mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 03:15:11 +00:00
Bug 472529, websockets (netwerk patch), r=smaug+biesi
--HG-- rename : netwerk/protocol/http/nsHttpChannel.cpp => netwerk/protocol/http/nsHttpChannelAuthProvider.cpp rename : netwerk/protocol/http/nsHttpChannel.h => netwerk/protocol/http/nsHttpChannelAuthProvider.h extra : rebase_source : 4f75d33eb4fc7cdaa1f011f176ef4434bbfe2c25
This commit is contained in:
parent
af2d03d1ec
commit
78db44644f
@ -54,7 +54,7 @@
|
||||
#include "nsAuth.h"
|
||||
#include "nsHttpNegotiateAuth.h"
|
||||
|
||||
#include "nsIHttpChannel.h"
|
||||
#include "nsIHttpAuthenticableChannel.h"
|
||||
#include "nsIProxiedChannel.h"
|
||||
#include "nsIAuthModule.h"
|
||||
#include "nsIServiceManager.h"
|
||||
@ -107,7 +107,7 @@ nsHttpNegotiateAuth::GetAuthFlags(PRUint32 *flags)
|
||||
// there is no correct way to get the users credentials.
|
||||
//
|
||||
NS_IMETHODIMP
|
||||
nsHttpNegotiateAuth::ChallengeReceived(nsIHttpChannel *httpChannel,
|
||||
nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel *authChannel,
|
||||
const char *challenge,
|
||||
PRBool isProxyAuth,
|
||||
nsISupports **sessionState,
|
||||
@ -123,7 +123,7 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpChannel *httpChannel,
|
||||
nsresult rv;
|
||||
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
rv = httpChannel->GetURI(getter_AddRefs(uri));
|
||||
rv = authChannel->GetURI(getter_AddRefs(uri));
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
@ -136,12 +136,8 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpChannel *httpChannel,
|
||||
return NS_ERROR_ABORT;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIProxiedChannel> proxied =
|
||||
do_QueryInterface(httpChannel);
|
||||
NS_ENSURE_STATE(proxied);
|
||||
|
||||
nsCOMPtr<nsIProxyInfo> proxyInfo;
|
||||
proxied->GetProxyInfo(getter_AddRefs(proxyInfo));
|
||||
authChannel->GetProxyInfo(getter_AddRefs(proxyInfo));
|
||||
NS_ENSURE_STATE(proxyInfo);
|
||||
|
||||
proxyInfo->GetHost(service);
|
||||
@ -213,7 +209,7 @@ NS_IMPL_ISUPPORTS1(nsHttpNegotiateAuth, nsIHttpAuthenticator)
|
||||
// blob to pass to the server that requested "Negotiate" authentication.
|
||||
//
|
||||
NS_IMETHODIMP
|
||||
nsHttpNegotiateAuth::GenerateCredentials(nsIHttpChannel *httpChannel,
|
||||
nsHttpNegotiateAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChannel,
|
||||
const char *challenge,
|
||||
PRBool isProxyAuth,
|
||||
const PRUnichar *domain,
|
||||
|
@ -52,7 +52,7 @@ interface nsIURI;
|
||||
*
|
||||
* @status UNDER_REVIEW
|
||||
*/
|
||||
[scriptable, uuid(e38ab577-786e-4a7f-936b-7ae4c7d877b2)]
|
||||
[scriptable, uuid(d7ec6237-162e-40f5-a2b4-46ccd5fa83c9)]
|
||||
interface nsIProtocolProxyService : nsISupports
|
||||
{
|
||||
/**
|
||||
@ -71,6 +71,39 @@ interface nsIProtocolProxyService : nsISupports
|
||||
*/
|
||||
const unsigned long RESOLVE_NON_BLOCKING = 1 << 0;
|
||||
|
||||
/**
|
||||
* When the proxy configuration is manual this flag may be passed to the
|
||||
* resolve and asyncResolve methods to request to prefer the SOCKS proxy
|
||||
* to HTTP ones.
|
||||
*/
|
||||
const unsigned long RESOLVE_PREFER_SOCKS_PROXY = 1 << 1;
|
||||
|
||||
/**
|
||||
* When the proxy configuration is manual this flag may be passed to the
|
||||
* resolve and asyncResolve methods to request to not analyze the uri's
|
||||
* scheme specific proxy. When this flag is set the main HTTP proxy is the
|
||||
* preferred one.
|
||||
*
|
||||
* NOTE: if RESOLVE_PREFER_SOCKS_PROXY is set then the SOCKS proxy is
|
||||
* the preferred one.
|
||||
*
|
||||
* NOTE: if RESOLVE_PREFER_HTTPS_PROXY is set then the HTTPS proxy
|
||||
* is the preferred one.
|
||||
*/
|
||||
const unsigned long RESOLVE_IGNORE_URI_SCHEME = 1 << 2;
|
||||
|
||||
/**
|
||||
* When the proxy configuration is manual this flag may be passed to the
|
||||
* resolve and asyncResolve methods to request to prefer the HTTPS proxy
|
||||
* to the others HTTP ones.
|
||||
*
|
||||
* NOTE: RESOLVE_PREFER_SOCKS_PROXY takes precedence over this flag.
|
||||
*
|
||||
* NOTE: This flag implies RESOLVE_IGNORE_URI_SCHEME.
|
||||
*/
|
||||
const unsigned long RESOLVE_PREFER_HTTPS_PROXY =
|
||||
(1 << 3) | RESOLVE_IGNORE_URI_SCHEME;
|
||||
|
||||
/**
|
||||
* This method returns a nsIProxyInfo instance that identifies a proxy to
|
||||
* be used for loading the given URI. Otherwise, this method returns null
|
||||
@ -228,4 +261,19 @@ interface nsIProtocolProxyService : nsISupports
|
||||
* The nsIProtocolProxyFilter instance to be unregistered.
|
||||
*/
|
||||
void unregisterFilter(in nsIProtocolProxyFilter aFilter);
|
||||
|
||||
/**
|
||||
* These values correspond to the possible integer values for the
|
||||
* network.proxy.type preference.
|
||||
*/
|
||||
const unsigned long PROXYCONFIG_DIRECT = 0;
|
||||
const unsigned long PROXYCONFIG_MANUAL = 1;
|
||||
const unsigned long PROXYCONFIG_PAC = 2;
|
||||
const unsigned long PROXYCONFIG_WPAD = 4;
|
||||
const unsigned long PROXYCONFIG_SYSTEM = 5;
|
||||
|
||||
/**
|
||||
* This attribute specifies the current type of proxy configuration.
