Implement FTP auth through proxy

net/url_request/url_request_ftp_job.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/url_request/url_request_ftp_job.h"
 
 #include "base/compiler_specific.h"
 #include "base/message_loop.h"
 #include "base/utf_string_conversions.h"
 #include "net/base/auth.h"
@@ skipping 176 matching lines @@
   // The transaction started synchronously, but we need to notify the
   // URLRequest delegate via the message loop.
   OnStartCompletedAsync(rv);
 }
 
 void URLRequestFtpJob::StartHttpTransaction() {
   // Create a transaction.
   DCHECK(!http_transaction_);
 
   // Do not cache FTP responses sent through HTTP proxy.
-  // Do not send HTTP auth data because this is really FTP.
   request_->set_load_flags(request_->load_flags() |
                            LOAD_DISABLE_CACHE |
                            LOAD_DO_NOT_SAVE_COOKIES |
-                           LOAD_DO_NOT_SEND_AUTH_DATA |
                            LOAD_DO_NOT_SEND_COOKIES);
 
   http_request_info_.url = request_->url();
   http_request_info_.method = request_->method();
   http_request_info_.load_flags = request_->load_flags();
   http_request_info_.request_id = request_->identifier();
 
   int rv = request_->context()->http_transaction_factory()->CreateTransaction(
       priority_, &http_transaction_, NULL);
   if (rv == OK) {
@@ skipping 16 matching lines @@
 
   // Note that ftp_transaction_ may be NULL due to a creation failure.
   if (ftp_transaction_) {
     // FTP obviously doesn't have HTTP Content-Length header. We have to pass
     // the content size information manually.
     set_expected_content_size(
         ftp_transaction_->GetResponseInfo()->expected_content_size);
   }
 
   if (result == OK) {
-    if (http_transaction_)
+    if (http_transaction_) {
       response_info_ = http_transaction_->GetResponseInfo();
+
+      if (response_info_->headers->response_code() == 401 ||
+          response_info_->headers->response_code() == 407) {
+        HandleAuthNeededResponse();
+        return;
+      }
+    }
     NotifyHeadersComplete();
   } else if (ftp_transaction_ &&
              ftp_transaction_->GetResponseInfo()->needs_auth) {
-    GURL origin = request_->url().GetOrigin();
-    if (server_auth_ && server_auth_->state == AUTH_STATE_HAVE_AUTH) {
-      ftp_auth_cache_->Remove(origin, server_auth_->credentials);
-    } else if (!server_auth_) {
-      server_auth_ = new AuthData();
-    }
-    server_auth_->state = AUTH_STATE_NEED_AUTH;
-
-    FtpAuthCache::Entry* cached_auth = ftp_auth_cache_->Lookup(origin);
-    if (cached_auth) {
-      // Retry using cached auth data.
-      SetAuth(cached_auth->credentials);
-    } else {
-      // Prompt for a username/password.
-      NotifyHeadersComplete();
-    }
+    HandleAuthNeededResponse();
+    return;
   } else {
     NotifyDone(URLRequestStatus(URLRequestStatus::FAILED, result));
   }
 }
 
 void URLRequestFtpJob::OnStartCompletedAsync(int result) {
   MessageLoop::current()->PostTask(
       FROM_HERE,
       base::Bind(&URLRequestFtpJob::OnStartCompleted,
                  weak_factory_.GetWeakPtr(), result));
 }
 
 void URLRequestFtpJob::OnReadCompleted(int result) {
   read_in_progress_ = false;
   if (result == 0) {
     NotifyDone(URLRequestStatus());
   } else if (result < 0) {
     NotifyDone(URLRequestStatus(URLRequestStatus::FAILED, result));
   } else {
     // Clear the IO_PENDING status
     SetStatus(URLRequestStatus());
   }
   NotifyReadComplete(result);
 }
 
 void URLRequestFtpJob::RestartTransactionWithAuth() {
-  DCHECK(ftp_transaction_);
-  DCHECK(server_auth_ && server_auth_->state == AUTH_STATE_HAVE_AUTH);
+  DCHECK(auth_data_ && auth_data_->state == AUTH_STATE_HAVE_AUTH);
 
   // No matter what, we want to report our status as IO pending since we will
   // be notifying our consumer asynchronously via OnStartCompleted.
   SetStatus(URLRequestStatus(URLRequestStatus::IO_PENDING, 0));
 
-  int rv = ftp_transaction_->RestartWithAuth(
-      server_auth_->credentials,
-      base::Bind(&URLRequestFtpJob::OnStartCompleted,
-                 base::Unretained(this)));
+  int rv;
+  if (proxy_info_.is_direct()) {
+    rv = ftp_transaction_->RestartWithAuth(
+        auth_data_->credentials,
+        base::Bind(&URLRequestFtpJob::OnStartCompleted,
+                   base::Unretained(this)));
+  } else if (http_transaction_) {
+    rv = http_transaction_->RestartWithAuth(
+        auth_data_->credentials,
+        base::Bind(&URLRequestFtpJob::OnStartCompleted,
+                   base::Unretained(this)));
+  }
   if (rv == ERR_IO_PENDING)
     return;
 
