]>
Commit | Line | Data |
---|---|---|
0f95a274 | 1 | /* authd/provider.h - authentication provider framework |
05e17ac2 EM |
2 | * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me> |
3 | * | |
4 | * Permission to use, copy, modify, and/or distribute this software for any | |
5 | * purpose with or without fee is hereby granted, provided that the above | |
6 | * copyright notice and this permission notice is present in all copies. | |
7 | * | |
8 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
9 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
10 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
11 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, | |
12 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
13 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
14 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
16 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING | |
17 | * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
18 | * POSSIBILITY OF SUCH DAMAGE. | |
19 | */ | |
20 | ||
0f95a274 EM |
21 | #ifndef __CHARYBDIS_AUTHD_PROVIDER_H__ |
22 | #define __CHARYBDIS_AUTHD_PROVIDER_H__ | |
05e17ac2 EM |
23 | |
24 | #include "stdinc.h" | |
a51487e0 | 25 | #include "authd.h" |
3e875f62 | 26 | #include "rb_dictionary.h" |
05e17ac2 | 27 | |
3e875f62 | 28 | #define MAX_PROVIDERS 32 /* This should be enough */ |
05e17ac2 | 29 | |
376ae2e2 EM |
30 | typedef enum |
31 | { | |
32 | PROVIDER_STATUS_NOTRUN = 0, | |
33 | PROVIDER_STATUS_RUNNING, | |
34 | PROVIDER_STATUS_DONE, | |
35 | } provider_status_t; | |
36 | ||
a68d9a2b EM |
37 | struct auth_client_data |
38 | { | |
731d1289 | 39 | struct auth_provider *provider; /* Pointer back */ |
376ae2e2 EM |
40 | time_t timeout; /* Provider timeout */ |
41 | void *data; /* Provider data */ | |
42 | provider_status_t status; /* Provider status */ | |
a68d9a2b EM |
43 | }; |
44 | ||
05e17ac2 EM |
45 | struct auth_client |
46 | { | |
be67cfca | 47 | uint16_t cid; /* Client ID */ |
05e17ac2 | 48 | |
2b0cc3d3 EM |
49 | char l_ip[HOSTIPLEN + 1]; /* Listener IP address */ |
50 | uint16_t l_port; /* Listener port */ | |
9c7498d5 | 51 | struct rb_sockaddr_storage l_addr; /* Listener address/port */ |
2b0cc3d3 EM |
52 | |
53 | char c_ip[HOSTIPLEN + 1]; /* Client IP address */ | |
54 | uint16_t c_port; /* Client port */ | |
9c7498d5 | 55 | struct rb_sockaddr_storage c_addr; /* Client address/port */ |
05e17ac2 | 56 | |
5bfc606f | 57 | char hostname[HOSTLEN + 1]; /* Used for DNS lookup */ |
be67cfca | 58 | char username[USERLEN + 1]; /* Used for ident lookup */ |
05e17ac2 | 59 | |
247b304f | 60 | bool providers_starting; /* Providers are still warming up */ |
376ae2e2 | 61 | unsigned int refcount; /* Held references */ |
f7b37c1d | 62 | |
a68d9a2b | 63 | struct auth_client_data *data; /* Provider-specific data */ |
2b0cc3d3 EM |
64 | }; |
65 | ||
66 | typedef bool (*provider_init_t)(void); | |
2b0cc3d3 EM |
67 | typedef void (*provider_destroy_t)(void); |
68 | ||
89d22b9a EM |
69 | typedef bool (*provider_start_t)(struct auth_client *); |
70 | typedef void (*provider_cancel_t)(struct auth_client *); | |
731d1289 EM |
71 | typedef void (*uint32_timeout_t)(struct auth_client *); |
72 | typedef void (*provider_complete_t)(struct auth_client *, uint32_t); | |
89d22b9a | 73 | |
ee7f9271 EM |
74 | struct auth_stats_handler |
75 | { | |
76 | const char letter; | |
77 | authd_stat_handler handler; | |
78 | }; | |
79 | ||
05e17ac2 EM |
80 | struct auth_provider |
81 | { | |
99e53867 EM |
82 | rb_dlink_node node; |
83 | ||
731d1289 EM |
84 | uint32_t id; /* Provider ID */ |
85 | ||
86 | const char *name; /* Name of the provider */ | |
87 | char letter; /* Letter used on reject, etc. */ | |
05e17ac2 EM |
88 | |
89 | provider_init_t init; /* Initalise the provider */ | |
90 | provider_destroy_t destroy; /* Terminate the provider */ | |
91 | ||
89d22b9a | 92 | provider_start_t start; /* Perform authentication */ |
05e17ac2 | 93 | provider_cancel_t cancel; /* Authentication cancelled */ |
731d1289 | 94 | uint32_timeout_t timeout; /* Timeout callback */ |
05e17ac2 | 95 | provider_complete_t completed; /* Callback for when other performers complete (think dependency chains) */ |
a51487e0 | 96 | |
ee7f9271 EM |
97 | struct auth_stats_handler stats_handler; |
98 | ||
a51487e0 | 99 | struct auth_opts_handler *opt_handlers; |
05e17ac2 EM |
100 | }; |
101 | ||
18764319 | 102 | extern struct auth_provider rdns_provider; |
f1861e48 | 103 | extern struct auth_provider ident_provider; |
add80afd | 104 | extern struct auth_provider blacklist_provider; |
4e85459a | 105 | extern struct auth_provider opm_provider; |
9b5b2ded | 106 | |
731d1289 | 107 | extern rb_dictionary *auth_providers; |
74909c9a EM |
108 | extern rb_dictionary *auth_clients; |
109 | ||
9b5b2ded EM |
