]>
Commit | Line | Data |
---|---|---|
1 | /* authd/provider.h - authentication provider framework | |
2 | * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me> | |
3 | * | |
4 | * Permission to use, copy, modify, and/or distribute this software for any | |
5 | * purpose with or without fee is hereby granted, provided that the above | |
6 | * copyright notice and this permission notice is present in all copies. | |
7 | * | |
8 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
9 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
10 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
11 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, | |
12 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
13 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
14 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
16 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING | |
17 | * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
18 | * POSSIBILITY OF SUCH DAMAGE. | |
19 | */ | |
20 | ||
21 | #ifndef __CHARYBDIS_AUTHD_PROVIDER_H__ | |
22 | #define __CHARYBDIS_AUTHD_PROVIDER_H__ | |
23 | ||
24 | #include "stdinc.h" | |
25 | #include "authd.h" | |
26 | #include "rb_dictionary.h" | |
27 | ||
28 | #define MAX_PROVIDERS 32 /* This should be enough */ | |
29 | ||
30 | typedef enum | |
31 | { | |
32 | PROVIDER_STATUS_NOTRUN = 0, | |
33 | PROVIDER_STATUS_RUNNING, | |
34 | PROVIDER_STATUS_DONE, | |
35 | } provider_status_t; | |
36 | ||
37 | struct auth_client_data | |
38 | { | |
39 | struct auth_provider *provider; /* Pointer back */ | |
40 | time_t timeout; /* Provider timeout */ | |
41 | void *data; /* Provider data */ | |
42 | provider_status_t status; /* Provider status */ | |
43 | }; | |
44 | ||
45 | struct auth_client | |
46 | { | |
47 | uint32_t cid; /* Client ID */ | |
48 | ||
49 | char l_ip[HOSTIPLEN + 1]; /* Listener IP address */ | |
50 | uint16_t l_port; /* Listener port */ | |
51 | struct rb_sockaddr_storage l_addr; /* Listener address/port */ | |
52 | ||
53 | char c_ip[HOSTIPLEN + 1]; /* Client IP address */ | |
54 | uint16_t c_port; /* Client port */ | |
55 | struct rb_sockaddr_storage c_addr; /* Client address/port */ | |
56 | ||
57 | char hostname[HOSTLEN + 1]; /* Used for DNS lookup */ | |
58 | char username[USERLEN + 1]; /* Used for ident lookup */ | |
59 | ||
60 | bool providers_starting; /* Providers are still warming up */ | |
61 | bool providers_cancelled; /* Providers are being cancelled */ | |
62 | unsigned int providers_active; /* Number of active providers */ | |
63 | unsigned int refcount; /* Held references */ | |
64 | ||
65 | struct auth_client_data *data; /* Provider-specific data */ | |
66 | }; | |
67 | ||
68 | typedef bool (*provider_init_t)(void); | |
69 | typedef void (*provider_destroy_t)(void); | |
70 | ||
71 | typedef bool (*provider_start_t)(struct auth_client *); | |
72 | typedef void (*provider_cancel_t)(struct auth_client *); | |
73 | typedef void (*uint32_timeout_t)(struct auth_client *); | |
74 | typedef void (*provider_complete_t)(struct auth_client *, uint32_t); | |
75 | ||
76 | struct auth_stats_handler | |
77 | { | |
78 | const char letter; | |
79 | authd_stat_handler handler; | |
80 | }; | |
81 | ||
82 | struct auth_provider | |
83 | { | |
84 | rb_dlink_node node; | |
85 | ||
86 | uint32_t id; /* Provider ID */ | |
87 | ||
88 | const char *name; /* Name of the provider */ | |
89 | char letter; /* Letter used on reject, etc. */ | |
90 | ||
91 | provider_init_t init; /* Initalise the provider */ | |
92 | provider_destroy_t destroy; /* Terminate the provider */ | |
93 | ||
94 | provider_start_t start; /* Perform authentication */ | |
95 | provider_cancel_t cancel; /* Authentication cancelled */ | |
96 | uint32_timeout_t timeout; /* Timeout callback */ | |
97 | provider_complete_t completed; /* Callback for when other performers complete (think dependency chains) */ | |
98 | ||
99 | struct auth_stats_handler stats_handler; | |
100 | ||
101 | struct auth_opts_handler *opt_handlers; | |
102 | }; | |
103 | ||
104 | extern struct auth_provider rdns_provider; | |
105 | extern struct auth_provider ident_provider; | |
106 | extern struct auth_provider blacklist_provider; | |
107 | extern struct auth_provider opm_provider; | |
108 | ||
109 | extern rb_dlink_list auth_providers; | |
110 | extern rb_dictionary *auth_clients; | |
111 | ||
112 | void load_provider(struct auth_provider *provider); | |
113 | void unload_provider(struct auth_provider *provider); | |
114 | ||
115 | void init_providers(void); | |
116 | void destroy_providers(void); | |
117 | void cancel_providers(struct auth_client *auth); | |
118 | ||
119 | void provider_done(struct auth_client *auth, uint32_t id); | |
