| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_controller.h" | 5 #include "net/http/http_auth_controller.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
| 10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
| (...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 150 return OK; | 150 return OK; |
| 151 const AuthCredentials* credentials = NULL; | 151 const AuthCredentials* credentials = NULL; |
| 152 if (identity_.source != HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS) | 152 if (identity_.source != HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS) |
| 153 credentials = &identity_.credentials; | 153 credentials = &identity_.credentials; |
| 154 DCHECK(auth_token_.empty()); | 154 DCHECK(auth_token_.empty()); |
| 155 DCHECK(callback_.is_null()); | 155 DCHECK(callback_.is_null()); |
| 156 int rv = handler_->GenerateAuthToken( | 156 int rv = handler_->GenerateAuthToken( |
| 157 credentials, request, | 157 credentials, request, |
| 158 base::Bind(&HttpAuthController::OnIOComplete, base::Unretained(this)), | 158 base::Bind(&HttpAuthController::OnIOComplete, base::Unretained(this)), |
| 159 &auth_token_); | 159 &auth_token_); |
| 160 if (DisableOnAuthHandlerResult(rv)) | 160 |
| 161 rv = OK; | 161 if (rv == ERR_IO_PENDING) { |
| 162 if (rv == ERR_IO_PENDING) | |
| 163 callback_ = callback; | 162 callback_ = callback; |
| 164 else | 163 return rv; |
| 165 OnIOComplete(rv); | 164 } |
| 166 return rv; | 165 |
| 166 return HandleGenerateTokenResult(rv); |
| 167 } | 167 } |
| 168 | 168 |
| 169 bool HttpAuthController::SelectPreemptiveAuth(const BoundNetLog& net_log) { | 169 bool HttpAuthController::SelectPreemptiveAuth(const BoundNetLog& net_log) { |
| 170 DCHECK(CalledOnValidThread()); | 170 DCHECK(CalledOnValidThread()); |
| 171 DCHECK(!HaveAuth()); | 171 DCHECK(!HaveAuth()); |
| 172 DCHECK(identity_.invalid); | 172 DCHECK(identity_.invalid); |
| 173 | 173 |
| 174 // Don't do preemptive authorization if the URL contains a username:password, | 174 // Don't do preemptive authorization if the URL contains a username:password, |
| 175 // since we must first be challenged in order to use the URL's identity. | 175 // since we must first be challenged in order to use the URL's identity. |
| 176 if (auth_url_.has_username()) | 176 if (auth_url_.has_username()) |
| (...skipping 286 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 463 // Populates response_.auth_challenge with the authentication challenge info. | 463 // Populates response_.auth_challenge with the authentication challenge info. |
| 464 // This info is consumed by URLRequestHttpJob::GetAuthChallengeInfo(). | 464 // This info is consumed by URLRequestHttpJob::GetAuthChallengeInfo(). |
| 465 | 465 |
| 466 auth_info_ = new AuthChallengeInfo; | 466 auth_info_ = new AuthChallengeInfo; |
| 467 auth_info_->is_proxy = (target_ == HttpAuth::AUTH_PROXY); | 467 auth_info_->is_proxy = (target_ == HttpAuth::AUTH_PROXY); |
| 468 auth_info_->challenger = url::Origin(auth_origin_); | 468 auth_info_->challenger = url::Origin(auth_origin_); |
| 469 auth_info_->scheme = HttpAuth::SchemeToString(handler_->auth_scheme()); | 469 auth_info_->scheme = HttpAuth::SchemeToString(handler_->auth_scheme()); |
| 470 auth_info_->realm = handler_->realm(); | 470 auth_info_->realm = handler_->realm(); |
| 471 } | 471 } |
| 472 | 472 |
| 473 bool HttpAuthController::DisableOnAuthHandlerResult(int result) { | 473 int HttpAuthController::HandleGenerateTokenResult(int result) { |
| 474 DCHECK(CalledOnValidThread()); | 474 DCHECK(CalledOnValidThread()); |
| 475 switch (result) { |
| 476 case ERR_INVALID_AUTH_CREDENTIALS: |
| 477 // If the GenerateAuthToken call fails with this error, this means that |
| 478 // the handler can no longer be used. However, the authentication scheme |
| 479 // is considered still usable. This allows a scheme that attempted and |
| 480 // failed to use default credentials to recover and use explicit |
| 481 // credentials. |
| 482 // |
| 483 // If the handler does not support any remaining identity sources, then |
