• file
• revisions
• annotate
• diff
• comparison
• raw

netwerk/base/public/nsIAuthModule.idl@97036ab72558 (annotated)

netwerk/base/public/nsIAuthModule.idl

Tue, 06 Jan 2015 21:39:09 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Tue, 06 Jan 2015 21:39:09 +0100

branch

TOR_BUG_9701

changeset 8

97036ab72558

permissions

-rw-r--r--

Conditionally force memory storage according to privacy.thirdparty.isolate;
This solves Tor bug #9701, complying with disk avoidance documented in
https://www.torproject.org/projects/torbrowser/design/#disk-avoidance.

michael@0	1	/* vim:set ts=4 sw=4 et cindent: */
michael@0	2	/* This Source Code Form is subject to the terms of the Mozilla Public
michael@0	3	* License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0	4	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0	5
michael@0	6	#include "nsISupports.idl"
michael@0	7	[uuid(6e35dbc0-49ef-4e2c-b1ea-b72ec64450a2)]
michael@0	8	interface nsIAuthModule : nsISupports
michael@0	9	{
michael@0	10	/**
michael@0	11	* Default behavior.
michael@0	12	*/
michael@0	13	const unsigned long REQ_DEFAULT = 0;
michael@0	14
michael@0	15	/**
michael@0	16	* Client and server will be authenticated.
michael@0	17	*/
michael@0	18	const unsigned long REQ_MUTUAL_AUTH = (1 << 0);
michael@0	19
michael@0	20	/**
michael@0	21	* The server is allowed to impersonate the client. The REQ_MUTUAL_AUTH
michael@0	22	* flag may also need to be specified in order for this flag to take
michael@0	23	* effect.
michael@0	24	*/
michael@0	25	const unsigned long REQ_DELEGATE = (1 << 1);
michael@0	26
michael@0	27	/**
michael@0	28	* The authentication is required for a proxy connection.
michael@0	29	*/
michael@0	30	const unsigned long REQ_PROXY_AUTH = (1 << 2);
michael@0	31
michael@0	32	/**
michael@0	33	* Flags used for telemetry.
michael@0	34	*/
michael@0	35	const unsigned long NTLM_MODULE_SAMBA_AUTH_PROXY = 0;
michael@0	36	const unsigned long NTLM_MODULE_SAMBA_AUTH_DIRECT = 1;
michael@0	37	const unsigned long NTLM_MODULE_WIN_API_PROXY = 2;
michael@0	38	const unsigned long NTLM_MODULE_WIN_API_DIRECT = 3;
michael@0	39	const unsigned long NTLM_MODULE_GENERIC_PROXY = 4;
michael@0	40	const unsigned long NTLM_MODULE_GENERIC_DIRECT = 5;
michael@0	41	const unsigned long NTLM_MODULE_KERBEROS_PROXY = 6;
michael@0	42	const unsigned long NTLM_MODULE_KERBEROS_DIRECT = 7;
michael@0	43
michael@0	44	/** Other flags may be defined in the future */
michael@0	45
michael@0	46	/**
michael@0	47	* Called to initialize an auth module. The other methods cannot be called
michael@0	48	* unless this method succeeds.
michael@0	49	*
michael@0	50	* @param aServiceName
michael@0	51	* the service name, which may be null if not applicable (e.g., for
michael@0	52	* NTLM, this parameter should be null).
michael@0	53	* @param aServiceFlags
michael@0	54	* a bitwise-or of the REQ_ flags defined above (pass REQ_DEFAULT
michael@0	55	* for default behavior).
michael@0	56	* @param aDomain
michael@0	57	* the authentication domain, which may be null if not applicable.
michael@0	58	* @param aUsername
michael@0	59	* the user's login name
michael@0	60	* @param aPassword
michael@0	61	* the user's password
michael@0	62	*/
michael@0	63	void init(in string aServiceName,
michael@0	64	in unsigned long aServiceFlags,
michael@0	65	in wstring aDomain,
michael@0	66	in wstring aUsername,
michael@0	67	in wstring aPassword);
michael@0	68
michael@0	69	/**
michael@0	70	* Called to get the next token in a sequence of authentication steps.
michael@0	71	*
