| Index: net/http/http_network_transaction.cc
|
| ===================================================================
|
| --- net/http/http_network_transaction.cc (revision 25459)
|
| +++ net/http/http_network_transaction.cc (working copy)
|
| @@ -253,6 +253,11 @@
|
| // If auth_identity_[target].source is HttpAuth::IDENT_SRC_NONE,
|
| // auth_identity_[target] contains no identity because identity is not
|
| // required yet.
|
| + //
|
| + // TODO(wtc): For NTLM_SSPI, we add the same auth entry to the cache in
|
| + // round 1 and round 2, which is redundant but correct. It would be nice
|
| + // to add an auth entry to the cache only once, preferrably in round 1.
|
| + // See http://crbug.com/21015.
|
| bool has_auth_identity =
|
| auth_identity_[target].source != HttpAuth::IDENT_SRC_NONE;
|
| if (has_auth_identity) {
|
| @@ -280,6 +285,9 @@
|
| // If the auth scheme is connection-based but the proxy/server mistakenly
|
| // marks the connection as non-keep-alive, the auth is going to fail, so log
|
| // an error message.
|
| + //
|
| + // TODO(wtc): has_auth_identity is not the right condition. We should
|
| + // be testing for "not round 1" here. See http://crbug.com/21015.
|
| if (!keep_alive && auth_handler_[target]->is_connection_based() &&
|
| has_auth_identity) {
|
| LOG(ERROR) << "Can't perform " << auth_handler_[target]->scheme()
|
| @@ -742,6 +750,9 @@
|
|
|
| std::string authorization_headers;
|
|
|
| + // TODO(wtc): If BuildAuthorizationHeader fails (returns an authorization
|
| + // header with no credentials), we should return an error to prevent
|
| + // entering an infinite auth restart loop. See http://crbug.com/21050.
|
| if (have_proxy_auth)
|
| authorization_headers.append(
|
| BuildAuthorizationHeader(HttpAuth::AUTH_PROXY));
|
| @@ -1881,10 +1892,17 @@
|
| return ERR_UNEXPECTED_PROXY_AUTH;
|
|
|
| // The auth we tried just failed, hence it can't be valid. Remove it from
|
| - // the cache so it won't be used again, unless it's a null identity.
|
| - if (HaveAuth(target) &&
|
| - auth_identity_[target].source != HttpAuth::IDENT_SRC_NONE)
|
| + // the cache so it won't be used again.
|
| + // TODO(wtc): IsFinalRound is not the right condition. In a multi-round
|
| + // auth sequence, the server may fail the auth in round 1 if our first
|
| + // authorization header is broken. We should inspect response_.headers to
|
| + // determine if the server already failed the auth or wants us to continue.
|
| + // See http://crbug.com/21015.
|
| + if (HaveAuth(target) && auth_handler_[target]->IsFinalRound()) {
|
| InvalidateRejectedAuthFromCache(target);
|
| + auth_handler_[target] = NULL;
|
| + auth_identity_[target] = HttpAuth::Identity();
|
| + }
|
|
|
| auth_identity_[target].invalid = true;
|
|
|
| @@ -1919,14 +1937,11 @@
|
| // If an identity to try is found, it is saved to auth_identity_[target].
|
| SelectNextAuthIdentityToTry(target);
|
| } else {
|
| - // Proceed with a null identity.
|
| + // Proceed with the existing identity or a null identity.
|
| //
|
| // TODO(wtc): Add a safeguard against infinite transaction restarts, if
|
| // the server keeps returning "NTLM".
|
| - auth_identity_[target].source = HttpAuth::IDENT_SRC_NONE;
|
| auth_identity_[target].invalid = false;
|
| - auth_identity_[target].username.clear();
|
| - auth_identity_[target].password.clear();
|
| }
|
|
|
| // Make a note that we are waiting for auth. This variable is inspected
|
|
|
Chromium Code Reviews
Issue 173528:
Use SSPI for NTLM authentication on Windows.... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/