Mercurial > dovecot > core-2.2
annotate src/auth/auth-request.h @ 11497:94f78f415811 HEAD
auth: Removed unnecessary auth_request callback and context uses.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 08 Jun 2010 18:47:24 +0100 |
parents | 1e890076c4e9 |
children | 190a5278e58b |
rev | line source |
---|---|
6410
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
5882
diff
changeset
|
1 #ifndef AUTH_REQUEST_H |
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
5882
diff
changeset
|
2 #define AUTH_REQUEST_H |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 #include "network.h" |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "mech.h" |
3068 | 6 #include "userdb.h" |
7 #include "passdb.h" | |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 struct auth_client_connection; |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 |
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
11 enum auth_request_state { |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
12 AUTH_REQUEST_STATE_NEW, |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
13 AUTH_REQUEST_STATE_PASSDB, |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
14 AUTH_REQUEST_STATE_MECH_CONTINUE, |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
15 AUTH_REQUEST_STATE_FINISHED, |
11251
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
16 AUTH_REQUEST_STATE_USERDB, |
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
17 |
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
18 AUTH_REQUEST_STATE_MAX |
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
19 }; |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
20 |
4295
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
21 typedef const char * |
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
22 auth_request_escape_func_t(const char *string, |
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
23 const struct auth_request *auth_request); |
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
24 |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 struct auth_request { |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 int refcount; |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 pool_t pool; |
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
29 enum auth_request_state state; |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
30 /* user contains the user who is being authenticated. |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
31 When master user is logging in as someone else, it gets more |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
32 complicated. Initially user is set to master's username and the |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
33 requested_login_user is set to destination username. After masterdb |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
34 has validated user as a valid master user, master_user is set to |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
35 user and user is set to requested_login_user. */ |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
36 char *user, *requested_login_user, *master_user; |
4054
f83d7d14b999
Digest-MD5 logins didn't work if passdb changed username.
Timo Sirainen <tss@iki.fi>
parents:
4033
diff
changeset
|
37 /* original_username contains the username exactly as given by the |
f83d7d14b999
Digest-MD5 logins didn't work if passdb changed username.
Timo Sirainen <tss@iki.fi>
parents:
4033
diff
changeset
|
38 client. this is needed at least with DIGEST-MD5 for password |
6619
2a36e7d9ddb6
Don't keep master username in original_username.
Timo Sirainen <tss@iki.fi>
parents:
6411
diff
changeset
|
39 verification. however with master logins the master username has |
2a36e7d9ddb6
Don't keep master username in original_username.
Timo Sirainen <tss@iki.fi>
parents:
6411
diff
changeset
|
40 been dropped from it. */ |
4054
f83d7d14b999
Digest-MD5 logins didn't work if passdb changed username.
Timo Sirainen <tss@iki.fi>
parents:
4033
diff
changeset
|
41 const char *original_username; |
6658
d22888a77a1e
Auth cache didn't work for usernames that got translated internally.
Timo Sirainen <tss@iki.fi>
parents:
6619
diff
changeset
|
42 /* the username after doing all internal translations, but before |
d22888a77a1e
Auth cache didn't work for usernames that got translated internally.
Timo Sirainen <tss@iki.fi>
parents:
6619
diff
changeset
|
43 being changed by a db lookup */ |
d22888a77a1e
Auth cache didn't work for usernames that got translated internally.
Timo Sirainen <tss@iki.fi>
parents:
6619
diff
changeset
|
44 const char *translated_username; |
8766
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
45 /* realm for the request, may be specified by some auth mechanisms */ |
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
46 const char *realm; |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
47 char *mech_password; /* set if verify_plain() is called */ |
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
48 char *passdb_password; /* set after password lookup if successful */ |
4033 | 49 /* extra_fields are returned in authentication reply. Fields prefixed |
50 with "userdb_" are skipped. If prefetch userdb is used, it uses | |
51 the "userdb_" prefixed fields. */ | |
3520 | 52 struct auth_stream_reply *extra_fields; |
5129
9b1a90eddfd0
Special extra_fields weren't saved to auth cache. This was especially
Timo Sirainen <tss@iki.fi>
parents:
4955
diff
changeset
|
53 /* extra_fields that aren't supposed to be sent to the client, but |
9b1a90eddfd0
Special extra_fields weren't saved to auth cache. This was especially
Timo Sirainen <tss@iki.fi>
parents:
4955
diff
changeset
|
54 are supposed to be stored to auth cache. */ |
9b1a90eddfd0
Special extra_fields weren't saved to auth cache. This was especially
Timo Sirainen <tss@iki.fi>
parents:
4955
diff
changeset
|
55 struct auth_stream_reply *extra_cache_fields; |
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
56 /* the whole userdb result reply */ |
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
57 struct auth_stream_reply *userdb_reply; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 |
5788
bdb16967be64
Further const'ification of struct mech_module.
