c25356d5978632df6203437e1953bcb29e0c736fTimo Sirainen#ifndef AUTH_CLIENT_H
c25356d5978632df6203437e1953bcb29e0c736fTimo Sirainen#define AUTH_CLIENT_H
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
bdd36cfdba3ff66d25570a9ff568d69e1eb543cfTimo Sirainen#include "net.h"
1299f2c3723ca9ccf8f9e563ec23ee1a1721fe4cTimo Sirainen#include "auth-client-interface.h"
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainenstruct auth_client;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstruct auth_client_request;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainenenum auth_request_flags {
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen AUTH_REQUEST_FLAG_SECURED = 0x01,
d8702d15ee7721ed1fcfc8f00a589970bd6b3598Timo Sirainen AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02,
d8702d15ee7721ed1fcfc8f00a589970bd6b3598Timo Sirainen /* Skip penalty checks for this request */
38505846b6d083e19f0a7d1373761bdda5d9a5a9Timo Sirainen AUTH_REQUEST_FLAG_NO_PENALTY = 0x04,
38505846b6d083e19f0a7d1373761bdda5d9a5a9Timo Sirainen /* Support final SASL response */
2087543679f0b35a8f70e1277b234e66ffdf96edTimo Sirainen AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP = 0x08,
2087543679f0b35a8f70e1277b234e66ffdf96edTimo Sirainen /* Enable auth_debug=yes logging for this request */
ff2f20bbc039ad8e362ead199366e21bc41f18edAki Tuomi AUTH_REQUEST_FLAG_DEBUG = 0x10,
ff2f20bbc039ad8e362ead199366e21bc41f18edAki Tuomi /* If TLS was used */
ff2f20bbc039ad8e362ead199366e21bc41f18edAki Tuomi AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS = 0x20,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen};
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenenum auth_request_status {
7c849dbc7be089175c1a83a84ee7249ed695810dTimo Sirainen AUTH_REQUEST_STATUS_ABORT = -3,
7c849dbc7be089175c1a83a84ee7249ed695810dTimo Sirainen AUTH_REQUEST_STATUS_INTERNAL_FAIL = -2,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen AUTH_REQUEST_STATUS_FAIL = -1,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen AUTH_REQUEST_STATUS_CONTINUE,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen AUTH_REQUEST_STATUS_OK
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen};
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenstruct auth_mech_desc {
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen char *name;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen enum mech_security_flags flags;
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen};
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen
8eea67470c1bd8562a62e7445d930bb2079b1a43Timo Sirainenstruct auth_connect_id {
8eea67470c1bd8562a62e7445d930bb2079b1a43Timo Sirainen unsigned int server_pid;
8eea67470c1bd8562a62e7445d930bb2079b1a43Timo Sirainen unsigned int connect_uid;
8eea67470c1bd8562a62e7445d930bb2079b1a43Timo Sirainen};
8eea67470c1bd8562a62e7445d930bb2079b1a43Timo Sirainen
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainenstruct auth_request_info {
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen const char *mech;
87cc5e9025e7fb6408f0de64c48d2d2897773ba5Timo Sirainen const char *service;
f016dec9837e6a41867708e4b89ca5308dedab05Timo Sirainen const char *session_id;
939451389b8e0ad529277b84fe51dab38a8cf77cTimo Sirainen const char *cert_username;
fe791e96fdf796f7d8997ee0515b163dc5eddd72Aki Tuomi const char *local_name;
a8dac1be6a0c3adbbce5887ca395f418194c6c06Aki Tuomi const char *client_id;
53f97800b16ab3a8d263c5331132dec1e8fea9a0Aki Tuomi const char *forward_fields;
8c79de417ae66b4e54daeb9d998af2ab301151b4Aki Tuomi
8c79de417ae66b4e54daeb9d998af2ab301151b4Aki Tuomi unsigned int ssl_cipher_bits;
8c79de417ae66b4e54daeb9d998af2ab301151b4Aki Tuomi const char *ssl_cipher;
8c79de417ae66b4e54daeb9d998af2ab301151b4Aki Tuomi const char *ssl_pfs;
8c79de417ae66b4e54daeb9d998af2ab301151b4Aki Tuomi const char *ssl_protocol;
8c79de417ae66b4e54daeb9d998af2ab301151b4Aki Tuomi
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen enum auth_request_flags flags;
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen
325d17cdbb7a338f7c413788f5e8e42d2e80a7f8Timo Sirainen struct ip_addr local_ip, remote_ip, real_local_ip, real_remote_ip;
009217abb57a24a4076092e8e4e165545747839eStephan Bosch in_port_t local_port, remote_port, real_local_port, real_remote_port;
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen const char *initial_resp_base64;
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen};
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainentypedef void auth_request_callback_t(struct auth_client_request *request,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen enum auth_request_status status,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen const char *data_base64,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen const char *const *args, void *context);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainentypedef void auth_connect_notify_callback_t(struct auth_client *client,
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen bool connected, void *context);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen/* Create new authentication client. */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstruct auth_client *
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_client_init(const char *auth_socket_path, unsigned int client_pid,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen bool debug);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenvoid auth_client_deinit(struct auth_client **client);
18ddd4fba186b1b407cae98bb388fa8add7db48dTimo Sirainen
90ed03ab289947f5576d2c616ada27724f50e9cdTimo Sirainenvoid auth_client_connect(struct auth_client *client);
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainenvoid auth_client_disconnect(struct auth_client *client, const char *reason);
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainenbool auth_client_is_connected(struct auth_client *client);
05817ffe09295892e1aa5c4a7f91d060e249563cTimo Sirainenbool auth_client_is_disconnected(struct auth_client *client);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainenvoid auth_client_set_connect_notify(struct auth_client *client,
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen auth_connect_notify_callback_t *callback,
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen void *context) ATTR_NULL(2, 3);
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenconst struct auth_mech_desc *
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenauth_client_get_available_mechs(struct auth_client *client,
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen unsigned int *mech_count);
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenconst struct auth_mech_desc *
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenauth_client_find_mech(struct auth_client *client, const char *name);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen/* Return current connection's identifiers. */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenvoid auth_client_get_connect_id(struct auth_client *client,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen unsigned int *server_pid_r,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen unsigned int *connect_uid_r);
8eea67470c1bd8562a62e7445d930bb2079b1a43Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen/* Create a new authentication request. callback is called whenever something
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen happens for the request. */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstruct auth_client_request *
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_client_request_new(struct auth_client *client,
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen const struct auth_request_info *request_info,
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen auth_request_callback_t *callback, void *context)
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen ATTR_NULL(4);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen/* Continue authentication. Call when
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen reply->result == AUTH_CLIENT_REQUEST_CONTINUE */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenvoid auth_client_request_continue(struct auth_client_request *request,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen const char *data_base64);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen/* Abort ongoing authentication request. */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenvoid auth_client_request_abort(struct auth_client_request **request);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen/* Return ID of this request. */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenunsigned int auth_client_request_get_id(struct auth_client_request *request);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen/* Return the PID of the server that handled this request. */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenunsigned int
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_client_request_get_server_pid(struct auth_client_request *request);
66c3f635f2f33905af527d49b27f95322aa7dfa7Timo Sirainen/* Return cookie of the server that handled this request. */
66c3f635f2f33905af527d49b27f95322aa7dfa7Timo Sirainenconst char *auth_client_request_get_cookie(struct auth_client_request *request);
acf3b7bf3a8891b118a71c45e6c48d17bc90b259Timo Sirainen
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainen/* Tell auth process to drop specified request from memory */
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainenvoid auth_client_send_cancel(struct auth_client *client, unsigned int id);
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen#endif