Mercurial > dovecot > core-2.2
annotate src/auth/auth-request.h @ 10757:d3697efd18f3 HEAD
auth: Don't loop through active requests every 5 seconds, looking for timeouts.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 19 Feb 2010 04:20:25 +0200 |
parents | 941511db13c3 |
children | 6e639833c3fc |
rev | line source |
---|---|
6410
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
5882
diff
changeset
|
1 #ifndef AUTH_REQUEST_H |
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
5882
diff
changeset
|
2 #define AUTH_REQUEST_H |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 #include "network.h" |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "mech.h" |
3068 | 6 #include "userdb.h" |
7 #include "passdb.h" | |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 struct auth_client_connection; |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 |
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
11 enum auth_request_state { |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
12 AUTH_REQUEST_STATE_NEW, |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
13 AUTH_REQUEST_STATE_PASSDB, |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
14 AUTH_REQUEST_STATE_MECH_CONTINUE, |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
15 AUTH_REQUEST_STATE_FINISHED, |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
16 AUTH_REQUEST_STATE_USERDB |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
17 }; |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
18 |
4295
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
19 typedef const char * |
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
20 auth_request_escape_func_t(const char *string, |
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
21 const struct auth_request *auth_request); |
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
22 |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 struct auth_request { |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 int refcount; |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 pool_t pool; |
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
27 enum auth_request_state state; |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
28 /* user contains the user who is being authenticated. |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
29 When master user is logging in as someone else, it gets more |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
30 complicated. Initially user is set to master's username and the |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
31 requested_login_user is set to destination username. After masterdb |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
32 has validated user as a valid master user, master_user is set to |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
33 user and user is set to requested_login_user. */ |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
34 char *user, *requested_login_user, *master_user; |
4054
f83d7d14b999
Digest-MD5 logins didn't work if passdb changed username.
Timo Sirainen <tss@iki.fi>
parents:
4033
diff
changeset
|
35 /* original_username contains the username exactly as given by the |
f83d7d14b999
Digest-MD5 logins didn't work if passdb changed username.
Timo Sirainen <tss@iki.fi>
parents:
4033
diff
changeset
|
36 client. this is needed at least with DIGEST-MD5 for password |
6619
2a36e7d9ddb6
Don't keep master username in original_username.
Timo Sirainen <tss@iki.fi>
parents:
6411
diff
changeset
|
37 verification. however with master logins the master username has |
2a36e7d9ddb6
Don't keep master username in original_username.
Timo Sirainen <tss@iki.fi>
parents:
6411
diff
changeset
|
38 been dropped from it. */ |
4054
f83d7d14b999
Digest-MD5 logins didn't work if passdb changed username.
Timo Sirainen <tss@iki.fi>
parents:
4033
diff
changeset
|
39 const char *original_username; |
6658
d22888a77a1e
Auth cache didn't work for usernames that got translated internally.
Timo Sirainen <tss@iki.fi>
parents:
6619
diff
changeset
|
40 /* the username after doing all internal translations, but before |
d22888a77a1e
Auth cache didn't work for usernames that got translated internally.
Timo Sirainen <tss@iki.fi>
parents:
6619
diff
changeset
|
41 being changed by a db lookup */ |
d22888a77a1e
Auth cache didn't work for usernames that got translated internally.
