Support Kerberos on Android

net/http/http_auth_sspi_win.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file contains common routines used by NTLM and Negotiate authentication
 // using the SSPI API on Windows.
 
 #ifndef NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
 #define NET_HTTP_HTTP_AUTH_SSPI_WIN_H_
 
 // security.h needs to be included for CredHandle. Unfortunately CredHandle
 // is a typedef and can't be forward declared.
 #define SECURITY_WIN32 1
 #include <windows.h>
 #include <security.h>
 
 #include <string>
 
 #include "base/strings/string16.h"
+#include "net/base/completion_callback.h"

[cbentzel, 2015/06/30 12:53:55]

I think CompletionCallback can just be forward declared here instead of pulling
in the #include.

[aberent, 2015/07/02 21:13:37]

Done.

[aberent, 2015/07/03 16:21:15]

Unfortunately it turns it it can't be, since it is declared as a typedef not a
class, and one cannot forward declare a typedef (see the errors on building
patchset 25).

[cbentzel, 2015/07/08 18:27:11]

Acknowledged.

 #include "net/base/net_export.h"
 #include "net/http/http_auth.h"
 
 namespace net {
 
 class HttpAuthChallengeTokenizer;
 
 // SSPILibrary is introduced so unit tests can mock the calls to Windows' SSPI
 // implementation. The default implementation simply passes the arguments on to
 // the SSPI implementation provided by Secur32.dll.
@@ skipping 83 matching lines @@
                ULONG max_token_length);
   ~HttpAuthSSPI();
 
   bool NeedsIdentity() const;
 
   bool AllowsExplicitCredentials() const;
 
   HttpAuth::AuthorizationResult ParseChallenge(
       HttpAuthChallengeTokenizer* tok);
 
-  // Generates an authentication token for the service specified by the
-  // Service Principal Name |spn| and stores the value in |*auth_token|.
-  // If the return value is not |OK|, then the value of |*auth_token| is
-  // unspecified. ERR_IO_PENDING is not a valid return code.
+  // Generates an authentication token.
+  //
+  // The return value is an error code. The authentication token will be
+  // returned in |*auth_token|. If the result code is not |OK|, the value of
+  // |*auth_token| is unspecified.
+  //
+  // If the operation cannot be completed synchronously, |ERR_IO_PENDING| will
+  // be returned and the real result code will be passed to the completion
+  // callback.  Otherwise the result code is returned immediately from this
+  // call.
+  //
+  // If the HttpAuthSPPI object is deleted before completion then the callback
+  // will not be called.
+  //
+  // If no immediate result is returned then |auth_token| must remain valid
+  // until the callback has been called.
+  //
+  // |spn| is the Service Principal Name of the server that the token is
+  // being generated for.
+  //
   // If this is the first round of a multiple round scheme, credentials are
-  // obtained using |*credentials|. If |credentials| is NULL, the credentials
-  // for the currently logged in user are used instead.
+  // obtained using |*credentials|. If |credentials| is NULL, the default
+  // credentials are used instead.
   int GenerateAuthToken(const AuthCredentials* credentials,
                         const std::string& spn,
-                        std::string* auth_token);
+                        std::string* auth_token,
+                        const CompletionCallback& callback);
 
   // Delegation is allowed on the Kerberos ticket. This allows certain servers
-  // to act as the user, such as an IIS server retrieiving data from a
+  // to act as the user, such as an IIS server retrieving data from a
   // Kerberized MSSQL server.
   void Delegate();
 
  private:
   int OnFirstRound(const AuthCredentials* credentials);
 
   int GetNextSecurityToken(
       const std::string& spn,
       const void* in_token,
       int in_token_len,
@@ skipping 36 matching lines @@
 // If the return value is ERR_UNEXPECTED, there was an unanticipated problem
 // in the underlying SSPI call. The details are logged, and |*max_token_length|
 // is not changed.
 NET_EXPORT_PRIVATE int DetermineMaxTokenLength(SSPILibrary* library,
                                                const std::wstring& package,
                                                ULONG* max_token_length);
 
 }  // namespace net
 
 #endif  // NET_HTTP_HTTP_AUTH_SSPI_WIN_H_