src/lib-auth/auth-client.h

	auth-client.h revision a10ed8c47534b4c6b6bf2711ccfe577e720a47b4
c25356d5978632df6203437e1953bcb29e0c736fTimo Sirainen#ifndef AUTH_CLIENT_H
c25356d5978632df6203437e1953bcb29e0c736fTimo Sirainen#define AUTH_CLIENT_H
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen#include "network.h"
1299f2c3723ca9ccf8f9e563ec23ee1a1721fe4cTimo Sirainen#include "auth-client-interface.h"
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainenstruct auth_client;
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstruct auth_client_request;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainenenum auth_request_flags {
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    AUTH_REQUEST_FLAG_SECURED       = 0x01,
d8702d15ee7721ed1fcfc8f00a589970bd6b3598Timo Sirainen    AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02,
d8702d15ee7721ed1fcfc8f00a589970bd6b3598Timo Sirainen    /* Skip penalty checks for this request */
38505846b6d083e19f0a7d1373761bdda5d9a5a9Timo Sirainen    AUTH_REQUEST_FLAG_NO_PENALTY        = 0x04,
38505846b6d083e19f0a7d1373761bdda5d9a5a9Timo Sirainen    /* Support final SASL response */
38505846b6d083e19f0a7d1373761bdda5d9a5a9Timo Sirainen    AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP    = 0x08
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen};
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenenum auth_request_status {
7c849dbc7be089175c1a83a84ee7249ed695810dTimo Sirainen    AUTH_REQUEST_STATUS_ABORT = -3,
7c849dbc7be089175c1a83a84ee7249ed695810dTimo Sirainen    AUTH_REQUEST_STATUS_INTERNAL_FAIL = -2,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    AUTH_REQUEST_STATUS_FAIL = -1,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    AUTH_REQUEST_STATUS_CONTINUE,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen    AUTH_REQUEST_STATUS_OK
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen};
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenstruct auth_mech_desc {
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen    char *name;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        enum mech_security_flags flags;
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen};
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen
8eea67470c1bd8562a62e7445d930bb2079b1a43Timo Sirainenstruct auth_connect_id {
8eea67470c1bd8562a62e7445d930bb2079b1a43Timo Sirainen    unsigned int server_pid;
8eea67470c1bd8562a62e7445d930bb2079b1a43Timo Sirainen    unsigned int connect_uid;
8eea67470c1bd8562a62e7445d930bb2079b1a43Timo Sirainen};
8eea67470c1bd8562a62e7445d930bb2079b1a43Timo Sirainen
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainenstruct auth_request_info {
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen    const char *mech;
87cc5e9025e7fb6408f0de64c48d2d2897773ba5Timo Sirainen    const char *service;
f016dec9837e6a41867708e4b89ca5308dedab05Timo Sirainen    const char *session_id;
939451389b8e0ad529277b84fe51dab38a8cf77cTimo Sirainen    const char *cert_username;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    enum auth_request_flags flags;
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen    struct ip_addr local_ip, remote_ip;
9c3577aeb78a27920439ad9f1e62ee03699378c3Timo Sirainen    unsigned int local_port, remote_port;
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    const char *initial_resp_base64;
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen};
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainentypedef void auth_request_callback_t(struct auth_client_request *request,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen                     enum auth_request_status status,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen                     const char *data_base64,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen                     const char *const *args, void *context);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainentypedef void auth_connect_notify_callback_t(struct auth_client *client,
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen                        bool connected, void *context);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen/* Create new authentication client. */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstruct auth_client *
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_client_init(const char *auth_socket_path, unsigned int client_pid,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen         bool debug);
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenvoid auth_client_deinit(struct auth_client **client);
18ddd4fba186b1b407cae98bb388fa8add7db48dTimo Sirainen
90ed03ab289947f5576d2c616ada27724f50e9cdTimo Sirainenvoid auth_client_connect(struct auth_client *client);
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainenvoid auth_client_disconnect(struct auth_client *client, const char *reason);
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainenbool auth_client_is_connected(struct auth_client *client);
05817ffe09295892e1aa5c4a7f91d060e249563cTimo Sirainenbool auth_client_is_disconnected(struct auth_client *client);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainenvoid auth_client_set_connect_notify(struct auth_client *client,
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen                    auth_connect_notify_callback_t *callback,
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen                    void *context) ATTR_NULL(2, 3);
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenconst struct auth_mech_desc *
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenauth_client_get_available_mechs(struct auth_client *client,
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen                unsigned int *mech_count);
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenconst struct auth_mech_desc *
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenauth_client_find_mech(struct auth_client *client, const char *name);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen/* Return current connection's identifiers. */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenvoid auth_client_get_connect_id(struct auth_client *client,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen                unsigned int *server_pid_r,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen                unsigned int *connect_uid_r);
8eea67470c1bd8562a62e7445d930bb2079b1a43Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen/* Create a new authentication request. callback is called whenever something
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen   happens for the request. */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenstruct auth_client_request *
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_client_request_new(struct auth_client *client,
64e244defe74f513ce94f33d000a048ddbe2ea23Timo Sirainen            const struct auth_request_info *request_info,
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen            auth_request_callback_t *callback, void *context)
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen    ATTR_NULL(4);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen/* Continue authentication. Call when
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen   reply->result == AUTH_CLIENT_REQUEST_CONTINUE */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenvoid auth_client_request_continue(struct auth_client_request *request,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen                  const char *data_base64);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen/* Abort ongoing authentication request. */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenvoid auth_client_request_abort(struct auth_client_request **request);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen/* Return ID of this request. */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenunsigned int auth_client_request_get_id(struct auth_client_request *request);
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen/* Return the PID of the server that handled this request. */
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenunsigned int
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainenauth_client_request_get_server_pid(struct auth_client_request *request);
66c3f635f2f33905af527d49b27f95322aa7dfa7Timo Sirainen/* Return cookie of the server that handled this request. */
66c3f635f2f33905af527d49b27f95322aa7dfa7Timo Sirainenconst char *auth_client_request_get_cookie(struct auth_client_request *request);
acf3b7bf3a8891b118a71c45e6c48d17bc90b259Timo Sirainen
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainen/* Tell auth process to drop specified request from memory */
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainenvoid auth_client_send_cancel(struct auth_client *client, unsigned int id);
3b8d05391336c0e4d24c8ddcc962f350409ffbd3Timo Sirainen
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen#endif