auth-client.h revision 8c79de417ae66b4e54daeb9d998af2ab301151b4
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#ifndef AUTH_CLIENT_H
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#define AUTH_CLIENT_H
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#include "net.h"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#include "auth-client-interface.h"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcestruct auth_client;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcestruct auth_client_request;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceenum auth_request_flags {
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce AUTH_REQUEST_FLAG_SECURED = 0x01,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce /* Skip penalty checks for this request */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce AUTH_REQUEST_FLAG_NO_PENALTY = 0x04,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce /* Support final SASL response */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP = 0x08,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce /* Enable auth_debug=yes logging for this request */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce AUTH_REQUEST_FLAG_DEBUG = 0x10,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce /* If TLS was used */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS = 0x20,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce};
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorceenum auth_request_status {
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce AUTH_REQUEST_STATUS_ABORT = -3,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce AUTH_REQUEST_STATUS_INTERNAL_FAIL = -2,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce AUTH_REQUEST_STATUS_FAIL = -1,
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce AUTH_REQUEST_STATUS_CONTINUE,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce AUTH_REQUEST_STATUS_OK
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce};
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcestruct auth_mech_desc {
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce char *name;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce enum mech_security_flags flags;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce};
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcestruct auth_connect_id {
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce unsigned int server_pid;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce unsigned int connect_uid;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce};
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcestruct auth_request_info {
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *mech;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *service;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *session_id;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *cert_username;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *local_name;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *client_id;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *forward_fields;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce unsigned int ssl_cipher_bits;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *ssl_cipher;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *ssl_pfs;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *ssl_protocol;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce enum auth_request_flags flags;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce struct ip_addr local_ip, remote_ip, real_local_ip, real_remote_ip;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce in_port_t local_port, remote_port, real_local_port, real_remote_port;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *initial_resp_base64;
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce};
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcetypedef void auth_request_callback_t(struct auth_client_request *request,
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce enum auth_request_status status,
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *data_base64,
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce const char *const *args, void *context);
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcetypedef void auth_connect_notify_callback_t(struct auth_client *client,
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce bool connected, void *context);
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce/* Create new authentication client. */
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcestruct auth_client *
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorceauth_client_init(const char *auth_socket_path, unsigned int client_pid,
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce bool debug);
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcevoid auth_client_deinit(struct auth_client **client);
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcevoid auth_client_connect(struct auth_client *client);
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcevoid auth_client_disconnect(struct auth_client *client, const char *reason);
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcebool auth_client_is_connected(struct auth_client *client);
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcebool auth_client_is_disconnected(struct auth_client *client);
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcevoid auth_client_set_connect_notify(struct auth_client *client,
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce auth_connect_notify_callback_t *callback,
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce void *context) ATTR_NULL(2, 3);
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorceconst struct auth_mech_desc *
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorceauth_client_get_available_mechs(struct auth_client *client,
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce unsigned int *mech_count);
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorceconst struct auth_mech_desc *
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorceauth_client_find_mech(struct auth_client *client, const char *name);
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce/* Return current connection's identifiers. */
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorcevoid auth_client_get_connect_id(struct auth_client *client,
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce unsigned int *server_pid_r,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce unsigned int *connect_uid_r);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce/* Create a new authentication request. callback is called whenever something
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce happens for the request. */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcestruct auth_client_request *
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceauth_client_request_new(struct auth_client *client,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce const struct auth_request_info *request_info,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce auth_request_callback_t *callback, void *context)
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce ATTR_NULL(4);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce/* Continue authentication. Call when
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce reply->result == AUTH_CLIENT_REQUEST_CONTINUE */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcevoid auth_client_request_continue(struct auth_client_request *request,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce const char *data_base64);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce/* Abort ongoing authentication request. */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcevoid auth_client_request_abort(struct auth_client_request **request);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce/* Return ID of this request. */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceunsigned int auth_client_request_get_id(struct auth_client_request *request);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce/* Return the PID of the server that handled this request. */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceunsigned int
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceauth_client_request_get_server_pid(struct auth_client_request *request);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce/* Return cookie of the server that handled this request. */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceconst char *auth_client_request_get_cookie(struct auth_client_request *request);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce/* Tell auth process to drop specified request from memory */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcevoid auth_client_send_cancel(struct auth_client *client, unsigned int id);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#endif
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce