auth_spnego.h revision 262339
1/* Copyright 2010 Justin Erenkrantz and Greg Stein 2 * 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#ifndef AUTH_SPNEGO_H 17#define AUTH_SPNEGO_H 18 19#include <apr.h> 20#include <apr_pools.h> 21#include "serf.h" 22#include "serf_private.h" 23 24#if defined(SERF_HAVE_SSPI) 25#define SERF_HAVE_SPNEGO 26#define SERF_USE_SSPI 27#elif defined(SERF_HAVE_GSSAPI) 28#define SERF_HAVE_SPNEGO 29#define SERF_USE_GSSAPI 30#endif 31 32#ifdef SERF_HAVE_SPNEGO 33 34#ifdef __cplusplus 35extern "C" { 36#endif 37 38typedef struct serf__spnego_context_t serf__spnego_context_t; 39 40typedef struct serf__spnego_buffer_t { 41 apr_size_t length; 42 void *value; 43} serf__spnego_buffer_t; 44 45/* Create outbound security context. 46 * 47 * All temporary allocations will be performed in SCRATCH_POOL, while security 48 * context will be allocated in result_pool and will be destroyed automatically 49 * on RESULT_POOL cleanup. 50 * 51 */ 52apr_status_t 53serf__spnego_create_sec_context(serf__spnego_context_t **ctx_p, 54 const serf__authn_scheme_t *scheme, 55 apr_pool_t *result_pool, 56 apr_pool_t *scratch_pool); 57 58/* Initialize outbound security context. 59 * 60 * The function is used to build a security context between the client 61 * application and a remote peer. 62 * 63 * CTX is pointer to existing context created using 64 * serf__spnego_create_sec_context() function. 65 * 66 * SERVICE is name of Kerberos service name. Usually 'HTTP'. HOSTNAME is 67 * canonical name of destination server. Caller should resolve server's alias 68 * to canonical name. 69 * 70 * INPUT_BUF is pointer structure describing input token if any. Should be 71 * zero length on first call. 72 * 73 * OUTPUT_BUF will be populated with pointer to output data that should send 74 * to destination server. This buffer will be automatically freed on 75 * RESULT_POOL cleanup. 76 * 77 * All temporary allocations will be performed in SCRATCH_POOL. 78 * 79 * Return value: 80 * - APR_EAGAIN The client must send the output token to the server and wait 81 * for a return token. 82 * 83 * - APR_SUCCESS The security context was successfully initialized. There is no 84 * need for another serf__spnego_init_sec_context call. If the function returns 85 * an output token, that is, if the OUTPUT_BUF is of nonzero length, that 86 * token must be sent to the server. 87 * 88 * Other returns values indicates error. 89 */ 90apr_status_t 91serf__spnego_init_sec_context(serf_connection_t *conn, 92 serf__spnego_context_t *ctx, 93 const char *service, 94 const char *hostname, 95 serf__spnego_buffer_t *input_buf, 96 serf__spnego_buffer_t *output_buf, 97 apr_pool_t *result_pool, 98 apr_pool_t *scratch_pool 99 ); 100 101/* 102 * Reset a previously created security context so we can start with a new one. 103 * 104 * This is triggered when the server requires per-request authentication, 105 * where each request requires a new security context. 106 */ 107apr_status_t 108serf__spnego_reset_sec_context(serf__spnego_context_t *ctx); 109 110#ifdef __cplusplus 111} 112#endif 113 114#endif /* SERF_HAVE_SPNEGO */ 115 116#endif /* !AUTH_SPNEGO_H */ 117