DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Implementation

Mercurial (1aeaa33a64f9)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* vim:set et cin ts=4 sw=4 sts=4: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsHttpChannelAuthProvider_h__
#define nsHttpChannelAuthProvider_h__

#include "nsIHttpChannelAuthProvider.h"
#include "nsIAuthPromptCallback.h"
#include "nsIHttpAuthenticatorCallback.h"
#include "nsString.h"
#include "nsCOMPtr.h"
#include "nsHttpAuthCache.h"
#include "nsProxyInfo.h"
#include "nsCRT.h"
#include "nsICancelableRunnable.h"

class nsIHttpAuthenticableChannel;
class nsIHttpAuthenticator;
class nsIURI;

namespace mozilla {
namespace net {

class nsHttpHandler;

class nsHttpChannelAuthProvider : public nsIHttpChannelAuthProvider,
                                  public nsIAuthPromptCallback,
                                  public nsIHttpAuthenticatorCallback {
 public:
  NS_DECL_ISUPPORTS
  NS_DECL_NSICANCELABLE
  NS_DECL_NSIHTTPCHANNELAUTHPROVIDER
  NS_DECL_NSIAUTHPROMPTCALLBACK
  NS_DECL_NSIHTTPAUTHENTICATORCALLBACK

  nsHttpChannelAuthProvider();
  static void InitializePrefs();

 private:
  virtual ~nsHttpChannelAuthProvider();

  const char *ProxyHost() const {
    return mProxyInfo ? mProxyInfo->Host().get() : nullptr;
  }

  int32_t ProxyPort() const { return mProxyInfo ? mProxyInfo->Port() : -1; }

  const char *Host() const { return mHost.get(); }
  int32_t Port() const { return mPort; }
  bool UsingSSL() const { return mUsingSSL; }

  bool UsingHttpProxy() const {
    return mProxyInfo && (mProxyInfo->IsHTTP() || mProxyInfo->IsHTTPS());
  }

  MOZ_MUST_USE nsresult PrepareForAuthentication(bool proxyAuth);
  MOZ_MUST_USE nsresult GenCredsAndSetEntry(
      nsIHttpAuthenticator *, bool proxyAuth, const char *scheme,
      const char *host, int32_t port, const char *dir, const char *realm,
      const char *challenge, const nsHttpAuthIdentity &ident,
      nsCOMPtr<nsISupports> &session, char **result);
  MOZ_MUST_USE nsresult GetAuthenticator(const char *challenge,
                                         nsCString &scheme,
                                         nsIHttpAuthenticator **auth);
  void ParseRealm(const char *challenge, nsACString &realm);
  void GetIdentityFromURI(uint32_t authFlags, nsHttpAuthIdentity &);

  /**
   * Following three methods return NS_ERROR_IN_PROGRESS when
   * nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates
   * the user's decision will be gathered in a callback and is not an actual
   * error.
   */
  MOZ_MUST_USE nsresult GetCredentials(const char *challenges, bool proxyAuth,
                                       nsCString &creds);
  MOZ_MUST_USE nsresult GetCredentialsForChallenge(const char *challenge,
                                                   const char *scheme,
                                                   bool proxyAuth,
                                                   nsIHttpAuthenticator *auth,
                                                   nsCString &creds);
  MOZ_MUST_USE nsresult PromptForIdentity(uint32_t level, bool proxyAuth,
                                          const char *realm,
                                          const char *authType,
                                          uint32_t authFlags,
                                          nsHttpAuthIdentity &);

  bool ConfirmAuth(const char *bundleKey, bool doYesNoPrompt);
  void SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header,
                              const char *scheme, const char *host,
                              int32_t port, const char *path,
                              nsHttpAuthIdentity &ident);
  MOZ_MUST_USE nsresult GetCurrentPath(nsACString &);
  /**
   * Return all information needed to build authorization information,
   * all parameters except proxyAuth are out parameters. proxyAuth specifies
   * with what authorization we work (WWW or proxy).
   */
  MOZ_MUST_USE nsresult GetAuthorizationMembers(
      bool proxyAuth, nsACString &scheme, const char *&host, int32_t &port,
      nsACString &path, nsHttpAuthIdentity *&ident,
      nsISupports **&continuationState);
  /**
   * Method called to resume suspended transaction after we got credentials
   * from the user. Called from OnAuthAvailable callback or OnAuthCancelled
   * when credentials for next challenge were obtained synchronously.
   */
  MOZ_MUST_USE nsresult ContinueOnAuthAvailable(const nsACString &creds);

