2016-03-10 10:07:52 +01:00
|
|
|
/* authd/provider.h - authentication provider framework
|
2016-03-10 08:50:36 +01:00
|
|
|
* Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
|
|
|
|
*
|
|
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
* copyright notice and this permission notice is present in all copies.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
|
|
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
|
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
|
|
|
|
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
|
|
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
|
|
|
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
2016-03-10 10:07:52 +01:00
|
|
|
#ifndef __CHARYBDIS_AUTHD_PROVIDER_H__
|
|
|
|
#define __CHARYBDIS_AUTHD_PROVIDER_H__
|
2016-03-10 08:50:36 +01:00
|
|
|
|
|
|
|
#include "stdinc.h"
|
2016-03-26 05:04:00 +01:00
|
|
|
#include "authd.h"
|
2016-03-23 01:13:54 +01:00
|
|
|
#include "rb_dictionary.h"
|
2016-03-10 08:50:36 +01:00
|
|
|
|
2016-03-23 01:13:54 +01:00
|
|
|
#define MAX_PROVIDERS 32 /* This should be enough */
|
2016-03-10 08:50:36 +01:00
|
|
|
|
2016-04-05 10:30:02 +02:00
|
|
|
typedef enum
|
|
|
|
{
|
|
|
|
PROVIDER_STATUS_NOTRUN = 0,
|
|
|
|
PROVIDER_STATUS_RUNNING,
|
|
|
|
PROVIDER_STATUS_DONE,
|
|
|
|
} provider_status_t;
|
|
|
|
|
2016-04-05 10:08:52 +02:00
|
|
|
struct auth_client_data
|
|
|
|
{
|
2016-04-05 11:31:22 +02:00
|
|
|
struct auth_provider *provider; /* Pointer back */
|
2016-04-05 10:30:02 +02:00
|
|
|
time_t timeout; /* Provider timeout */
|
|
|
|
void *data; /* Provider data */
|
|
|
|
provider_status_t status; /* Provider status */
|
2016-04-05 10:08:52 +02:00
|
|
|
};
|
|
|
|
|
2016-03-10 08:50:36 +01:00
|
|
|
struct auth_client
|
|
|
|
{
|
2016-03-10 09:42:18 +01:00
|
|
|
uint16_t cid; /* Client ID */
|
2016-03-10 08:50:36 +01:00
|
|
|
|
2016-03-17 22:23:27 +01:00
|
|
|
char l_ip[HOSTIPLEN + 1]; /* Listener IP address */
|
|
|
|
uint16_t l_port; /* Listener port */
|
2016-03-24 00:56:29 +01:00
|
|
|
struct rb_sockaddr_storage l_addr; /* Listener address/port */
|
2016-03-17 22:23:27 +01:00
|
|
|
|
|
|
|
char c_ip[HOSTIPLEN + 1]; /* Client IP address */
|
|
|
|
uint16_t c_port; /* Client port */
|
2016-03-24 00:56:29 +01:00
|
|
|
struct rb_sockaddr_storage c_addr; /* Client address/port */
|
2016-03-10 08:50:36 +01:00
|
|
|
|
2016-03-10 14:25:22 +01:00
|
|
|
char hostname[HOSTLEN + 1]; /* Used for DNS lookup */
|
2016-03-10 09:42:18 +01:00
|
|
|
char username[USERLEN + 1]; /* Used for ident lookup */
|
2016-03-10 08:50:36 +01:00
|
|
|
|
2016-03-27 03:33:21 +02:00
|
|
|
bool providers_starting; /* Providers are still warming up */
|
2016-04-05 10:30:02 +02:00
|
|
|
unsigned int refcount; /* Held references */
|
2016-03-19 21:02:11 +01:00
|
|
|
|
2016-04-05 10:08:52 +02:00
|
|
|
struct auth_client_data *data; /* Provider-specific data */
|
2016-03-17 22:23:27 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
typedef bool (*provider_init_t)(void);
|
|
|
|
typedef void (*provider_destroy_t)(void);
|
|
|
|
|
2016-03-25 01:23:49 +01:00
|
|
|
typedef bool (*provider_start_t)(struct auth_client *);
|
|
|
|
typedef void (*provider_cancel_t)(struct auth_client *);
|
2016-04-05 11:31:22 +02:00
|
|
|
typedef void (*uint32_timeout_t)(struct auth_client *);
|
|
|
|
typedef void (*provider_complete_t)(struct auth_client *, uint32_t);
|
2016-03-25 01:23:49 +01:00
|
|
|
|
2016-03-28 00:15:08 +02:00
|
|
|
struct auth_stats_handler
|
|
|
|
{
|
|
|
|
const char letter;
|
|
|
|
authd_stat_handler handler;
|
|
|
|
};
|
|
|
|
|
2016-03-10 08:50:36 +01:00
|
|
|
struct auth_provider
|
|
|
|
{
|
2016-03-10 10:02:16 +01:00
|
|
|
rb_dlink_node node;
|
|
|
|
|
2016-04-05 11:31:22 +02:00
|
|
|
uint32_t id; /* Provider ID */
|
|
|
|
|
|
|
|
const char *name; /* Name of the provider */
|
|
|
|
char letter; /* Letter used on reject, etc. */
|
2016-03-10 08:50:36 +01:00
|
|
|
|
|
|
|
provider_init_t init; /* Initalise the provider */
|
|
|
|
provider_destroy_t destroy; /* Terminate the provider */
|
|
|
|
|
2016-03-25 01:23:49 +01:00
|
|
|
provider_start_t start; /* Perform authentication */
|
2016-03-10 08:50:36 +01:00
|
|
|
provider_cancel_t cancel; /* Authentication cancelled */
|
2016-04-05 11:31:22 +02:00
|
|
|
uint32_timeout_t timeout; /* Timeout callback */
|
2016-03-10 08:50:36 +01:00
|
|
|
provider_complete_t completed; /* Callback for when other performers complete (think dependency chains) */
|
2016-03-26 05:04:00 +01:00
|
|
|
|
2016-03-28 00:15:08 +02:00
|
|
|
struct auth_stats_handler stats_handler;
|
|
|
|
|
2016-03-26 05:04:00 +01:00
|
|
|
struct auth_opts_handler *opt_handlers;
|
2016-03-10 08:50:36 +01:00
|
|
|
};
|
|
|
|
|
2016-03-10 15:04:17 +01:00
|
|
|
extern struct auth_provider rdns_provider;
|
2016-03-10 17:00:46 +01:00
|
|
|
extern struct auth_provider ident_provider;
|
2016-03-26 02:07:36 +01:00
|
|
|
extern struct auth_provider blacklist_provider;
|
2016-03-31 07:28:05 +02:00
|
|
|
extern struct auth_provider opm_provider;
|
2016-03-10 10:15:03 +01:00
|
|
|
|
2016-04-05 11:31:22 +02:00
|
|
|
extern rb_dictionary *auth_providers;
|
2016-04-04 10:33:25 +02:00
|
|
|
extern rb_dictionary *auth_clients;
|
|
|
|
|
2016-03-10 10:15:03 +01:00
|
|
|
void load_provider(struct auth_provider *provider);
|
|
|
|
void unload_provider(struct auth_provider *provider);
|
|
|
|
|
2016-03-10 08:50:36 +01:00
|
|
|
void init_providers(void);
|
|
|
|
void destroy_providers(void);
|
|
|
|
void cancel_providers(struct auth_client *auth);
|
|
|
|
|
2016-04-05 11:31:22 +02:00
|
|
|
void provider_done(struct auth_client *auth, uint32_t id);
|
|
|
|
void accept_client(struct auth_client *auth, uint32_t id);
|
|
|
|
void reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...);
|
2016-03-10 08:50:36 +01:00
|
|
|
|
|
|
|
void handle_new_connection(int parc, char *parv[]);
|
2016-03-27 06:54:21 +02:00
|
|
|
void handle_cancel_connection(int parc, char *parv[]);
|
2016-03-10 08:50:36 +01:00
|
|
|
|
2016-04-04 10:33:25 +02:00
|
|
|
|
2016-04-05 11:31:22 +02:00
|
|
|
/* Get a provider by name */
|
|
|
|
static inline struct auth_provider *
|
|
|
|
get_provider(const char *name)
|
|
|
|
{
|
|
|
|
return rb_dictionary_retrieve(auth_providers, name);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get a provider's id by name */
|
|
|
|
static inline bool
|
2016-04-06 12:43:28 +02:00
|
|
|
get_provider_id(const char *name, uint32_t *id)
|
2016-04-05 11:31:22 +02:00
|
|
|
{
|
|
|
|
struct auth_provider *provider = get_provider(name);
|
|
|
|
|
|
|
|
if(provider != NULL)
|
|
|
|
{
|
|
|
|
*id = provider->id;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2016-04-05 10:30:02 +02:00
|
|
|
/* Get a provider's raw status */
|
|
|
|
static inline provider_status_t
|
2016-04-05 11:31:22 +02:00
|
|
|
get_provider_status(struct auth_client *auth, uint32_t provider)
|
2016-04-05 10:30:02 +02:00
|
|
|
{
|
|
|
|
return auth->data[provider].status;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Set a provider's raw status */
|
2016-03-27 06:54:21 +02:00
|
|
|
static inline void
|
2016-04-05 11:31:22 +02:00
