Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(304)

Side by Side Diff: net/http/http_auth.h

Issue 3360017: Fix multi-round authentication.... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: SocketStream fix Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/http/http_auth.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_HTTP_AUTH_H_ 5 #ifndef NET_HTTP_HTTP_AUTH_H_
6 #define NET_HTTP_HTTP_AUTH_H_ 6 #define NET_HTTP_HTTP_AUTH_H_
7 #pragma once 7 #pragma once
8 8
9 #include <set> 9 #include <set>
10 #include <string> 10 #include <string>
11 11
12 #include "base/scoped_ptr.h" 12 #include "base/scoped_ptr.h"
13 #include "base/string16.h" 13 #include "base/string16.h"
14 #include "net/http/http_util.h" 14 #include "net/http/http_util.h"
15 15
16 template <class T> class scoped_refptr; 16 template <class T> class scoped_refptr;
17 17
18 namespace net { 18 namespace net {
19 19
20 class BoundNetLog; 20 class BoundNetLog;
21 class HttpAuthHandler; 21 class HttpAuthHandler;
22 class HttpAuthHandlerFactory; 22 class HttpAuthHandlerFactory;
23 class HttpResponseHeaders; 23 class HttpResponseHeaders;
24 24
25 // Utility class for http authentication. 25 // Utility class for http authentication.
26 class HttpAuth { 26 class HttpAuth {
27 public: 27 public:
28
29 // Http authentication can be done the the proxy server, origin server, 28 // Http authentication can be done the the proxy server, origin server,
30 // or both. This enum tracks who the target is. 29 // or both. This enum tracks who the target is.
31 enum Target { 30 enum Target {
32 AUTH_NONE = -1, 31 AUTH_NONE = -1,
33 // We depend on the valid targets (!= AUTH_NONE) being usable as indexes 32 // We depend on the valid targets (!= AUTH_NONE) being usable as indexes
34 // in an array, so start from 0. 33 // in an array, so start from 0.
35 AUTH_PROXY = 0, 34 AUTH_PROXY = 0,
36 AUTH_SERVER = 1, 35 AUTH_SERVER = 1,
37 AUTH_NUM_TARGETS = 2, 36 AUTH_NUM_TARGETS = 2,
38 }; 37 };
39 38
39 // What the HTTP WWW-Authenticate/Proxy-Authenticate headers indicate about
40 // the previous authorization attempt.
41 enum AuthorizationResult {
42 AUTHORIZATION_RESULT_ACCEPT, // The authorization attempt was accepted,
43 // although there still may be additional
44 // rounds of challenges.
45
46 AUTHORIZATION_RESULT_REJECT, // The authorization attempt was rejected.
47
48 AUTHORIZATION_RESULT_STALE, // (Digest) The nonce used in the
49 // authorization attempt is stale, but
50 // otherwise the attempt was valid.
51
52 AUTHORIZATION_RESULT_INVALID, // The authentication challenge headers are
53 // poorly formed (the authorization attempt
54 // itself may have been fine).
55 };
56
40 // Describes where the identity used for authentication came from. 57 // Describes where the identity used for authentication came from.
41 enum IdentitySource { 58 enum IdentitySource {
42 // Came from nowhere -- the identity is not initialized. 59 // Came from nowhere -- the identity is not initialized.
43 IDENT_SRC_NONE, 60 IDENT_SRC_NONE,
44 61
45 // The identity came from the auth cache, by doing a path-based 62 // The identity came from the auth cache, by doing a path-based
46 // lookup (premptive authorization). 63 // lookup (premptive authorization).
47 IDENT_SRC_PATH_LOOKUP, 64 IDENT_SRC_PATH_LOOKUP,
48 65
49 // The identity was extracted from a URL of the form: 66 // The identity was extracted from a URL of the form:
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
81 // Get the name of the header where the credentials go 98 // Get the name of the header where the credentials go
82 // (either Authorization or Proxy-Authorization). 99 // (either Authorization or Proxy-Authorization).
