src/lib-auth/auth-client.h

	auth-client.h revision ff2f20bbc039ad8e362ead199366e21bc41f18ed
816bf6f8088b162b681101d93fd450127a0e586fJulian Kornberger#ifndef AUTH_CLIENT_H
a847d9812b328c048773e705606b10875a929034Eugen Kuksa#define AUTH_CLIENT_H
5e2a6a8992b4e9e77be3a94fc87af4dc14b0c8c4henning mueller
a4344d37747b6733bbd0d8df738b614cb385316cTim Reddehase#include "net.h"
d1f0cb74e8bc61e9185488a431b86816cb1cc7edSascha Graef#include "auth-client-interface.h"
c273fbbb7863507673f695bc85709c0cb715011fTim Reddehase
c273fbbb7863507673f695bc85709c0cb715011fTim Reddehasestruct auth_client;
5ec1c6ff5da427d945d7fb708567ce3526c4c741Tim Reddehasestruct auth_client_request;
5ec1c6ff5da427d945d7fb708567ce3526c4c741Tim Reddehase
98ba1c38b1cce99ecc61117259f2ae05ffe98469Tim Reddehaseenum auth_request_flags {
5ec1c6ff5da427d945d7fb708567ce3526c4c741Tim Reddehase    AUTH_REQUEST_FLAG_SECURED       = 0x01,
81a6387a4ab56a24194ecbabd6609c6bcca568b7Tim Reddehase    AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02,
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    /* Skip penalty checks for this request */
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    AUTH_REQUEST_FLAG_NO_PENALTY        = 0x04,
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    /* Support final SASL response */
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP    = 0x08,
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    /* Enable auth_debug=yes logging for this request */
6f84d8dbc4edca35b7e69c8296a257ea17e3b74fTim Reddehase    AUTH_REQUEST_FLAG_DEBUG         = 0x10,
6f84d8dbc4edca35b7e69c8296a257ea17e3b74fTim Reddehase    /* If TLS was used */
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS = 0x20,
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase};
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehaseenum auth_request_status {
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    AUTH_REQUEST_STATUS_ABORT = -3,
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    AUTH_REQUEST_STATUS_INTERNAL_FAIL = -2,
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    AUTH_REQUEST_STATUS_FAIL = -1,
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    AUTH_REQUEST_STATUS_CONTINUE,
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    AUTH_REQUEST_STATUS_OK
81a6387a4ab56a24194ecbabd6609c6bcca568b7Tim Reddehase};
81a6387a4ab56a24194ecbabd6609c6bcca568b7Tim Reddehase
81a6387a4ab56a24194ecbabd6609c6bcca568b7Tim Reddehasestruct auth_mech_desc {
81a6387a4ab56a24194ecbabd6609c6bcca568b7Tim Reddehase    char *name;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase        enum mech_security_flags flags;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase};
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehasestruct auth_connect_id {
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    unsigned int server_pid;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    unsigned int connect_uid;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase};
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehasestruct auth_request_info {
81a6387a4ab56a24194ecbabd6609c6bcca568b7Tim Reddehase    const char *mech;
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase    const char *service;
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase    const char *session_id;
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase    const char *cert_username;
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase    const char *local_name;
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase    const char *client_id;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    const char *forward_fields;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    enum auth_request_flags flags;
db8aaeeeb3b24f487a5d02c60d18e96e55f6ba85Tim Reddehase
db8aaeeeb3b24f487a5d02c60d18e96e55f6ba85Tim Reddehase    struct ip_addr local_ip, remote_ip, real_local_ip, real_remote_ip;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    in_port_t local_port, remote_port, real_local_port, real_remote_port;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    const char *initial_resp_base64;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase};
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehasetypedef void auth_request_callback_t(struct auth_client_request *request,
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase                     enum auth_request_status status,
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase                     const char *data_base64,
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase                     const char *const *args, void *context);
db8aaeeeb3b24f487a5d02c60d18e96e55f6ba85Tim Reddehase
4949048bda09e116ee3627383e831455954cbe41Tim Reddehasetypedef void auth_connect_notify_callback_t(struct auth_client *client,
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase                        bool connected, void *context);
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase/* Create new authentication client. */
db8aaeeeb3b24f487a5d02c60d18e96e55f6ba85Tim Reddehasestruct auth_client *
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehaseauth_client_init(const char *auth_socket_path, unsigned int client_pid,
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase         bool debug);
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehasevoid auth_client_deinit(struct auth_client **client);
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehasevoid auth_client_connect(struct auth_client *client);
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehasevoid auth_client_disconnect(struct auth_client *client, const char *reason);
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehasebool auth_client_is_connected(struct auth_client *client);
4949048bda09e116ee3627383e831455954cbe41Tim Reddehasebool auth_client_is_disconnected(struct auth_client *client);
4949048bda09e116ee3627383e831455954cbe41Tim Reddehasevoid auth_client_set_connect_notify(struct auth_client *client,
db8aaeeeb3b24f487a5d02c60d18e96e55f6ba85Tim Reddehase                    auth_connect_notify_callback_t *callback,
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase                    void *context) ATTR_NULL(2, 3);
4949048bda09e116ee3627383e831455954cbe41Tim Reddehaseconst struct auth_mech_desc *
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehaseauth_client_get_available_mechs(struct auth_client *client,
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase                unsigned int *mech_count);
db8aaeeeb3b24f487a5d02c60d18e96e55f6ba85Tim Reddehaseconst struct auth_mech_desc *
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehaseauth_client_find_mech(struct auth_client *client, const char *name);
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase/* Return current connection's identifiers. */
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehasevoid auth_client_get_connect_id(struct auth_client *client,
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase                unsigned int *server_pid_r,
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase                unsigned int *connect_uid_r);
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase/* Create a new authentication request. callback is called whenever something
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase   happens for the request. */
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksastruct auth_client_request *
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksaauth_client_request_new(struct auth_client *client,
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa            const struct auth_request_info *request_info,
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa            auth_request_callback_t *callback, void *context)
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa    ATTR_NULL(4);
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa/* Continue authentication. Call when
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa   reply->result == AUTH_CLIENT_REQUEST_CONTINUE */
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksavoid auth_client_request_continue(struct auth_client_request *request,
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa                  const char *data_base64);
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa/* Abort ongoing authentication request. */
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksavoid auth_client_request_abort(struct auth_client_request **request);
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa/* Return ID of this request. */
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksaunsigned int auth_client_request_get_id(struct auth_client_request *request);
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa/* Return the PID of the server that handled this request. */
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksaunsigned int
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksaauth_client_request_get_server_pid(struct auth_client_request *request);
9ade3006d75c25cfa77d51526e4a6cdd2370be5cEugen Kuksa/* Return cookie of the server that handled this request. */
9ade3006d75c25cfa77d51526e4a6cdd2370be5cEugen Kuksaconst char *auth_client_request_get_cookie(struct auth_client_request *request);
9ade3006d75c25cfa77d51526e4a6cdd2370be5cEugen Kuksa
9ade3006d75c25cfa77d51526e4a6cdd2370be5cEugen Kuksa/* Tell auth process to drop specified request from memory */
9ade3006d75c25cfa77d51526e4a6cdd2370be5cEugen Kuksavoid auth_client_send_cancel(struct auth_client *client, unsigned int id);
9ade3006d75c25cfa77d51526e4a6cdd2370be5cEugen Kuksa
9ade3006d75c25cfa77d51526e4a6cdd2370be5cEugen Kuksa#endif
9ade3006d75c25cfa77d51526e4a6cdd2370be5cEugen Kuksa