File: authmod.h

package info (click to toggle)
courier 0.47-4sarge5
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 32,680 kB
  • ctags: 12,265
  • sloc: ansic: 164,045; cpp: 23,863; sh: 19,569; perl: 7,225; makefile: 4,192; yacc: 316; sed: 16
file content (139 lines) | stat: -rw-r--r-- 4,447 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
#ifndef	authmod_h
#define	authmod_h

/*
** Copyright 1998 - 1999 Double Precision, Inc.  See COPYING for
** distribution information.
*/

/* Common functions used by standalone authentication modules */

#if	HAVE_CONFIG_H
#include	"config.h"
#endif

#ifdef	__cplusplus
extern "C" {
#endif

static const char authmod_h_rcsid[]="$Id: authmod.h,v 1.5 2000/04/30 01:04:09 mrsam Exp $";

/*
** Authentication modules must call authmod_init the first thing in main.
*/

void	authmod_init(
		int,		/* argc */
		char **,	/* argv */

		const char **,	/* Returns service to authenticate */
		const char **,	/* Returns authentication type */
		char **);	/* Returns authentication data */

/*
** NOTE: authmod_init does NOT return if a previous authentication module
** already succesfully authenticated the request.  authmod_init will run the
** next module automatically, hence we'll eventually wind up with the
** authentication client in the authenticated state.
**
** An authentication module must call authmod_success if it accepted the
** authentication request.
*/

void authmod_success(int,	/* argc */
		char **,	/* argv */
		const char *);	/* authenticated_username */

/*
** Standalone modules should call authmod_fail if the authentication failed.
*/

void authmod_fail(int,		/* argc */
		char **);	/* argv */

/*
** Standalone modules should call authmod_fail_completely, and if the module
** does not want any additional authentication modules to try to authenticate
** this request.  authmod_fail_completely reruns the authentication user
** process (see below).
*/

void authmod_fail_completely();

/*
** authentication clients should call authclient() the first thing in main,
** to check if the authentication succeeded.  If not, authclient terminates
** the process and reruns the authmoduser process
*/

const char *authmodclient();

/*
** authmoduser is called by authentication users as the very first thing
** in main().  It checks the environment variables and returns 0 if
** auth user was reinvoked upon authentication failure.  It returns non-0
** if this is the initial invocation of the auth user process.
**
** authmoduser:
**
**    * checks to make sure the environment variable AUTHUSER is set, which
**      should contain the full pathname to this process (can't rely on
**      argv[0] all the time).  authmoduser terminates if AUTHUSER is not set.
**
**    * checks if the environment variable AUTHARGC is set to a non-zero
**      value.  If it is, it means AUTHUSER was rerun due to an authentication
**      failure, so authmoduser will return 0, after sleeping for the amount
**      of time specified by the fourth argument.
**
**    * otherwise the environment variables AUTHARGC, AUTHARGV0, AUTHARGV1 ...
**      are set to mirror the contents of the argc/argv variables, so that
**      upon authentication failure $AUTHUSER can be rerun, with the same
**      exact parameters.
**
** The third argument to authmoduser specifies the timeout for a successful
** login.  The expiration time is also saved in the environment, and
** authmoduser will call alarm() to cause this process to die if the authmod()
** function is not called before the timer goes off.  The authmod function
** will cancel the alarm signal before running the first authentication
** module, in order to avoid arrivals of unexpected signals.
**
*/

int authmoduser(int,		/* argc - as passed to main */
		char **,	/* argv - as passed to main */

		unsigned,	/* authentication timeout, in seconds */
		unsigned);	/* bad authentication sleep time, in seconds */


/*
** authmod is called by authentication user to attempt to authenticate
** access.  This function never returns as it execs the first authentication
** module.  The authentication module to run is taken from the argv[0]
** parameter (see below) and argc must be > 0.  This means that argc/argv
** received by main must be advanced to skip past any options on the command
** line.
*/

#define	AUTHTYPE_LOGIN	"login"		/* authdata is userid\npassword\n */
#define	AUTHTYPE_CRAMMD5 "cram-md5"	/* authdata is challenge\nresponse\n */

void authmod(int,	/* argc */
	char **,	/* argv */

	const char *,	/* service */
	const char *,	/* authentication type */
	const char *);	/* authentication data */

void authmod_login(int,
	char **,
	const char *,	/* service */
	const char *,	/* userid */
	const char *);	/* password */

/* Magic for authdaemon */

#ifdef	__cplusplus
}
#endif
#endif