1253893Speter/* Copyright 2010 Justin Erenkrantz and Greg Stein 2253893Speter * 3253893Speter * Licensed under the Apache License, Version 2.0 (the "License"); 4253893Speter * you may not use this file except in compliance with the License. 5253893Speter * You may obtain a copy of the License at 6253893Speter * 7253893Speter * http://www.apache.org/licenses/LICENSE-2.0 8253893Speter * 9253893Speter * Unless required by applicable law or agreed to in writing, software 10253893Speter * distributed under the License is distributed on an "AS IS" BASIS, 11253893Speter * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12253893Speter * See the License for the specific language governing permissions and 13253893Speter * limitations under the License. 14253893Speter */ 15253893Speter 16253893Speter#ifndef AUTH_SPNEGO_H 17253893Speter#define AUTH_SPNEGO_H 18253893Speter 19253893Speter#include <apr.h> 20253893Speter#include <apr_pools.h> 21253893Speter#include "serf.h" 22253893Speter#include "serf_private.h" 23253893Speter 24253893Speter#if defined(SERF_HAVE_SSPI) 25253893Speter#define SERF_HAVE_SPNEGO 26253893Speter#define SERF_USE_SSPI 27253893Speter#elif defined(SERF_HAVE_GSSAPI) 28253893Speter#define SERF_HAVE_SPNEGO 29253893Speter#define SERF_USE_GSSAPI 30253893Speter#endif 31253893Speter 32253893Speter#ifdef SERF_HAVE_SPNEGO 33253893Speter 34253893Speter#ifdef __cplusplus 35253893Speterextern "C" { 36253893Speter#endif 37253893Speter 38253893Spetertypedef struct serf__spnego_context_t serf__spnego_context_t; 39253893Speter 40253893Spetertypedef struct serf__spnego_buffer_t { 41253893Speter apr_size_t length; 42253893Speter void *value; 43253893Speter} serf__spnego_buffer_t; 44253893Speter 45253893Speter/* Create outbound security context. 46253893Speter * 47253893Speter * All temporary allocations will be performed in SCRATCH_POOL, while security 48253893Speter * context will be allocated in result_pool and will be destroyed automatically 49253893Speter * on RESULT_POOL cleanup. 50253893Speter * 51253893Speter */ 52253893Speterapr_status_t 53253893Speterserf__spnego_create_sec_context(serf__spnego_context_t **ctx_p, 54253893Speter const serf__authn_scheme_t *scheme, 55253893Speter apr_pool_t *result_pool, 56253893Speter apr_pool_t *scratch_pool); 57253893Speter 58253893Speter/* Initialize outbound security context. 59253893Speter * 60253893Speter * The function is used to build a security context between the client 61253893Speter * application and a remote peer. 62253893Speter * 63253893Speter * CTX is pointer to existing context created using 64253893Speter * serf__spnego_create_sec_context() function. 65253893Speter * 66253893Speter * SERVICE is name of Kerberos service name. Usually 'HTTP'. HOSTNAME is 67253893Speter * canonical name of destination server. Caller should resolve server's alias 68253893Speter * to canonical name. 69253893Speter * 70253893Speter * INPUT_BUF is pointer structure describing input token if any. Should be 71253893Speter * zero length on first call. 72253893Speter * 73253893Speter * OUTPUT_BUF will be populated with pointer to output data that should send 74253893Speter * to destination server. This buffer will be automatically freed on 75253893Speter * RESULT_POOL cleanup. 76253893Speter * 77253893Speter * All temporary allocations will be performed in SCRATCH_POOL. 78253893Speter * 79253893Speter * Return value: 80253893Speter * - APR_EAGAIN The client must send the output token to the server and wait 81253893Speter * for a return token. 82253893Speter * 83253893Speter * - APR_SUCCESS The security context was successfully initialized. There is no 84253893Speter * need for another serf__spnego_init_sec_context call. If the function returns 85253893Speter * an output token, that is, if the OUTPUT_BUF is of nonzero length, that 86253893Speter * token must be sent to the server. 87253893Speter * 88253893Speter * Other returns values indicates error. 89253893Speter */ 90253893Speterapr_status_t 91262339Speterserf__spnego_init_sec_context(serf_connection_t *conn, 92262339Speter serf__spnego_context_t *ctx, 93262339Speter const char *service, 94262339Speter const char *hostname, 95262339Speter serf__spnego_buffer_t *input_buf, 96262339Speter serf__spnego_buffer_t *output_buf, 97262339Speter apr_pool_t *result_pool, 98262339Speter apr_pool_t *scratch_pool 99262339Speter ); 100253893Speter 101253893Speter/* 102253893Speter * Reset a previously created security context so we can start with a new one. 103253893Speter * 104253893Speter * This is triggered when the server requires per-request authentication, 105253893Speter * where each request requires a new security context. 106253893Speter */ 107253893Speterapr_status_t 108253893Speterserf__spnego_reset_sec_context(serf__spnego_context_t *ctx); 109253893Speter 110253893Speter#ifdef __cplusplus 111253893Speter} 112253893Speter#endif 113253893Speter 114253893Speter#endif /* SERF_HAVE_SPNEGO */ 115253893Speter 116253893Speter#endif /* !AUTH_SPNEGO_H */ 117