Skip to content

GitLab

T
tangled
Switch branch/tag
Find file BlameHistoryPermalink
  • Asanka Herath's avatar
    [net/auth] Remove DLOPEN_KERBEROS preprocessor directive. · fbe4a670
    Asanka Herath authored 
    DLOPEN_KERBEROS macro controls whether //net dlopen()s a GSSAPI library
for supporting Kerberos authentication. When DLOPEN_KERBEROS is not
defined, //net links statically to the GSSAPI library. The latter option
is only expected to work if //net (and in turn Chromium) is being built
on the host on which it is going to run.

Code for the case where DLOPEN_KERBEROS is not defined is not compiled
let alone tested on any known Chromium configuration. This CL removes
the !DLOPEN_KERBEROS logic (i.e. code for using a statically linked
GSSAPI library).

However //net still needs to distinguish between platforms where an
external GSSAPI library is used vs platforms where Negotiate
authentication tokens are minted via other mechanisms.

As of this CL, the platform variations are:

  * Windows : Negotiate authentication is supported via Windows' SSPI.
              //net has a static dependency on SECUR32.

  * Android : Uses an external authenticator as described in [1].

  * macOS, Linux, ChromeOS, Fuschsia: Uses an external RFC 2744
              compliant GSSAPI library.

Kerberos/Negotiate related GN variables are:

  * use_kerberos : Set to 1 if Kerberos support is desired. Currently
              support for HTTP Negotiate authentication scheme is gated
              on this flag. Note that future CLs will rename this to
              use_negotiate_auth in order to be consistent with what the
              flag actually does. None of the authentication logic in
              //net is Kerberos specific.

              If set to 0, then none of the negotiate library logic is
              compiled.

  * use_external_gssapi : Set to 1 on platforms where an external GSSAPI
              library needs to be loaded in order to support negotiate
              authentication. Currently this is set to true on all Posix
              platforms excluding Android. In addition, it is also set
              to true on Fuschsia.

[1]: https://www.chromium.org/developers/design-documents/http-authentication/writing-a-spnego-authenticator-for-chrome-on-android

R=eroman@chromium.org

Bug: 980575
Change-Id: If006fcd9d0f2579698737ddfcadbe8f901d98a0f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1685493Reviewed-by: default avatarMaks Orlovich <morlovich@chromium.org>
Reviewed-by: default avatarEmily Stark <estark@chromium.org>
Reviewed-by: default avatarEric Roman <eroman@chromium.org>
Commit-Queue: Asanka Herath <asanka@chromium.org>
Cr-Commit-Position: refs/heads/master@{#680045}
    fbe4a670
http_auth_handler_factory.h 9.99 KB