Kerberos SPN generation for Negotiate challenges

net/http/http_auth_handler_negotiate.h

Index: net/http/http_auth_handler_negotiate.h
diff --git a/net/http/http_auth_handler_negotiate.h b/net/http/http_auth_handler_negotiate.h
index f34664cacbcabe98c0a60b75adb680e8215c9fe9..3450fc4930b947662567821b0027c36165a9acd3 100644
--- a/net/http/http_auth_handler_negotiate.h
+++ b/net/http/http_auth_handler_negotiate.h
@@ -9,6 +9,7 @@
 
 #include <string>
 
+#include "net/base/address_list.h"
 #include "net/http/http_auth_handler.h"
 #include "net/http/http_auth_handler_factory.h"
 
@@ -18,6 +19,8 @@
 
 namespace net {
 
+class SingleRequestHostResolver;
+
 // Handler for WWW-Authenticate: Negotiate protocol.
 //
 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
@@ -30,6 +33,22 @@ class HttpAuthHandlerNegotiate : public HttpAuthHandler {
     Factory();
     virtual ~Factory();
 
+    // |disable_cname_lookup()| and |set_disable_cname_lookup()| get/set whether
+    // the auth handlers generated by this factory should skip looking up the
+    // canonical DNS name of the the host that they are authenticating to when
+    // generating the SPN. The default value is false.
+    bool disable_cname_lookup() const { return disable_cname_lookup_; }
+    void set_disable_cname_lookup(bool disable_cname_lookup) {
+      disable_cname_lookup_ = disable_cname_lookup;
+    }
+
+    // |use_port()| and |set_use_port()| get/set whether the auth handlers
+    // generated by this factory should include the port number of the server
+    // they are authenticating to when constructing a Kerberos SPN. The default
+    // value is false.
+    bool use_port() const { return use_port_; }
+    void set_use_port(bool use_port) { use_port_ = use_port; }
+
     virtual int CreateAuthHandler(HttpAuth::ChallengeTokenizer* challenge,
                                   HttpAuth::Target target,
                                   const GURL& origin,
@@ -47,6 +66,8 @@ class HttpAuthHandlerNegotiate : public HttpAuthHandler {
     }
 #endif  // defined(OS_WIN)
    private:
+    bool disable_cname_lookup_;
+    bool use_port_;
 #if defined(OS_WIN)
     ULONG max_token_length_;
     bool first_creation_;
@@ -56,7 +77,8 @@ class HttpAuthHandlerNegotiate : public HttpAuthHandler {
   };
 
 #if defined(OS_WIN)
-  HttpAuthHandlerNegotiate(SSPILibrary* sspi_library, ULONG max_token_length);
+  HttpAuthHandlerNegotiate(SSPILibrary* sspi_library, ULONG max_token_length,
+                           bool disable_cname_lookup, bool use_port);
 #else
   HttpAuthHandlerNegotiate();
 #endif
@@ -67,6 +89,8 @@ class HttpAuthHandlerNegotiate : public HttpAuthHandler {
 
   virtual bool SupportsDefaultCredentials();
 
+  virtual bool NeedsCanonicalName();
+
   virtual int GenerateAuthToken(const std::wstring& username,
                                 const std::wstring& password,
                                 const HttpRequestInfo* request,
@@ -77,6 +101,10 @@ class HttpAuthHandlerNegotiate : public HttpAuthHandler {
                                        const ProxyInfo* proxy,
                                        std::string* auth_token);
 
+  virtual int ResolveCanonicalName(HostResolver* host_resolver,
+                                   CompletionCallback* callback,
+                                   const BoundNetLog& net_log);
+
  protected:
   virtual bool Init(HttpAuth::ChallengeTokenizer* challenge);
 
@@ -84,7 +112,17 @@ class HttpAuthHandlerNegotiate : public HttpAuthHandler {
   ~HttpAuthHandlerNegotiate();
 
 #if defined(OS_WIN)
+  void OnResolveCanonicalName(int result);
+  std::wstring CreateSPN(const AddressList& address_list, const GURL& orign);
+
   HttpAuthSSPI auth_sspi_;
+  AddressList address_list_;
+  scoped_ptr<SingleRequestHostResolver> single_resolve_;
+  CompletionCallback* user_callback_;
+  CompletionCallbackImpl<HttpAuthHandlerNegotiate> resolve_cname_callback_;
+  bool disable_cname_lookup_;
+  bool use_port_;
+  std::wstring spn_;
 #endif
 };