1 /* ====================================================================
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
18 * ====================================================================
25 #include <apr_pools.h>
27 #include "serf_private.h"
29 #if defined(SERF_HAVE_SSPI)
30 #define SERF_HAVE_SPNEGO
32 #elif defined(SERF_HAVE_GSSAPI)
33 #define SERF_HAVE_SPNEGO
34 #define SERF_USE_GSSAPI
37 #ifdef SERF_HAVE_SPNEGO
43 typedef struct serf__spnego_context_t serf__spnego_context_t;
45 typedef struct serf__spnego_buffer_t {
48 } serf__spnego_buffer_t;
50 /* Create outbound security context.
52 * All temporary allocations will be performed in SCRATCH_POOL, while security
53 * context will be allocated in result_pool and will be destroyed automatically
54 * on RESULT_POOL cleanup.
58 serf__spnego_create_sec_context(serf__spnego_context_t **ctx_p,
59 const serf__authn_scheme_t *scheme,
60 apr_pool_t *result_pool,
61 apr_pool_t *scratch_pool);
63 /* Initialize outbound security context.
65 * The function is used to build a security context between the client
66 * application and a remote peer.
68 * CTX is pointer to existing context created using
69 * serf__spnego_create_sec_context() function.
71 * SERVICE is name of Kerberos service name. Usually 'HTTP'. HOSTNAME is
72 * canonical name of destination server. Caller should resolve server's alias
75 * INPUT_BUF is pointer structure describing input token if any. Should be
76 * zero length on first call.
78 * OUTPUT_BUF will be populated with pointer to output data that should send
79 * to destination server. This buffer will be automatically freed on
80 * RESULT_POOL cleanup.
82 * All temporary allocations will be performed in SCRATCH_POOL.
85 * - APR_EAGAIN The client must send the output token to the server and wait
88 * - APR_SUCCESS The security context was successfully initialized. There is no
89 * need for another serf__spnego_init_sec_context call. If the function returns
90 * an output token, that is, if the OUTPUT_BUF is of nonzero length, that
91 * token must be sent to the server.
93 * Other returns values indicates error.
96 serf__spnego_init_sec_context(serf_connection_t *conn,
97 serf__spnego_context_t *ctx,
100 serf__spnego_buffer_t *input_buf,
101 serf__spnego_buffer_t *output_buf,
102 apr_pool_t *result_pool,
103 apr_pool_t *scratch_pool
107 * Reset a previously created security context so we can start with a new one.
109 * This is triggered when the server requires per-request authentication,
110 * where each request requires a new security context.
113 serf__spnego_reset_sec_context(serf__spnego_context_t *ctx);
119 #endif /* SERF_HAVE_SPNEGO */
121 #endif /* !AUTH_SPNEGO_H */