solanum/authd/provider.h

/* authd/provider.h - authentication provider framework
 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef __CHARYBDIS_AUTHD_PROVIDER_H__
#define __CHARYBDIS_AUTHD_PROVIDER_H__

#include "stdinc.h"
#include "authd.h"
#include "rb_dictionary.h"

#define MAX_PROVIDERS 32	/* This should be enough */

/* Registered providers */
typedef enum
{
	PROVIDER_RDNS,
	PROVIDER_IDENT,
	PROVIDER_BLACKLIST,
	PROVIDER_OPM,
} provider_t;

struct auth_client
{
	uint16_t cid;				/* Client ID */

	char l_ip[HOSTIPLEN + 1];		/* Listener IP address */
	uint16_t l_port;			/* Listener port */
	struct rb_sockaddr_storage l_addr;	/* Listener address/port */

	char c_ip[HOSTIPLEN + 1];		/* Client IP address */
	uint16_t c_port;			/* Client port */
	struct rb_sockaddr_storage c_addr;	/* Client address/port */

	char hostname[HOSTLEN + 1];		/* Used for DNS lookup */
	char username[USERLEN + 1];		/* Used for ident lookup */

	uint32_t providers;			/* Providers at work,
						 * none left when set to 0 */
	uint32_t providers_done;		/* Providers completed */
	bool providers_starting;		/* Providers are still warming up */

	void *data[MAX_PROVIDERS];		/* Provider-specific data slots */
	time_t timeout[MAX_PROVIDERS];		/* When to call timeout callback */
};

typedef bool (*provider_init_t)(void);
typedef void (*provider_destroy_t)(void);

typedef bool (*provider_start_t)(struct auth_client *);
typedef void (*provider_cancel_t)(struct auth_client *);
typedef void (*provider_timeout_t)(struct auth_client *);
typedef void (*provider_complete_t)(struct auth_client *, provider_t);

struct auth_stats_handler
{
	const char letter;
	authd_stat_handler handler;
};

struct auth_provider
{
	rb_dlink_node node;

	provider_t id;

	provider_init_t init;		/* Initalise the provider */
	provider_destroy_t destroy;	/* Terminate the provider */

	provider_start_t start;		/* Perform authentication */
	provider_cancel_t cancel;	/* Authentication cancelled */
	provider_timeout_t timeout;	/* Timeout callback */
	provider_complete_t completed;	/* Callback for when other performers complete (think dependency chains) */

	struct auth_stats_handler stats_handler;

	struct auth_opts_handler *opt_handlers;
};

extern struct auth_provider rdns_provider;
extern struct auth_provider ident_provider;
extern struct auth_provider blacklist_provider;
extern struct auth_provider opm_provider;

extern rb_dlink_list auth_providers;
extern rb_dictionary *auth_clients;

void load_provider(struct auth_provider *provider);
void unload_provider(struct auth_provider *provider);

void init_providers(void);
void destroy_providers(void);
void cancel_providers(struct auth_client *auth);

void provider_done(struct auth_client *auth, provider_t id);
void accept_client(struct auth_client *auth, provider_t id);
void reject_client(struct auth_client *auth, provider_t id, const char *data, const char *fmt, ...);

void handle_new_connection(int parc, char *parv[]);
void handle_cancel_connection(int parc, char *parv[]);

void *get_provider_data(struct auth_client *auth, uint32_t id);
void set_provider_data(struct auth_client *auth, uint32_t id, void *data);
void set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout);
void set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout);

/* Provider is operating on this auth_client (set this if you have async work to do) */
static inline void
set_provider_on(struct auth_client *auth, provider_t provider)
{
	auth->providers |= (1 << provider);
}

/* Provider is no longer operating on this auth client (you should use provider_done) */
static inline void
set_provider_off(struct auth_client *auth, provider_t provider)
{
	auth->providers &= ~(1 << provider);
}

/* Set the provider to done (you should use provider_done) */
static inline void
set_provider_done(struct auth_client *auth, provider_t provider)
{
	auth->providers_done |= (1 << provider);
}

/* Check if provider is operating on this auth client */
static inline bool
is_provider_on(struct auth_client *auth, provider_t provider)
{
	return auth->providers & (1 << provider);
}

static inline bool
is_provider_done(struct auth_client *auth, provider_t provider)
{
	return auth->providers_done & (1 << provider);
}

#endif /* __CHARYBDIS_AUTHD_PROVIDER_H__ */
rename auth.[ch] to provider.[ch] This name is less confusing and more descriptive. 2016-03-10 09:07:52 +00:00			`/* authd/provider.h - authentication provider framework`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`* Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>`
			`*`
			`* Permission to use, copy, modify, and/or distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice is present in all copies.`
			`*`
			* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
			`* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED`
			`* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE`
			`* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,`
			`* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES`
			`* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR`
			`* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)`
			`* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,`
			`* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING`
			`* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE`
			`* POSSIBILITY OF SUCH DAMAGE.`
			`*/`

rename auth.[ch] to provider.[ch] This name is less confusing and more descriptive. 2016-03-10 09:07:52 +00:00			`#ifndef __CHARYBDIS_AUTHD_PROVIDER_H__`
			`#define __CHARYBDIS_AUTHD_PROVIDER_H__`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00
			`#include "stdinc.h"`
authd/provider: add options handlers for providers This allows providers to create handlers for changing their configuration. 2016-03-26 04:04:00 +00:00			`#include "authd.h"`
authd/provider: overhaul storage of various pieces of data Clients are stored in a dictionary referenced by id (to allow for UINT32_MAX auth clients, which is plenty). Each provider now has a data slot (this limits the number of providers to 32 for now, but that's plenty for now) which they can use to attach data to auth_clients. This consolidates data, aids in debugging, and makes it easier to just pass around auth_client structures. 2016-03-23 00:13:54 +00:00			`#include "rb_dictionary.h"`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00
authd/provider: overhaul storage of various pieces of data Clients are stored in a dictionary referenced by id (to allow for UINT32_MAX auth clients, which is plenty). Each provider now has a data slot (this limits the number of providers to 32 for now, but that's plenty for now) which they can use to attach data to auth_clients. This consolidates data, aids in debugging, and makes it easier to just pass around auth_client structures. 2016-03-23 00:13:54 +00:00			`#define MAX_PROVIDERS 32 /* This should be enough */`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00
			`/* Registered providers */`
			`typedef enum`
			`{`
authd/provider: overhaul storage of various pieces of data Clients are stored in a dictionary referenced by id (to allow for UINT32_MAX auth clients, which is plenty). Each provider now has a data slot (this limits the number of providers to 32 for now, but that's plenty for now) which they can use to attach data to auth_clients. This consolidates data, aids in debugging, and makes it easier to just pass around auth_client structures. 2016-03-23 00:13:54 +00:00			`PROVIDER_RDNS,`
			`PROVIDER_IDENT,`
			`PROVIDER_BLACKLIST,`
authd/providers: add timeout callback system. This means that each provider no longer has to keep its own event; it can set a timeout and have a callbackinstead. 2016-03-30 22:20:27 +00:00			`PROVIDER_OPM,`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`} provider_t;`

