#ifndef AUTH_REQUEST_H
#define AUTH_REQUEST_H
#include "network.h"
#include "mech.h"
#include "userdb.h"
#include "passdb.h"
struct auth_client_connection;
enum auth_request_state {
AUTH_REQUEST_STATE_NEW,
AUTH_REQUEST_STATE_PASSDB,
AUTH_REQUEST_STATE_MECH_CONTINUE,
AUTH_REQUEST_STATE_FINISHED,
AUTH_REQUEST_STATE_USERDB,
AUTH_REQUEST_STATE_MAX
};
typedef const char *
auth_request_escape_func_t(const char *string,
const struct auth_request *auth_request);
struct auth_request {
int refcount;
pool_t pool;
enum auth_request_state state;
char *user, *requested_login_user, *master_user;
char *submit_user;
char *anonymous_username;
const char *original_username;
const char *translated_username;
const char *realm;
char *mech_password;
char *passdb_password;
struct auth_stream_reply *extra_fields;
struct auth_stream_reply *extra_cache_fields;
struct auth_stream_reply *userdb_reply;
const struct mech_module *mech;
const struct auth_settings *set;
struct auth_passdb *passdb;
struct auth_userdb *userdb;
struct auth_request_handler *handler;
struct auth_master_connection *master;
unsigned int connect_uid;
unsigned int client_pid;
unsigned int id;
time_t last_access;
const char *service, *mech_name;
struct ip_addr local_ip, remote_ip;
unsigned int local_port, remote_port;
struct timeout *to_abort, *to_penalty;
unsigned int last_penalty;
unsigned int initial_response_len;
const unsigned char *initial_response;
union {
verify_plain_callback_t *verify_plain;
lookup_credentials_callback_t *lookup_credentials;
set_credentials_callback_t *set_credentials;
userdb_callback_t *userdb;
} private_callback;
const char *credentials_scheme;
void *context;
unsigned int successful:1;
unsigned int passdb_failure:1;
unsigned int internal_failure:1;
unsigned int passdb_user_unknown:1;
unsigned int passdb_internal_failure:1;
unsigned int userdb_internal_failure:1;
unsigned int delayed_failure:1;
unsigned int domain_is_realm:1;
unsigned int accept_input:1;
unsigned int no_failure_delay:1;
unsigned int no_login:1;
unsigned int no_password:1;
unsigned int skip_password_check:1;
unsigned int prefer_plain_credentials:1;
unsigned int proxy:1;
unsigned int proxy_maybe:1;
unsigned int valid_client_cert:1;
unsigned int no_penalty:1;
unsigned int cert_username:1;
unsigned int userdb_lookup:1;
unsigned int userdb_lookup_failed:1;
unsigned int secured:1;
unsigned int removed_from_handler:1;
};
extern unsigned int auth_request_state_count[AUTH_REQUEST_STATE_MAX];
struct auth_request *
auth_request_new(const struct mech_module *mech);
struct auth_request *auth_request_new_dummy(void);
void auth_request_init(struct auth_request *request);
struct auth *auth_request_get_auth(struct auth_request *request);
void auth_request_set_state(struct auth_request *request,
enum auth_request_state state);
void auth_request_ref(struct auth_request *request);
void auth_request_unref(struct auth_request **request);
void auth_request_success(struct auth_request *request,
const void *data, size_t data_size);
void auth_request_fail(struct auth_request *request);
void auth_request_internal_failure(struct auth_request *request);
void auth_request_export(struct auth_request *request,
struct auth_stream_reply *reply);
bool auth_request_import(struct auth_request *request,
const char *key, const char *value);
void auth_request_initial(struct auth_request *request);
void auth_request_continue(struct auth_request *request,
const unsigned char *data, size_t data_size);
void auth_request_verify_plain(struct auth_request *request,
const char *password,
verify_plain_callback_t *callback);
void auth_request_lookup_credentials(struct auth_request *request,
const char *scheme,
lookup_credentials_callback_t *callback);
void auth_request_lookup_user(struct auth_request *request,
userdb_callback_t *callback);
bool auth_request_set_username(struct auth_request *request,
const char *username, const char **error_r);
bool auth_request_set_login_username(struct auth_request *request,
const char *username,
const char **error_r);
void auth_request_set_field(struct auth_request *request,
const char *name, const char *value,
const char *default_scheme);
void auth_request_set_fields(struct auth_request *request,
const char *const *fields,
const char *default_scheme);
void auth_request_init_userdb_reply(struct auth_request *request);
void auth_request_set_userdb_field(struct auth_request *request,
const char *name, const char *value);
void auth_request_set_userdb_field_values(struct auth_request *request,
const char *name,
const char *const *values);
void auth_request_proxy_finish(struct auth_request *request, bool success);
void auth_request_log_password_mismatch(struct auth_request *request,
const char *subsystem);
int auth_request_password_verify(struct auth_request *request,
const char *plain_password,
const char *crypted_password,
const char *scheme, const char *subsystem);
const struct var_expand_table *
auth_request_get_var_expand_table(const struct auth_request *auth_request,
auth_request_escape_func_t *escape_func);
const char *auth_request_str_escape(const char *string,
const struct auth_request *request);
void auth_request_log_debug(struct auth_request *auth_request,
const char *subsystem,
const char *format, ...) ATTR_FORMAT(3, 4);
void auth_request_log_info(struct auth_request *auth_request,
const char *subsystem,
const char *format, ...) ATTR_FORMAT(3, 4);
void auth_request_log_warning(struct auth_request *auth_request,
const char *subsystem,
const char *format, ...);
void auth_request_log_error(struct auth_request *auth_request,
const char *subsystem,
const char *format, ...) ATTR_FORMAT(3, 4);
void auth_request_verify_plain_callback(enum passdb_result result,
struct auth_request *request);
void auth_request_lookup_credentials_callback(enum passdb_result result,
const unsigned char *credentials,
size_t size,
struct auth_request *request);
void auth_request_set_credentials(struct auth_request *request,
const char *scheme, const char *data,
set_credentials_callback_t *callback);
void auth_request_userdb_callback(enum userdb_result result,
struct auth_request *request);
void auth_request_refresh_last_access(struct auth_request *request);
#endif