Fix for Proxy server authentication without credentials available.

This covers the cases using GSSAPI for Negotiate to authenticate to a proxy, where:

- The user does not have a TGT (Ticket Generating Ticket), or
- The user is unable to get to the TGS (Ticket Granting Server).

The bug was that the authentication system tried to reuse the Negotiate handler even though it was not possible for it to succeed, leading to infinite retries.

BUG=33033
Test=None

Review URL: http://codereview.chromium.org/3040015

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53819 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 5 insertions, 5 deletions

diff --git a/net/http/http_auth.cc b/net/http/http_auth.cc
index ff2ac4f..e6fdfe8 100644
--- a/net/http/http_auth.cc
+++ b/net/http/http_auth.cc
@@ -31,7 +31,8 @@ void HttpAuth::ChooseBestChallenge(
 
   // A connection-based authentication scheme must continue to use the
   // existing handler object in |*handler|.
-  if (handler->get() && (*handler)->is_connection_based()) {
+  if (handler->get() && (*handler)->is_connection_based() &&
+      (disabled_schemes.find((*handler)->scheme()) == disabled_schemes.end())) {
     const std::string header_name = GetChallengeHeaderName(target);
     std::string challenge;
     void* iter = NULL;
@@ -57,10 +58,9 @@ void HttpAuth::ChooseBestChallenge(
                    << ErrorToString(rv) << " Challenge: " << cur_challenge;
       continue;
     }
-    if (cur.get() && (!best.get() || best->score() < cur->score())) {
-      if (disabled_schemes.find(cur->scheme()) == disabled_schemes.end())
-        best.swap(cur);
-    }
+    if (cur.get() && (!best.get() || best->score() < cur->score()) &&
+        (disabled_schemes.find(cur->scheme()) == disabled_schemes.end()))
+      best.swap(cur);
   }
   handler->swap(best);
 }