]>
Commit | Line | Data |
---|---|---|
0f95a274 | 1 | /* authd/provider.h - authentication provider framework |
05e17ac2 EM |
2 | * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me> |
3 | * | |
4 | * Permission to use, copy, modify, and/or distribute this software for any | |
5 | * purpose with or without fee is hereby granted, provided that the above | |
6 | * copyright notice and this permission notice is present in all copies. | |
7 | * | |
8 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
9 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
10 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
11 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, | |
12 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
13 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
14 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
16 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING | |
17 | * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
18 | * POSSIBILITY OF SUCH DAMAGE. | |
19 | */ | |
20 | ||
0f95a274 EM |
21 | #ifndef __CHARYBDIS_AUTHD_PROVIDER_H__ |
22 | #define __CHARYBDIS_AUTHD_PROVIDER_H__ | |
05e17ac2 EM |
23 | |
24 | #include "stdinc.h" | |
a51487e0 | 25 | #include "authd.h" |
3e875f62 | 26 | #include "rb_dictionary.h" |
05e17ac2 | 27 | |
3e875f62 | 28 | #define MAX_PROVIDERS 32 /* This should be enough */ |
05e17ac2 | 29 | |
376ae2e2 EM |
30 | typedef enum |
31 | { | |
32 | PROVIDER_STATUS_NOTRUN = 0, | |
33 | PROVIDER_STATUS_RUNNING, | |
34 | PROVIDER_STATUS_DONE, | |
35 | } provider_status_t; | |
36 | ||
a68d9a2b EM |
37 | struct auth_client_data |
38 | { | |
731d1289 | 39 | struct auth_provider *provider; /* Pointer back */ |
376ae2e2 EM |
40 | time_t timeout; /* Provider timeout */ |
41 | void *data; /* Provider data */ | |
42 | provider_status_t status; /* Provider status */ | |
a68d9a2b EM |
43 | }; |
44 | ||
05e17ac2 EM |
45 | struct auth_client |
46 | { | |
be67cfca | 47 | uint16_t cid; /* Client ID */ |
05e17ac2 | 48 | |
2b0cc3d3 EM |
49 | char l_ip[HOSTIPLEN + 1]; /* Listener IP address */ |
50 | uint16_t l_port; /* Listener port */ | |
9c7498d5 | 51 | struct rb_sockaddr_storage l_addr; /* Listener address/port */ |
2b0cc3d3 EM |
52 | |
53 | char c_ip[HOSTIPLEN + 1]; /* Client IP address */ | |
54 | uint16_t c_port; /* Client port */ | |
9c7498d5 | 55 | struct rb_sockaddr_storage c_addr; /* Client address/port */ |
05e17ac2 | 56 | |
5bfc606f | 57 | char hostname[HOSTLEN + 1]; /* Used for DNS lookup */ |
be67cfca | 58 | char username[USERLEN + 1]; /* Used for ident lookup */ |
05e17ac2 | 59 | |
247b304f | 60 | bool providers_starting; /* Providers are still warming up */ |
376ae2e2 | 61 | unsigned int refcount; /* Held references */ |
f7b37c1d | 62 | |
a68d9a2b | 63 | struct auth_client_data *data; /* Provider-specific data */ |
2b0cc3d3 EM |
64 | }; |
65 | ||
66 | typedef bool (*provider_init_t)(void); | |
2b0cc3d3 EM |
67 | typedef void (*provider_destroy_t)(void); |
68 | ||
89d22b9a EM |
69 | typedef bool (*provider_start_t)(struct auth_client *); |
70 | typedef void (*provider_cancel_t)(struct auth_client *); | |
731d1289 EM |
71 | typedef void (*uint32_timeout_t)(struct auth_client *); |
72 | typedef void (*provider_complete_t)(struct auth_client *, uint32_t); | |
89d22b9a | 73 | |
ee7f9271 EM |
74 | struct auth_stats_handler |
75 | { | |
76 | const char letter; | |
