authd/provider.h

   1 /* authd/provider.h - authentication provider framework
   2  * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
   3  *
   4  * Permission to use, copy, modify, and/or distribute this software for any
   5  * purpose with or without fee is hereby granted, provided that the above
   6  * copyright notice and this permission notice is present in all copies.
   7  *
   8  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   9  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  10  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  11  * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
  12  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  13  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  14  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  15  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  16  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
  17  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  18  * POSSIBILITY OF SUCH DAMAGE.
  19  */
  20
  21 #ifndef __CHARYBDIS_AUTHD_PROVIDER_H__
  22 #define __CHARYBDIS_AUTHD_PROVIDER_H__
  23
  24 #include "stdinc.h"
  25 #include "authd.h"
  26 #include "rb_dictionary.h"
  27
  28 #define MAX_PROVIDERS 32        /* This should be enough */
  29
  30 typedef enum
  31 {
  32         PROVIDER_STATUS_NOTRUN = 0,
  33         PROVIDER_STATUS_RUNNING,
  34         PROVIDER_STATUS_DONE,
  35 } provider_status_t;
  36
  37 struct auth_client_data
  38 {
  39         struct auth_provider *provider; /* Pointer back */
  40         time_t timeout;                 /* Provider timeout */
  41         void *data;                     /* Provider data */
  42         provider_status_t status;       /* Provider status */
  43 };
  44
  45 struct auth_client
  46 {
  47         uint32_t cid;                           /* Client ID */
  48
  49         char l_ip[HOSTIPLEN + 1];               /* Listener IP address */
  50         uint16_t l_port;                        /* Listener port */
  51         struct rb_sockaddr_storage l_addr;      /* Listener address/port */
  52
  53         char c_ip[HOSTIPLEN + 1];               /* Client IP address */
  54         uint16_t c_port;                        /* Client port */
  55         struct rb_sockaddr_storage c_addr;      /* Client address/port */
  56
  57         char hostname[HOSTLEN + 1];             /* Used for DNS lookup */
  58         char username[USERLEN + 1];             /* Used for ident lookup */
  59
  60         bool providers_starting;                /* Providers are still warming up */
  61         bool providers_cancelled;               /* Providers are being cancelled */
  62         unsigned int providers_active;          /* Number of active providers */
  63         unsigned int refcount;                  /* Held references */
  64
  65         struct auth_client_data *data;          /* Provider-specific data */
  66 };
  67
  68 typedef bool (*provider_init_t)(void);
  69 typedef void (*provider_destroy_t)(void);
  70
  71 typedef bool (*provider_start_t)(struct auth_client *);
  72 typedef void (*provider_cancel_t)(struct auth_client *);
  73 typedef void (*uint32_timeout_t)(struct auth_client *);
  74 typedef void (*provider_complete_t)(struct auth_client *, uint32_t);
  75
  76 struct auth_stats_handler
  77 {
  78         const char letter;
  79         authd_stat_handler handler;
  80 };
  81
  82 struct auth_provider
  83 {
  84         rb_dlink_node node;
  85
  86         uint32_t id;                    /* Provider ID */
  87
  88         const char *name;               /* Name of the provider */
  89         char letter;                    /* Letter used on reject, etc. */
  90
  91         provider_init_t init;           /* Initalise the provider */
  92         provider_destroy_t destroy;     /* Terminate the provider */
  93
  94         provider_start_t start;         /* Perform authentication */
  95         provider_cancel_t cancel;       /* Authentication cancelled */
  96         uint32_timeout_t timeout;       /* Timeout callback */
  97         provider_complete_t completed;  /* Callback for when other performers complete (think dependency chains) */
  98
  99         struct auth_stats_handler stats_handler;
 100
 101         struct auth_opts_handler *opt_handlers;
 102 };
 103
 104 extern struct auth_provider rdns_provider;
 105 extern struct auth_provider ident_provider;
 106 extern struct auth_provider blacklist_provider;
 107 extern struct auth_provider opm_provider;
 108
 109 extern rb_dlink_list auth_providers;
 110 extern rb_dictionary *auth_clients;
 111
 112 void load_provider(struct auth_provider *provider);
 113 void unload_provider(struct auth_provider *provider);
 114
 115 void init_providers(void);
 116 void destroy_providers(void);
 117 void cancel_providers(struct auth_client *auth);
 118
 119 void provider_done(struct auth_client *auth, uint32_t id);
 120 void accept_client(struct auth_client *auth);
 121 void reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...);
 122
 123 void handle_new_connection(int parc, char *parv[]);
 124 void handle_cancel_connection(int parc, char *parv[]);
 125 void auth_client_free(struct auth_client *auth);
 126
 127 static inline void
 128 auth_client_ref(struct auth_client *auth)
 129 {
 130         auth->refcount++;
 131 }
 132
 133 static inline void
 134 auth_client_unref(struct auth_client *auth)
 135 {
 136         auth->refcount--;
 137         if (auth->refcount == 0)
 138                 auth_client_free(auth);
 139 }
 140
 141 /* Get a provider by name */
 142 static inline struct auth_provider *
 143 find_provider(const char *name)
 144 {
 145         rb_dlink_node *ptr;
 146
 147         RB_DLINK_FOREACH(ptr, auth_providers.head)
 148         {
 149                 struct auth_provider *provider = ptr->data;
 150
 151                 if(strcasecmp(provider->name, name) == 0)
 152                         return provider;
 153         }
 154
 155         return NULL;
 156 }
 157
 158 /* Get a provider's id by name */
 159 static inline bool
 160 get_provider_id(const char *name, uint32_t *id)
 161 {
 162         struct auth_provider *provider = find_provider(name);
 163
 164         if(provider != NULL)
 165         {
 166                 *id = provider->id;
 167                 return true;
 168         }
 169         else
 170                 return false;
 171 }
 172
 173 /* Get a provider's raw status */
 174 static inline provider_status_t
 175 get_provider_status(struct auth_client *auth, uint32_t provider)
 176 {
 177         return auth->data[provider].status;
 178 }
 179
 180 /* Set a provider's raw status */
 181 static inline void
 182 set_provider_status(struct auth_client *auth, uint32_t provider, provider_status_t status)
 183 {
 184         auth->data[provider].status = status;
 185 }
 186
 187 /* Set the provider as running
 188  * If you're doing asynchronous work call this */
 189 static inline void
 190 set_provider_running(struct auth_client *auth, uint32_t provider)
 191 {
 192         auth->providers_active++;
 193         set_provider_status(auth, provider, PROVIDER_STATUS_RUNNING);
 194 }
 195
 196 /* Provider is no longer operating on this auth client
 197  * You should use provider_done and not this */
 198 static inline void
 199 set_provider_done(struct auth_client *auth, uint32_t provider)
 200 {
 201         set_provider_status(auth, provider, PROVIDER_STATUS_DONE);
 202         auth->providers_active--;
 203 }
 204
 205 /* Check if provider is operating on this auth client */
 206 static inline bool
 207 is_provider_running(struct auth_client *auth, uint32_t provider)
 208 {
 209         return get_provider_status(auth, provider) == PROVIDER_STATUS_RUNNING;
 210 }
 211
 212 /* Check if provider has finished on this client */
 213 static inline bool
 214 is_provider_done(struct auth_client *auth, uint32_t provider)
 215 {
 216         return get_provider_status(auth, provider) == PROVIDER_STATUS_DONE;
 217 }
 218
 219 /* Get provider auth client data */
 220 static inline void *
 221 get_provider_data(struct auth_client *auth, uint32_t id)
 222 {
 223         return auth->data[id].data;
 224 }
 225
 226 /* Set provider auth client data */
 227 static inline void
 228 set_provider_data(struct auth_client *auth, uint32_t id, void *data)
 229 {
 230         auth->data[id].data = data;
 231 }
 232
 233 /* Set timeout relative to current time on provider
 234  * When the timeout lapses, the provider's timeout call will execute */
 235 static inline void
 236 set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout)
 237 {
 238         auth->data[id].timeout = timeout + rb_current_time();
 239 }
 240
 241 /* Set timeout value in absolute time (Unix timestamp)
 242  * When the timeout lapses, the provider's timeout call will execute */
 243 static inline void
 244 set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout)
 245 {
 246         auth->data[id].timeout = timeout;
 247 }
 248
 249 /* Get the timeout value for the provider */
 250 static inline time_t
 251 get_provider_timeout(struct auth_client *auth, uint32_t id)
 252 {
 253         return auth->data[id].timeout;
 254 }
 255
 256 #endif /* __CHARYBDIS_AUTHD_PROVIDER_H__ */