Andrey Panin <pazke@donpac.ru>
parents:
5598
diff
changeset
|
59 const struct mech_module *mech; |
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10757
diff
changeset
|
60 const struct auth_settings *set; |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
61 struct auth_passdb *passdb; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
62 struct auth_userdb *userdb; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 |
11497
94f78f415811
auth: Removed unnecessary auth_request callback and context uses.
Timo Sirainen <tss@iki.fi>
parents:
11456
diff
changeset
|
64 /* passdb lookups have a handler, userdb lookups don't */ |
94f78f415811
auth: Removed unnecessary auth_request callback and context uses.
Timo Sirainen <tss@iki.fi>
parents:
11456
diff
changeset
|
65 struct auth_request_handler *handler; |
94f78f415811
auth: Removed unnecessary auth_request callback and context uses.
Timo Sirainen <tss@iki.fi>
parents:
11456
diff
changeset
|
66 struct auth_master_connection *master; |
94f78f415811
auth: Removed unnecessary auth_request callback and context uses.
Timo Sirainen <tss@iki.fi>
parents:
11456
diff
changeset
|
67 |
3074 | 68 unsigned int connect_uid; |
69 unsigned int client_pid; | |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 unsigned int id; |
5586
dad0e22b735a
Changed auth_request->created to last_access and update it a bit more often.
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
71 time_t last_access; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 |
8111
d49bdda63506
auth: %m variable didn't work with blocking passdbs
Timo Sirainen <tss@iki.fi>
parents:
7388
diff
changeset
|
73 const char *service, *mech_name; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 struct ip_addr local_ip, remote_ip; |
5882
40ce533c88f9
Send local/remote ports to dovecot-auth. They're now in %a and %b variables.
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
75 unsigned int local_port, remote_port; |
3074 | 76 |
10757
d3697efd18f3
auth: Don't loop through active requests every 5 seconds, looking for timeouts.
Timo Sirainen <tss@iki.fi>
parents:
10585
diff
changeset
|
77 struct timeout *to_abort, *to_penalty; |
10301
fbff8ca77d2e
auth: Added auth failure penalty tracking based on remote IP address.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
78 unsigned int last_penalty; |
fbff8ca77d2e
auth: Added auth failure penalty tracking based on remote IP address.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
79 unsigned int initial_response_len; |
fbff8ca77d2e
auth: Added auth failure penalty tracking based on remote IP address.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
80 const unsigned char *initial_response; |
fbff8ca77d2e
auth: Added auth failure penalty tracking based on remote IP address.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
81 |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
82 union { |
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
83 verify_plain_callback_t *verify_plain; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
84 lookup_credentials_callback_t *lookup_credentials; |
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
85 set_credentials_callback_t *set_credentials; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
86 userdb_callback_t *userdb; |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
87 } private_callback; |
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5586
diff
changeset
|
88 const char *credentials_scheme; |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
89 |
3074 | 90 void *context; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 unsigned int successful:1; |
4078
265655f270df
Added "allow_nets" extra field. If set, the user can log in only from
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4054
diff
changeset
|
93 unsigned int passdb_failure:1; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 unsigned int internal_failure:1; |
3606
8a8352cda514
If passdb lookup fails with internal error, try other passdbs anyway before
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
95 unsigned int passdb_internal_failure:1; |
4880
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4782
diff
changeset
|
96 unsigned int userdb_internal_failure:1; |
3074 | 97 unsigned int delayed_failure:1; |
8766
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
98 unsigned int domain_is_realm:1; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 unsigned int accept_input:1; |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 unsigned int no_failure_delay:1; |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
101 unsigned int no_login:1; |
3669
09b5e002ad8a
If passdb returned NULL password (ie. no password needed), it wasn't cached
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
102 unsigned int no_password:1; |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
103 unsigned int skip_password_check:1; |
8765
d69763bee853
auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents:
8320
diff
changeset
|
104 unsigned int prefer_plain_credentials:1; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 unsigned int proxy:1; |
7122
fb03422c0760
Added "proxy_maybe" field. If it's used instead of "proxy" and the
Timo Sirainen <tss@iki.fi>
parents:
6658
diff
changeset
|
106 unsigned int proxy_maybe:1; |
8320
d49aa6720fb2
Added %k variable to display valid-client-cert status. It expands to "valid" or empty.
