diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:06 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:06 +0000 |
commit | 5dff2d61cc1c27747ee398e04d8e02843aabb1f8 (patch) | |
tree | a67c336b406c8227bac912beb74a1ad3cdc55100 /include/mod_auth.h | |
parent | Initial commit. (diff) | |
download | apache2-5dff2d61cc1c27747ee398e04d8e02843aabb1f8.tar.xz apache2-5dff2d61cc1c27747ee398e04d8e02843aabb1f8.zip |
Adding upstream version 2.4.38.upstream/2.4.38upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'include/mod_auth.h')
-rw-r--r-- | include/mod_auth.h | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/include/mod_auth.h b/include/mod_auth.h new file mode 100644 index 0000000..9b9561e --- /dev/null +++ b/include/mod_auth.h @@ -0,0 +1,141 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file mod_auth.h + * @brief Authentication and Authorization Extension for Apache + * + * @defgroup MOD_AUTH mod_auth + * @ingroup APACHE_MODS + */ + +#ifndef APACHE_MOD_AUTH_H +#define APACHE_MOD_AUTH_H + +#include "apr_pools.h" +#include "apr_hash.h" +#include "apr_optional.h" + +#include "httpd.h" +#include "http_config.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define AUTHN_PROVIDER_GROUP "authn" +#define AUTHZ_PROVIDER_GROUP "authz" +#define AUTHN_PROVIDER_VERSION "0" +#define AUTHZ_PROVIDER_VERSION "0" +#define AUTHN_DEFAULT_PROVIDER "file" + +#define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name" +#define AUTHZ_PROVIDER_NAME_NOTE "authz_provider_name" + +#define AUTHN_PREFIX "AUTHENTICATE_" +#define AUTHZ_PREFIX "AUTHORIZE_" + +/** all of the requirements must be met */ +#ifndef SATISFY_ALL +#define SATISFY_ALL 0 +#endif +/** any of the requirements must be met */ +#ifndef SATISFY_ANY +#define SATISFY_ANY 1 +#endif +/** There are no applicable satisfy lines */ +#ifndef SATISFY_NOSPEC +#define SATISFY_NOSPEC 2 +#endif + +typedef enum { + AUTH_DENIED, + AUTH_GRANTED, + AUTH_USER_FOUND, + AUTH_USER_NOT_FOUND, + AUTH_GENERAL_ERROR +} authn_status; + +typedef enum { + AUTHZ_DENIED, + AUTHZ_GRANTED, + AUTHZ_NEUTRAL, + AUTHZ_GENERAL_ERROR, + AUTHZ_DENIED_NO_USER /* denied because r->user == NULL */ +} authz_status; + +typedef struct { + /* Given a username and password, expected to return AUTH_GRANTED + * if we can validate this user/password combination. + */ + authn_status (*check_password)(request_rec *r, const char *user, + const char *password); + + /* Given a user and realm, expected to return AUTH_USER_FOUND if we + * can find a md5 hash of 'user:realm:password' + */ + authn_status (*get_realm_hash)(request_rec *r, const char *user, + const char *realm, char **rethash); +} authn_provider; + +/* A linked-list of authn providers. */ +typedef struct authn_provider_list authn_provider_list; + +struct authn_provider_list { + const char *provider_name; + const authn_provider *provider; + authn_provider_list *next; +}; + +typedef struct { + /* Given a request_rec, expected to return AUTHZ_GRANTED + * if we can authorize user access. + * @param r the request record + * @param require_line the argument to the authz provider + * @param parsed_require_line the value set by parse_require_line(), if any + */ + authz_status (*check_authorization)(request_rec *r, + const char *require_line, + const void *parsed_require_line); + + /** Check the syntax of a require line and optionally cache the parsed + * line. This function may be NULL. + * @param cmd the config directive + * @param require_line the argument to the authz provider + * @param parsed_require_line place to store parsed require_line for use by provider + * @return Error message or NULL on success + */ + const char *(*parse_require_line)(cmd_parms *cmd, const char *require_line, + const void **parsed_require_line); +} authz_provider; + +/* ap_authn_cache_store: Optional function for authn providers + * to enable cacheing their lookups with mod_authn_cache + * @param r The request rec + * @param module Module identifier + * @param user User name to authenticate + * @param realm Digest authn realm (NULL for basic authn) + * @param data The value looked up by the authn provider, to cache + */ +APR_DECLARE_OPTIONAL_FN(void, ap_authn_cache_store, + (request_rec*, const char*, const char*, + const char*, const char*)); + +#ifdef __cplusplus +} +#endif + +#endif |