dovecot/core-2.2: src/auth/auth-request.h annotate

annotate src/auth/auth-request.h @ 15187:02451e967a06

Renamed network.[ch] to net.[ch]. The function prefixes already started with net_ instead of network_. And icecap wants to use network.h for other purpose. :)

author	Timo Sirainen <tss@iki.fi>
date	Wed, 03 Oct 2012 18:17:26 +0300
parents	ff66315076ce
children	55d20120b348

rev	line source
6410 e4eb71ae8e96 Changed .h ifdef/defines to use <NAME>_H format. Timo Sirainen <tss@iki.fi> parents: 5882 diff changeset	1 #ifndef AUTH_REQUEST_H
e4eb71ae8e96 Changed .h ifdef/defines to use <NAME>_H format. Timo Sirainen <tss@iki.fi> parents: 5882 diff changeset	2 #define AUTH_REQUEST_H
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	3
15187 02451e967a06 Renamed network.[ch] to net.[ch]. Timo Sirainen <tss@iki.fi> parents: 15173 diff changeset	4 #include "net.h"
14340 a090cbbe3008 auth: Fixed auth cache key generation to support %{long} variables Timo Sirainen <tss@iki.fi> parents: 14314 diff changeset	5 #include "var-expand.h"
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	6 #include "mech.h"
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	7 #include "userdb.h"
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	8 #include "passdb.h"
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	9
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	10 struct auth_client_connection;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	11
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	12 enum auth_request_state {
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	13 AUTH_REQUEST_STATE_NEW,
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	14 AUTH_REQUEST_STATE_PASSDB,
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	15 AUTH_REQUEST_STATE_MECH_CONTINUE,
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	16 AUTH_REQUEST_STATE_FINISHED,
11251 6243376eff60 auth: If verbose_proctitle=yes, show auth request counts in ps. Timo Sirainen <tss@iki.fi> parents: 10903 diff changeset	17 AUTH_REQUEST_STATE_USERDB,
6243376eff60 auth: If verbose_proctitle=yes, show auth request counts in ps. Timo Sirainen <tss@iki.fi> parents: 10903 diff changeset	18
6243376eff60 auth: If verbose_proctitle=yes, show auth request counts in ps. Timo Sirainen <tss@iki.fi> parents: 10903 diff changeset	19 AUTH_REQUEST_STATE_MAX
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	20 };
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	21
4295 4fc637010202 Escape SQL strings using sql_escape_string(). Fixes the problems with Timo Sirainen <tss@iki.fi> parents: 4078 diff changeset	22 typedef const char *
4fc637010202 Escape SQL strings using sql_escape_string(). Fixes the problems with Timo Sirainen <tss@iki.fi> parents: 4078 diff changeset	23 auth_request_escape_func_t(const char *string,
4fc637010202 Escape SQL strings using sql_escape_string(). Fixes the problems with Timo Sirainen <tss@iki.fi> parents: 4078 diff changeset	24 const struct auth_request *auth_request);
4fc637010202 Escape SQL strings using sql_escape_string(). Fixes the problems with Timo Sirainen <tss@iki.fi> parents: 4078 diff changeset	25
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	26 struct auth_request {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	27 int refcount;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	28
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	29 pool_t pool;
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	30 enum auth_request_state state;
4030 faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string. Timo Sirainen <timo.sirainen@movial.fi> parents: 3918 diff changeset	31 /* user contains the user who is being authenticated.
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string. Timo Sirainen <timo.sirainen@movial.fi> parents: 3918 diff changeset	32 When master user is logging in as someone else, it gets more
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string. Timo Sirainen <timo.sirainen@movial.fi> parents: 3918 diff changeset	33 complicated. Initially user is set to master's username and the
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string. Timo Sirainen <timo.sirainen@movial.fi> parents: 3918 diff changeset	34 requested_login_user is set to destination username. After masterdb
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string. Timo Sirainen <timo.sirainen@movial.fi> parents: 3918 diff changeset	35 has validated user as a valid master user, master_user is set to
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string. Timo Sirainen <timo.sirainen@movial.fi> parents: 3918 diff changeset	36 user and user is set to requested_login_user. */
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string. Timo Sirainen <timo.sirainen@movial.fi> parents: 3918 diff changeset	37 char user, requested_login_user, *master_user;
4054 f83d7d14b999 Digest-MD5 logins didn't work if passdb changed username. Timo Sirainen <tss@iki.fi> parents: 4033 diff changeset	38 /* original_username contains the username exactly as given by the
f83d7d14b999 Digest-MD5 logins didn't work if passdb changed username. Timo Sirainen <tss@iki.fi> parents: 4033 diff changeset	39 client. this is needed at least with DIGEST-MD5 for password
6619 2a36e7d9ddb6 Don't keep master username in original_username. Timo Sirainen <tss@iki.fi> parents: 6411 diff changeset	40 verification. however with master logins the master username has
2a36e7d9ddb6 Don't keep master username in original_username. Timo Sirainen <tss@iki.fi> parents: 6411 diff changeset	41 been dropped from it. */
4054 f83d7d14b999 Digest-MD5 logins didn't work if passdb changed username. Timo Sirainen <tss@iki.fi> parents: 4033 diff changeset	42 const char *original_username;
6658 d22888a77a1e Auth cache didn't work for usernames that got translated internally. Timo Sirainen <tss@iki.fi> parents: 6619 diff changeset	43 /* the username after doing all internal translations, but before
d22888a77a1e Auth cache didn't work for usernames that got translated internally. Timo Sirainen <tss@iki.fi> parents: 6619 diff changeset	44 being changed by a db lookup */
d22888a77a1e Auth cache didn't work for usernames that got translated internally. Timo Sirainen <tss@iki.fi> parents: 6619 diff changeset	45 const char *translated_username;
8766 888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames. Timo Sirainen <tss@iki.fi> parents: 8765 diff changeset	46 /* realm for the request, may be specified by some auth mechanisms */
888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames. Timo Sirainen <tss@iki.fi> parents: 8765 diff changeset	47 const char *realm;
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	48 char mech_password; / set if verify_plain() is called */
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	49 char passdb_password; / set after password lookup if successful */
4033 7dbfff239206 Added comment Timo Sirainen <timo.sirainen@movial.fi> parents: 4030 diff changeset	50 /* extra_fields are returned in authentication reply. Fields prefixed
7dbfff239206 Added comment Timo Sirainen <timo.sirainen@movial.fi> parents: 4030 diff changeset	51 with "userdb_" are skipped. If prefetch userdb is used, it uses
7dbfff239206 Added comment Timo Sirainen <timo.sirainen@movial.fi> parents: 4030 diff changeset	52 the "userdb_" prefixed fields. */
3520 e2fe8222449d s/occured/occurred/ Timo Sirainen <tss@iki.fi> parents: 3338 diff changeset	53 struct auth_stream_reply *extra_fields;
5129 9b1a90eddfd0 Special extra_fields weren't saved to auth cache. This was especially Timo Sirainen <tss@iki.fi> parents: 4955 diff changeset	54 /* extra_fields that aren't supposed to be sent to the client, but
9b1a90eddfd0 Special extra_fields weren't saved to auth cache. This was especially Timo Sirainen <tss@iki.fi> parents: 4955 diff changeset	55 are supposed to be stored to auth cache. */
9b1a90eddfd0 Special extra_fields weren't saved to auth cache. This was especially Timo Sirainen <tss@iki.fi> parents: 4955 diff changeset	56 struct auth_stream_reply *extra_cache_fields;
5872 93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	57 /* the whole userdb result reply */
93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	58 struct auth_stream_reply *userdb_reply;
