gecko-dev/netwerk/base/public/nsIAuthModule.idl

169 lines
6.6 KiB
Plaintext

/* vim:set ts=4 sw=4 et cindent: */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla.
*
* The Initial Developer of the Original Code is IBM Corporation.
* Portions created by IBM Corporation are Copyright (C) 2003
* IBM Corporation. All Rights Reserved.
*
* Contributor(s):
* Darin Fisher <darin@meer.net>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
[uuid(6e35dbc0-49ef-4e2c-b1ea-b72ec64450a2)]
interface nsIAuthModule : nsISupports
{
/**
* Default behavior.
*/
const unsigned long REQ_DEFAULT = 0;
/**
* Client and server will be authenticated.
*/
const unsigned long REQ_MUTUAL_AUTH = (1 << 0);
/**
* The server is allowed to impersonate the client. The REQ_MUTUAL_AUTH
* flag may also need to be specified in order for this flag to take
* effect.
*/
const unsigned long REQ_DELEGATE = (1 << 1);
/** Other flags may be defined in the future */
/**
* Called to initialize an auth module. The other methods cannot be called
* unless this method succeeds.
*
* @param aServiceName
* the service name, which may be null if not applicable (e.g., for
* NTLM, this parameter should be null).
* @param aServiceFlags
* a bitwise-or of the REQ_ flags defined above (pass REQ_DEFAULT
* for default behavior).
* @param aDomain
* the authentication domain, which may be null if not applicable.
* @param aUsername
* the user's login name
* @param aPassword
* the user's password
*/
void init(in string aServiceName,
in unsigned long aServiceFlags,
in wstring aDomain,
in wstring aUsername,
in wstring aPassword);
/**
* Called to get the next token in a sequence of authentication steps.
*
* @param aInToken
* A buffer containing the input token (e.g., a challenge from a
* server). This may be null.
* @param aInTokenLength
* The length of the input token.
* @param aOutToken
* If getNextToken succeeds, then aOutToken will point to a buffer
* to be sent in response to the server challenge. The length of
* this buffer is given by aOutTokenLength. The buffer at aOutToken
* must be recycled with a call to nsMemory::Free.
* @param aOutTokenLength
* If getNextToken succeeds, then aOutTokenLength contains the
* length of the buffer (number of bytes) pointed to by aOutToken.
*/
void getNextToken([const] in voidPtr aInToken,
in unsigned long aInTokenLength,
out voidPtr aOutToken,
out unsigned long aOutTokenLength);
/**
* Once a security context has been established through calls to GetNextToken()
* it may be used to protect data exchanged between client and server. Calls
* to Wrap() are used to protect items of data to be sent to the server.
*
* @param aInToken
* A buffer containing the data to be sent to the server
* @param aInTokenLength
* The length of the input token
* @param confidential
* If set to true, Wrap() will encrypt the data, otherwise data will
* just be integrity protected (checksummed)
* @param aOutToken
* A buffer containing the resulting data to be sent to the server
* @param aOutTokenLength
* The length of the output token buffer
*
* Wrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying authentication
* mechanism does not support security layers.
*/
void wrap([const] in voidPtr aInToken,
in unsigned long aInTokenLength,
in boolean confidential,
out voidPtr aOutToken,
out unsigned long aOutTokenLength);
/**
* Unwrap() is used to unpack, decrypt, and verify the checksums on data
* returned by a server when security layers are in use.
*
* @param aInToken
* A buffer containing the data received from the server
* @param aInTokenLength
* The length of the input token
* @param aOutToken
* A buffer containing the plaintext data from the server
* @param aOutTokenLength
* The length of the output token buffer
*
* Unwrap() may return NS_ERROR_NOT_IMPLEMENTED, if the underlying
* authentication mechanism does not support security layers.
*/
void unwrap([const] in voidPtr aInToken,
in unsigned long aInTokenLength,
out voidPtr aOutToken,
out unsigned long aOutTokenLength);
};
%{C++
/**
* nsIAuthModule implementations are registered under the following contract
* ID prefix:
*/
#define NS_AUTH_MODULE_CONTRACTID_PREFIX \
"@mozilla.org/network/auth-module;1?name="
/**
* This success code may be returned by nsIAuthModule::getNextToken to
* indicate that the authentication is finished and thus there's no need
* to call getNextToken again.
*/
#define NS_SUCCESS_AUTH_FINISHED \
NS_ERROR_GENERATE_SUCCESS(NS_ERROR_MODULE_NETWORK, 40)
%}