1 // Copyright 2019 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_AUTHPOLICY_KERBEROS_FILES_HANDLER_H_ 6 #define CHROME_BROWSER_CHROMEOS_AUTHPOLICY_KERBEROS_FILES_HANDLER_H_ 7 8 #include <string> 9 10 #include "base/callback.h" 11 #include "base/macros.h" 12 #include "base/memory/weak_ptr.h" 13 #include "base/optional.h" 14 #include "components/prefs/pref_member.h" 15 16 namespace chromeos { 17 18 // Kerberos defaults for canonicalization SPN. (see 19 // https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html) 20 // Exported for browsertests. 21 extern const char kKrb5CnameSettings[]; 22 23 // Environment variable pointing to credential cache file. 24 extern const char kKrb5CCEnvName[]; 25 // Environment variable pointing to Kerberos config file. 26 extern const char kKrb5ConfEnvName[]; 27 // Prefix for KRB5CCNAME environment variable. Defines credential cache type. 28 extern const char kKrb5CCFilePrefix[]; 29 // Directory in the user home to store Kerberos files. 30 extern const char kKrb5Directory[]; 31 // Credential cache file name. 32 extern const char kKrb5CCFile[]; 33 // Kerberos config file name. 34 extern const char kKrb5ConfFile[]; 35 36 // Helper class to update Kerberos credential cache and config files used by 37 // Chrome for Kerberos authentication. 38 class KerberosFilesHandler { 39 public: 40 explicit KerberosFilesHandler(base::RepeatingClosure get_kerberos_files); 41 virtual ~KerberosFilesHandler(); 42 43 // Writes the Kerberos credentials to disk asynchronously. 44 void SetFiles(base::Optional<std::string> krb5cc, 45 base::Optional<std::string> krb5conf); 46 47 // Deletes the Kerberos credentials from disk asynchronously. 48 virtual void DeleteFiles(); 49 50 // Sets a callback for when disk IO task posted by SetFiles has finished. 51 void SetFilesChangedForTesting(base::OnceClosure callback); 52 53 private: 54 // Called whenever prefs::kDisableAuthNegotiateCnameLookup is changed. 55 void OnDisabledAuthNegotiateCnameLookupChanged(); 56 57 // Forwards to |files_changed_for_testing_| if set. 58 void OnFilesChanged(); 59 60 PrefMember<bool> negotiate_disable_cname_lookup_; 61 62 // Triggers a fetch of Kerberos files. Called when the watched pref changes. 63 base::RepeatingClosure get_kerberos_files_; 64 65 // Called when disk IO queued by SetFiles has finished. 66 base::OnceClosure files_changed_for_testing_; 67 68 base::WeakPtrFactory<KerberosFilesHandler> weak_factory_{this}; 69 DISALLOW_COPY_AND_ASSIGN(KerberosFilesHandler); 70 }; 71 72 } // namespace chromeos 73 74 #endif // CHROME_BROWSER_CHROMEOS_AUTHPOLICY_KERBEROS_FILES_HANDLER_H_ 75