src/kudu/security/gssapi.h - kudu - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 #pragma once

 #include <string>

 #include <gssapi/gssapi.h>

 namespace kudu {

 class Status;

 namespace gssapi {

 // Convert the given major/minor GSSAPI error codes into a Status.
 Status MajorMinorToStatus(OM_uint32 major, OM_uint32 minor);

 // Run a step of SPNEGO authentication.
 //
 // 'in_token_b64' is the base64-encoded token provided by the client, which may be empty
 // if the client did not provide any such token (e.g. if the HTTP 'Authorization' header
 // was not present).

 // 'out_token_b64' is the base64-encoded output token to send back to the client
 // during this round of negotiation.
 //
 // If any error occurs (eg an invalid token is provided), a bad Status is returned.
 //
 // An OK status indicates that the negotiation is proceeding successfully, or has
 // completed, whereas a non-OK status indicates an error or an unsuccessful
 // authentication (in which case the out-parameters will not be modified).
 //
 // In the case of an OK status, '*complete' indicates whether any further rounds are
 // required. On completion of negotiation, 'authenticated_principal' will be set to the
 // full principal name of the remote user.
 //
 // NOTE: per the SPNEGO protocol, the final "complete" negotiation stage may
 // include a token.
 Status SpnegoStep(const std::string& in_token_b64,
                   std::string* out_token_b64,
                   bool* complete,
                   std::string* authenticated_principal);

 } // namespace gssapi
 } // namespace kudu
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	#pragma once

	#include <string>

	#include <gssapi/gssapi.h>

	namespace kudu {

	class Status;

	namespace gssapi {

	// Convert the given major/minor GSSAPI error codes into a Status.
	Status MajorMinorToStatus(OM_uint32 major, OM_uint32 minor);

	// Run a step of SPNEGO authentication.
	//
	// 'in_token_b64' is the base64-encoded token provided by the client, which may be empty
	// if the client did not provide any such token (e.g. if the HTTP 'Authorization' header
	// was not present).

	// 'out_token_b64' is the base64-encoded output token to send back to the client
	// during this round of negotiation.
	//
	// If any error occurs (eg an invalid token is provided), a bad Status is returned.
	//
	// An OK status indicates that the negotiation is proceeding successfully, or has
	// completed, whereas a non-OK status indicates an error or an unsuccessful
	// authentication (in which case the out-parameters will not be modified).
	//
	// In the case of an OK status, '*complete' indicates whether any further rounds are
	// required. On completion of negotiation, 'authenticated_principal' will be set to the
	// full principal name of the remote user.
	//
	// NOTE: per the SPNEGO protocol, the final "complete" negotiation stage may
	// include a token.
	Status SpnegoStep(const std::string& in_token_b64,
	std::string* out_token_b64,
	bool* complete,
	std::string* authenticated_principal);

	} // namespace gssapi
	} // namespace kudu