120 | void accept_client(struct auth_client *auth); | |
121 | void reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...); | |
122 | ||
123 | void handle_new_connection(int parc, char *parv[]); | |
124 | void handle_cancel_connection(int parc, char *parv[]); | |
125 | void auth_client_free(struct auth_client *auth); | |
126 | ||
127 | static inline void | |
128 | auth_client_ref(struct auth_client *auth) | |
129 | { | |
130 | auth->refcount++; | |
131 | } | |
132 | ||
133 | static inline void | |
134 | auth_client_unref(struct auth_client *auth) | |
135 | { | |
136 | auth->refcount--; | |
137 | if (auth->refcount == 0) | |
138 | auth_client_free(auth); | |
139 | } | |
140 | ||
141 | /* Get a provider by name */ | |
142 | static inline struct auth_provider * | |
143 | find_provider(const char *name) | |
144 | { | |
145 | rb_dlink_node *ptr; | |
146 | ||
147 | RB_DLINK_FOREACH(ptr, auth_providers.head) | |
148 | { | |
149 | struct auth_provider *provider = ptr->data; | |
150 | ||
151 | if(strcasecmp(provider->name, name) == 0) | |
152 | return provider; | |
153 | } | |
154 | ||
155 | return NULL; | |
156 | } | |
157 | ||
158 | /* Get a provider's id by name */ | |
159 | static inline bool | |
160 | get_provider_id(const char *name, uint32_t *id) | |
161 | { | |
162 | struct auth_provider *provider = find_provider(name); | |
163 | ||
164 | if(provider != NULL) | |
165 | { | |
166 | *id = provider->id; | |
167 | return true; | |
168 | } | |
169 | else | |
170 | return false; | |
171 | } | |
172 | ||
173 | /* Get a provider's raw status */ | |
174 | static inline provider_status_t | |
175 | get_provider_status(struct auth_client *auth, uint32_t provider) | |
176 | { | |
177 | return auth->data[provider].status; | |
178 | } | |
179 | ||
180 | /* Set a provider's raw status */ | |
181 | static inline void | |
182 | set_provider_status(struct auth_client *auth, uint32_t provider, provider_status_t status) | |
183 | { | |
184 | auth->data[provider].status = status; | |
185 | } | |
186 | ||
187 | /* Set the provider as running | |
188 | * If you're doing asynchronous work call this */ | |
189 | static inline void | |
190 | set_provider_running(struct auth_client *auth, uint32_t provider) | |
191 | { | |
192 | auth->providers_active++; | |
193 | set_provider_status(auth, provider, PROVIDER_STATUS_RUNNING); | |
194 | } | |
195 | ||
196 | /* Provider is no longer operating on this auth client | |
197 | * You should use provider_done and not this */ | |
198 | static inline void | |
199 | set_provider_done(struct auth_client *auth, uint32_t provider) | |
200 | { | |
201 | set_provider_status(auth, provider, PROVIDER_STATUS_DONE); | |
202 | auth->providers_active--; | |
203 | } | |
204 | ||
205 | /* Check if provider is operating on this auth client */ | |
206 | static inline bool | |
207 | is_provider_running(struct auth_client *auth, uint32_t provider) | |
208 | { | |
209 | return get_provider_status(auth, provider) == PROVIDER_STATUS_RUNNING; | |
210 | } | |
211 | ||
212 | /* Check if provider has finished on this client */ | |
213 | static inline bool | |
214 | is_provider_done(struct auth_client *auth, uint32_t provider) | |
215 | { | |
216 | return get_provider_status(auth, provider) == PROVIDER_STATUS_DONE; | |
217 | } | |
218 | ||
219 | /* Get provider auth client data */ | |
220 | static inline void * | |
221 | get_provider_data(struct auth_client *auth, uint32_t id) | |
222 | { | |
223 | return auth->data[id].data; | |
224 | } | |
225 | ||
226 | /* Set provider auth client data */ | |
227 | static inline void | |
228 | set_provider_data(struct auth_client *auth, uint32_t id, void *data) | |
229 | { | |
230 | auth->data[id].data = data; | |
231 | } | |
232 | ||
233 | /* Set timeout relative to current time on provider | |
234 | * When the timeout lapses, the provider's timeout call will execute */ | |
235 | static inline void | |
236 | set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout) | |
237 | { | |
238 | auth->data[id].timeout = timeout + rb_current_time(); | |
239 | } | |
240 | ||
241 | /* Set timeout value in absolute time (Unix timestamp) | |
242 | * When the timeout lapses, the provider's timeout call will execute */ | |
243 | static inline void | |
244 | set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout) | |
245 | { | |
246 | auth->data[id].timeout = timeout; | |
247 | } | |
248 | ||
249 | /* Get the timeout value for the provider */ | |
250 | static inline time_t | |
251 | get_provider_timeout(struct auth_client *auth, uint32_t id) | |
252 | { | |
253 | return auth->data[id].timeout; | |
254 | } | |
255 | ||
256 | #endif /* __CHARYBDIS_AUTHD_PROVIDER_H__ */ |