1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
#ifndef AUTH_CLIENT_H
#define AUTH_CLIENT_H
#include "net.h"
#include "auth-client-interface.h"
struct auth_client;
struct auth_client_request;
enum auth_request_flags {
AUTH_REQUEST_FLAG_SECURED = 0x01,
AUTH_REQUEST_FLAG_VALID_CLIENT_CERT = 0x02,
/* Skip penalty checks for this request */
AUTH_REQUEST_FLAG_NO_PENALTY = 0x04,
/* Support final SASL response */
AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP = 0x08,
/* Enable auth_debug=yes logging for this request */
AUTH_REQUEST_FLAG_DEBUG = 0x10,
/* If TLS was used */
AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS = 0x20,
};
enum auth_request_status {
AUTH_REQUEST_STATUS_ABORT = -3,
AUTH_REQUEST_STATUS_INTERNAL_FAIL = -2,
AUTH_REQUEST_STATUS_FAIL = -1,
AUTH_REQUEST_STATUS_CONTINUE,
AUTH_REQUEST_STATUS_OK
};
struct auth_mech_desc {
char *name;
enum mech_security_flags flags;
};
struct auth_connect_id {
unsigned int server_pid;
unsigned int connect_uid;
};
struct auth_request_info {
const char *mech;
const char *service;
const char *session_id;
const char *cert_username;
const char *local_name;
const char *client_id;
const char *forward_fields;
ARRAY_TYPE(const_string) extra_fields;
unsigned int ssl_cipher_bits;
const char *ssl_cipher;
const char *ssl_pfs;
const char *ssl_protocol;
enum auth_request_flags flags;
struct ip_addr local_ip, remote_ip, real_local_ip, real_remote_ip;
in_port_t local_port, remote_port, real_local_port, real_remote_port;
const char *initial_resp_base64;
};
typedef void auth_request_callback_t(struct auth_client_request *request,
enum auth_request_status status,
const char *data_base64,
const char *const *args, void *context);
typedef void auth_connect_notify_callback_t(struct auth_client *client,
bool connected, void *context);
/* Create new authentication client. */
struct auth_client *
auth_client_init(const char *auth_socket_path, unsigned int client_pid,
bool debug);
void auth_client_deinit(struct auth_client **client);
void auth_client_connect(struct auth_client *client);
void auth_client_disconnect(struct auth_client *client, const char *reason);
bool auth_client_is_connected(struct auth_client *client);
bool auth_client_is_disconnected(struct auth_client *client);
void auth_client_set_connect_timeout(struct auth_client *client,
unsigned int msecs);
void auth_client_set_connect_notify(struct auth_client *client,
auth_connect_notify_callback_t *callback,
void *context) ATTR_NULL(2, 3);
const struct auth_mech_desc *
auth_client_get_available_mechs(struct auth_client *client,
unsigned int *mech_count);
const struct auth_mech_desc *
auth_client_find_mech(struct auth_client *client, const char *name);
/* Return current connection's identifiers. */
void auth_client_get_connect_id(struct auth_client *client,
unsigned int *server_pid_r,
unsigned int *connect_uid_r);
/* Create a new authentication request. callback is called whenever something
happens for the request. */
struct auth_client_request *
auth_client_request_new(struct auth_client *client,
const struct auth_request_info *request_info,
auth_request_callback_t *callback, void *context)
ATTR_NULL(4);
/* Continue authentication. Call when
reply->result == AUTH_CLIENT_REQUEST_CONTINUE */
void auth_client_request_continue(struct auth_client_request *request,
const char *data_base64);
/* Abort ongoing authentication request. */
void auth_client_request_abort(struct auth_client_request **request,
const char *reason) ATTR_NULL(2);
/* Return ID of this request. */
unsigned int auth_client_request_get_id(struct auth_client_request *request);
/* Return the PID of the server that handled this request. */
unsigned int
auth_client_request_get_server_pid(struct auth_client_request *request);
/* Return cookie of the server that handled this request. */
const char *auth_client_request_get_cookie(struct auth_client_request *request);
/* Tell auth process to drop specified request from memory */
void auth_client_send_cancel(struct auth_client *client, unsigned int id);
#endif
|
