Fix for Proxy server authentication without credentials available.

This covers the cases using GSSAPI for Negotiate to authenticate to a proxy, where: - The user does not have a TGT (Ticket Generating Ticket), or - The user is unable to get to the TGS (Ticket Granting Server). The bug was that the authentication system tried to reuse the Negotiate handler even though it was not possible for it to succeed, leading to infinite retries. BUG=33033 Test=None Review URL: http://codereview.chromium.org/3040015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53819 0039d316-1c4b-4281-b951-d872f2087c98
qweri0p · Jul 27, 2010 · 17be1a6 · 17be1a6
1 parent eed0875
commit 17be1a6
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/net/http/http_auth.cc b/net/http/http_auth.cc
@@ -31,7 +31,8 @@ void HttpAuth::ChooseBestChallenge(
 
   // A connection-based authentication scheme must continue to use the
   // existing handler object in |*handler|.
-  if (handler->get() && (*handler)->is_connection_based()) {
+  if (handler->get() && (*handler)->is_connection_based() &&
+      (disabled_schemes.find((*handler)->scheme()) == disabled_schemes.end())) {
     const std::string header_name = GetChallengeHeaderName(target);
     std::string challenge;
     void* iter = NULL;
@@ -57,10 +58,9 @@ void HttpAuth::ChooseBestChallenge(
                    << ErrorToString(rv) << " Challenge: " << cur_challenge;
       continue;
     }
-    if (cur.get() && (!best.get() || best->score() < cur->score())) {
-      if (disabled_schemes.find(cur->scheme()) == disabled_schemes.end())
-        best.swap(cur);
-    }
+    if (cur.get() && (!best.get() || best->score() < cur->score()) &&
+        (disabled_schemes.find(cur->scheme()) == disabled_schemes.end()))
+      best.swap(cur);
   }
   handler->swap(best);
 }