39, 0x88, 0x33} \
+}
+
+#define NS_NEGOTIATEAUTHSSPI_CID                   \
+{ /* 78d3b0c0-0241-11da-8cd6-0800200c9a66 */       \
+  0x78d3b0c0,                                      \
+  0x0241,                                          \
+  0x11da,                                          \
+  {0x8c, 0xd6, 0x08, 0x00, 0x20, 0x0c, 0x9a, 0x66} \
+}
 
-    nsresult rv = sambaAuth->SpawnNTLMAuthHelper();
-    if (NS_FAILED(rv)) {
-      // Failure here probably means that cached credentials were not available
-      return nullptr;
-    }
+#define NS_KERBAUTHSSPI_CID                        \
+{ /* 8c3a0e20-03e5-11da-8cd6-0800200c9a66 */       \
+  0x8c3a0e20,                                      \
+  0x03e5,                                          \
+  0x11da,                                          \
+  {0x8c, 0xd6, 0x08, 0x00, 0x20, 0x0c, 0x9a, 0x66} \
+}
+
+#else
 
-    auth = sambaAuth.forget();
-#endif
-  } else if (!nsCRT::strcmp(aType, "sasl-gssapi")) {
-    auth = new nsAuthSASL();
-  } else if (!nsCRT::strcmp(aType, "ntlm") &&
-    XRE_IsParentProcess() &&
-    EnsureNSSInitializedChromeOrContent()) {
-    RefPtr<nsNTLMAuthModule> ntlmAuth = new nsNTLMAuthModule();
+#define NS_SAMBANTLMAUTH_CID                       \
+{ /* bc54f001-6eb0-4e32-9f49-7e064d8e70ef */       \
+  0xbc54f001,                                      \
+  0x6eb0,                                          \
+  0x4e32,                                          \
+  {0x9f, 0x49, 0x7e, 0x06, 0x4d, 0x8e, 0x70, 0xef} \
+}
 
-    nsresult rv = ntlmAuth->InitTest();
-    if (NS_FAILED(rv)) {
-      return nullptr;
-    }
+#include "nsAuthSambaNTLM.h"
+static nsresult
+nsSambaNTLMAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
+{
+  if (outer)
+    return NS_ERROR_NO_AGGREGATION;
 
-    auth = ntlmAuth.forget();
-  } else {
-    return nullptr;
+  RefPtr<nsAuthSambaNTLM> auth = new nsAuthSambaNTLM();
+  if (!auth)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  nsresult rv = auth->SpawnNTLMAuthHelper();
+  if (NS_FAILED(rv)) {
+    // Failure here probably means that cached credentials were not available
+    return rv;
   }
 
-  return auth.forget();
+  return auth->QueryInterface(iid, result);
+}
+
+#endif
+
+static nsresult
+nsKerbGSSAPIAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
+{
+  if (outer)
+    return NS_ERROR_NO_AGGREGATION;
+
+  nsAuthGSSAPI *auth = new nsAuthGSSAPI(PACKAGE_TYPE_KERBEROS);
+  if (!auth)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  NS_ADDREF(auth);
+  nsresult rv = auth->QueryInterface(iid, result);
+  NS_RELEASE(auth);
+  return rv;
+}
+
+static nsresult
+nsGSSAPIAuthConstructor(nsISupports *outer, REFNSIID iid, void **result)
+{
+  if (outer)
+    return NS_ERROR_NO_AGGREGATION;
+
+  nsAuthGSSAPI *auth = new nsAuthGSSAPI(PACKAGE_TYPE_NEGOTIATE);
+  if (!auth)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  NS_ADDREF(auth);
+  nsresult rv = auth->QueryInterface(iid, result);
+  NS_RELEASE(auth);
+  return rv;
+}
+
+
+#if defined( USE_SSPI )
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsAuthSSPI)
+#endif
+
+#define NS_AUTHSASL_CID                            \
+{ /* 815e42e0-72cc-480f-934b-148e33c228a6 */       \
+  0x815e42e0,                                      \
+  0x72cc,                                          \
+  0x480f,                                          \
+  {0x93, 0x4b, 0x14, 0x8e, 0x33, 0xc2, 0x28, 0xa6} \
 }
 
+#include "nsAuthSASL.h"
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsAuthSASL)
+
+NS_DEFINE_NAMED_CID(NS_GSSAUTH_CID);
+NS_DEFINE_NAMED_CID(NS_NEGOTIATEAUTH_CID);
+#if defined( USE_SSPI )
+NS_DEFINE_NAMED_CID(NS_NEGOTIATEAUTHSSPI_CID);
+NS_DEFINE_NAMED_CID(NS_KERBAUTHSSPI_CID);
+NS_DEFINE_NAMED_CID(NS_SYSNTLMAUTH_CID);
+#else
+NS_DEFINE_NAMED_CID(NS_SAMBANTLMAUTH_CID);
+#endif
+NS_DEFINE_NAMED_CID(NS_HTTPNEGOTIATEAUTH_CID);
+NS_DEFINE_NAMED_CID(NS_AUTHSASL_CID);
+
+
+static const mozilla::Module::CIDEntry kAuthCIDs[] = {
+  { &kNS_GSSAUTH_CID, false, nullptr, nsKerbGSSAPIAuthConstructor },
+  { &kNS_NEGOTIATEAUTH_CID, false, nullptr, nsGSSAPIAuthConstructor },
+#if defined( USE_SSPI )
+  { &kNS_NEGOTIATEAUTHSSPI_CID, false, nullptr, nsAuthSSPIConstructor },
+  { &kNS_KERBAUTHSSPI_CID, false, nullptr, nsKerbSSPIAuthConstructor },
+  { &kNS_SYSNTLMAUTH_CID, false, nullptr, nsSysNTLMAuthConstructor },
+#else
+  { &kNS_SAMBANTLMAUTH_CID, false, nullptr, nsSambaNTLMAuthConstructor },
+#endif
+  { &kNS_HTTPNEGOTIATEAUTH_CID, false, nullptr, nsHttpNegotiateAuthConstructor },
+  { &kNS_AUTHSASL_CID, false, nullptr, nsAuthSASLConstructor },
+  { nullptr }
+};
+
+static const mozilla::Module::ContractIDEntry kAuthContracts[] = {
+  { NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-gss", &kNS_GSSAUTH_CID },
+  { NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate-gss", &kNS_NEGOTIATEAUTH_CID },
+#if defined( USE_SSPI )
+  { NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate-sspi", &kNS_NEGOTIATEAUTHSSPI_CID },
+  { NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-sspi", &kNS_KERBAUTHSSPI_CID },
+  { NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm", &kNS_SYSNTLMAUTH_CID },
+#elif !defined(XP_MACOSX)
+  { NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm", &kNS_SAMBANTLMAUTH_CID },
+#endif
+  { NS_HTTP_AUTHENTICATOR_CONTRACTID_PREFIX "negotiate", &kNS_HTTPNEGOTIATEAUTH_CID },
+  { NS_AUTH_MODULE_CONTRACTID_PREFIX "sasl-gssapi", &kNS_AUTHSASL_CID },
+  { nullptr }
+};
+
+//-----------------------------------------------------------------------------
 mozilla::LazyLogModule gNegotiateLog("negotiateauth");
+
+// setup nspr logging ...
+static nsresult
+InitNegotiateAuth()
+{
+  return NS_OK;
+}
+
+static void
+DestroyNegotiateAuth()
+{
+  nsAuthGSSAPI::Shutdown();
+}
+
+static const mozilla::Module kAuthModule = {
+  mozilla::Module::kVersion,
+  kAuthCIDs,
+  kAuthContracts,
+  nullptr,
+  nullptr,
+  InitNegotiateAuth,
+  DestroyNegotiateAuth
+};
+
+NSMODULE_DEFN(nsAuthModule) = &kAuthModule;
--- a/extensions/auth/nsAuthSASL.cpp
+++ b/extensions/auth/nsAuthSASL.cpp
@@ -38,27 +38,29 @@ nsAuthSASL::Init(const char *serviceName
     NS_ASSERTION(!domain && !password, "unexpected credentials");
 