14222 f5aa38f0a9ac lib-dns: dns_lookup() returns now the lookup struct, and it can be aborted. Timo Sirainen <tss@iki.fi> parents: 14163 diff changeset	59 struct auth_request_proxy_dns_lookup_ctx *dns_lookup_ctx;
14565 d6f06ce44b0b auth: If user is disabled or password expired, tell about it to auth-client. Timo Sirainen <tss@iki.fi> parents: 14525 diff changeset	60 /* Result of passdb lookup */
d6f06ce44b0b auth: If user is disabled or password expired, tell about it to auth-client. Timo Sirainen <tss@iki.fi> parents: 14525 diff changeset	61 enum passdb_result passdb_result;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	62
5788 bdb16967be64 Further const'ification of struct mech_module. Andrey Panin <pazke@donpac.ru> parents: 5598 diff changeset	63 const struct mech_module *mech;
10903 6e639833c3fc auth: Initial support for per-protocol auth settings. Timo Sirainen <tss@iki.fi> parents: 10757 diff changeset	64 const struct auth_settings *set;
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	65 struct auth_passdb *passdb;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	66 struct auth_userdb *userdb;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	67
11497 94f78f415811 auth: Removed unnecessary auth_request callback and context uses. Timo Sirainen <tss@iki.fi> parents: 11456 diff changeset	68 /* passdb lookups have a handler, userdb lookups don't */
94f78f415811 auth: Removed unnecessary auth_request callback and context uses. Timo Sirainen <tss@iki.fi> parents: 11456 diff changeset	69 struct auth_request_handler *handler;
94f78f415811 auth: Removed unnecessary auth_request callback and context uses. Timo Sirainen <tss@iki.fi> parents: 11456 diff changeset	70 struct auth_master_connection *master;
94f78f415811 auth: Removed unnecessary auth_request callback and context uses. Timo Sirainen <tss@iki.fi> parents: 11456 diff changeset	71
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	72 unsigned int connect_uid;
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	73 unsigned int client_pid;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	74 unsigned int id;
5586 dad0e22b735a Changed auth_request->created to last_access and update it a bit more often. Timo Sirainen <tss@iki.fi> parents: 5475 diff changeset	75 time_t last_access;
15049 aa6027a0a78e Added support to perform token-based service process authentication. Stephan Bosch <stephan@rename-it.nl> parents: 14840 diff changeset	76 pid_t session_pid;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	77
14525 629afda8e29d auth: Include session ID in log line prefix. Timo Sirainen <tss@iki.fi> parents: 14382 diff changeset	78 const char service, mech_name, *session_id;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	79 struct ip_addr local_ip, remote_ip;
5882 40ce533c88f9 Send local/remote ports to dovecot-auth. They're now in %a and %b variables. Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	80 unsigned int local_port, remote_port;
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	81
10757 d3697efd18f3 auth: Don't loop through active requests every 5 seconds, looking for timeouts. Timo Sirainen <tss@iki.fi> parents: 10585 diff changeset	82 struct timeout to_abort, to_penalty;
10301 fbff8ca77d2e auth: Added auth failure penalty tracking based on remote IP address. Timo Sirainen <tss@iki.fi> parents: 8766 diff changeset	83 unsigned int last_penalty;
fbff8ca77d2e auth: Added auth failure penalty tracking based on remote IP address. Timo Sirainen <tss@iki.fi> parents: 8766 diff changeset	84 unsigned int initial_response_len;
fbff8ca77d2e auth: Added auth failure penalty tracking based on remote IP address. Timo Sirainen <tss@iki.fi> parents: 8766 diff changeset	85 const unsigned char *initial_response;
fbff8ca77d2e auth: Added auth failure penalty tracking based on remote IP address. Timo Sirainen <tss@iki.fi> parents: 8766 diff changeset	86
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	87 union {
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	88 verify_plain_callback_t *verify_plain;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3161 diff changeset	89 lookup_credentials_callback_t *lookup_credentials;
4782 2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	90 set_credentials_callback_t *set_credentials;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3161 diff changeset	91 userdb_callback_t *userdb;
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	92 } private_callback;
