Support Kerberos on Android

net/http/http_auth_gssapi_posix.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_
 #define NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_
 
 #include <string>
 
 #include "base/gtest_prod_util.h"
 #include "base/native_library.h"
+#include "net/base/completion_callback.h"

[cbentzel, 2015/06/30 12:53:55]

Could CompletionCallback just be forward declared in this file, since it's
passed in by const-ref?

[aberent, 2015/07/02 21:13:36]

Done.

[aberent, 2015/07/03 16:21:15]

Unfortunately it turns it it can't be, since it is declared as a typedef not a
class, and one cannot forward declare a typedef (see the errors on building
patchset 25).

[cbentzel, 2015/07/08 18:27:11]

Acknowledged.

 #include "net/base/net_export.h"
 #include "net/http/http_auth.h"
 
 #if defined(OS_MACOSX)
 // The OSX 10.9+ SDKs mark the functions in Kereberos.framework as deprecated,
 // so the warnings must be manually suppressed.
 #if defined(MAC_OS_X_VERSION_10_9) && \
     MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_9
 #define GSSKRB_APPLE_DEPRECATED(x)
 #endif
 
 // Chrome supports OSX 10.6, which doesn't have access to GSS.framework. Chrome
 // always dlopens libgssapi_krb5.dylib, which is provided by
-// Kerberos.framework. On OSX 10.7+ this is an ABI comptabile shim that loads
+// Kerberos.framework. On OSX 10.7+ this is an ABI compatible shim that loads
 // GSS.framework.
 #include <Kerberos/gssapi.h>
 #elif defined(OS_FREEBSD)
 #include <gssapi/gssapi.h>
 #else
 #include <gssapi.h>
 #endif
 
 namespace net {
 
@@ skipping 203 matching lines @@
   bool Init();
 
   bool NeedsIdentity() const;
 
   bool AllowsExplicitCredentials() const;
 
   HttpAuth::AuthorizationResult ParseChallenge(
       HttpAuthChallengeTokenizer* tok);
 
   // Generates an authentication token.
-  // The return value is an error code. If it's not |OK|, the value of
+  //
+  // The return value is an error code. The authentication token will be
+  // returned in |*auth_token|. If the result code is not |OK|, the value of
   // |*auth_token| is unspecified.
+  //
+  // If the operation cannot be completed synchronously, |ERR_IO_PENDING| will
+  // be returned and the real result code will be passed to the completion
+  // callback.  Otherwise the result code is returned immediately from this
+  // call.
+  //
+  // If the HttpAuthGSSAPI object is deleted before completion then the callback
+  // will not be called.
+  //
+  // If no immediate result is returned then |auth_token| must remain valid
+  // until the callback has been called.
+  //
   // |spn| is the Service Principal Name of the server that the token is
   // being generated for.
+  //
   // If this is the first round of a multiple round scheme, credentials are
   // obtained using |*credentials|. If |credentials| is NULL, the default
   // credentials are used instead.
   int GenerateAuthToken(const AuthCredentials* credentials,
                         const std::string& spn,
-                        std::string* auth_token);
+                        std::string* auth_token,
+                        const CompletionCallback& callback);
 
   // Delegation is allowed on the Kerberos ticket. This allows certain servers
-  // to act as the user, such as an IIS server retrieiving data from a
+  // to act as the user, such as an IIS server retrieving data from a
   // Kerberized MSSQL server.
   void Delegate();
 
  private:
   int GetNextSecurityToken(const std::string& spn,
                            gss_buffer_t in_token,
                            gss_buffer_t out_token);
 
   std::string scheme_;
   gss_OID gss_oid_;
   GSSAPILibrary* library_;
   std::string decoded_server_auth_token_;
   ScopedSecurityContext scoped_sec_context_;
   bool can_delegate_;
 };
 
 }  // namespace net
 
 #endif  // NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_