--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@@ -279,17 +279,17 @@ nsHttpChannelAuthProvider::CheckForSuper
// we've been called because it has been determined that this channel is
// getting loaded without taking the userpass from the URL. if the URL
// contained a userpass, then (provided some other conditions are true),
// we'll give the user an opportunity to abort the channel as this might be
// an attempt to spoof a different site (see bug 232567).
if (!ConfirmAuth(NS_LITERAL_STRING("SuperfluousAuth"), true)) {
// calling cancel here sets our mStatus and aborts the HTTP
// transaction, which prevents OnDataAvailable events.
- mAuthChannel->Cancel(NS_ERROR_ABORT);
+ Unused << mAuthChannel->Cancel(NS_ERROR_ABORT);
return NS_ERROR_ABORT;
}
return NS_OK;
}
NS_IMETHODIMP
nsHttpChannelAuthProvider::Cancel(nsresult status)
{
@@ -351,17 +351,18 @@ SetIdent(nsHttpAuthIdentity &ident,
char16_t *passBuf)
{
const char16_t *user = userBuf;
const char16_t *domain = nullptr;
if (authFlags & nsIHttpAuthenticator::IDENTITY_INCLUDES_DOMAIN)
ParseUserDomain(userBuf, &user, &domain);
- ident.Set(domain, user, passBuf);
+ DebugOnly<nsresult> rv = ident.Set(domain, user, passBuf);
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
}
// helper function for getting an auth prompt from an interface requestor
static void
GetAuthPrompt(nsIInterfaceRequestor *ifreq, bool proxyAuth,
nsIAuthPrompt2 **result)
{
if (!ifreq)
@@ -794,17 +795,18 @@ nsHttpChannelAuthProvider::GetCredential
LOG((" identity invalid = %d\n", identityInvalid));
if (mConnectionBased && identityInvalid) {
// If the flag is set and identity is invalid, it means we received the first
// challange for a new negotiation round after negotiating a connection based
// auth failed (invalid password).
// The mConnectionBased flag is set later for the newly received challenge,
// so here it reflects the previous 401/7 response schema.
- mAuthChannel->CloseStickyConnection();
+ rv = mAuthChannel->CloseStickyConnection();
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
if (!proxyAuth) {
// We must clear proxy ident in the following scenario + explanation:
// - we are authenticating to an NTLM proxy and an NTLM server
// - we successfully authenticated to the proxy, mProxyIdent keeps
// the user name/domain and password, the identity has also been cached
// - we just threw away the connection because we are now asking for
// creds for the server (WWW auth)
// - hence, we will have to auth to the proxy again as well
@@ -840,17 +842,18 @@ nsHttpChannelAuthProvider::GetCredential
nsIChannel::LOAD_EXPLICIT_CREDENTIALS)))) {
LOG((" taking identity from auth cache\n"));
// the password from the auth cache is more likely to be
// correct than the one in the URL. at least, we know that it
// works with the given username. it is possible for a server
// to distinguish logons based on the supplied password alone,
// but that would be quite unusual... and i don't think we need
// to worry about such unorthodox cases.
- ident->Set(entry->Identity());
+ rv = ident->Set(entry->Identity());
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
identFromURI = false;
if (entry->Creds()[0] != '\0') {
LOG((" using cached credentials!\n"));
creds.Assign(entry->Creds());
return entry->AddPath(path.get());
}
}
}
@@ -907,17 +910,18 @@ nsHttpChannelAuthProvider::GetCredential
}
if (identFromURI) {
// Warn the user before automatically using the identity from the URL
// to automatically log them into a site (see bug 232567).
if (!ConfirmAuth(NS_LITERAL_STRING("AutomaticAuth"), false)) {
// calling cancel here sets our mStatus and aborts the HTTP
// transaction, which prevents OnDataAvailable events.
