[solanum.git] / authd / provider.h

/* authd/provider.h - authentication provider framework
 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef __CHARYBDIS_AUTHD_PROVIDER_H__
#define __CHARYBDIS_AUTHD_PROVIDER_H__

#include "stdinc.h"
#include "authd.h"
#include "rb_dictionary.h"

#define MAX_PROVIDERS 32	/* This should be enough */

typedef enum
{
	PROVIDER_STATUS_NOTRUN = 0,
	PROVIDER_STATUS_RUNNING,
	PROVIDER_STATUS_DONE,
} provider_status_t;

struct auth_client_data
{
	struct auth_provider *provider;	/* Pointer back */
	time_t timeout;			/* Provider timeout */
	void *data;			/* Provider data */
	provider_status_t status;	/* Provider status */
};

struct auth_client
{
	uint16_t cid;				/* Client ID */

	char l_ip[HOSTIPLEN + 1];		/* Listener IP address */
	uint16_t l_port;			/* Listener port */
	struct rb_sockaddr_storage l_addr;	/* Listener address/port */

	char c_ip[HOSTIPLEN + 1];		/* Client IP address */
	uint16_t c_port;			/* Client port */
	struct rb_sockaddr_storage c_addr;	/* Client address/port */

	char hostname[HOSTLEN + 1];		/* Used for DNS lookup */
	char username[USERLEN + 1];		/* Used for ident lookup */

	bool providers_starting;		/* Providers are still warming up */
	unsigned int refcount;			/* Held references */

	struct auth_client_data *data;		/* Provider-specific data */
};

typedef bool (*provider_init_t)(void);
typedef void (*provider_destroy_t)(void);

typedef bool (*provider_start_t)(struct auth_client *);
typedef void (*provider_cancel_t)(struct auth_client *);
typedef void (*uint32_timeout_t)(struct auth_client *);
typedef void (*provider_complete_t)(struct auth_client *, uint32_t);

struct auth_stats_handler
{
	const char letter;
	authd_stat_handler handler;
};

struct auth_provider
{
	rb_dlink_node node;

	uint32_t id;			/* Provider ID */

	const char *name;		/* Name of the provider */
	char letter;			/* Letter used on reject, etc. */

	provider_init_t init;		/* Initalise the provider */
	provider_destroy_t destroy;	/* Terminate the provider */

	provider_start_t start;		/* Perform authentication */
	provider_cancel_t cancel;	/* Authentication cancelled */
	uint32_timeout_t timeout;	/* Timeout callback */
	provider_complete_t completed;	/* Callback for when other performers complete (think dependency chains) */

	struct auth_stats_handler stats_handler;

	struct auth_opts_handler *opt_handlers;
};

extern struct auth_provider rdns_provider;
extern struct auth_provider ident_provider;
extern struct auth_provider blacklist_provider;
extern struct auth_provider opm_provider;

extern rb_dictionary *auth_providers;
extern rb_dictionary *auth_clients;

void load_provider(struct auth_provider *provider);
void unload_provider(struct auth_provider *provider);

void init_providers(void);
void destroy_providers(void);
void cancel_providers(struct auth_client *auth);

void provider_done(struct auth_client *auth, uint32_t id);
void accept_client(struct auth_client *auth, uint32_t id);
void reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...);

void handle_new_connection(int parc, char *parv[]);
void handle_cancel_connection(int parc, char *parv[]);
void auth_client_free(struct auth_client *auth);

static inline void
auth_client_ref(struct auth_client *auth)
{
	auth->refcount++;
}

static inline void
auth_client_unref(struct auth_client *auth)
{
	auth->refcount--;
	if (auth->refcount == 0)
		auth_client_free(auth);
}

/* Get a provider by name */
static inline struct auth_provider *
get_provider(const char *name)
{
	return rb_dictionary_retrieve(auth_providers, name);
}

/* Get a provider's id by name */
static inline bool
get_provider_id(const char *name, uint32_t *id)
{
	struct auth_provider *provider = get_provider(name);

	if(provider != NULL)
	{
		*id = provider->id;
		return true;
	}
	else
		return false;
}

/* Get a provider's raw status */
static inline provider_status_t
get_provider_status(struct auth_client *auth, uint32_t provider)
{
	return auth->data[provider].status;
}

