Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(146)

Side by Side Diff: net/http/http_auth.cc

Issue 3360017: Fix multi-round authentication.... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: SocketStream fix Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/http/http_auth.h ('k') | net/http/http_auth_cache_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_auth.h" 5 #include "net/http/http_auth.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 8
9 #include "base/basictypes.h" 9 #include "base/basictypes.h"
10 #include "base/string_util.h" 10 #include "base/string_util.h"
(...skipping 10 matching lines...) Expand all
21 // static 21 // static
22 void HttpAuth::ChooseBestChallenge( 22 void HttpAuth::ChooseBestChallenge(
23 HttpAuthHandlerFactory* http_auth_handler_factory, 23 HttpAuthHandlerFactory* http_auth_handler_factory,
24 const HttpResponseHeaders* headers, 24 const HttpResponseHeaders* headers,
25 Target target, 25 Target target,
26 const GURL& origin, 26 const GURL& origin,
27 const std::set<std::string>& disabled_schemes, 27 const std::set<std::string>& disabled_schemes,
28 const BoundNetLog& net_log, 28 const BoundNetLog& net_log,
29 scoped_ptr<HttpAuthHandler>* handler) { 29 scoped_ptr<HttpAuthHandler>* handler) {
30 DCHECK(http_auth_handler_factory); 30 DCHECK(http_auth_handler_factory);
31 31 DCHECK(handler->get() == NULL);
32 // A connection-based authentication scheme must continue to use the
33 // existing handler object in |*handler|.
34 if (handler->get() && (*handler)->is_connection_based() &&
35 (disabled_schemes.find((*handler)->scheme()) == disabled_schemes.end())) {
36 const std::string header_name = GetChallengeHeaderName(target);
37 std::string challenge;
38 void* iter = NULL;
39 while (headers->EnumerateHeader(&iter, header_name, &challenge)) {
40 ChallengeTokenizer props(challenge.begin(), challenge.end());
41 if (LowerCaseEqualsASCII(props.scheme(), (*handler)->scheme().c_str()) &&
42 (*handler)->InitFromChallenge(&props, target, origin, net_log))
43 return;
44 }
45 }
46 32
47 // Choose the challenge whose authentication handler gives the maximum score. 33 // Choose the challenge whose authentication handler gives the maximum score.
48 scoped_ptr<HttpAuthHandler> best; 34 scoped_ptr<HttpAuthHandler> best;
49 const std::string header_name = GetChallengeHeaderName(target); 35 const std::string header_name = GetChallengeHeaderName(target);
50 std::string cur_challenge; 36 std::string cur_challenge;
51 void* iter = NULL; 37 void* iter = NULL;
52 while (headers->EnumerateHeader(&iter, header_name, &cur_challenge)) { 38 while (headers->EnumerateHeader(&iter, header_name, &cur_challenge)) {
53 scoped_ptr<HttpAuthHandler> cur; 39 scoped_ptr<HttpAuthHandler> cur;
54 int rv = http_auth_handler_factory->CreateAuthHandlerFromString( 40 int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
55 cur_challenge, target, origin, net_log, &cur); 41 cur_challenge, target, origin, net_log, &cur);
56 if (rv != OK) { 42 if (rv != OK) {
57 LOG(INFO) << "Unable to create AuthHandler. Status: " 43 LOG(INFO) << "Unable to create AuthHandler. Status: "
58 << ErrorToString(rv) << " Challenge: " << cur_challenge; 44 << ErrorToString(rv) << " Challenge: " << cur_challenge;
59 continue; 45 continue;
60 } 46 }
61 if (cur.get() && (!best.get() || best->score() < cur->score()) && 47 if (cur.get() && (!best.get() || best->score() < cur->score()) &&
62 (disabled_schemes.find(cur->scheme()) == disabled_schemes.end())) 48 (disabled_schemes.find(cur->scheme()) == disabled_schemes.end()))
63 best.swap(cur); 49 best.swap(cur);
64 } 50 }
65 handler->swap(best); 51 handler->swap(best);
66 } 52 }
67 53
54 // static
55 HttpAuth::AuthorizationResult HttpAuth::HandleChallengeResponse(
56 HttpAuthHandler* handler,
57 const HttpResponseHeaders* headers,
58 Target target,
59 const std::set<std::string>& disabled_schemes) {
60 const std::string& current_scheme = handler->scheme();
61 if (disabled_schemes.find(current_scheme) != disabled_schemes.end())
62 return HttpAuth::AUTHORIZATION_RESULT_REJECT;
63 const std::string header_name = GetChallengeHeaderName(target);
64 void* iter = NULL;
65 std::string challenge;
66 HttpAuth::AuthorizationResult authorization_result =
67 HttpAuth::AUTHORIZATION_RESULT_INVALID;
68 while (headers->EnumerateHeader(&iter, header_name, &challenge)) {
69 HttpAuth::ChallengeTokenizer props(challenge.begin(), challenge.end());
70 if (!LowerCaseEqualsASCII(props.scheme(), current_scheme.c_str()))
71 continue;
72 authorization_result = handler->HandleAnotherChallenge(&props);
73 if (authorization_result != HttpAuth::AUTHORIZATION_RESULT_INVALID)
74 return authorization_result;
75 }
76 // Finding no matches is equivalent to rejection
77 return HttpAuth::AUTHORIZATION_RESULT_REJECT;
78 }
79
68 void HttpAuth::ChallengeTokenizer::Init(std::string::const_iterator begin, 80 void HttpAuth::ChallengeTokenizer::Init(std::string::const_iterator begin,
69 std::string::const_iterator end) { 81 std::string::const_iterator end) {
70 // The first space-separated token is the auth-scheme. 82 // The first space-separated token is the auth-scheme.
71 // NOTE: we are more permissive than RFC 2617 which says auth-scheme 83 // NOTE: we are more permissive than RFC 2617 which says auth-scheme
72 // is separated by 1*SP. 84 // is separated by 1*SP.
73 StringTokenizer tok(begin, end, HTTP_LWS); 85 StringTokenizer tok(begin, end, HTTP_LWS);
74 if (!tok.GetNext()) { 86 if (!tok.GetNext()) {
75 valid_ = false; 87 valid_ = false;
76 return; 88 return;
77 } 89 }
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after
172 } 184 }
173 } 185 }
174 186
175 // static 187 // static
176 std::string HttpAuth::GetAuthTargetString( 188 std::string HttpAuth::GetAuthTargetString(
177 HttpAuth::Target target) { 189 HttpAuth::Target target) {
178 return target == HttpAuth::AUTH_PROXY ? "proxy" : "server"; 190 return target == HttpAuth::AUTH_PROXY ? "proxy" : "server";
179 } 191 }
180 192
181 } // namespace net 193 } // namespace net
OLDNEW
« no previous file with comments | « net/http/http_auth.h ('k') | net/http/http_auth_cache_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698