			`struct auth_client`
			`{`
Revert "[ci skip] remove useless bit in auth.h" This reverts commit 4cc131fc4824db6e315be2509dfc046c7a359eb0. 2016-03-10 08:42:18 +00:00			`uint16_t cid; /* Client ID */`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00
Redo of the authd-framework branch. This is basically most of the code from the authd-framework branch, but written to the new DNS code in master. Not quite done yet but getting there. 2016-03-17 21:23:27 +00:00			`char l_ip[HOSTIPLEN + 1]; /* Listener IP address */`
			`uint16_t l_port; /* Listener port */`
authd/provider: add c_addr/l_addr fields Some providers consume these directly, so it's better to have a "cached" version that's already generated. 2016-03-23 23:56:29 +00:00			`struct rb_sockaddr_storage l_addr; /* Listener address/port */`
Redo of the authd-framework branch. This is basically most of the code from the authd-framework branch, but written to the new DNS code in master. Not quite done yet but getting there. 2016-03-17 21:23:27 +00:00
			`char c_ip[HOSTIPLEN + 1]; /* Client IP address */`
			`uint16_t c_port; /* Client port */`
authd/provider: add c_addr/l_addr fields Some providers consume these directly, so it's better to have a "cached" version that's already generated. 2016-03-23 23:56:29 +00:00			`struct rb_sockaddr_storage c_addr; /* Client address/port */`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00
authd/provider: use rb_sockaddr_storage for IP addresses. 2016-03-10 13:25:22 +00:00			`char hostname[HOSTLEN + 1]; /* Used for DNS lookup */`
Revert "[ci skip] remove useless bit in auth.h" This reverts commit 4cc131fc4824db6e315be2509dfc046c7a359eb0. 2016-03-10 08:42:18 +00:00			`char username[USERLEN + 1]; /* Used for ident lookup */`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00
authd/provider: overhaul storage of various pieces of data Clients are stored in a dictionary referenced by id (to allow for UINT32_MAX auth clients, which is plenty). Each provider now has a data slot (this limits the number of providers to 32 for now, but that's plenty for now) which they can use to attach data to auth_clients. This consolidates data, aids in debugging, and makes it easier to just pass around auth_client structures. 2016-03-23 00:13:54 +00:00			`uint32_t providers; /* Providers at work,`
Redo of the authd-framework branch. This is basically most of the code from the authd-framework branch, but written to the new DNS code in master. Not quite done yet but getting there. 2016-03-17 21:23:27 +00:00			`* none left when set to 0 */`
provider: make blacklist queries come after ident/rdns. 2016-03-26 01:46:58 +00:00			`uint32_t providers_done; /* Providers completed */`
authd/provider: forgot this file... 2016-03-27 01:33:21 +00:00			`bool providers_starting; /* Providers are still warming up */`
authd: add provider-specific data to auth_client via a dictionary. 2016-03-19 20:02:11 +00:00
authd/provider: overhaul storage of various pieces of data Clients are stored in a dictionary referenced by id (to allow for UINT32_MAX auth clients, which is plenty). Each provider now has a data slot (this limits the number of providers to 32 for now, but that's plenty for now) which they can use to attach data to auth_clients. This consolidates data, aids in debugging, and makes it easier to just pass around auth_client structures. 2016-03-23 00:13:54 +00:00			`void data[MAX_PROVIDERS]; / Provider-specific data slots */`
authd/providers: add timeout callback system. This means that each provider no longer has to keep its own event; it can set a timeout and have a callbackinstead. 2016-03-30 22:20:27 +00:00			`time_t timeout[MAX_PROVIDERS]; /* When to call timeout callback */`
Redo of the authd-framework branch. This is basically most of the code from the authd-framework branch, but written to the new DNS code in master. Not quite done yet but getting there. 2016-03-17 21:23:27 +00:00			`};`

			`typedef bool (*provider_init_t)(void);`
			`typedef void (*provider_destroy_t)(void);`

authd/provider: cleanups 2016-03-25 00:23:49 +00:00			`typedef bool (provider_start_t)(struct auth_client );`
			`typedef void (provider_cancel_t)(struct auth_client );`
authd/providers: add timeout callback system. This means that each provider no longer has to keep its own event; it can set a timeout and have a callbackinstead. 2016-03-30 22:20:27 +00:00			`typedef void (provider_timeout_t)(struct auth_client );`
authd/provider: add options handlers for providers This allows providers to create handlers for changing their configuration. 2016-03-26 04:04:00 +00:00			`typedef void (provider_complete_t)(struct auth_client , provider_t);`
authd/provider: cleanups 2016-03-25 00:23:49 +00:00
authd/provider: add stats handling hooking 2016-03-27 22:15:08 +00:00			`struct auth_stats_handler`
			`{`
			`const char letter;`
			`authd_stat_handler handler;`
			`};`

authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`struct auth_provider`
			`{`
authd: convert auth stuff to use a linked list. This allows runtime loadable providers. 2016-03-10 09:02:16 +00:00			`rb_dlink_node node;`

