summaryrefslogtreecommitdiffstats
path: root/include/mod_auth.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/mod_auth.h141
1 files changed, 141 insertions, 0 deletions
diff --git a/include/mod_auth.h b/include/mod_auth.h
new file mode 100644
index 0000000..639b97f
--- /dev/null
+++ b/include/mod_auth.h
@@ -0,0 +1,141 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file mod_auth.h
+ * @brief Authentication and Authorization Extension for Apache
+ *
+ * @defgroup MOD_AUTH mod_auth
+ * @ingroup APACHE_MODS
+ */
+
+#ifndef APACHE_MOD_AUTH_H
+#define APACHE_MOD_AUTH_H
+
+#include "apr_pools.h"
+#include "apr_hash.h"
+#include "apr_optional.h"
+
+#include "httpd.h"
+#include "http_config.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define AUTHN_PROVIDER_GROUP "authn"
+#define AUTHZ_PROVIDER_GROUP "authz"
+#define AUTHN_PROVIDER_VERSION "0"
+#define AUTHZ_PROVIDER_VERSION "0"
+#define AUTHN_DEFAULT_PROVIDER "file"
+
+#define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name"
+#define AUTHZ_PROVIDER_NAME_NOTE "authz_provider_name"
+
+#define AUTHN_PREFIX "AUTHENTICATE_"
+#define AUTHZ_PREFIX "AUTHORIZE_"
+
+/** all of the requirements must be met */
+#ifndef SATISFY_ALL
+#define SATISFY_ALL 0
+#endif
+/** any of the requirements must be met */
+#ifndef SATISFY_ANY
+#define SATISFY_ANY 1
+#endif
+/** There are no applicable satisfy lines */
+#ifndef SATISFY_NOSPEC
+#define SATISFY_NOSPEC 2
+#endif
+
+typedef enum {
+ AUTH_DENIED,
+ AUTH_GRANTED,
+ AUTH_USER_FOUND,
+ AUTH_USER_NOT_FOUND,
+ AUTH_GENERAL_ERROR
+} authn_status;
+
+typedef enum {
+ AUTHZ_DENIED,
+ AUTHZ_GRANTED,
+ AUTHZ_NEUTRAL,
+ AUTHZ_GENERAL_ERROR,
+ AUTHZ_DENIED_NO_USER /* denied because r->user == NULL */
+} authz_status;
+
+typedef struct {
+ /* Given a username and password, expected to return AUTH_GRANTED
+ * if we can validate this user/password combination.
+ */
+ authn_status (*check_password)(request_rec *r, const char *user,
+ const char *password);
+
+ /* Given a user and realm, expected to return AUTH_USER_FOUND if we
+ * can find a md5 hash of 'user:realm:password'
+ */
+ authn_status (*get_realm_hash)(request_rec *r, const char *user,
+ const char *realm, char **rethash);
+} authn_provider;
+
+/* A linked-list of authn providers. */
+typedef struct authn_provider_list authn_provider_list;
+
+struct authn_provider_list {
+ const char *provider_name;
+ const authn_provider *provider;
+ authn_provider_list *next;
+};
+
+typedef struct {
+ /* Given a request_rec, expected to return AUTHZ_GRANTED
+ * if we can authorize user access.
+ * @param r the request record
+ * @param require_line the argument to the authz provider
+ * @param parsed_require_line the value set by parse_require_line(), if any
+ */
+ authz_status (*check_authorization)(request_rec *r,
+ const char *require_line,
+ const void *parsed_require_line);
+
+ /** Check the syntax of a require line and optionally cache the parsed
+ * line. This function may be NULL.
+ * @param cmd the config directive
+ * @param require_line the argument to the authz provider
+ * @param parsed_require_line place to store parsed require_line for use by provider
+ * @return Error message or NULL on success
+ */
+ const char *(*parse_require_line)(cmd_parms *cmd, const char *require_line,
+ const void **parsed_require_line);
+} authz_provider;
+
+/* ap_authn_cache_store: Optional function for authn providers
+ * to enable caching their lookups with mod_authn_cache
+ * @param r The request rec
+ * @param module Module identifier
+ * @param user User name to authenticate
+ * @param realm Digest authn realm (NULL for basic authn)
+ * @param data The value looked up by the authn provider, to cache
+ */
+APR_DECLARE_OPTIONAL_FN(void, ap_authn_cache_store,
+ (request_rec*, const char*, const char*,
+ const char*, const char*));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif