summaryrefslogtreecommitdiffstats
path: root/src/auth/passdb.h
blob: f9b33ea81ffb9acc28ce643354006a7b681e5727 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#ifndef PASSDB_H
#define PASSDB_H

#include "md5.h"

#define IS_VALID_PASSWD(pass) \
	((pass)[0] != '\0' && (pass)[0] != '*' && (pass)[0] != '!')

struct auth_request;
struct auth_passdb_settings;

enum passdb_result {
	PASSDB_RESULT_INTERNAL_FAILURE = -1,
	PASSDB_RESULT_SCHEME_NOT_AVAILABLE = -2,

	PASSDB_RESULT_USER_UNKNOWN = -3,
	PASSDB_RESULT_USER_DISABLED = -4,
	PASSDB_RESULT_PASS_EXPIRED = -5,
	PASSDB_RESULT_NEXT = -6,

	PASSDB_RESULT_PASSWORD_MISMATCH = 0,
	PASSDB_RESULT_OK = 1
};

typedef void verify_plain_callback_t(enum passdb_result result,
				     struct auth_request *request);
typedef void verify_plain_continue_callback_t(struct auth_request *request,
					      verify_plain_callback_t *callback);
typedef void lookup_credentials_callback_t(enum passdb_result result,
					   const unsigned char *credentials,
					   size_t size,
					   struct auth_request *request);
typedef void set_credentials_callback_t(bool success,
					struct auth_request *request);

struct passdb_module_interface {
	const char *name;

	struct passdb_module *(*preinit)(pool_t pool, const char *args);
	void (*init)(struct passdb_module *module);
	void (*deinit)(struct passdb_module *module);

	/* Check if plaintext password matches */
	void (*verify_plain)(struct auth_request *request, const char *password,
			     verify_plain_callback_t *callback);

	/* Return authentication credentials, set in
	   auth_request->credentials. */
	void (*lookup_credentials)(struct auth_request *request, 
				   lookup_credentials_callback_t *callback);

	/* Update credentials */
	void (*set_credentials)(struct auth_request *request,
				const char *new_credentials,
				set_credentials_callback_t *callback);
};

struct passdb_module {
	const char *args;
	/* The default caching key for this module, or NULL if caching isn't
	   wanted. This is updated by settings in auth_passdb. */
	const char *default_cache_key;
	/* Default password scheme for this module.
	   If default_cache_key is set, must not be NULL. */
	const char *default_pass_scheme;
	/* Supported authentication mechanisms, NULL is all, [NULL] is none*/
	const char *const *mechanisms;
	/* Username filter, NULL is no filter */
	const char *const *username_filter;

	/* If blocking is set to TRUE, use child processes to access
	   this passdb. */
	bool blocking;
        /* id is used by blocking passdb to identify the passdb */
	unsigned int id;

	/* number of time init() has been called */
	int init_refcount;

	/* WARNING: avoid adding anything here that isn't based on args.
	   if you do, you need to change passdb.c:passdb_find() also to avoid
	   accidentally merging wrong passdbs. */

	struct passdb_module_interface iface;
};

const char *passdb_result_to_string(enum passdb_result result);

/* Try to get credentials in wanted scheme (request->credentials_scheme) from
   given input. Returns FALSE if this wasn't possible (unknown scheme,
   conversion not possible or invalid credentials).

   If wanted scheme is "", the credentials are returned as-is without any
   checks. This is useful mostly just to see if there exist any credentials
   at all. */
bool passdb_get_credentials(struct auth_request *auth_request,
			    const char *input, const char *input_scheme,
			    const unsigned char **credentials_r,
			    size_t *size_r);

void passdb_handle_credentials(enum passdb_result result,
			       const char *password, const char *scheme,
			       lookup_credentials_callback_t *callback,
                               struct auth_request *auth_request);

struct passdb_module *
passdb_preinit(pool_t pool, const struct auth_passdb_settings *set);
void passdb_init(struct passdb_module *passdb);
void passdb_deinit(struct passdb_module *passdb);

void passdb_register_module(struct passdb_module_interface *iface);
void passdb_unregister_module(struct passdb_module_interface *iface);

void passdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]);

void passdbs_init(void);
void passdbs_deinit(void);

const char *passdb_oauth2_get_oidc_url(struct passdb_module *passdb);

#include "auth-request.h"

#endif