     mUsername = username;
 
     // If we're doing SASL, we should do mutual auth
     serviceFlags |= REQ_MUTUAL_AUTH;
 
     // Find out whether we should be trying SSPI or not
-    const char *authType = "kerb-gss";
+    const char *contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-gss";
 
     nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
     if (prefs) {
         bool val;
         rv = prefs->GetBoolPref(kNegotiateAuthSSPI, &val);
         if (NS_SUCCEEDED(rv) && val)
-            authType = "kerb-sspi";
+            contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "kerb-sspi";
     }
 
-    MOZ_ALWAYS_TRUE(mInnerModule = nsIAuthModule::CreateInstance(authType));
+    mInnerModule = do_CreateInstance(contractID, &rv);
+    // if we can't create the GSSAPI module, then bail
+    NS_ENSURE_SUCCESS(rv, rv);
 
     mInnerModule->Init(serviceName, serviceFlags, nullptr, nullptr, nullptr);
 
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsAuthSASL::GetNextToken(const void *inToken,
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -44,32 +44,29 @@
 #include "nsIChannel.h"
 #include "nsNetUtil.h"
 #include "nsThreadUtils.h"
 #include "nsIHttpAuthenticatorCallback.h"
 #include "mozilla/Mutex.h"
 #include "nsICancelable.h"
 #include "nsUnicharUtils.h"
 #include "mozilla/net/HttpAuthUtils.h"
-#include "mozilla/ClearOnShutdown.h"
 
 using mozilla::Base64Decode;
 
 //-----------------------------------------------------------------------------
 
 static const char kNegotiate[] = "Negotiate";
 static const char kNegotiateAuthTrustedURIs[] = "network.negotiate-auth.trusted-uris";
 static const char kNegotiateAuthDelegationURIs[] = "network.negotiate-auth.delegation-uris";
 static const char kNegotiateAuthAllowProxies[] = "network.negotiate-auth.allow-proxies";
 static const char kNegotiateAuthAllowNonFqdn[] = "network.negotiate-auth.allow-non-fqdn";
 static const char kNegotiateAuthSSPI[] = "network.auth.use-sspi";
 static const char kSSOinPBmode[] = "network.auth.private-browsing-sso";
 
-mozilla::StaticRefPtr<nsHttpNegotiateAuth> nsHttpNegotiateAuth::gSingleton;
-
 #define kNegotiateLen  (sizeof(kNegotiate)-1)
 #define DEFAULT_THREAD_TIMEOUT_MS 30000
 
 //-----------------------------------------------------------------------------
 
 // Return false when the channel comes from a Private browsing window.
 static bool
 TestNotInPBMode(nsIHttpAuthenticableChannel *authChannel, bool proxyAuth)
@@ -103,31 +100,16 @@ TestNotInPBMode(nsIHttpAuthenticableChan
             dontRememberHistory) {
             return true;
         }
     }
 
     return false;
 }
 
-already_AddRefed<nsIHttpAuthenticator>
-nsHttpNegotiateAuth::GetOrCreate()
-{
-    nsCOMPtr<nsIHttpAuthenticator> authenticator;
-    if (gSingleton) {
-      authenticator = gSingleton;
-    } else {
-      gSingleton = new nsHttpNegotiateAuth();
-      mozilla::ClearOnShutdown(&gSingleton);
-      authenticator = gSingleton;
-    }
-
-    return authenticator.forget();
-}
-
 NS_IMETHODIMP
 nsHttpNegotiateAuth::GetAuthFlags(uint32_t *flags)
 {
     //
     // Negotiate Auth creds should not be reused across multiple requests.
     // Only perform the negotiation when it is explicitly requested by the
     // server.  Thus, do *NOT* use the "REUSABLE_CREDENTIALS" flag here.
     //
@@ -149,24 +131,23 @@ nsHttpNegotiateAuth::GetAuthFlags(uint32
 NS_IMETHODIMP
 nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel *authChannel,
                                        const char *challenge,
                                        bool isProxyAuth,
                                        nsISupports **sessionState,
                                        nsISupports **continuationState,
                                        bool *identityInvalid)
 {
-    nsIAuthModule *rawModule = (nsIAuthModule *) *continuationState;
+    nsIAuthModule *module = (nsIAuthModule *) *continuationState;
 
     *identityInvalid = false;
-    if (rawModule)
+    if (module)
         return NS_OK;
 
     nsresult rv;
-    nsCOMPtr<nsIAuthModule> module;
 
     nsCOMPtr<nsIURI> uri;
     rv = authChannel->GetURI(getter_AddRefs(uri));
     if (NS_FAILED(rv))
         return rv;
 
     uint32_t req_flags = nsIAuthModule::REQ_DEFAULT;
     nsAutoCString service;
@@ -211,36 +192,41 @@ nsHttpNegotiateAuth::ChallengeReceived(n
     // construct the proper service name for passing to "gss_import_name".
     //
     // TODO: Possibly make this a configurable service name for use
     // with non-standard servers that use stuff like "khttp/f.q.d.n"
     // instead.
     //
     service.InsertLiteral("HTTP@", 0);
 
