Ifdef GSSAPILibraryName out on Chrome OS

Don't allow changing GSSAPI library name on Chrome OS (there's no
reason to). Note that the GSSAPILibraryName policy is not supported
on Chrome OS, which means that it already cannot be set through
policy. This CL is an additional security measure.

BUG=chromium:755153
TEST=Compiled, trybots

Change-Id: Ibc2eb7e0ce59ccc5e7f7c8fd66078bc0efb2e3a5
Reviewed-on: https://chromium-review.googlesource.com/685836Reviewed-by: Nicolas Zea <zea@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Asanka Herath <asanka@chromium.org>
Commit-Queue: Lutz Justen <ljusten@chromium.org>
Cr-Commit-Position: refs/heads/master@{#505297}

chrome/browser/io_thread.cc

@@ -328,7 +328,7 @@ IOThread::IOThread(
                  base::Unretained(this)));
   auth_android_negotiate_account_type_.MoveToThread(io_thread_proxy);
 #endif
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
   gssapi_library_name_ = local_state->GetString(prefs::kGSSAPILibraryName);
 #endif
 #if defined(OS_CHROMEOS)
@@ -648,7 +648,7 @@ IOThread::CreateDefaultAuthHandlerFactory(net::HostResolver* host_resolver) {
       auth_schemes_, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
   globals_->http_auth_preferences.reset(new net::HttpAuthPreferences(
       supported_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
       ,
       gssapi_library_name_
 #endif

chrome/browser/io_thread.h

@@ -301,7 +301,7 @@ class IOThread : public content::BrowserThreadDelegate {
 #if defined(OS_ANDROID)
   StringPrefMember auth_android_negotiate_account_type_;
 #endif
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
   // No PrefMember for the GSSAPI library name, since changing it after startup
   // requires unloading the existing GSSAPI library, which could cause all sorts
   // of problems for, for example, active Negotiate transactions.

google_apis/gcm/tools/mcs_probe.cc

@@ -192,7 +192,7 @@ class MCSProbeAuthPreferences : public net::HttpAuthPreferences {
  public:
   MCSProbeAuthPreferences()
       : HttpAuthPreferences(std::vector<std::string>()
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                 ,
                             std::string()
 #endif

net/http/http_auth_handler_factory.cc

@@ -7,6 +7,7 @@
 #include "base/memory/ptr_util.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
+#include "build/build_config.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_auth_challenge_tokenizer.h"
 #include "net/http/http_auth_filter.h"
@@ -87,10 +88,12 @@ CreateAuthHandlerRegistryFactory(const HttpAuthPreferences& prefs,
         new HttpAuthHandlerNegotiate::Factory();
 #if defined(OS_WIN)
     negotiate_factory->set_library(std::make_unique<SSPILibraryDefault>());
-#elif defined(OS_POSIX) && !defined(OS_ANDROID)
+#elif defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
     negotiate_factory->set_library(
         std::make_unique<GSSAPISharedLibrary>(prefs.GssapiLibraryName()));
-#endif  // defined(OS_POSIX) && !defined(OS_ANDROID)
+#elif defined(OS_CHROMEOS)
+    negotiate_factory->set_library(std::make_unique<GSSAPISharedLibrary>(""));
+#endif
     negotiate_factory->set_host_resolver(host_resolver);
     registry_factory->RegisterSchemeFactory(kNegotiateAuthScheme,
                                             negotiate_factory);
@@ -142,7 +145,7 @@ HttpAuthHandlerFactory::CreateDefault(HostResolver* host_resolver) {
   std::vector<std::string> auth_types(std::begin(kDefaultAuthSchemes),
                                       std::end(kDefaultAuthSchemes));
   HttpAuthPreferences prefs(auth_types
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                             ,
                             std::string()
 #endif

net/http/http_auth_preferences.cc

@@ -2,16 +2,18 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "net/http/http_auth_preferences.h"
+
 #include "base/strings/string_split.h"
+#include "build/build_config.h"
 #include "net/http/http_auth_filter.h"
-#include "net/http/http_auth_preferences.h"
 #include "net/http/url_security_manager.h"
 
 namespace net {
 
 HttpAuthPreferences::HttpAuthPreferences(
     const std::vector<std::string>& auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
     ,
     const std::string& gssapi_library_name
 #endif
@@ -23,7 +25,7 @@ HttpAuthPreferences::HttpAuthPreferences(
     : auth_schemes_(auth_schemes.begin(), auth_schemes.end()),
       negotiate_disable_cname_lookup_(false),
       negotiate_enable_port_(false),
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
       gssapi_library_name_(gssapi_library_name),
 #endif
 #if defined(OS_CHROMEOS)
@@ -51,7 +53,7 @@ std::string HttpAuthPreferences::AuthAndroidNegotiateAccountType() const {
   return auth_android_negotiate_account_type_;
 }
 #endif
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
 std::string HttpAuthPreferences::GssapiLibraryName() const {
   return gssapi_library_name_;
 }

net/http/http_auth_preferences.h

@@ -11,6 +11,7 @@
 #include <vector>
 
 #include "base/macros.h"
+#include "build/build_config.h"
 #include "net/base/net_export.h"
 #include "url/gurl.h"
 
