]>
Commit | Line | Data |
---|---|---|
0f95a274 | 1 | /* authd/provider.h - authentication provider framework |
05e17ac2 EM |
2 | * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me> |
3 | * | |
4 | * Permission to use, copy, modify, and/or distribute this software for any | |
5 | * purpose with or without fee is hereby granted, provided that the above | |
6 | * copyright notice and this permission notice is present in all copies. | |
7 | * | |
8 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
9 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
10 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
11 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, | |
12 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
13 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
14 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
16 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING | |
17 | * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
18 | * POSSIBILITY OF SUCH DAMAGE. | |
19 | */ | |
20 | ||
0f95a274 EM |
21 | #ifndef __CHARYBDIS_AUTHD_PROVIDER_H__ |
22 | #define __CHARYBDIS_AUTHD_PROVIDER_H__ | |
05e17ac2 EM |
23 | |
24 | #include "stdinc.h" | |
a51487e0 | 25 | #include "authd.h" |
3e875f62 | 26 | #include "rb_dictionary.h" |
05e17ac2 | 27 | |
3e875f62 | 28 | #define MAX_PROVIDERS 32 /* This should be enough */ |
05e17ac2 | 29 | |
376ae2e2 EM |
30 | typedef enum |
31 | { | |
32 | PROVIDER_STATUS_NOTRUN = 0, | |
33 | PROVIDER_STATUS_RUNNING, | |
34 | PROVIDER_STATUS_DONE, | |
35 | } provider_status_t; | |
36 | ||
a68d9a2b EM |
37 | struct auth_client_data |
38 | { | |
731d1289 | 39 | struct auth_provider *provider; /* Pointer back */ |
376ae2e2 EM |
40 | time_t timeout; /* Provider timeout */ |
41 | void *data; /* Provider data */ | |
42 | provider_status_t status; /* Provider status */ | |
a68d9a2b EM |
43 | }; |
44 | ||
05e17ac2 EM |
45 | struct auth_client |
46 | { | |
2392770f | 47 | uint32_t cid; /* Client ID */ |
05e17ac2 | 48 | |
2b0cc3d3 EM |
49 | char l_ip[HOSTIPLEN + 1]; /* Listener IP address */ |
50 | uint16_t l_port; /* Listener port */ | |
9c7498d5 | 51 | struct rb_sockaddr_storage l_addr; /* Listener address/port */ |
2b0cc3d3 EM |
52 | |
53 | char c_ip[HOSTIPLEN + 1]; /* Client IP address */ | |
54 | uint16_t c_port; /* Client port */ | |
9c7498d5 | 55 | struct rb_sockaddr_storage c_addr; /* Client address/port */ |
05e17ac2 | 56 | |
5bfc606f | 57 | char hostname[HOSTLEN + 1]; /* Used for DNS lookup */ |
be67cfca | 58 | char username[USERLEN + 1]; /* Used for ident lookup */ |
05e17ac2 | 59 | |
247b304f | 60 | bool providers_starting; /* Providers are still warming up */ |
9f928dc5 | 61 | bool providers_cancelled; /* Providers are being cancelled */ |
a5f52774 | 62 | unsigned int providers_active; /* Number of active providers */ |
376ae2e2 | 63 | unsigned int refcount; /* Held references */ |
f7b37c1d | 64 | |
a68d9a2b | 65 | struct auth_client_data *data; /* Provider-specific data */ |
2b0cc3d3 EM |
66 | }; |
67 | ||
68 | typedef bool (*provider_init_t)(void); | |
2b0cc3d3 EM |
69 | typedef void (*provider_destroy_t)(void); |
70 | ||
89d22b9a EM |
71 | typedef bool (*provider_start_t)(struct auth_client *); |
72 | typedef void (*provider_cancel_t)(struct auth_client *); | |
731d1289 EM |
73 | typedef void (*uint32_timeout_t)(struct auth_client *); |
74 | typedef void (*provider_complete_t)(struct auth_client *, uint32_t); | |
89d22b9a | 75 | |
ee7f9271 EM |
76 | struct auth_stats_handler |
77 | { | |
78 | const char letter; | |
