Mercurial > dovecot > core-2.2
annotate src/auth/auth-request.h @ 8765:d69763bee853 HEAD
auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Sat, 21 Feb 2009 14:59:33 -0500 |
| parents | d49aa6720fb2 |
| children | 888f57b1bf9c |
| rev | line source |
|---|---|
|
6410
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
5882
diff
changeset
|
1 #ifndef AUTH_REQUEST_H |
|
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
5882
diff
changeset
|
2 #define AUTH_REQUEST_H |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 #include "network.h" |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "mech.h" |
| 3068 | 6 #include "userdb.h" |
| 7 #include "passdb.h" | |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 struct auth_client_connection; |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 |
|
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
11 enum auth_request_state { |
|
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
12 AUTH_REQUEST_STATE_NEW, |
|
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
13 AUTH_REQUEST_STATE_PASSDB, |
|
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
14 AUTH_REQUEST_STATE_MECH_CONTINUE, |
|
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
15 AUTH_REQUEST_STATE_FINISHED, |
|
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
16 AUTH_REQUEST_STATE_USERDB |
|
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
17 }; |
|
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
18 |
|
4295
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
19 typedef const char * |
|
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
20 auth_request_escape_func_t(const char *string, |
|
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
21 const struct auth_request *auth_request); |
|
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
22 |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 struct auth_request { |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 int refcount; |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 pool_t pool; |
|
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
27 enum auth_request_state state; |
|
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
28 /* user contains the user who is being authenticated. |
|
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
29 When master user is logging in as someone else, it gets more |
|
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
30 complicated. Initially user is set to master's username and the |
|
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
31 requested_login_user is set to destination username. After masterdb |
|
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
32 has validated user as a valid master user, master_user is set to |
|
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
33 user and user is set to requested_login_user. */ |
|
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
34 char *user, *requested_login_user, *master_user; |
|
4054
f83d7d14b999
Digest-MD5 logins didn't work if passdb changed username.
Timo Sirainen <tss@iki.fi>
parents:
4033
diff
changeset
|
35 /* original_username contains the username exactly as given by the |
|
f83d7d14b999
Digest-MD5 logins didn't work if passdb changed username.
Timo Sirainen <tss@iki.fi>
parents:
4033
diff
changeset
|
36 client. this is needed at least with DIGEST-MD5 for password |
|
6619
2a36e7d9ddb6
Don't keep master username in original_username.
Timo Sirainen <tss@iki.fi>
parents:
6411
diff
changeset
|
37 verification. however with master logins the master username has |
|
2a36e7d9ddb6
Don't keep master username in original_username.
Timo Sirainen <tss@iki.fi>
parents:
6411
diff
changeset
|
38 been dropped from it. */ |
|
4054
f83d7d14b999
Digest-MD5 logins didn't work if passdb changed username.
Timo Sirainen <tss@iki.fi>
parents:
4033
diff
changeset
|
39 const char *original_username; |
|
6658
d22888a77a1e
Auth cache didn't work for usernames that got translated internally.
Timo Sirainen <tss@iki.fi>
parents:
6619
diff
changeset
|
40 /* the username after doing all internal translations, but before |
|
d22888a77a1e
Auth cache didn't work for usernames that got translated internally.
Timo Sirainen <tss@iki.fi>
parents:
6619
diff
changeset
|
41 being changed by a db lookup */ |
|
d22888a77a1e
Auth cache didn't work for usernames that got translated internally.
Timo Sirainen <tss@iki.fi>
parents:
6619
diff
changeset
|
42 const char *translated_username; |
|
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
43 char *mech_password; /* set if verify_plain() is called */ |
|
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
44 char *passdb_password; /* set after password lookup if successful */ |
| 4033 | 45 /* extra_fields are returned in authentication reply. Fields prefixed |
| 46 with "userdb_" are skipped. If prefetch userdb is used, it uses | |
| 47 the "userdb_" prefixed fields. */ | |
| 3520 | 48 struct auth_stream_reply *extra_fields; |
|
5129
9b1a90eddfd0
Special extra_fields weren't saved to auth cache. This was especially
Timo Sirainen <tss@iki.fi>
parents:
4955
diff
changeset
|
49 /* extra_fields that aren't supposed to be sent to the client, but |
|
9b1a90eddfd0
Special extra_fields weren't saved to auth cache. This was especially
Timo Sirainen <tss@iki.fi>
parents:
4955
diff
changeset
|
50 are supposed to be stored to auth cache. */ |
|
9b1a90eddfd0
Special extra_fields weren't saved to auth cache. This was especially
Timo Sirainen <tss@iki.fi>
parents:
4955
diff
changeset
|
51 struct auth_stream_reply *extra_cache_fields; |
|
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
52 /* the whole userdb result reply */ |
|
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
53 struct auth_stream_reply *userdb_reply; |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 |
|
5788
bdb16967be64
Further const'ification of struct mech_module.
Andrey Panin <pazke@donpac.ru>
parents:
5598
diff
changeset
|
55 const struct mech_module *mech; |
|
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
56 struct auth *auth; |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
57 struct auth_passdb *passdb; |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
58 struct auth_userdb *userdb; |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 |
| 3074 | 60 unsigned int connect_uid; |
| 61 unsigned int client_pid; | |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 unsigned int id; |
|
5586
dad0e22b735a
Changed auth_request->created to last_access and update it a bit more often.
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
63 time_t last_access; |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
64 |
|
8111
d49bdda63506
auth: %m variable didn't work with blocking passdbs
Timo Sirainen <tss@iki.fi>
parents:
7388
diff
changeset
|
65 const char *service, *mech_name; |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
66 struct ip_addr local_ip, remote_ip; |
|
5882
40ce533c88f9
Send local/remote ports to dovecot-auth. They're now in %a and %b variables.
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
67 unsigned int local_port, remote_port; |
| 3074 | 68 |
|
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
69 union { |
|
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
70 verify_plain_callback_t *verify_plain; |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
71 lookup_credentials_callback_t *lookup_credentials; |
|
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
72 set_credentials_callback_t *set_credentials; |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
73 userdb_callback_t *userdb; |
|
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
74 } private_callback; |
|
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5586
diff
changeset
|
75 const char *credentials_scheme; |
|
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
76 |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
77 mech_callback_t *callback; |
| 3074 | 78 void *context; |
|
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3272
diff
changeset
|
79 struct auth_master_connection *master; |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 unsigned int successful:1; |
|
4078
265655f270df
Added "allow_nets" extra field. If set, the user can log in only from
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4054
diff
changeset
|
82 unsigned int passdb_failure:1; |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 unsigned int internal_failure:1; |
|
3606
8a8352cda514
If passdb lookup fails with internal error, try other passdbs anyway before
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
84 unsigned int passdb_internal_failure:1; |
|
4880
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4782
diff
changeset
|
85 unsigned int userdb_internal_failure:1; |
| 3074 | 86 unsigned int delayed_failure:1; |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 unsigned int accept_input:1; |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 unsigned int no_failure_delay:1; |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 unsigned int no_login:1; |
|
3669
09b5e002ad8a
If passdb returned NULL password (ie. no password needed), it wasn't cached
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
90 unsigned int no_password:1; |
|
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
91 unsigned int skip_password_check:1; |
|
8765
d69763bee853
auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents:
8320
diff
changeset
|
92 unsigned int prefer_plain_credentials:1; |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 unsigned int proxy:1; |
|
7122
fb03422c0760
Added "proxy_maybe" field. If it's used instead of "proxy" and the
Timo Sirainen <tss@iki.fi>
parents:
6658
diff
changeset
|
94 unsigned int proxy_maybe:1; |
|
8320
d49aa6720fb2
Added %k variable to display valid-client-cert status. It expands to "valid" or empty.
Timo Sirainen <tss@iki.fi>
parents:
8111
diff
changeset
|
95 unsigned int valid_client_cert:1; |
|
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3606
diff
changeset
|
96 unsigned int cert_username:1; |
|
4955
f0cc5486696e
Authentication cache caches now also userdb data. Code by Tommi Saviranta.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4880
diff
changeset
|
97 unsigned int userdb_lookup:1; |
|
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
98 unsigned int userdb_lookup_failed:1; |
|
5260
0d72eb2ed8af
Added %c variable which expands to "secured" with SSL/TLS/localhost.
Timo Sirainen <tss@iki.fi>
parents:
5153
diff
changeset
|
99 unsigned int secured:1; |
|
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3606
diff
changeset
|
100 |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
101 /* ... mechanism specific data ... */ |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 }; |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 |
| 3074 | 104 struct auth_request * |
|
5788
bdb16967be64
Further const'ification of struct mech_module.
Andrey Panin <pazke@donpac.ru>
parents:
5598
diff
changeset
|
105 auth_request_new(struct auth *auth, const struct mech_module *mech, |
| 3074 | 106 mech_callback_t *callback, void *context); |
|
3185
3089083e1d47
Handle USER requests from master connections.
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
107 struct auth_request *auth_request_new_dummy(struct auth *auth); |
| 3074 | 108 void auth_request_ref(struct auth_request *request); |
|
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
109 void auth_request_unref(struct auth_request **request); |
| 3074 | 110 |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 void auth_request_success(struct auth_request *request, |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 const void *data, size_t data_size); |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 void auth_request_fail(struct auth_request *request); |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 void auth_request_internal_failure(struct auth_request *request); |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 |
|
7388
08d31d752893
Use auth-stream API to build all TAB-delimited strings to make sure strings
Timo Sirainen <tss@iki.fi>
parents:
7123
diff
changeset
|
116 void auth_request_export(struct auth_request *request, |
|
08d31d752893
Use auth-stream API to build all TAB-delimited strings to make sure strings
Timo Sirainen <tss@iki.fi>
parents:
7123
diff
changeset
|
117 struct auth_stream_reply *reply); |
|
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
118 bool auth_request_import(struct auth_request *request, |
|
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
119 const char *key, const char *value); |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
120 |
| 3068 | 121 void auth_request_initial(struct auth_request *request, |
| 3071 | 122 const unsigned char *data, size_t data_size); |
| 3068 | 123 void auth_request_continue(struct auth_request *request, |
| 3071 | 124 const unsigned char *data, size_t data_size); |
| 3068 | 125 |
| 126 void auth_request_verify_plain(struct auth_request *request, | |
| 127 const char *password, | |
| 128 verify_plain_callback_t *callback); | |
| 129 void auth_request_lookup_credentials(struct auth_request *request, | |
|
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5586
diff
changeset
|
130 const char *scheme, |
| 3068 | 131 lookup_credentials_callback_t *callback); |
| 132 void auth_request_lookup_user(struct auth_request *request, | |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
133 userdb_callback_t *callback); |
| 3068 | 134 |
|
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
135 bool auth_request_set_username(struct auth_request *request, |
|
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
136 const char *username, const char **error_r); |
|
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
137 bool auth_request_set_login_username(struct auth_request *request, |
|
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
138 const char *username, |
|
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
139 const char **error_r); |
|
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
140 |
|
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
141 void auth_request_set_field(struct auth_request *request, |
|
3272
36db3285f4a7
Try to keep scheme always included in auth_request->passdb_password.
Timo Sirainen <tss@iki.fi>
parents:
3185
diff
changeset
|
142 const char *name, const char *value, |
|
36db3285f4a7
Try to keep scheme always included in auth_request->passdb_password.
Timo Sirainen <tss@iki.fi>
parents:
3185
diff
changeset
|
143 const char *default_scheme); |
|
5153
83f361144a8a
Added auth_request_set_fields() and used it instead of duplicating the code
Timo Sirainen <tss@iki.fi>
parents:
5129
diff
changeset
|
144 void auth_request_set_fields(struct auth_request *request, |
|
83f361144a8a
Added auth_request_set_fields() and used it instead of duplicating the code
Timo Sirainen <tss@iki.fi>
parents:
5129
diff
changeset
|
145 const char *const *fields, |
|
83f361144a8a
Added auth_request_set_fields() and used it instead of duplicating the code
Timo Sirainen <tss@iki.fi>
parents:
5129
diff
changeset
|
146 const char *default_scheme); |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
147 |
|
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
148 void auth_request_init_userdb_reply(struct auth_request *request); |
|
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
149 void auth_request_set_userdb_field(struct auth_request *request, |
|
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
150 const char *name, const char *value); |
|
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
151 void auth_request_set_userdb_field_values(struct auth_request *request, |
|
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
152 const char *name, |
|
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
153 const char *const *values); |
|
7123
25e7c37c7c10
If proxy user has a password and authentication fails, don't return the
Timo Sirainen <tss@iki.fi>
parents:
7122
diff
changeset
|
154 void auth_request_proxy_finish(struct auth_request *request, bool success); |
|
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
155 |
|
3918
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
156 int auth_request_password_verify(struct auth_request *request, |
|
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
157 const char *plain_password, |
|
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
158 const char *crypted_password, |
|
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
159 const char *scheme, const char *subsystem); |
|
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
160 |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 const struct var_expand_table * |
|
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
162 auth_request_get_var_expand_table(const struct auth_request *auth_request, |
|
4295
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
163 auth_request_escape_func_t *escape_func); |
|
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
164 const char *auth_request_str_escape(const char *string, |
|
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4078
diff
changeset
|
165 const struct auth_request *request); |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 |
| 3069 | 167 void auth_request_log_debug(struct auth_request *auth_request, |
| 168 const char *subsystem, | |
|
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
169 const char *format, ...) ATTR_FORMAT(3, 4); |
| 3069 | 170 void auth_request_log_info(struct auth_request *auth_request, |
| 171 const char *subsystem, | |
|
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
172 const char *format, ...) ATTR_FORMAT(3, 4); |
| 3069 | 173 void auth_request_log_error(struct auth_request *auth_request, |
| 174 const char *subsystem, | |
|
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6410
diff
changeset
|
175 const char *format, ...) ATTR_FORMAT(3, 4); |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
177 void auth_request_verify_plain_callback(enum passdb_result result, |
|
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
178 struct auth_request *request); |
|
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
179 void auth_request_lookup_credentials_callback(enum passdb_result result, |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
180 const unsigned char *credentials, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
181 size_t size, |
|
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
182 struct auth_request *request); |
|
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
183 void auth_request_set_credentials(struct auth_request *request, |
|
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5586
diff
changeset
|
184 const char *scheme, const char *data, |
|
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
185 set_credentials_callback_t *callback); |
|
4880
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4782
diff
changeset
|
186 void auth_request_userdb_callback(enum userdb_result result, |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
187 struct auth_request *request); |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
188 |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
189 #endif |