5593 f8dc0bdb06a7 Removed enum passdb_credentials. Use scheme strings directly instead. This Timo Sirainen <tss@iki.fi> parents: 5586 diff changeset	93 const char *credentials_scheme;
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	94
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	95 void *context;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	96
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	97 unsigned int successful:1;
4078 265655f270df Added "allow_nets" extra field. If set, the user can log in only from Timo Sirainen <timo.sirainen@movial.fi> parents: 4054 diff changeset	98 unsigned int passdb_failure:1;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	99 unsigned int internal_failure:1;
12489 627aeadb0955 auth: passdb credentials lookup fix when using multiple passdbs. Timo Sirainen <tss@iki.fi> parents: 12211 diff changeset	100 unsigned int passdb_user_unknown:1;
3606 8a8352cda514 If passdb lookup fails with internal error, try other passdbs anyway before Timo Sirainen <tss@iki.fi> parents: 3520 diff changeset	101 unsigned int passdb_internal_failure:1;
4880 4ec6a4def05b We treated internal userdb lookup errors as "user unknown" errors. In such Timo Sirainen <tss@iki.fi> parents: 4782 diff changeset	102 unsigned int userdb_internal_failure:1;
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	103 unsigned int delayed_failure:1;
15173 ff66315076ce auth: Don't add proxy/pass fields when we're only authenticating (not logging in). Timo Sirainen <tss@iki.fi> parents: 15162 diff changeset	104 unsigned int auth_only:1;
8766 888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames. Timo Sirainen <tss@iki.fi> parents: 8765 diff changeset	105 unsigned int domain_is_realm:1;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	106 unsigned int accept_input:1;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	107 unsigned int no_failure_delay:1;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	108 unsigned int no_login:1;
3669 09b5e002ad8a If passdb returned NULL password (ie. no password needed), it wasn't cached Timo Sirainen <tss@iki.fi> parents: 3635 diff changeset	109 unsigned int no_password:1;
4030 faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string. Timo Sirainen <timo.sirainen@movial.fi> parents: 3918 diff changeset	110 unsigned int skip_password_check:1;
8765 d69763bee853 auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme. Timo Sirainen <tss@iki.fi> parents: 8320 diff changeset	111 unsigned int prefer_plain_credentials:1;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	112 unsigned int proxy:1;
7122 fb03422c0760 Added "proxy_maybe" field. If it's used instead of "proxy" and the Timo Sirainen <tss@iki.fi> parents: 6658 diff changeset	113 unsigned int proxy_maybe:1;
14163 716769cfbb1d auth: Added proxy_always extra field. Timo Sirainen <tss@iki.fi> parents: 14155 diff changeset	114 unsigned int proxy_always:1;
14155 da43dc494753 auth: Handle proxy_maybe=yes with host=hostname properly. Timo Sirainen <tss@iki.fi> parents: 13765 diff changeset	115 unsigned int proxy_host_is_self:1;
8320 d49aa6720fb2 Added %k variable to display valid-client-cert status. It expands to "valid" or empty. Timo Sirainen <tss@iki.fi> parents: 8111 diff changeset	116 unsigned int valid_client_cert:1;
12812 bf6749d4db08 auth: Allow clients to specify that they want to skip auth penalty check. Timo Sirainen <tss@iki.fi> parents: 12794 diff changeset	117 unsigned int no_penalty:1;
3635 c12df370e1b2 Added ssl_username_from_cert setting. Not actually tested yet.. Timo Sirainen <tss@iki.fi> parents: 3606 diff changeset	118 unsigned int cert_username:1;
4955 f0cc5486696e Authentication cache caches now also userdb data. Code by Tommi Saviranta. Timo Sirainen <timo.sirainen@movial.fi> parents: 4880 diff changeset	119 unsigned int userdb_lookup:1;
5872 93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	120 unsigned int userdb_lookup_failed:1;
5260 0d72eb2ed8af Added %c variable which expands to "secured" with SSL/TLS/localhost. Timo Sirainen <tss@iki.fi> parents: 5153 diff changeset	121 unsigned int secured:1;
13765 f2608c3a64ee auth: If client gives "final-resp-ok" parameter, send it in OK reply with DIGEST-MD5, SCRAM-SHA-1 Timo Sirainen <tss@iki.fi> parents: 13728 diff changeset	122 unsigned int final_resp_ok:1;
12211 dfa2b49d8298 auth: Avoid crashing when finishing failed requests that already timed out. Timo Sirainen <tss@iki.fi> parents: 11498 diff changeset	123 unsigned int removed_from_handler:1;
3635 c12df370e1b2 Added ssl_username_from_cert setting. Not actually tested yet.. Timo Sirainen <tss@iki.fi> parents: 3606 diff changeset	124
