Ifdef GSSAPILibraryName out on Chrome OS

Don't allow changing GSSAPI library name on Chrome OS (there's no reason to). Note that the GSSAPILibraryName policy is not supported on Chrome OS, which means that it already cannot be set through policy. This CL is an additional security measure. BUG=chromium:755153 TEST=Compiled, trybots Change-Id: Ibc2eb7e0ce59ccc5e7f7c8fd66078bc0efb2e3a5 Reviewed-on: https://chromium-review.googlesource.com/685836Reviewed-by: Nicolas Zea <zea@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Asanka Herath <asanka@chromium.org> Commit-Queue: Lutz Justen <ljusten@chromium.org> Cr-Commit-Position: refs/heads/master@{#505297}

Ifdef GSSAPILibraryName out on Chrome OS
Don't allow changing GSSAPI library name on Chrome OS (there's no reason to). Note that the GSSAPILibraryName policy is not supported on Chrome OS, which means that it already cannot be set through policy. This CL is an additional security measure. BUG=chromium:755153 TEST=Compiled, trybots Change-Id: Ibc2eb7e0ce59ccc5e7f7c8fd66078bc0efb2e3a5 Reviewed-on: https://chromium-review.googlesource.com/685836Reviewed-by: Nicolas Zea <zea@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Asanka Herath <asanka@chromium.org> Commit-Queue: Lutz Justen <ljusten@chromium.org> Cr-Commit-Position: refs/heads/master@{#505297}
9edd41e5 · Lutz Justen · Commit Bot · 5dd7073f · 9edd41e5 · 9edd41e5
Commit 9edd41e5 authored Sep 29, 2017 by Lutz Justen Committed by Commit Bot Sep 29, 2017
8 changed files
--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc
@@ -328,7 +328,7 @@ IOThread::IOThread(
                 base::Unretained(this)));
  auth_android_negotiate_account_type_.MoveToThread(io_thread_proxy);
 #endif
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
  gssapi_library_name_ = local_state->GetString(prefs::kGSSAPILibraryName);
 #endif
 #if defined(OS_CHROMEOS)
@@ -648,7 +648,7 @@ IOThread::CreateDefaultAuthHandlerFactory(net::HostResolver* host_resolver) {
      auth_schemes_, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
  globals_->http_auth_preferences.reset(new net::HttpAuthPreferences(
      supported_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
      ,
      gssapi_library_name_
 #endif

--- a/chrome/browser/io_thread.h
+++ b/chrome/browser/io_thread.h
@@ -301,7 +301,7 @@ class IOThread : public content::BrowserThreadDelegate {
 #if defined(OS_ANDROID)
  StringPrefMember auth_android_negotiate_account_type_;
 #endif
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
  // No PrefMember for the GSSAPI library name, since changing it after startup
  // requires unloading the existing GSSAPI library, which could cause all sorts
  // of problems for, for example, active Negotiate transactions.

--- a/google_apis/gcm/tools/mcs_probe.cc
+++ b/google_apis/gcm/tools/mcs_probe.cc
@@ -192,7 +192,7 @@ class MCSProbeAuthPreferences : public net::HttpAuthPreferences {
 public:
  MCSProbeAuthPreferences()
      : HttpAuthPreferences(std::vector<std::string>()
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                ,
                            std::string()
 #endif

--- a/net/http/http_auth_handler_factory.cc
+++ b/net/http/http_auth_handler_factory.cc
@@ -7,6 +7,7 @@
 #include "base/memory/ptr_util.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
+#include "build/build_config.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_auth_challenge_tokenizer.h"
 #include "net/http/http_auth_filter.h"
@@ -87,10 +88,12 @@ CreateAuthHandlerRegistryFactory(const HttpAuthPreferences& prefs,
        new HttpAuthHandlerNegotiate::Factory();
 #if defined(OS_WIN)
    negotiate_factory->set_library(std::make_unique<SSPILibraryDefault>());
-#elif defined(OS_POSIX) && !defined(OS_ANDROID)
+#elif defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
    negotiate_factory->set_library(
        std::make_unique<GSSAPISharedLibrary>(prefs.GssapiLibraryName()));
-#endif  // defined(OS_POSIX) && !defined(OS_ANDROID)
+#elif defined(OS_CHROMEOS)
+    negotiate_factory->set_library(std::make_unique<GSSAPISharedLibrary>(""));
+#endif
    negotiate_factory->set_host_resolver(host_resolver);
    registry_factory->RegisterSchemeFactory(kNegotiateAuthScheme,
                                            negotiate_factory);
@@ -142,7 +145,7 @@ HttpAuthHandlerFactory::CreateDefault(HostResolver* host_resolver) {
  std::vector<std::string> auth_types(std::begin(kDefaultAuthSchemes),
                                      std::end(kDefaultAuthSchemes));
  HttpAuthPreferences prefs(auth_types
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                            ,
                            std::string()
 #endif

