mod_auth.h 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141
  1. /* Licensed to the Apache Software Foundation (ASF) under one or more
  2. * contributor license agreements. See the NOTICE file distributed with
  3. * this work for additional information regarding copyright ownership.
  4. * The ASF licenses this file to You under the Apache License, Version 2.0
  5. * (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. *
  8. * http://www.apache.org/licenses/LICENSE-2.0
  9. *
  10. * Unless required by applicable law or agreed to in writing, software
  11. * distributed under the License is distributed on an "AS IS" BASIS,
  12. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13. * See the License for the specific language governing permissions and
  14. * limitations under the License.
  15. */
  16. /**
  17. * @file mod_auth.h
  18. * @brief Authentication and Authorization Extension for Apache
  19. *
  20. * @defgroup MOD_AUTH mod_auth
  21. * @ingroup APACHE_MODS
  22. */
  23. #ifndef APACHE_MOD_AUTH_H
  24. #define APACHE_MOD_AUTH_H
  25. #include "apr_pools.h"
  26. #include "apr_hash.h"
  27. #include "apr_optional.h"
  28. #include "httpd.h"
  29. #include "http_config.h"
  30. #ifdef __cplusplus
  31. extern "C" {
  32. #endif
  33. #define AUTHN_PROVIDER_GROUP "authn"
  34. #define AUTHZ_PROVIDER_GROUP "authz"
  35. #define AUTHN_PROVIDER_VERSION "0"
  36. #define AUTHZ_PROVIDER_VERSION "0"
  37. #define AUTHN_DEFAULT_PROVIDER "file"
  38. #define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name"
  39. #define AUTHZ_PROVIDER_NAME_NOTE "authz_provider_name"
  40. #define AUTHN_PREFIX "AUTHENTICATE_"
  41. #define AUTHZ_PREFIX "AUTHORIZE_"
  42. /** all of the requirements must be met */
  43. #ifndef SATISFY_ALL
  44. #define SATISFY_ALL 0
  45. #endif
  46. /** any of the requirements must be met */
  47. #ifndef SATISFY_ANY
  48. #define SATISFY_ANY 1
  49. #endif
  50. /** There are no applicable satisfy lines */
  51. #ifndef SATISFY_NOSPEC
  52. #define SATISFY_NOSPEC 2
  53. #endif
  54. typedef enum {
  55. AUTH_DENIED,
  56. AUTH_GRANTED,
  57. AUTH_USER_FOUND,
  58. AUTH_USER_NOT_FOUND,
  59. AUTH_GENERAL_ERROR
  60. } authn_status;
  61. typedef enum {
  62. AUTHZ_DENIED,
  63. AUTHZ_GRANTED,
  64. AUTHZ_NEUTRAL,
  65. AUTHZ_GENERAL_ERROR,
  66. AUTHZ_DENIED_NO_USER /* denied because r->user == NULL */
  67. } authz_status;
  68. typedef struct {
  69. /* Given a username and password, expected to return AUTH_GRANTED
  70. * if we can validate this user/password combination.
  71. */
  72. authn_status (*check_password)(request_rec *r, const char *user,
  73. const char *password);
  74. /* Given a user and realm, expected to return AUTH_USER_FOUND if we
  75. * can find a md5 hash of 'user:realm:password'
  76. */
  77. authn_status (*get_realm_hash)(request_rec *r, const char *user,
  78. const char *realm, char **rethash);
  79. } authn_provider;
  80. /* A linked-list of authn providers. */
  81. typedef struct authn_provider_list authn_provider_list;
  82. struct authn_provider_list {
  83. const char *provider_name;
  84. const authn_provider *provider;
  85. authn_provider_list *next;
  86. };
  87. typedef struct {
  88. /* Given a request_rec, expected to return AUTHZ_GRANTED
  89. * if we can authorize user access.
  90. * @param r the request record
  91. * @param require_line the argument to the authz provider
  92. * @param parsed_require_line the value set by parse_require_line(), if any
  93. */
  94. authz_status (*check_authorization)(request_rec *r,
  95. const char *require_line,
  96. const void *parsed_require_line);
  97. /** Check the syntax of a require line and optionally cache the parsed
  98. * line. This function may be NULL.
  99. * @param cmd the config directive
  100. * @param require_line the argument to the authz provider
  101. * @param parsed_require_line place to store parsed require_line for use by provider
  102. * @return Error message or NULL on success
  103. */
  104. const char *(*parse_require_line)(cmd_parms *cmd, const char *require_line,
  105. const void **parsed_require_line);
  106. } authz_provider;
  107. /* ap_authn_cache_store: Optional function for authn providers
  108. * to enable cacheing their lookups with mod_authn_cache
  109. * @param r The request rec
  110. * @param module Module identifier
  111. * @param user User name to authenticate
  112. * @param realm Digest authn realm (NULL for basic authn)
  113. * @param data The value looked up by the authn provider, to cache
  114. */
  115. APR_DECLARE_OPTIONAL_FN(void, ap_authn_cache_store,
  116. (request_rec*, const char*, const char*,
  117. const char*, const char*));
  118. #ifdef __cplusplus
  119. }
  120. #endif
  121. #endif