79 | authd_stat_handler handler; | |
80 | }; | |
81 | ||
05e17ac2 EM |
82 | struct auth_provider |
83 | { | |
99e53867 EM |
84 | rb_dlink_node node; |
85 | ||
731d1289 EM |
86 | uint32_t id; /* Provider ID */ |
87 | ||
88 | const char *name; /* Name of the provider */ | |
89 | char letter; /* Letter used on reject, etc. */ | |
05e17ac2 EM |
90 | |
91 | provider_init_t init; /* Initalise the provider */ | |
92 | provider_destroy_t destroy; /* Terminate the provider */ | |
93 | ||
89d22b9a | 94 | provider_start_t start; /* Perform authentication */ |
05e17ac2 | 95 | provider_cancel_t cancel; /* Authentication cancelled */ |
731d1289 | 96 | uint32_timeout_t timeout; /* Timeout callback */ |
05e17ac2 | 97 | provider_complete_t completed; /* Callback for when other performers complete (think dependency chains) */ |
a51487e0 | 98 | |
ee7f9271 EM |
99 | struct auth_stats_handler stats_handler; |
100 | ||
a51487e0 | 101 | struct auth_opts_handler *opt_handlers; |
05e17ac2 EM |
102 | }; |
103 | ||
18764319 | 104 | extern struct auth_provider rdns_provider; |
f1861e48 | 105 | extern struct auth_provider ident_provider; |
add80afd | 106 | extern struct auth_provider blacklist_provider; |
4e85459a | 107 | extern struct auth_provider opm_provider; |
9b5b2ded | 108 | |
d955cd9f | 109 | extern rb_dlink_list auth_providers; |
a71b65b1 | 110 | extern rb_dictionary *auth_clients; |
74909c9a | 111 | |
9b5b2ded EM |
112 | void load_provider(struct auth_provider *provider); |
113 | void unload_provider(struct auth_provider *provider); | |
114 | ||
05e17ac2 EM |
115 | void init_providers(void); |
116 | void destroy_providers(void); | |
117 | void cancel_providers(struct auth_client *auth); | |
118 | ||
731d1289 | 119 | void provider_done(struct auth_client *auth, uint32_t id); |
2f598dac | 120 | void accept_client(struct auth_client *auth); |
731d1289 | 121 | void reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...); |
05e17ac2 | 122 | |
05e17ac2 | 123 | void handle_new_connection(int parc, char *parv[]); |
60374ac9 | 124 | void handle_cancel_connection(int parc, char *parv[]); |
b585278b | 125 | void auth_client_free(struct auth_client *auth); |
05e17ac2 | 126 | |
b585278b AC |
127 | static inline void |
128 | auth_client_ref(struct auth_client *auth) | |
129 | { | |
130 | auth->refcount++; | |
131 | } | |
132 | ||
133 | static inline void | |
134 | auth_client_unref(struct auth_client *auth) | |
135 | { | |
136 | auth->refcount--; | |
137 | if (auth->refcount == 0) | |
138 | auth_client_free(auth); | |
139 | } | |
74909c9a | 140 | |
a71b65b1 AC |
141 | /* Get a provider by name */ |
142 | static inline struct auth_provider * | |
d955cd9f | 143 | find_provider(const char *name) |
a71b65b1 | 144 | { |
d955cd9f SA |
145 | rb_dlink_node *ptr; |
146 | ||
147 | RB_DLINK_FOREACH(ptr, auth_providers.head) | |
148 | { | |
149 | struct auth_provider *provider = ptr->data; | |
150 | ||
151 | if(strcasecmp(provider->name, name) == 0) | |
152 | return provider; | |
153 | } | |
154 | ||
155 | return NULL; | |
a71b65b1 AC |
156 | } |
157 | ||
731d1289 EM |
158 | /* Get a provider's id by name */ |
159 | static inline bool | |
6b3e61f1 | 160 | get_provider_id(const char *name, uint32_t *id) |
731d1289 | 161 | { |
d955cd9f | 162 | struct auth_provider *provider = find_provider(name); |
731d1289 EM |
163 | |
164 | if(provider != NULL) | |
165 | { | |
166 | *id = provider->id; | |
167 | return true; | |
168 | } | |
169 | else | |
170 | return false; | |
171 | } | |
172 | ||
376ae2e2 EM |