-    const char *authType;
+    const char *contractID;
     if (TestBoolPref(kNegotiateAuthSSPI)) {
 	   LOG(("  using negotiate-sspi\n"));
-	   authType = "negotiate-sspi";
+	   contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate-sspi";
     }
     else {
 	   LOG(("  using negotiate-gss\n"));
-	   authType = "negotiate-gss";
+	   contractID = NS_AUTH_MODULE_CONTRACTID_PREFIX "negotiate-gss";
     }
 
-    MOZ_ALWAYS_TRUE(module = nsIAuthModule::CreateInstance(authType));
-
-    rv = module->Init(service.get(), req_flags, nullptr, nullptr, nullptr);
+    rv = CallCreateInstance(contractID, &module);
 
     if (NS_FAILED(rv)) {
         LOG(("  Failed to load Negotiate Module \n"));
         return rv;
     }
 
-    module.forget(continuationState);
+    rv = module->Init(service.get(), req_flags, nullptr, nullptr, nullptr);
+
+    if (NS_FAILED(rv)) {
+        NS_RELEASE(module);
+        return rv;
+    }
+
+    *continuationState = module;
     return NS_OK;
 }
 
 NS_IMPL_ISUPPORTS(nsHttpNegotiateAuth, nsIHttpAuthenticator)
 
 namespace {
 
 //
@@ -391,18 +377,22 @@ class GetNextTokenRunnable final : publi
                                                    mContinuationState.forget());
         }
 
         NS_IMETHODIMP ObtainCredentialsAndFlags(char **aCreds, uint32_t *aFlags)
         {
             nsresult rv;
 
             // Use negotiate service to call GenerateCredentials outside of main thread
+            nsAutoCString contractId;
+            contractId.AssignLiteral(NS_HTTP_AUTHENTICATOR_CONTRACTID_PREFIX);
+            contractId.AppendLiteral("negotiate");
             nsCOMPtr<nsIHttpAuthenticator> authenticator =
-              new nsHttpNegotiateAuth();
+              do_GetService(contractId.get(), &rv);
+            NS_ENSURE_SUCCESS(rv, rv);
 
             nsISupports *sessionState = mSessionState;
             nsISupports *continuationState = mContinuationState;
             // The continuationState is for the sake of completeness propagated
             // to the caller (despite it is not changed in any GenerateCredentials
             // implementation).
             //
             // The only implementation that use sessionState is the
--- a/extensions/auth/nsHttpNegotiateAuth.h
+++ b/extensions/auth/nsHttpNegotiateAuth.h
@@ -5,37 +5,31 @@
 
 #ifndef nsHttpNegotiateAuth_h__
 #define nsHttpNegotiateAuth_h__
 
 #include "nsIHttpAuthenticator.h"
 #include "nsIURI.h"
 #include "mozilla/Attributes.h"
 #include "mozilla/LazyIdleThread.h"
-#include "mozilla/StaticPtr.h"
 
 // The nsHttpNegotiateAuth class provides responses for the GSS-API Negotiate method
 // as specified by Microsoft in draft-brezak-spnego-http-04.txt
 
 class nsHttpNegotiateAuth final : public nsIHttpAuthenticator
 {
 public:
     NS_DECL_THREADSAFE_ISUPPORTS
     NS_DECL_NSIHTTPAUTHENTICATOR
 
-    static already_AddRefed<nsIHttpAuthenticator> GetOrCreate();
-
 private:
     ~nsHttpNegotiateAuth() {}
 
     // returns the value of the given boolean pref
     bool TestBoolPref(const char *pref);
 
     // tests if the host part of an uri is fully qualified
     bool TestNonFqdn(nsIURI *uri);
 
     // Thread for GenerateCredentialsAsync
     RefPtr<mozilla::LazyIdleThread> mNegotiateThread;
-
-    // Singleton pointer
-    static mozilla::StaticRefPtr<nsHttpNegotiateAuth> gSingleton;
 };
 #endif /* nsHttpNegotiateAuth_h__ */
--- a/netwerk/base/nsIAuthModule.idl
+++ b/netwerk/base/nsIAuthModule.idl
@@ -128,19 +128,18 @@ interface nsIAuthModule : nsISupports
      *
      * Unwrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying  
      * authentication mechanism does not support security layers.
      */
     void unwrap([const] in voidPtr aInToken,
                 in unsigned long   aInTokenLength,
                 out voidPtr        aOutToken,
                 out unsigned long  aOutTokenLength);
+};
 
 %{C++
-    /**
-     * Create a new instance of an auth module.
-     *
-     * @param aType
-     *        The type of the auth module to be constructed.
-     */
-    static already_AddRefed<nsIAuthModule> CreateInstance(const char* aType);
+/**
+ * nsIAuthModule implementations are registered under the following contract
+ * ID prefix:
+ */
+#define NS_AUTH_MODULE_CONTRACTID_PREFIX \
+    "@mozilla.org/network/auth-module;1?name="
 %}
-};
--- a/netwerk/build/moz.build
+++ b/netwerk/build/moz.build
@@ -12,17 +12,16 @@ SOURCES += [
     'nsNetModule.cpp',
 ]
 
 include('/ipc/chromium/chromium-config.mozbuild')
 
 FINAL_LIBRARY = 'xul'
 
 LOCAL_INCLUDES += [
-    '/extensions/auth',
     '/netwerk/base',
     '/netwerk/cache',
     '/netwerk/dns',
     '/netwerk/mime',
     '/netwerk/protocol/about',
     '/netwerk/protocol/data',
     '/netwerk/protocol/file',
     '/netwerk/protocol/ftp',
--- a/netwerk/build/nsNetModule.cpp
+++ b/netwerk/build/nsNetModule.cpp
@@ -34,17 +34,16 @@
 #include "nsXULAppAPI.h"
 #include "nsCategoryCache.h"
 #include "nsIContentSniffer.h"
 #include "Predictor.h"
 #include "nsIThreadPool.h"
 #include "mozilla/net/BackgroundChannelRegistrar.h"
 #include "mozilla/net/NeckoChild.h"
 #include "RedirectChannelRegistrar.h"
-#include "nsAuthGSSAPI.h"
 
 #include "nsNetCID.h"
 
 #if defined(XP_MACOSX) || defined(XP_WIN) || defined(XP_LINUX)
 #define BUILD_NETWORK_INFO_SERVICE 1
 #endif
 
 typedef nsCategoryCache<nsIContentSniffer> ContentSnifferCache;
@@ -229,26 +228,32 @@ NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsFi
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsFtpProtocolHandler, Init)
 