--- a/net/http/http_auth_preferences.cc
+++ b/net/http/http_auth_preferences.cc
@@ -2,16 +2,18 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
+#include "net/http/http_auth_preferences.h"
 #include "base/strings/string_split.h"
+#include "build/build_config.h"
 #include "net/http/http_auth_filter.h"
-#include "net/http/http_auth_preferences.h"
 #include "net/http/url_security_manager.h"
 namespace net {
 HttpAuthPreferences::HttpAuthPreferences(
    const std::vector<std::string>& auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
    ,
    const std::string& gssapi_library_name
 #endif
@@ -23,7 +25,7 @@ HttpAuthPreferences::HttpAuthPreferences(
    : auth_schemes_(auth_schemes.begin(), auth_schemes.end()),
      negotiate_disable_cname_lookup_(false),
      negotiate_enable_port_(false),
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
      gssapi_library_name_(gssapi_library_name),
 #endif
 #if defined(OS_CHROMEOS)
@@ -51,7 +53,7 @@ std::string HttpAuthPreferences::AuthAndroidNegotiateAccountType() const {
  return auth_android_negotiate_account_type_;
 }
 #endif
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
 std::string HttpAuthPreferences::GssapiLibraryName() const {
  return gssapi_library_name_;
 }

--- a/net/http/http_auth_preferences.h
+++ b/net/http/http_auth_preferences.h
@@ -11,6 +11,7 @@
 #include <vector>
 #include "base/macros.h"
+#include "build/build_config.h"
 #include "net/base/net_export.h"
 #include "url/gurl.h"
@@ -23,7 +24,7 @@ class URLSecurityManager;
 class NET_EXPORT HttpAuthPreferences {
 public:
  HttpAuthPreferences(const std::vector<std::string>& auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                      ,
                      const std::string& gssapi_library_name
 #endif
@@ -40,7 +41,7 @@ class NET_EXPORT HttpAuthPreferences {
 #if defined(OS_ANDROID)
  virtual std::string AuthAndroidNegotiateAccountType() const;
 #endif
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
  virtual std::string GssapiLibraryName() const;
 #endif
 #if defined(OS_CHROMEOS)
@@ -78,7 +79,7 @@ class NET_EXPORT HttpAuthPreferences {
 #if defined(OS_ANDROID)
  std::string auth_android_negotiate_account_type_;
 #endif
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
  // GSSAPI library name cannot change after startup, since changing it
  // requires unloading the existing GSSAPI library, which could cause all
  // sorts of problems for, for example, active Negotiate transactions.

