summaryrefslogtreecommitdiff
path: root/extensions/auth/nsAuthSambaNTLM.h
blob: 26b21b66768659b8aad7a27f88d495b334b7a1cc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
/* vim:set ts=4 sw=4 et cindent: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsAuthSambaNTLM_h__
#define nsAuthSambaNTLM_h__

#include "nsIAuthModule.h"
#include "nsString.h"
#include "nsCOMPtr.h"
#include "prio.h"
#include "prproces.h"
#include "mozilla/Attributes.h"

/**
 * This is an implementation of NTLM authentication that does single-signon
 * by obtaining the user's Unix username, parsing it into DOMAIN\name format,
 * and then asking Samba's ntlm_auth tool to do the authentication for us
 * using the user's password cached in winbindd, if available. If the
 * password is not available then this component fails to instantiate so
 * nsHttpNTLMAuth will fall back to a different NTLM implementation.
 * NOTE: at time of writing, this requires patches to be added to the stock
 * Samba winbindd and ntlm_auth!  
 */
class nsAuthSambaNTLM final : public nsIAuthModule
{
public:
    NS_DECL_ISUPPORTS
    NS_DECL_NSIAUTHMODULE

    nsAuthSambaNTLM();

    // We spawn the ntlm_auth helper from the module constructor, because
    // that lets us fail to instantiate the module if ntlm_auth isn't
    // available, triggering fallback to the built-in NTLM support (which
    // doesn't support single signon, of course)
    nsresult SpawnNTLMAuthHelper();

private:
    ~nsAuthSambaNTLM();

    void Shutdown();

    uint8_t*    mInitialMessage; /* free with free() */
    uint32_t    mInitialMessageLen;
    PRProcess*  mChildPID;
    PRFileDesc* mFromChildFD;
    PRFileDesc* mToChildFD;
};

#endif /* nsAuthSambaNTLM_h__ */