From cee6312f189d2cbdeaf4888170919422b6c65cdd Mon Sep 17 00:00:00 2001
From: "ahendrickson@google.com"
 <ahendrickson@google.com@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue, 20 Jul 2010 04:43:31 +0000
Subject: Attempt to back off from Kerberos authentication if we don't have
 credentials.

If the user has a stale TGT, or is unable to generate a TGS for the server they are trying to communicate to, then generating an authentication token fails.
Rather than fail the entire network transaction in that case, we resend the request with an empty Authenticate (or Proxy-Authenticate) header, and remember that the Negotiate scheme is not a valid option for this particular transaction.

If the server responds back with headers like

WWW-Authenticate: Negotiate
WWW-Authenticate: Digest realm=foo

then the digest scheme is chosen in the next round.

BUG=33033
TEST=None

Review URL: http://codereview.chromium.org/3010010

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53002 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/http/http_auth_unittest.cc | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'net/http/http_auth_unittest.cc')

diff --git a/net/http/http_auth_unittest.cc b/net/http/http_auth_unittest.cc
index b66e0be..cdc7e16 100644
--- a/net/http/http_auth_unittest.cc
+++ b/net/http/http_auth_unittest.cc
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <set>
 #include <string>
 
 #include "base/ref_counted.h"
@@ -70,6 +71,7 @@ TEST(HttpAuthTest, ChooseBestChallenge) {
     }
   };
   GURL origin("http://www.example.com");
+  std::set<std::string> disabled_schemes;
   URLSecurityManagerAllow url_security_manager;
   scoped_ptr<HttpAuthHandlerRegistryFactory> http_auth_handler_factory(
       HttpAuthHandlerFactory::CreateDefault());
@@ -91,6 +93,7 @@ TEST(HttpAuthTest, ChooseBestChallenge) {
                                   headers.get(),
                                   HttpAuth::AUTH_SERVER,
                                   origin,
+                                  disabled_schemes,
                                   BoundNetLog(),
                                   &handler);
 
@@ -129,6 +132,7 @@ TEST(HttpAuthTest, ChooseBestChallengeConnectionBasedNTLM) {
     }
   };
   GURL origin("http://www.example.com");
+  std::set<std::string> disabled_schemes;
 
   scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory(
       HttpAuthHandlerFactory::CreateDefault());
@@ -152,6 +156,7 @@ TEST(HttpAuthTest, ChooseBestChallengeConnectionBasedNTLM) {
                                   headers.get(),
                                   HttpAuth::AUTH_SERVER,
                                   origin,
+                                  disabled_schemes,
                                   BoundNetLog(),
                                   &handler);
     EXPECT_TRUE(handler != NULL);
@@ -189,6 +194,7 @@ TEST(HttpAuthTest, ChooseBestChallengeConnectionBasedNegotiate) {
     }
   };
   GURL origin("http://www.example.com");
+  std::set<std::string> disabled_schemes;
   URLSecurityManagerAllow url_security_manager;
   scoped_ptr<HttpAuthHandlerRegistryFactory> http_auth_handler_factory(
       HttpAuthHandlerFactory::CreateDefault());
@@ -211,6 +217,7 @@ TEST(HttpAuthTest, ChooseBestChallengeConnectionBasedNegotiate) {
                                   headers.get(),
                                   HttpAuth::AUTH_SERVER,
                                   origin,
+                                  disabled_schemes,
                                   BoundNetLog(),
                                   &handler);
 
-- 
cgit v1.1