83 static std::string GetAuthorizationHeaderName(Target target); 100 static std::string GetAuthorizationHeaderName(Target target);
84 101
85 // Returns a string representation of a Target value that can be used in log 102 // Returns a string representation of a Target value that can be used in log
86 // messages. 103 // messages.
87 static std::string GetAuthTargetString(Target target); 104 static std::string GetAuthTargetString(Target target);
88 105
89 // Iterate through the challenge headers, and pick the best one that 106 // Iterate through the challenge headers, and pick the best one that
90 // we support. Obtains the implementation class for handling the challenge, 107 // we support. Obtains the implementation class for handling the challenge,
91 // and passes it back in |*handler|. If the existing handler in |*handler| 108 // and passes it back in |*handler|. If no supported challenge was found,
92 // should continue to be used (such as for the NTLM authentication scheme), 109 // |*handler| is set to NULL.
93 // |*handler| is unchanged. If no supported challenge was found, |*handler|
94 // is set to NULL.
95 // 110 //
96 // |disabled_schemes| is the set of schemes that we should not use. 111 // |disabled_schemes| is the set of schemes that we should not use.
97 // 112 //
98 // |origin| is used by the NTLM authentication scheme to construct the 113 // |origin| is used by the NTLM and Negotiation authentication scheme to
99 // service principal name. It is ignored by other schemes. 114 // construct the service principal name. It is ignored by other schemes.
100 //
101 // TODO(wtc): Continuing to use the existing handler in |*handler| (for
102 // NTLM) is new behavior. Rename ChooseBestChallenge to fully encompass
103 // what it does now.
104 static void ChooseBestChallenge( 115 static void ChooseBestChallenge(
105 HttpAuthHandlerFactory* http_auth_handler_factory, 116 HttpAuthHandlerFactory* http_auth_handler_factory,
106 const HttpResponseHeaders* headers, 117 const HttpResponseHeaders* headers,
107 Target target, 118 Target target,
108 const GURL& origin, 119 const GURL& origin,
109 const std::set<std::string>& disabled_schemes, 120 const std::set<std::string>& disabled_schemes,
110 const BoundNetLog& net_log, 121 const BoundNetLog& net_log,
111 scoped_ptr<HttpAuthHandler>* handler); 122 scoped_ptr<HttpAuthHandler>* handler);
112 123
124 // Handle a response to a previous authentication attempt.
125 static AuthorizationResult HandleChallengeResponse(
126 HttpAuthHandler* handler,
127 const HttpResponseHeaders* headers,
128 Target target,
129 const std::set<std::string>& disabled_schemes);
130
113 // ChallengeTokenizer breaks up a challenge string into the the auth scheme 131 // ChallengeTokenizer breaks up a challenge string into the the auth scheme
114 // and parameter list, according to RFC 2617 Sec 1.2: 132 // and parameter list, according to RFC 2617 Sec 1.2:
115 // challenge = auth-scheme 1*SP 1#auth-param 133 // challenge = auth-scheme 1*SP 1#auth-param
116 // 134 //
117 // Check valid() after each iteration step in case it was malformed. 135 // Check valid() after each iteration step in case it was malformed.
118 // Also note that value() will give whatever is to the right of the equals 136 // Also note that value() will give whatever is to the right of the equals
119 // sign, quotemarks and all. Use unquoted_value() to get the logical value. 137 // sign, quotemarks and all. Use unquoted_value() to get the logical value.
120 class ChallengeTokenizer { 138 class ChallengeTokenizer {
121 public: 139 public:
122 ChallengeTokenizer(std::string::const_iterator begin, 140 ChallengeTokenizer(std::string::const_iterator begin,
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
202 std::string::const_iterator value_end_; 220 std::string::const_iterator value_end_;
203 221
204 bool value_is_quoted_; 222 bool value_is_quoted_;
205 bool expect_base64_token_; 223 bool expect_base64_token_;
206 }; 224 };
207 }; 225 };
208 226
209 } // namespace net 227 } // namespace net
210 228
211 #endif // NET_HTTP_HTTP_AUTH_H_ 229 #endif // NET_HTTP_HTTP_AUTH_H_
OLDNEW
« no previous file with comments | « no previous file | net/http/http_auth.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698