mod_auth.h

Go to the documentation of this file.

/* Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 
#ifndef APACHE_MOD_AUTH_H
#define APACHE_MOD_AUTH_H
 
#include "apr_pools.h"
#include "apr_hash.h"
#include "apr_optional.h"
 
#include "httpd.h"
#include "http_config.h"
 
#ifdef __cplusplus
extern "C" {
#endif
 
#define AUTHT_PROVIDER_GROUP "autht"
#define AUTHN_PROVIDER_GROUP "authn"
#define AUTHZ_PROVIDER_GROUP "authz"
#define AUTHT_PROVIDER_VERSION "0"
#define AUTHN_PROVIDER_VERSION "0"
#define AUTHZ_PROVIDER_VERSION "0"
#define AUTHT_DEFAULT_PROVIDER "jwt"
#define AUTHN_DEFAULT_PROVIDER "file"
 
#define AUTHT_PROVIDER_NAME_NOTE "autht_provider_name"
#define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name"
#define AUTHZ_PROVIDER_NAME_NOTE "authz_provider_name"
 
#define AUTHT_PREFIX "TOKEN_"
#define AUTHN_PREFIX "AUTHENTICATE_"
#define AUTHZ_PREFIX "AUTHORIZE_"
 
#ifndef SATISFY_ALL
#define SATISFY_ALL 0
#endif
#ifndef SATISFY_ANY
#define SATISFY_ANY 1
#endif
#ifndef SATISFY_NOSPEC
#define SATISFY_NOSPEC 2
#endif
 
typedef enum {
    AUTH_DENIED,
    AUTH_GRANTED,
    AUTH_USER_FOUND,
    AUTH_USER_NOT_FOUND,
    AUTH_GENERAL_ERROR,
    AUTH_HANDLED
} authn_status;
 
typedef enum {
    AUTHT_DENIED = AUTH_DENIED,
    AUTHT_GRANTED = AUTH_GRANTED,
    AUTHT_GENERAL_ERROR = AUTH_GENERAL_ERROR,
    AUTHT_MISMATCH,
    AUTHT_EXPIRED,
    AUTHT_INVALID
} autht_status;
 
typedef enum {
    AUTHZ_DENIED,
    AUTHZ_GRANTED,
    AUTHZ_NEUTRAL,
    AUTHZ_GENERAL_ERROR,
    AUTHZ_DENIED_NO_USER      /* denied because r->user == NULL */
} authz_status;
 
typedef struct {
    /* Given a username and password, expected to return AUTH_GRANTED
     * if we can validate this user/password combination.
     *
     * Use with AUTHN_PROVIDER_VERSION / AUTHN_PROVIDER_VERSION1 providers.
     */
    authn_status (*check_password)(request_rec *r, const char *user,
                                   const char *password);
 
    /* Given a user and realm, expected to return AUTH_USER_FOUND if we
     * can find a md5 hash of 'user:realm:password'
     *
     * Use with AUTHN_PROVIDER_VERSION / AUTHN_PROVIDER_VERSION1 providers.
     */
    authn_status (*get_realm_hash)(request_rec *r, const char *user,
                                   const char *realm, char **rethash);
 
} authn_provider;
 
/* A linked-list of authn providers. */
typedef struct authn_provider_list authn_provider_list;
 
struct authn_provider_list {
    const char *provider_name;
    const authn_provider *provider;
    authn_provider_list *next;
};
 
typedef struct {
    /* Given a token of a given type, expected to return AUTH_GRANTED
     * if the token could be successfully authenticated.
     */
    autht_status (*check_token)(request_rec *r, const char *type,
                                const char *token);
 
} autht_provider;
 
/* A linked-list of authn providers. */
typedef struct autht_provider_list autht_provider_list;
 
struct autht_provider_list {
    const char *provider_name;
    const autht_provider *provider;
    autht_provider_list *next;
};
 
typedef struct {
    /* Given a request_rec, expected to return AUTHZ_GRANTED
     * if we can authorize user access.
     * @param r the request record
     * @param require_line the argument to the authz provider
     * @param parsed_require_line the value set by parse_require_line(), if any
     */
    authz_status (*check_authorization)(request_rec *r,
                                        const char *require_line,
                                        const void *parsed_require_line);
 
    const char *(*parse_require_line)(cmd_parms *cmd, const char *require_line,
                                      const void **parsed_require_line);
} authz_provider;
 
/* ap_authn_cache_store: Optional function for authn providers
 * to enable caching their lookups with mod_authn_cache
 * @param r The request rec
 * @param module Module identifier
 * @param user User name to authenticate
 * @param realm Digest authn realm (NULL for basic authn)
 * @param data The value looked up by the authn provider, to cache
 */
APR_DECLARE_OPTIONAL_FN(void, ap_authn_cache_store,
                        (request_rec*, const char*, const char*,
                         const char*, const char*));
 
#ifdef __cplusplus
}
#endif
 
#endif