From eca50e128ff1bc41bc0cc1d3fdf2e015ba459d4c Mon Sep 17 00:00:00 2001
From: "cbentzel@chromium.org"
 <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Sat, 11 Sep 2010 14:03:30 +0000
Subject: Fix multi-round authentication.

In the case of Negotiate, authentication can look like

C: GET
S: 401, WWW-Authenticate: Negotiate

C: GET, WWW-Authorization: Negotiate <client_token_1>
S: 401, WWW-Authenticate: Negotiate <server_token_1>

C: GET, WWW-Authorization: Negotiate <client_token_2>
S: 401, WWW-Authenticate: Negotiate <server_token_2>

on that third challenge, the handler was reported as being in "the final round" and this was treated as a rejection of the authentication attempt. After that, the new challenge token was used by a new auth handler that hadn't established a security context, and an ERR_INVALID_HANDLE would be returned.

This CL also does some prep work to correctly handle the "stale=true" value for Digest authentication, but I decided to defer the HttpAuthCache changes needed for that to a separate CL since this was large enough.

BUG=53282
TEST=net_unittests. Unfortunately, I haven't been able to set up a proxy/server to do more than two auth challenges, but this does happen in the wild.

Review URL: http://codereview.chromium.org/3360017

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59188 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/http/http_auth_cache_unittest.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'net/http/http_auth_cache_unittest.cc')

diff --git a/net/http/http_auth_cache_unittest.cc b/net/http/http_auth_cache_unittest.cc
index 5db49ee..7b68ae3 100644
--- a/net/http/http_auth_cache_unittest.cc
+++ b/net/http/http_auth_cache_unittest.cc
@@ -10,7 +10,6 @@
 #include "net/base/net_errors.h"
 #include "net/http/http_auth_cache.h"
 #include "net/http/http_auth_handler.h"
-
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
@@ -29,6 +28,11 @@ class MockAuthHandler : public HttpAuthHandler {
     properties_ = 0;
   }
 
+  HttpAuth::AuthorizationResult HandleAnotherChallenge(
+      HttpAuth::ChallengeTokenizer* challenge) {
+    return HttpAuth::AUTHORIZATION_RESULT_REJECT;
+  }
+
  protected:
   virtual bool Init(HttpAuth::ChallengeTokenizer* challenge) {
     return false;  // Unused.
-- 
cgit v1.1