1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2  * contributor license agreements.  See the NOTICE file distributed with
3  * this work for additional information regarding copyright ownership.
4  * The ASF licenses this file to You under the Apache License, Version 2.0
5  * (the "License"); you may not use this file except in compliance with
6  * the License.  You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 /**
18  * @file  mod_auth.h
19  * @brief Authentication and Authorization Extension for Apache
20  *
21  * @defgroup MOD_AUTH mod_auth
22  * @ingroup  APACHE_MODS
23  */
24 
25 #ifndef APACHE_MOD_AUTH_H
26 #define APACHE_MOD_AUTH_H
27 
28 #include "apr_pools.h"
29 #include "apr_hash.h"
30 #include "apr_optional.h"
31 
32 #include "httpd.h"
33 #include "http_config.h"
34 
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38 
39 #define AUTHN_PROVIDER_GROUP "authn"
40 #define AUTHZ_PROVIDER_GROUP "authz"
41 #define AUTHN_PROVIDER_VERSION "0"
42 #define AUTHZ_PROVIDER_VERSION "0"
43 #define AUTHN_DEFAULT_PROVIDER "file"
44 
45 #define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name"
46 #define AUTHZ_PROVIDER_NAME_NOTE "authz_provider_name"
47 
48 #define AUTHN_PREFIX "AUTHENTICATE_"
49 #define AUTHZ_PREFIX "AUTHORIZE_"
50 
51 /** all of the requirements must be met */
52 #ifndef SATISFY_ALL
53 #define SATISFY_ALL 0
54 #endif
55 /**  any of the requirements must be met */
56 #ifndef SATISFY_ANY
57 #define SATISFY_ANY 1
58 #endif
59 /** There are no applicable satisfy lines */
60 #ifndef SATISFY_NOSPEC
61 #define SATISFY_NOSPEC 2
62 #endif
63 
64 typedef enum {
65     AUTH_DENIED,
66     AUTH_GRANTED,
67     AUTH_USER_FOUND,
68     AUTH_USER_NOT_FOUND,
69     AUTH_GENERAL_ERROR
70 } authn_status;
71 
72 typedef enum {
73     AUTHZ_DENIED,
74     AUTHZ_GRANTED,
75     AUTHZ_NEUTRAL,
76     AUTHZ_GENERAL_ERROR,
77     AUTHZ_DENIED_NO_USER      /* denied because r->user == NULL */
78 } authz_status;
79 
80 typedef struct {
81     /* Given a username and password, expected to return AUTH_GRANTED
82      * if we can validate this user/password combination.
83      */
84     authn_status (*check_password)(request_rec *r, const char *user,
85                                    const char *password);
86 
87     /* Given a user and realm, expected to return AUTH_USER_FOUND if we
88      * can find a md5 hash of 'user:realm:password'
89      */
90     authn_status (*get_realm_hash)(request_rec *r, const char *user,
91                                    const char *realm, char **rethash);
92 } authn_provider;
93 
94 /* A linked-list of authn providers. */
95 typedef struct authn_provider_list authn_provider_list;
96 
97 struct authn_provider_list {
98     const char *provider_name;
99     const authn_provider *provider;
100     authn_provider_list *next;
101 };
102 
103 typedef struct {
104     /* Given a request_rec, expected to return AUTHZ_GRANTED
105      * if we can authorize user access.
106      * @param r the request record
107      * @param require_line the argument to the authz provider
108      * @param parsed_require_line the value set by parse_require_line(), if any
109      */
110     authz_status (*check_authorization)(request_rec *r,
111                                         const char *require_line,
112                                         const void *parsed_require_line);
113 
114     /** Check the syntax of a require line and optionally cache the parsed
115      * line. This function may be NULL.
116      * @param cmd the config directive
117      * @param require_line the argument to the authz provider
118      * @param parsed_require_line place to store parsed require_line for use by provider
119      * @return Error message or NULL on success
120      */
121     const char *(*parse_require_line)(cmd_parms *cmd, const char *require_line,
122                                       const void **parsed_require_line);
123 } authz_provider;
124 
125 /* ap_authn_cache_store: Optional function for authn providers
126  * to enable cacheing their lookups with mod_authn_cache
127  * @param r The request rec
128  * @param module Module identifier
129  * @param user User name to authenticate
130  * @param realm Digest authn realm (NULL for basic authn)
131  * @param data The value looked up by the authn provider, to cache
132  */
133 APR_DECLARE_OPTIONAL_FN(void, ap_authn_cache_store,
134                         (request_rec*, const char*, const char*,
135                          const char*, const char*));
136 
137 #ifdef __cplusplus
138 }
139 #endif
140 
141 #endif
142