]>
Commit | Line | Data |
---|---|---|
1 | /* authd/provider.h - authentication provider framework | |
2 | * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me> | |
3 | * | |
4 | * Permission to use, copy, modify, and/or distribute this software for any | |
5 | * purpose with or without fee is hereby granted, provided that the above | |
6 | * copyright notice and this permission notice is present in all copies. | |
7 | * | |
8 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
9 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
10 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
11 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, | |
12 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
13 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
14 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
16 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING | |
17 | * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
18 | * POSSIBILITY OF SUCH DAMAGE. | |
19 | */ | |
20 | ||
21 | #ifndef __CHARYBDIS_AUTHD_PROVIDER_H__ | |
22 | #define __CHARYBDIS_AUTHD_PROVIDER_H__ | |
23 | ||
24 | #include "stdinc.h" | |
25 | #include "authd.h" | |
26 | #include "rb_dictionary.h" | |
27 | ||
28 | #define MAX_PROVIDERS 32 /* This should be enough */ | |
29 | ||
30 | typedef enum | |
31 | { | |
32 | PROVIDER_STATUS_NOTRUN = 0, | |
33 | PROVIDER_STATUS_RUNNING, | |
34 | PROVIDER_STATUS_DONE, | |
35 | } provider_status_t; | |
36 | ||
37 | struct auth_client_data | |
38 | { | |
39 | struct auth_provider *provider; /* Pointer back */ | |
40 | time_t timeout; /* Provider timeout */ | |
41 | void *data; /* Provider data */ | |
42 | provider_status_t status; /* Provider status */ | |
43 | }; | |
44 | ||
45 | struct auth_client | |
46 | { | |
47 | uint32_t cid; /* Client ID */ | |
48 | ||
49 | int protocol; /* IP protocol (TCP/SCTP) */ | |
50 | ||
51 | char l_ip[HOSTIPLEN + 1]; /* Listener IP address */ | |
52 | uint16_t l_port; /* Listener port */ | |
53 | struct rb_sockaddr_storage l_addr; /* Listener address/port */ | |
54 | ||
55 | char c_ip[HOSTIPLEN + 1]; /* Client IP address */ | |
56 | uint16_t c_port; /* Client port */ | |
57 | struct rb_sockaddr_storage c_addr; /* Client address/port */ | |
58 | ||
59 | char hostname[HOSTLEN + 1]; /* Used for DNS lookup */ | |
60 | char username[USERLEN + 1]; /* Used for ident lookup */ | |
61 | ||
62 | bool providers_starting; /* Providers are still warming up */ | |
63 | bool providers_cancelled; /* Providers are being cancelled */ | |
64 | unsigned int providers_active; /* Number of active providers */ | |
65 | unsigned int refcount; /* Held references */ | |
66 | ||
67 | struct auth_client_data *data; /* Provider-specific data */ | |
68 | }; | |
69 | ||
70 | typedef bool (*provider_init_t)(void); | |
71 | typedef void (*provider_destroy_t)(void); | |
72 | ||
73 | typedef bool (*provider_start_t)(struct auth_client *); | |
74 | typedef void (*provider_cancel_t)(struct auth_client *); | |
75 | typedef void (*uint32_timeout_t)(struct auth_client *); | |
76 | typedef void (*provider_complete_t)(struct auth_client *, uint32_t); | |
77 | ||
78 | struct auth_stats_handler | |
79 | { | |
80 | const char letter; | |
81 | authd_stat_handler handler; | |
82 | }; | |
83 | ||
84 | struct auth_provider | |
85 | { | |
86 | rb_dlink_node node; | |
87 | ||
88 | uint32_t id; /* Provider ID */ | |
89 | ||
90 | const char *name; /* Name of the provider */ | |
91 | char letter; /* Letter used on reject, etc. */ | |
92 | ||
93 | provider_init_t init; /* Initalise the provider */ | |
94 | provider_destroy_t destroy; /* Terminate the provider */ | |
95 | ||
96 | provider_start_t start; /* Perform authentication */ | |
97 | provider_cancel_t cancel; /* Authentication cancelled */ | |
98 | uint32_timeout_t timeout; /* Timeout callback */ | |
99 | provider_complete_t completed; /* Callback for when other performers complete (think dependency chains) */ | |
100 | ||
101 | struct auth_stats_handler stats_handler; | |
102 | ||
103 | struct auth_opts_handler *opt_handlers; | |
104 | }; | |
105 | ||
106 | extern struct auth_provider rdns_provider; | |
107 | extern struct auth_provider ident_provider; | |
108 | extern struct auth_provider blacklist_provider; | |
