fc71e94957d0c2959a609450a2f303640d681858Sascha Wilde#ifndef AUTH_MASTER_H
fc71e94957d0c2959a609450a2f303640d681858Sascha Wilde#define AUTH_MASTER_H
fc71e94957d0c2959a609450a2f303640d681858Sascha Wilde
bdd36cfdba3ff66d25570a9ff568d69e1eb543cfTimo Sirainen#include "net.h"
fc464e5b2b2ab4d415a5d5b90ce4475d34620a75Timo Sirainen
c5a6a6565be93224fc26522eda855b0990f256e8Timo Sirainenenum auth_master_flags {
c5a6a6565be93224fc26522eda855b0990f256e8Timo Sirainen /* Enable logging debug information */
c5a6a6565be93224fc26522eda855b0990f256e8Timo Sirainen AUTH_MASTER_FLAG_DEBUG = 0x01,
c5a6a6565be93224fc26522eda855b0990f256e8Timo Sirainen /* Don't disconnect from auth socket when idling */
c5a6a6565be93224fc26522eda855b0990f256e8Timo Sirainen AUTH_MASTER_FLAG_NO_IDLE_TIMEOUT = 0x02
c5a6a6565be93224fc26522eda855b0990f256e8Timo Sirainen};
c5a6a6565be93224fc26522eda855b0990f256e8Timo Sirainen
fc464e5b2b2ab4d415a5d5b90ce4475d34620a75Timo Sirainenstruct auth_user_info {
fc464e5b2b2ab4d415a5d5b90ce4475d34620a75Timo Sirainen const char *service;
fc464e5b2b2ab4d415a5d5b90ce4475d34620a75Timo Sirainen struct ip_addr local_ip, remote_ip;
009217abb57a24a4076092e8e4e165545747839eStephan Bosch in_port_t local_port, remote_port;
2087543679f0b35a8f70e1277b234e66ffdf96edTimo Sirainen bool debug;
fc464e5b2b2ab4d415a5d5b90ce4475d34620a75Timo Sirainen};
fc464e5b2b2ab4d415a5d5b90ce4475d34620a75Timo Sirainen
fc71e94957d0c2959a609450a2f303640d681858Sascha Wildestruct auth_user_reply {
fc71e94957d0c2959a609450a2f303640d681858Sascha Wilde uid_t uid;
fc71e94957d0c2959a609450a2f303640d681858Sascha Wilde gid_t gid;
9f10cc61ec303351b43e54155c86699ef53cb8beTimo Sirainen const char *home, *chroot;
aba994a4e79a020b4748e0ceffc194e5a18e1d1aTimo Sirainen ARRAY_TYPE(const_string) extra_fields;
0dffa25d211be541ee3c953b23566a1a990789dfTimo Sirainen bool anonymous:1;
fc71e94957d0c2959a609450a2f303640d681858Sascha Wilde};
fc71e94957d0c2959a609450a2f303640d681858Sascha Wilde
64bfe7b4a42512971db154937905dfa2bdb9cf2cTimo Sirainenstruct auth_master_connection *
c5a6a6565be93224fc26522eda855b0990f256e8Timo Sirainenauth_master_init(const char *auth_socket_path, enum auth_master_flags flags);
64bfe7b4a42512971db154937905dfa2bdb9cf2cTimo Sirainenvoid auth_master_deinit(struct auth_master_connection **conn);
fc71e94957d0c2959a609450a2f303640d681858Sascha Wilde
89fda66c5c4204f3bc27e160fbadb463e028b811Timo Sirainen/* Returns the auth_socket_path */
89fda66c5c4204f3bc27e160fbadb463e028b811Timo Sirainenconst char *auth_master_get_socket_path(struct auth_master_connection *conn);
89fda66c5c4204f3bc27e160fbadb463e028b811Timo Sirainen
83b7b796c758aee9b6de130bd7e8631fe9fc0bebTimo Sirainen/* Do a USER lookup. Returns -2 = user-specific error, -1 = internal error,
83b7b796c758aee9b6de130bd7e8631fe9fc0bebTimo Sirainen 0 = user not found, 1 = ok. When returning -1 and fields[0] isn't NULL, it
83b7b796c758aee9b6de130bd7e8631fe9fc0bebTimo Sirainen contains an error message that should be shown to user. */
64bfe7b4a42512971db154937905dfa2bdb9cf2cTimo Sirainenint auth_master_user_lookup(struct auth_master_connection *conn,
fc464e5b2b2ab4d415a5d5b90ce4475d34620a75Timo Sirainen const char *user, const struct auth_user_info *info,
9f10cc61ec303351b43e54155c86699ef53cb8beTimo Sirainen pool_t pool, const char **username_r,
9f10cc61ec303351b43e54155c86699ef53cb8beTimo Sirainen const char *const **fields_r);
fc464e5b2b2ab4d415a5d5b90ce4475d34620a75Timo Sirainen/* Do a PASS lookup (the actual password isn't returned). */
fc464e5b2b2ab4d415a5d5b90ce4475d34620a75Timo Sirainenint auth_master_pass_lookup(struct auth_master_connection *conn,
fc464e5b2b2ab4d415a5d5b90ce4475d34620a75Timo Sirainen const char *user, const struct auth_user_info *info,
fc464e5b2b2ab4d415a5d5b90ce4475d34620a75Timo Sirainen pool_t pool, const char *const **fields_r);
a43145989f87ec68754e21234e7b6d892c4a4421Timo Sirainen/* Flush authentication cache for everyone (users=NULL) or only for specified
a43145989f87ec68754e21234e7b6d892c4a4421Timo Sirainen users. Returns number of users flushed from cache. */
a43145989f87ec68754e21234e7b6d892c4a4421Timo Sirainenint auth_master_cache_flush(struct auth_master_connection *conn,
a43145989f87ec68754e21234e7b6d892c4a4421Timo Sirainen const char *const *users, unsigned int *count_r);
fc71e94957d0c2959a609450a2f303640d681858Sascha Wilde
9f10cc61ec303351b43e54155c86699ef53cb8beTimo Sirainen/* Parse userdb extra fields into auth_user_reply structure. */
9f10cc61ec303351b43e54155c86699ef53cb8beTimo Sirainenvoid auth_user_fields_parse(const char *const *fields, pool_t pool,
9f10cc61ec303351b43e54155c86699ef53cb8beTimo Sirainen struct auth_user_reply *reply_r);
9f10cc61ec303351b43e54155c86699ef53cb8beTimo Sirainen
665e9d14c005b65d95eae0baaa471c51e5caca73Timo Sirainen/* Iterate through all users. If user_mask is non-NULL, it contains a string
665e9d14c005b65d95eae0baaa471c51e5caca73Timo Sirainen with wildcards ('*', '?') that the auth server MAY use to limit what users
665e9d14c005b65d95eae0baaa471c51e5caca73Timo Sirainen are returned (but it may as well return all users anyway). */
4b1359bde7d32667197548652a4b4f540062e2acTimo Sirainenstruct auth_master_user_list_ctx *
665e9d14c005b65d95eae0baaa471c51e5caca73Timo Sirainenauth_master_user_list_init(struct auth_master_connection *conn,
665e9d14c005b65d95eae0baaa471c51e5caca73Timo Sirainen const char *user_mask,
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen const struct auth_user_info *info) ATTR_NULL(3);
4b1359bde7d32667197548652a4b4f540062e2acTimo Sirainenconst char *auth_master_user_list_next(struct auth_master_user_list_ctx *ctx);
4b1359bde7d32667197548652a4b4f540062e2acTimo Sirainen/* Returns -1 if anything failed, 0 if ok */
4b1359bde7d32667197548652a4b4f540062e2acTimo Sirainenint auth_master_user_list_deinit(struct auth_master_user_list_ctx **ctx);
4b1359bde7d32667197548652a4b4f540062e2acTimo Sirainen
fc71e94957d0c2959a609450a2f303640d681858Sascha Wilde#endif