|
|
|
set_provider_status(struct auth_client *auth, uint32_t provider, provider_status_t status)
|
2016-03-10 08:50:36 +01:00
|
|
|
{
|
2016-04-05 10:30:02 +02:00
|
|
|
auth->data[provider].status = status;
|
2016-03-10 08:50:36 +01:00
|
|
|
}
|
|
|
|
|
2016-04-05 10:30:02 +02:00
|
|
|
/* Set the provider as running
|
|
|
|
* If you're doing asynchronous work call this */
|
2016-03-27 06:54:21 +02:00
|
|
|
static inline void
|
2016-04-05 11:31:22 +02:00
|
|
|
set_provider_running(struct auth_client *auth, uint32_t provider)
|
2016-03-17 22:23:27 +01:00
|
|
|
{
|
2016-04-05 10:30:02 +02:00
|
|
|
auth->refcount++;
|
|
|
|
set_provider_status(auth, provider, PROVIDER_STATUS_RUNNING);
|
2016-03-17 22:23:27 +01:00
|
|
|
}
|
|
|
|
|
2016-04-05 10:30:02 +02:00
|
|
|
/* Provider is no longer operating on this auth client
|
|
|
|
* You should use provider_done and not this */
|
2016-03-27 06:54:21 +02:00
|
|
|
static inline void
|
2016-04-05 11:31:22 +02:00
|
|
|
set_provider_done(struct auth_client *auth, uint32_t provider)
|
2016-03-10 08:50:36 +01:00
|
|
|
{
|
2016-04-05 10:30:02 +02:00
|
|
|
auth->refcount--;
|
|
|
|
set_provider_status(auth, provider, PROVIDER_STATUS_DONE);
|
2016-03-10 08:50:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Check if provider is operating on this auth client */
|
2016-03-27 06:54:21 +02:00
|
|
|
static inline bool
|
2016-04-05 11:31:22 +02:00
|
|
|
is_provider_running(struct auth_client *auth, uint32_t provider)
|
2016-03-17 22:23:27 +01:00
|
|
|
{
|
2016-04-05 10:30:02 +02:00
|
|
|
return get_provider_status(auth, provider) == PROVIDER_STATUS_RUNNING;
|
2016-03-17 22:23:27 +01:00
|
|
|
}
|
|
|
|
|
2016-04-05 10:30:02 +02:00
|
|
|
/* Check if provider has finished on this client */
|
2016-03-27 06:54:21 +02:00
|
|
|
static inline bool
|
2016-04-05 11:31:22 +02:00
|
|
|
is_provider_done(struct auth_client *auth, uint32_t provider)
|
2016-03-10 08:50:36 +01:00
|
|
|
{
|
2016-04-05 10:30:02 +02:00
|
|
|
return get_provider_status(auth, provider) == PROVIDER_STATUS_DONE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get provider auth client data */
|
|
|
|
static inline void *
|
|
|
|
get_provider_data(struct auth_client *auth, uint32_t id)
|
|
|
|
{
|
|
|
|
return auth->data[id].data;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Set provider auth client data */
|
|
|
|
static inline void
|
|
|
|
set_provider_data(struct auth_client *auth, uint32_t id, void *data)
|
|
|
|
{
|
|
|
|
auth->data[id].data = data;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Set timeout relative to current time on provider
|
|
|
|
* When the timeout lapses, the provider's timeout call will execute */
|
|
|
|
static inline void
|
|
|
|
set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout)
|
|
|
|
{
|
|
|
|
auth->data[id].timeout = timeout + rb_current_time();
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Set timeout value in absolute time (Unix timestamp)
|
|
|
|
* When the timeout lapses, the provider's timeout call will execute */
|
|
|
|
static inline void
|
|
|
|
set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout)
|
|
|
|
{
|
|
|
|
auth->data[id].timeout = timeout;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get the timeout value for the provider */
|
|
|
|
static inline time_t
|
|
|
|
get_provider_timeout(struct auth_client *auth, uint32_t id)
|
|
|
|
{
|
|
|
|
return auth->data[id].timeout;
|
2016-03-10 08:50:36 +01:00
|
|
|
}
|
|
|
|
|
2016-03-10 10:07:52 +01:00
|
|
|
#endif /* __CHARYBDIS_AUTHD_PROVIDER_H__ */
|