diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/http/http_auth_controller.cc | 58 | ||||
| -rw-r--r-- | net/http/http_auth_controller.h | 4 |
2 files changed, 61 insertions, 1 deletions
diff --git a/net/http/http_auth_controller.cc b/net/http/http_auth_controller.cc index 7fe07f4..736ffa9 100644 --- a/net/http/http_auth_controller.cc +++ b/net/http/http_auth_controller.cc @@ -4,6 +4,7 @@ #include "net/http/http_auth_controller.h" +#include "base/histogram.h" #include "base/string_util.h" #include "base/utf_string_conversions.h" #include "net/base/auth.h" @@ -49,6 +50,42 @@ std::string AuthChallengeLogMessage(HttpResponseHeaders* headers) { return msg; } +enum AuthEvent { + AUTH_EVENT_START = 0, + AUTH_EVENT_REJECT = 1, + AUTH_EVENT_MAX = 2, +}; + +// Records the number of authentication events per authentication scheme. +void HistogramAuthEvent(HttpAuthHandler* handler, AuthEvent auth_event) { +#if !defined(NDEBUG) + // Note: The on-same-thread check is intentionally not using a lock + // to protect access to first_thread. This method is meant to be only + // used on the same thread, in which case there are no race conditions. If + // there are race conditions (say, a read completes during a partial write), + // the DCHECK will correctly fail. + static PlatformThreadId first_thread = PlatformThread::CurrentId(); + DCHECK_EQ(first_thread, PlatformThread::CurrentId()); +#endif + + // This assumes that the schemes maintain a consistent score from + // 1 to 4 inclusive. The results map to: + // Basic Start: 0 + // Basic Reject: 1 + // Digest Start: 2 + // Digest Reject: 3 + // NTLM Start: 4 + // NTLM Reject: 5 + // Negotiate Start: 6 + // Negotiate Reject: 7 + static const int kScoreMin = 1; + static const int kScoreMax = 4; + static const int kBucketsMax = kScoreMax * AUTH_EVENT_MAX + 1; + DCHECK(handler->score() >= kScoreMin && handler->score() <= kScoreMax); + int bucket = (handler->score() - kScoreMin) * AUTH_EVENT_MAX + auth_event; + UMA_HISTOGRAM_ENUMERATION("Net.HttpAuthCount", bucket, kBucketsMax); +} + } // namespace HttpAuthController::HttpAuthController( @@ -70,12 +107,14 @@ HttpAuthController::HttpAuthController( } HttpAuthController::~HttpAuthController() { + DCHECK(CalledOnValidThread()); user_callback_ = NULL; } int HttpAuthController::MaybeGenerateAuthToken(const HttpRequestInfo* request, CompletionCallback* callback, const BoundNetLog& net_log) { + DCHECK(CalledOnValidThread()); bool needs_auth = HaveAuth() || SelectPreemptiveAuth(net_log); if (!needs_auth) return OK; @@ -103,6 +142,7 @@ int HttpAuthController::MaybeGenerateAuthToken(const HttpRequestInfo* request, } bool HttpAuthController::SelectPreemptiveAuth(const BoundNetLog& net_log) { + DCHECK(CalledOnValidThread()); DCHECK(!HaveAuth()); DCHECK(identity_.invalid); @@ -141,6 +181,7 @@ bool HttpAuthController::SelectPreemptiveAuth(const BoundNetLog& net_log) { void HttpAuthController::AddAuthorizationHeader( HttpRequestHeaders* authorization_headers) { + DCHECK(CalledOnValidThread()); DCHECK(HaveAuth()); authorization_headers->SetHeader( HttpAuth::GetAuthorizationHeaderName(target_), auth_token_); @@ -152,6 +193,7 @@ int HttpAuthController::HandleAuthChallenge( bool do_not_send_server_auth, bool establishing_tunnel, const BoundNetLog& net_log) { + DCHECK(CalledOnValidThread()); DCHECK(headers); DCHECK(auth_origin_.is_valid()); LOG(INFO) << "The " << HttpAuth::GetAuthTargetString(target_) << " " @@ -170,7 +212,10 @@ int HttpAuthController::HandleAuthChallenge( case