 // http/https
 #include "nsHttpHandler.h"
 #include "Http2Compression.h"
 #undef LOG
 #undef LOG_ENABLED
 #include "nsHttpAuthManager.h"
+#include "nsHttpBasicAuth.h"
+#include "nsHttpDigestAuth.h"
+#include "nsHttpNTLMAuth.h"
 #include "nsHttpActivityDistributor.h"
 #include "ThrottleQueue.h"
 #undef LOG
 #undef LOG_ENABLED
 namespace mozilla {
 namespace net {
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsHttpNTLMAuth)
 NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(nsHttpHandler, nsHttpHandler::GetInstance)
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsHttpsHandler, Init)
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsHttpAuthManager, Init)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsHttpActivityDistributor)
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsHttpBasicAuth)
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsHttpDigestAuth)
 NS_GENERIC_FACTORY_CONSTRUCTOR(ThrottleQueue)
 } // namespace net
 } // namespace mozilla
 
 #include "mozilla/net/Dashboard.h"
 namespace mozilla {
 namespace net {
   NS_GENERIC_FACTORY_CONSTRUCTOR(Dashboard)
@@ -616,18 +621,16 @@ static void nsNetShutdown()
     mozilla::net::WebSocketChannel::Shutdown();
 
     mozilla::net::Http2CompressionCleanup();
 
     mozilla::net::RedirectChannelRegistrar::Shutdown();
 
     mozilla::net::BackgroundChannelRegistrar::Shutdown();
 
-    nsAuthGSSAPI::Shutdown();
-
     delete gNetSniffers;
     gNetSniffers = nullptr;
     delete gDataSniffers;
     gDataSniffers = nullptr;
 }
 
 NS_DEFINE_NAMED_CID(NS_IOSERVICE_CID);
 NS_DEFINE_NAMED_CID(NS_STREAMTRANSPORTSERVICE_CID);
@@ -676,16 +679,19 @@ NS_DEFINE_NAMED_CID(NS_MULTIMIXEDCONVERT
 NS_DEFINE_NAMED_CID(NS_UNKNOWNDECODER_CID);
 NS_DEFINE_NAMED_CID(NS_BINARYDETECTOR_CID);
 NS_DEFINE_NAMED_CID(NS_HTTPCOMPRESSCONVERTER_CID);
 NS_DEFINE_NAMED_CID(MOZITXTTOHTMLCONV_CID);
 NS_DEFINE_NAMED_CID(NS_MIMEHEADERPARAM_CID);
 NS_DEFINE_NAMED_CID(NS_FILEPROTOCOLHANDLER_CID);
 NS_DEFINE_NAMED_CID(NS_HTTPPROTOCOLHANDLER_CID);
 NS_DEFINE_NAMED_CID(NS_HTTPSPROTOCOLHANDLER_CID);
+NS_DEFINE_NAMED_CID(NS_HTTPBASICAUTH_CID);
+NS_DEFINE_NAMED_CID(NS_HTTPDIGESTAUTH_CID);
+NS_DEFINE_NAMED_CID(NS_HTTPNTLMAUTH_CID);
 NS_DEFINE_NAMED_CID(NS_HTTPAUTHMANAGER_CID);
 NS_DEFINE_NAMED_CID(NS_HTTPACTIVITYDISTRIBUTOR_CID);
 NS_DEFINE_NAMED_CID(NS_THROTTLEQUEUE_CID);
 NS_DEFINE_NAMED_CID(NS_FTPPROTOCOLHANDLER_CID);
 NS_DEFINE_NAMED_CID(NS_RESPROTOCOLHANDLER_CID);
 NS_DEFINE_NAMED_CID(NS_EXTENSIONPROTOCOLHANDLER_CID);
 NS_DEFINE_NAMED_CID(NS_SUBSTITUTINGURL_CID);
 NS_DEFINE_NAMED_CID(NS_SUBSTITUTINGURLMUTATOR_CID);
@@ -780,16 +786,19 @@ static const mozilla::Module::CIDEntry k
     { &kNS_UNKNOWNDECODER_CID, false, nullptr, CreateNewUnknownDecoderFactory },
     { &kNS_BINARYDETECTOR_CID, false, nullptr, CreateNewBinaryDetectorFactory },
     { &kNS_HTTPCOMPRESSCONVERTER_CID, false, nullptr, CreateNewHTTPCompressConvFactory },
     { &kMOZITXTTOHTMLCONV_CID, false, nullptr, CreateNewTXTToHTMLConvFactory },
     { &kNS_MIMEHEADERPARAM_CID, false, nullptr, nsMIMEHeaderParamImplConstructor },
     { &kNS_FILEPROTOCOLHANDLER_CID, false, nullptr, nsFileProtocolHandlerConstructor },
     { &kNS_HTTPPROTOCOLHANDLER_CID, false, nullptr, mozilla::net::nsHttpHandlerConstructor },
     { &kNS_HTTPSPROTOCOLHANDLER_CID, false, nullptr, mozilla::net::nsHttpsHandlerConstructor },
+    { &kNS_HTTPBASICAUTH_CID, false, nullptr, mozilla::net::nsHttpBasicAuthConstructor },
+    { &kNS_HTTPDIGESTAUTH_CID, false, nullptr, mozilla::net::nsHttpDigestAuthConstructor },
+    { &kNS_HTTPNTLMAUTH_CID, false, nullptr, mozilla::net::nsHttpNTLMAuthConstructor },
     { &kNS_HTTPAUTHMANAGER_CID, false, nullptr, mozilla::net::nsHttpAuthManagerConstructor },
     { &kNS_HTTPACTIVITYDISTRIBUTOR_CID, false, nullptr, mozilla::net::nsHttpActivityDistributorConstructor },
     { &kNS_THROTTLEQUEUE_CID, false, nullptr, mozilla::net::ThrottleQueueConstructor },
     { &kNS_FTPPROTOCOLHANDLER_CID, false, nullptr, nsFtpProtocolHandlerConstructor },
     { &kNS_RESPROTOCOLHANDLER_CID, false, nullptr, nsResProtocolHandlerConstructor },
     { &kNS_EXTENSIONPROTOCOLHANDLER_CID, false, nullptr, mozilla::ExtensionProtocolHandlerConstructor },
     { &kNS_SUBSTITUTINGURL_CID, false, nullptr, mozilla::SubstitutingURLMutatorConstructor }, // do_CreateInstance returns mutator
     { &kNS_SUBSTITUTINGURLMUTATOR_CID, false, nullptr, mozilla::SubstitutingURLMutatorConstructor },
@@ -891,16 +900,19 @@ static const mozilla::Module::ContractID
     { NS_ISTREAMCONVERTER_KEY COMPRESS_TO_UNCOMPRESSED, &kNS_HTTPCOMPRESSCONVERTER_CID },
     { NS_ISTREAMCONVERTER_KEY XCOMPRESS_TO_UNCOMPRESSED, &kNS_HTTPCOMPRESSCONVERTER_CID },
     { NS_ISTREAMCONVERTER_KEY DEFLATE_TO_UNCOMPRESSED, &kNS_HTTPCOMPRESSCONVERTER_CID },
     { MOZ_TXTTOHTMLCONV_CONTRACTID, &kMOZITXTTOHTMLCONV_CID },
     { NS_MIMEHEADERPARAM_CONTRACTID, &kNS_MIMEHEADERPARAM_CID },
     { NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX "file", &kNS_FILEPROTOCOLHANDLER_CID },
     { NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX "http", &kNS_HTTPPROTOCOLHANDLER_CID },
     { NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX "https", &kNS_HTTPSPROTOCOLHANDLER_CID },
+    { NS_HTTP_AUTHENTICATOR_CONTRACTID_PREFIX "basic", &kNS_HTTPBASICAUTH_CID },
+    { NS_HTTP_AUTHENTICATOR_CONTRACTID_PREFIX "digest", &kNS_HTTPDIGESTAUTH_CID },
+    { NS_HTTP_AUTHENTICATOR_CONTRACTID_PREFIX "ntlm", &kNS_HTTPNTLMAUTH_CID },
     { NS_HTTPAUTHMANAGER_CONTRACTID, &kNS_HTTPAUTHMANAGER_CID },
     { NS_HTTPACTIVITYDISTRIBUTOR_CONTRACTID, &kNS_HTTPACTIVITYDISTRIBUTOR_CID },
     { NS_THROTTLEQUEUE_CONTRACTID, &kNS_THROTTLEQUEUE_CID },
     { NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX "ftp", &kNS_FTPPROTOCOLHANDLER_CID },
     { NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX "resource", &kNS_RESPROTOCOLHANDLER_CID },
     { NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX "moz-extension", &kNS_EXTENSIONPROTOCOLHANDLER_CID },
     { NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX "about", &kNS_ABOUTPROTOCOLHANDLER_CID },
     { NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX "moz-safe-about", &kNS_SAFEABOUTPROTOCOLHANDLER_CID },
--- a/netwerk/protocol/http/moz.build
+++ b/netwerk/protocol/http/moz.build
@@ -128,17 +128,16 @@ EXTRA_JS_MODULES += [
 ]
 