			`provider_t id;`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00
			`provider_init_t init; /* Initalise the provider */`
			`provider_destroy_t destroy; /* Terminate the provider */`

authd/provider: cleanups 2016-03-25 00:23:49 +00:00			`provider_start_t start; /* Perform authentication */`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`provider_cancel_t cancel; /* Authentication cancelled */`
authd/providers: add timeout callback system. This means that each provider no longer has to keep its own event; it can set a timeout and have a callbackinstead. 2016-03-30 22:20:27 +00:00			`provider_timeout_t timeout; /* Timeout callback */`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`provider_complete_t completed; /* Callback for when other performers complete (think dependency chains) */`
authd/provider: add options handlers for providers This allows providers to create handlers for changing their configuration. 2016-03-26 04:04:00 +00:00
authd/provider: add stats handling hooking 2016-03-27 22:15:08 +00:00			`struct auth_stats_handler stats_handler;`

authd/provider: add options handlers for providers This allows providers to create handlers for changing their configuration. 2016-03-26 04:04:00 +00:00			`struct auth_opts_handler *opt_handlers;`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`};`

authd: add rdns provider (compile-tested) 2016-03-10 14:04:17 +00:00			`extern struct auth_provider rdns_provider;`
authd: identd fixes 2016-03-10 16:00:46 +00:00			`extern struct auth_provider ident_provider;`
authd/provider: add blacklist provider. This took way longer than it should have. 2016-03-26 01:07:36 +00:00			`extern struct auth_provider blacklist_provider;`
authd: add (not really working) OPM provider. It doesn't do anything yet as no configuration is plugged in, as well. 2016-03-31 05:28:05 +00:00			`extern struct auth_provider opm_provider;`
authd/provider: add these to provider.h 2016-03-10 09:15:03 +00:00
authd: add provider data getter/setter functions 2016-04-04 08:33:25 +00:00			`extern rb_dlink_list auth_providers;`
			`extern rb_dictionary *auth_clients;`

authd/provider: add these to provider.h 2016-03-10 09:15:03 +00:00			`void load_provider(struct auth_provider *provider);`
			`void unload_provider(struct auth_provider *provider);`

authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`void init_providers(void);`
			`void destroy_providers(void);`
			`void cancel_providers(struct auth_client *auth);`

auth: enable soft reject of clients. This doesn't cancel callbacks in progress. This is useful in cases where you're not sure you want to reject a client yet. 2016-03-10 17:30:09 +00:00			`void provider_done(struct auth_client *auth, provider_t id);`
			`void accept_client(struct auth_client *auth, provider_t id);`
authd/provider: make reject_client take a format string and varargs 2016-03-30 06:29:21 +00:00			`void reject_client(struct auth_client auth, provider_t id, const char data, const char *fmt, ...);`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00
			`void handle_new_connection(int parc, char *parv[]);`
authd: add abiltiy to cancel connection 2016-03-27 04:54:21 +00:00			`void handle_cancel_connection(int parc, char *parv[]);`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00
authd: add provider data getter/setter functions 2016-04-04 08:33:25 +00:00			`void get_provider_data(struct auth_client auth, uint32_t id);`
			`void set_provider_data(struct auth_client auth, uint32_t id, void data);`
authd: add provider timeout setting API 2016-04-04 09:24:49 +00:00			`void set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout);`
			`void set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout);`
authd: add provider data getter/setter functions 2016-04-04 08:33:25 +00:00
Check these out from authd-framework-2. 2016-03-26 21:53:43 +00:00			`/* Provider is operating on this auth_client (set this if you have async work to do) */`
authd: add abiltiy to cancel connection 2016-03-27 04:54:21 +00:00			`static inline void`
			`set_provider_on(struct auth_client *auth, provider_t provider)`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`{`
authd/provider: overhaul storage of various pieces of data Clients are stored in a dictionary referenced by id (to allow for UINT32_MAX auth clients, which is plenty). Each provider now has a data slot (this limits the number of providers to 32 for now, but that's plenty for now) which they can use to attach data to auth_clients. This consolidates data, aids in debugging, and makes it easier to just pass around auth_client structures. 2016-03-23 00:13:54 +00:00			`auth->providers \|= (1 << provider);`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`}`

