src/auth/passdb.h

	passdb.h revision 3cf67672fdc87583cb23ce088c95bb5dee60e74d
c25356d5978632df6203437e1953bcb29e0c736fTimo Sirainen#ifndef PASSDB_H
c25356d5978632df6203437e1953bcb29e0c736fTimo Sirainen#define PASSDB_H
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen#define IS_VALID_PASSWD(pass) \
d9076f5939edf5d20a261494b1a861dcbb0d32e2Timo Sirainen    ((pass)[0] != '\0' && (pass)[0] != '*' && (pass)[0] != '!')
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstruct auth_request;
5666a3d6a7ea89362b8d9e8b39b15424cd9d6388Timo Sirainenstruct auth_passdb;
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainenstruct auth_passdb_settings;
146f9076cd456ea1e9b3f8536456d9d3c962fadbStephan Bosch
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainenenum passdb_result {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    PASSDB_RESULT_INTERNAL_FAILURE = -1,
8c909e451d14075c05d90382cf8eebc4e354f569Timo Sirainen    PASSDB_RESULT_SCHEME_NOT_AVAILABLE = -2,
8c909e451d14075c05d90382cf8eebc4e354f569Timo Sirainen
8c909e451d14075c05d90382cf8eebc4e354f569Timo Sirainen    PASSDB_RESULT_USER_UNKNOWN = -3,
573f0491a5733fe21fa062a455acb4790b4e0499Timo Sirainen    PASSDB_RESULT_USER_DISABLED = -4,
573f0491a5733fe21fa062a455acb4790b4e0499Timo Sirainen    PASSDB_RESULT_PASS_EXPIRED = -5,
573f0491a5733fe21fa062a455acb4790b4e0499Timo Sirainen
3ed2d0f6b5e67e2663d44489d9da3176823789a8Timo Sirainen    PASSDB_RESULT_PASSWORD_MISMATCH = 0,
65f8fb656051f1059f7b5a2da9c5555adcc30439Timo Sirainen    PASSDB_RESULT_OK = 1
1a5573ebc32fae2fe576ec544e1781323c1db609Timo Sirainen};
1a5573ebc32fae2fe576ec544e1781323c1db609Timo Sirainen
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainentypedef void verify_plain_callback_t(enum passdb_result result,
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen                     struct auth_request *request);
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainentypedef void lookup_credentials_callback_t(enum passdb_result result,
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen                       const unsigned char *credentials,
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen                       size_t size,
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen                       struct auth_request *request);
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainentypedef void set_credentials_callback_t(bool success,
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen                    struct auth_request *request);
fdc557286bc9f92c5f3bb49096ff6e2bcec0ea79Timo Sirainen
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainenstruct passdb_module_interface {
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    const char *name;
f7539a17ea306191b53b8f5e752e228937df9ec3Timo Sirainen
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen    struct passdb_module *
2dd39e478269d6fb0bb26d12b394aa30ee965e38Timo Sirainen        (*preinit)(struct auth_passdb *auth_passdb, const char *args);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    void (*init)(struct passdb_module *module, const char *args);
563273bdac80393af63b9520cbf4d24cc0efd028Timo Sirainen    void (*deinit)(struct passdb_module *module);
563273bdac80393af63b9520cbf4d24cc0efd028Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    /* Check if plaintext password matches */
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen    void (*verify_plain)(struct auth_request *request, const char *password,
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen                 verify_plain_callback_t *callback);
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen    /* Return authentication credentials, set in
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen       auth_request->credentials. */
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen    void (*lookup_credentials)(struct auth_request *request,
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen                   lookup_credentials_callback_t *callback);
c0a87e5f3316a57e6f915882fa1951d0fbb74a61Timo Sirainen
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen    /* Update credentials */
3e564425db51f3921ce4de11859777135fdedd15Timo Sirainen    int (*set_credentials)(struct auth_request *request,
fdc557286bc9f92c5f3bb49096ff6e2bcec0ea79Timo Sirainen                   const char *new_credentials,
fdc557286bc9f92c5f3bb49096ff6e2bcec0ea79Timo Sirainen                   set_credentials_callback_t *callback);
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen};
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainenstruct passdb_module {
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen    /* The caching key for this module, or NULL if caching isn't wanted. */
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen    const char *cache_key;
563273bdac80393af63b9520cbf4d24cc0efd028Timo Sirainen    /* Default password scheme for this module.