 include('/ipc/chromium/chromium-config.mozbuild')
 
 FINAL_LIBRARY = 'xul'
 
 LOCAL_INCLUDES += [
     '/dom/base',
-    '/extensions/auth',
     '/netwerk/base',
     '/netwerk/cookie',
 ]
 
 EXTRA_COMPONENTS += [
     'UAOverridesBootstrapper.js',
     'UAOverridesBootstrapper.manifest',
     'WellKnownOpportunisticUtils.js',
--- a/netwerk/protocol/http/nsHttpBasicAuth.cpp
+++ b/netwerk/protocol/http/nsHttpBasicAuth.cpp
@@ -5,38 +5,20 @@
 
 // HttpLog.h should generally be included first
 #include "HttpLog.h"
 
 #include "nsHttpBasicAuth.h"
 #include "plstr.h"
 #include "nsString.h"
 #include "mozilla/Base64.h"
-#include "mozilla/ClearOnShutdown.h"
 
 namespace mozilla {
 namespace net {
 
-StaticRefPtr<nsHttpBasicAuth> nsHttpBasicAuth::gSingleton;
-
-already_AddRefed<nsIHttpAuthenticator>
-nsHttpBasicAuth::GetOrCreate()
-{
-    nsCOMPtr<nsIHttpAuthenticator> authenticator;
-    if (gSingleton) {
-      authenticator = gSingleton;
-    } else {
-      gSingleton = new nsHttpBasicAuth();
-      ClearOnShutdown(&gSingleton);
-      authenticator = gSingleton;
-    }
-
-    return authenticator.forget();
-}
-
 //-----------------------------------------------------------------------------
 // nsHttpBasicAuth::nsISupports
 //-----------------------------------------------------------------------------
 
 NS_IMPL_ISUPPORTS(nsHttpBasicAuth, nsIHttpAuthenticator)
 
 //-----------------------------------------------------------------------------
 // nsHttpBasicAuth::nsIHttpAuthenticator
--- a/netwerk/protocol/http/nsHttpBasicAuth.h
+++ b/netwerk/protocol/http/nsHttpBasicAuth.h
@@ -2,38 +2,31 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef nsBasicAuth_h__
 #define nsBasicAuth_h__
 
 #include "nsIHttpAuthenticator.h"
-#include "mozilla/RefPtr.h"
-#include "mozilla/StaticPtr.h"
 
 namespace mozilla { namespace net {
 
 //-----------------------------------------------------------------------------
 // The nsHttpBasicAuth class produces HTTP Basic-auth responses for a username/
 // (optional)password pair, BASE64("user:pass").
 //-----------------------------------------------------------------------------
 
 class nsHttpBasicAuth : public nsIHttpAuthenticator
 {
 public:
     NS_DECL_ISUPPORTS
     NS_DECL_NSIHTTPAUTHENTICATOR
 
     nsHttpBasicAuth() = default;
-
-    static already_AddRefed<nsIHttpAuthenticator> GetOrCreate();
-
 private:
     virtual ~nsHttpBasicAuth() = default;
-
-    static StaticRefPtr<nsHttpBasicAuth> gSingleton;
 };
 
 } // namespace net
 } // namespace mozilla
 
 #endif // !nsHttpBasicAuth_h__
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@@ -20,20 +20,16 @@
 #include "nsEscape.h"
 #include "nsAuthInformationHolder.h"
 #include "nsIStringBundle.h"
 #include "nsIPrompt.h"
 #include "netCore.h"
 #include "nsIHttpAuthenticableChannel.h"
 #include "nsIURI.h"
 #include "nsContentUtils.h"
-#include "nsHttpBasicAuth.h"
-#include "nsHttpDigestAuth.h"
-#include "nsHttpNegotiateAuth.h"
-#include "nsHttpNTLMAuth.h"
 #include "nsServiceManagerUtils.h"
 #include "nsILoadContext.h"
 #include "nsIURL.h"
 #include "mozilla/StaticPrefs.h"
 #include "mozilla/Telemetry.h"
 #include "nsIProxiedChannel.h"
 #include "nsIProxyInfo.h"
 
@@ -1094,33 +1090,21 @@ nsHttpChannelAuthProvider::GetAuthentica
     LOG(("nsHttpChannelAuthProvider::GetAuthenticator [this=%p channel=%p]\n",
         this, mAuthChannel));
 
     GetAuthType(challenge, authType);
 
     // normalize to lowercase
     ToLowerCase(authType);
 