|
||||
*/
|
||||
readonly attribute unsigned long proxyConfigType;
|
||||
};
|
||||
|
@ -286,6 +286,9 @@ proxy_GetBoolPref(nsIPrefBranch *aPrefBranch,
|
||||
|
||||
//----------------------------------------------------------------------------
|
||||
|
||||
static const PRInt32 PROXYCONFIG_DIRECT4X = 3;
|
||||
static const PRInt32 PROXYCONFIG_COUNT = 6;
|
||||
|
||||
NS_IMPL_ADDREF(nsProtocolProxyService)
|
||||
NS_IMPL_RELEASE(nsProtocolProxyService)
|
||||
NS_IMPL_QUERY_INTERFACE3_CI(nsProtocolProxyService,
|
||||
@ -298,7 +301,7 @@ NS_IMPL_CI_INTERFACE_GETTER2(nsProtocolProxyService,
|
||||
|
||||
nsProtocolProxyService::nsProtocolProxyService()
|
||||
: mFilters(nsnull)
|
||||
, mProxyConfig(eProxyConfig_Direct)
|
||||
, mProxyConfig(PROXYCONFIG_DIRECT)
|
||||
, mHTTPProxyPort(-1)
|
||||
, mFTPProxyPort(-1)
|
||||
, mHTTPSProxyPort(-1)
|
||||
@ -386,26 +389,26 @@ nsProtocolProxyService::PrefsChanged(nsIPrefBranch *prefBranch,
|
||||
rv = prefBranch->GetIntPref(PROXY_PREF("type"), &type);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
// bug 115720 - for ns4.x backwards compatability
|
||||
if (type == eProxyConfig_Direct4x) {
|
||||
type = eProxyConfig_Direct;
|
||||
if (type == PROXYCONFIG_DIRECT4X) {
|
||||
type = PROXYCONFIG_DIRECT;
|
||||
// Reset the type so that the dialog looks correct, and we
|
||||
// don't have to handle this case everywhere else
|
||||
// I'm paranoid about a loop of some sort - only do this
|
||||
// if we're enumerating all prefs, and ignore any error
|
||||
if (!pref)
|
||||
prefBranch->SetIntPref(PROXY_PREF("type"), type);
|
||||
} else if (type >= eProxyConfig_Last) {
|
||||
} else if (type >= PROXYCONFIG_COUNT) {
|
||||
LOG(("unknown proxy type: %lu; assuming direct\n", type));
|
||||
type = eProxyConfig_Direct;
|
||||
type = PROXYCONFIG_DIRECT;
|
||||
}
|
||||
mProxyConfig = static_cast<ProxyConfig>(type);
|
||||
mProxyConfig = type;
|
||||
reloadPAC = PR_TRUE;
|
||||
}
|
||||
|
||||
if (mProxyConfig == eProxyConfig_System) {
|
||||
if (mProxyConfig == PROXYCONFIG_SYSTEM) {
|
||||
mSystemProxySettings = do_GetService(NS_SYSTEMPROXYSETTINGS_CONTRACTID);
|
||||
if (!mSystemProxySettings)
|
||||
mProxyConfig = eProxyConfig_Direct;
|
||||
mProxyConfig = PROXYCONFIG_DIRECT;
|
||||
} else {
|
||||
mSystemProxySettings = nsnull;
|
||||
}
|
||||
@ -462,8 +465,8 @@ nsProtocolProxyService::PrefsChanged(nsIPrefBranch *prefBranch,
|
||||
|
||||
// We're done if not using something that could give us a PAC URL
|
||||
// (PAC, WPAD or System)
|
||||
if (mProxyConfig != eProxyConfig_PAC && mProxyConfig != eProxyConfig_WPAD &&
|
||||
mProxyConfig != eProxyConfig_System)
|
||||
if (mProxyConfig != PROXYCONFIG_PAC && mProxyConfig != PROXYCONFIG_WPAD &&
|
||||
mProxyConfig != PROXYCONFIG_SYSTEM)
|
||||
return;
|
||||
|
||||
// OK, we need to reload the PAC file if:
|
||||
@ -475,10 +478,10 @@ nsProtocolProxyService::PrefsChanged(nsIPrefBranch *prefBranch,
|
||||
|
||||
if (reloadPAC) {
|
||||
tempString.Truncate();
|
||||
if (mProxyConfig == eProxyConfig_PAC) {
|
||||
if (mProxyConfig == PROXYCONFIG_PAC) {
|
||||
prefBranch->GetCharPref(PROXY_PREF("autoconfig_url"),
|
||||
getter_Copies(tempString));
|
||||
} else if (mProxyConfig == eProxyConfig_WPAD) {
|
||||
} else if (mProxyConfig == PROXYCONFIG_WPAD) {
|
||||
// We diverge from the WPAD spec here in that we don't walk the
|
||||
// hosts's FQDN, stripping components until we hit a TLD. Doing so
|
||||
// is dangerous in the face of an incomplete list of TLDs, and TLDs
|
||||
@ -814,9 +817,9 @@ nsProtocolProxyService::ReloadPAC()
|
||||
return NS_OK;
|
||||
|
||||
nsXPIDLCString pacSpec;
|
||||
if (type == eProxyConfig_PAC)
|
||||
if (type == PROXYCONFIG_PAC)
|
||||
prefs->GetCharPref(PROXY_PREF("autoconfig_url"), getter_Copies(pacSpec));
|
||||
else if (type == eProxyConfig_WPAD)
|
||||
else if (type == PROXYCONFIG_WPAD)
|
||||
pacSpec.AssignLiteral(WPAD_URL);
|
||||
|
||||
if (!pacSpec.IsEmpty())
|
||||
@ -835,7 +838,7 @@ nsProtocolProxyService::Resolve(nsIURI *uri, PRUint32 flags,
|
||||
return rv;
|
||||
|
||||
PRBool usePAC;
|
||||
rv = Resolve_Internal(uri, info, &usePAC, result);
|
||||
rv = Resolve_Internal(uri, info, flags, &usePAC, result);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
@ -884,7 +887,7 @@ nsProtocolProxyService::AsyncResolve(nsIURI *uri, PRUint32 flags,
|
||||
|
||||
PRBool usePAC;
|
||||
nsCOMPtr<nsIProxyInfo> pi;
|
||||
rv = Resolve_Internal(uri, info, &usePAC, getter_AddRefs(pi));
|
||||
rv = Resolve_Internal(uri, info, flags, &usePAC, getter_AddRefs(pi));
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
@ -946,8 +949,8 @@ nsProtocolProxyService::GetFailoverForProxy(nsIProxyInfo *aProxy,
|
||||
{
|
||||
// We only support failover when a PAC file is configured, either
|
||||
// directly or via system settings
|
||||
if (mProxyConfig != eProxyConfig_PAC && mProxyConfig != eProxyConfig_WPAD &&
|
||||
mProxyConfig != eProxyConfig_System)
|
||||
if (mProxyConfig != PROXYCONFIG_PAC && mProxyConfig != PROXYCONFIG_WPAD &&
|
||||
mProxyConfig != PROXYCONFIG_SYSTEM)
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
|
||||
// Verify that |aProxy| is one of our nsProxyInfo objects.
|
||||
@ -1033,6 +1036,14 @@ nsProtocolProxyService::UnregisterFilter(nsIProtocolProxyFilter *filter)
|
||||
// No need to throw an exception in this case.
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsProtocolProxyService::GetProxyConfigType(PRUint32* aProxyConfigType)
|
||||
{
|
||||
*aProxyConfigType = mProxyConfig;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void
|
||||
nsProtocolProxyService::LoadHostFilters(const char *filters)
|
||||
{
|
||||
@ -1220,6 +1231,7 @@ nsProtocolProxyService::NewProxyInfo_Internal(const char *aType,
|
||||
nsresult
|
||||
nsProtocolProxyService::Resolve_Internal(nsIURI *uri,
|
||||
const nsProtocolInfo &info,
|
||||
PRUint32 flags,
|
||||
PRBool *usePAC,
|
||||
nsIProxyInfo **result)
|
||||
{
|
||||
@ -1254,14 +1266,14 @@ nsProtocolProxyService::Resolve_Internal(nsIURI *uri,
|
||||
|
||||
// if proxies are enabled and this host:port combo is supposed to use a
|
||||
// proxy, check for a proxy.
|
||||
if (mProxyConfig == eProxyConfig_Direct ||
|
||||
(mProxyConfig == eProxyConfig_Manual &&
|
||||
if (mProxyConfig == PROXYCONFIG_DIRECT ||
|
||||
(mProxyConfig == PROXYCONFIG_MANUAL &&
|
||||
!CanUseProxy(uri, info.defaultPort)))
|
||||
return NS_OK;
|
||||
|
||||
// Proxy auto config magic...