- mAuthChannel->Cancel(NS_ERROR_ABORT);
+ rv = mAuthChannel->Cancel(NS_ERROR_ABORT);
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
// this return code alone is not equivalent to Cancel, since
// it only instructs our caller that authentication failed.
// without an explicit call to Cancel, our caller would just
// load the page that accompanies the HTTP auth challenge.
return NS_ERROR_ABORT;
}
}
@@ -1148,17 +1152,18 @@ public:
void SetToHttpAuthIdentity(uint32_t authFlags,
nsHttpAuthIdentity& identity);
};
void
nsHTTPAuthInformation::SetToHttpAuthIdentity(uint32_t authFlags,
nsHttpAuthIdentity& identity)
{
- identity.Set(Domain().get(), User().get(), Password().get());
+ DebugOnly<nsresult> rv = identity.Set(Domain().get(), User().get(), Password().get());
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
}
nsresult
nsHttpChannelAuthProvider::PromptForIdentity(uint32_t level,
bool proxyAuth,
const char *realm,
const char *authType,
uint32_t authFlags,
@@ -1250,17 +1255,20 @@ nsHttpChannelAuthProvider::PromptForIden
if (mConnectionBased) {
// Connection can be reset by the server in the meantime user is entering
// the credentials. Result would be just a "Connection was reset" error.
// Hence, we drop the current regardless if the user would make it on time
// to provide credentials.
// It's OK to send the NTLM type 1 message (response to the plain "NTLM"
// challenge) on a new connection.
- mAuthChannel->CloseStickyConnection();
+ {
+ DebugOnly<nsresult> rv = mAuthChannel->CloseStickyConnection();
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
+ }
}
return rv;
}
NS_IMETHODIMP nsHttpChannelAuthProvider::OnAuthAvailable(nsISupports *aContext,
nsIAuthInformation *aAuthInfo)
{
@@ -1297,19 +1305,20 @@ NS_IMETHODIMP nsHttpChannelAuthProvider:
&entry);
nsCOMPtr<nsISupports> sessionStateGrip;
if (entry)
sessionStateGrip = entry->mMetaData;
nsAuthInformationHolder* holder =
static_cast<nsAuthInformationHolder*>(aAuthInfo);
- ident->Set(holder->Domain().get(),
- holder->User().get(),
- holder->Password().get());
+ rv = ident->Set(holder->Domain().get(),
+ holder->User().get(),
+ holder->Password().get());
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
nsAutoCString unused;
nsCOMPtr<nsIHttpAuthenticator> auth;
rv = GetAuthenticator(mCurrentChallenge.get(), unused,
getter_AddRefs(auth));
if (NS_FAILED(rv)) {
MOZ_ASSERT(false, "GetAuthenticator failed");
OnAuthCancelled(aContext, true);
@@ -1339,25 +1348,26 @@ NS_IMETHODIMP nsHttpChannelAuthProvider:
mAsyncPromptAuthCancelable = nullptr;
if (!mAuthChannel)
return NS_OK;
// When user cancels or auth fails we want to close the connection for
// connection based schemes like NTLM. Some servers don't like re-negotiation
// on the same connection.
+ nsresult rv;
if (mConnectionBased) {
- mAuthChannel->CloseStickyConnection();
+ rv = mAuthChannel->CloseStickyConnection();
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
mConnectionBased = false;
}
if (userCancel) {
if (!mRemainingChallenges.IsEmpty()) {
// there are still some challenges to process, do so
- nsresult rv;
// Get rid of current continuationState to avoid reusing it in
// next challenges since it is no longer relevant.
if (mProxyAuth) {
NS_IF_RELEASE(mProxyAuthContinuationState);
} else {
NS_IF_RELEASE(mAuthContinuationState);
}
@@ -1378,17 +1388,18 @@ NS_IMETHODIMP nsHttpChannelAuthProvider:
}
// otherwise, we failed...
}
mRemainingChallenges.Truncate();
}
- mAuthChannel->OnAuthCancelled(userCancel);
+ rv = mAuthChannel->OnAuthCancelled(userCancel);
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
return NS_OK;
}
NS_IMETHODIMP nsHttpChannelAuthProvider::OnCredsGenerated(const char *aGeneratedCreds,
uint32_t aFlags,
nsresult aResult,
nsISupports* aSessionState,
@@ -1432,21 +1443,24 @@ NS_IMETHODIMP nsHttpChannelAuthProvider:
// Get realm from challenge
nsAutoCString realm;
ParseRealm(mCurrentChallenge.get(), realm);
rv = GetAuthorizationMembers(mProxyAuth, scheme, host, port,
directory, ident, unusedContinuationState);
if (NS_FAILED(rv)) return rv;
- UpdateCache(auth, scheme.get(), host, port, directory.get(), realm.get(),
- mCurrentChallenge.get(), *ident, aGeneratedCreds, aFlags, aSessionState);
+ rv = UpdateCache(auth, scheme.get(), host, port, directory.get(),
+ realm.get(), mCurrentChallenge.get(), *ident,
+ aGeneratedCreds, aFlags, aSessionState);
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
mCurrentChallenge.Truncate();
- ContinueOnAuthAvailable(nsDependentCString(aGeneratedCreds));
+ rv = ContinueOnAuthAvailable(nsDependentCString(aGeneratedCreds));
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
return NS_OK;
}
nsresult
nsHttpChannelAuthProvider::ContinueOnAuthAvailable(const nsCSubstring& creds)
{
nsresult rv;
if (mProxyAuth)
@@ -1456,17 +1470,17 @@ nsHttpChannelAuthProvider::ContinueOnAut
if (NS_FAILED(rv)) return rv;
// drop our remaining list of challenges. We don't need them, because we
// have now authenticated against a challenge and will be sending that
// information to the server (or proxy). If it doesn't accept our
// authentication it'll respond with failure and resend the challenge list
mRemainingChallenges.Truncate();
- mAuthChannel->OnAuthAvailable();
+ Unused << mAuthChannel->OnAuthAvailable();
return NS_OK;
}
bool
nsHttpChannelAuthProvider::ConfirmAuth(const nsString &bundleKey,
bool doYesNoPrompt)
{
@@ -1612,17 +1626,18 @@ nsHttpChannelAuthProvider::SetAuthorizat
if (NS_SUCCEEDED(mAuthChannel->GetLoadFlags(&loadFlags)) &&
!(loadFlags & nsIChannel::LOAD_EXPLICIT_CREDENTIALS)) {
ident.Clear();
}
}
}
bool identFromURI;
if (ident.IsEmpty()) {
- ident.Set(entry->Identity());
+ rv = ident.Set(entry->Identity());
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
identFromURI = false;
}
else
identFromURI = true;
nsXPIDLCString temp;
const char *creds = entry->Creds();
const char *challenge = entry->Challenge();
@@ -1644,20 +1659,24 @@ nsHttpChannelAuthProvider::SetAuthorizat
// make sure the continuation state is null since we do not
// support mixing preemptive and 'multirequest' authentication.
NS_IF_RELEASE(*continuationState);
}
}
if (creds[0]) {
LOG((" adding \"%s\" request header\n", header.get()));
- if (header == nsHttp::Proxy_Authorization)
- mAuthChannel->SetProxyCredentials(nsDependentCString(creds));
- else
- mAuthChannel->SetWWWCredentials(nsDependentCString(creds));
+ if (header == nsHttp::Proxy_Authorization) {
+ rv = mAuthChannel->SetProxyCredentials(nsDependentCString(creds));
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
+ }
+ else {
+ rv = mAuthChannel->SetWWWCredentials(nsDependentCString(creds));
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
+ }
// suppress defensive auth prompting for this channel since we know
// that we already prompted at least once this session. we only do
// this for non-proxy auth since the URL's userpass is not used for
// proxy auth.
if (header == nsHttp::Authorization)
mSuppressDefensiveAuth = true;
}