1 #ifndef AUTH_CLIENT_H 2 #define AUTH_CLIENT_H 3 4 #include "net.h" 5 #include "auth-client-interface.h" 6 7 struct auth_client; 8 struct auth_client_request; 9 10 enum auth_request_flags { 11 AUTH_REQUEST_FLAG_SECURED = 0x01, 12 AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02, 13 /* Skip penalty checks for this request */ 14 AUTH_REQUEST_FLAG_NO_PENALTY = 0x04, 15 /* Support final SASL response */ 16 AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP = 0x08, 17 /* Enable auth_debug=yes logging for this request */ 18 AUTH_REQUEST_FLAG_DEBUG = 0x10, 19 /* If TLS was used */ 20 AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS = 0x20, 21 }; 22 23 enum auth_request_status { 24 AUTH_REQUEST_STATUS_ABORT = -3, 25 AUTH_REQUEST_STATUS_INTERNAL_FAIL = -2, 26 AUTH_REQUEST_STATUS_FAIL = -1, 27 AUTH_REQUEST_STATUS_CONTINUE, 28 AUTH_REQUEST_STATUS_OK 29 }; 30 31 struct auth_mech_desc { 32 char *name; 33 enum mech_security_flags flags; 34 }; 35 36 struct auth_connect_id { 37 unsigned int server_pid; 38 unsigned int connect_uid; 39 }; 40 41 struct auth_request_info { 42 const char *mech; 43 const char *service; 44 const char *session_id; 45 const char *cert_username; 46 const char *local_name; 47 const char *client_id; 48 const char *forward_fields; 49 ARRAY_TYPE(const_string) extra_fields; 50 51 unsigned int ssl_cipher_bits; 52 const char *ssl_cipher; 53 const char *ssl_pfs; 54 const char *ssl_protocol; 55 56 enum auth_request_flags flags; 57 58 struct ip_addr local_ip, remote_ip, real_local_ip, real_remote_ip; 59 in_port_t local_port, remote_port, real_local_port, real_remote_port; 60 61 const char *initial_resp_base64; 62 }; 63 64 typedef void auth_request_callback_t(struct auth_client_request *request, 65 enum auth_request_status status, 66 const char *data_base64, 67 const char *const *args, void *context); 68 69 typedef void auth_connect_notify_callback_t(struct auth_client *client, 70 bool connected, void *context); 71 72 /* Create new authentication client. */ 73 struct auth_client * 74 auth_client_init(const char *auth_socket_path, unsigned int client_pid, 75 bool debug); 76 void auth_client_deinit(struct auth_client **client); 77 78 void auth_client_connect(struct auth_client *client); 79 void auth_client_disconnect(struct auth_client *client, const char *reason); 80 bool auth_client_is_connected(struct auth_client *client); 81 bool auth_client_is_disconnected(struct auth_client *client); 82 83 void auth_client_set_connect_timeout(struct auth_client *client, 84 unsigned int msecs); 85 void auth_client_set_connect_notify(struct auth_client *client, 86 auth_connect_notify_callback_t *callback, 87 void *context) ATTR_NULL(2, 3); 88 const struct auth_mech_desc * 89 auth_client_get_available_mechs(struct auth_client *client, 90 unsigned int *mech_count); 91 const struct auth_mech_desc * 92 auth_client_find_mech(struct auth_client *client, const char *name); 93 94 /* Return current connection's identifiers. */ 95 void auth_client_get_connect_id(struct auth_client *client, 96 unsigned int *server_pid_r, 97 unsigned int *connect_uid_r); 98 99 /* Create a new authentication request. callback is called whenever something 100 happens for the request. */ 101 struct auth_client_request * 102 auth_client_request_new(struct auth_client *client, 103 const struct auth_request_info *request_info, 104 auth_request_callback_t *callback, void *context) 105 ATTR_NULL(4); 106 /* Continue authentication. Call when 107 reply->result == AUTH_CLIENT_REQUEST_CONTINUE */ 108 void auth_client_request_continue(struct auth_client_request *request, 109 const char *data_base64); 110 /* Abort ongoing authentication request. */ 111 void auth_client_request_abort(struct auth_client_request **request, 112 const char *reason) ATTR_NULL(2); 113 /* Return ID of this request. */ 114 unsigned int auth_client_request_get_id(struct auth_client_request *request); 115 /* Return the PID of the server that handled this request. */ 116 unsigned int 117 auth_client_request_get_server_pid(struct auth_client_request *request); 118 /* Return cookie of the server that handled this request. */ 119 const char *auth_client_request_get_cookie(struct auth_client_request *request); 120 121 /* Tell auth process to drop specified request from memory */ 122 void auth_client_send_cancel(struct auth_client *client, unsigned int id); 123 124 #endif 125