Timo Sirainen <tss@iki.fi>
parents:
8111
diff
changeset
|
107 unsigned int valid_client_cert:1; |
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3606
diff
changeset
|
108 unsigned int cert_username:1; |
4955
f0cc5486696e
Authentication cache caches now also userdb data. Code by Tommi Saviranta.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4880
diff
changeset
|
109 unsigned int userdb_lookup:1; |
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
110 unsigned int userdb_lookup_failed:1; |
5260
0d72eb2ed8af
Added %c variable which expands to "secured" with SSL/TLS/localhost.
Timo Sirainen <tss@iki.fi>
parents:
5153
diff
changeset
|
111 unsigned int secured:1; |
11456
1e890076c4e9
auth: Fixes to destroying pending async userdb requests at deinit.
Timo Sirainen <tss@iki.fi>
parents:
11255
diff
changeset
|
112 unsigned int destroyed:1; |
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3606
diff
changeset
|
113 |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 /* ... mechanism specific data ... */ |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 }; |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 |
11255 | 117 extern unsigned int auth_request_state_count[AUTH_REQUEST_STATE_MAX]; |
11251
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
118 |
3074 | 119 struct auth_request * |
11497
94f78f415811
auth: Removed unnecessary auth_request callback and context uses.
Timo Sirainen <tss@iki.fi>
parents:
11456
diff
changeset
|
120 auth_request_new(const struct mech_module *mech); |
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10757
diff
changeset
|
121 struct auth_request *auth_request_new_dummy(void); |
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10757
diff
changeset
|
122 void auth_request_init(struct auth_request *request); |
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10757
diff
changeset
|
123 struct auth *auth_request_get_auth(struct auth_request *request); |
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10757
diff
changeset
|
124 |
11251
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
125 void auth_request_set_state(struct auth_request *request, |
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
126 enum auth_request_state state); |
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
127 |
3074 | 128 void auth_request_ref(struct auth_request *request); |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
129 void auth_request_unref(struct auth_request **request); |
3074 | 130 |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
131 void auth_request_success(struct auth_request *request, |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 const void *data, size_t data_size); |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
133 void auth_request_fail(struct auth_request *request); |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 void auth_request_internal_failure(struct auth_request *request); |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
135 |
7388
08d31d752893
Use auth-stream API to build all TAB-delimited strings to make sure strings
Timo Sirainen <tss@iki.fi>
parents:
7123
diff
changeset
|
136 void auth_request_export(struct auth_request *request, |
08d31d752893
Use auth-stream API to build all TAB-delimited strings to make sure strings
Timo Sirainen <tss@iki.fi>
parents:
7123
diff
changeset
|
137 struct auth_stream_reply *reply); |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
138 bool auth_request_import(struct auth_request *request, |
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
139 const char *key, const char *value); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
140 |
10301
fbff8ca77d2e
auth: Added auth failure penalty tracking based on remote IP address.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
141 void auth_request_initial(struct auth_request *request); |
3068 | 142 void auth_request_continue(struct auth_request *request, |
3071 | 143 const unsigned char *data, size_t data_size); |
3068 | 144 |
145 void auth_request_verify_plain(struct auth_request *request, | |
146 const char *password, | |
147 verify_plain_callback_t *callback); | |
148 void auth_request_lookup_credentials(struct auth_request *request, | |
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5586
diff
changeset
|
149 const char *scheme, |
3068 | 150 lookup_credentials_callback_t *callback); |
151 void auth_request_lookup_user(struct auth_request *request, | |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
152 userdb_callback_t *callback); |
3068 | 153 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
154 bool auth_request_set_username(struct auth_request *request, |
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
155 const char *username, const char **error_r); |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
156 bool auth_request_set_login_username(struct auth_request *request, |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
157 const char *username, |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
158 const char **error_r); |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
159 |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
160 void auth_request_set_field(struct auth_request *request, |
3272
36db3285f4a7
Try to keep scheme always included in auth_request->passdb_password.
