michael@0: /* vim:set ts=4 sw=4 et cindent: */ michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #include "nsISupports.idl" michael@0: [uuid(6e35dbc0-49ef-4e2c-b1ea-b72ec64450a2)] michael@0: interface nsIAuthModule : nsISupports michael@0: { michael@0: /** michael@0: * Default behavior. michael@0: */ michael@0: const unsigned long REQ_DEFAULT = 0; michael@0: michael@0: /** michael@0: * Client and server will be authenticated. michael@0: */ michael@0: const unsigned long REQ_MUTUAL_AUTH = (1 << 0); michael@0: michael@0: /** michael@0: * The server is allowed to impersonate the client. The REQ_MUTUAL_AUTH michael@0: * flag may also need to be specified in order for this flag to take michael@0: * effect. michael@0: */ michael@0: const unsigned long REQ_DELEGATE = (1 << 1); michael@0: michael@0: /** michael@0: * The authentication is required for a proxy connection. michael@0: */ michael@0: const unsigned long REQ_PROXY_AUTH = (1 << 2); michael@0: michael@0: /** michael@0: * Flags used for telemetry. michael@0: */ michael@0: const unsigned long NTLM_MODULE_SAMBA_AUTH_PROXY = 0; michael@0: const unsigned long NTLM_MODULE_SAMBA_AUTH_DIRECT = 1; michael@0: const unsigned long NTLM_MODULE_WIN_API_PROXY = 2; michael@0: const unsigned long NTLM_MODULE_WIN_API_DIRECT = 3; michael@0: const unsigned long NTLM_MODULE_GENERIC_PROXY = 4; michael@0: const unsigned long NTLM_MODULE_GENERIC_DIRECT = 5; michael@0: const unsigned long NTLM_MODULE_KERBEROS_PROXY = 6; michael@0: const unsigned long NTLM_MODULE_KERBEROS_DIRECT = 7; michael@0: michael@0: /** Other flags may be defined in the future */ michael@0: michael@0: /** michael@0: * Called to initialize an auth module. The other methods cannot be called michael@0: * unless this method succeeds. michael@0: * michael@0: * @param aServiceName michael@0: * the service name, which may be null if not applicable (e.g., for michael@0: * NTLM, this parameter should be null). michael@0: * @param aServiceFlags michael@0: * a bitwise-or of the REQ_ flags defined above (pass REQ_DEFAULT michael@0: * for default behavior). michael@0: * @param aDomain michael@0: * the authentication domain, which may be null if not applicable. michael@0: * @param aUsername michael@0: * the user's login name michael@0: * @param aPassword michael@0: * the user's password michael@0: */ michael@0: void init(in string aServiceName, michael@0: in unsigned long aServiceFlags, michael@0: in wstring aDomain, michael@0: in wstring aUsername, michael@0: in wstring aPassword); michael@0: michael@0: /** michael@0: * Called to get the next token in a sequence of authentication steps. michael@0: * michael@0: * @param aInToken michael@0: * A buffer containing the input token (e.g., a challenge from a michael@0: * server). This may be null. michael@0: * @param aInTokenLength michael@0: * The length of the input token. michael@0: * @param aOutToken michael@0: * If getNextToken succeeds, then aOutToken will point to a buffer michael@0: * to be sent in response to the server challenge. The length of michael@0: * this buffer is given by aOutTokenLength. The buffer at aOutToken michael@0: * must be recycled with a call to nsMemory::Free. michael@0: * @param aOutTokenLength michael@0: * If getNextToken succeeds, then aOutTokenLength contains the michael@0: * length of the buffer (number of bytes) pointed to by aOutToken. michael@0: */ michael@0: void getNextToken([const] in voidPtr aInToken, michael@0: in unsigned long aInTokenLength, michael@0: out voidPtr aOutToken, michael@0: out unsigned long aOutTokenLength); michael@0: /** michael@0: * Once a security context has been established through calls to GetNextToken() michael@0: * it may be used to protect data exchanged between client and server. Calls michael@0: * to Wrap() are used to protect items of data to be sent to the server. michael@0: * michael@0: * @param aInToken michael@0: * A buffer containing the data to be sent to the server michael@0: * @param aInTokenLength michael@0: * The length of the input token michael@0: * @param confidential michael@0: * If set to true, Wrap() will encrypt the data, otherwise data will michael@0: * just be integrity protected (checksummed) michael@0: * @param aOutToken michael@0: * A buffer containing the resulting data to be sent to the server michael@0: * @param aOutTokenLength michael@0: * The length of the output token buffer michael@0: * michael@0: * Wrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying authentication michael@0: * mechanism does not support security layers. michael@0: */ michael@0: void wrap([const] in voidPtr aInToken, michael@0: in unsigned long aInTokenLength, michael@0: in boolean confidential, michael@0: out voidPtr aOutToken, michael@0: out unsigned long aOutTokenLength); michael@0: michael@0: /** michael@0: * Unwrap() is used to unpack, decrypt, and verify the checksums on data michael@0: * returned by a server when security layers are in use. michael@0: * michael@0: * @param aInToken michael@0: * A buffer containing the data received from the server michael@0: * @param aInTokenLength michael@0: * The length of the input token michael@0: * @param aOutToken michael@0: * A buffer containing the plaintext data from the server michael@0: * @param aOutTokenLength michael@0: * The length of the output token buffer michael@0: * michael@0: * Unwrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying michael@0: * authentication mechanism does not support security layers. michael@0: */ michael@0: void unwrap([const] in voidPtr aInToken, michael@0: in unsigned long aInTokenLength, michael@0: out voidPtr aOutToken, michael@0: out unsigned long aOutTokenLength); michael@0: }; michael@0: michael@0: %{C++ michael@0: /** michael@0: * nsIAuthModule implementations are registered under the following contract michael@0: * ID prefix: michael@0: */ michael@0: #define NS_AUTH_MODULE_CONTRACTID_PREFIX \ michael@0: "@mozilla.org/network/auth-module;1?name=" michael@0: %}