auth-request.h revision 446e518e4fe86ff40e33543445f4e99edf840a21
#ifndef AUTH_REQUEST_H
#define AUTH_REQUEST_H
#include "network.h"
#include "mech.h"
#include "userdb.h"
#include "passdb.h"
struct auth_client_connection;
enum auth_request_state {
};
typedef const char *
auth_request_escape_func_t(const char *string,
const struct auth_request *auth_request);
struct auth_request {
int refcount;
enum auth_request_state state;
/* user contains the user who is being authenticated.
When master user is logging in as someone else, it gets more
complicated. Initially user is set to master's username and the
requested_login_user is set to destination username. After masterdb
has validated user as a valid master user, master_user is set to
user and user is set to requested_login_user. */
/* original_username contains the username exactly as given by the
client. this is needed at least with DIGEST-MD5 for password
verification. however with master logins the master username has
been dropped from it. */
const char *original_username;
/* the username after doing all internal translations, but before
being changed by a db lookup */
const char *translated_username;
/* realm for the request, may be specified by some auth mechanisms */
const char *realm;
char *mech_password; /* set if verify_plain() is called */
char *passdb_password; /* set after password lookup if successful */
/* extra_fields are returned in authentication reply. Fields prefixed
with "userdb_" are skipped. If prefetch userdb is used, it uses
the "userdb_" prefixed fields. */
struct auth_stream_reply *extra_fields;
/* extra_fields that aren't supposed to be sent to the client, but
are supposed to be stored to auth cache. */
struct auth_stream_reply *extra_cache_fields;
/* the whole userdb result reply */
struct auth_stream_reply *userdb_reply;
const struct mech_module *mech;
struct auth_passdb *passdb;
struct auth_userdb *userdb;
unsigned int connect_uid;
unsigned int client_pid;
unsigned int id;
unsigned int local_port, remote_port;
union {
const char *credentials_scheme;
void *context;
struct auth_master_connection *master;
unsigned int successful:1;
unsigned int passdb_failure:1;
unsigned int internal_failure:1;
unsigned int passdb_internal_failure:1;
unsigned int userdb_internal_failure:1;
unsigned int delayed_failure:1;
unsigned int domain_is_realm:1;
unsigned int accept_input:1;
unsigned int no_failure_delay:1;
unsigned int no_login:1;
unsigned int no_password:1;
unsigned int skip_password_check:1;
unsigned int prefer_plain_credentials:1;
unsigned int proxy:1;
unsigned int proxy_maybe:1;
unsigned int valid_client_cert:1;
unsigned int cert_username:1;
unsigned int userdb_lookup:1;
unsigned int userdb_lookup_failed:1;
unsigned int secured:1;
/* ... mechanism specific data ... */
};
struct auth_request *
struct auth_stream_reply *reply);
const char *password,
const char *scheme,
const char *username,
const char **error_r);
const char *default_scheme);
const char *const *fields,
const char *default_scheme);
const char *name,
const char *const *values);
const char *plain_password,
const char *crypted_password,
const struct var_expand_table *
const char *auth_request_str_escape(const char *string,
const struct auth_request *request);
const char *subsystem,
const char *subsystem,
const char *subsystem,
struct auth_request *request);
const unsigned char *credentials,
struct auth_request *request);
struct auth_request *request);
#endif