c25356d5978632df6203437e1953bcb29e0c736fTimo Sirainen#ifndef PASSDB_H
c25356d5978632df6203437e1953bcb29e0c736fTimo Sirainen#define PASSDB_H
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
be5c76fabc7439fd33bc799bc3ab3f570799977bTimo Sirainen#include "md5.h"
be5c76fabc7439fd33bc799bc3ab3f570799977bTimo Sirainen
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen#define IS_VALID_PASSWD(pass) \
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen ((pass)[0] != '\0' && (pass)[0] != '*' && (pass)[0] != '!')
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
1e21e6be70994b1aa9e52ca0e2f51afefca6d0dfTimo Sirainenstruct auth_request;
04052d7cacaa866a3f00afb4e104fa46c04c1dd7Timo Sirainenstruct auth_passdb_settings;
1e21e6be70994b1aa9e52ca0e2f51afefca6d0dfTimo Sirainen
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainenenum passdb_result {
86bea1f8bffc2d98196f8655eecea9174c4f458aTimo Sirainen PASSDB_RESULT_INTERNAL_FAILURE = -1,
86bea1f8bffc2d98196f8655eecea9174c4f458aTimo Sirainen PASSDB_RESULT_SCHEME_NOT_AVAILABLE = -2,
86bea1f8bffc2d98196f8655eecea9174c4f458aTimo Sirainen
86bea1f8bffc2d98196f8655eecea9174c4f458aTimo Sirainen PASSDB_RESULT_USER_UNKNOWN = -3,
86bea1f8bffc2d98196f8655eecea9174c4f458aTimo Sirainen PASSDB_RESULT_USER_DISABLED = -4,
86bea1f8bffc2d98196f8655eecea9174c4f458aTimo Sirainen PASSDB_RESULT_PASS_EXPIRED = -5,
6e5a4cdf7ef123589e2409e0012b1024c97957d5Aki Tuomi PASSDB_RESULT_NEXT = -6,
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen PASSDB_RESULT_PASSWORD_MISMATCH = 0,
b82474d60c15409eda71c55971710fd3b12b8a0fTimo Sirainen PASSDB_RESULT_OK = 1
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen};
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
7d6389e4053c2dac1fb37180b5756b00785983dcTimo Sirainentypedef void verify_plain_callback_t(enum passdb_result result,
7d6389e4053c2dac1fb37180b5756b00785983dcTimo Sirainen struct auth_request *request);
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainentypedef void lookup_credentials_callback_t(enum passdb_result result,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen const unsigned char *credentials,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen size_t size,
7d6389e4053c2dac1fb37180b5756b00785983dcTimo Sirainen struct auth_request *request);
484e12acec34f16e5a8adc001e23ae48f1dda8c7Timo Sirainentypedef void set_credentials_callback_t(bool success,
35136dd2baf8dc30e4e754294ed81ff48e8c1e64Timo Sirainen struct auth_request *request);
22535a9e685e29214082878e37a267157044618eTimo Sirainen
b321df9603081896b70ec44635af96d674a9839aTimo Sirainenstruct passdb_module_interface {
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen const char *name;
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen
849969f639a00eab26791db3cb1b66430420c0cdTimo Sirainen struct passdb_module *(*preinit)(pool_t pool, const char *args);
f3d506e525a720f214020ca0f989a1966b30edaeTimo Sirainen void (*init)(struct passdb_module *module);
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen void (*deinit)(struct passdb_module *module);
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen /* Check if plaintext password matches */
7d6389e4053c2dac1fb37180b5756b00785983dcTimo Sirainen void (*verify_plain)(struct auth_request *request, const char *password,
7d6389e4053c2dac1fb37180b5756b00785983dcTimo Sirainen verify_plain_callback_t *callback);
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
a3dd97fb6d92a89c3de0597fed2d4b044c7aeb84Timo Sirainen /* Return authentication credentials, set in
a3dd97fb6d92a89c3de0597fed2d4b044c7aeb84Timo Sirainen auth_request->credentials. */
7d6389e4053c2dac1fb37180b5756b00785983dcTimo Sirainen void (*lookup_credentials)(struct auth_request *request,
7d6389e4053c2dac1fb37180b5756b00785983dcTimo Sirainen lookup_credentials_callback_t *callback);
35136dd2baf8dc30e4e754294ed81ff48e8c1e64Timo Sirainen
35136dd2baf8dc30e4e754294ed81ff48e8c1e64Timo Sirainen /* Update credentials */
adea1e1e46ccb4ae107767fd930e3d1fb4f1d11dTimo Sirainen void (*set_credentials)(struct auth_request *request,
adea1e1e46ccb4ae107767fd930e3d1fb4f1d11dTimo Sirainen const char *new_credentials,
adea1e1e46ccb4ae107767fd930e3d1fb4f1d11dTimo Sirainen set_credentials_callback_t *callback);
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen};
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainenstruct passdb_module {
f3d506e525a720f214020ca0f989a1966b30edaeTimo Sirainen const char *args;
74674a53a72dab535c61f455b2246ef2797844eaTimo Sirainen /* The default caching key for this module, or NULL if caching isn't
74674a53a72dab535c61f455b2246ef2797844eaTimo Sirainen wanted. This is updated by settings in auth_passdb. */
74674a53a72dab535c61f455b2246ef2797844eaTimo Sirainen const char *default_cache_key;
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen /* Default password scheme for this module.
1ae87afde32c1ac73909dfacfd59641b470a3e93Martti Rannanjärvi If default_cache_key is set, must not be NULL. */
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen const char *default_pass_scheme;
10f6f2224c897fc543973efd2f46b86a3ab1148dAki Tuomi /* Supported authentication mechanisms, NULL is all, [NULL] is none*/
10f6f2224c897fc543973efd2f46b86a3ab1148dAki Tuomi const char *const *mechanisms;
268a76700330d159c805c70d1e3eae2e21f1cb9eAki Tuomi /* Username filter, NULL is no filter */
268a76700330d159c805c70d1e3eae2e21f1cb9eAki Tuomi const char *const *username_filter;
10f6f2224c897fc543973efd2f46b86a3ab1148dAki Tuomi
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen /* If blocking is set to TRUE, use child processes to access
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen this passdb. */
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen bool blocking;
3cf67672fdc87583cb23ce088c95bb5dee60e74dTimo Sirainen /* id is used by blocking passdb to identify the passdb */
3cf67672fdc87583cb23ce088c95bb5dee60e74dTimo Sirainen unsigned int id;
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen
9ed2951bd0bb1878a27437d7c00611b2baadd614Timo Sirainen /* number of time init() has been called */
9ed2951bd0bb1878a27437d7c00611b2baadd614Timo Sirainen int init_refcount;
e48d89622047bd8bbd0475b881ca9377d592f535Timo Sirainen
2d8f66596f445dd8b399b7032c3f0e9202015b63Timo Sirainen /* WARNING: avoid adding anything here that isn't based on args.
2d8f66596f445dd8b399b7032c3f0e9202015b63Timo Sirainen if you do, you need to change passdb.c:passdb_find() also to avoid
2d8f66596f445dd8b399b7032c3f0e9202015b63Timo Sirainen accidentally merging wrong passdbs. */
04052d7cacaa866a3f00afb4e104fa46c04c1dd7Timo Sirainen
9ed2951bd0bb1878a27437d7c00611b2baadd614Timo Sirainen struct passdb_module_interface iface;
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen};
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen/* Try to get credentials in wanted scheme (request->credentials_scheme) from
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen given input. Returns FALSE if this wasn't possible (unknown scheme,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen conversion not possible or invalid credentials).
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen If wanted scheme is "", the credentials are returned as-is without any
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen checks. This is useful mostly just to see if there exist any credentials
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen at all. */
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainenbool passdb_get_credentials(struct auth_request *auth_request,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen const char *input, const char *input_scheme,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen const unsigned char **credentials_r,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen size_t *size_r);
a3dd97fb6d92a89c3de0597fed2d4b044c7aeb84Timo Sirainen
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainenvoid passdb_handle_credentials(enum passdb_result result,
dc9bfb7dc057964238e181d3d8b08751527bb08aTimo Sirainen const char *password, const char *scheme,
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen lookup_credentials_callback_t *callback,
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainen struct auth_request *auth_request);
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
e48d89622047bd8bbd0475b881ca9377d592f535Timo Sirainenstruct passdb_module *
04052d7cacaa866a3f00afb4e104fa46c04c1dd7Timo Sirainenpassdb_preinit(pool_t pool, const struct auth_passdb_settings *set);
f3d506e525a720f214020ca0f989a1966b30edaeTimo Sirainenvoid passdb_init(struct passdb_module *passdb);
849969f639a00eab26791db3cb1b66430420c0cdTimo Sirainenvoid passdb_deinit(struct passdb_module *passdb);
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenvoid passdb_register_module(struct passdb_module_interface *iface);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenvoid passdb_unregister_module(struct passdb_module_interface *iface);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen
9625595c47c665f5aee57ebfcb1fcbe9ad1bf3a0Martti Rannanjärvivoid passdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]);
be5c76fabc7439fd33bc799bc3ab3f570799977bTimo Sirainen
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenvoid passdbs_init(void);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenvoid passdbs_deinit(void);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen
1e21e6be70994b1aa9e52ca0e2f51afefca6d0dfTimo Sirainen#include "auth-request.h"
1e21e6be70994b1aa9e52ca0e2f51afefca6d0dfTimo Sirainen
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen#endif