  MOZ_MUST_USE nsresult DoRedirectChannelToHttps();

  /**
   * A function that takes care of reading STS headers and enforcing STS
   * load rules.  After a secure channel is erected, STS requires the channel
   * to be trusted or any STS header data on the channel is ignored.
   * This is called from ProcessResponse.
   */
  MOZ_MUST_USE nsresult ProcessSTSHeader();

  // Depending on the pref setting, the authentication dialog may be blocked
  // for all sub-resources, blocked for cross-origin sub-resources, or
  // always allowed for sub-resources.
  // For more details look at the bug 647010.
  bool BlockPrompt(bool proxyAuth);

  // Store credentials to the cache when appropriate aFlags are set.
  MOZ_MUST_USE nsresult UpdateCache(nsIHttpAuthenticator *aAuth,
                                    const char *aScheme, const char *aHost,
                                    int32_t aPort, const char *aDirectory,
                                    const char *aRealm, const char *aChallenge,
                                    const nsHttpAuthIdentity &aIdent,
                                    const char *aCreds, uint32_t aGenerateFlags,
                                    nsISupports *aSessionState);

 private:
  nsIHttpAuthenticableChannel *mAuthChannel;  // weak ref

  nsCOMPtr<nsIURI> mURI;
  nsCOMPtr<nsProxyInfo> mProxyInfo;
  nsCString mHost;
  int32_t mPort;
  bool mUsingSSL;
  bool mProxyUsingSSL;
  bool mIsPrivate;

  nsISupports *mProxyAuthContinuationState;
  nsCString mProxyAuthType;
  nsISupports *mAuthContinuationState;
  nsCString mAuthType;
  nsHttpAuthIdentity mIdent;
  nsHttpAuthIdentity mProxyIdent;

  // Reference to the prompt waiting in prompt queue. The channel is
  // responsible to call its cancel method when user in any way cancels
  // this request.
  nsCOMPtr<nsICancelable> mAsyncPromptAuthCancelable;
  // Saved in GetCredentials when prompt is asynchronous, the first challenge
  // we obtained from the server with 401/407 response, will be processed in
  // OnAuthAvailable callback.
  nsCString mCurrentChallenge;
  // Saved in GetCredentials when prompt is asynchronous, remaning challenges
  // we have to process when user cancels the auth dialog for the current
  // challenge.
  nsCString mRemainingChallenges;

  // True when we need to authenticate to proxy, i.e. when we get 407
  // response. Used in OnAuthAvailable and OnAuthCancelled callbacks.
  uint32_t mProxyAuth : 1;
  uint32_t mTriedProxyAuth : 1;
  uint32_t mTriedHostAuth : 1;
  uint32_t mSuppressDefensiveAuth : 1;

  // If a cross-origin sub-resource is being loaded, this flag will be set.
  // In that case, the prompt text will be different to warn users.
  uint32_t mCrossOrigin : 1;
  uint32_t mConnectionBased : 1;

  RefPtr<nsHttpHandler> mHttpHandler;  // keep gHttpHandler alive

  // A variable holding the preference settings to whether to open HTTP
  // authentication credentials dialogs for sub-resources and cross-origin
  // sub-resources.
  static uint32_t sAuthAllowPref;
  static bool sImgCrossOriginAuthAllowPref;
  static bool sNonWebContentTriggeredAuthAllow;
  nsCOMPtr<nsICancelable> mGenerateCredentialsCancelable;
};

}  // namespace net
}  // namespace mozilla

#endif  // nsHttpChannelAuthProvider_h__