michael@0	72	* @param aInToken
michael@0	73	* A buffer containing the input token (e.g., a challenge from a
michael@0	74	* server). This may be null.
michael@0	75	* @param aInTokenLength
michael@0	76	* The length of the input token.
michael@0	77	* @param aOutToken
michael@0	78	* If getNextToken succeeds, then aOutToken will point to a buffer
michael@0	79	* to be sent in response to the server challenge. The length of
michael@0	80	* this buffer is given by aOutTokenLength. The buffer at aOutToken
michael@0	81	* must be recycled with a call to nsMemory::Free.
michael@0	82	* @param aOutTokenLength
michael@0	83	* If getNextToken succeeds, then aOutTokenLength contains the
michael@0	84	* length of the buffer (number of bytes) pointed to by aOutToken.
michael@0	85	*/
michael@0	86	void getNextToken([const] in voidPtr aInToken,
michael@0	87	in unsigned long aInTokenLength,
michael@0	88	out voidPtr aOutToken,
michael@0	89	out unsigned long aOutTokenLength);
michael@0	90	/**
michael@0	91	* Once a security context has been established through calls to GetNextToken()
michael@0	92	* it may be used to protect data exchanged between client and server. Calls
michael@0	93	* to Wrap() are used to protect items of data to be sent to the server.
michael@0	94	*
michael@0	95	* @param aInToken
michael@0	96	* A buffer containing the data to be sent to the server
michael@0	97	* @param aInTokenLength
michael@0	98	* The length of the input token
michael@0	99	* @param confidential
michael@0	100	* If set to true, Wrap() will encrypt the data, otherwise data will
michael@0	101	* just be integrity protected (checksummed)
michael@0	102	* @param aOutToken
michael@0	103	* A buffer containing the resulting data to be sent to the server
michael@0	104	* @param aOutTokenLength
michael@0	105	* The length of the output token buffer
michael@0	106	*
michael@0	107	* Wrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying authentication
michael@0	108	* mechanism does not support security layers.
michael@0	109	*/
michael@0	110	void wrap([const] in voidPtr aInToken,
michael@0	111	in unsigned long aInTokenLength,
michael@0	112	in boolean confidential,
michael@0	113	out voidPtr aOutToken,
michael@0	114	out unsigned long aOutTokenLength);
michael@0	115
michael@0	116	/**
michael@0	117	* Unwrap() is used to unpack, decrypt, and verify the checksums on data
michael@0	118	* returned by a server when security layers are in use.
michael@0	119	*
michael@0	120	* @param aInToken
michael@0	121	* A buffer containing the data received from the server
michael@0	122	* @param aInTokenLength
michael@0	123	* The length of the input token
michael@0	124	* @param aOutToken
michael@0	125	* A buffer containing the plaintext data from the server
michael@0	126	* @param aOutTokenLength
michael@0	127	* The length of the output token buffer
michael@0	128	*
michael@0	129	* Unwrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying
michael@0	130	* authentication mechanism does not support security layers.
michael@0	131	*/
michael@0	132	void unwrap([const] in voidPtr aInToken,
michael@0	133	in unsigned long aInTokenLength,
michael@0	134	out voidPtr aOutToken,
michael@0	135	out unsigned long aOutTokenLength);
michael@0	136	};
michael@0	137
michael@0	138	%{C++
michael@0	139	/**
michael@0	140	* nsIAuthModule implementations are registered under the following contract
michael@0	141	* ID prefix:
michael@0	142	*/
michael@0	143	#define NS_AUTH_MODULE_CONTRACTID_PREFIX \
michael@0	144	"@mozilla.org/network/auth-module;1?name="
michael@0	145	%}