Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(213)

Side by Side Diff: net/http/http_auth_handler.h

Issue 3360017: Fix multi-round authentication.... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: SocketStream fix Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/http/http_auth_gssapi_posix_unittest.cc ('k') | net/http/http_auth_handler_basic.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_H_ 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_H_
6 #define NET_HTTP_HTTP_AUTH_HANDLER_H_ 6 #define NET_HTTP_HTTP_AUTH_HANDLER_H_
7 #pragma once 7 #pragma once
8 8
9 #include <string> 9 #include <string>
10 10
(...skipping 20 matching lines...) Expand all
31 // Initializes the handler using a challenge issued by a server. 31 // Initializes the handler using a challenge issued by a server.
32 // |challenge| must be non-NULL and have already tokenized the 32 // |challenge| must be non-NULL and have already tokenized the
33 // authentication scheme, but none of the tokens occuring after the 33 // authentication scheme, but none of the tokens occuring after the
34 // authentication scheme. |target| and |origin| are both stored 34 // authentication scheme. |target| and |origin| are both stored
35 // for later use, and are not part of the initial challenge. 35 // for later use, and are not part of the initial challenge.
36 bool InitFromChallenge(HttpAuth::ChallengeTokenizer* challenge, 36 bool InitFromChallenge(HttpAuth::ChallengeTokenizer* challenge,
37 HttpAuth::Target target, 37 HttpAuth::Target target,
38 const GURL& origin, 38 const GURL& origin,
39 const BoundNetLog& net_log); 39 const BoundNetLog& net_log);
40 40
41 // Determines how the previous authorization attempt was received.
42 //
43 // This is called when the server/proxy responds with a 401/407 after an
44 // earlier authorization attempt. Although this normally means that the
45 // previous attempt was rejected, in multi-round schemes such as
46 // NTLM+Negotiate it may indicate that another round of challenge+response
47 // is required. For Digest authentication it may also mean that the previous
48 // attempt used a stale nonce (and nonce-count) and that a new attempt should
49 // be made with a different nonce provided in the challenge.
50 //
51 // |challenge| must be non-NULL and have already tokenized the
52 // authentication scheme, but none of the tokens occuring after the
53 // authentication scheme.
54 virtual HttpAuth::AuthorizationResult HandleAnotherChallenge(
55 HttpAuth::ChallengeTokenizer* challenge) = 0;
56
41 // Generates an authentication token, potentially asynchronously. 57 // Generates an authentication token, potentially asynchronously.
42 // 58 //
43 // When |username| and |password| are NULL, the default credentials for 59 // When |username| and |password| are NULL, the default credentials for
44 // the currently logged in user are used. |AllowsDefaultCredentials()| MUST be 60 // the currently logged in user are used. |AllowsDefaultCredentials()| MUST be
45 // true in this case. 61 // true in this case.
46 // 62 //
47 // |request|, |callback|, and |auth_token| must be non-NULL. 63 // |request|, |callback|, and |auth_token| must be non-NULL.
48 // 64 //
49 // The return value is a net error code. 65 // The return value is a net error code.
50 // If |OK| is returned, |*auth_token| is filled in with an authentication 66 // If |OK| is returned, |*auth_token| is filled in with an authentication
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
100 bool is_connection_based() const { 116 bool is_connection_based() const {
101 return (properties_ & IS_CONNECTION_BASED) != 0; 117 return (properties_ & IS_CONNECTION_BASED) != 0;
102 } 118 }
103 119
104 // Returns true if the response to the current authentication challenge 120 // Returns true if the response to the current authentication challenge
105 // requires an identity. 121 // requires an identity.
106 // TODO(wtc): Find a better way to handle a multi-round challenge-response 122 // TODO(wtc): Find a better way to handle a multi-round challenge-response
107 // sequence used by a connection-based authentication scheme. 123 // sequence used by a connection-based authentication scheme.
108 virtual bool NeedsIdentity() { return true; } 124 virtual bool NeedsIdentity() { return true; }
109 125
110 // Returns true if this is the final round of the authentication sequence.
111 // For Basic and Digest, the method always returns true because they are
112 // single-round schemes.
113 virtual bool IsFinalRound() { return true; }
114
115 // Returns whether the default credentials may be used for the |origin| passed 126 // Returns whether the default credentials may be used for the |origin| passed
116 // into |InitFromChallenge|. If true, the user does not need to be prompted 127 // into |InitFromChallenge|. If true, the user does not need to be prompted
117 // for username and password to establish credentials. 128 // for username and password to establish credentials.
118 // NOTE: SSO is a potential security risk. 129 // NOTE: SSO is a potential security risk.
119 // TODO(cbentzel): Add a pointer to Firefox documentation about risk. 130 // TODO(cbentzel): Add a pointer to Firefox documentation about risk.
120 virtual bool AllowsDefaultCredentials() { return false; } 131 virtual bool AllowsDefaultCredentials() { return false; }
121 132
122 protected: 133 protected:
123 enum Property { 134 enum Property {
124 ENCRYPTS_IDENTITY = 1 << 0, 135 ENCRYPTS_IDENTITY = 1 << 0,
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
175 CompletionCallback* original_callback_; 186 CompletionCallback* original_callback_;
176 CompletionCallbackImpl<HttpAuthHandler> wrapper_callback_; 187 CompletionCallbackImpl<HttpAuthHandler> wrapper_callback_;
177 // When GenerateAuthToken was called. 188 // When GenerateAuthToken was called.
178 base::TimeTicks generate_auth_token_start_; 189 base::TimeTicks generate_auth_token_start_;
179 scoped_refptr<Histogram> histogram_; 190 scoped_refptr<Histogram> histogram_;
180 }; 191 };
181 192
182 } // namespace net 193 } // namespace net
183 194
184 #endif // NET_HTTP_HTTP_AUTH_HANDLER_H_ 195 #endif // NET_HTTP_HTTP_AUTH_HANDLER_H_
OLDNEW
« no previous file with comments | « net/http/http_auth_gssapi_posix_unittest.cc ('k') | net/http/http_auth_handler_basic.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698