/* Set a provider's raw status */
static inline void
set_provider_status(struct auth_client *auth, uint32_t provider, provider_status_t status)
{
	auth->data[provider].status = status;
}

/* Set the provider as running
 * If you're doing asynchronous work call this */
static inline void
set_provider_running(struct auth_client *auth, uint32_t provider)
{
	auth_client_ref(auth);
	set_provider_status(auth, provider, PROVIDER_STATUS_RUNNING);
}

/* Provider is no longer operating on this auth client
 * You should use provider_done and not this */
static inline void
set_provider_done(struct auth_client *auth, uint32_t provider)
{
	set_provider_status(auth, provider, PROVIDER_STATUS_DONE);
	auth_client_unref(auth);
}

/* Check if provider is operating on this auth client */
static inline bool
is_provider_running(struct auth_client *auth, uint32_t provider)
{
	return get_provider_status(auth, provider) == PROVIDER_STATUS_RUNNING;
}

/* Check if provider has finished on this client */
static inline bool
is_provider_done(struct auth_client *auth, uint32_t provider)
{
	return get_provider_status(auth, provider) == PROVIDER_STATUS_DONE;
}

/* Get provider auth client data */
static inline void *
get_provider_data(struct auth_client *auth, uint32_t id)
{
	return auth->data[id].data;
}

/* Set provider auth client data */
static inline void
set_provider_data(struct auth_client *auth, uint32_t id, void *data)
{
	auth->data[id].data = data;
}

/* Set timeout relative to current time on provider
 * When the timeout lapses, the provider's timeout call will execute */
static inline void
set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout)
{
	auth->data[id].timeout = timeout + rb_current_time();
}

/* Set timeout value in absolute time (Unix timestamp)
 * When the timeout lapses, the provider's timeout call will execute */
static inline void
set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout)
{
	auth->data[id].timeout = timeout;
}

/* Get the timeout value for the provider */
static inline time_t
get_provider_timeout(struct auth_client *auth, uint32_t id)
{
	return auth->data[id].timeout;
}

