diff options
Diffstat (limited to '')
-rw-r--r-- | src/lib-auth/auth-client.h | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/src/lib-auth/auth-client.h b/src/lib-auth/auth-client.h new file mode 100644 index 0000000..917f904 --- /dev/null +++ b/src/lib-auth/auth-client.h @@ -0,0 +1,124 @@ +#ifndef AUTH_CLIENT_H +#define AUTH_CLIENT_H + +#include "net.h" +#include "auth-client-interface.h" + +struct auth_client; +struct auth_client_request; + +enum auth_request_flags { + AUTH_REQUEST_FLAG_SECURED = 0x01, + AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02, + /* Skip penalty checks for this request */ + AUTH_REQUEST_FLAG_NO_PENALTY = 0x04, + /* Support final SASL response */ + AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP = 0x08, + /* Enable auth_debug=yes logging for this request */ + AUTH_REQUEST_FLAG_DEBUG = 0x10, + /* If TLS was used */ + AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS = 0x20, +}; + +enum auth_request_status { + AUTH_REQUEST_STATUS_ABORT = -3, + AUTH_REQUEST_STATUS_INTERNAL_FAIL = -2, + AUTH_REQUEST_STATUS_FAIL = -1, + AUTH_REQUEST_STATUS_CONTINUE, + AUTH_REQUEST_STATUS_OK +}; + +struct auth_mech_desc { + char *name; + enum mech_security_flags flags; +}; + +struct auth_connect_id { + unsigned int server_pid; + unsigned int connect_uid; +}; + +struct auth_request_info { + const char *mech; + const char *service; + const char *session_id; + const char *cert_username; + const char *local_name; + const char *client_id; + const char *forward_fields; + ARRAY_TYPE(const_string) extra_fields; + + unsigned int ssl_cipher_bits; + const char *ssl_cipher; + const char *ssl_pfs; + const char *ssl_protocol; + + enum auth_request_flags flags; + + struct ip_addr local_ip, remote_ip, real_local_ip, real_remote_ip; + in_port_t local_port, remote_port, real_local_port, real_remote_port; + + const char *initial_resp_base64; +}; + +typedef void auth_request_callback_t(struct auth_client_request *request, + enum auth_request_status status, + const char *data_base64, + const char *const *args, void *context); + +typedef void auth_connect_notify_callback_t(struct auth_client *client, + bool connected, void *context); + +/* Create new authentication client. */ +struct auth_client * +auth_client_init(const char *auth_socket_path, unsigned int client_pid, + bool debug); +void auth_client_deinit(struct auth_client **client); + +void auth_client_connect(struct auth_client *client); +void auth_client_disconnect(struct auth_client *client, const char *reason); +bool auth_client_is_connected(struct auth_client *client); +bool auth_client_is_disconnected(struct auth_client *client); + +void auth_client_set_connect_timeout(struct auth_client *client, + unsigned int msecs); +void auth_client_set_connect_notify(struct auth_client *client, + auth_connect_notify_callback_t *callback, + void *context) ATTR_NULL(2, 3); +const struct auth_mech_desc * +auth_client_get_available_mechs(struct auth_client *client, + unsigned int *mech_count); +const struct auth_mech_desc * +auth_client_find_mech(struct auth_client *client, const char *name); + +/* Return current connection's identifiers. */ +void auth_client_get_connect_id(struct auth_client *client, + unsigned int *server_pid_r, + unsigned int *connect_uid_r); + +/* Create a new authentication request. callback is called whenever something + happens for the request. */ +struct auth_client_request * +auth_client_request_new(struct auth_client *client, + const struct auth_request_info *request_info, + auth_request_callback_t *callback, void *context) + ATTR_NULL(4); +/* Continue authentication. Call when + reply->result == AUTH_CLIENT_REQUEST_CONTINUE */ +void auth_client_request_continue(struct auth_client_request *request, + const char *data_base64); +/* Abort ongoing authentication request. */ +void auth_client_request_abort(struct auth_client_request **request, + const char *reason) ATTR_NULL(2); +/* Return ID of this request. */ +unsigned int auth_client_request_get_id(struct auth_client_request *request); +/* Return the PID of the server that handled this request. */ +unsigned int +auth_client_request_get_server_pid(struct auth_client_request *request); +/* Return cookie of the server that handled this request. */ +const char *auth_client_request_get_cookie(struct auth_client_request *request); + +/* Tell auth process to drop specified request from memory */ +void auth_client_send_cancel(struct auth_client *client, unsigned int id); + +#endif |