77 | authd_stat_handler handler; | |
78 | }; | |
79 | ||
05e17ac2 EM |
80 | struct auth_provider |
81 | { | |
99e53867 EM |
82 | rb_dlink_node node; |
83 | ||
731d1289 EM |
84 | uint32_t id; /* Provider ID */ |
85 | ||
86 | const char *name; /* Name of the provider */ | |
87 | char letter; /* Letter used on reject, etc. */ | |
05e17ac2 EM |
88 | |
89 | provider_init_t init; /* Initalise the provider */ | |
90 | provider_destroy_t destroy; /* Terminate the provider */ | |
91 | ||
89d22b9a | 92 | provider_start_t start; /* Perform authentication */ |
05e17ac2 | 93 | provider_cancel_t cancel; /* Authentication cancelled */ |
731d1289 | 94 | uint32_timeout_t timeout; /* Timeout callback */ |
05e17ac2 | 95 | provider_complete_t completed; /* Callback for when other performers complete (think dependency chains) */ |
a51487e0 | 96 | |
ee7f9271 EM |
97 | struct auth_stats_handler stats_handler; |
98 | ||
a51487e0 | 99 | struct auth_opts_handler *opt_handlers; |
05e17ac2 EM |
100 | }; |
101 | ||
18764319 | 102 | extern struct auth_provider rdns_provider; |
f1861e48 | 103 | extern struct auth_provider ident_provider; |
add80afd | 104 | extern struct auth_provider blacklist_provider; |
4e85459a | 105 | extern struct auth_provider opm_provider; |
9b5b2ded | 106 | |
a71b65b1 AC |
107 | extern rb_dictionary *auth_providers; |
108 | extern rb_dictionary *auth_clients; | |
74909c9a | 109 | |
9b5b2ded EM |
110 | void load_provider(struct auth_provider *provider); |
111 | void unload_provider(struct auth_provider *provider); | |
112 | ||
05e17ac2 EM |
113 | void init_providers(void); |
114 | void destroy_providers(void); | |
115 | void cancel_providers(struct auth_client *auth); | |
116 | ||
731d1289 EM |
117 | void provider_done(struct auth_client *auth, uint32_t id); |
118 | void accept_client(struct auth_client *auth, uint32_t id); | |
119 | void reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...); | |
05e17ac2 | 120 | |
05e17ac2 | 121 | void handle_new_connection(int parc, char *parv[]); |
60374ac9 | 122 | void handle_cancel_connection(int parc, char *parv[]); |
b585278b | 123 | void auth_client_free(struct auth_client *auth); |
05e17ac2 | 124 | |
b585278b AC |
125 | static inline void |
126 | auth_client_ref(struct auth_client *auth) | |
127 | { | |
128 | auth->refcount++; | |
129 | } | |
130 | ||
131 | static inline void | |
132 | auth_client_unref(struct auth_client *auth) | |
133 | { | |
134 | auth->refcount--; | |
135 | if (auth->refcount == 0) | |
136 | auth_client_free(auth); | |
137 | } | |
74909c9a | 138 | |
a71b65b1 AC |
139 | /* Get a provider by name */ |
140 | static inline struct auth_provider * | |
141 | get_provider(const char *name) | |
142 | { | |
143 | return rb_dictionary_retrieve(auth_providers, name); | |
144 | } | |
145 | ||
731d1289 EM |
146 | /* Get a provider's id by name */ |
147 | static inline bool | |
6b3e61f1 | 148 | get_provider_id(const char *name, uint32_t *id) |
731d1289 | 149 | { |
a71b65b1 | 150 | struct auth_provider *provider = get_provider(name); |
731d1289 EM |
151 | |
152 | if(provider != NULL) | |
153 | { | |
154 | *id = provider->id; | |
155 | return true; | |
156 | } | |
157 | else | |
158 | return false; | |
159 | } | |
160 | ||
376ae2e2 EM |
161 | /* Get a provider's raw status */ |
162 | static inline provider_status_t | |
731d1289 | 163 | get_provider_status(struct auth_client *auth, uint32_t provider) |