Timo Sirainen <tss@iki.fi>
parents:
3185
diff
changeset
|
161 const char *name, const char *value, |
36db3285f4a7
Try to keep scheme always included in auth_request->passdb_password.
Timo Sirainen <tss@iki.fi>
parents:
3185
diff
changeset
|
162 const char *default_scheme); |
5153
83f361144a8a
Added auth_request_set_fields() and used it instead of duplicating the code
Timo Sirainen <tss@iki.fi>
parents:
5129
diff
changeset
|
163 void auth_request_set_fields(struct auth_request *request, |
83f361144a8a
Added auth_request_set_fields() and used it instead of duplicating the code
Timo Sirainen <tss@iki.fi>
parents:
5129
diff
changeset
|
164 const char *const *fields, |
83f361144a8a
Added auth_request_set_fields() and used it instead of duplicating the code
Timo Sirainen <tss@iki.fi>
parents:
5129
diff
changeset
|
165 const char *default_scheme); |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 |
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
167 void auth_request_init_userdb_reply(struct auth_request *request); |
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
168 void auth_request_set_userdb_field(struct auth_request *request, |
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
169 const char *name, const char *value); |
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
170 void auth_request_set_userdb_field_values(struct auth_request *request, |
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
171 const char *name, |
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
172 const char *const *values); |
7123
25e7c37c7c10
If proxy user has a password and authentication fails, don't return the
Timo Sirainen <tss@iki.fi>
parents:
7122
diff
changeset
|
173 void auth_request_proxy_finish(struct auth_request *request, bool success); |
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
174 |
10585
941511db13c3
Added auth_verbose_passwords = no|plain|sha1.
Timo Sirainen <tss@iki.fi>
parents:
10301
diff
changeset
|
175 void auth_request_log_password_mismatch(struct auth_request *request, |
941511db13c3
Added auth_verbose_passwords = no|plain|sha1.
Timo Sirainen <tss@iki.fi>
parents:
10301
diff
changeset
|
176 const char *subsystem); |
3918
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
177 int auth_request_password_verify(struct auth_request *request, |
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
178 const char *plain_password, |
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
179 const char *crypted_password, |
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
180 const char *scheme, const char *subsystem); |
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
181 |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
182 const struct var_expand_table * |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
183 auth_request_get_var_expand_table(const struct auth_request *auth_request, |
4295
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
184 auth_request_escape_func_t *escape_func); |
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
185 const char *auth_request_str_escape(const char *string, |
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
186 const struct auth_request *request); |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
187 |
3069 | 188 void auth_request_log_debug(struct auth_request *auth_request, |
189 const char *subsystem, | |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
190 const char *format, ...) ATTR_FORMAT(3, 4); |
3069 | 191 void auth_request_log_info(struct auth_request *auth_request, |
192 const char *subsystem, | |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
193 const char *format, ...) ATTR_FORMAT(3, 4); |
3069 | 194 void auth_request_log_error(struct auth_request *auth_request, |
195 const char *subsystem, | |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
196 const char *format, ...) ATTR_FORMAT(3, 4); |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
198 void auth_request_verify_plain_callback(enum passdb_result result, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
199 struct auth_request *request); |
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
200 void auth_request_lookup_credentials_callback(enum passdb_result result, |
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
201 const unsigned char *credentials, |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
202 size_t size, |
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
203 struct auth_request *request); |
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
204 void auth_request_set_credentials(struct auth_request *request, |
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5586
diff
changeset
|
205 const char *scheme, const char *data, |
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
206 set_credentials_callback_t *callback); |
4880
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4782
diff
changeset
|
207 void auth_request_userdb_callback(enum userdb_result result, |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
208 struct auth_request *request); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
209 |
10757
d3697efd18f3
auth: Don't loop through active requests every 5 seconds, looking for timeouts.
Timo Sirainen <tss@iki.fi>
parents:
10585
diff
changeset
|
210 void auth_request_refresh_last_access(struct auth_request *request); |
d3697efd18f3
auth: Don't loop through active requests every 5 seconds, looking for timeouts.
Timo Sirainen <tss@iki.fi>
parents:
10585
diff
changeset
|
211 |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 #endif |