| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_controller.h" | 5 #include "net/http/http_auth_controller.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
| 10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 151 return OK; | 151 return OK; |
| 152 const AuthCredentials* credentials = NULL; | 152 const AuthCredentials* credentials = NULL; |
| 153 if (identity_.source != HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS) | 153 if (identity_.source != HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS) |
| 154 credentials = &identity_.credentials; | 154 credentials = &identity_.credentials; |
| 155 DCHECK(auth_token_.empty()); | 155 DCHECK(auth_token_.empty()); |
| 156 DCHECK(callback_.is_null()); | 156 DCHECK(callback_.is_null()); |
| 157 int rv = handler_->GenerateAuthToken( | 157 int rv = handler_->GenerateAuthToken( |
| 158 credentials, request, | 158 credentials, request, |
| 159 base::Bind(&HttpAuthController::OnIOComplete, base::Unretained(this)), | 159 base::Bind(&HttpAuthController::OnIOComplete, base::Unretained(this)), |
| 160 &auth_token_); | 160 &auth_token_); |
| 161 if (DisableOnAuthHandlerResult(rv)) | 161 |
| 162 rv = OK; | 162 if (rv == ERR_IO_PENDING) { |
| 163 if (rv == ERR_IO_PENDING) | |
| 164 callback_ = callback; | 163 callback_ = callback; |
| 165 else | 164 return rv; |
| 166 OnIOComplete(rv); | 165 } |
| 167 return rv; | 166 |
| 167 return HandleGenerateTokenResult(rv); |
| 168 } | 168 } |
| 169 | 169 |
| 170 bool HttpAuthController::SelectPreemptiveAuth(const NetLogWithSource& net_log) { | 170 bool HttpAuthController::SelectPreemptiveAuth(const NetLogWithSource& net_log) { |
| 171 DCHECK(CalledOnValidThread()); | 171 DCHECK(CalledOnValidThread()); |
| 172 DCHECK(!HaveAuth()); | 172 DCHECK(!HaveAuth()); |
| 173 DCHECK(identity_.invalid); | 173 DCHECK(identity_.invalid); |
| 174 | 174 |
| 175 // Don't do preemptive authorization if the URL contains a username:password, | 175 // Don't do preemptive authorization if the URL contains a username:password, |
| 176 // since we must first be challenged in order to use the URL's identity. | 176 // since we must first be challenged in order to use the URL's identity. |
| 177 if (auth_url_.has_username()) | 177 if (auth_url_.has_username()) |
| (...skipping 286 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 464 // Populates response_.auth_challenge with the authentication challenge info. | 464 // Populates response_.auth_challenge with the authentication challenge info. |
| 465 // This info is consumed by URLRequestHttpJob::GetAuthChallengeInfo(). | 465 // This info is consumed by URLRequestHttpJob::GetAuthChallengeInfo(). |
| 466 | 466 |
| 467 auth_info_ = new AuthChallengeInfo; | 467 auth_info_ = new AuthChallengeInfo; |
| 468 auth_info_->is_proxy = (target_ == HttpAuth::AUTH_PROXY); | 468 auth_info_->is_proxy = (target_ == HttpAuth::AUTH_PROXY); |
| 469 auth_info_->challenger = url::Origin(auth_origin_); | 469 auth_info_->challenger = url::Origin(auth_origin_); |
| 470 auth_info_->scheme = HttpAuth::SchemeToString(handler_->auth_scheme()); | 470 auth_info_->scheme = HttpAuth::SchemeToString(handler_->auth_scheme()); |
| 471 auth_info_->realm = handler_->realm(); | 471 auth_info_->realm = handler_->realm(); |
| 472 } | 472 } |
| 473 | 473 |
| 474 bool HttpAuthController::DisableOnAuthHandlerResult(int result) { | 474 int HttpAuthController::HandleGenerateTokenResult(int result) { |
| 475 DCHECK(CalledOnValidThread()); | 475 DCHECK(CalledOnValidThread()); |
| 476 switch (result) { |
| 477 case ERR_INVALID_AUTH_CREDENTIALS: |
| 478 // If the GenerateAuthToken call fails with this error, this means that |
| 479 // the handler can no longer be used. However, the authentication scheme |
| 480 // is considered still usable. This allows a scheme that attempted and |
| 481 // failed to use default credentials to recover and use explicit |
| 482 // credentials. |
| 483 // |
| 484 // If the handler does not support any remaining identity sources, then |