173 | /* Get a provider's raw status */ |
174 | static inline provider_status_t | |
731d1289 | 175 | get_provider_status(struct auth_client *auth, uint32_t provider) |
376ae2e2 EM |
176 | { |
177 | return auth->data[provider].status; | |
178 | } | |
179 | ||
180 | /* Set a provider's raw status */ | |
60374ac9 | 181 | static inline void |
731d1289 | 182 | set_provider_status(struct auth_client *auth, uint32_t provider, provider_status_t status) |
05e17ac2 | 183 | { |
376ae2e2 | 184 | auth->data[provider].status = status; |
05e17ac2 EM |
185 | } |
186 | ||
376ae2e2 EM |
187 | /* Set the provider as running |
188 | * If you're doing asynchronous work call this */ | |
60374ac9 | 189 | static inline void |
731d1289 | 190 | set_provider_running(struct auth_client *auth, uint32_t provider) |
2b0cc3d3 | 191 | { |
a5f52774 | 192 | auth->providers_active++; |
376ae2e2 | 193 | set_provider_status(auth, provider, PROVIDER_STATUS_RUNNING); |
2b0cc3d3 EM |
194 | } |
195 | ||
376ae2e2 EM |
196 | /* Provider is no longer operating on this auth client |
197 | * You should use provider_done and not this */ | |
60374ac9 | 198 | static inline void |
731d1289 | 199 | set_provider_done(struct auth_client *auth, uint32_t provider) |
05e17ac2 | 200 | { |
376ae2e2 | 201 | set_provider_status(auth, provider, PROVIDER_STATUS_DONE); |
a5f52774 | 202 | auth->providers_active--; |
05e17ac2 EM |
203 | } |
204 | ||
205 | /* Check if provider is operating on this auth client */ | |
60374ac9 | 206 | static inline bool |
731d1289 | 207 | is_provider_running(struct auth_client *auth, uint32_t provider) |
2b0cc3d3 | 208 | { |
376ae2e2 | 209 | return get_provider_status(auth, provider) == PROVIDER_STATUS_RUNNING; |
2b0cc3d3 EM |
210 | } |
211 | ||
376ae2e2 | 212 | /* Check if provider has finished on this client */ |
60374ac9 | 213 | static inline bool |
731d1289 | 214 | is_provider_done(struct auth_client *auth, uint32_t provider) |
05e17ac2 | 215 | { |
376ae2e2 EM |
216 | return get_provider_status(auth, provider) == PROVIDER_STATUS_DONE; |
217 | } | |
218 | ||
219 | /* Get provider auth client data */ | |
220 | static inline void * | |
221 | get_provider_data(struct auth_client *auth, uint32_t id) | |
222 | { | |
376ae2e2 EM |
223 | return auth->data[id].data; |
224 | } | |
225 | ||
226 | /* Set provider auth client data */ | |
227 | static inline void | |
228 | set_provider_data(struct auth_client *auth, uint32_t id, void *data) | |
229 | { | |
376ae2e2 EM |
230 | auth->data[id].data = data; |
231 | } | |
232 | ||
233 | /* Set timeout relative to current time on provider | |
234 | * When the timeout lapses, the provider's timeout call will execute */ | |
235 | static inline void | |
236 | set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout) | |
237 | { | |
376ae2e2 EM |
238 | auth->data[id].timeout = timeout + rb_current_time(); |
239 | } | |
240 | ||
241 | /* Set timeout value in absolute time (Unix timestamp) | |
242 | * When the timeout lapses, the provider's timeout call will execute */ | |
243 | static inline void | |
244 | set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout) | |
245 | { | |
376ae2e2 EM |
246 | auth->data[id].timeout = timeout; |
247 | } | |
248 | ||
249 | /* Get the timeout value for the provider */ | |
250 | static inline time_t | |
251 | get_provider_timeout(struct auth_client *auth, uint32_t id) | |
252 | { | |
376ae2e2 | 253 | return auth->data[id].timeout; |
05e17ac2 EM |
254 | } |
255 | ||
0f95a274 | 256 | #endif /* __CHARYBDIS_AUTHD_PROVIDER_H__ */ |