-    nsCOMPtr<nsIHttpAuthenticator> authenticator;
-    if (authType.EqualsLiteral("negotiate")) {
-      authenticator = nsHttpNegotiateAuth::GetOrCreate();
-    } else if (authType.EqualsLiteral("basic")) {
-      authenticator = nsHttpBasicAuth::GetOrCreate();
-    } else if (authType.EqualsLiteral("digest")) {
-      authenticator = nsHttpDigestAuth::GetOrCreate();
-    } else if (authType.EqualsLiteral("ntlm")) {
-      authenticator = nsHttpNTLMAuth::GetOrCreate();
-    } else {
-      return NS_ERROR_SERVICE_NOT_FOUND;
-    }
+    nsAutoCString contractid;
+    contractid.AssignLiteral(NS_HTTP_AUTHENTICATOR_CONTRACTID_PREFIX);
+    contractid.Append(authType);
 
-    MOZ_ASSERT(authenticator);
-    authenticator.forget(auth);
-
-    return NS_OK;
+    return CallGetService(contractid.get(), auth);
 }
 
 void
 nsHttpChannelAuthProvider::GetIdentityFromURI(uint32_t            authFlags,
                                               nsHttpAuthIdentity &ident)
 {
     LOG(("nsHttpChannelAuthProvider::GetIdentityFromURI [this=%p channel=%p]\n",
         this, mAuthChannel));
--- a/netwerk/protocol/http/nsHttpDigestAuth.cpp
+++ b/netwerk/protocol/http/nsHttpDigestAuth.cpp
@@ -2,17 +2,16 @@
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // HttpLog.h should generally be included first
 #include "HttpLog.h"
 
-#include "mozilla/ClearOnShutdown.h"
 #include "mozilla/Sprintf.h"
 #include "mozilla/Unused.h"
 
 #include "nsHttp.h"
 #include "nsHttpDigestAuth.h"
 #include "nsIHttpAuthenticableChannel.h"
 #include "nsISupportsPrimitives.h"
 #include "nsIURI.h"
@@ -21,33 +20,16 @@
 #include "nsNetCID.h"
 #include "nsCRT.h"
 #include "nsICryptoHash.h"
 #include "nsComponentManagerUtils.h"
 
 namespace mozilla {
 namespace net {
 
-StaticRefPtr<nsHttpDigestAuth> nsHttpDigestAuth::gSingleton;
-
-already_AddRefed<nsIHttpAuthenticator>
-nsHttpDigestAuth::GetOrCreate()
-{
-    nsCOMPtr<nsIHttpAuthenticator> authenticator;
-    if (gSingleton) {
-      authenticator = gSingleton;
-    } else {
-      gSingleton = new nsHttpDigestAuth();
-      ClearOnShutdown(&gSingleton);
-      authenticator = gSingleton;
-    }
-
-    return authenticator.forget();
-}
-
 //-----------------------------------------------------------------------------
 // nsHttpDigestAuth::nsISupports
 //-----------------------------------------------------------------------------
 
 NS_IMPL_ISUPPORTS(nsHttpDigestAuth, nsIHttpAuthenticator)
 
 //-----------------------------------------------------------------------------
 // nsHttpDigestAuth <protected>
--- a/netwerk/protocol/http/nsHttpDigestAuth.h
+++ b/netwerk/protocol/http/nsHttpDigestAuth.h
@@ -6,17 +6,16 @@
 
 #ifndef nsDigestAuth_h__
 #define nsDigestAuth_h__
 
 #include "nsIHttpAuthenticator.h"
 #include "nsStringFwd.h"
 #include "nsCOMPtr.h"
 #include "mozilla/Attributes.h"
-#include "mozilla/StaticPtr.h"
 
 class nsICryptoHash;
 
 namespace mozilla { namespace net {
 
 #define ALGO_SPECIFIED 0x01
 #define ALGO_MD5 0x02
 #define ALGO_MD5_SESS 0x04
@@ -34,18 +33,16 @@ namespace mozilla { namespace net {
 class nsHttpDigestAuth final : public nsIHttpAuthenticator
 {
   public:
     NS_DECL_ISUPPORTS
     NS_DECL_NSIHTTPAUTHENTICATOR
 
     nsHttpDigestAuth() = default;
 
-    static already_AddRefed<nsIHttpAuthenticator> GetOrCreate();
-
   protected:
     ~nsHttpDigestAuth() = default;
 
     MOZ_MUST_USE nsresult ExpandToHex(const char * digest, char * result);
 
     MOZ_MUST_USE nsresult CalculateResponse(const char * ha1_digest,
                                             const char * ha2_digest,
                                             const nsCString&  nonce,
@@ -85,16 +82,14 @@ class nsHttpDigestAuth final : public ns
 
     // append the quoted version of value to aHeaderLine
     MOZ_MUST_USE nsresult AppendQuotedString(const nsACString & value,
                                              nsACString & aHeaderLine);
 
   protected:
     nsCOMPtr<nsICryptoHash>        mVerifier;
     char                           mHashBuf[DIGEST_LENGTH];
-
-    static StaticRefPtr<nsHttpDigestAuth> gSingleton;
 };
 
 } // namespace net
 } // namespace mozilla
 
 #endif // nsHttpDigestAuth_h__
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -30,29 +30,26 @@
 #include "mozilla/CheckedInt.h"
 #include "mozilla/Tokenizer.h"
 #include "mozilla/UniquePtr.h"
 #include "mozilla/Unused.h"
 #include "nsNetUtil.h"
 #include "nsIChannel.h"
 #include "nsUnicharUtils.h"
 #include "mozilla/net/HttpAuthUtils.h"
-#include "mozilla/ClearOnShutdown.h"
 
 namespace mozilla {
 namespace net {
 
 static const char kAllowProxies[] = "network.automatic-ntlm-auth.allow-proxies";
 static const char kAllowNonFqdn[] = "network.automatic-ntlm-auth.allow-non-fqdn";
 static const char kTrustedURIs[]  = "network.automatic-ntlm-auth.trusted-uris";
 static const char kForceGeneric[] = "network.auth.force-generic-ntlm";
 static const char kSSOinPBmode[] = "network.auth.private-browsing-sso";
 
-StaticRefPtr<nsHttpNTLMAuth> nsHttpNTLMAuth::gSingleton;
-
 static bool
 IsNonFqdn(nsIURI *uri)
 {
     nsAutoCString host;
     PRNetAddr addr;
 
     if (NS_FAILED(uri->GetAsciiHost(host)))
         return false;
@@ -142,31 +139,16 @@ class nsNTLMSessionState final : public 
     ~nsNTLMSessionState() = default;
 public:
     NS_DECL_ISUPPORTS
 };
 NS_IMPL_ISUPPORTS0(nsNTLMSessionState)
 
 //-----------------------------------------------------------------------------
 
-already_AddRefed<nsIHttpAuthenticator>
-nsHttpNTLMAuth::GetOrCreate()
-{
-    nsCOMPtr<nsIHttpAuthenticator> authenticator;
-    if (gSingleton) {
-      authenticator = gSingleton;
-    } else {
-      gSingleton = new nsHttpNTLMAuth();
-      ClearOnShutdown(&gSingleton);
-      authenticator = gSingleton;
-    }
-
-    return authenticator.forget();
-}
-
 NS_IMPL_ISUPPORTS(nsHttpNTLMAuth, nsIHttpAuthenticator)
 
 NS_IMETHODIMP
 nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel *channel,
                                   const char     *challenge,
                                   bool            isProxyAuth,
                                   nsISupports   **sessionState,
                                   nsISupports   **continuationState,
@@ -181,41 +163,41 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHtt
     // NOTE: we don't define any session state, but we do use the pointer.
 