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	125 /* ... mechanism specific data ... */
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	126 };
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	127
14155 da43dc494753 auth: Handle proxy_maybe=yes with host=hostname properly. Timo Sirainen <tss@iki.fi> parents: 13765 diff changeset	128 typedef void auth_request_proxy_cb_t(bool success, struct auth_request *);
da43dc494753 auth: Handle proxy_maybe=yes with host=hostname properly. Timo Sirainen <tss@iki.fi> parents: 13765 diff changeset	129
11255 90410a8f3786 auth: Minor code fix/cleanup. Timo Sirainen <tss@iki.fi> parents: 11251 diff changeset	130 extern unsigned int auth_request_state_count[AUTH_REQUEST_STATE_MAX];
14777 007bf0047ab0 auth: Added CACHE-FLUSH command to flush some/all users from auth cache. Timo Sirainen <tss@iki.fi> parents: 14565 diff changeset	131 #define AUTH_REQUEST_VAR_TAB_USER_IDX 0
007bf0047ab0 auth: Added CACHE-FLUSH command to flush some/all users from auth cache. Timo Sirainen <tss@iki.fi> parents: 14565 diff changeset	132 #define AUTH_REQUEST_VAR_TAB_USERNAME_IDX 1
007bf0047ab0 auth: Added CACHE-FLUSH command to flush some/all users from auth cache. Timo Sirainen <tss@iki.fi> parents: 14565 diff changeset	133 #define AUTH_REQUEST_VAR_TAB_DOMAIN_IDX 2
007bf0047ab0 auth: Added CACHE-FLUSH command to flush some/all users from auth cache. Timo Sirainen <tss@iki.fi> parents: 14565 diff changeset	134 #define AUTH_REQUEST_VAR_TAB_COUNT 19
14340 a090cbbe3008 auth: Fixed auth cache key generation to support %{long} variables Timo Sirainen <tss@iki.fi> parents: 14314 diff changeset	135 extern const struct var_expand_table auth_request_var_expand_static_tab[];
11251 6243376eff60 auth: If verbose_proctitle=yes, show auth request counts in ps. Timo Sirainen <tss@iki.fi> parents: 10903 diff changeset	136
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	137 struct auth_request *
11497 94f78f415811 auth: Removed unnecessary auth_request callback and context uses. Timo Sirainen <tss@iki.fi> parents: 11456 diff changeset	138 auth_request_new(const struct mech_module *mech);
10903 6e639833c3fc auth: Initial support for per-protocol auth settings. Timo Sirainen <tss@iki.fi> parents: 10757 diff changeset	139 struct auth_request *auth_request_new_dummy(void);
6e639833c3fc auth: Initial support for per-protocol auth settings. Timo Sirainen <tss@iki.fi> parents: 10757 diff changeset	140 void auth_request_init(struct auth_request *request);
6e639833c3fc auth: Initial support for per-protocol auth settings. Timo Sirainen <tss@iki.fi> parents: 10757 diff changeset	141 struct auth auth_request_get_auth(struct auth_request request);
6e639833c3fc auth: Initial support for per-protocol auth settings. Timo Sirainen <tss@iki.fi> parents: 10757 diff changeset	142
11251 6243376eff60 auth: If verbose_proctitle=yes, show auth request counts in ps. Timo Sirainen <tss@iki.fi> parents: 10903 diff changeset	143 void auth_request_set_state(struct auth_request *request,
6243376eff60 auth: If verbose_proctitle=yes, show auth request counts in ps. Timo Sirainen <tss@iki.fi> parents: 10903 diff changeset	144 enum auth_request_state state);
6243376eff60 auth: If verbose_proctitle=yes, show auth request counts in ps. Timo Sirainen <tss@iki.fi> parents: 10903 diff changeset	145
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	146 void auth_request_ref(struct auth_request *request);
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	147 void auth_request_unref(struct auth_request **request);
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	148
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	149 void auth_request_success(struct auth_request *request,
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	150 const void *data, size_t data_size);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	151 void auth_request_fail(struct auth_request *request);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	152 void auth_request_internal_failure(struct auth_request *request);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	153
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7123 diff changeset	154 void auth_request_export(struct auth_request *request,
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7123 diff changeset	155 struct auth_stream_reply *reply);
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3669 diff changeset	156 bool auth_request_import(struct auth_request *request,