|
||||
if (mProxyConfig == eProxyConfig_PAC || mProxyConfig == eProxyConfig_WPAD ||
|
||||
mProxyConfig == eProxyConfig_System) {
|
||||
if (mProxyConfig == PROXYCONFIG_PAC || mProxyConfig == PROXYCONFIG_WPAD ||
|
||||
mProxyConfig == PROXYCONFIG_SYSTEM) {
|
||||
// Do not query PAC now.
|
||||
*usePAC = PR_TRUE;
|
||||
return NS_OK;
|
||||
@ -1274,19 +1286,39 @@ nsProtocolProxyService::Resolve_Internal(nsIURI *uri,
|
||||
|
||||
PRUint32 proxyFlags = 0;
|
||||
|
||||
if (!mHTTPProxyHost.IsEmpty() && mHTTPProxyPort > 0 &&
|
||||
info.scheme.EqualsLiteral("http")) {
|
||||
if ((flags & RESOLVE_PREFER_SOCKS_PROXY) &&
|
||||
!mSOCKSProxyHost.IsEmpty() && mSOCKSProxyPort > 0) {
|
||||
host = &mSOCKSProxyHost;
|
||||
if (mSOCKSProxyVersion == 4)
|
||||
type = kProxyType_SOCKS4;
|
||||
else
|
||||
type = kProxyType_SOCKS;
|
||||
port = mSOCKSProxyPort;
|
||||
if (mSOCKSProxyRemoteDNS)
|
||||
proxyFlags |= nsIProxyInfo::TRANSPARENT_PROXY_RESOLVES_HOST;
|
||||
}
|
||||
else if ((flags & RESOLVE_PREFER_HTTPS_PROXY) &&
|
||||
!mHTTPSProxyHost.IsEmpty() && mHTTPSProxyPort > 0) {
|
||||
host = &mHTTPSProxyHost;
|
||||
type = kProxyType_HTTP;
|
||||
port = mHTTPSProxyPort;
|
||||
}
|
||||
else if (!mHTTPProxyHost.IsEmpty() && mHTTPProxyPort > 0 &&
|
||||
((flags & RESOLVE_IGNORE_URI_SCHEME) ||
|
||||
info.scheme.EqualsLiteral("http"))) {
|
||||
host = &mHTTPProxyHost;
|
||||
type = kProxyType_HTTP;
|
||||
port = mHTTPProxyPort;
|
||||
}
|
||||
else if (!mHTTPSProxyHost.IsEmpty() && mHTTPSProxyPort > 0 &&
|
||||
!(flags & RESOLVE_IGNORE_URI_SCHEME) &&
|
||||
info.scheme.EqualsLiteral("https")) {
|
||||
host = &mHTTPSProxyHost;
|
||||
type = kProxyType_HTTP;
|
||||
port = mHTTPSProxyPort;
|
||||
}
|
||||
else if (!mFTPProxyHost.IsEmpty() && mFTPProxyPort > 0 &&
|
||||
!(flags & RESOLVE_IGNORE_URI_SCHEME) &&
|
||||
info.scheme.EqualsLiteral("ftp")) {
|
||||
host = &mFTPProxyHost;
|
||||
type = kProxyType_HTTP;
|
||||
|
@ -220,6 +220,8 @@ protected:
|
||||
* The URI to test.
|
||||
* @param info
|
||||
* Information about the URI's protocol.
|
||||
* @param flags
|
||||
* The flags passed to either the resolve or the asyncResolve method.
|
||||
* @param usePAC
|
||||
* If this flag is set upon return, then PAC should be queried to
|
||||
* resolve the proxy info.
|
||||
@ -228,6 +230,7 @@ protected:
|
||||
*/
|
||||
NS_HIDDEN_(nsresult) Resolve_Internal(nsIURI *uri,
|
||||
const nsProtocolInfo &info,
|
||||
PRUint32 flags,
|
||||
PRBool *usePAC,
|
||||
nsIProxyInfo **result);
|
||||
|
||||
@ -306,17 +309,6 @@ public:
|
||||
PRUint32 host_len;
|
||||
};
|
||||
|
||||
// These values correspond to the integer network.proxy.type preference
|
||||
enum ProxyConfig {
|
||||
eProxyConfig_Direct,
|
||||
eProxyConfig_Manual,
|
||||
eProxyConfig_PAC,
|
||||
eProxyConfig_Direct4x,
|
||||
eProxyConfig_WPAD,
|
||||
eProxyConfig_System, // use system proxy settings if available, otherwise DIRECT
|
||||
eProxyConfig_Last
|
||||
};
|
||||
|
||||
protected:
|
||||
|
||||
// simplified array of filters defined by this struct
|
||||
@ -357,7 +349,7 @@ protected:
|
||||
// of FilterLink objects.
|
||||
FilterLink *mFilters;
|
||||
|
||||
ProxyConfig mProxyConfig;
|
||||
PRUint32 mProxyConfig;
|
||||
|
||||
nsCString mHTTPProxyHost;
|
||||
PRInt32 mHTTPProxyPort;
|
||||
|
@ -556,6 +556,18 @@
|
||||
{0x9f, 0xd4, 0xe0, 0x65, 0xe8, 0x55, 0x68, 0xf4} \
|
||||
}
|
||||
|
||||
#define NS_HTTPCHANNELAUTHPROVIDER_CLASSNAME \
|
||||
"nsHttpChannelAuthProvider"
|
||||
#define NS_HTTPCHANNELAUTHPROVIDER_CONTRACTID \
|
||||
"@mozilla.org/network/http-channel-auth-provider;1"
|
||||
#define NS_HTTPCHANNELAUTHPROVIDER_CID \
|
||||
{ /* 02f5a8d8-4ef3-48b1-b527-8a643056abbd */ \
|
||||
0x02f5a8d8, \
|
||||
0x4ef3, \
|
||||
0x48b1, \
|
||||
{0xb5, 0x27, 0x8a, 0x64, 0x30, 0x56, 0xab, 0xbd} \
|
||||
}
|
||||
|
||||
#define NS_HTTPACTIVITYDISTRIBUTOR_CLASSNAME \
|
||||
"nsHttpActivityDistributor"
|
||||
#define NS_HTTPACTIVITYDISTRIBUTOR_CONTRACTID \
|
||||
|
@ -228,6 +228,7 @@ NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsFtpProtocolHandler, Init)
|
||||
#undef LOG
|
||||
#undef LOG_ENABLED
|
||||
#include "nsHttpAuthManager.h"
|
||||
#include "nsHttpChannelAuthProvider.h"
|
||||
#include "nsHttpBasicAuth.h"
|
||||
#include "nsHttpDigestAuth.h"
|
||||
#include "nsHttpNTLMAuth.h"
|
||||
@ -238,6 +239,7 @@ NS_GENERIC_FACTORY_CONSTRUCTOR(nsHttpNTLMAuth)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsHttpHandler, Init)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsHttpsHandler, Init)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsHttpAuthManager, Init)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsHttpChannelAuthProvider)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsHttpActivityDistributor, Init)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsHttpBasicAuth)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsHttpDigestAuth)
|
||||
@ -976,6 +978,11 @@ static const nsModuleComponentInfo gNetModuleInfo[] = {
|
||||
NS_HTTPAUTHMANAGER_CONTRACTID,
|
||||
nsHttpAuthManagerConstructor },
|
||||
|
||||
{ NS_HTTPCHANNELAUTHPROVIDER_CLASSNAME,
|
||||
NS_HTTPCHANNELAUTHPROVIDER_CID,
|
||||
NS_HTTPCHANNELAUTHPROVIDER_CONTRACTID,
|
||||
nsHttpChannelAuthProviderConstructor },
|
||||
|
||||
{ NS_HTTPACTIVITYDISTRIBUTOR_CLASSNAME,
|
||||
NS_HTTPACTIVITYDISTRIBUTOR_CID,
|
||||
NS_HTTPACTIVITYDISTRIBUTOR_CONTRACTID,
|
||||
|
@ -51,7 +51,7 @@
|
||||
#include "nsNetCID.h"
|
||||
#include "nsNetError.h"
|
||||
#include "nsDNSPrefetch.h"
|
||||
#include "nsProtocolProxyService.h"
|
||||
#include "nsIProtocolProxyService.h"
|
||||
#include "prsystem.h"
|
||||
#include "prnetdb.h"
|
||||
#include "prmon.h"
|
||||