| 485 // the authentication controller will pick another authentication handler. |
| 486 auth_token_.clear(); |
| 487 return OK; |
| 476 | 488 |
| 477 switch (result) { | |
| 478 // Occurs with GSSAPI, if the user has not already logged in. | 489 // Occurs with GSSAPI, if the user has not already logged in. |
| 479 case ERR_MISSING_AUTH_CREDENTIALS: | 490 case ERR_MISSING_AUTH_CREDENTIALS: |
| 480 | 491 |
| 481 // Can occur with GSSAPI or SSPI if the underlying library reports | 492 // Can occur with GSSAPI or SSPI if the underlying library reports |
| 482 // a permanent error. | 493 // a permanent error. |
| 483 case ERR_UNSUPPORTED_AUTH_SCHEME: | 494 case ERR_UNSUPPORTED_AUTH_SCHEME: |
| 484 | 495 |
| 485 // These two error codes represent failures we aren't handling. | 496 // These two error codes represent failures we aren't handling. |
| 486 case ERR_UNEXPECTED_SECURITY_LIBRARY_STATUS: | 497 case ERR_UNEXPECTED_SECURITY_LIBRARY_STATUS: |
| 487 case ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS: | 498 case ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS: |
| 488 | 499 |
| 489 // Can be returned by SSPI if the authenticating authority or | 500 // Can be returned by SSPI if the authenticating authority or |
| 490 // target is not known. | 501 // target is not known. |
| 491 case ERR_MISCONFIGURED_AUTH_ENVIRONMENT: | 502 case ERR_MISCONFIGURED_AUTH_ENVIRONMENT: |
| 492 | 503 |
| 493 // In these cases, disable the current scheme as it cannot | 504 // In these cases, disable the current scheme as it cannot |
| 494 // succeed. | 505 // succeed. |
| 495 DisableAuthScheme(handler_->auth_scheme()); | 506 DisableAuthScheme(handler_->auth_scheme()); |
| 496 auth_token_.clear(); | 507 auth_token_.clear(); |
| 497 return true; | 508 return OK; |
| 498 | 509 |
| 499 default: | 510 default: |
| 500 return false; | 511 return result; |
| 501 } | 512 } |
| 502 } | 513 } |
| 503 | 514 |
| 504 void HttpAuthController::OnIOComplete(int result) { | 515 void HttpAuthController::OnIOComplete(int result) { |
| 505 DCHECK(CalledOnValidThread()); | 516 DCHECK(CalledOnValidThread()); |
| 506 if (DisableOnAuthHandlerResult(result)) | 517 result = HandleGenerateTokenResult(result); |
| 507 result = OK; | |
| 508 if (!callback_.is_null()) { | 518 if (!callback_.is_null()) { |
| 509 CompletionCallback c = callback_; | 519 CompletionCallback c = callback_; |
| 510 callback_.Reset(); | 520 callback_.Reset(); |
| 511 c.Run(result); | 521 c.Run(result); |
| 512 } | 522 } |
| 513 } | 523 } |
| 514 | 524 |
| 515 scoped_refptr<AuthChallengeInfo> HttpAuthController::auth_info() { | 525 scoped_refptr<AuthChallengeInfo> HttpAuthController::auth_info() { |
| 516 DCHECK(CalledOnValidThread()); | 526 DCHECK(CalledOnValidThread()); |
| 517 return auth_info_; | 527 return auth_info_; |
| 518 } | 528 } |
| 519 | 529 |
| 520 bool HttpAuthController::IsAuthSchemeDisabled(HttpAuth::Scheme scheme) const { | 530 bool HttpAuthController::IsAuthSchemeDisabled(HttpAuth::Scheme scheme) const { |
| 521 DCHECK(CalledOnValidThread()); | 531 DCHECK(CalledOnValidThread()); |
| 522 return disabled_schemes_.find(scheme) != disabled_schemes_.end(); | 532 return disabled_schemes_.find(scheme) != disabled_schemes_.end(); |
| 523 } | 533 } |
| 524 | 534 |
| 525 void HttpAuthController::DisableAuthScheme(HttpAuth::Scheme scheme) { | 535 void HttpAuthController::DisableAuthScheme(HttpAuth::Scheme scheme) { |
| 526 DCHECK(CalledOnValidThread()); | 536 DCHECK(CalledOnValidThread()); |
| 527 disabled_schemes_.insert(scheme); | 537 disabled_schemes_.insert(scheme); |
| 528 } | 538 } |
| 529 | 539 |
| 530 void HttpAuthController::DisableEmbeddedIdentity() { | 540 void HttpAuthController::DisableEmbeddedIdentity() { |
| 531 DCHECK(CalledOnValidThread()); | 541 DCHECK(CalledOnValidThread()); |
| 532 embedded_identity_used_ = true; | 542 embedded_identity_used_ = true; |
| 533 } | 543 } |
| 534 | 544 |
| 535 } // namespace net | 545 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2382293004:
[net/auth] Don't abort network transaction over non-permanent auth errors. (Closed)