--- a/net/http/http_auth_preferences_unittest.cc
+++ b/net/http/http_auth_preferences_unittest.cc
@@ -11,6 +11,7 @@
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/threading/thread.h"
+#include "build/build_config.h"
 #include "testing/gtest/include/gtest/gtest.h"
 namespace net {
@@ -20,7 +21,7 @@ TEST(HttpAuthPreferencesTest, AuthSchemes) {
  std::vector<std::string> expected_schemes_vector(
      expected_schemes, expected_schemes + arraysize(expected_schemes));
  HttpAuthPreferences http_auth_preferences(expected_schemes_vector
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                            ,
                                            ""
 #endif
@@ -37,7 +38,7 @@ TEST(HttpAuthPreferencesTest, AuthSchemes) {
 TEST(HttpAuthPreferencesTest, DisableCnameLookup) {
  std::vector<std::string> auth_schemes;
  HttpAuthPreferences http_auth_preferences(auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                            ,
                                            ""
 #endif
@@ -54,7 +55,7 @@ TEST(HttpAuthPreferencesTest, DisableCnameLookup) {
 TEST(HttpAuthPreferencesTest, NegotiateEnablePort) {
  std::vector<std::string> auth_schemes;
  HttpAuthPreferences http_auth_preferences(auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                            ,
                                            ""
 #endif
@@ -72,7 +73,7 @@ TEST(HttpAuthPreferencesTest, NegotiateEnablePort) {
 TEST(HttpAuthPreferencesTest, AuthAndroidhNegotiateAccountType) {
  std::vector<std::string> auth_schemes;
  HttpAuthPreferences http_auth_preferences(auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                            ,
                                            ""
 #endif
@@ -89,15 +90,10 @@ TEST(HttpAuthPreferencesTest, AuthAndroidhNegotiateAccountType) {
 }
 #endif
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
 TEST(HttpAuthPreferencesTest, GssApiLibraryName) {
  std::vector<std::string> AuthSchemes;
-  HttpAuthPreferences http_auth_preferences(AuthSchemes, "bar"
+  HttpAuthPreferences http_auth_preferences(AuthSchemes, "bar");
-#if defined(OS_CHROMEOS)
-                                            ,
-                                            true
-#endif
-                                            );
  EXPECT_EQ(std::string("bar"), http_auth_preferences.GssapiLibraryName());
 }
 #endif
@@ -105,7 +101,7 @@ TEST(HttpAuthPreferencesTest, GssApiLibraryName) {
 #if defined(OS_CHROMEOS)
 TEST(HttpAuthPreferencesTest, AllowGssapiLibraryLoadTrue) {
  std::vector<std::string> AuthSchemes;
-  HttpAuthPreferences http_auth_preferences(AuthSchemes, "foo", true);
+  HttpAuthPreferences http_auth_preferences(AuthSchemes, true);
  EXPECT_TRUE(http_auth_preferences.AllowGssapiLibraryLoad());
 }
 #endif
@@ -113,7 +109,7 @@ TEST(HttpAuthPreferencesTest, AllowGssapiLibraryLoadTrue) {
 #if defined(OS_CHROMEOS)
 TEST(HttpAuthPreferencesTest, AllowGssapiLibraryLoadFalse) {
  std::vector<std::string> AuthSchemes;
-  HttpAuthPreferences http_auth_preferences(AuthSchemes, "foo", false);
+  HttpAuthPreferences http_auth_preferences(AuthSchemes, false);
  EXPECT_FALSE(http_auth_preferences.AllowGssapiLibraryLoad());
 }
 #endif
@@ -121,7 +117,7 @@ TEST(HttpAuthPreferencesTest, AllowGssapiLibraryLoadFalse) {
 TEST(HttpAuthPreferencesTest, AuthServerWhitelist) {
  std::vector<std::string> auth_schemes;
  HttpAuthPreferences http_auth_preferences(auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                            ,
                                            ""
 #endif
@@ -139,7 +135,7 @@ TEST(HttpAuthPreferencesTest, AuthServerWhitelist) {
 TEST(HttpAuthPreferencesTest, AuthDelegateWhitelist) {
  std::vector<std::string> auth_schemes;
  HttpAuthPreferences http_auth_preferences(auth_schemes
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                                            ,
                                            ""
 #endif

--- a/net/http/mock_allow_http_auth_preferences.cc
+++ b/net/http/mock_allow_http_auth_preferences.cc
@@ -3,12 +3,13 @@
 // found in the LICENSE file.
 #include "net/http/mock_allow_http_auth_preferences.h"
+#include "build/build_config.h"
 namespace net {
 MockAllowHttpAuthPreferences::MockAllowHttpAuthPreferences()
    : HttpAuthPreferences(std::vector<std::string>()
-#if defined(OS_POSIX) && !defined(OS_ANDROID)
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
                              ,
                          std::string()
 #endif