@ -333,7 +333,7 @@ nsDNSService::Init()
|
||||
PRBool enableIDN = PR_TRUE;
|
||||
PRBool disableIPv6 = PR_FALSE;
|
||||
PRBool disablePrefetch = PR_FALSE;
|
||||
int proxyType = nsProtocolProxyService::eProxyConfig_Direct;
|
||||
int proxyType = nsIProtocolProxyService::PROXYCONFIG_DIRECT;
|
||||
|
||||
nsAdoptingCString ipv4OnlyDomains;
|
||||
|
||||
@ -395,7 +395,7 @@ nsDNSService::Init()
|
||||
mDisableIPv6 = disableIPv6;
|
||||
|
||||
// Disable prefetching either by explicit preference or if a manual proxy is configured
|
||||
mDisablePrefetch = disablePrefetch || (proxyType == nsProtocolProxyService::eProxyConfig_Manual);
|
||||
mDisablePrefetch = disablePrefetch || (proxyType == nsIProtocolProxyService::PROXYCONFIG_MANUAL);
|
||||
}
|
||||
|
||||
nsDNSPrefetch::Initialize(this);
|
||||
|
@ -63,6 +63,8 @@ XPIDLSRCS = \
|
||||
nsIHttpChannelInternal.idl \
|
||||
nsIHttpEventSink.idl \
|
||||
nsIHttpProtocolHandler.idl \
|
||||
nsIHttpChannelAuthProvider.idl \
|
||||
nsIHttpAuthenticableChannel.idl \
|
||||
$(NULL)
|
||||
|
||||
CPPSRCS = \
|
||||
@ -84,6 +86,7 @@ CPPSRCS = \
|
||||
nsHttpChannel.cpp \
|
||||
nsHttpPipeline.cpp \
|
||||
nsHttpActivityDistributor.cpp \
|
||||
nsHttpChannelAuthProvider.cpp \
|
||||
$(NULL)
|
||||
|
||||
LOCAL_INCLUDES = \
|
||||
|
@ -70,7 +70,7 @@ NS_IMPL_ISUPPORTS1(nsHttpBasicAuth, nsIHttpAuthenticator)
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsHttpBasicAuth::ChallengeReceived(nsIHttpChannel *httpChannel,
|
||||
nsHttpBasicAuth::ChallengeReceived(nsIHttpAuthenticableChannel *authChannel,
|
||||
const char *challenge,
|
||||
PRBool isProxyAuth,
|
||||
nsISupports **sessionState,
|
||||
@ -84,7 +84,7 @@ nsHttpBasicAuth::ChallengeReceived(nsIHttpChannel *httpChannel,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsHttpBasicAuth::GenerateCredentials(nsIHttpChannel *httpChannel,
|
||||
nsHttpBasicAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChannel,
|
||||
const char *challenge,
|
||||
PRBool isProxyAuth,
|
||||
const PRUnichar *domain,
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -43,7 +43,6 @@
|
||||
|
||||
#include "nsHttpTransaction.h"
|
||||
#include "nsHttpRequestHead.h"
|
||||
#include "nsHttpAuthCache.h"
|
||||
#include "nsHashPropertyBag.h"
|
||||
#include "nsInputStreamPump.h"
|
||||
#include "nsThreadUtils.h"
|
||||
@ -83,13 +82,12 @@
|
||||
#include "nsISupportsPriority.h"
|
||||
#include "nsIProtocolProxyCallback.h"
|
||||
#include "nsICancelable.h"
|
||||
#include "nsIProxiedChannel.h"
|
||||
#include "nsIHttpAuthenticableChannel.h"
|
||||
#include "nsITraceableChannel.h"
|
||||
#include "nsIAuthPromptCallback.h"
|
||||
#include "nsIHttpChannelAuthProvider.h"
|
||||
|
||||
class nsHttpResponseHead;
|
||||
class nsAHttpConnection;
|
||||
class nsIHttpAuthenticator;
|
||||
class nsProxyInfo;
|
||||
|
||||
//-----------------------------------------------------------------------------
|
||||
@ -109,10 +107,9 @@ class nsHttpChannel : public nsHashPropertyBag
|
||||
, public nsIResumableChannel
|
||||
, public nsISupportsPriority
|
||||
, public nsIProtocolProxyCallback
|
||||
, public nsIProxiedChannel
|
||||
, public nsIHttpAuthenticableChannel
|
||||
, public nsITraceableChannel
|
||||
, public nsIApplicationCacheChannel
|
||||
, public nsIAuthPromptCallback
|
||||
{
|
||||
public:
|
||||
NS_DECL_ISUPPORTS_INHERITED
|
||||
@ -135,7 +132,19 @@ public:
|
||||
NS_DECL_NSITRACEABLECHANNEL
|
||||
NS_DECL_NSIAPPLICATIONCACHECONTAINER
|
||||
NS_DECL_NSIAPPLICATIONCACHECHANNEL
|
||||
NS_DECL_NSIAUTHPROMPTCALLBACK
|
||||
|
||||
// nsIHttpAuthenticableChannel. We can't use
|
||||
// NS_DECL_NSIHTTPAUTHENTICABLECHANNEL because it duplicates cancel() and
|
||||
// others.
|
||||
NS_IMETHOD GetIsSSL(PRBool *aIsSSL);
|
||||
NS_IMETHOD GetProxyMethodIsConnect(PRBool *aProxyMethodIsConnect);
|
||||
NS_IMETHOD GetServerResponseHeader(nsACString & aServerResponseHeader);
|
||||
NS_IMETHOD GetProxyChallenges(nsACString & aChallenges);
|
||||
NS_IMETHOD GetWWWChallenges(nsACString & aChallenges);
|
||||
NS_IMETHOD SetProxyCredentials(const nsACString & aCredentials);
|
||||
NS_IMETHOD SetWWWCredentials(const nsACString & aCredentials);
|
||||
NS_IMETHOD OnAuthAvailable();
|
||||
NS_IMETHOD OnAuthCancelled(PRBool userCancel);
|
||||
|
||||
nsHttpChannel();
|
||||
virtual ~nsHttpChannel();
|
||||
@ -180,7 +189,6 @@ private:
|
||||
nsresult ProcessRedirection(PRUint32 httpStatus);
|
||||
PRBool ShouldSSLProxyResponseContinue(PRUint32 httpStatus);
|
||||
nsresult ProcessFailedSSLConnect(PRUint32 httpStatus);
|
||||
nsresult ProcessAuthentication(PRUint32 httpStatus);
|
||||
nsresult ProcessFallback(PRBool *fallingBack);
|
||||
PRBool ResponseWouldVary();
|
||||
|
||||
@ -226,41 +234,8 @@ private:
|
||||
nsresult ProcessPartialContent();
|
||||
nsresult OnDoneReadingPartialCacheEntry(PRBool *streamDone);
|
||||
|
||||
// auth specific methods
|
||||
nsresult PrepareForAuthentication(PRBool proxyAuth);
|
||||
nsresult GenCredsAndSetEntry(nsIHttpAuthenticator *, PRBool proxyAuth, const char *scheme, const char *host, PRInt32 port, const char *dir, const char *realm, const char *challenge, const nsHttpAuthIdentity &ident, nsCOMPtr<nsISupports> &session, char **result);
|
||||
nsresult GetAuthenticator(const char *challenge, nsCString &scheme, nsIHttpAuthenticator **auth);
|
||||
void ParseRealm(const char *challenge, nsACString &realm);
|
||||
void GetIdentityFromURI(PRUint32 authFlags, nsHttpAuthIdentity&);
|
||||
/**
|
||||
* Following three methods return NS_ERROR_IN_PROGRESS when
|
||||
* nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates
|
||||
* the user's decision will be gathered in a callback and is not an actual
|
||||
* error.