55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3669 diff changeset	157 const char key, const char value);
13728 9a6aa717bc46 auth: Don't allow auth clients to set internal auth request fields. Timo Sirainen <tss@iki.fi> parents: 12812 diff changeset	158 bool auth_request_import_info(struct auth_request *request,
9a6aa717bc46 auth: Don't allow auth clients to set internal auth request fields. Timo Sirainen <tss@iki.fi> parents: 12812 diff changeset	159 const char key, const char value);
9a6aa717bc46 auth: Don't allow auth clients to set internal auth request fields. Timo Sirainen <tss@iki.fi> parents: 12812 diff changeset	160 bool auth_request_import_auth(struct auth_request *request,
9a6aa717bc46 auth: Don't allow auth clients to set internal auth request fields. Timo Sirainen <tss@iki.fi> parents: 12812 diff changeset	161 const char key, const char value);
15049 aa6027a0a78e Added support to perform token-based service process authentication. Stephan Bosch <stephan@rename-it.nl> parents: 14840 diff changeset	162 bool auth_request_import_master(struct auth_request *request,
aa6027a0a78e Added support to perform token-based service process authentication. Stephan Bosch <stephan@rename-it.nl> parents: 14840 diff changeset	163 const char key, const char value);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3161 diff changeset	164
10301 fbff8ca77d2e auth: Added auth failure penalty tracking based on remote IP address. Timo Sirainen <tss@iki.fi> parents: 8766 diff changeset	165 void auth_request_initial(struct auth_request *request);
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	166 void auth_request_continue(struct auth_request *request,
3071 c7db6b291daa API cleanup Timo Sirainen <tss@iki.fi> parents: 3069 diff changeset	167 const unsigned char *data, size_t data_size);
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	168
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	169 void auth_request_verify_plain(struct auth_request *request,
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	170 const char *password,
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	171 verify_plain_callback_t *callback);
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	172 void auth_request_lookup_credentials(struct auth_request *request,
5593 f8dc0bdb06a7 Removed enum passdb_credentials. Use scheme strings directly instead. This Timo Sirainen <tss@iki.fi> parents: 5586 diff changeset	173 const char *scheme,
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	174 lookup_credentials_callback_t *callback);
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	175 void auth_request_lookup_user(struct auth_request *request,
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3161 diff changeset	176 userdb_callback_t *callback);
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	177
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3669 diff changeset	178 bool auth_request_set_username(struct auth_request *request,
55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3669 diff changeset	179 const char username, const char *error_r);
4030 faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string. Timo Sirainen <timo.sirainen@movial.fi> parents: 3918 diff changeset	180 bool auth_request_set_login_username(struct auth_request *request,
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string. Timo Sirainen <timo.sirainen@movial.fi> parents: 3918 diff changeset	181 const char *username,
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string. Timo Sirainen <timo.sirainen@movial.fi> parents: 3918 diff changeset	182 const char **error_r);
3065 29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	183
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	184 void auth_request_set_field(struct auth_request *request,
3272 36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3185 diff changeset	185 const char name, const char value,
14629 c93ca5e46a8a Marked functions parameters that are allowed to be NULL. Some APIs were also changed. Timo Sirainen <tss@iki.fi> parents: 14576 diff changeset	186 const char *default_scheme) ATTR_NULL(4);
14314 e5ed29ef593e checkpassword: Escape transferred extra fields properly. Timo Sirainen <tss@iki.fi> parents: 14163 diff changeset	187 void auth_request_set_field_keyvalue(struct auth_request *request,
e5ed29ef593e checkpassword: Escape transferred extra fields properly. Timo Sirainen <tss@iki.fi> parents: 14163 diff changeset	188 const char *field,
