1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/netwerk/base/public/nsIAuthModule.idl Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,145 @@
1.4 +/* vim:set ts=4 sw=4 et cindent: */
1.5 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.6 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.7 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.8 +
1.9 +#include "nsISupports.idl"
1.10 +[uuid(6e35dbc0-49ef-4e2c-b1ea-b72ec64450a2)]
1.11 +interface nsIAuthModule : nsISupports
1.12 +{
1.13 + /**
1.14 + * Default behavior.
1.15 + */
1.16 + const unsigned long REQ_DEFAULT = 0;
1.17 +
1.18 + /**
1.19 + * Client and server will be authenticated.
1.20 + */
1.21 + const unsigned long REQ_MUTUAL_AUTH = (1 << 0);
1.22 +
1.23 + /**
1.24 + * The server is allowed to impersonate the client. The REQ_MUTUAL_AUTH
1.25 + * flag may also need to be specified in order for this flag to take
1.26 + * effect.
1.27 + */
1.28 + const unsigned long REQ_DELEGATE = (1 << 1);
1.29 +
1.30 + /**
1.31 + * The authentication is required for a proxy connection.
1.32 + */
1.33 + const unsigned long REQ_PROXY_AUTH = (1 << 2);
1.34 +
1.35 + /**
1.36 + * Flags used for telemetry.
1.37 + */
1.38 + const unsigned long NTLM_MODULE_SAMBA_AUTH_PROXY = 0;
1.39 + const unsigned long NTLM_MODULE_SAMBA_AUTH_DIRECT = 1;
1.40 + const unsigned long NTLM_MODULE_WIN_API_PROXY = 2;
1.41 + const unsigned long NTLM_MODULE_WIN_API_DIRECT = 3;
1.42 + const unsigned long NTLM_MODULE_GENERIC_PROXY = 4;
1.43 + const unsigned long NTLM_MODULE_GENERIC_DIRECT = 5;
1.44 + const unsigned long NTLM_MODULE_KERBEROS_PROXY = 6;
1.45 + const unsigned long NTLM_MODULE_KERBEROS_DIRECT = 7;
1.46 +
1.47 + /** Other flags may be defined in the future */
1.48 +
1.49 + /**
1.50 + * Called to initialize an auth module. The other methods cannot be called
1.51 + * unless this method succeeds.
1.52 + *
1.53 + * @param aServiceName
1.54 + * the service name, which may be null if not applicable (e.g., for
1.55 + * NTLM, this parameter should be null).
1.56 + * @param aServiceFlags
1.57 + * a bitwise-or of the REQ_ flags defined above (pass REQ_DEFAULT
1.58 + * for default behavior).
1.59 + * @param aDomain
1.60 + * the authentication domain, which may be null if not applicable.
1.61 + * @param aUsername
1.62 + * the user's login name
1.63 + * @param aPassword
1.64 + * the user's password
1.65 + */
1.66 + void init(in string aServiceName,
1.67 + in unsigned long aServiceFlags,
1.68 + in wstring aDomain,
1.69 + in wstring aUsername,
1.70 + in wstring aPassword);
1.71 +
1.72 + /**
1.73 + * Called to get the next token in a sequence of authentication steps.
1.74 + *
1.75 + * @param aInToken
1.76 + * A buffer containing the input token (e.g., a challenge from a
1.77 + * server). This may be null.
1.78 + * @param aInTokenLength
1.79 + * The length of the input token.
1.80 + * @param aOutToken
1.81 + * If getNextToken succeeds, then aOutToken will point to a buffer
1.82 + * to be sent in response to the server challenge. The length of
1.83 + * this buffer is given by aOutTokenLength. The buffer at aOutToken
1.84 + * must be recycled with a call to nsMemory::Free.
1.85 + * @param aOutTokenLength
1.86 + * If getNextToken succeeds, then aOutTokenLength contains the
1.87 + * length of the buffer (number of bytes) pointed to by aOutToken.
1.88 + */
1.89 + void getNextToken([const] in voidPtr aInToken,
1.90 + in unsigned long aInTokenLength,
1.91 + out voidPtr aOutToken,
1.92 + out unsigned long aOutTokenLength);
1.93 + /**
1.94 + * Once a security context has been established through calls to GetNextToken()
1.95 + * it may be used to protect data exchanged between client and server. Calls
1.96 + * to Wrap() are used to protect items of data to be sent to the server.
1.97 + *
1.98 + * @param aInToken
1.99 + * A buffer containing the data to be sent to the server
1.100 + * @param aInTokenLength
1.101 + * The length of the input token
1.102 + * @param confidential
1.103 + * If set to true, Wrap() will encrypt the data, otherwise data will
1.104 + * just be integrity protected (checksummed)
1.105 + * @param aOutToken
1.106 + * A buffer containing the resulting data to be sent to the server
1.107 + * @param aOutTokenLength
1.108 + * The length of the output token buffer
1.109 + *
1.110 + * Wrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying authentication
1.111 + * mechanism does not support security layers.
1.112 + */
1.113 + void wrap([const] in voidPtr aInToken,
1.114 + in unsigned long aInTokenLength,
1.115 + in boolean confidential,
1.116 + out voidPtr aOutToken,
1.117 + out unsigned long aOutTokenLength);
1.118 +
1.119 + /**
1.120 + * Unwrap() is used to unpack, decrypt, and verify the checksums on data
1.121 + * returned by a server when security layers are in use.
1.122 + *
1.123 + * @param aInToken
1.124 + * A buffer containing the data received from the server
1.125 + * @param aInTokenLength
1.126 + * The length of the input token
1.127 + * @param aOutToken
1.128 + * A buffer containing the plaintext data from the server
1.129 + * @param aOutTokenLength
1.130 + * The length of the output token buffer
1.131 + *
1.132 + * Unwrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying
1.133 + * authentication mechanism does not support security layers.
1.134 + */
1.135 + void unwrap([const] in voidPtr aInToken,
1.136 + in unsigned long aInTokenLength,
1.137 + out voidPtr aOutToken,
1.138 + out unsigned long aOutTokenLength);
1.139 +};
1.140 +
1.141 +%{C++
1.142 +/**
1.143 + * nsIAuthModule implementations are registered under the following contract
1.144 + * ID prefix:
1.145 + */
1.146 +#define NS_AUTH_MODULE_CONTRACTID_PREFIX \
1.147 + "@mozilla.org/network/auth-module;1?name="
1.148 +%}