@@ -23,7 +24,7 @@ class URLSecurityManager;
 class NET_EXPORT HttpAuthPreferences {
  public:
   HttpAuthPreferences(const std::vector<std::string>& auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                       ,
                       const std::string& gssapi_library_name
 #endif
@@ -40,7 +41,7 @@ class NET_EXPORT HttpAuthPreferences {
 #if defined(OS_ANDROID)
   virtual std::string AuthAndroidNegotiateAccountType() const;
 #endif
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
   virtual std::string GssapiLibraryName() const;
 #endif
 #if defined(OS_CHROMEOS)
@@ -78,7 +79,7 @@ class NET_EXPORT HttpAuthPreferences {
 #if defined(OS_ANDROID)
   std::string auth_android_negotiate_account_type_;
 #endif
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
   // GSSAPI library name cannot change after startup, since changing it
   // requires unloading the existing GSSAPI library, which could cause all
   // sorts of problems for, for example, active Negotiate transactions.

net/http/http_auth_preferences_unittest.cc

@@ -11,6 +11,7 @@
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/threading/thread.h"
+#include "build/build_config.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
@@ -20,7 +21,7 @@ TEST(HttpAuthPreferencesTest, AuthSchemes) {
   std::vector<std::string> expected_schemes_vector(
       expected_schemes, expected_schemes + arraysize(expected_schemes));
   HttpAuthPreferences http_auth_preferences(expected_schemes_vector
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                             ,
                                             ""
 #endif
@@ -37,7 +38,7 @@ TEST(HttpAuthPreferencesTest, AuthSchemes) {
 TEST(HttpAuthPreferencesTest, DisableCnameLookup) {
   std::vector<std::string> auth_schemes;
   HttpAuthPreferences http_auth_preferences(auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                             ,
                                             ""
 #endif
@@ -54,7 +55,7 @@ TEST(HttpAuthPreferencesTest, DisableCnameLookup) {
 TEST(HttpAuthPreferencesTest, NegotiateEnablePort) {
   std::vector<std::string> auth_schemes;
   HttpAuthPreferences http_auth_preferences(auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                             ,
                                             ""
 #endif
@@ -72,7 +73,7 @@ TEST(HttpAuthPreferencesTest, NegotiateEnablePort) {
 TEST(HttpAuthPreferencesTest, AuthAndroidhNegotiateAccountType) {
   std::vector<std::string> auth_schemes;
   HttpAuthPreferences http_auth_preferences(auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                             ,
                                             ""
 #endif
@@ -89,15 +90,10 @@ TEST(HttpAuthPreferencesTest, AuthAndroidhNegotiateAccountType) {
 }
 #endif
 
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
 TEST(HttpAuthPreferencesTest, GssApiLibraryName) {
   std::vector<std::string> AuthSchemes;
-  HttpAuthPreferences http_auth_preferences(AuthSchemes, "bar"
-#if defined(OS_CHROMEOS)
-                                            ,
-                                            true
-#endif
-                                            );
+  HttpAuthPreferences http_auth_preferences(AuthSchemes, "bar");
   EXPECT_EQ(std::string("bar"), http_auth_preferences.GssapiLibraryName());
 }
 #endif
@@ -105,7 +101,7 @@ TEST(HttpAuthPreferencesTest, GssApiLibraryName) {
 #if defined(OS_CHROMEOS)
 TEST(HttpAuthPreferencesTest, AllowGssapiLibraryLoadTrue) {
   std::vector<std::string> AuthSchemes;
-  HttpAuthPreferences http_auth_preferences(AuthSchemes, "foo", true);
+  HttpAuthPreferences http_auth_preferences(AuthSchemes, true);
   EXPECT_TRUE(http_auth_preferences.AllowGssapiLibraryLoad());
 }
 #endif
@@ -113,7 +109,7 @@ TEST(HttpAuthPreferencesTest, AllowGssapiLibraryLoadTrue) {
 #if defined(OS_CHROMEOS)
 TEST(HttpAuthPreferencesTest, AllowGssapiLibraryLoadFalse) {
   std::vector<std::string> AuthSchemes;
-  HttpAuthPreferences http_auth_preferences(AuthSchemes, "foo", false);
+  HttpAuthPreferences http_auth_preferences(AuthSchemes, false);
   EXPECT_FALSE(http_auth_preferences.AllowGssapiLibraryLoad());
 }
 #endif
@@ -121,7 +117,7 @@ TEST(HttpAuthPreferencesTest, AllowGssapiLibraryLoadFalse) {
 TEST(HttpAuthPreferencesTest, AuthServerWhitelist) {
   std::vector<std::string> auth_schemes;
   HttpAuthPreferences http_auth_preferences(auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                             ,
                                             ""
 #endif
@@ -139,7 +135,7 @@ TEST(HttpAuthPreferencesTest, AuthServerWhitelist) {
 TEST(HttpAuthPreferencesTest, AuthDelegateWhitelist) {
   std::vector<std::string> auth_schemes;
   HttpAuthPreferences http_auth_preferences(auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                             ,
                                             ""
 #endif

net/http/mock_allow_http_auth_preferences.cc

@@ -3,12 +3,13 @@
 // found in the LICENSE file.
 
 #include "net/http/mock_allow_http_auth_preferences.h"
+#include "build/build_config.h"
 
 namespace net {
 
 MockAllowHttpAuthPreferences::MockAllowHttpAuthPreferences()
     : HttpAuthPreferences(std::vector<std::string>()
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                               ,
                           std::string()
 #endif