109 | extern struct auth_provider opm_provider; | |
110 | ||
111 | extern rb_dlink_list auth_providers; | |
112 | extern rb_dictionary *auth_clients; | |
113 | ||
114 | void load_provider(struct auth_provider *provider); | |
115 | void unload_provider(struct auth_provider *provider); | |
116 | ||
117 | void init_providers(void); | |
118 | void destroy_providers(void); | |
119 | void cancel_providers(struct auth_client *auth); | |
120 | ||
121 | void provider_done(struct auth_client *auth, uint32_t id); | |
122 | void accept_client(struct auth_client *auth); | |
123 | void reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...); | |
124 | ||
125 | void handle_new_connection(int parc, char *parv[]); | |
126 | void handle_cancel_connection(int parc, char *parv[]); | |
127 | void auth_client_free(struct auth_client *auth); | |
128 | ||
129 | static inline void | |
130 | auth_client_ref(struct auth_client *auth) | |
131 | { | |
132 | auth->refcount++; | |
133 | } | |
134 | ||
135 | static inline void | |
136 | auth_client_unref(struct auth_client *auth) | |
137 | { | |
138 | auth->refcount--; | |
139 | if (auth->refcount == 0) | |
140 | auth_client_free(auth); | |
141 | } | |
142 | ||
143 | /* Get a provider by name */ | |
144 | static inline struct auth_provider * | |
145 | find_provider(const char *name) | |
146 | { | |
147 | rb_dlink_node *ptr; | |
148 | ||
149 | RB_DLINK_FOREACH(ptr, auth_providers.head) | |
150 | { | |
151 | struct auth_provider *provider = ptr->data; | |
152 | ||
153 | if(strcasecmp(provider->name, name) == 0) | |
154 | return provider; | |
155 | } | |
156 | ||
157 | return NULL; | |
158 | } | |
159 | ||
160 | /* Get a provider's id by name */ | |
161 | static inline bool | |
162 | get_provider_id(const char *name, uint32_t *id) | |
163 | { | |
164 | struct auth_provider *provider = find_provider(name); | |
165 | ||
166 | if(provider != NULL) | |
167 | { | |
168 | *id = provider->id; | |
169 | return true; | |
170 | } | |
171 | else | |
172 | return false; | |
173 | } | |
174 | ||
175 | /* Get a provider's raw status */ | |
176 | static inline provider_status_t | |
177 | get_provider_status(struct auth_client *auth, uint32_t provider) | |
178 | { | |
179 | return auth->data[provider].status; | |
180 | } | |
181 | ||
182 | /* Check if provider is operating on this auth client */ | |
183 | static inline bool | |
184 | is_provider_running(struct auth_client *auth, uint32_t provider) | |
185 | { | |
186 | return get_provider_status(auth, provider) == PROVIDER_STATUS_RUNNING; | |
187 | } | |
188 | ||
189 | /* Check if provider has finished on this client */ | |
190 | static inline bool | |
191 | is_provider_done(struct auth_client *auth, uint32_t provider) | |
192 | { | |
193 | return get_provider_status(auth, provider) == PROVIDER_STATUS_DONE; | |
194 | } | |
195 | ||
196 | /* Get provider auth client data */ | |
197 | static inline void * | |
198 | get_provider_data(struct auth_client *auth, uint32_t id) | |
199 | { | |
200 | return auth->data[id].data; | |
201 | } | |
202 | ||
203 | /* Set provider auth client data */ | |
204 | static inline void | |
205 | set_provider_data(struct auth_client *auth, uint32_t id, void *data) | |
206 | { | |
207 | auth->data[id].data = data; | |
208 | } | |
209 | ||
210 | /* Set timeout relative to current time on provider | |
211 | * When the timeout lapses, the provider's timeout call will execute */ | |
212 | static inline void | |
213 | set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout) | |
214 | { | |
215 | auth->data[id].timeout = timeout + rb_current_time(); | |
216 | } | |
217 | ||
218 | /* Set timeout value in absolute time (Unix timestamp) | |
219 | * When the timeout lapses, the provider's timeout call will execute */ | |
220 | static inline void | |
221 | set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout) | |
222 | { | |
223 | auth->data[id].timeout = timeout; | |
224 | } | |
225 | ||
226 | /* Get the timeout value for the provider */ | |
227 | static inline time_t | |
228 | get_provider_timeout(struct auth_client *auth, uint32_t id) | |
229 | { | |
230 | return auth->data[id].timeout; | |
231 | } | |
232 | ||
233 | #endif /* __CHARYBDIS_AUTHD_PROVIDER_H__ */ |