Back to index

lightning-sunbird  0.9+nobinonly
Public Member Functions | Public Attributes | Private Member Functions | Private Attributes
nsNegotiateAuth Class Reference

#include <nsAuthModuleGSSAPI.h>

Inheritance diagram for nsNegotiateAuth:
Inheritance graph
[legend]
Collaboration diagram for nsNegotiateAuth:
Collaboration graph
[legend]

List of all members.

Public Member Functions

NS_DECL_ISUPPORTS
NS_DECL_NSIAUTHMODULE 
nsNegotiateAuth ()
NS_DECL_ISUPPORTS
NS_DECL_NSIAUTHMODULE 
nsNegotiateAuth ()
NS_DECL_ISUPPORTS
NS_DECL_NSIAUTHMODULE 
nsNegotiateAuth (PRBool useNTLM=PR_FALSE)
void init (in string aServiceName, in unsigned long aServiceFlags, in wstring aDomain, in wstring aUsername, in wstring aPassword)
 Other flags may be defined in the future.
void getNextToken ([const ] in voidPtr aInToken, in unsigned long aInTokenLength, out voidPtr aOutToken, out unsigned long aOutTokenLength)
 Called to get the next token in a sequence of authentication steps.
void wrap ([const ] in voidPtr aInToken, in unsigned long aInTokenLength, in boolean confidential, out voidPtr aOutToken, out unsigned long aOutTokenLength)
 Once a security context has been established through calls to GetNextToken() it may be used to protect data exchanged between client and server.
void unwrap ([const ] in voidPtr aInToken, in unsigned long aInTokenLength, out voidPtr aOutToken, out unsigned long aOutTokenLength)
 Unwrap() is used to unpack, decrypt, and verify the checksums on data returned by a server when security layers are in use.

Public Attributes

const unsigned long REQ_DEFAULT = 0
 Default behavior.
const unsigned long REQ_MUTUAL_AUTH = (1 << 0)
 Client and server will be authenticated.
const unsigned long REQ_DELEGATE = (1 << 1)
 The server is allowed to impersonate the client.

Private Member Functions

 ~nsNegotiateAuth ()
void Reset ()
gss_OID GetOID ()
 ~nsNegotiateAuth ()
void Reset ()
gss_OID GetOID ()
 ~nsNegotiateAuth ()
void Reset ()

Private Attributes

gss_ctx_id_t mCtx
gss_OID mMechOID
nsCString mServiceName
PRUint32 mServiceFlags
CredHandle mCred
CtxtHandle mCtxt
PRUint32 mMaxTokenLen
PRBool mUseNTLM

Detailed Description

Definition at line 62 of file nsAuthModuleGSSAPI.h.


Constructor & Destructor Documentation

Definition at line 283 of file nsAuthModuleGSSAPI.cpp.

    : mServiceFlags(REQ_DEFAULT)
{
    OM_uint32 minstat, majstat;
    gss_OID_set mech_set;
    gss_OID item;
    unsigned int i;
    static gss_OID_desc gss_krb5_mech_oid_desc =
        { 9, (void *) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
    static gss_OID_desc gss_spnego_mech_oid_desc =
        { 6, (void *) "\x2b\x06\x01\x05\x05\x02" };

    LOG(("entering nsNegotiateAuth::nsNegotiateAuth()\n"));

    if (!gssFunInit && NS_FAILED(gssInit()))
        return;

    mCtx = GSS_C_NO_CONTEXT;
    mMechOID = &gss_krb5_mech_oid_desc;

    //
    // Now, look at the list of supported mechanisms,
    // if SPNEGO is found, then use it.
    // Otherwise, set the desired mechanism to
    // GSS_C_NO_OID and let the system try to use
    // the default mechanism.
    //
    // Using Kerberos directly (instead of negotiating
    // with SPNEGO) may work in some cases depending
    // on how smart the server side is.
    //
    majstat = gss_indicate_mechs_ptr(&minstat, &mech_set);
    if (GSS_ERROR(majstat))
        return;

    for (i=0; i<mech_set->count; i++) {
        item = &mech_set->elements[i];    
        if (item->length == gss_spnego_mech_oid_desc.length &&
            !memcmp(item->elements, gss_spnego_mech_oid_desc.elements,
            item->length)) {
            // ok, we found it
            mMechOID = &gss_spnego_mech_oid_desc;
            break;
        }
    }
    gss_release_oid_set_ptr(&minstat, &mech_set);
}

Here is the call graph for this function:

nsNegotiateAuth::~nsNegotiateAuth ( ) [inline, private]

Definition at line 71 of file nsAuthModuleGSSAPI.h.

{ Reset(); }

Here is the call graph for this function:

nsNegotiateAuth::~nsNegotiateAuth ( ) [inline, private]

Definition at line 71 of file nsNegotiateAuthGSSAPI.h.

{ Reset(); }

Here is the call graph for this function:

Definition at line 165 of file nsNegotiateAuthSSPI.cpp.

    : mServiceFlags(REQ_DEFAULT)
    , mMaxTokenLen(0)
    , mUseNTLM(useNTLM)
{
    memset(&mCred, 0, sizeof(mCred));
    memset(&mCtxt, 0, sizeof(mCtxt));
}

Here is the call graph for this function:


Member Function Documentation

void nsIAuthModule::getNextToken ( [const ] in voidPtr  aInToken,
in unsigned long  aInTokenLength,
out voidPtr  aOutToken,
out unsigned long  aOutTokenLength 
) [inherited]

Called to get the next token in a sequence of authentication steps.

Parameters:
aInTokenA buffer containing the input token (e.g., a challenge from a server). This may be null.
aInTokenLengthThe length of the input token.
aOutTokenIf getNextToken succeeds, then aOutToken will point to a buffer to be sent in response to the server challenge. The length of this buffer is given by aOutTokenLength. The buffer at aOutToken must be recycled with a call to nsMemory::Free.
aOutTokenLengthIf getNextToken succeeds, then aOutTokenLength contains the length of the buffer (number of bytes) pointed to by aOutToken.
gss_OID nsNegotiateAuth::GetOID ( ) [inline, private]

Definition at line 74 of file nsNegotiateAuthGSSAPI.h.

{ return mMechOID; }
gss_OID nsNegotiateAuth::GetOID ( ) [inline, private]

Definition at line 74 of file nsAuthModuleGSSAPI.h.

{ return mMechOID; }
void nsIAuthModule::init ( in string  aServiceName,
in unsigned long  aServiceFlags,
in wstring  aDomain,
in wstring  aUsername,
in wstring  aPassword 
) [inherited]

Other flags may be defined in the future.

Called to initialize an auth module. The other methods cannot be called unless this method succeeds.

Parameters:
aServiceNamethe service name, which may be null if not applicable (e.g., for NTLM, this parameter should be null).
aServiceFlagsa bitwise-or of the REQ_ flags defined above (pass REQ_DEFAULT for default behavior).
aDomainthe authentication domain, which may be null if not applicable.
aUsernamethe user's login name
aPasswordthe user's password
void nsNegotiateAuth::Reset ( void  ) [private]

Definition at line 332 of file nsAuthModuleGSSAPI.cpp.

Here is the caller graph for this function:

void nsIAuthModule::unwrap ( [const ] in voidPtr  aInToken,
in unsigned long  aInTokenLength,
out voidPtr  aOutToken,
out unsigned long  aOutTokenLength 
) [inherited]

Unwrap() is used to unpack, decrypt, and verify the checksums on data returned by a server when security layers are in use.

Parameters:
aInTokenA buffer containing the data received from the server
aInTokenLengthThe length of the input token
aOutTokenA buffer containing the plaintext data from the server
aOutTokenLengthThe length of the output token buffer

Unwrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying authentication mechanism does not support security layers.

void nsIAuthModule::wrap ( [const ] in voidPtr  aInToken,
in unsigned long  aInTokenLength,
in boolean  confidential,
out voidPtr  aOutToken,
out unsigned long  aOutTokenLength 
) [inherited]

Once a security context has been established through calls to GetNextToken() it may be used to protect data exchanged between client and server.

Calls to Wrap() are used to protect items of data to be sent to the server.

Parameters:
aInTokenA buffer containing the data to be sent to the server
aInTokenLengthThe length of the input token
confidentialIf set to true, Wrap() will encrypt the data, otherwise data will just be integrity protected (checksummed)
aOutTokenA buffer containing the resulting data to be sent to the server
aOutTokenLengthThe length of the output token buffer

Wrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying authentication mechanism does not support security layers.


Member Data Documentation

CredHandle nsNegotiateAuth::mCred [private]

Definition at line 73 of file nsNegotiateAuthSSPI.h.

Definition at line 77 of file nsAuthModuleGSSAPI.h.

CtxtHandle nsNegotiateAuth::mCtxt [private]

Definition at line 74 of file nsNegotiateAuthSSPI.h.

Definition at line 77 of file nsNegotiateAuthSSPI.h.

Definition at line 78 of file nsAuthModuleGSSAPI.h.

Definition at line 80 of file nsAuthModuleGSSAPI.h.

Definition at line 79 of file nsAuthModuleGSSAPI.h.

Definition at line 78 of file nsNegotiateAuthSSPI.h.

const unsigned long nsIAuthModule::REQ_DEFAULT = 0 [inherited]

Default behavior.

Definition at line 45 of file nsIAuthModule.idl.

const unsigned long nsIAuthModule::REQ_DELEGATE = (1 << 1) [inherited]

The server is allowed to impersonate the client.

The REQ_MUTUAL_AUTH flag may also need to be specified in order for this flag to take effect.

Definition at line 57 of file nsIAuthModule.idl.

const unsigned long nsIAuthModule::REQ_MUTUAL_AUTH = (1 << 0) [inherited]

Client and server will be authenticated.

Definition at line 50 of file nsIAuthModule.idl.


The documentation for this class was generated from the following files: