src/auth/auth-client-interface.h

	auth-client-interface.h revision 50bdbcb771ff0f1c854c0719a3e4b3fc7736aec0
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen#ifndef __AUTH_CLIENT_INTERFACE_H
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen#define __AUTH_CLIENT_INTERFACE_H
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen/* max. size for auth_client_request_continue.data[] */
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen#define AUTH_CLIENT_MAX_REQUEST_DATA_SIZE 4096
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen/* Client process must finish with single authentication requests in this time,
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen   or the whole connection will be killed. */
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen#define AUTH_REQUEST_TIMEOUT 120
daf029d2a627daa39d05507140f385162828172eTimo Sirainen
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainenenum auth_client_request_new_flags {
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen	AUTH_CLIENT_FLAG_SSL_ENABLED		= 0x01,
9b7eeffb5752b500ac62ba1fd01c4a8c4ada14e9Timo Sirainen	AUTH_CLIENT_FLAG_SSL_VALID_CLIENT_CERT	= 0x02
9b7eeffb5752b500ac62ba1fd01c4a8c4ada14e9Timo Sirainen};
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainenenum auth_client_request_type {
007d354a674fb3ddf49db160cf050cf61270a1a0Timo Sirainen	AUTH_CLIENT_REQUEST_NEW = 1,
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen        AUTH_CLIENT_REQUEST_CONTINUE
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen};
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainenenum auth_client_result {
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen	AUTH_CLIENT_RESULT_CONTINUE = 1,
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen	AUTH_CLIENT_RESULT_SUCCESS,
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen	AUTH_CLIENT_RESULT_FAILURE
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen};
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen/* Client -> Server */
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainenstruct auth_client_handshake_request {
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen	unsigned int client_pid; /* unique identifier for client process */
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen};
f923659c0e5298263d80622c99f4dc4132b4675bTimo Sirainen
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainenstruct auth_client_handshake_mech_desc {
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen	uint32_t name_idx;
f923659c0e5298263d80622c99f4dc4132b4675bTimo Sirainen	unsigned int plaintext:1;
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen	unsigned int advertise:1;
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen};
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen/* Server -> Client */
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainenstruct auth_client_handshake_reply {
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen	unsigned int server_pid; /* unique auth process identifier */
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen	unsigned int connect_uid; /* unique connection identifier */
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen	uint32_t mech_count;
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen	uint32_t data_size;
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen	/* struct auth_client_handshake_mech_desc mech_desc[auth_mech_count]; */
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen};
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen/* New authentication request */
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainenstruct auth_client_request_new {
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen	enum auth_client_request_type type; /* AUTH_CLIENT_REQUEST_NEW */
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen	unsigned int id; /* unique ID for the request */
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen	enum auth_client_request_new_flags flags;
03f5c621d06d6b6d77a145196c9633a7aa64dc78Timo Sirainen
03f5c621d06d6b6d77a145196c9633a7aa64dc78Timo Sirainen	uint32_t ip_family; /* if non-zero, data begins with local/remote IPs */
03f5c621d06d6b6d77a145196c9633a7aa64dc78Timo Sirainen
03f5c621d06d6b6d77a145196c9633a7aa64dc78Timo Sirainen	uint32_t protocol_idx;
03f5c621d06d6b6d77a145196c9633a7aa64dc78Timo Sirainen	uint32_t mech_idx;
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen	uint32_t initial_resp_idx;
c0435c854a0e7246373b9752d163095cc4fbe985Timo Sirainen
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen	uint32_t data_size;
ecc81625167ed96c04c02aa190a1ea5baa65b474Timo Sirainen	/* unsigned char data[]; */
};
#define AUTH_CLIENT_REQUEST_HAVE_INITIAL_RESPONSE(request) \
        ((request)->initial_resp_idx != (request)->data_size)

/* Continue authentication request */
struct auth_client_request_continue {
	enum auth_client_request_type type; /* AUTH_CLIENT_REQUEST_CONTINUE */
	unsigned int id;

	uint32_t data_size;
	/* unsigned char data[]; */
};

/* Reply to authentication */
struct auth_client_request_reply {
	unsigned int id;

	enum auth_client_result result;

	/* variable width data, indexes into data[].
	   Ignore if it points outside data_size. */
	uint32_t username_idx; /* NUL-terminated */
	uint32_t reply_idx; /* last, non-NUL terminated */

	uint32_t data_size;
	/* unsigned char data[]; */
};

#endif