			`/* Provider is no longer operating on this auth client (you should use provider_done) */`
authd: add abiltiy to cancel connection 2016-03-27 04:54:21 +00:00			`static inline void`
			`set_provider_off(struct auth_client *auth, provider_t provider)`
Redo of the authd-framework branch. This is basically most of the code from the authd-framework branch, but written to the new DNS code in master. Not quite done yet but getting there. 2016-03-17 21:23:27 +00:00			`{`
authd/provider: overhaul storage of various pieces of data Clients are stored in a dictionary referenced by id (to allow for UINT32_MAX auth clients, which is plenty). Each provider now has a data slot (this limits the number of providers to 32 for now, but that's plenty for now) which they can use to attach data to auth_clients. This consolidates data, aids in debugging, and makes it easier to just pass around auth_client structures. 2016-03-23 00:13:54 +00:00			`auth->providers &= ~(1 << provider);`
Redo of the authd-framework branch. This is basically most of the code from the authd-framework branch, but written to the new DNS code in master. Not quite done yet but getting there. 2016-03-17 21:23:27 +00:00			`}`

provider: make blacklist queries come after ident/rdns. 2016-03-26 01:46:58 +00:00			`/* Set the provider to done (you should use provider_done) */`
authd: add abiltiy to cancel connection 2016-03-27 04:54:21 +00:00			`static inline void`
			`set_provider_done(struct auth_client *auth, provider_t provider)`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`{`
provider: make blacklist queries come after ident/rdns. 2016-03-26 01:46:58 +00:00			`auth->providers_done \|= (1 << provider);`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`}`

			`/* Check if provider is operating on this auth client */`
authd: add abiltiy to cancel connection 2016-03-27 04:54:21 +00:00			`static inline bool`
			`is_provider_on(struct auth_client *auth, provider_t provider)`
Redo of the authd-framework branch. This is basically most of the code from the authd-framework branch, but written to the new DNS code in master. Not quite done yet but getting there. 2016-03-17 21:23:27 +00:00			`{`
authd/provider: overhaul storage of various pieces of data Clients are stored in a dictionary referenced by id (to allow for UINT32_MAX auth clients, which is plenty). Each provider now has a data slot (this limits the number of providers to 32 for now, but that's plenty for now) which they can use to attach data to auth_clients. This consolidates data, aids in debugging, and makes it easier to just pass around auth_client structures. 2016-03-23 00:13:54 +00:00			`return auth->providers & (1 << provider);`
Redo of the authd-framework branch. This is basically most of the code from the authd-framework branch, but written to the new DNS code in master. Not quite done yet but getting there. 2016-03-17 21:23:27 +00:00			`}`

authd: add abiltiy to cancel connection 2016-03-27 04:54:21 +00:00			`static inline bool`
			`is_provider_done(struct auth_client *auth, provider_t provider)`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`{`
provider: make blacklist queries come after ident/rdns. 2016-03-26 01:46:58 +00:00			`return auth->providers_done & (1 << provider);`
authd: initial authentication framework implementation Not plugged into anything yet, but compile-tested. 2016-03-10 07:50:36 +00:00			`}`

rename auth.[ch] to provider.[ch] This name is less confusing and more descriptive. 2016-03-10 09:07:52 +00:00			`#endif /* __CHARYBDIS_AUTHD_PROVIDER_H__ */`