1 /* Copyright 2010 Justin Erenkrantz and Greg Stein
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
20 #include <apr_pools.h>
22 #include "serf_private.h"
24 #if defined(SERF_HAVE_SSPI)
25 #define SERF_HAVE_SPNEGO
27 #elif defined(SERF_HAVE_GSSAPI)
28 #define SERF_HAVE_SPNEGO
29 #define SERF_USE_GSSAPI
32 #ifdef SERF_HAVE_SPNEGO
38 typedef struct serf__spnego_context_t serf__spnego_context_t;
40 typedef struct serf__spnego_buffer_t {
43 } serf__spnego_buffer_t;
45 /* Create outbound security context.
47 * All temporary allocations will be performed in SCRATCH_POOL, while security
48 * context will be allocated in result_pool and will be destroyed automatically
49 * on RESULT_POOL cleanup.
53 serf__spnego_create_sec_context(serf__spnego_context_t **ctx_p,
54 const serf__authn_scheme_t *scheme,
55 apr_pool_t *result_pool,
56 apr_pool_t *scratch_pool);
58 /* Initialize outbound security context.
60 * The function is used to build a security context between the client
61 * application and a remote peer.
63 * CTX is pointer to existing context created using
64 * serf__spnego_create_sec_context() function.
66 * SERVICE is name of Kerberos service name. Usually 'HTTP'. HOSTNAME is
67 * canonical name of destination server. Caller should resolve server's alias
70 * INPUT_BUF is pointer structure describing input token if any. Should be
71 * zero length on first call.
73 * OUTPUT_BUF will be populated with pointer to output data that should send
74 * to destination server. This buffer will be automatically freed on
75 * RESULT_POOL cleanup.
77 * All temporary allocations will be performed in SCRATCH_POOL.
80 * - APR_EAGAIN The client must send the output token to the server and wait
83 * - APR_SUCCESS The security context was successfully initialized. There is no
84 * need for another serf__spnego_init_sec_context call. If the function returns
85 * an output token, that is, if the OUTPUT_BUF is of nonzero length, that
86 * token must be sent to the server.
88 * Other returns values indicates error.
91 serf__spnego_init_sec_context(serf__spnego_context_t *ctx,
94 serf__spnego_buffer_t *input_buf,
95 serf__spnego_buffer_t *output_buf,
96 apr_pool_t *result_pool,
97 apr_pool_t *scratch_pool
101 * Reset a previously created security context so we can start with a new one.
103 * This is triggered when the server requires per-request authentication,
104 * where each request requires a new security context.
107 serf__spnego_reset_sec_context(serf__spnego_context_t *ctx);
113 #endif /* SERF_HAVE_SPNEGO */
115 #endif /* !AUTH_SPNEGO_H */