#endif /* __CHARYBDIS_AUTHD_PROVIDER_H__ */
Commit	Line	Data
0f95a274	1	/* authd/provider.h - authentication provider framework
05e17ac2 EM	2	* Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
	3	*
	4	* Permission to use, copy, modify, and/or distribute this software for any
	5	* purpose with or without fee is hereby granted, provided that the above
	6	* copyright notice and this permission notice is present in all copies.
	7	*
	8	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	9	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	10	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	11	* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
	12	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	13	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	14	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	15	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	16	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
	17	* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	18	* POSSIBILITY OF SUCH DAMAGE.
	19	*/
	20
0f95a274 EM	21	#ifndef __CHARYBDIS_AUTHD_PROVIDER_H__
0f95a274 EM	22	#define __CHARYBDIS_AUTHD_PROVIDER_H__
05e17ac2 EM	23
05e17ac2 EM	24	#include "stdinc.h"
a51487e0	25	#include "authd.h"
3e875f62	26	#include "rb_dictionary.h"
05e17ac2	27
3e875f62	28	#define MAX_PROVIDERS 32 /* This should be enough */
05e17ac2	29
376ae2e2 EM	30	typedef enum
	31	{
	32	PROVIDER_STATUS_NOTRUN = 0,
	33	PROVIDER_STATUS_RUNNING,
	34	PROVIDER_STATUS_DONE,
	35	} provider_status_t;
	36
a68d9a2b EM	37	struct auth_client_data
a68d9a2b EM	38	{
731d1289	39	struct auth_provider provider; / Pointer back */
376ae2e2 EM	40	time_t timeout; /* Provider timeout */
	41	void data; / Provider data */
	42	provider_status_t status; /* Provider status */
a68d9a2b EM	43	};
a68d9a2b EM	44
05e17ac2 EM	45	struct auth_client
05e17ac2 EM	46	{
be67cfca	47	uint16_t cid; /* Client ID */
05e17ac2	48
2b0cc3d3 EM	49	char l_ip[HOSTIPLEN + 1]; /* Listener IP address */
2b0cc3d3 EM	50	uint16_t l_port; /* Listener port */
9c7498d5	51	struct rb_sockaddr_storage l_addr; /* Listener address/port */
2b0cc3d3 EM	52
	53	char c_ip[HOSTIPLEN + 1]; /* Client IP address */
	54	uint16_t c_port; /* Client port */
9c7498d5	55	struct rb_sockaddr_storage c_addr; /* Client address/port */
05e17ac2	56
5bfc606f	57	char hostname[HOSTLEN + 1]; /* Used for DNS lookup */
be67cfca	58	char username[USERLEN + 1]; /* Used for ident lookup */
05e17ac2	59
247b304f	60	bool providers_starting; /* Providers are still warming up */
376ae2e2	61	unsigned int refcount; /* Held references */
f7b37c1d	62
a68d9a2b	63	struct auth_client_data data; / Provider-specific data */
2b0cc3d3 EM	64	};
	65
	66	typedef bool (*provider_init_t)(void);
2b0cc3d3 EM	67	typedef void (*provider_destroy_t)(void);
2b0cc3d3 EM	68
89d22b9a EM	69	typedef bool (provider_start_t)(struct auth_client );
89d22b9a EM	70	typedef void (provider_cancel_t)(struct auth_client );
731d1289 EM	71	typedef void (uint32_timeout_t)(struct auth_client );
731d1289 EM	72	typedef void (provider_complete_t)(struct auth_client , uint32_t);
89d22b9a	73
ee7f9271 EM	74	struct auth_stats_handler
	75	{
	76	const char letter;
	77	authd_stat_handler handler;
	78	};
	79
05e17ac2 EM	80	struct auth_provider
05e17ac2 EM	81	{
99e53867 EM	82	rb_dlink_node node;
99e53867 EM	83
731d1289 EM	84	uint32_t id; /* Provider ID */
	85
	86	const char name; / Name of the provider */
	87	char letter; /* Letter used on reject, etc. */
05e17ac2 EM	88
	89	provider_init_t init; /* Initalise the provider */
	90	provider_destroy_t destroy; /* Terminate the provider */
	91
89d22b9a	92	provider_start_t start; /* Perform authentication */
05e17ac2	93	provider_cancel_t cancel; /* Authentication cancelled */
731d1289	94	uint32_timeout_t timeout; /* Timeout callback */
05e17ac2	95	provider_complete_t completed; /* Callback for when other performers complete (think dependency chains) */
a51487e0	96
ee7f9271 EM	97	struct auth_stats_handler stats_handler;
ee7f9271 EM	98
a51487e0	99	struct auth_opts_handler *opt_handlers;
05e17ac2 EM	100	};
05e17ac2 EM	101
18764319	102	extern struct auth_provider rdns_provider;
f1861e48	103	extern struct auth_provider ident_provider;
add80afd	104	extern struct auth_provider blacklist_provider;
4e85459a	105	extern struct auth_provider opm_provider;
9b5b2ded	106
a71b65b1 AC	107	extern rb_dictionary *auth_providers;
a71b65b1 AC	108	extern rb_dictionary *auth_clients;
74909c9a	109
9b5b2ded EM	110	void load_provider(struct auth_provider *provider);
	111	void unload_provider(struct auth_provider *provider);
	112
05e17ac2 EM	113	void init_providers(void);