|
||||
*/
|
||||
nsresult GetCredentials(const char *challenges, PRBool proxyAuth, nsAFlatCString &creds);
|
||||
nsresult GetCredentialsForChallenge(const char *challenge, const char *scheme, PRBool proxyAuth, nsIHttpAuthenticator *auth, nsAFlatCString &creds);
|
||||
nsresult PromptForIdentity(PRUint32 level, PRBool proxyAuth, const char *realm, const char *authType, PRUint32 authFlags, nsHttpAuthIdentity &);
|
||||
|
||||
PRBool ConfirmAuth(const nsString &bundleKey, PRBool doYesNoPrompt);
|
||||
void CheckForSuperfluousAuth();
|
||||
void SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header, const char *scheme, const char *host, PRInt32 port, const char *path, nsHttpAuthIdentity &ident);
|
||||
void AddAuthorizationHeaders();
|
||||
nsresult GetCurrentPath(nsACString &);
|
||||
/**
|
||||
* Return all information needed to build authorization information,
|
||||
* all paramters except proxyAuth are out parameters. proxyAuth specifies
|
||||
* with what authorization we work (WWW or proxy).
|
||||
*/
|
||||
nsresult GetAuthorizationMembers(PRBool proxyAuth, nsCSubstring& scheme, const char*& host, PRInt32& port, nsCSubstring& path, nsHttpAuthIdentity*& ident, nsISupports**& continuationState);
|
||||
nsresult DoAuthRetry(nsAHttpConnection *);
|
||||
PRBool MustValidateBasedOnQueryUrl();
|
||||
/**
|
||||
* Method called to resume suspended transaction after we got credentials
|
||||
* from the user. Called from OnAuthAvailable callback or OnAuthCancelled
|
||||
* when credentials for next challenge were obtained synchronously.
|
||||
*/
|
||||
nsresult ContinueOnAuthAvailable(const nsCSubstring& creds);
|
||||
|
||||
private:
|
||||
nsCOMPtr<nsIURI> mOriginalURI;
|
||||
@ -311,25 +286,7 @@ private:
|
||||
nsCOMPtr<nsIApplicationCache> mApplicationCache;
|
||||
|
||||
// auth specific data
|
||||
nsISupports *mProxyAuthContinuationState;
|
||||
nsCString mProxyAuthType;
|
||||
nsISupports *mAuthContinuationState;
|
||||
nsCString mAuthType;
|
||||
nsHttpAuthIdentity mIdent;
|
||||
nsHttpAuthIdentity mProxyIdent;
|
||||
|
||||
// Reference to the prompt wating in prompt queue. The channel is
|
||||
// responsible to call its cancel method when user in any way cancels
|
||||
// this request.
|
||||
nsCOMPtr<nsICancelable> mAsyncPromptAuthCancelable;
|
||||
// Saved in GetCredentials when prompt is asynchronous, the first challenge
|
||||
// we obtained from the server with 401/407 response, will be processed in
|
||||
// OnAuthAvailable callback.
|
||||
nsCString mCurrentChallenge;
|
||||
// Saved in GetCredentials when prompt is asynchronous, remaning challenges
|
||||
// we have to process when user cancels the auth dialog for the current
|
||||
// challenge.
|
||||
nsCString mRemainingChallenges;
|
||||
nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider;
|
||||
|
||||
// Resumable channel specific data
|
||||
nsCString mEntityID;
|
||||
@ -367,12 +324,6 @@ private:
|
||||
PRUint32 mTransactionReplaced : 1;
|
||||
PRUint32 mUploadStreamHasHeaders : 1;
|
||||
PRUint32 mAuthRetryPending : 1;
|
||||
// True when we need to authenticate to proxy, i.e. when we get 407
|
||||
// response. Used in OnAuthAvailable and OnAuthCancelled callbacks.
|
||||
PRUint32 mProxyAuth : 1;
|
||||
PRUint32 mTriedProxyAuth : 1;
|
||||
PRUint32 mTriedHostAuth : 1;
|
||||
PRUint32 mSuppressDefensiveAuth : 1;
|
||||
PRUint32 mResuming : 1;
|
||||
PRUint32 mInitedCacheEntry : 1;
|
||||
PRUint32 mCacheForOfflineUse : 1;
|
||||
|
1308
netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
Normal file
1308
netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
Normal file
File diff suppressed because it is too large
Load Diff
169
netwerk/protocol/http/nsHttpChannelAuthProvider.h
Normal file
169
netwerk/protocol/http/nsHttpChannelAuthProvider.h
Normal file
@ -0,0 +1,169 @@
|
||||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* vim:set et cin ts=4 sw=4 sts=4: */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is Mozilla.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2001
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Darin Fisher <darin@netscape.com> (original author)
|
||||
* Christian Biesinger <cbiesinger@web.de>
|
||||
* Wellington Fernando de Macedo <wfernandom2004@gmail.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifndef nsHttpChannelAuthProvider_h__
|
||||
#define nsHttpChannelAuthProvider_h__
|
||||
|
||||
#include "nsIHttpChannelAuthProvider.h"
|
||||
#include "nsIAuthPromptCallback.h"
|
||||
#include "nsString.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsIHttpAuthenticableChannel.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsHttpAuthCache.h"
|
||||
#include "nsProxyInfo.h"
|
||||
|
||||
class nsIHttpAuthenticator;
|
||||
|
||||
class nsHttpChannelAuthProvider : public nsIHttpChannelAuthProvider
|
||||
, public nsIAuthPromptCallback
|
||||
{
|
||||
public:
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSICANCELABLE
|
||||
NS_DECL_NSIHTTPCHANNELAUTHPROVIDER
|
||||
NS_DECL_NSIAUTHPROMPTCALLBACK
|
||||
|
||||
nsHttpChannelAuthProvider();
|
||||
virtual ~nsHttpChannelAuthProvider();
|
||||
|
||||
private:
|
||||
const char *ProxyHost() const
|
||||
{ return mProxyInfo ? mProxyInfo->Host().get() : nsnull; }
|
||||
|
||||
PRInt32 ProxyPort() const
|
||||
{ return mProxyInfo ? mProxyInfo->Port() : -1; }
|
||||
|
||||
const char *Host() const { return mHost.get(); }
|
||||
PRInt32 Port() const { return mPort; }
|
||||
PRBool UsingSSL() const { return mUsingSSL; }
|
||||
|
||||
PRBool UsingHttpProxy() const
|
||||
{ return !!(mProxyInfo && !nsCRT::strcmp(mProxyInfo->Type(), "http")); }
|
||||
|
||||
nsresult PrepareForAuthentication(PRBool proxyAuth);
|
||||
nsresult GenCredsAndSetEntry(nsIHttpAuthenticator *, PRBool proxyAuth,
|
||||
const char *scheme, const char *host,
|
||||
PRInt32 port, const char *dir,
|
||||
const char *realm, const char *challenge,
|
||||
const nsHttpAuthIdentity &ident,
|
||||
nsCOMPtr<nsISupports> &session, char **result);
|
||||
nsresult GetAuthenticator(const char *challenge, nsCString &scheme,
|
||||
nsIHttpAuthenticator **auth);
|
||||
void ParseRealm(const char *challenge, nsACString &realm);
|
||||
void GetIdentityFromURI(PRUint32 authFlags, nsHttpAuthIdentity&);
|
||||
/**
|
||||
* Following three methods return NS_ERROR_IN_PROGRESS when
|
||||
* nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates
|
||||
* the user's decision will be gathered in a callback and is not an actual
|
||||
* error.
