Don't do Negotiate with GSSAPI if default credentials are not allowed.

net/http/http_auth_handler_negotiate.h

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
 
 #include <string>
 
 #include "build/build_config.h"
 
 #include "build/build_config.h"
 #include "net/base/address_list.h"
 #include "net/http/http_auth_handler.h"
 #include "net/http/http_auth_handler_factory.h"
 
 #if defined(OS_WIN)
 #include "net/http/http_auth_sspi_win.h"
-#endif
-
-#if defined(OS_POSIX)
+#elif defined(OS_POSIX)
 #include "net/http/http_auth_gssapi_posix.h"
 #endif
 
 namespace net {
 
 class HostResolver;
 class SingleRequestHostResolver;
 class URLSecurityManager;
 
 // Handler for WWW-Authenticate: Negotiate protocol.
 //
 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
 // for more information about the protocol.
 
 class HttpAuthHandlerNegotiate : public HttpAuthHandler {
  public:
+#if defined(OS_WIN)
+  typedef SSPILibrary AuthLibrary;
+  typedef HttpAuthSSPI AuthSystem;
+#elif defined(OS_POSIX)
+  typedef GSSAPILibrary AuthLibrary;
+  typedef HttpAuthGSSAPI AuthSystem;
+#endif
+
   class Factory : public HttpAuthHandlerFactory {
    public:
     Factory();
     virtual ~Factory();
 
     // |disable_cname_lookup()| and |set_disable_cname_lookup()| get/set whether
     // the auth handlers generated by this factory should skip looking up the
     // canonical DNS name of the the host that they are authenticating to when
     // generating the SPN. The default value is false.
     bool disable_cname_lookup() const { return disable_cname_lookup_; }
@@ skipping 11 matching lines @@
     void set_host_resolver(HostResolver* host_resolver);
 
     virtual int CreateAuthHandler(HttpAuth::ChallengeTokenizer* challenge,
                                   HttpAuth::Target target,
                                   const GURL& origin,
                                   CreateReason reason,
                                   int digest_nonce_count,
                                   const BoundNetLog& net_log,
                                   scoped_ptr<HttpAuthHandler>* handler);
 
-#if defined(OS_WIN)
-    // Set the SSPILibrary to use. Typically the only callers which need to
+    // Set the system library to use. Typically the only callers which need to
     // use this are unit tests which pass in a mocked-out version of the
-    // SSPI library.
-    // The caller is responsible for managing the lifetime of |*sspi_library|,
+    // system library.
+    // The caller is responsible for managing the lifetime of |*auth_library|,
     // and the lifetime must exceed that of this Factory object and all
     // HttpAuthHandler's that this Factory object creates.
-    void set_sspi_library(SSPILibrary* sspi_library) {
-      sspi_library_ = sspi_library;
+    void set_library(AuthLibrary* auth_library) {
+      auth_library_ = auth_library;
     }
-#endif  // defined(OS_WIN)
+
    private:
     bool disable_cname_lookup_;
     bool use_port_;
     scoped_refptr<HostResolver> resolver_;
 #if defined(OS_WIN)
     ULONG max_token_length_;
     bool first_creation_;
     bool is_unsupported_;
-    SSPILibrary* sspi_library_;
-#endif  // defined(OS_WIN)
-
-#if defined(OS_POSIX)
-    GSSAPILibrary* gssapi_library_;
 #endif
+    AuthLibrary* auth_library_;
   };
 
+  HttpAuthHandlerNegotiate(AuthLibrary* sspi_library,
 #if defined(OS_WIN)
-  HttpAuthHandlerNegotiate(SSPILibrary* sspi_library, ULONG max_token_length,
+                           ULONG max_token_length,
+#endif
                            URLSecurityManager* url_security_manager,
                            HostResolver* host_resolver,
-                           bool disable_cname_lookup, bool use_port);
-#endif
-
-#if defined(OS_POSIX)
-  HttpAuthHandlerNegotiate(GSSAPILibrary* gssapi_library,
-                           URLSecurityManager* url_security_manager,
-                           HostResolver* host_resolver,
-                           bool disable_cname_lookup, bool use_port);
-#endif
+                           bool disable_cname_lookup,
+                           bool use_port);
 
   virtual ~HttpAuthHandlerNegotiate();
 
   virtual bool NeedsIdentity();
 
   virtual bool IsFinalRound();
 
   virtual bool AllowsDefaultCredentials();
 
   // These are public for unit tests
@@ skipping 20 matching lines @@
 
   void OnIOComplete(int result);
   void DoCallback(int result);
   int DoLoop(int result);
 
   int DoResolveCanonicalName();
   int DoResolveCanonicalNameComplete(int rv);
   int DoGenerateAuthToken();
   int DoGenerateAuthTokenComplete(int rv);
 
-#if defined(OS_WIN)
-  // Members which are constant for lifetime of the handler.
-  HttpAuthSSPI auth_system_;
-#endif
-
-#if defined(OS_POSIX)
-  HttpAuthGSSAPI auth_system_;
-#endif
-
+  AuthSystem auth_system_;
   bool disable_cname_lookup_;
   bool use_port_;
   CompletionCallbackImpl<HttpAuthHandlerNegotiate> io_callback_;
   scoped_refptr<HostResolver> resolver_;
 
   // Members which are needed for DNS lookup + SPN.
   AddressList address_list_;
   scoped_ptr<SingleRequestHostResolver> single_resolve_;
 
   // Things which should be consistent after first call to GenerateAuthToken.
   bool already_called_;
   bool has_username_and_password_;
   std::wstring username_;
   std::wstring password_;
   std::wstring spn_;
 
   // Things which vary each round.
   CompletionCallback* user_callback_;
   std::string* auth_token_;
 
   State next_state_;
 
   URLSecurityManager* url_security_manager_;
 };
 
 }  // namespace net
 
 #endif  // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_