Timo Sirainen <tss@iki.fi>
parents:
6619
diff
changeset
|
42 const char *translated_username; |
8766
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
43 /* realm for the request, may be specified by some auth mechanisms */ |
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
44 const char *realm; |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
45 char *mech_password; /* set if verify_plain() is called */ |
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
46 char *passdb_password; /* set after password lookup if successful */ |
4033 | 47 /* extra_fields are returned in authentication reply. Fields prefixed |
48 with "userdb_" are skipped. If prefetch userdb is used, it uses | |
49 the "userdb_" prefixed fields. */ | |
3520 | 50 struct auth_stream_reply *extra_fields; |
5129
9b1a90eddfd0
Special extra_fields weren't saved to auth cache. This was especially
Timo Sirainen <tss@iki.fi>
parents:
4955
diff
changeset
|
51 /* extra_fields that aren't supposed to be sent to the client, but |
9b1a90eddfd0
Special extra_fields weren't saved to auth cache. This was especially
Timo Sirainen <tss@iki.fi>
parents:
4955
diff
changeset
|
52 are supposed to be stored to auth cache. */ |
9b1a90eddfd0
Special extra_fields weren't saved to auth cache. This was especially
Timo Sirainen <tss@iki.fi>
parents:
4955
diff
changeset
|
53 struct auth_stream_reply *extra_cache_fields; |
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
54 /* the whole userdb result reply */ |
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
55 struct auth_stream_reply *userdb_reply; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 |
5788
bdb16967be64
Further const'ification of struct mech_module.
Andrey Panin <pazke@donpac.ru>
parents:
5598
diff
changeset
|
57 const struct mech_module *mech; |
10757
d3697efd18f3
auth: Don't loop through active requests every 5 seconds, looking for timeouts.
Timo Sirainen <tss@iki.fi>
parents:
10585
diff
changeset
|
58 struct auth_request_handler *handler; |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
59 struct auth *auth; |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
60 struct auth_passdb *passdb; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
61 struct auth_userdb *userdb; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 |
3074 | 63 unsigned int connect_uid; |
64 unsigned int client_pid; | |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
65 unsigned int id; |
5586
dad0e22b735a
Changed auth_request->created to last_access and update it a bit more often.
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
66 time_t last_access; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
67 |
8111
d49bdda63506
auth: %m variable didn't work with blocking passdbs
Timo Sirainen <tss@iki.fi>
parents:
7388
diff
changeset
|
68 const char *service, *mech_name; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 struct ip_addr local_ip, remote_ip; |
5882
40ce533c88f9
Send local/remote ports to dovecot-auth. They're now in %a and %b variables.
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
70 unsigned int local_port, remote_port; |
3074 | 71 |
10757
d3697efd18f3
auth: Don't loop through active requests every 5 seconds, looking for timeouts.
Timo Sirainen <tss@iki.fi>
parents:
10585
diff
changeset
|
72 struct timeout *to_abort, *to_penalty; |
10301
fbff8ca77d2e
auth: Added auth failure penalty tracking based on remote IP address.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
73 unsigned int last_penalty; |
fbff8ca77d2e
auth: Added auth failure penalty tracking based on remote IP address.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
74 unsigned int initial_response_len; |
fbff8ca77d2e
auth: Added auth failure penalty tracking based on remote IP address.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
75 const unsigned char *initial_response; |
fbff8ca77d2e
auth: Added auth failure penalty tracking based on remote IP address.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
76 |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
77 union { |
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
78 verify_plain_callback_t *verify_plain; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
79 lookup_credentials_callback_t *lookup_credentials; |
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
80 set_credentials_callback_t *set_credentials; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
81 userdb_callback_t *userdb; |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
82 } private_callback; |
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5586
diff
changeset
|
83 const char *credentials_scheme; |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
84 |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 mech_callback_t *callback; |
3074 | 86 void *context; |
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3272
diff
changeset
|
87 struct auth_master_connection *master; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 unsigned int successful:1; |
4078
265655f270df
Added "allow_nets" extra field. If set, the user can log in only from
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4054
diff
changeset
|
90 unsigned int passdb_failure:1; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 unsigned int internal_failure:1; |
3606
8a8352cda514
If passdb lookup fails with internal error, try other passdbs anyway before
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
92 unsigned int passdb_internal_failure:1; |
4880
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4782
diff
changeset
|
93 unsigned int userdb_internal_failure:1; |
3074 | 94 unsigned int delayed_failure:1; |
8766
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
95 unsigned int domain_is_realm:1; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 unsigned int accept_input:1; |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 unsigned int no_failure_delay:1; |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 unsigned int no_login:1; |
3669
09b5e002ad8a
If passdb returned NULL password (ie. no password needed), it wasn't cached
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
99 unsigned int no_password:1; |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
100 unsigned int skip_password_check:1; |
8765
d69763bee853
auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents:
8320
diff
changeset
|
101 unsigned int prefer_plain_credentials:1; |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 unsigned int proxy:1; |
7122
fb03422c0760
Added "proxy_maybe" field. If it's used instead of "proxy" and the
Timo Sirainen <tss@iki.fi>
parents:
6658
diff
changeset
|
103 unsigned int proxy_maybe:1; |
8320
d49aa6720fb2
Added %k variable to display valid-client-cert status. It expands to "valid" or empty.
Timo Sirainen <tss@iki.fi>
parents:
8111
diff
changeset
|
104 unsigned int valid_client_cert:1; |
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3606
diff
changeset
|
105 unsigned int cert_username:1; |
4955
f0cc5486696e
Authentication cache caches now also userdb data. Code by Tommi Saviranta.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4880
diff
changeset
|
106 unsigned int userdb_lookup:1; |
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
107 unsigned int userdb_lookup_failed:1; |
5260
0d72eb2ed8af
Added %c variable which expands to "secured" with SSL/TLS/localhost.
Timo Sirainen <tss@iki.fi>
parents:
5153
diff
changeset
|
108 unsigned int secured:1; |
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3606
diff
changeset
|
109 |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 /* ... mechanism specific data ... */ |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 }; |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 |
3074 | 113 struct auth_request * |
5788
bdb16967be64
Further const'ification of struct mech_module.
Andrey Panin <pazke@donpac.ru>
parents:
5598
diff
changeset
|
114 auth_request_new(struct auth *auth, const struct mech_module *mech, |
3074 | 115 mech_callback_t *callback, void *context); |
3185
3089083e1d47
Handle USER requests from master connections.
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
116 struct auth_request *auth_request_new_dummy(struct auth *auth); |
3074 | 117 void auth_request_ref(struct auth_request *request); |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
118 void auth_request_unref(struct auth_request **request); |
3074 | 119 |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 void auth_request_success(struct auth_request *request, |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
121 const void *data, size_t data_size); |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 void auth_request_fail(struct auth_request *request); |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 void auth_request_internal_failure(struct auth_request *request); |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
124 |
7388
08d31d752893
Use auth-stream API to build all TAB-delimited strings to make sure strings
Timo Sirainen <tss@iki.fi>
parents:
7123
diff
changeset
|
125 void auth_request_export(struct auth_request *request, |
08d31d752893
Use auth-stream API to build all TAB-delimited strings to make sure strings
Timo Sirainen <tss@iki.fi>
parents:
7123
diff
changeset
|
126 struct auth_stream_reply *reply); |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
127 bool auth_request_import(struct auth_request *request, |
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
128 const char *key, const char *value); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
129 |
10301
fbff8ca77d2e
auth: Added auth failure penalty tracking based on remote IP address.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
130 void auth_request_initial(struct auth_request *request); |
3068 | 131 void auth_request_continue(struct auth_request *request, |
3071 | 132 const unsigned char *data, size_t data_size); |
3068 | 133 |
134 void auth_request_verify_plain(struct auth_request *request, | |
135 const char *password, | |
136 verify_plain_callback_t *callback); | |
137 void auth_request_lookup_credentials(struct auth_request *request, | |
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5586
diff
changeset
|
138 const char *scheme, |
3068 | 139 lookup_credentials_callback_t *callback); |
140 void auth_request_lookup_user(struct auth_request *request, | |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
141 userdb_callback_t *callback); |
3068 | 142 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
143 bool auth_request_set_username(struct auth_request *request, |
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
144 const char *username, const char **error_r); |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
145 bool auth_request_set_login_username(struct auth_request *request, |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
146 const char *username, |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
147 const char **error_r); |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
148 |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
149 void auth_request_set_field(struct auth_request *request, |
3272
36db3285f4a7
Try to keep scheme always included in auth_request->passdb_password.
Timo Sirainen <tss@iki.fi>
parents:
3185
diff
changeset
|
150 const char *name, const char *value, |
36db3285f4a7
Try to keep scheme always included in auth_request->passdb_password.
Timo Sirainen <tss@iki.fi>
parents:
3185
diff
changeset
|
151 const char *default_scheme); |
5153
83f361144a8a
Added auth_request_set_fields() and used it instead of duplicating the code
Timo Sirainen <tss@iki.fi>
parents:
5129
diff
changeset
|
152 void auth_request_set_fields(struct auth_request *request, |
83f361144a8a
Added auth_request_set_fields() and used it instead of duplicating the code
Timo Sirainen <tss@iki.fi>
parents:
5129
diff
changeset
|
153 const char *const *fields, |
83f361144a8a
Added auth_request_set_fields() and used it instead of duplicating the code
Timo Sirainen <tss@iki.fi>
parents:
5129
diff
changeset
|
154 const char *default_scheme); |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 |
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
156 void auth_request_init_userdb_reply(struct auth_request *request); |
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
157 void auth_request_set_userdb_field(struct auth_request *request, |
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
158 const char *name, const char *value); |
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
159 void auth_request_set_userdb_field_values(struct auth_request *request, |
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
160 const char *name, |
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
161 const char *const *values); |
7123
25e7c37c7c10
If proxy user has a password and authentication fails, don't return the
Timo Sirainen <tss@iki.fi>
parents:
7122
diff
changeset
|
162 void auth_request_proxy_finish(struct auth_request *request, bool success); |
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
163 |
10585
941511db13c3
Added auth_verbose_passwords = no|plain|sha1.
Timo Sirainen <tss@iki.fi>
parents:
10301
diff
changeset
|
164 void auth_request_log_password_mismatch(struct auth_request *request, |
941511db13c3
Added auth_verbose_passwords = no|plain|sha1.
Timo Sirainen <tss@iki.fi>
parents:
10301
diff
changeset
|
165 const char *subsystem); |
3918
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
166 int auth_request_password_verify(struct auth_request *request, |
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
167 const char *plain_password, |
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
168 const char *crypted_password, |
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
169 const char *scheme, const char *subsystem); |
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
170 |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
171 const struct var_expand_table * |
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
172 auth_request_get_var_expand_table(const struct auth_request *auth_request, |
4295
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
173 auth_request_escape_func_t *escape_func); |
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
174 const char *auth_request_str_escape(const char *string, |
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
175 const struct auth_request *request); |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 |
3069 | 177 void auth_request_log_debug(struct auth_request *auth_request, |
178 const char *subsystem, | |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
179 const char *format, ...) ATTR_FORMAT(3, 4); |
3069 | 180 void auth_request_log_info(struct auth_request *auth_request, |
181 const char *subsystem, | |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
182 const char *format, ...) ATTR_FORMAT(3, 4); |
3069 | 183 void auth_request_log_error(struct auth_request *auth_request, |
184 const char *subsystem, | |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
185 const char *format, ...) ATTR_FORMAT(3, 4); |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
186 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
187 void auth_request_verify_plain_callback(enum passdb_result result, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
188 struct auth_request *request); |
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
189 void auth_request_lookup_credentials_callback(enum passdb_result result, |
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
190 const unsigned char *credentials, |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
191 size_t size, |
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
192 struct auth_request *request); |
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
193 void auth_request_set_credentials(struct auth_request *request, |
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5586
diff
changeset
|
194 const char *scheme, const char *data, |
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
195 set_credentials_callback_t *callback); |
4880
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4782
diff
changeset
|
196 void auth_request_userdb_callback(enum userdb_result result, |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
197 struct auth_request *request); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
198 |
10757
d3697efd18f3
auth: Don't loop through active requests every 5 seconds, looking for timeouts.
Timo Sirainen <tss@iki.fi>
parents:
10585
diff
changeset
|
199 void auth_request_refresh_last_access(struct auth_request *request); |
d3697efd18f3
auth: Don't loop through active requests every 5 seconds, looking for timeouts.
Timo Sirainen <tss@iki.fi>
parents:
10585
diff
changeset
|
200 |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 #endif |