summaryrefslogtreecommitdiffstats
path: root/extensions/auth/nsAuthGSSAPI.h
blob: 6c663e9356f6e3be6011cfc99a171f6efb58db4c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
/* vim:set ts=4 sw=4 et cindent: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsAuthGSSAPI_h__
#define nsAuthGSSAPI_h__

#include "nsAuth.h"
#include "nsIAuthModule.h"
#include "nsString.h"
#include "mozilla/Attributes.h"

#define GSS_USE_FUNCTION_POINTERS 1

#include "gssapi.h"

// The nsAuthGSSAPI class provides responses for the GSS-API Negotiate method
// as specified by Microsoft in draft-brezak-spnego-http-04.txt

/* Some remarks on thread safety ...
 *
 * The thread safety of this class depends largely upon the thread safety of
 * the underlying GSSAPI and Kerberos libraries. This code just loads the 
 * system GSSAPI library, and whilst it avoids loading known bad libraries, 
 * it cannot determine the thread safety of the the code it loads.
 *
 * When used with a non-threadsafe library, it is not safe to simultaneously 
 * use multiple instantiations of this class.
 *
 * When used with a threadsafe Kerberos library, multiple instantiations of 
 * this class may happily co-exist. Methods may be sequentially called from 
 * multiple threads. The nature of the GSSAPI protocol is such that a correct 
 * implementation will never call methods in parallel, as the results of the 
 * last call are required as input to the next.
 */

class nsAuthGSSAPI final : public nsIAuthModule
{
public:
    NS_DECL_THREADSAFE_ISUPPORTS
    NS_DECL_NSIAUTHMODULE

    explicit nsAuthGSSAPI(pType package);

    static void Shutdown();

private:
    ~nsAuthGSSAPI() { Reset(); }

    void    Reset();
    gss_OID GetOID() { return mMechOID; }

private:
    gss_ctx_id_t mCtx;
    gss_OID      mMechOID;
    nsCString    mServiceName;
    uint32_t     mServiceFlags;
    nsString     mUsername;
    bool         mComplete;
};

#endif /* nsAuthGSSAPI_h__ */