1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/proxy_resolution/proxy_resolver_winhttp.h"
6
7 #include <windows.h>
8 #include <winhttp.h>
9
10 #include "base/macros.h"
11 #include "base/strings/string_util.h"
12 #include "base/strings/utf_string_conversions.h"
13 #include "net/base/net_errors.h"
14 #include "net/proxy_resolution/proxy_info.h"
15 #include "net/proxy_resolution/proxy_resolver.h"
16 #include "url/gurl.h"
17
18 using base::TimeDelta;
19 using base::TimeTicks;
20
21 namespace net {
22 namespace {
23
FreeInfo(WINHTTP_PROXY_INFO * info)24 static void FreeInfo(WINHTTP_PROXY_INFO* info) {
25 if (info->lpszProxy)
26 GlobalFree(info->lpszProxy);
27 if (info->lpszProxyBypass)
28 GlobalFree(info->lpszProxyBypass);
29 }
30
WinHttpErrorToNetError(DWORD win_http_error)31 static Error WinHttpErrorToNetError(DWORD win_http_error) {
32 switch (win_http_error) {
33 case ERROR_WINHTTP_AUTO_PROXY_SERVICE_ERROR:
34 case ERROR_WINHTTP_INTERNAL_ERROR:
35 case ERROR_WINHTTP_INCORRECT_HANDLE_TYPE:
36 return ERR_FAILED;
37 case ERROR_WINHTTP_LOGIN_FAILURE:
38 return ERR_PROXY_AUTH_UNSUPPORTED;
39 case ERROR_WINHTTP_BAD_AUTO_PROXY_SCRIPT:
40 return ERR_PAC_SCRIPT_FAILED;
41 case ERROR_WINHTTP_INVALID_URL:
42 case ERROR_WINHTTP_OPERATION_CANCELLED:
43 case ERROR_WINHTTP_UNABLE_TO_DOWNLOAD_SCRIPT:
44 case ERROR_WINHTTP_UNRECOGNIZED_SCHEME:
45 return ERR_HTTP_RESPONSE_CODE_FAILURE;
46 case ERROR_NOT_ENOUGH_MEMORY:
47 return ERR_INSUFFICIENT_RESOURCES;
48 default:
49 return ERR_FAILED;
50 }
51 }
52
53 class ProxyResolverWinHttp : public ProxyResolver {
54 public:
55 ProxyResolverWinHttp(const scoped_refptr<PacFileData>& script_data);
56 ~ProxyResolverWinHttp() override;
57
58 // ProxyResolver implementation:
59 int GetProxyForURL(const GURL& url,
60 const NetworkIsolationKey& network_isolation_key,
61 ProxyInfo* results,
62 CompletionOnceCallback /*callback*/,
63 std::unique_ptr<Request>* /*request*/,
64 const NetLogWithSource& /*net_log*/) override;
65
66 private:
67 bool OpenWinHttpSession();
68 void CloseWinHttpSession();
69
70 // Proxy configuration is cached on the session handle.
71 HINTERNET session_handle_;
72
73 const GURL pac_url_;
74
75 DISALLOW_COPY_AND_ASSIGN(ProxyResolverWinHttp);
76 };
77
ProxyResolverWinHttp(const scoped_refptr<PacFileData> & script_data)78 ProxyResolverWinHttp::ProxyResolverWinHttp(
79 const scoped_refptr<PacFileData>& script_data)
80 : session_handle_(nullptr),
81 pac_url_(script_data->type() == PacFileData::TYPE_AUTO_DETECT
82 ? GURL("http://wpad/wpad.dat")
83 : script_data->url()) {}
84
~ProxyResolverWinHttp()85 ProxyResolverWinHttp::~ProxyResolverWinHttp() {
86 CloseWinHttpSession();
87 }
88
GetProxyForURL(const GURL & query_url,const NetworkIsolationKey & network_isolation_key,ProxyInfo * results,CompletionOnceCallback,std::unique_ptr<Request> *,const NetLogWithSource &)89 int ProxyResolverWinHttp::GetProxyForURL(
90 const GURL& query_url,
91 const NetworkIsolationKey& network_isolation_key,
92 ProxyInfo* results,
93 CompletionOnceCallback /*callback*/,
94 std::unique_ptr<Request>* /*request*/,
95 const NetLogWithSource& /*net_log*/) {
96 // If we don't have a WinHTTP session, then create a new one.
97 if (!session_handle_ && !OpenWinHttpSession())
98 return ERR_FAILED;
99
100 // Windows' system resolver does not support WebSocket URLs in proxy.pac. This
101 // was tested in version 10.0.16299, and is also implied by the description of
102 // the ERROR_WINHTTP_UNRECOGNIZED_SCHEME error code in the Microsoft
103 // documentation at
104 // https://docs.microsoft.com/en-us/windows/desktop/api/winhttp/nf-winhttp-winhttpgetproxyforurl.
105 // See https://crbug.com/862121.
106 GURL mutable_query_url = query_url;
107 if (query_url.SchemeIsWSOrWSS()) {
108 GURL::Replacements replacements;
109 replacements.SetSchemeStr(query_url.SchemeIsCryptographic() ? "https"
110 : "http");
111 mutable_query_url = query_url.ReplaceComponents(replacements);
112 }
113
114 // If we have been given an empty PAC url, then use auto-detection.
115 //
116 // NOTE: We just use DNS-based auto-detection here like Firefox. We do this
117 // to avoid WinHTTP's auto-detection code, which while more featureful (it
118 // supports DHCP based auto-detection) also appears to have issues.
119 //
120 WINHTTP_AUTOPROXY_OPTIONS options = {0};
121 options.fAutoLogonIfChallenged = FALSE;
122 options.dwFlags = WINHTTP_AUTOPROXY_CONFIG_URL;
123 base::string16 pac_url16 = base::ASCIIToUTF16(pac_url_.spec());
124 options.lpszAutoConfigUrl = base::as_wcstr(pac_url16);
125
126 WINHTTP_PROXY_INFO info = {0};
127 DCHECK(session_handle_);
128
129 // Per http://msdn.microsoft.com/en-us/library/aa383153(VS.85).aspx, it is
130 // necessary to first try resolving with fAutoLogonIfChallenged set to false.
131 // Otherwise, we fail over to trying it with a value of true. This way we
132 // get good performance in the case where WinHTTP uses an out-of-process
133 // resolver. This is important for Vista and Win2k3.
134 BOOL ok = WinHttpGetProxyForUrl(
135 session_handle_,
136 base::as_wcstr(base::ASCIIToUTF16(mutable_query_url.spec())), &options,
137 &info);
138 if (!ok) {
139 if (ERROR_WINHTTP_LOGIN_FAILURE == GetLastError()) {
140 options.fAutoLogonIfChallenged = TRUE;
141 ok = WinHttpGetProxyForUrl(
142 session_handle_,
143 base::as_wcstr(base::ASCIIToUTF16(mutable_query_url.spec())),
144 &options, &info);
145 }
146 if (!ok) {
147 DWORD error = GetLastError();
148 // If we got here because of RPC timeout during out of process PAC
149 // resolution, no further requests on this session are going to work.
150 if (ERROR_WINHTTP_TIMEOUT == error ||
151 ERROR_WINHTTP_AUTO_PROXY_SERVICE_ERROR == error) {
152 CloseWinHttpSession();
153 }
154 return WinHttpErrorToNetError(error);
155 }
156 }
157
158 int rv = OK;
159
160 switch (info.dwAccessType) {
161 case WINHTTP_ACCESS_TYPE_NO_PROXY:
162 results->UseDirect();
163 break;
164 case WINHTTP_ACCESS_TYPE_NAMED_PROXY:
165 // According to MSDN:
166 //
167 // The proxy server list contains one or more of the following strings
168 // separated by semicolons or whitespace.
169 //
170 // ([<scheme>=][<scheme>"://"]<server>[":"<port>])
171 //
172 // Based on this description, ProxyInfo::UseNamedProxy() isn't
173 // going to handle all the variations (in particular <scheme>=).
174 //
175 // However in practice, it seems that WinHTTP is simply returning
176 // things like "foopy1:80;foopy2:80". It strips out the non-HTTP
177 // proxy types, and stops the list when PAC encounters a "DIRECT".
178 // So UseNamedProxy() should work OK.
179 results->UseNamedProxy(base::WideToUTF8(info.lpszProxy));
180 break;
181 default:
182 NOTREACHED();
183 rv = ERR_FAILED;
184 }
185
186 FreeInfo(&info);
187 return rv;
188 }
189
OpenWinHttpSession()190 bool ProxyResolverWinHttp::OpenWinHttpSession() {
191 DCHECK(!session_handle_);
192 session_handle_ =
193 WinHttpOpen(nullptr, WINHTTP_ACCESS_TYPE_NO_PROXY, WINHTTP_NO_PROXY_NAME,
194 WINHTTP_NO_PROXY_BYPASS, 0);
195 if (!session_handle_)
196 return false;
197
198 // Since this session handle will never be used for WinHTTP connections,
199 // these timeouts don't really mean much individually. However, WinHTTP's
200 // out of process PAC resolution will use a combined (sum of all timeouts)
201 // value to wait for an RPC reply.
202 BOOL rv = WinHttpSetTimeouts(session_handle_, 10000, 10000, 5000, 5000);
203 DCHECK(rv);
204
205 return true;
206 }
207
CloseWinHttpSession()208 void ProxyResolverWinHttp::CloseWinHttpSession() {
209 if (session_handle_) {
210 WinHttpCloseHandle(session_handle_);
211 session_handle_ = nullptr;
212 }
213 }
214
215 } // namespace
216
ProxyResolverFactoryWinHttp()217 ProxyResolverFactoryWinHttp::ProxyResolverFactoryWinHttp()
218 : ProxyResolverFactory(false /*expects_pac_bytes*/) {
219 }
220
CreateProxyResolver(const scoped_refptr<PacFileData> & pac_script,std::unique_ptr<ProxyResolver> * resolver,CompletionOnceCallback callback,std::unique_ptr<Request> * request)221 int ProxyResolverFactoryWinHttp::CreateProxyResolver(
222 const scoped_refptr<PacFileData>& pac_script,
223 std::unique_ptr<ProxyResolver>* resolver,
224 CompletionOnceCallback callback,
225 std::unique_ptr<Request>* request) {
226 resolver->reset(new ProxyResolverWinHttp(pac_script));
227 return OK;
228 }
229
230 } // namespace net
231