1253893Speter/* Copyright 2010 Justin Erenkrantz and Greg Stein
2253893Speter *
3253893Speter * Licensed under the Apache License, Version 2.0 (the "License");
4253893Speter * you may not use this file except in compliance with the License.
5253893Speter * You may obtain a copy of the License at
6253893Speter *
7253893Speter *     http://www.apache.org/licenses/LICENSE-2.0
8253893Speter *
9253893Speter * Unless required by applicable law or agreed to in writing, software
10253893Speter * distributed under the License is distributed on an "AS IS" BASIS,
11253893Speter * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12253893Speter * See the License for the specific language governing permissions and
13253893Speter * limitations under the License.
14253893Speter */
15253893Speter
16253893Speter#ifndef AUTH_SPNEGO_H
17253893Speter#define AUTH_SPNEGO_H
18253893Speter
19253893Speter#include <apr.h>
20253893Speter#include <apr_pools.h>
21253893Speter#include "serf.h"
22253893Speter#include "serf_private.h"
23253893Speter
24253893Speter#if defined(SERF_HAVE_SSPI)
25253893Speter#define SERF_HAVE_SPNEGO
26253893Speter#define SERF_USE_SSPI
27253893Speter#elif defined(SERF_HAVE_GSSAPI)
28253893Speter#define SERF_HAVE_SPNEGO
29253893Speter#define SERF_USE_GSSAPI
30253893Speter#endif
31253893Speter
32253893Speter#ifdef SERF_HAVE_SPNEGO
33253893Speter
34253893Speter#ifdef __cplusplus
35253893Speterextern "C" {
36253893Speter#endif
37253893Speter
38253893Spetertypedef struct serf__spnego_context_t serf__spnego_context_t;
39253893Speter
40253893Spetertypedef struct serf__spnego_buffer_t {
41253893Speter    apr_size_t length;
42253893Speter    void *value;
43253893Speter} serf__spnego_buffer_t;
44253893Speter
45253893Speter/* Create outbound security context.
46253893Speter *
47253893Speter * All temporary allocations will be performed in SCRATCH_POOL, while security
48253893Speter * context will be allocated in result_pool and will be destroyed automatically
49253893Speter * on RESULT_POOL cleanup.
50253893Speter *
51253893Speter */
52253893Speterapr_status_t
53253893Speterserf__spnego_create_sec_context(serf__spnego_context_t **ctx_p,
54253893Speter                                const serf__authn_scheme_t *scheme,
55253893Speter                                apr_pool_t *result_pool,
56253893Speter                                apr_pool_t *scratch_pool);
57253893Speter
58253893Speter/* Initialize outbound security context.
59253893Speter *
60253893Speter * The function is used to build a security context between the client
61253893Speter * application and a remote peer.
62253893Speter *
63253893Speter * CTX is pointer to existing context created using
64253893Speter * serf__spnego_create_sec_context() function.
65253893Speter *
66253893Speter * SERVICE is name of Kerberos service name. Usually 'HTTP'. HOSTNAME is
67253893Speter * canonical name of destination server. Caller should resolve server's alias
68253893Speter * to canonical name.
69253893Speter *
70253893Speter * INPUT_BUF is pointer structure describing input token if any. Should be
71253893Speter * zero length on first call.
72253893Speter *
73253893Speter * OUTPUT_BUF will be populated with pointer to output data that should send
74253893Speter * to destination server. This buffer will be automatically freed on
75253893Speter * RESULT_POOL cleanup.
76253893Speter *
77253893Speter * All temporary allocations will be performed in SCRATCH_POOL.
78253893Speter *
79253893Speter * Return value:
80253893Speter * - APR_EAGAIN The client must send the output token to the server and wait
81253893Speter *   for a return token.
82253893Speter *
83253893Speter * - APR_SUCCESS The security context was successfully initialized. There is no
84253893Speter *   need for another serf__spnego_init_sec_context call. If the function returns
85253893Speter *   an output token, that is, if the OUTPUT_BUF is of nonzero length, that
86253893Speter *   token must be sent to the server.
87253893Speter *
88253893Speter * Other returns values indicates error.
89253893Speter */
90253893Speterapr_status_t
91262339Speterserf__spnego_init_sec_context(serf_connection_t *conn,
92262339Speter                              serf__spnego_context_t *ctx,
93262339Speter                              const char *service,
94262339Speter                              const char *hostname,
95262339Speter                              serf__spnego_buffer_t *input_buf,
96262339Speter                              serf__spnego_buffer_t *output_buf,
97262339Speter                              apr_pool_t *result_pool,
98262339Speter                              apr_pool_t *scratch_pool
99262339Speter                              );
100253893Speter
101253893Speter/*
102253893Speter * Reset a previously created security context so we can start with a new one.
103253893Speter *
104253893Speter * This is triggered when the server requires per-request authentication,
105253893Speter * where each request requires a new security context.
106253893Speter */
107253893Speterapr_status_t
108253893Speterserf__spnego_reset_sec_context(serf__spnego_context_t *ctx);
109253893Speter
110253893Speter#ifdef __cplusplus
111253893Speter}
112253893Speter#endif
113253893Speter
114253893Speter#endif    /* SERF_HAVE_SPNEGO */
115253893Speter
116253893Speter#endif    /* !AUTH_SPNEGO_H */
117