Add support for delegated kerberos tickets to Negotiate authentication.

This is controlled by the --auth-negotiate-delegate-whitelist command line. By default no servers are delegated to.

BUG=50076
TEST=net_unittests, go to an IIS server specified in --auth-negotiate-delegate-whitelist and see if this works correctly.

Review URL: http://codereview.chromium.org/3155046

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57695 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 0 deletions

diff --git a/net/http/http_auth_gssapi_posix.h b/net/http/http_auth_gssapi_posix.h
index 4748c13..4dddddb 100644
--- a/net/http/http_auth_gssapi_posix.h
+++ b/net/http/http_auth_gssapi_posix.h
@@ -240,6 +240,11 @@ class HttpAuthGSSAPI {
                         const std::wstring& spn,
                         std::string* auth_token);
 
+  // Delegation is allowed on the Kerberos ticket. This allows certain servers
+  // to act as the user, such as an IIS server retrieiving data from a
+  // Kerberized MSSQL server.
+  void Delegate();
+
  private:
   int OnFirstRound(const string16* username,
                    const string16* password);
@@ -254,6 +259,7 @@ class HttpAuthGSSAPI {
   GSSAPILibrary* library_;
   std::string decoded_server_auth_token_;
   ScopedSecurityContext scoped_sec_context_;
+  bool can_delegate_;
 };
 
 }  // namespace net