1/* ==================================================================== 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 * ==================================================================== 19 */ 20 21#ifndef AUTH_SPNEGO_H 22#define AUTH_SPNEGO_H 23 24#include <apr.h> 25#include <apr_pools.h> 26#include "serf.h" 27#include "serf_private.h" 28 29#if defined(SERF_HAVE_SSPI) 30#define SERF_HAVE_SPNEGO 31#define SERF_USE_SSPI 32#elif defined(SERF_HAVE_GSSAPI) 33#define SERF_HAVE_SPNEGO 34#define SERF_USE_GSSAPI 35#endif 36 37#ifdef SERF_HAVE_SPNEGO 38 39#ifdef __cplusplus 40extern "C" { 41#endif 42 43typedef struct serf__spnego_context_t serf__spnego_context_t; 44 45typedef struct serf__spnego_buffer_t { 46 apr_size_t length; 47 void *value; 48} serf__spnego_buffer_t; 49 50/* Create outbound security context. 51 * 52 * All temporary allocations will be performed in SCRATCH_POOL, while security 53 * context will be allocated in result_pool and will be destroyed automatically 54 * on RESULT_POOL cleanup. 55 * 56 */ 57apr_status_t 58serf__spnego_create_sec_context(serf__spnego_context_t **ctx_p, 59 const serf__authn_scheme_t *scheme, 60 apr_pool_t *result_pool, 61 apr_pool_t *scratch_pool); 62 63/* Initialize outbound security context. 64 * 65 * The function is used to build a security context between the client 66 * application and a remote peer. 67 * 68 * CTX is pointer to existing context created using 69 * serf__spnego_create_sec_context() function. 70 * 71 * SERVICE is name of Kerberos service name. Usually 'HTTP'. HOSTNAME is 72 * canonical name of destination server. Caller should resolve server's alias 73 * to canonical name. 74 * 75 * INPUT_BUF is pointer structure describing input token if any. Should be 76 * zero length on first call. 77 * 78 * OUTPUT_BUF will be populated with pointer to output data that should send 79 * to destination server. This buffer will be automatically freed on 80 * RESULT_POOL cleanup. 81 * 82 * All temporary allocations will be performed in SCRATCH_POOL. 83 * 84 * Return value: 85 * - APR_EAGAIN The client must send the output token to the server and wait 86 * for a return token. 87 * 88 * - APR_SUCCESS The security context was successfully initialized. There is no 89 * need for another serf__spnego_init_sec_context call. If the function returns 90 * an output token, that is, if the OUTPUT_BUF is of nonzero length, that 91 * token must be sent to the server. 92 * 93 * Other returns values indicates error. 94 */ 95apr_status_t 96serf__spnego_init_sec_context(serf_connection_t *conn, 97 serf__spnego_context_t *ctx, 98 const char *service, 99 const char *hostname, 100 serf__spnego_buffer_t *input_buf, 101 serf__spnego_buffer_t *output_buf, 102 apr_pool_t *result_pool, 103 apr_pool_t *scratch_pool 104 ); 105 106/* 107 * Reset a previously created security context so we can start with a new one. 108 * 109 * This is triggered when the server requires per-request authentication, 110 * where each request requires a new security context. 111 */ 112apr_status_t 113serf__spnego_reset_sec_context(serf__spnego_context_t *ctx); 114 115#ifdef __cplusplus 116} 117#endif 118 119#endif /* SERF_HAVE_SPNEGO */ 120 121#endif /* !AUTH_SPNEGO_H */ 122