14629 c93ca5e46a8a Marked functions parameters that are allowed to be NULL. Some APIs were also changed. Timo Sirainen <tss@iki.fi> parents: 14576 diff changeset	189 const char *default_scheme) ATTR_NULL(3);
5153 83f361144a8a Added auth_request_set_fields() and used it instead of duplicating the code Timo Sirainen <tss@iki.fi> parents: 5129 diff changeset	190 void auth_request_set_fields(struct auth_request *request,
83f361144a8a Added auth_request_set_fields() and used it instead of duplicating the code Timo Sirainen <tss@iki.fi> parents: 5129 diff changeset	191 const char const fields,
14629 c93ca5e46a8a Marked functions parameters that are allowed to be NULL. Some APIs were also changed. Timo Sirainen <tss@iki.fi> parents: 14576 diff changeset	192 const char *default_scheme) ATTR_NULL(3);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	193
5872 93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	194 void auth_request_init_userdb_reply(struct auth_request *request);
93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	195 void auth_request_set_userdb_field(struct auth_request *request,
93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	196 const char name, const char value);
93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	197 void auth_request_set_userdb_field_values(struct auth_request *request,
93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	198 const char *name,
93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	199 const char const values);
14155 da43dc494753 auth: Handle proxy_maybe=yes with host=hostname properly. Timo Sirainen <tss@iki.fi> parents: 13765 diff changeset	200 /* returns -1 = failed, 0 = callback is called later, 1 = finished */
da43dc494753 auth: Handle proxy_maybe=yes with host=hostname properly. Timo Sirainen <tss@iki.fi> parents: 13765 diff changeset	201 int auth_request_proxy_finish(struct auth_request *request,
da43dc494753 auth: Handle proxy_maybe=yes with host=hostname properly. Timo Sirainen <tss@iki.fi> parents: 13765 diff changeset	202 auth_request_proxy_cb_t *callback);
da43dc494753 auth: Handle proxy_maybe=yes with host=hostname properly. Timo Sirainen <tss@iki.fi> parents: 13765 diff changeset	203 void auth_request_proxy_finish_failure(struct auth_request *request);
5872 93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	204
10585 941511db13c3 Added auth_verbose_passwords = no\|plain\|sha1. Timo Sirainen <tss@iki.fi> parents: 10301 diff changeset	205 void auth_request_log_password_mismatch(struct auth_request *request,
941511db13c3 Added auth_verbose_passwords = no\|plain\|sha1. Timo Sirainen <tss@iki.fi> parents: 10301 diff changeset	206 const char *subsystem);
3918 40a461d554e6 Added auth_debug_passwords setting. If it's not enabled, hide all password Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	207 int auth_request_password_verify(struct auth_request *request,
40a461d554e6 Added auth_debug_passwords setting. If it's not enabled, hide all password Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	208 const char *plain_password,
40a461d554e6 Added auth_debug_passwords setting. If it's not enabled, hide all password Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	209 const char *crypted_password,
40a461d554e6 Added auth_debug_passwords setting. If it's not enabled, hide all password Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	210 const char scheme, const char subsystem);
40a461d554e6 Added auth_debug_passwords setting. If it's not enabled, hide all password Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	211
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	212 const struct var_expand_table *
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	213 auth_request_get_var_expand_table(const struct auth_request *auth_request,
14629 c93ca5e46a8a Marked functions parameters that are allowed to be NULL. Some APIs were also changed. Timo Sirainen <tss@iki.fi> parents: 14576 diff changeset	214 auth_request_escape_func_t *escape_func)
c93ca5e46a8a Marked functions parameters that are allowed to be NULL. Some APIs were also changed. Timo Sirainen <tss@iki.fi> parents: 14576 diff changeset	215 ATTR_NULL(2);
15160 18c8d840b028 ldap auth: Update %variables after each field update. Timo Sirainen <tss@iki.fi> parents: 14777 diff changeset	216 struct var_expand_table *
18c8d840b028 ldap auth: Update %variables after each field update. Timo Sirainen <tss@iki.fi> parents: 14777 diff changeset	217 auth_request_get_var_expand_table_full(const struct auth_request *auth_request,
18c8d840b028 ldap auth: Update %variables after each field update. Timo Sirainen <tss@iki.fi> parents: 14777 diff changeset	218 auth_request_escape_func_t *escape_func,