HttpAuth::AUTHORIZATION_RESULT_ACCEPT: break; case HttpAuth::AUTHORIZATION_RESULT_INVALID: + InvalidateCurrentHandler(); + break; case HttpAuth::AUTHORIZATION_RESULT_REJECT: + HistogramAuthEvent(handler_.get(), AUTH_EVENT_REJECT); InvalidateCurrentHandler(); break; case HttpAuth::AUTHORIZATION_RESULT_STALE: @@ -203,6 +248,8 @@ int HttpAuthController::HandleAuthChallenge( headers, target_, auth_origin_, disabled_schemes_, net_log, &handler_); + if (handler_.get()) + HistogramAuthEvent(handler_.get(), AUTH_EVENT_START); } if (!handler_.get()) { @@ -247,6 +294,7 @@ int HttpAuthController::HandleAuthChallenge( void HttpAuthController::ResetAuth(const string16& username, const string16& password) { + DCHECK(CalledOnValidThread()); DCHECK(identity_.invalid || (username.empty() && password.empty())); if (identity_.invalid) { @@ -287,12 +335,15 @@ void HttpAuthController::ResetAuth(const string16& username, } void HttpAuthController::InvalidateCurrentHandler() { + DCHECK(CalledOnValidThread()); + InvalidateRejectedAuthFromCache(); handler_.reset(); identity_ = HttpAuth::Identity(); } void HttpAuthController::InvalidateRejectedAuthFromCache() { + DCHECK(CalledOnValidThread()); DCHECK(HaveAuth()); // TODO(eroman): this short-circuit can be relaxed. If the realm of @@ -311,6 +362,7 @@ void HttpAuthController::InvalidateRejectedAuthFromCache() { } bool HttpAuthController::SelectNextAuthIdentityToTry() { + DCHECK(CalledOnValidThread()); DCHECK(handler_.get()); DCHECK(identity_.invalid); @@ -358,6 +410,8 @@ bool HttpAuthController::SelectNextAuthIdentityToTry() { } void HttpAuthController::PopulateAuthChallenge() { + DCHECK(CalledOnValidThread()); + // Populates response_.auth_challenge with the authentication challenge info. // This info is consumed by URLRequestHttpJob::GetAuthChallengeInfo(). @@ -370,6 +424,7 @@ void HttpAuthController::PopulateAuthChallenge() { } void HttpAuthController::OnIOComplete(int result) { + DCHECK(CalledOnValidThread()); // This error occurs with GSSAPI, if the user has not already logged in. // In that case, disable the current scheme as it cannot succeed. if (result == ERR_MISSING_AUTH_CREDENTIALS) { @@ -385,14 +440,17 @@ void HttpAuthController::OnIOComplete(int result) { } scoped_refptr<AuthChallengeInfo> HttpAuthController::auth_info() { + DCHECK(CalledOnValidThread()); return auth_info_; } bool HttpAuthController::IsAuthSchemeDisabled(const std::string& scheme) const { + DCHECK(CalledOnValidThread()); return disabled_schemes_.find(scheme) != disabled_schemes_.end(); } void HttpAuthController::DisableAuthScheme(const std::string& scheme) { + DCHECK(CalledOnValidThread()); disabled_schemes_.insert(scheme); } diff --git a/net/http/http_auth_controller.h b/net/http/http_auth_controller.h index 097c4bc..bcda707 100644 --- a/net/http/http_auth_controller.h +++ b/net/http/http_auth_controller.h @@ -10,6 +10,7 @@ #include <string> #include "base/basictypes.h" +#include "base/non_thread_safe.h" #include "base/ref_counted.h" #include "base/scoped_ptr.h" #include "base/string16.h" @@ -27,7 +28,8 @@ class HttpAuthCache; class HttpRequestHeaders; struct HttpRequestInfo; -class HttpAuthController : public base::RefCounted<HttpAuthController> { +class HttpAuthController : public base::RefCounted<HttpAuthController>, + public NonThreadSafe { public: // The arguments are self explanatory except possibly for |auth_url|, which // should be both the auth target and auth path in a single url argument. |