tor-browser

nsAuthGSSAPI.h (1942B)

---

/* vim:set ts=4 sw=2 et cindent: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsAuthGSSAPI_h__
#define nsAuthGSSAPI_h__

#include "nsAuth.h"
#include "nsIAuthModule.h"
#include "nsString.h"

#define GSS_USE_FUNCTION_POINTERS 1

#include "gssapi.h"

// The nsAuthGSSAPI class provides responses for the GSS-API Negotiate method
// as specified by Microsoft in draft-brezak-spnego-http-04.txt

/* Some remarks on thread safety ...
*
* The thread safety of this class depends largely upon the thread safety of
* the underlying GSSAPI and Kerberos libraries. This code just loads the
* system GSSAPI library, and whilst it avoids loading known bad libraries,
* it cannot determine the thread safety of the the code it loads.
*
* When used with a non-threadsafe library, it is not safe to simultaneously
* use multiple instantiations of this class.
*
* When used with a threadsafe Kerberos library, multiple instantiations of
* this class may happily co-exist. Methods may be sequentially called from
* multiple threads. The nature of the GSSAPI protocol is such that a correct
* implementation will never call methods in parallel, as the results of the
* last call are required as input to the next.
*/

class nsAuthGSSAPI final : public nsIAuthModule {
public:
 NS_DECL_THREADSAFE_ISUPPORTS
 NS_DECL_NSIAUTHMODULE

 explicit nsAuthGSSAPI(pType package);

 static void Shutdown();

private:
 ~nsAuthGSSAPI() { Reset(); }

 void Reset();
 gss_OID GetOID() { return mMechOID; }

private:
 gss_ctx_id_t mCtx;
 gss_OID mMechOID;
 nsCString mServiceName;
 uint32_t mServiceFlags = REQ_DEFAULT;
 nsString mUsername;
 bool mComplete = false;
 bool mDelegationRequested = false;
 bool mDelegationSupported = false;
};

#endif /* nsAuthGSSAPI_h__ */