15162 e3175ee39483 Merged changes from v2.1 tree. Timo Sirainen <tss@iki.fi> parents: 15049 15160 diff changeset	219 unsigned int *count) ATTR_NULL(2);
4295 4fc637010202 Escape SQL strings using sql_escape_string(). Fixes the problems with Timo Sirainen <tss@iki.fi> parents: 4078 diff changeset	220 const char auth_request_str_escape(const char string,
4fc637010202 Escape SQL strings using sql_escape_string(). Fixes the problems with Timo Sirainen <tss@iki.fi> parents: 4078 diff changeset	221 const struct auth_request *request);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	222
3069 131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	223 void auth_request_log_debug(struct auth_request *auth_request,
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	224 const char *subsystem,
6411 6a64e64fa3a3 Renamed __attr___ to ATTR_. Renamed __attrs_used__ to ATTRS_DEFINED. Timo Sirainen <tss@iki.fi> parents: 6410 diff changeset	225 const char *format, ...) ATTR_FORMAT(3, 4);
3069 131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	226 void auth_request_log_info(struct auth_request *auth_request,
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	227 const char *subsystem,
6411 6a64e64fa3a3 Renamed __attr___ to ATTR_. Renamed __attrs_used__ to ATTRS_DEFINED. Timo Sirainen <tss@iki.fi> parents: 6410 diff changeset	228 const char *format, ...) ATTR_FORMAT(3, 4);
12794 946d1cd3300b auth: Log a warning if ldap attribute has unexpectedly multiple values. Timo Sirainen <tss@iki.fi> parents: 12489 diff changeset	229 void auth_request_log_warning(struct auth_request *auth_request,
946d1cd3300b auth: Log a warning if ldap attribute has unexpectedly multiple values. Timo Sirainen <tss@iki.fi> parents: 12489 diff changeset	230 const char *subsystem,
14382 4ae85f573c93 Compiler warning fixes. Timo Sirainen <tss@iki.fi> parents: 14340 diff changeset	231 const char *format, ...) ATTR_FORMAT(3, 4);
3069 131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	232 void auth_request_log_error(struct auth_request *auth_request,
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	233 const char *subsystem,
6411 6a64e64fa3a3 Renamed __attr___ to ATTR_. Renamed __attrs_used__ to ATTRS_DEFINED. Timo Sirainen <tss@iki.fi> parents: 6410 diff changeset	234 const char *format, ...) ATTR_FORMAT(3, 4);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	235
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3161 diff changeset	236 void auth_request_verify_plain_callback(enum passdb_result result,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3161 diff changeset	237 struct auth_request *request);
5475 769aaaee6821 Reverted accidental commit. This code isn't ready yet. Timo Sirainen <tss@iki.fi> parents: 5462 diff changeset	238 void auth_request_lookup_credentials_callback(enum passdb_result result,
5598 971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	239 const unsigned char *credentials,
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	240 size_t size,
5475 769aaaee6821 Reverted accidental commit. This code isn't ready yet. Timo Sirainen <tss@iki.fi> parents: 5462 diff changeset	241 struct auth_request *request);
4782 2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	242 void auth_request_set_credentials(struct auth_request *request,
5593 f8dc0bdb06a7 Removed enum passdb_credentials. Use scheme strings directly instead. This Timo Sirainen <tss@iki.fi> parents: 5586 diff changeset	243 const char scheme, const char data,
4782 2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	244 set_credentials_callback_t *callback);
4880 4ec6a4def05b We treated internal userdb lookup errors as "user unknown" errors. In such Timo Sirainen <tss@iki.fi> parents: 4782 diff changeset	245 void auth_request_userdb_callback(enum userdb_result result,
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	246 struct auth_request *request);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3161 diff changeset	247
10757 d3697efd18f3 auth: Don't loop through active requests every 5 seconds, looking for timeouts. Timo Sirainen <tss@iki.fi> parents: 10585 diff changeset	248 void auth_request_refresh_last_access(struct auth_request *request);
d3697efd18f3 auth: Don't loop through active requests every 5 seconds, looking for timeouts. Timo Sirainen <tss@iki.fi> parents: 10585 diff changeset	249
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	250 #endif

Mercurial > dovecot > core-2.2

annotate src/auth/auth-request.h @ 15187:02451e967a06