netwerk/base/public/nsIAuthModule.idl@b8a032363ba2 (annotated)
netwerk/base/public/nsIAuthModule.idl
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | /* vim:set ts=4 sw=4 et cindent: */ |
| michael@0 | 2 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 3 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 4 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 5 | |
| michael@0 | 6 | #include "nsISupports.idl" |
| michael@0 | 7 | [uuid(6e35dbc0-49ef-4e2c-b1ea-b72ec64450a2)] |
| michael@0 | 8 | interface nsIAuthModule : nsISupports |
| michael@0 | 9 | { |
| michael@0 | 10 | /** |
| michael@0 | 11 | * Default behavior. |
| michael@0 | 12 | */ |
| michael@0 | 13 | const unsigned long REQ_DEFAULT = 0; |
| michael@0 | 14 | |
| michael@0 | 15 | /** |
| michael@0 | 16 | * Client and server will be authenticated. |
| michael@0 | 17 | */ |
| michael@0 | 18 | const unsigned long REQ_MUTUAL_AUTH = (1 << 0); |
| michael@0 | 19 | |
| michael@0 | 20 | /** |
| michael@0 | 21 | * The server is allowed to impersonate the client. The REQ_MUTUAL_AUTH |
| michael@0 | 22 | * flag may also need to be specified in order for this flag to take |
| michael@0 | 23 | * effect. |
| michael@0 | 24 | */ |
| michael@0 | 25 | const unsigned long REQ_DELEGATE = (1 << 1); |
| michael@0 | 26 | |
| michael@0 | 27 | /** |
| michael@0 | 28 | * The authentication is required for a proxy connection. |
| michael@0 | 29 | */ |
| michael@0 | 30 | const unsigned long REQ_PROXY_AUTH = (1 << 2); |
| michael@0 | 31 | |
| michael@0 | 32 | /** |
| michael@0 | 33 | * Flags used for telemetry. |
| michael@0 | 34 | */ |
| michael@0 | 35 | const unsigned long NTLM_MODULE_SAMBA_AUTH_PROXY = 0; |
| michael@0 | 36 | const unsigned long NTLM_MODULE_SAMBA_AUTH_DIRECT = 1; |
| michael@0 | 37 | const unsigned long NTLM_MODULE_WIN_API_PROXY = 2; |
| michael@0 | 38 | const unsigned long NTLM_MODULE_WIN_API_DIRECT = 3; |
| michael@0 | 39 | const unsigned long NTLM_MODULE_GENERIC_PROXY = 4; |
| michael@0 | 40 | const unsigned long NTLM_MODULE_GENERIC_DIRECT = 5; |
| michael@0 | 41 | const unsigned long NTLM_MODULE_KERBEROS_PROXY = 6; |
| michael@0 | 42 | const unsigned long NTLM_MODULE_KERBEROS_DIRECT = 7; |
| michael@0 | 43 | |
| michael@0 | 44 | /** Other flags may be defined in the future */ |
| michael@0 | 45 | |
| michael@0 | 46 | /** |
| michael@0 | 47 | * Called to initialize an auth module. The other methods cannot be called |
| michael@0 | 48 | * unless this method succeeds. |
| michael@0 | 49 | * |
| michael@0 | 50 | * @param aServiceName |
| michael@0 | 51 | * the service name, which may be null if not applicable (e.g., for |
| michael@0 | 52 | * NTLM, this parameter should be null). |
| michael@0 | 53 | * @param aServiceFlags |
| michael@0 | 54 | * a bitwise-or of the REQ_ flags defined above (pass REQ_DEFAULT |
| michael@0 | 55 | * for default behavior). |
| michael@0 | 56 | * @param aDomain |
| michael@0 | 57 | * the authentication domain, which may be null if not applicable. |
| michael@0 | 58 | * @param aUsername |
| michael@0 | 59 | * the user's login name |
| michael@0 | 60 | * @param aPassword |
| michael@0 | 61 | * the user's password |
| michael@0 | 62 | */ |
| michael@0 | 63 | void init(in string aServiceName, |
| michael@0 | 64 | in unsigned long aServiceFlags, |
| michael@0 | 65 | in wstring aDomain, |
| michael@0 | 66 | in wstring aUsername, |
| michael@0 | 67 | in wstring aPassword); |
| michael@0 | 68 | |
| michael@0 | 69 | /** |
| michael@0 | 70 | * Called to get the next token in a sequence of authentication steps. |
| michael@0 | 71 | * |
| michael@0 | 72 | * @param aInToken |
| michael@0 | 73 | * A buffer containing the input token (e.g., a challenge from a |
| michael@0 | 74 | * server). This may be null. |
| michael@0 | 75 | * @param aInTokenLength |
| michael@0 | 76 | * The length of the input token. |
| michael@0 | 77 | * @param aOutToken |
| michael@0 | 78 | * If getNextToken succeeds, then aOutToken will point to a buffer |
| michael@0 | 79 | * to be sent in response to the server challenge. The length of |
| michael@0 | 80 | * this buffer is given by aOutTokenLength. The buffer at aOutToken |
| michael@0 | 81 | * must be recycled with a call to nsMemory::Free. |
| michael@0 | 82 | * @param aOutTokenLength |
| michael@0 | 83 | * If getNextToken succeeds, then aOutTokenLength contains the |
| michael@0 | 84 | * length of the buffer (number of bytes) pointed to by aOutToken. |
| michael@0 | 85 | */ |
| michael@0 | 86 | void getNextToken([const] in voidPtr aInToken, |
| michael@0 | 87 | in unsigned long aInTokenLength, |
| michael@0 | 88 | out voidPtr aOutToken, |
| michael@0 | 89 | out unsigned long aOutTokenLength); |
| michael@0 | 90 | /** |
| michael@0 | 91 | * Once a security context has been established through calls to GetNextToken() |
| michael@0 | 92 | * it may be used to protect data exchanged between client and server. Calls |
| michael@0 | 93 | * to Wrap() are used to protect items of data to be sent to the server. |
| michael@0 | 94 | * |
| michael@0 | 95 | * @param aInToken |
| michael@0 | 96 | * A buffer containing the data to be sent to the server |
| michael@0 | 97 | * @param aInTokenLength |
| michael@0 | 98 | * The length of the input token |
| michael@0 | 99 | * @param confidential |
| michael@0 | 100 | * If set to true, Wrap() will encrypt the data, otherwise data will |
| michael@0 | 101 | * just be integrity protected (checksummed) |
| michael@0 | 102 | * @param aOutToken |
| michael@0 | 103 | * A buffer containing the resulting data to be sent to the server |
| michael@0 | 104 | * @param aOutTokenLength |
| michael@0 | 105 | * The length of the output token buffer |
| michael@0 | 106 | * |
| michael@0 | 107 | * Wrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying authentication |
| michael@0 | 108 | * mechanism does not support security layers. |
| michael@0 | 109 | */ |
| michael@0 | 110 | void wrap([const] in voidPtr aInToken, |
| michael@0 | 111 | in unsigned long aInTokenLength, |
| michael@0 | 112 | in boolean confidential, |
| michael@0 | 113 | out voidPtr aOutToken, |
| michael@0 | 114 | out unsigned long aOutTokenLength); |
| michael@0 | 115 | |
| michael@0 | 116 | /** |
| michael@0 | 117 | * Unwrap() is used to unpack, decrypt, and verify the checksums on data |
| michael@0 | 118 | * returned by a server when security layers are in use. |
| michael@0 | 119 | * |
| michael@0 | 120 | * @param aInToken |
| michael@0 | 121 | * A buffer containing the data received from the server |
| michael@0 | 122 | * @param aInTokenLength |
| michael@0 | 123 | * The length of the input token |
| michael@0 | 124 | * @param aOutToken |
| michael@0 | 125 | * A buffer containing the plaintext data from the server |
| michael@0 | 126 | * @param aOutTokenLength |
| michael@0 | 127 | * The length of the output token buffer |
| michael@0 | 128 | * |
| michael@0 | 129 | * Unwrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying |
| michael@0 | 130 | * authentication mechanism does not support security layers. |
| michael@0 | 131 | */ |
| michael@0 | 132 | void unwrap([const] in voidPtr aInToken, |
| michael@0 | 133 | in unsigned long aInTokenLength, |
| michael@0 | 134 | out voidPtr aOutToken, |
| michael@0 | 135 | out unsigned long aOutTokenLength); |
| michael@0 | 136 | }; |
| michael@0 | 137 | |
| michael@0 | 138 | %{C++ |
| michael@0 | 139 | /** |
| michael@0 | 140 | * nsIAuthModule implementations are registered under the following contract |
| michael@0 | 141 | * ID prefix: |
| michael@0 | 142 | */ |
| michael@0 | 143 | #define NS_AUTH_MODULE_CONTRACTID_PREFIX \ |
| michael@0 | 144 | "@mozilla.org/network/auth-module;1?name=" |
| michael@0 | 145 | %} |