     *identityInvalid = false;
 
     // Start a new auth sequence if the challenge is exactly "NTLM".
     // If native NTLM auth apis are available and enabled through prefs,
     // try to use them.
     if (PL_strcasecmp(challenge, "NTLM") == 0) {
-        nsCOMPtr<nsIAuthModule> module;
+        nsCOMPtr<nsISupports> module;
 
         // Check to see if we should default to our generic NTLM auth module
         // through UseGenericNTLM. (We use native auth by default if the
         // system provides it.) If *sessionState is non-null, we failed to
         // instantiate a native NTLM module the last time, so skip trying again.
         bool forceGeneric = ForceGenericNTLM();
         if (!forceGeneric && !*sessionState) {
             // Check for approved default credentials hosts and proxies. If
             // *continuationState is non-null, the last authentication attempt
             // failed so skip default credential use.
             if (!*continuationState && CanUseDefaultCredentials(channel, isProxyAuth)) {
                 // Try logging in with the user's default credentials. If
                 // successful, |identityInvalid| is false, which will trigger
                 // a default credentials attempt once we return.
-                module = nsIAuthModule::CreateInstance("sys-ntlm");
+                module = do_CreateInstance(NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm");
             }
 #ifdef XP_WIN
             else {
                 // Try to use native NTLM and prompt the user for their domain,
                 // username, and password. (only supported by windows nsAuthSSPI module.)
                 // Note, for servers that use LMv1 a weak hash of the user's password
                 // will be sent. We rely on windows internal apis to decide whether
                 // we should support this older, less secure version of the protocol.
-                module = nsIAuthModule::CreateInstance("sys-ntlm");
+                module = do_CreateInstance(NS_AUTH_MODULE_CONTRACTID_PREFIX "sys-ntlm");
                 *identityInvalid = true;
             }
 #endif // XP_WIN
             if (!module)
                 LOG(("Native sys-ntlm auth module not found.\n"));
         }
 
 #ifdef XP_WIN
@@ -233,33 +215,33 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHtt
                 if (!*sessionState)
                     return NS_ERROR_OUT_OF_MEMORY;
                 NS_ADDREF(*sessionState);
             }
 
             // Use our internal NTLM implementation. Note, this is less secure,
             // see bug 520607 for details.
             LOG(("Trying to fall back on internal ntlm auth.\n"));
-            module = nsIAuthModule::CreateInstance("ntlm");
+            module = do_CreateInstance(NS_AUTH_MODULE_CONTRACTID_PREFIX "ntlm");
 
             mUseNative = false;
 
             // Prompt user for domain, username, and password.
             *identityInvalid = true;
         }
 
         // If this fails, then it means that we cannot do NTLM auth.
         if (!module) {
             LOG(("No ntlm auth modules available.\n"));
             return NS_ERROR_UNEXPECTED;
         }
 
         // A non-null continuation state implies that we failed to authenticate.
         // Blow away the old authentication state, and use the new one.
-        module.forget(continuationState);
+        module.swap(*continuationState);
     }
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsHttpNTLMAuth::GenerateCredentialsAsync(nsIHttpAuthenticableChannel *authChannel,
                                          nsIHttpAuthenticatorCallback* aCallback,
                                          const char *challenge,
--- a/netwerk/protocol/http/nsHttpNTLMAuth.h
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.h
@@ -1,36 +1,31 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef nsHttpNTLMAuth_h__
 #define nsHttpNTLMAuth_h__
 
 #include "nsIHttpAuthenticator.h"
-#include "mozilla/StaticPtr.h"
 
 namespace mozilla { namespace net {
 
 class nsHttpNTLMAuth : public nsIHttpAuthenticator
 {
 public:
     NS_DECL_ISUPPORTS
     NS_DECL_NSIHTTPAUTHENTICATOR
 
     nsHttpNTLMAuth() : mUseNative(false) {}
 
-    static already_AddRefed<nsIHttpAuthenticator> GetOrCreate();
-
 private:
     virtual ~nsHttpNTLMAuth() = default;
 
     // This flag indicates whether we are using the native NTLM implementation
     // or the internal one.
     bool  mUseNative;
-
-    static StaticRefPtr<nsHttpNTLMAuth> gSingleton;
 };
 
 } // namespace net
 } // namespace mozilla
 
 #endif // !nsHttpNTLMAuth_h__
--- a/netwerk/protocol/http/nsHttpTransaction.cpp
+++ b/netwerk/protocol/http/nsHttpTransaction.cpp
@@ -4,25 +4,21 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // HttpLog.h should generally be included first
 #include "HttpLog.h"
 
 #include "base/basictypes.h"
 
-#include "nsHttpBasicAuth.h"
-#include "nsHttpChunkedDecoder.h"
-#include "nsHttpDigestAuth.h"
 #include "nsHttpHandler.h"
-#include "nsHttpNegotiateAuth.h"
-#include "nsHttpNTLMAuth.h"
+#include "nsHttpTransaction.h"
 #include "nsHttpRequestHead.h"
 #include "nsHttpResponseHead.h"
-#include "nsHttpTransaction.h"
+#include "nsHttpChunkedDecoder.h"
 #include "nsTransportUtils.h"
 #include "nsNetCID.h"
 #include "nsNetUtil.h"
 #include "nsIChannel.h"
 #include "nsIPipe.h"
 #include "nsCRT.h"
 #include "mozilla/Tokenizer.h"
 #include "TCPFastOpenLayer.h"
@@ -2021,27 +2017,22 @@ nsHttpTransaction::CheckForStickyAuthSch
       return;
   }
 
   Tokenizer p(auth);
   nsAutoCString schema;
   while (p.ReadWord(schema)) {
       ToLowerCase(schema);
 
