diff options
| author | ahendrickson@google.com <ahendrickson@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-20 04:43:31 +0000 |
|---|---|---|
| committer | ahendrickson@google.com <ahendrickson@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-20 04:43:31 +0000 |
| commit | cee6312f189d2cbdeaf4888170919422b6c65cdd (patch) | |
| tree | abfae8530416afc36f291884638fb2543b494acc /net/http/http_auth_unittest.cc | |
| parent | c91e99322f0ac5ef76165c76eb5ac3ae03f923ab (diff) | |
| download | chromium_src-cee6312f189d2cbdeaf4888170919422b6c65cdd.zip chromium_src-cee6312f189d2cbdeaf4888170919422b6c65cdd.tar.gz chromium_src-cee6312f189d2cbdeaf4888170919422b6c65cdd.tar.bz2 | |
Attempt to back off from Kerberos authentication if we don't have credentials.
If the user has a stale TGT, or is unable to generate a TGS for the server they are trying to communicate to, then generating an authentication token fails.
Rather than fail the entire network transaction in that case, we resend the request with an empty Authenticate (or Proxy-Authenticate) header, and remember that the Negotiate scheme is not a valid option for this particular transaction.
If the server responds back with headers like
WWW-Authenticate: Negotiate
WWW-Authenticate: Digest realm=foo
then the digest scheme is chosen in the next round.
BUG=33033
TEST=None
Review URL: http://codereview.chromium.org/3010010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53002 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http/http_auth_unittest.cc')
| -rw-r--r-- | net/http/http_auth_unittest.cc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/net/http/http_auth_unittest.cc b/net/http/http_auth_unittest.cc index b66e0be..cdc7e16 100644 --- a/net/http/http_auth_unittest.cc +++ b/net/http/http_auth_unittest.cc @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include <set> #include <string> #include "base/ref_counted.h" @@ -70,6 +71,7 @@ TEST(HttpAuthTest, ChooseBestChallenge) { } }; GURL origin("http://www.example.com"); + std::set<std::string> disabled_schemes; URLSecurityManagerAllow url_security_manager; scoped_ptr<HttpAuthHandlerRegistryFactory> http_auth_handler_factory( HttpAuthHandlerFactory::CreateDefault()); @@ -91,6 +93,7 @@ TEST(HttpAuthTest, ChooseBestChallenge) { headers.get(), HttpAuth::AUTH_SERVER, origin, + disabled_schemes, BoundNetLog(), &handler); @@ -129,6 +132,7 @@ TEST(HttpAuthTest, ChooseBestChallengeConnectionBasedNTLM) { } }; GURL origin("http://www.example.com"); + std::set<std::string> disabled_schemes; scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory( HttpAuthHandlerFactory::CreateDefault()); @@ -152,6 +156,7 @@ TEST(HttpAuthTest, ChooseBestChallengeConnectionBasedNTLM) { headers.get(), HttpAuth::AUTH_SERVER, origin, + disabled_schemes, BoundNetLog(), &handler); EXPECT_TRUE(handler != NULL); @@ -189,6 +194,7 @@ TEST(HttpAuthTest, ChooseBestChallengeConnectionBasedNegotiate) { } }; GURL origin("http://www.example.com"); + std::set<std::string> disabled_schemes; URLSecurityManagerAllow url_security_manager; scoped_ptr<HttpAuthHandlerRegistryFactory> http_auth_handler_factory( HttpAuthHandlerFactory::CreateDefault()); @@ -211,6 +217,7 @@ TEST(HttpAuthTest, ChooseBestChallengeConnectionBasedNegotiate) { headers.get(), HttpAuth::AUTH_SERVER, origin, + disabled_schemes, BoundNetLog(), &handler); |