Kerberos authentication backoff cleanup.

BUG=33033
TEST=None

Review URL: http://codereview.chromium.org/2883031

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53207 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 78 insertions, 5 deletions

diff --git a/net/http/http_auth_controller.cc b/net/http/http_auth_controller.cc
index e4196ba..c077ee8 100644
--- a/net/http/http_auth_controller.cc
+++ b/net/http/http_auth_controller.cc
@@ -88,7 +88,7 @@ int HttpAuthController::MaybeGenerateAuthToken(const HttpRequestInfo* request,
                                        &auth_token_);
   if (rv == ERR_IO_PENDING)
     user_callback_ = callback;
-  if (rv != ERR_IO_PENDING)
+  else
     OnIOComplete(rv);
   // This error occurs with GSSAPI, if the user has not already logged in.
   if (rv == ERR_MISSING_AUTH_CREDENTIALS)
@@ -342,7 +342,7 @@ void HttpAuthController::OnIOComplete(int result) {
   // In that case, disable the current scheme as it cannot succeed.
   if (result == ERR_MISSING_AUTH_CREDENTIALS) {
     DisableAuthScheme(handler_->scheme());
-    auth_token_.erase();
+    auth_token_.clear();
     result = OK;
   }
   if (user_callback_) {
diff --git a/net/http/http_auth_handler_negotiate_unittest.cc b/net/http/http_auth_handler_negotiate_unittest.cc
index a95eb44..4fcdad1 100644
--- a/net/http/http_auth_handler_negotiate_unittest.cc
+++ b/net/http/http_auth_handler_negotiate_unittest.cc
@@ -12,6 +12,7 @@
 #include "net/http/mock_sspi_library_win.h"
 #elif defined(OS_POSIX)
 #include "net/http/mock_gssapi_library_posix.h"
+#include "net/third_party/gssapi/gssapi.h"
 #endif
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
@@ -29,7 +30,6 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest {
  public:
   virtual void SetUp() {
     auth_library_.reset(new MockAuthLibrary());
-    SetupMocks(auth_library_.get());
     resolver_ = new MockHostResolver();
     resolver_->rules()->AddIPLiteralRule("alias", "10.0.0.2",
                                            "canonical.example.com");
@@ -132,8 +132,7 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest {
       },
     };
 
-    size_t i;
-    for (i = 0; i < arraysize(queries); ++i) {
+    for (size_t i = 0; i < arraysize(queries); ++i) {
       mock_library->ExpectSecurityContext(queries[i].expected_package,
                                           queries[i].response_code,
                                           queries[i].minor_response_code,
@@ -144,6 +143,38 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest {
 #endif  // defined(OS_POSIX)
   }
 
+#if defined(OS_POSIX)
+  void SetupErrorMocks(MockAuthLibrary* mock_library,
+                       int major_status,
+                       int minor_status) {
+    const gss_OID_desc kDefaultMech = { 0, NULL };
+    test::GssContextMockImpl context(
+        "localhost",                    // Source name
+        "example.com",                  // Target name
+        0,                              // Lifetime
+        kDefaultMech,                   // Mechanism
+        0,                              // Context flags
+        1,                              // Locally initiated
+        0);                             // Open
+    test::MockGSSAPILibrary::SecurityContextQuery query = {
+      "Negotiate",                    // Package name
+      major_status,                   // Major response code
+      minor_status,                   // Minor response code
+      context,                        // Context
+      { 0, NULL },                    // Expected input token
+      { 0, NULL }                     // Output token
+    };
+
+    mock_library->ExpectSecurityContext(query.expected_package,
+                                        query.response_code,
+                                        query.minor_response_code,
+                                        query.context_info,
+                                        query.expected_input_token,
+                                        query.output_token);
+  }
+
+#endif  // defined(OS_POSIX)
+
   int CreateHandler(bool disable_cname_lookup, bool use_port,
                      bool synchronous_resolve_mode,
                      const std::string& url_string,
@@ -172,6 +203,8 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest {
     return rv;
   }
 
+  MockAuthLibrary* AuthLibrary() { return auth_library_.get(); }
+
  private:
 #if defined(OS_WIN)
   scoped_ptr<SecPkgInfoW> security_package_;
@@ -183,6 +216,7 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest {
 };
 
 TEST_F(HttpAuthHandlerNegotiateTest, DisableCname) {
+  SetupMocks(AuthLibrary());
   scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
   EXPECT_EQ(OK, CreateHandler(
       true, false, true, "http://alias:500", &auth_handler));
@@ -204,6 +238,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCname) {
 }
 
 TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameStandardPort) {
+  SetupMocks(AuthLibrary());
   scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
   EXPECT_EQ(OK, CreateHandler(
       true, true, true, "http://alias:80", &auth_handler));
@@ -224,6 +259,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameStandardPort) {
 }
 
 TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameNonstandardPort) {
+  SetupMocks(AuthLibrary());
   scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
   EXPECT_EQ(OK, CreateHandler(
       true, true, true, "http://alias:500", &auth_handler));
@@ -244,6 +280,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameNonstandardPort) {
 }
 
 TEST_F(HttpAuthHandlerNegotiateTest, CnameSync) {
+  SetupMocks(AuthLibrary());
   scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
   EXPECT_EQ(OK, CreateHandler(
       false, false, true, "http://alias:500", &auth_handler));
@@ -264,6 +301,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, CnameSync) {
 }
 
 TEST_F(HttpAuthHandlerNegotiateTest, CnameAsync) {
+  SetupMocks(AuthLibrary());
   scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
   EXPECT_EQ(OK, CreateHandler(
       false, false, false, "http://alias:500", &auth_handler));
@@ -283,4 +321,39 @@ TEST_F(HttpAuthHandlerNegotiateTest, CnameAsync) {
 #endif
 }
 
+#if defined(OS_POSIX)
+
+// These tests are only for GSSAPI, as we can't use explicit credentials with
+// that library.
+
+TEST_F(HttpAuthHandlerNegotiateTest, ServerNotInKerberosDatabase) {
+  SetupErrorMocks(AuthLibrary(), GSS_S_FAILURE, 0x96C73A07);  // No server
+  scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
+  EXPECT_EQ(OK, CreateHandler(
+      false, false, false, "http://alias:500", &auth_handler));
+  ASSERT_TRUE(auth_handler.get() != NULL);
+  TestCompletionCallback callback;
+  HttpRequestInfo request_info;
+  std::string token;
+  EXPECT_EQ(ERR_IO_PENDING, auth_handler->GenerateAuthToken(
+      NULL, NULL, &request_info, &callback, &token));
+  EXPECT_EQ(ERR_MISSING_AUTH_CREDENTIALS, callback.WaitForResult());
+}
+
+TEST_F(HttpAuthHandlerNegotiateTest, NoKerberosCredentials) {
+  SetupErrorMocks(AuthLibrary(), GSS_S_FAILURE, 0x96C73AC3);  // No credentials
+  scoped_ptr<HttpAuthHandlerNegotiate> auth_handler;
+  EXPECT_EQ(OK, CreateHandler(
+      false, false, false, "http://alias:500", &auth_handler));
+  ASSERT_TRUE(auth_handler.get() != NULL);
+  TestCompletionCallback callback;
+  HttpRequestInfo request_info;
+  std::string token;
+  EXPECT_EQ(ERR_IO_PENDING, auth_handler->GenerateAuthToken(
+      NULL, NULL, &request_info, &callback, &token));
+  EXPECT_EQ(ERR_MISSING_AUTH_CREDENTIALS, callback.WaitForResult());
+}
+
+#endif  // defined(OS_POSIX)
+
 }  // namespace net