   OnStartCompletedAsync(rv);
 }
 
 LoadState URLRequestFtpJob::GetLoadState() const {
   if (proxy_info_.is_direct()) {
     return ftp_transaction_ ?
         ftp_transaction_->GetLoadState() : LOAD_STATE_IDLE;
   } else {
     return http_transaction_ ?
         http_transaction_->GetLoadState() : LOAD_STATE_IDLE;
   }
 }
 
 bool URLRequestFtpJob::NeedsAuth() {
-  // TODO(phajdan.jr): Implement proxy auth, http://crbug.com/171497 .
-  if (!ftp_transaction_)
-    return false;
-
-  // Note that we only have to worry about cases where an actual FTP server
-  // requires auth (and not a proxy), because connecting to FTP via proxy
-  // effectively means the browser communicates via HTTP, and uses HTTP's
-  // Proxy-Authenticate protocol when proxy servers require auth.
-  return server_auth_ && server_auth_->state == AUTH_STATE_NEED_AUTH;
+  return auth_data_ && auth_data_->state == AUTH_STATE_NEED_AUTH;
 }
 
 void URLRequestFtpJob::GetAuthChallengeInfo(
     scoped_refptr<AuthChallengeInfo>* result) {
-  DCHECK((server_auth_ != NULL) &&
-         (server_auth_->state == AUTH_STATE_NEED_AUTH));
+  DCHECK(NeedsAuth());
+
+  if (response_info_) {
+    *result = response_info_->auth_challenge;
+    return;
+  }
+
   scoped_refptr<AuthChallengeInfo> auth_info(new AuthChallengeInfo);
   auth_info->is_proxy = false;
   auth_info->challenger = HostPortPair::FromURL(request_->url());
   // scheme and realm are kept empty.
   DCHECK(auth_info->scheme.empty());
   DCHECK(auth_info->realm.empty());
   result->swap(auth_info);
 }
 
 void URLRequestFtpJob::SetAuth(const AuthCredentials& credentials) {
-  DCHECK(ftp_transaction_);
+  DCHECK(ftp_transaction_ || http_transaction_);
   DCHECK(NeedsAuth());
-  server_auth_->state = AUTH_STATE_HAVE_AUTH;
-  server_auth_->credentials = credentials;
 
-  ftp_auth_cache_->Add(request_->url().GetOrigin(), server_auth_->credentials);
+  auth_data_->state = AUTH_STATE_HAVE_AUTH;
+  auth_data_->credentials = credentials;
+
+  ftp_auth_cache_->Add(request_->url().GetOrigin(),
+                       auth_data_->credentials);
 
   RestartTransactionWithAuth();
 }
 
 void URLRequestFtpJob::CancelAuth() {
-  DCHECK(ftp_transaction_);
+  DCHECK(ftp_transaction_ || http_transaction_);
   DCHECK(NeedsAuth());
-  server_auth_->state = AUTH_STATE_CANCELED;
+
+  auth_data_->state = AUTH_STATE_CANCELED;
 
   // Once the auth is cancelled, we proceed with the request as though
   // there were no auth.  Schedule this for later so that we don't cause
   // any recursing into the caller as a result of this call.
   OnStartCompletedAsync(OK);
 }
 
 UploadProgress URLRequestFtpJob::GetUploadProgress() const {
   return UploadProgress();
 }
@@ skipping 23 matching lines @@
 
   if (rv == ERR_IO_PENDING) {
     read_in_progress_ = true;
     SetStatus(URLRequestStatus(URLRequestStatus::IO_PENDING, 0));
   } else {
     NotifyDone(URLRequestStatus(URLRequestStatus::FAILED, rv));
   }
   return false;
 }
 
+void URLRequestFtpJob::HandleAuthNeededResponse() {
+  GURL origin = request_->url().GetOrigin();
+
+  if (auth_data_) {
+    if (auth_data_->state == AUTH_STATE_CANCELED) {
+      NotifyHeadersComplete();
+      return;
+    }
+
+    if (auth_data_->state == AUTH_STATE_HAVE_AUTH)
+      ftp_auth_cache_->Remove(origin, auth_data_->credentials);
+  } else {
+    auth_data_ = new AuthData;
+  }
+  auth_data_->state = AUTH_STATE_NEED_AUTH;
+
+  FtpAuthCache::Entry* cached_auth = ftp_auth_cache_->Lookup(origin);

[mmenke, 2013/03/28 18:34:52]

This seems wrong for proxy auth.  Looks like if a proxy asks for auth, and we
have cached credentials site, we'd try using the site credentials for
authenticating with the proxy.

+  if (cached_auth) {
+    // Retry using cached auth data.
+    SetAuth(cached_auth->credentials);
+  } else {
+    // Prompt for a username/password.
+    NotifyHeadersComplete();
+  }
+}
+
 }  // namespace net