|
1 #ifndef authmod_h |
|
2 #define authmod_h |
|
3 |
|
4 /* |
|
5 ** Copyright 1998 - 1999 Double Precision, Inc. See COPYING for |
|
6 ** distribution information. |
|
7 */ |
|
8 |
|
9 /* Common functions used by standalone authentication modules */ |
|
10 |
|
11 #if HAVE_CONFIG_H |
|
12 #include "config.h" |
|
13 #endif |
|
14 |
|
15 #ifdef __cplusplus |
|
16 extern "C" { |
|
17 #endif |
|
18 |
|
19 static const char authmod_h_rcsid[]="$Id: authmod.h,v 1.1 2000/04/13 17:55:05 bruce Exp $"; |
|
20 |
|
21 /* |
|
22 ** Authentication modules must call authmod_init the first thing in main. |
|
23 */ |
|
24 |
|
25 void authmod_init( |
|
26 int, /* argc */ |
|
27 char **, /* argv */ |
|
28 |
|
29 const char **, /* Returns service to authenticate */ |
|
30 const char **, /* Returns authentication type */ |
|
31 char **); /* Returns authentication data */ |
|
32 |
|
33 /* |
|
34 ** NOTE: authmod_init does NOT return if a previous authentication module |
|
35 ** already succesfully authenticated the request. authmod_init will run the |
|
36 ** next module automatically, hence we'll eventually wind up with the |
|
37 ** authentication client in the authenticated state. |
|
38 ** |
|
39 ** An authentication module must call authmod_success if it accepted the |
|
40 ** authentication request. |
|
41 */ |
|
42 |
|
43 void authmod_success(int, /* argc */ |
|
44 char **, /* argv */ |
|
45 const char *); /* authenticated_username */ |
|
46 |
|
47 /* |
|
48 ** Standalone modules should call authmod_fail if the authentication failed. |
|
49 */ |
|
50 |
|
51 void authmod_fail(int, /* argc */ |
|
52 char **); /* argv */ |
|
53 |
|
54 /* |
|
55 ** Standalone modules should call authmod_fail_completely, and if the module |
|
56 ** does not want any additional authentication modules to try to authenticate |
|
57 ** this request. authmod_fail_completely reruns the authentication user |
|
58 ** process (see below). |
|
59 */ |
|
60 |
|
61 void authmod_fail_completely(); |
|
62 |
|
63 /* |
|
64 ** authentication clients should call authclient() the first thing in main, |
|
65 ** to check if the authentication succeeded. If not, authclient terminates |
|
66 ** the process and reruns the authmoduser process |
|
67 */ |
|
68 |
|
69 const char *authmodclient(); |
|
70 |
|
71 /* |
|
72 ** authmoduser is called by authentication users as the very first thing |
|
73 ** in main(). It checks the environment variables and returns 0 if |
|
74 ** auth user was reinvoked upon authentication failure. It returns non-0 |
|
75 ** if this is the initial invocation of the auth user process. |
|
76 ** |
|
77 ** authmoduser: |
|
78 ** |
|
79 ** * checks to make sure the environment variable AUTHUSER is set, which |
|
80 ** should contain the full pathname to this process (can't rely on |
|
81 ** argv[0] all the time). authmoduser terminates if AUTHUSER is not set. |
|
82 ** |
|
83 ** * checks if the environment variable AUTHARGC is set to a non-zero |
|
84 ** value. If it is, it means AUTHUSER was rerun due to an authentication |
|
85 ** failure, so authmoduser will return 0, after sleeping for the amount |
|
86 ** of time specified by the fourth argument. |
|
87 ** |
|
88 ** * otherwise the environment variables AUTHARGC, AUTHARGV0, AUTHARGV1 ... |
|
89 ** are set to mirror the contents of the argc/argv variables, so that |
|
90 ** upon authentication failure $AUTHUSER can be rerun, with the same |
|
91 ** exact parameters. |
|
92 ** |
|
93 ** The third argument to authmoduser specifies the timeout for a successful |
|
94 ** login. The expiration time is also saved in the environment, and |
|
95 ** authmoduser will call alarm() to cause this process to die if the authmod() |
|
96 ** function is not called before the timer goes off. The authmod function |
|
97 ** will cancel the alarm signal before running the first authentication |
|
98 ** module, in order to avoid arrivals of unexpected signals. |
|
99 ** |
|
100 */ |
|
101 |
|
102 int authmoduser(int, /* argc - as passed to main */ |
|
103 char **, /* argv - as passed to main */ |
|
104 |
|
105 unsigned, /* authentication timeout, in seconds */ |
|
106 unsigned); /* bad authentication sleep time, in seconds */ |
|
107 |
|
108 |
|
109 /* |
|
110 ** authmod is called by authentication user to attempt to authenticate |
|
111 ** access. This function never returns as it execs the first authentication |
|
112 ** module. The authentication module to run is taken from the argv[0] |
|
113 ** parameter (see below) and argc must be > 0. This means that argc/argv |
|
114 ** received by main must be advanced to skip past any options on the command |
|
115 ** line. |
|
116 */ |
|
117 |
|
118 #define AUTHTYPE_LOGIN "login" /* authdata is userid\npassword\n */ |
|
119 #define AUTHTYPE_CRAMMD5 "cram-md5" /* authdata is challenge\nresponse\n */ |
|
120 |
|
121 void authmod(int, /* argc */ |
|
122 char **, /* argv */ |
|
123 |
|
124 const char *, /* service */ |
|
125 const char *, /* authentication type */ |
|
126 const char *); /* authentication data */ |
|
127 |
|
128 void authmod_login(int, |
|
129 char **, |
|
130 const char *, /* service */ |
|
131 const char *, /* userid */ |
|
132 const char *); /* password */ |
|
133 |
|
134 #ifdef __cplusplus |
|
135 } |
|
136 #endif |
|
137 #endif |