auth_spnego.h revision 262339 
1/* Copyright 2010 Justin Erenkrantz and Greg Stein
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#ifndef AUTH_SPNEGO_H
17#define AUTH_SPNEGO_H
18
19#include <apr.h>
20#include <apr_pools.h>
21#include "serf.h"
22#include "serf_private.h"
23
24#if defined(SERF_HAVE_SSPI)
25#define SERF_HAVE_SPNEGO
26#define SERF_USE_SSPI
27#elif defined(SERF_HAVE_GSSAPI)
28#define SERF_HAVE_SPNEGO
29#define SERF_USE_GSSAPI
30#endif
31
32#ifdef SERF_HAVE_SPNEGO
33
34#ifdef __cplusplus
35extern "C" {
36#endif
37
38typedef struct serf__spnego_context_t serf__spnego_context_t;
39
40typedef struct serf__spnego_buffer_t {
41    apr_size_t length;
42    void *value;
43} serf__spnego_buffer_t;
44
45/* Create outbound security context.
46 *
47 * All temporary allocations will be performed in SCRATCH_POOL, while security
48 * context will be allocated in result_pool and will be destroyed automatically
49 * on RESULT_POOL cleanup.
50 *
51 */
52apr_status_t
53serf__spnego_create_sec_context(serf__spnego_context_t **ctx_p,
54                                const serf__authn_scheme_t *scheme,
55                                apr_pool_t *result_pool,
56                                apr_pool_t *scratch_pool);
57
58/* Initialize outbound security context.
59 *
60 * The function is used to build a security context between the client
61 * application and a remote peer.
62 *
63 * CTX is pointer to existing context created using
64 * serf__spnego_create_sec_context() function.
65 *
66 * SERVICE is name of Kerberos service name. Usually 'HTTP'. HOSTNAME is
67 * canonical name of destination server. Caller should resolve server's alias
68 * to canonical name.
69 *
70 * INPUT_BUF is pointer structure describing input token if any. Should be
71 * zero length on first call.
72 *
73 * OUTPUT_BUF will be populated with pointer to output data that should send
74 * to destination server. This buffer will be automatically freed on
75 * RESULT_POOL cleanup.
76 *
77 * All temporary allocations will be performed in SCRATCH_POOL.
78 *
79 * Return value:
80 * - APR_EAGAIN The client must send the output token to the server and wait
81 *   for a return token.
82 *
83 * - APR_SUCCESS The security context was successfully initialized. There is no
84 *   need for another serf__spnego_init_sec_context call. If the function returns
85 *   an output token, that is, if the OUTPUT_BUF is of nonzero length, that
86 *   token must be sent to the server.
87 *
88 * Other returns values indicates error.
89 */
90apr_status_t
91serf__spnego_init_sec_context(serf_connection_t *conn,
92                              serf__spnego_context_t *ctx,
93                              const char *service,
94                              const char *hostname,
95                              serf__spnego_buffer_t *input_buf,
96                              serf__spnego_buffer_t *output_buf,
97                              apr_pool_t *result_pool,
98                              apr_pool_t *scratch_pool
99                              );
100
101/*
102 * Reset a previously created security context so we can start with a new one.
103 *
104 * This is triggered when the server requires per-request authentication,
105 * where each request requires a new security context.
106 */
107apr_status_t
108serf__spnego_reset_sec_context(serf__spnego_context_t *ctx);
109
110#ifdef __cplusplus
111}
112#endif
113
114#endif    /* SERF_HAVE_SPNEGO */
115
116#endif    /* !AUTH_SPNEGO_H */
117