src/lib-master/master-auth.h

d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen#ifndef MASTER_AUTH_H
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen#define MASTER_AUTH_H
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen
bdd36cfdba3ff66d25570a9ff568d69e1eb543cfTimo Sirainen#include "net.h"
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainenstruct master_service;
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen/* Major version changes are not backwards compatible,
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen   minor version numbers can be ignored. */
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen#define AUTH_MASTER_PROTOCOL_MAJOR_VERSION 1
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen#define AUTH_MASTER_PROTOCOL_MINOR_VERSION 1
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen/* Authentication client process's cookie size */
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen#define MASTER_AUTH_COOKIE_SIZE (128/8)
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen
27712ff41adb9564e946a3f392c90da918c8a2e1Timo Sirainen/* LOGIN_MAX_INBUF_SIZE should be based on this. Keep this large enough so that
27712ff41adb9564e946a3f392c90da918c8a2e1Timo Sirainen   LOGIN_MAX_INBUF_SIZE will be 1024+2 bytes. This is because IMAP ID command's
27712ff41adb9564e946a3f392c90da918c8a2e1Timo Sirainen   values may be max. 1024 bytes plus 2 for "" quotes. (Although it could be
27712ff41adb9564e946a3f392c90da918c8a2e1Timo Sirainen   even double of that when value is full of \" quotes, but for now lets not
27712ff41adb9564e946a3f392c90da918c8a2e1Timo Sirainen   make it too easy to waste memory..) */
84e4f27dd10c56cd63d75a04af5f5eb2a1b70d22Timo Sirainen#define MASTER_AUTH_MAX_DATA_SIZE (1024 + 128 + 64 + 2)
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen
3b22894b8805b186c73d8b754001e8d7e944be85Timo Sirainen#define MASTER_AUTH_ERRMSG_INTERNAL_FAILURE \
3b22894b8805b186c73d8b754001e8d7e944be85Timo Sirainen    "Internal error occurred. Refer to server log for more information."
3b22894b8805b186c73d8b754001e8d7e944be85Timo Sirainen
7b1bdf60531f8d511e9983e2bd6375938d711cffTimo Sirainenenum mail_auth_request_flags {
7b1bdf60531f8d511e9983e2bd6375938d711cffTimo Sirainen    /* Connection has TLS compression enabled */
e213fe0f4040bb6001e76edd51131ccf18129a3fStephan Bosch    MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION  = BIT(0),
e213fe0f4040bb6001e76edd51131ccf18129a3fStephan Bosch    /* Connection is secure (SSL or just trusted) */
e213fe0f4040bb6001e76edd51131ccf18129a3fStephan Bosch    MAIL_AUTH_REQUEST_FLAG_CONN_SECURED = BIT(1),
e213fe0f4040bb6001e76edd51131ccf18129a3fStephan Bosch    /* Connection is secured using SSL specifically */
e213fe0f4040bb6001e76edd51131ccf18129a3fStephan Bosch    MAIL_AUTH_REQUEST_FLAG_CONN_SSL_SECURED = BIT(2),
7b1bdf60531f8d511e9983e2bd6375938d711cffTimo Sirainen};
7b1bdf60531f8d511e9983e2bd6375938d711cffTimo Sirainen
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen/* Authentication request. File descriptor may be sent along with the
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen   request. */
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainenstruct master_auth_request {
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    /* Request tag. Reply is sent back using same tag. */
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    unsigned int tag;
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    /* Authentication process, authentication ID and auth cookie. */
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    pid_t auth_pid;
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    unsigned int auth_id;
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    unsigned int client_pid;
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    uint8_t cookie[MASTER_AUTH_COOKIE_SIZE];
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen
e213fe0f4040bb6001e76edd51131ccf18129a3fStephan Bosch    /* Properties of the connection. The file descriptor
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen       itself may be a local socketpair. */
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    struct ip_addr local_ip, remote_ip;
e213fe0f4040bb6001e76edd51131ccf18129a3fStephan Bosch    in_port_t local_port, remote_port;
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen
7b1bdf60531f8d511e9983e2bd6375938d711cffTimo Sirainen    uint32_t flags;
7b1bdf60531f8d511e9983e2bd6375938d711cffTimo Sirainen
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    /* request follows this many bytes of client input */
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    uint32_t data_size;
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    /* inode of the transferred fd. verified just to be sure that the
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen       correct fd is mapped to the correct struct. */
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    ino_t ino;
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen};
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainenenum master_auth_status {
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    MASTER_AUTH_STATUS_OK,
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    MASTER_AUTH_STATUS_INTERNAL_ERROR
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen};
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainenstruct master_auth_reply {
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    /* tag=0 are notifications from master */
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    unsigned int tag;
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    enum master_auth_status status;
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    /* PID of the post-login mail process handling this connection */
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen    pid_t mail_pid;
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen};
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainenstruct master_auth_request_params {
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen    /* Client fd to transfer to post-login process or -1 if no fd is
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen       wanted to be transferred. */
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen    int client_fd;
9498baa8f374be5b878c0571d07e8ad060a1fdecTimo Sirainen    /* Override master_auth->default_path if non-NULL */
9498baa8f374be5b878c0571d07e8ad060a1fdecTimo Sirainen    const char *socket_path;
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen    /* Authentication request that is sent to post-login process.
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen       tag is ignored. */
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen    struct master_auth_request request;
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen    /* Client input of size request.data_size */
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen    const unsigned char *data;
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen};
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen
3b22894b8805b186c73d8b754001e8d7e944be85Timo Sirainen/* reply=NULL if the auth lookup was cancelled due to some error */
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainentypedef void master_auth_callback_t(const struct master_auth_reply *reply,
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen                    void *context);
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainenstruct master_auth *
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainenmaster_auth_init(struct master_service *service, const char *path);
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainenvoid master_auth_deinit(struct master_auth **auth);
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen/* Send an authentication request. Returns tag which can be used to abort the
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen   request (ie. ignore the reply from master). */
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainenvoid master_auth_request_full(struct master_auth *auth,
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen                  const struct master_auth_request_params *params,
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen                  master_auth_callback_t *callback, void *context,
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen                  unsigned int *tag_r);
2d8e25bef14245b078868a64396da025f547ad27Timo Sirainen/* For backwards compatibility: */
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainenvoid master_auth_request(struct master_auth *auth, int fd,
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen             const struct master_auth_request *request,
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen             const unsigned char *data,
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen             master_auth_callback_t *callback,
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen             void *context, unsigned int *tag_r);
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainenvoid master_auth_request_abort(struct master_auth *auth, unsigned int tag);
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen#endif