563273bdac80393af63b9520cbf4d24cc0efd028Timo Sirainen       If cache_key is set, must not be NULL. */
563273bdac80393af63b9520cbf4d24cc0efd028Timo Sirainen    const char *default_pass_scheme;
563273bdac80393af63b9520cbf4d24cc0efd028Timo Sirainen    /* If blocking is set to TRUE, use child processes to access
e5fd6dfd0a492e4708d4dbb7971d7fc5d7b8fd85Timo Sirainen       this passdb. */
e5fd6dfd0a492e4708d4dbb7971d7fc5d7b8fd85Timo Sirainen    bool blocking;
4ba9a1d3facc515b3feb5238a16bcf91f76fac61Timo Sirainen        /* id is used by blocking passdb to identify the passdb */
4ba9a1d3facc515b3feb5238a16bcf91f76fac61Timo Sirainen    unsigned int id;
dfaefeabae939803ceb8c503101e86b5496541d1Timo Sirainen
dfaefeabae939803ceb8c503101e86b5496541d1Timo Sirainen    struct passdb_module_interface iface;
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen};
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen
8b31f966d9688e07672ef1958dcbdb7686523c04Timo Sirainen/* Try to get credentials in wanted scheme (request->credentials_scheme) from
8b31f966d9688e07672ef1958dcbdb7686523c04Timo Sirainen   given input. Returns FALSE if this wasn't possible (unknown scheme,
9847ec56efa15fa063eea9988eee2d4ed9ec7d58Timo Sirainen   conversion not possible or invalid credentials).
9847ec56efa15fa063eea9988eee2d4ed9ec7d58Timo Sirainen
9847ec56efa15fa063eea9988eee2d4ed9ec7d58Timo Sirainen   If wanted scheme is "", the credentials are returned as-is without any
d46a1e3f999dda802dc5137e883adcd7a6629cd3Timo Sirainen   checks. This is useful mostly just to see if there exist any credentials
d46a1e3f999dda802dc5137e883adcd7a6629cd3Timo Sirainen   at all. */
d46a1e3f999dda802dc5137e883adcd7a6629cd3Timo Sirainenbool passdb_get_credentials(struct auth_request *auth_request,
d1e843e77f4760e303c53d9fce10123fc8d230a1Timo Sirainen                const char *input, const char *input_scheme,
d1e843e77f4760e303c53d9fce10123fc8d230a1Timo Sirainen                const unsigned char **credentials_r,
d1e843e77f4760e303c53d9fce10123fc8d230a1Timo Sirainen                size_t *size_r);
291ce16fffca75e8598a8c9dceb08613413dcb07Timo Sirainen
291ce16fffca75e8598a8c9dceb08613413dcb07Timo Sirainenvoid passdb_handle_credentials(enum passdb_result result,
291ce16fffca75e8598a8c9dceb08613413dcb07Timo Sirainen                   const char *password, const char *scheme,
08e9fd42eb8007e1f9db62c088eef74f906114a5Josef 'Jeff' Sipek                   lookup_credentials_callback_t *callback,
08e9fd42eb8007e1f9db62c088eef74f906114a5Josef 'Jeff' Sipek                               struct auth_request *auth_request);
08e9fd42eb8007e1f9db62c088eef74f906114a5Josef 'Jeff' Sipek
563273bdac80393af63b9520cbf4d24cc0efd028Timo Sirainenstruct auth_passdb *
563273bdac80393af63b9520cbf4d24cc0efd028Timo Sirainenpassdb_preinit(struct auth *auth, struct auth_passdb_settings *set);
306b3f41b05da642d87e7ca7a1496efce9f5902fTimo Sirainen
306b3f41b05da642d87e7ca7a1496efce9f5902fTimo Sirainenvoid passdb_init(struct auth_passdb *passdb);
306b3f41b05da642d87e7ca7a1496efce9f5902fTimo Sirainenvoid passdb_deinit(struct auth_passdb *passdb);
306b3f41b05da642d87e7ca7a1496efce9f5902fTimo Sirainen
306b3f41b05da642d87e7ca7a1496efce9f5902fTimo Sirainenvoid passdb_register_module(struct passdb_module_interface *iface);
306b3f41b05da642d87e7ca7a1496efce9f5902fTimo Sirainenvoid passdb_unregister_module(struct passdb_module_interface *iface);
306b3f41b05da642d87e7ca7a1496efce9f5902fTimo Sirainen
306b3f41b05da642d87e7ca7a1496efce9f5902fTimo Sirainenvoid passdbs_init(void);
306b3f41b05da642d87e7ca7a1496efce9f5902fTimo Sirainenvoid passdbs_deinit(void);
306b3f41b05da642d87e7ca7a1496efce9f5902fTimo Sirainen
306b3f41b05da642d87e7ca7a1496efce9f5902fTimo Sirainen#include "auth-request.h"
97ae33602db7d5bc8eede82512a965d49ab8853bTimo Sirainen
97ae33602db7d5bc8eede82512a965d49ab8853bTimo Sirainen#endif
97ae33602db7d5bc8eede82512a965d49ab8853bTimo Sirainen