diff options
Diffstat (limited to 'contrib/serf/auth/auth_spnego.h')
-rw-r--r-- | contrib/serf/auth/auth_spnego.h | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/contrib/serf/auth/auth_spnego.h b/contrib/serf/auth/auth_spnego.h new file mode 100644 index 0000000..5af3b09 --- /dev/null +++ b/contrib/serf/auth/auth_spnego.h @@ -0,0 +1,115 @@ +/* Copyright 2010 Justin Erenkrantz and Greg Stein + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef AUTH_SPNEGO_H +#define AUTH_SPNEGO_H + +#include <apr.h> +#include <apr_pools.h> +#include "serf.h" +#include "serf_private.h" + +#if defined(SERF_HAVE_SSPI) +#define SERF_HAVE_SPNEGO +#define SERF_USE_SSPI +#elif defined(SERF_HAVE_GSSAPI) +#define SERF_HAVE_SPNEGO +#define SERF_USE_GSSAPI +#endif + +#ifdef SERF_HAVE_SPNEGO + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct serf__spnego_context_t serf__spnego_context_t; + +typedef struct serf__spnego_buffer_t { + apr_size_t length; + void *value; +} serf__spnego_buffer_t; + +/* Create outbound security context. + * + * All temporary allocations will be performed in SCRATCH_POOL, while security + * context will be allocated in result_pool and will be destroyed automatically + * on RESULT_POOL cleanup. + * + */ +apr_status_t +serf__spnego_create_sec_context(serf__spnego_context_t **ctx_p, + const serf__authn_scheme_t *scheme, + apr_pool_t *result_pool, + apr_pool_t *scratch_pool); + +/* Initialize outbound security context. + * + * The function is used to build a security context between the client + * application and a remote peer. + * + * CTX is pointer to existing context created using + * serf__spnego_create_sec_context() function. + * + * SERVICE is name of Kerberos service name. Usually 'HTTP'. HOSTNAME is + * canonical name of destination server. Caller should resolve server's alias + * to canonical name. + * + * INPUT_BUF is pointer structure describing input token if any. Should be + * zero length on first call. + * + * OUTPUT_BUF will be populated with pointer to output data that should send + * to destination server. This buffer will be automatically freed on + * RESULT_POOL cleanup. + * + * All temporary allocations will be performed in SCRATCH_POOL. + * + * Return value: + * - APR_EAGAIN The client must send the output token to the server and wait + * for a return token. + * + * - APR_SUCCESS The security context was successfully initialized. There is no + * need for another serf__spnego_init_sec_context call. If the function returns + * an output token, that is, if the OUTPUT_BUF is of nonzero length, that + * token must be sent to the server. + * + * Other returns values indicates error. + */ +apr_status_t +serf__spnego_init_sec_context(serf__spnego_context_t *ctx, + const char *service, + const char *hostname, + serf__spnego_buffer_t *input_buf, + serf__spnego_buffer_t *output_buf, + apr_pool_t *result_pool, + apr_pool_t *scratch_pool + ); + +/* + * Reset a previously created security context so we can start with a new one. + * + * This is triggered when the server requires per-request authentication, + * where each request requires a new security context. + */ +apr_status_t +serf__spnego_reset_sec_context(serf__spnego_context_t *ctx); + +#ifdef __cplusplus +} +#endif + +#endif /* SERF_HAVE_SPNEGO */ + +#endif /* !AUTH_SPNEGO_H */ |