| 484 // the authentication controller will pick another authentication handler. |
| 485 auth_token_.clear(); |
| 486 return OK; |
| 475 | 487 |
| 476 switch (result) { | |
| 477 // Occurs with GSSAPI, if the user has not already logged in. | 488 // Occurs with GSSAPI, if the user has not already logged in. |
| 478 case ERR_MISSING_AUTH_CREDENTIALS: | 489 case ERR_MISSING_AUTH_CREDENTIALS: |
| 479 | 490 |
| 480 // Can occur with GSSAPI or SSPI if the underlying library reports | 491 // Can occur with GSSAPI or SSPI if the underlying library reports |
| 481 // a permanent error. | 492 // a permanent error. |
| 482 case ERR_UNSUPPORTED_AUTH_SCHEME: | 493 case ERR_UNSUPPORTED_AUTH_SCHEME: |
| 483 | 494 |
| 484 // These two error codes represent failures we aren't handling. | 495 // These two error codes represent failures we aren't handling. |
| 485 case ERR_UNEXPECTED_SECURITY_LIBRARY_STATUS: | 496 case ERR_UNEXPECTED_SECURITY_LIBRARY_STATUS: |
| 486 case ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS: | 497 case ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS: |
| 487 | 498 |
| 488 // Can be returned by SSPI if the authenticating authority or | 499 // Can be returned by SSPI if the authenticating authority or |
| 489 // target is not known. | 500 // target is not known. |
| 490 case ERR_MISCONFIGURED_AUTH_ENVIRONMENT: | 501 case ERR_MISCONFIGURED_AUTH_ENVIRONMENT: |
| 491 | 502 |
| 492 // In these cases, disable the current scheme as it cannot | 503 // In these cases, disable the current scheme as it cannot |
| 493 // succeed. | 504 // succeed. |
| 494 DisableAuthScheme(handler_->auth_scheme()); | 505 DisableAuthScheme(handler_->auth_scheme()); |
| 495 auth_token_.clear(); | 506 auth_token_.clear(); |
| 496 return true; | 507 return OK; |
| 497 | 508 |
| 498 default: | 509 default: |
| 499 return false; | 510 return result; |
| 500 } | 511 } |
| 501 } | 512 } |
| 502 | 513 |
| 503 void HttpAuthController::OnIOComplete(int result) { | 514 void HttpAuthController::OnIOComplete(int result) { |
| 504 DCHECK(CalledOnValidThread()); | 515 DCHECK(CalledOnValidThread()); |
| 505 if (DisableOnAuthHandlerResult(result)) | 516 result = HandleGenerateTokenResult(result); |
| 506 result = OK; | |
| 507 if (!callback_.is_null()) { | 517 if (!callback_.is_null()) { |
| 508 CompletionCallback c = callback_; | 518 CompletionCallback c = callback_; |
| 509 callback_.Reset(); | 519 callback_.Reset(); |
| 510 c.Run(result); | 520 c.Run(result); |
| 511 } | 521 } |
| 512 } | 522 } |
| 513 | 523 |
| 514 scoped_refptr<AuthChallengeInfo> HttpAuthController::auth_info() { | 524 scoped_refptr<AuthChallengeInfo> HttpAuthController::auth_info() { |
| 515 DCHECK(CalledOnValidThread()); | 525 DCHECK(CalledOnValidThread()); |
| 516 return auth_info_; | 526 return auth_info_; |
| 517 } | 527 } |
| 518 | 528 |
| 519 bool HttpAuthController::IsAuthSchemeDisabled(HttpAuth::Scheme scheme) const { | 529 bool HttpAuthController::IsAuthSchemeDisabled(HttpAuth::Scheme scheme) const { |
| 520 DCHECK(CalledOnValidThread()); | 530 DCHECK(CalledOnValidThread()); |
| 521 return disabled_schemes_.find(scheme) != disabled_schemes_.end(); | 531 return disabled_schemes_.find(scheme) != disabled_schemes_.end(); |
| 522 } | 532 } |
| 523 | 533 |
| 524 void HttpAuthController::DisableAuthScheme(HttpAuth::Scheme scheme) { | 534 void HttpAuthController::DisableAuthScheme(HttpAuth::Scheme scheme) { |
| 525 DCHECK(CalledOnValidThread()); | 535 DCHECK(CalledOnValidThread()); |
| 526 disabled_schemes_.insert(scheme); | 536 disabled_schemes_.insert(scheme); |
| 527 } | 537 } |
| 528 | 538 |
| 529 void HttpAuthController::DisableEmbeddedIdentity() { | 539 void HttpAuthController::DisableEmbeddedIdentity() { |
| 530 DCHECK(CalledOnValidThread()); | 540 DCHECK(CalledOnValidThread()); |
| 531 embedded_identity_used_ = true; | 541 embedded_identity_used_ = true; |
| 532 } | 542 } |
| 533 | 543 |
| 534 } // namespace net | 544 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2432873003:
[Merge-54][net/auth] Don't abort network transaction over non-permanent auth errors. (Closed)