+      nsAutoCString contractid;
+      contractid.AssignLiteral(NS_HTTP_AUTHENTICATOR_CONTRACTID_PREFIX);
+      contractid.Append(schema);
+
       // using a new instance because of thread safety of auth modules refcnt
-      nsCOMPtr<nsIHttpAuthenticator> authenticator;
-      if (schema.EqualsLiteral("negotiate")) {
-        authenticator = new nsHttpNegotiateAuth();
-      } else if (schema.EqualsLiteral("basic")) {
-        authenticator = new nsHttpBasicAuth();
-      } else if (schema.EqualsLiteral("digest")) {
-        authenticator = new nsHttpDigestAuth();
-      } else if (schema.EqualsLiteral("ntlm")) {
-        authenticator = new nsHttpNTLMAuth();
-      }
+      nsCOMPtr<nsIHttpAuthenticator> authenticator(do_CreateInstance(contractid.get()));
       if (authenticator) {
           uint32_t flags;
           nsresult rv = authenticator->GetAuthFlags(&flags);
           if (NS_SUCCEEDED(rv) && (flags & nsIHttpAuthenticator::CONNECTION_BASED)) {
               LOG(("  connection made sticky, found %s auth shema", schema.get()));
               // This is enough to make this transaction keep it's current connection,
               // prevents the connection from being released back to the pool.
               mCaps |= NS_HTTP_STICKY_CONNECTION;
--- a/netwerk/protocol/http/nsIHttpAuthenticator.idl
+++ b/netwerk/protocol/http/nsIHttpAuthenticator.idl
@@ -214,8 +214,13 @@ interface nsIHttpAuthenticator : nsISupp
     const unsigned long IDENTITY_INCLUDES_DOMAIN = (1<<11);
 
     /**
      * This flag indicates that the identity will be sent encrypted. It does
      * not make sense to combine this flag with IDENTITY_IGNORED.
      */
     const unsigned long IDENTITY_ENCRYPTED = (1<<12);
 };
+
+%{C++
+#define NS_HTTP_AUTHENTICATOR_CONTRACTID_PREFIX \
+    "@mozilla.org/network/http-authenticator;1?scheme="
+%}
--- a/security/manager/ssl/nsNSSModule.cpp
+++ b/security/manager/ssl/nsNSSModule.cpp
@@ -18,16 +18,17 @@
 #include "nsCryptoHash.h"
 #include "nsICategoryManager.h"
 #include "nsKeyModule.h"
 #include "nsKeygenHandler.h"
 #include "nsNSSCertificate.h"
 #include "nsNSSCertificateDB.h"
 #include "nsNSSComponent.h"
 #include "nsNSSVersion.h"
+#include "nsNTLMAuthModule.h"
 #include "nsNetCID.h"
 #include "nsPK11TokenDB.h"
 #include "nsPKCS11Slot.h"
 #include "nsRandomGenerator.h"
 #include "nsSecureBrowserUIImpl.h"
 #include "nsSiteSecurityService.h"
 #include "nsXULAppAPI.h"
 #include "OSKeyStore.h"
@@ -138,16 +139,17 @@ NS_DEFINE_NAMED_CID(NS_X509CERT_CID);
 NS_DEFINE_NAMED_CID(NS_X509CERTDB_CID);
 NS_DEFINE_NAMED_CID(NS_X509CERTLIST_CID);
 NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID);
 #ifdef MOZ_XUL
 NS_DEFINE_NAMED_CID(NS_CERTTREE_CID);
 #endif
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
+NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID);
 NS_DEFINE_NAMED_CID(NS_CONTENTSIGNATUREVERIFIER_CID);
 NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID);
 NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID);
 NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID);
 NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID);
 NS_DEFINE_NAMED_CID(NS_NSSVERSION_CID);
@@ -176,16 +178,18 @@ static const mozilla::Module::CIDEntry k
   { &kNS_FORMPROCESSOR_CID, false, nullptr, nsKeygenFormProcessor::Create },
 #ifdef MOZ_XUL
   { &kNS_CERTTREE_CID, false, nullptr, Constructor<nsCertTree> },
 #endif
   { &kNS_CRYPTO_HASH_CID, false, nullptr,
     Constructor<nsCryptoHash, nullptr, ProcessRestriction::AnyProcess> },
   { &kNS_CRYPTO_HMAC_CID, false, nullptr,
     Constructor<nsCryptoHMAC, nullptr, ProcessRestriction::AnyProcess> },
+  { &kNS_NTLMAUTHMODULE_CID, false, nullptr,
+    Constructor<nsNTLMAuthModule, &nsNTLMAuthModule::InitTest> },
   { &kNS_KEYMODULEOBJECT_CID, false, nullptr,
     Constructor<nsKeyObject, nullptr, ProcessRestriction::AnyProcess> },
   { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr,
     Constructor<nsKeyObjectFactory, nullptr, ProcessRestriction::AnyProcess> },
   { &kNS_CONTENTSIGNATUREVERIFIER_CID, false, nullptr,
     Constructor<ContentSignatureVerifier> },
   { &kNS_CERTOVERRIDE_CID, false, nullptr,
     Constructor<nsCertOverrideService, &nsCertOverrideService::Init,
@@ -230,16 +234,17 @@ static const mozilla::Module::ContractID
   { NS_X509CERTLIST_CONTRACTID, &kNS_X509CERTLIST_CID },
   { NS_FORMPROCESSOR_CONTRACTID, &kNS_FORMPROCESSOR_CID },
 #ifdef MOZ_XUL
   { NS_CERTTREE_CONTRACTID, &kNS_CERTTREE_CID },
 #endif
   { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID },
   { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID },
   { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },
+  { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
   { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID },
   { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID },
   { NS_CONTENTSIGNATUREVERIFIER_CONTRACTID, &kNS_CONTENTSIGNATUREVERIFIER_CID },
   { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID },
   { NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID },
   { NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID },
   { NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID },
   { NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID },
--- a/security/manager/ssl/nsNTLMAuthModule.h
+++ b/security/manager/ssl/nsNTLMAuthModule.h
@@ -26,9 +26,19 @@ protected:
 
 private:
   nsString mDomain;
   nsString mUsername;
   nsString mPassword;
   bool mNTLMNegotiateSent;
 };
 
+#define NS_NTLMAUTHMODULE_CONTRACTID \
+  NS_AUTH_MODULE_CONTRACTID_PREFIX "ntlm"
+#define NS_NTLMAUTHMODULE_CID \
+{ /* a4e5888f-4fe4-4632-8e7e-745196ea7c70 */       \
+  0xa4e5888f,                                      \
+  0x4fe4,                                          \
+  0x4632,                                          \
+  {0x8e, 0x7e, 0x74, 0x51, 0x96, 0xea, 0x7c, 0x70} \
+}
+
 #endif // nsNTLMAuthModule_h__