	114	void destroy_providers(void);
	115	void cancel_providers(struct auth_client *auth);
	116
731d1289 EM	117	void provider_done(struct auth_client *auth, uint32_t id);
	118	void accept_client(struct auth_client *auth, uint32_t id);
	119	void reject_client(struct auth_client auth, uint32_t id, const char data, const char *fmt, ...);
05e17ac2	120
05e17ac2	121	void handle_new_connection(int parc, char *parv[]);
60374ac9	122	void handle_cancel_connection(int parc, char *parv[]);
b585278b	123	void auth_client_free(struct auth_client *auth);
05e17ac2	124
b585278b AC	125	static inline void
	126	auth_client_ref(struct auth_client *auth)
	127	{
	128	auth->refcount++;
	129	}
	130
	131	static inline void
	132	auth_client_unref(struct auth_client *auth)
	133	{
	134	auth->refcount--;
	135	if (auth->refcount == 0)
	136	auth_client_free(auth);
	137	}
74909c9a	138
a71b65b1 AC	139	/* Get a provider by name */
	140	static inline struct auth_provider *
	141	get_provider(const char *name)
	142	{
	143	return rb_dictionary_retrieve(auth_providers, name);
	144	}
	145
731d1289 EM	146	/* Get a provider's id by name */
731d1289 EM	147	static inline bool
6b3e61f1	148	get_provider_id(const char name, uint32_t id)
731d1289	149	{
a71b65b1	150	struct auth_provider *provider = get_provider(name);
731d1289 EM	151
	152	if(provider != NULL)
	153	{
	154	*id = provider->id;
	155	return true;
	156	}
	157	else
	158	return false;
	159	}
	160
376ae2e2 EM	161	/* Get a provider's raw status */
376ae2e2 EM	162	static inline provider_status_t
731d1289	163	get_provider_status(struct auth_client *auth, uint32_t provider)
376ae2e2 EM	164	{
	165	return auth->data[provider].status;
	166	}
	167
	168	/* Set a provider's raw status */
60374ac9	169	static inline void
731d1289	170	set_provider_status(struct auth_client *auth, uint32_t provider, provider_status_t status)
05e17ac2	171	{
376ae2e2	172	auth->data[provider].status = status;
05e17ac2 EM	173	}
05e17ac2 EM	174
376ae2e2 EM	175	/* Set the provider as running
376ae2e2 EM	176	* If you're doing asynchronous work call this */
60374ac9	177	static inline void
731d1289	178	set_provider_running(struct auth_client *auth, uint32_t provider)
2b0cc3d3	179	{
b585278b	180	auth_client_ref(auth);
376ae2e2	181	set_provider_status(auth, provider, PROVIDER_STATUS_RUNNING);
2b0cc3d3 EM	182	}
2b0cc3d3 EM	183
376ae2e2 EM	184	/* Provider is no longer operating on this auth client
376ae2e2 EM	185	* You should use provider_done and not this */
60374ac9	186	static inline void
731d1289	187	set_provider_done(struct auth_client *auth, uint32_t provider)
05e17ac2	188	{
376ae2e2	189	set_provider_status(auth, provider, PROVIDER_STATUS_DONE);
b585278b	190	auth_client_unref(auth);
05e17ac2 EM	191	}
	192
	193	/* Check if provider is operating on this auth client */
60374ac9	194	static inline bool
731d1289	195	is_provider_running(struct auth_client *auth, uint32_t provider)
2b0cc3d3	196	{
376ae2e2	197	return get_provider_status(auth, provider) == PROVIDER_STATUS_RUNNING;
2b0cc3d3 EM	198	}
2b0cc3d3 EM	199
376ae2e2	200	/* Check if provider has finished on this client */
60374ac9	201	static inline bool
731d1289	202	is_provider_done(struct auth_client *auth, uint32_t provider)
05e17ac2	203	{
376ae2e2 EM	204	return get_provider_status(auth, provider) == PROVIDER_STATUS_DONE;
	205	}
	206
	207	/* Get provider auth client data */
	208	static inline void *
	209	get_provider_data(struct auth_client *auth, uint32_t id)
	210	{
376ae2e2 EM	211	return auth->data[id].data;
	212	}
	213
	214	/* Set provider auth client data */
	215	static inline void
	216	set_provider_data(struct auth_client auth, uint32_t id, void data)
	217	{
376ae2e2 EM	218	auth->data[id].data = data;
	219	}
	220
	221	/* Set timeout relative to current time on provider
	222	* When the timeout lapses, the provider's timeout call will execute */
	223	static inline void
	224	set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout)
	225	{
376ae2e2 EM	226	auth->data[id].timeout = timeout + rb_current_time();
	227	}
	228
	229	/* Set timeout value in absolute time (Unix timestamp)
	230	* When the timeout lapses, the provider's timeout call will execute */
	231	static inline void
	232	set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout)
	233	{
376ae2e2 EM	234	auth->data[id].timeout = timeout;
	235	}
	236
	237	/* Get the timeout value for the provider */
	238	static inline time_t
	239	get_provider_timeout(struct auth_client *auth, uint32_t id)
	240	{
376ae2e2	241	return auth->data[id].timeout;
05e17ac2 EM	242	}
05e17ac2 EM	243
0f95a274	244	#endif /* __CHARYBDIS_AUTHD_PROVIDER_H__ */