110 | void load_provider(struct auth_provider *provider); |
111 | void unload_provider(struct auth_provider *provider); | |
112 | ||
05e17ac2 EM |
113 | void init_providers(void); |
114 | void destroy_providers(void); | |
115 | void cancel_providers(struct auth_client *auth); | |
116 | ||
731d1289 EM |
117 | void provider_done(struct auth_client *auth, uint32_t id); |
118 | void accept_client(struct auth_client *auth, uint32_t id); | |
119 | void reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...); | |
05e17ac2 | 120 | |
05e17ac2 | 121 | void handle_new_connection(int parc, char *parv[]); |
60374ac9 | 122 | void handle_cancel_connection(int parc, char *parv[]); |
05e17ac2 | 123 | |
74909c9a | 124 | |
731d1289 EM |
125 | /* Get a provider by name */ |
126 | static inline struct auth_provider * | |
127 | get_provider(const char *name) | |
128 | { | |
129 | return rb_dictionary_retrieve(auth_providers, name); | |
130 | } | |
131 | ||
132 | /* Get a provider's id by name */ | |
133 | static inline bool | |
134 | get_provider_id(const char *name, int *id) | |
135 | { | |
136 | struct auth_provider *provider = get_provider(name); | |
137 | ||
138 | if(provider != NULL) | |
139 | { | |
140 | *id = provider->id; | |
141 | return true; | |
142 | } | |
143 | else | |
144 | return false; | |
145 | } | |
146 | ||
376ae2e2 EM |
147 | /* Get a provider's raw status */ |
148 | static inline provider_status_t | |
731d1289 | 149 | get_provider_status(struct auth_client *auth, uint32_t provider) |
376ae2e2 EM |
150 | { |
151 | return auth->data[provider].status; | |
152 | } | |
153 | ||
154 | /* Set a provider's raw status */ | |
60374ac9 | 155 | static inline void |
731d1289 | 156 | set_provider_status(struct auth_client *auth, uint32_t provider, provider_status_t status) |
05e17ac2 | 157 | { |
376ae2e2 | 158 | auth->data[provider].status = status; |
05e17ac2 EM |
159 | } |
160 | ||
376ae2e2 EM |
161 | /* Set the provider as running |
162 | * If you're doing asynchronous work call this */ | |
60374ac9 | 163 | static inline void |
731d1289 | 164 | set_provider_running(struct auth_client *auth, uint32_t provider) |
2b0cc3d3 | 165 | { |
376ae2e2 EM |
166 | auth->refcount++; |
167 | set_provider_status(auth, provider, PROVIDER_STATUS_RUNNING); | |
2b0cc3d3 EM |
168 | } |
169 | ||
376ae2e2 EM |
170 | /* Provider is no longer operating on this auth client |
171 | * You should use provider_done and not this */ | |
60374ac9 | 172 | static inline void |
731d1289 | 173 | set_provider_done(struct auth_client *auth, uint32_t provider) |
05e17ac2 | 174 | { |
376ae2e2 EM |
175 | auth->refcount--; |
176 | set_provider_status(auth, provider, PROVIDER_STATUS_DONE); | |
05e17ac2 EM |
177 | } |
178 | ||
179 | /* Check if provider is operating on this auth client */ | |
60374ac9 | 180 | static inline bool |
731d1289 | 181 | is_provider_running(struct auth_client *auth, uint32_t provider) |
2b0cc3d3 | 182 | { |
376ae2e2 | 183 | return get_provider_status(auth, provider) == PROVIDER_STATUS_RUNNING; |
2b0cc3d3 EM |
184 | } |
185 | ||
376ae2e2 | 186 | /* Check if provider has finished on this client */ |
60374ac9 | 187 | static inline bool |
731d1289 | 188 | is_provider_done(struct auth_client *auth, uint32_t provider) |
05e17ac2 | 189 | { |
376ae2e2 EM |
190 | return get_provider_status(auth, provider) == PROVIDER_STATUS_DONE; |
191 | } | |
192 | ||
193 | /* Get provider auth client data */ | |
194 | static inline void * | |
195 | get_provider_data(struct auth_client *auth, uint32_t id) | |
196 | { | |
376ae2e2 EM |
197 | return auth->data[id].data; |
198 | } | |
199 | ||
200 | /* Set provider auth client data */ | |
201 | static inline void | |
202 | set_provider_data(struct auth_client *auth, uint32_t id, void *data) | |
203 | { | |
376ae2e2 EM |
204 | auth->data[id].data = data; |
205 | } | |
206 | ||
207 | /* Set timeout relative to current time on provider | |
208 | * When the timeout lapses, the provider's timeout call will execute */ | |
209 | static inline void | |
210 | set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout) | |
211 | { | |
376ae2e2 EM |
212 | auth->data[id].timeout = timeout + rb_current_time(); |
213 | } | |
214 | ||
215 | /* Set timeout value in absolute time (Unix timestamp) | |
216 | * When the timeout lapses, the provider's timeout call will execute */ | |
217 | static inline void | |
218 | set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout) | |
219 | { | |
376ae2e2 EM |
220 | auth->data[id].timeout = timeout; |
221 | } | |
222 | ||
223 | /* Get the timeout value for the provider */ | |
224 | static inline time_t | |
225 | get_provider_timeout(struct auth_client *auth, uint32_t id) | |
226 | { | |
376ae2e2 | 227 | return auth->data[id].timeout; |
05e17ac2 EM |
228 | } |
229 | ||
0f95a274 | 230 | #endif /* __CHARYBDIS_AUTHD_PROVIDER_H__ */ |