Linux: control usage of Kerberos via use_kerberos gyp flag

(on by default) This allows Linux distro packagers to control usage of Kerberos explicitly instead of relying on auto-detection. BUG=92689 Review URL: http://codereview.chromium.org/7633006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@96790 0039d316-1c4b-4281-b951-d872f2087c98

Linux: control usage of Kerberos via use_kerberos gyp flag
(on by default) This allows Linux distro packagers to control usage of Kerberos explicitly instead of relying on auto-detection. BUG=92689 Review URL: http://codereview.chromium.org/7633006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@96790 0039d316-1c4b-4281-b951-d872f2087c98
9c210d96 · phajdan.jr@chromium.org · e6ce5e42 · 9c210d96 · 9c210d96 · 9c210d96
Commit 9c210d96 authored Aug 15, 2011 by phajdan.jr@chromium.org
4 changed files
--- a/net/http/http_auth_handler_factory.cc
+++ b/net/http/http_auth_handler_factory.cc
@@ -10,7 +10,9 @@
 #include "net/http/http_auth_filter.h"
 #include "net/http/http_auth_handler_basic.h"
 #include "net/http/http_auth_handler_digest.h"
+#if defined(USE_KERBEROS)
 #include "net/http/http_auth_handler_negotiate.h"
+#endif
 #include "net/http/http_auth_handler_ntlm.h"

 namespace net {
@@ -49,6 +51,7 @@ HttpAuthHandlerRegistryFactory* HttpAuthHandlerFactory::CreateDefault(
  registry_factory->RegisterSchemeFactory(
      "digest", new HttpAuthHandlerDigest::Factory());

+#if defined(USE_KERBEROS)
  HttpAuthHandlerNegotiate::Factory* negotiate_factory =
      new HttpAuthHandlerNegotiate::Factory();
 #if defined(OS_POSIX)
@@ -58,6 +61,7 @@ HttpAuthHandlerRegistryFactory* HttpAuthHandlerFactory::CreateDefault(
 #endif
  negotiate_factory->set_host_resolver(host_resolver);
  registry_factory->RegisterSchemeFactory("negotiate", negotiate_factory);
+#endif  // defined(USE_KERBEROS)

  HttpAuthHandlerNTLM::Factory* ntlm_factory =
      new HttpAuthHandlerNTLM::Factory();
@@ -144,6 +148,7 @@ HttpAuthHandlerRegistryFactory* HttpAuthHandlerRegistryFactory::Create(
 #endif
    registry_factory->RegisterSchemeFactory("ntlm", ntlm_factory);
  }
+#if defined(USE_KERBEROS)
  if (IsSupportedScheme(supported_schemes, "negotiate")) {
    HttpAuthHandlerNegotiate::Factory* negotiate_factory =
        new HttpAuthHandlerNegotiate::Factory();
@@ -160,6 +165,7 @@ HttpAuthHandlerRegistryFactory* HttpAuthHandlerRegistryFactory::Create(
    negotiate_factory->set_use_port(negotiate_enable_port);
    registry_factory->RegisterSchemeFactory("negotiate", negotiate_factory);
  }
+#endif  // defined(USE_KERBEROS)

  return registry_factory;
 }

--- a/net/http/http_auth_handler_factory_unittest.cc
+++ b/net/http/http_auth_handler_factory_unittest.cc
@@ -172,6 +172,7 @@ TEST(HttpAuthHandlerFactoryTest, DefaultFactory) {
        server_origin,
        BoundNetLog(),
        &handler);
+#if defined(USE_KERBEROS)
    EXPECT_EQ(OK, rv);
    ASSERT_FALSE(handler.get() == NULL);
    EXPECT_EQ(HttpAuth::AUTH_SCHEME_NEGOTIATE, handler->auth_scheme());
@@ -179,6 +180,10 @@ TEST(HttpAuthHandlerFactoryTest, DefaultFactory) {
    EXPECT_EQ(HttpAuth::AUTH_SERVER, handler->target());
    EXPECT_TRUE(handler->encrypts_identity());
    EXPECT_TRUE(handler->is_connection_based());
+#else
+    EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv);
+    EXPECT_TRUE(handler.get() == NULL);
+#endif  // defined(USE_KERBEROS)
  }
 }


--- a/net/http/http_auth_unittest.cc
+++ b/net/http/http_auth_unittest.cc
@@ -103,14 +103,19 @@ TEST(HttpAuthTest, ChooseBestChallenge) {
      "",
    },
    {
+      "WWW-Authenticate: Negotiate\n"
+      "WWW-Authenticate: NTLM\n",
+
+#if defined(USE_KERBEROS)
      // Choose Negotiate over NTLM on all platforms.
      // TODO(ahendrickson): This may be flaky on Linux and OSX as it
      // relies on being able to load one of the known .so files
      // for gssapi.
-      "WWW-Authenticate: Negotiate\n"
-      "WWW-Authenticate: NTLM\n",
-
      HttpAuth::AUTH_SCHEME_NEGOTIATE,
+#else
+      // On systems that don't use Kerberos fall back to NTLM.
+      HttpAuth::AUTH_SCHEME_NTLM,
+#endif  // defined(USE_KERBEROS)
      "",
    }
  };

--- a/net/net.gyp
+++ b/net/net.gyp
@@ -5,6 +5,8 @@
 {
  'variables': {
    'chromium_code': 1,
+
+    'use_kerberos%': 1,
  },
  'targets': [
    {
@@ -700,6 +702,18 @@
             'proxy/proxy_config_service_linux.h',
          ],
        }],
+        ['use_kerberos==1', {
+          'defines': [
+            'USE_KERBEROS',
+          ],
+        }, { # use_kerberos == 0
+          'sources!': [
+            'http/http_auth_gssapi_posix.cc',
+            'http/http_auth_gssapi_posix.h',
+            'http/http_auth_handler_negotiate.h',
+            'http/http_auth_handler_negotiate.cc',
+          ],
+        }],
        ['use_openssl==1', {
            'sources!': [
              'base/cert_database_nss.cc',
@@ -1070,6 +1084,18 @@
            }],
          ],
        }],
+        [ 'use_kerberos==1', {
+          'defines': [
+            'USE_KERBEROS',
+          ],
+        }, { # use_kerberos == 0
+          'sources!': [
+            'http/http_auth_gssapi_posix_unittest.cc',
+            'http/http_auth_handler_negotiate_unittest.cc',
+            'http/mock_gssapi_library_posix.cc',
+            'http/mock_gssapi_library_posix.h',
+          ],
+        }],
        [ 'use_openssl==1', {
            # When building for OpenSSL, we need to exclude NSS specific tests.
            # TODO(bulach): Add equivalent tests when the underlying