nsIAuthModule

This interface is intended to be used as server and client authentication service.
Inherits from: nsISupports Last changed in Gecko 1.8 (Firefox 1.5 / Thunderbird 1.5 / SeaMonkey 1.0)

Method overview

void getNextToken([const] in voidPtr aInToken, in unsigned long aInTokenLength, out voidPtr aOutToken, out unsigned long aOutTokenLength);
void init(in string aServiceName, in unsigned long aServiceFlags, in wstring aDomain, in wstring aUsername, in wstring aPassword);
void unwrap([const] in voidPtr aInToken, in unsigned long aInTokenLength, out voidPtr aOutToken, out unsigned long aOutTokenLength);
void wrap([const] in voidPtr aInToken, in unsigned long aInTokenLength, in boolean confidential, out voidPtr aOutToken, out unsigned long aOutTokenLength);

Constants

Constant Value Description
REQ_DEFAULT 0 Default behavior.
REQ_MUTUAL_AUTH (1 << 0) Client and server will be authenticated.
REQ_DELEGATE (1 << 1) The server is allowed to impersonate the client. The REQ_MUTUAL_AUTH flag may also need to be specified in order for this flag to take effect.

Methods

getNextToken()

This method is called to get the next token in a sequence of authentication steps.

void getNextToken(
  [const] in voidPtr aInToken,
  in unsigned long aInTokenLength,
  out voidPtr aOutToken,
  out unsigned long aOutTokenLength
);
Parameters
aInToken
A buffer containing the input token (For example a challenge from a server). This may be null.
aInTokenLength
The length of the input token.
aOutToken
If getNextToken succeeds, then aOutToken will point to a buffer to be sent in response to the server challenge. The length of this buffer is given by aOutTokenLength. The buffer at aOutToken must be recycled with a call to nsIMemory.free().
aOutTokenLength
If getNextToken succeeds, then aOutTokenLength contains the length of the buffer (number of bytes) pointed to by aOutToken.

init()

This method is called to initialize an auth module. The other methods cannot be called unless this method succeeds.

void init(
  in string aServiceName,
  in unsigned long aServiceFlags,
  in wstring aDomain,
  in wstring aUsername,
  in wstring aPassword
);
Parameters
aServiceName
The service name, which may be null if not applicable (For example, for NTLM, this parameter should be null).
aServiceFlags
A bitwise-or of the REQ_ constants (pass REQ_DEFAULT for default behavior).
aDomain
The authentication domain, which may be null if not applicable.
aUsername
The user's login name.
aPassword
The user's password.

unwrap()

This method is used to unpack, decrypt, and verify the checksums on data returned by a server when security layers are in use.

void unwrap(
  [const] in voidPtr aInToken,
  in unsigned long aInTokenLength,
  out voidPtr aOutToken,
  out unsigned long aOutTokenLength
);
Parameters
aInToken
A buffer containing the data received from the server.
aInTokenLength
The length of the input token.
aOutToken
A buffer containing the plaintext data from the server.
aOutTokenLength
The length of the output token buffer.
Exceptions thrown
NS_ERROR_NOT_IMPLEMENTED
If the underlying authentication mechanism does not support security layers.

wrap()

Once a security context has been established through calls to getNextToken() it may be used to protect data exchanged between client and server. Calls to this method are used to protect items of data to be sent to the server.

void wrap(
  [const] in voidPtr aInToken,
  in unsigned long aInTokenLength,
  in boolean confidential,
  out voidPtr aOutToken,
  out unsigned long aOutTokenLength
);
Parameters
aInToken
A buffer containing the data to be sent to the server.
aInTokenLength
The length of the input token.
confidential
If set to true, it will encrypt the data, otherwise data will just be integrity protected (checksummed).
aOutToken
A buffer containing the resulting data to be sent to the server.
aOutTokenLength
The length of the output token buffer.
Exceptions thrown
NS_ERROR_NOT_IMPLEMENTED
If the underlying authentication mechanism does not support security layers.