|
||||
*/
|
||||
nsresult GetCredentials(const char *challenges, PRBool proxyAuth,
|
||||
nsAFlatCString &creds);
|
||||
nsresult GetCredentialsForChallenge(const char *challenge,
|
||||
const char *scheme, PRBool proxyAuth,
|
||||
nsIHttpAuthenticator *auth,
|
||||
nsAFlatCString &creds);
|
||||
nsresult PromptForIdentity(PRUint32 level, PRBool proxyAuth,
|
||||
const char *realm, const char *authType,
|
||||
PRUint32 authFlags, nsHttpAuthIdentity &);
|
||||
|
||||
PRBool ConfirmAuth(const nsString &bundleKey, PRBool doYesNoPrompt);
|
||||
void SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header,
|
||||
const char *scheme, const char *host,
|
||||
PRInt32 port, const char *path,
|
||||
nsHttpAuthIdentity &ident);
|
||||
nsresult GetCurrentPath(nsACString &);
|
||||
/**
|
||||
* Return all information needed to build authorization information,
|
||||
* all parameters except proxyAuth are out parameters. proxyAuth specifies
|
||||
* with what authorization we work (WWW or proxy).
|
||||
*/
|
||||
nsresult GetAuthorizationMembers(PRBool proxyAuth, nsCSubstring& scheme,
|
||||
const char*& host, PRInt32& port,
|
||||
nsCSubstring& path,
|
||||
nsHttpAuthIdentity*& ident,
|
||||
nsISupports**& continuationState);
|
||||
/**
|
||||
* Method called to resume suspended transaction after we got credentials
|
||||
* from the user. Called from OnAuthAvailable callback or OnAuthCancelled
|
||||
* when credentials for next challenge were obtained synchronously.
|
||||
*/
|
||||
nsresult ContinueOnAuthAvailable(const nsCSubstring& creds);
|
||||
|
||||
private:
|
||||
nsIHttpAuthenticableChannel *mAuthChannel; // weak ref
|
||||
|
||||
nsCOMPtr<nsIURI> mURI;
|
||||
nsCOMPtr<nsProxyInfo> mProxyInfo;
|
||||
nsCString mHost;
|
||||
PRInt32 mPort;
|
||||
PRBool mUsingSSL;
|
||||
|
||||
nsISupports *mProxyAuthContinuationState;
|
||||
nsCString mProxyAuthType;
|
||||
nsISupports *mAuthContinuationState;
|
||||
nsCString mAuthType;
|
||||
nsHttpAuthIdentity mIdent;
|
||||
nsHttpAuthIdentity mProxyIdent;
|
||||
|
||||
// Reference to the prompt wating in prompt queue. The channel is
|
||||
// responsible to call its cancel method when user in any way cancels
|
||||
// this request.
|
||||
nsCOMPtr<nsICancelable> mAsyncPromptAuthCancelable;
|
||||
// Saved in GetCredentials when prompt is asynchronous, the first challenge
|
||||
// we obtained from the server with 401/407 response, will be processed in
|
||||
// OnAuthAvailable callback.
|
||||
nsCString mCurrentChallenge;
|
||||
// Saved in GetCredentials when prompt is asynchronous, remaning challenges
|
||||
// we have to process when user cancels the auth dialog for the current
|
||||
// challenge.
|
||||
nsCString mRemainingChallenges;
|
||||
|
||||
// True when we need to authenticate to proxy, i.e. when we get 407
|
||||
// response. Used in OnAuthAvailable and OnAuthCancelled callbacks.
|
||||
PRUint32 mProxyAuth : 1;
|
||||
PRUint32 mTriedProxyAuth : 1;
|
||||
PRUint32 mTriedHostAuth : 1;
|
||||
PRUint32 mSuppressDefensiveAuth : 1;
|
||||
};
|
||||
|
||||
#endif // nsHttpChannelAuthProvider_h__
|
@ -42,7 +42,7 @@
|
||||
#include <stdlib.h>
|
||||
#include "nsHttp.h"
|
||||
#include "nsHttpDigestAuth.h"
|
||||
#include "nsIHttpChannel.h"
|
||||
#include "nsIHttpAuthenticableChannel.h"
|
||||
#include "nsIServiceManager.h"
|
||||
#include "nsXPCOM.h"
|
||||
#include "nsISupportsPrimitives.h"
|
||||
@ -109,23 +109,19 @@ nsHttpDigestAuth::MD5Hash(const char *buf, PRUint32 len)
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsHttpDigestAuth::GetMethodAndPath(nsIHttpChannel *httpChannel,
|
||||
PRBool isProxyAuth,
|
||||
nsCString &httpMethod,
|
||||
nsCString &path)
|
||||
nsHttpDigestAuth::GetMethodAndPath(nsIHttpAuthenticableChannel *authChannel,
|
||||
PRBool isProxyAuth,
|
||||
nsCString &httpMethod,
|
||||
nsCString &path)
|
||||
{
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
rv = httpChannel->GetURI(getter_AddRefs(uri));
|
||||
rv = authChannel->GetURI(getter_AddRefs(uri));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
PRBool isSecure;
|
||||
rv = uri->SchemeIs("https", &isSecure);
|
||||
PRBool proxyMethodIsConnect;
|
||||
rv = authChannel->GetProxyMethodIsConnect(&proxyMethodIsConnect);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
//
|
||||
// if we are being called in response to a 407, and if the protocol
|
||||
// is HTTPS, then we are really using a CONNECT method.
|
||||
//
|
||||
if (isSecure && isProxyAuth) {
|
||||
if (proxyMethodIsConnect && isProxyAuth) {
|
||||
httpMethod.AssignLiteral("CONNECT");
|
||||
//
|
||||
// generate hostname:port string. (unfortunately uri->GetHostPort
|
||||
@ -141,7 +137,7 @@ nsHttpDigestAuth::GetMethodAndPath(nsIHttpChannel *httpChannel,
|
||||
}
|
||||
}
|
||||
else {
|
||||
rv = httpChannel->GetRequestMethod(httpMethod);
|
||||
rv = authChannel->GetRequestMethod(httpMethod);
|
||||
rv |= uri->GetPath(path);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
//
|
||||
@ -171,7 +167,7 @@ nsHttpDigestAuth::GetMethodAndPath(nsIHttpChannel *httpChannel,
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsHttpDigestAuth::ChallengeReceived(nsIHttpChannel *httpChannel,
|
||||
nsHttpDigestAuth::ChallengeReceived(nsIHttpAuthenticableChannel *authChannel,
|
||||
const char *challenge,
|
||||
PRBool isProxyAuth,
|
||||
nsISupports **sessionState,
|
||||
@ -197,7 +193,7 @@ nsHttpDigestAuth::ChallengeReceived(nsIHttpChannel *httpChannel,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsHttpDigestAuth::GenerateCredentials(nsIHttpChannel *httpChannel,
|
||||
nsHttpDigestAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChannel,
|
||||
const char *challenge,
|
||||
PRBool isProxyAuth,
|
||||
const PRUnichar *userdomain,
|
||||
@ -222,7 +218,7 @@ nsHttpDigestAuth::GenerateCredentials(nsIHttpChannel *httpChannel,
|
||||
PRBool requireExtraQuotes = PR_FALSE;
|
||||
{
|
||||
nsCAutoString serverVal;
|
||||
httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("Server"), serverVal);
|
||||
authChannel->GetServerResponseHeader(serverVal);
|
||||
if (!serverVal.IsEmpty()) {
|
||||
requireExtraQuotes = !PL_strncasecmp(serverVal.get(), "Microsoft-IIS", 13);
|
||||
}
|
||||
@ -231,7 +227,7 @@ nsHttpDigestAuth::GenerateCredentials(nsIHttpChannel *httpChannel,
|
||||
nsresult rv;
|
||||
nsCAutoString httpMethod;
|
||||
nsCAutoString path;
|
||||
rv = GetMethodAndPath(httpChannel, isProxyAuth, httpMethod, path);
|
||||
rv = GetMethodAndPath(authChannel, isProxyAuth, httpMethod, path);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
nsCAutoString realm, domain, nonce, opaque;
|
||||
|
@ -107,7 +107,8 @@ class nsHttpDigestAuth : public nsIHttpAuthenticator
|
||||
// result is in mHashBuf
|
||||
nsresult MD5Hash(const char *buf, PRUint32 len);
|
||||
|
||||
nsresult GetMethodAndPath(nsIHttpChannel *, PRBool, nsCString &, nsCString &);
|
||||
nsresult GetMethodAndPath(nsIHttpAuthenticableChannel *,
|
||||
PRBool, nsCString &, nsCString &);
|
||||
|
||||
// append the quoted version of value to aHeaderLine
|
||||
nsresult AppendQuotedString(const nsACString & value,
|
||||
|
@ -50,7 +50,7 @@
|
||||
#include "nsIPrefBranch.h"
|
||||
#include "nsIPrefService.h"
|
||||
#include "nsIServiceManager.h"
|
||||
#include "nsIHttpChannel.h"
|
||||
#include "nsIHttpAuthenticableChannel.h"
|
||||
#include "nsIURI.h"
|
||||
|
||||
static const char kAllowProxies[] = "network.automatic-ntlm-auth.allow-proxies";
|
||||
@ -189,7 +189,8 @@ ForceGenericNTLM()
|
||||
|
||||
// Check to see if we should use default credentials for this host or proxy.
|
||||
static PRBool
|
||||
CanUseDefaultCredentials(nsIHttpChannel *channel, PRBool isProxyAuth)
|
||||
CanUseDefaultCredentials(nsIHttpAuthenticableChannel *channel,
|
||||
PRBool isProxyAuth)
|
||||
{
|
||||
nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
|
||||
if (!prefs)
|
||||
@ -224,7 +225,7 @@ NS_IMPL_ISUPPORTS0(nsNTLMSessionState)
|
||||
NS_IMPL_ISUPPORTS1(nsHttpNTLMAuth, nsIHttpAuthenticator)
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsHttpNTLMAuth::ChallengeReceived(nsIHttpChannel *channel,
|
||||
nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel *channel,
|
||||
const char *challenge,
|
||||
PRBool isProxyAuth,
|
||||
nsISupports **sessionState,
|
||||
@ -316,7 +317,7 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpChannel *channel,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsHttpNTLMAuth::GenerateCredentials(nsIHttpChannel *httpChannel,
|
||||
nsHttpNTLMAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChannel,
|
||||
const char *challenge,
|
||||
PRBool isProxyAuth,
|
||||
const PRUnichar *domain,
|
||||
@ -351,7 +352,7 @@ nsHttpNTLMAuth::GenerateCredentials(nsIHttpChannel *httpChannel,
|
||||
if (PL_strcasecmp(challenge, "NTLM") == 0) {
|
||||
// NTLM service name format is 'HTTP@host' for both http and https
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
rv = httpChannel->GetURI(getter_AddRefs(uri));
|
||||
rv = authChannel->GetURI(getter_AddRefs(uri));
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
nsCAutoString serviceName, host;
|
||||
|
141
netwerk/protocol/http/nsIHttpAuthenticableChannel.idl
Normal file
141
netwerk/protocol/http/nsIHttpAuthenticableChannel.idl
Normal file
@ -0,0 +1,141 @@
|
||||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is Mozilla.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Wellington Fernando de Macedo.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2009
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Wellington Fernando de Macedo <wfernandom2004@gmail.com> (original author)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#include "nsIProxiedChannel.idl"
|
||||
#include "nsIChannel.idl"
|
||||
|
||||
interface nsILoadGroup;
|
||||
interface nsIURI;
|
||||
interface nsIInterfaceRequestor;
|
||||
|
||||
[scriptable, uuid(701093ac-5c7f-429c-99e3-423b041fccb4)]
|
||||
interface nsIHttpAuthenticableChannel : nsIProxiedChannel
|
||||
{
|
||||
/**
|
||||
* If the channel being authenticated is using SSL.
|
||||
*/
|
||||
readonly attribute boolean isSSL;
|
||||
|
||||
/**
|
||||
* Returns if the proxy HTTP method used is CONNECT. If no proxy is being
|
||||
* used it must return PR_FALSE.
|
||||
*/
|
||||
readonly attribute boolean proxyMethodIsConnect;
|
||||
|
||||
/**
|
||||
* Cancels the current request. See nsIRequest.
|
||||
*/
|
||||
void cancel(in nsresult aStatus);
|
||||
|
||||
/**
|
||||
* The load flags of this request. See nsIRequest.
|
||||
*/
|
||||
readonly attribute nsLoadFlags loadFlags;
|
||||
|
||||
/**
|
||||
* The URI corresponding to the channel. See nsIChannel.
|
||||
*/
|
||||
readonly attribute nsIURI URI;
|
||||
|
||||
/**
|
||||
* The load group of this request. It is here for querying its
|
||||
* notificationCallbacks. See nsIRequest.
|
||||
*/
|
||||
readonly attribute nsILoadGroup loadGroup;
|
||||
|
||||
/**
|
||||
* The notification callbacks for the channel. See nsIChannel.
|
||||
*/
|
||||
readonly attribute nsIInterfaceRequestor notificationCallbacks;
|
||||
|
||||
/**
|
||||
* The HTTP request method. See nsIHttpChannel.
|
||||
*/
|
||||
readonly attribute ACString requestMethod;
|
||||
|
||||
/**
|
||||
* The "Server" response header.
|
||||
* Return NS_ERROR_NOT_AVAILABLE if not available.
|
||||
*/
|
||||
readonly attribute ACString serverResponseHeader;
|
||||
|
||||
/**
|
||||
* The Proxy-Authenticate response header.
|
||||
*/
|
||||
readonly attribute ACString proxyChallenges;
|
||||
|
||||
/**
|
||||
* The WWW-Authenticate response header.
|
||||
*/
|
||||
readonly attribute ACString WWWChallenges;
|
||||
|
||||
/**
|
||||
* Sets the Proxy-Authorization request header. An empty string
|
||||
* will clear it.
|
||||
*/
|
||||
void setProxyCredentials(in ACString credentials);
|
||||
|
||||
/**
|
||||
* Sets the Authorization request header. An empty string
|
||||
* will clear it.
|
||||
*/
|
||||
void setWWWCredentials(in ACString credentials);
|
||||
|
||||
/**
|
||||
* Called when authentication information is ready and has been set on this
|
||||
* object using setWWWCredentials/setProxyCredentials. Implementations can
|
||||
* continue with the request and send the given information to the server.
|
||||
*
|
||||
* It is called asynchronously from
|
||||
* nsIHttpChannelAuthProvider::processAuthentication if that method returns
|
||||
* NS_ERROR_IN_PROGRESS.
|
||||
*
|
||||
* @note Any exceptions thrown from this method should be ignored.
|
||||
*/
|
||||
void onAuthAvailable();
|
||||
|
||||
/**
|
||||
* Notifies that the prompt was cancelled. It is called asynchronously
|
||||
* from nsIHttpChannelAuthProvider::processAuthentication if that method
|
||||
* returns NS_ERROR_IN_PROGRESS.
|
||||
*
|
||||
* @param userCancel
|
||||
* If the user was cancelled has cancelled the authentication prompt.
|
||||
*/
|
||||
void onAuthCancelled(in boolean userCancel);
|
||||
};
|
@ -38,7 +38,7 @@
|
||||
|
||||
#include "nsISupports.idl"
|
||||
|
||||
interface nsIHttpChannel;
|
||||
interface nsIHttpAuthenticableChannel;
|
||||
|
||||
/**
|
||||
* nsIHttpAuthenticator
|
||||
@ -51,7 +51,7 @@ interface nsIHttpChannel;
|
||||
* where <auth-scheme> is the lower-cased value of the authentication scheme
|
||||
* found in the server challenge per the rules of RFC 2617.
|
||||
*/
|
||||
[scriptable, uuid(36402c9d-c280-4860-b4b0-2e7eb35b0aaf)]
|
||||
[scriptable, uuid(16784db0-fcb1-4352-b0c9-6a3a67e3cf79)]
|
||||
interface nsIHttpAuthenticator : nsISupports
|
||||
{
|
||||
/**
|
||||
@ -78,12 +78,12 @@ interface nsIHttpAuthenticator : nsISupports
|
||||
* return value indicating whether or not to prompt the user for a
|
||||
* revised identity.
|
||||
*/
|
||||
void challengeReceived(in nsIHttpChannel aChannel,
|
||||
in string aChallenge,
|
||||
in boolean aProxyAuth,
|
||||
inout nsISupports aSessionState,
|
||||
inout nsISupports aContinuationState,
|
||||
out boolean aInvalidatesIdentity);
|
||||
void challengeReceived(in nsIHttpAuthenticableChannel aChannel,
|
||||
in string aChallenge,
|
||||
in boolean aProxyAuth,
|
||||
inout nsISupports aSessionState,
|
||||
inout nsISupports aContinuationState,
|
||||
out boolean aInvalidatesIdentity);
|
||||
|
||||
/**
|
||||
* Called to generate the authentication credentials for a particular
|
||||
@ -121,15 +121,15 @@ interface nsIHttpAuthenticator : nsISupports
|
||||
* @param aFlags
|
||||
* authenticator may return one of the generate flags bellow.
|
||||
*/
|
||||
string generateCredentials(in nsIHttpChannel aChannel,
|
||||
in string aChallenge,
|
||||
in boolean aProxyAuth,
|
||||
in wstring aDomain,
|
||||
in wstring aUser,
|
||||
in wstring aPassword,
|
||||
inout nsISupports aSessionState,
|
||||
inout nsISupports aContinuationState,
|
||||
out unsigned long aFlags);
|
||||
string generateCredentials(in nsIHttpAuthenticableChannel aChannel,
|
||||
in string aChallenge,
|
||||
in boolean aProxyAuth,
|
||||
in wstring aDomain,
|
||||
in wstring aUser,
|
||||
in wstring aPassword,
|
||||
inout nsISupports aSessionState,
|
||||
inout nsISupports aContinuationState,
|
||||
out unsigned long aFlags);
|
||||
|
||||
/**
|
||||
* Generate flags
|
||||
|
108
netwerk/protocol/http/nsIHttpChannelAuthProvider.idl
Normal file
108
netwerk/protocol/http/nsIHttpChannelAuthProvider.idl
Normal file
@ -0,0 +1,108 @@
|
||||
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* vim: set sw=2 ts=8 et tw=80 : */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Wellington Fernando de Macedo.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2009
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Wellington Fernando de Macedo <wfernandom2004@gmail.com> (original author)
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either of the GNU General Public License Version 2 or later (the "GPL"),
|
||||
* or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#include "nsICancelable.idl"
|
||||
|
||||
interface nsIHttpChannel;
|
||||
interface nsIHttpAuthenticableChannel;
|
||||
|
||||
/**
|
||||
* nsIHttpChannelAuthProvider
|
||||
*
|
||||
* This interface is intended for providing authentication for http-style
|
||||
* channels, like nsIHttpChannel and nsIWebSocket, which implement the
|
||||
* nsIHttpAuthenticableChannel interface.
|
||||
*
|
||||
* When requesting pages AddAuthorizationHeaders MUST be called
|
||||
* in order to get the http cached headers credentials. When the request is
|
||||
* unsuccessful because of receiving either a 401 or 407 http response code
|
||||
* ProcessAuthentication MUST be called and the page MUST be requested again
|
||||
* with the new credentials that the user has provided. After a successful
|
||||
* request, checkForSuperfluousAuth MAY be called, and disconnect MUST be
|
||||
* called.
|
||||
*/
|
||||
|
||||
[scriptable, uuid(c68f3def-c7c8-4ee8-861c-eef49a48b702)]
|
||||
interface nsIHttpChannelAuthProvider : nsICancelable
|
||||
{
|
||||
/**
|
||||
* Initializes the http authentication support for the channel.
|
||||
* Implementations must hold a weak reference of the channel.
|
||||
*/
|
||||
void init(in nsIHttpAuthenticableChannel channel);
|
||||
|
||||
/**
|
||||
* Upon receipt of a server challenge, this function is called to determine
|
||||
* the credentials to send.
|
||||
*
|
||||
* @param httpStatus
|
||||
* the http status received.
|
||||
* @param sslConnectFailed
|
||||
* if the last ssl tunnel connection attempt was or not successful.
|
||||
* @param callback
|
||||
* the callback to be called when it returns NS_ERROR_IN_PROGRESS.
|
||||
* The implementation must hold a weak reference.
|
||||
*
|
||||
* @returns NS_OK if the credentials were got and set successfully.
|
||||
* NS_ERROR_IN_PROGRESS if the credentials are going to be asked to
|
||||
* the user. The channel reference must be
|
||||
* alive until the feedback from
|
||||
* nsIHttpAuthenticableChannel's methods or
|
||||
* until disconnect be called.
|
||||
*/
|
||||
void processAuthentication(in unsigned long httpStatus,
|
||||
in boolean sslConnectFailed);
|
||||
|
||||
/**
|
||||
* Add credentials from the http auth cache.
|
||||
*/
|
||||
void addAuthorizationHeaders();
|
||||
|
||||
/**
|
||||
* Check if an unnecessary(and maybe malicious) url authentication has been
|
||||
* provided.
|
||||
*/
|
||||
void checkForSuperfluousAuth();
|
||||
|
||||
/**
|
||||
* Cancel pending user auth prompts and release the callback and channel
|
||||
* weak references.
|
||||
*/
|
||||
void disconnect(in nsresult status);
|
||||
};
|
Loading…
Reference in New Issue
Block a user