diff options
| author | cbentzel@chromium.org <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-09-11 14:03:30 +0000 |
|---|---|---|
| committer | cbentzel@chromium.org <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-09-11 14:03:30 +0000 |
| commit | eca50e128ff1bc41bc0cc1d3fdf2e015ba459d4c (patch) | |
| tree | ae0368388f38766781c5ddff86c9e0e2c0c9c362 /net/http/http_auth_handler_ntlm.h | |
| parent | 4630db4630bc415cc3b7be70bce87160559810df (diff) | |
| download | chromium_src-eca50e128ff1bc41bc0cc1d3fdf2e015ba459d4c.zip chromium_src-eca50e128ff1bc41bc0cc1d3fdf2e015ba459d4c.tar.gz chromium_src-eca50e128ff1bc41bc0cc1d3fdf2e015ba459d4c.tar.bz2 | |
Fix multi-round authentication.
In the case of Negotiate, authentication can look like
C: GET
S: 401, WWW-Authenticate: Negotiate
C: GET, WWW-Authorization: Negotiate <client_token_1>
S: 401, WWW-Authenticate: Negotiate <server_token_1>
C: GET, WWW-Authorization: Negotiate <client_token_2>
S: 401, WWW-Authenticate: Negotiate <server_token_2>
on that third challenge, the handler was reported as being in "the final round" and this was treated as a rejection of the authentication attempt. After that, the new challenge token was used by a new auth handler that hadn't established a security context, and an ERR_INVALID_HANDLE would be returned.
This CL also does some prep work to correctly handle the "stale=true" value for Digest authentication, but I decided to defer the HttpAuthCache changes needed for that to a separate CL since this was large enough.
BUG=53282
TEST=net_unittests. Unfortunately, I haven't been able to set up a proxy/server to do more than two auth challenges, but this does happen in the wild.
Review URL: http://codereview.chromium.org/3360017
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59188 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http/http_auth_handler_ntlm.h')
| -rw-r--r-- | net/http/http_auth_handler_ntlm.h | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/net/http/http_auth_handler_ntlm.h b/net/http/http_auth_handler_ntlm.h index 00d6905..831e43d 100644 --- a/net/http/http_auth_handler_ntlm.h +++ b/net/http/http_auth_handler_ntlm.h @@ -108,14 +108,13 @@ class HttpAuthHandlerNTLM : public HttpAuthHandler { virtual bool NeedsIdentity(); - virtual bool IsFinalRound(); - virtual bool AllowsDefaultCredentials(); + virtual HttpAuth::AuthorizationResult HandleAnotherChallenge( + HttpAuth::ChallengeTokenizer* challenge); + protected: - virtual bool Init(HttpAuth::ChallengeTokenizer* tok) { - return ParseChallenge(tok); - } + virtual bool Init(HttpAuth::ChallengeTokenizer* tok); virtual int GenerateAuthTokenImpl(const string16* username, const string16* password, @@ -138,8 +137,8 @@ class HttpAuthHandlerNTLM : public HttpAuthHandler { #endif // Parse the challenge, saving the results into this instance. - // Returns true on success. - bool ParseChallenge(HttpAuth::ChallengeTokenizer* tok); + HttpAuth::AuthorizationResult ParseChallenge( + HttpAuth::ChallengeTokenizer* tok, bool initial_challenge); // Given an input token received from the server, generate the next output // token to be sent to the server. |