376ae2e2 EM |
164 | { |
165 | return auth->data[provider].status; | |
166 | } | |
167 | ||
168 | /* Set a provider's raw status */ | |
60374ac9 | 169 | static inline void |
731d1289 | 170 | set_provider_status(struct auth_client *auth, uint32_t provider, provider_status_t status) |
05e17ac2 | 171 | { |
376ae2e2 | 172 | auth->data[provider].status = status; |
05e17ac2 EM |
173 | } |
174 | ||
376ae2e2 EM |
175 | /* Set the provider as running |
176 | * If you're doing asynchronous work call this */ | |
60374ac9 | 177 | static inline void |
731d1289 | 178 | set_provider_running(struct auth_client *auth, uint32_t provider) |
2b0cc3d3 | 179 | { |
b585278b | 180 | auth_client_ref(auth); |
376ae2e2 | 181 | set_provider_status(auth, provider, PROVIDER_STATUS_RUNNING); |
2b0cc3d3 EM |
182 | } |
183 | ||
376ae2e2 EM |
184 | /* Provider is no longer operating on this auth client |
185 | * You should use provider_done and not this */ | |
60374ac9 | 186 | static inline void |
731d1289 | 187 | set_provider_done(struct auth_client *auth, uint32_t provider) |
05e17ac2 | 188 | { |
376ae2e2 | 189 | set_provider_status(auth, provider, PROVIDER_STATUS_DONE); |
b585278b | 190 | auth_client_unref(auth); |
05e17ac2 EM |
191 | } |
192 | ||
193 | /* Check if provider is operating on this auth client */ | |
60374ac9 | 194 | static inline bool |
731d1289 | 195 | is_provider_running(struct auth_client *auth, uint32_t provider) |
2b0cc3d3 | 196 | { |
376ae2e2 | 197 | return get_provider_status(auth, provider) == PROVIDER_STATUS_RUNNING; |
2b0cc3d3 EM |
198 | } |
199 | ||
376ae2e2 | 200 | /* Check if provider has finished on this client */ |
60374ac9 | 201 | static inline bool |
731d1289 | 202 | is_provider_done(struct auth_client *auth, uint32_t provider) |
05e17ac2 | 203 | { |
376ae2e2 EM |
204 | return get_provider_status(auth, provider) == PROVIDER_STATUS_DONE; |
205 | } | |
206 | ||
207 | /* Get provider auth client data */ | |
208 | static inline void * | |
209 | get_provider_data(struct auth_client *auth, uint32_t id) | |
210 | { | |
376ae2e2 EM |
211 | return auth->data[id].data; |
212 | } | |
213 | ||
214 | /* Set provider auth client data */ | |
215 | static inline void | |
216 | set_provider_data(struct auth_client *auth, uint32_t id, void *data) | |
217 | { | |
376ae2e2 EM |
218 | auth->data[id].data = data; |
219 | } | |
220 | ||
221 | /* Set timeout relative to current time on provider | |
222 | * When the timeout lapses, the provider's timeout call will execute */ | |
223 | static inline void | |
224 | set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout) | |
225 | { | |
376ae2e2 EM |
226 | auth->data[id].timeout = timeout + rb_current_time(); |
227 | } | |
228 | ||
229 | /* Set timeout value in absolute time (Unix timestamp) | |
230 | * When the timeout lapses, the provider's timeout call will execute */ | |
231 | static inline void | |
232 | set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout) | |
233 | { | |
376ae2e2 EM |
234 | auth->data[id].timeout = timeout; |
235 | } | |
236 | ||
237 | /* Get the timeout value for the provider */ | |
238 | static inline time_t | |
239 | get_provider_timeout(struct auth_client *auth, uint32_t id) | |
240 | { | |
376ae2e2 | 241 | return auth->data[id].timeout; |
05e17ac2 EM |
242 | } |
243 | ||
0f95a274 | 244 | #endif /* __CHARYBDIS_AUTHD_PROVIDER_H__ */ |