auth.h 6.03 KB
Newer Older
1 2 3 4 5 6 7 8 9 10
/* Icecast
 *
 * This program is distributed under the GNU General Public License, version 2.
 * A copy of this license is included with this source.
 *
 * Copyright 2000-2004, Jack Moffitt <jack@xiph.org, 
 *                      Michael Smith <msmith@xiph.org>,
 *                      oddsock <oddsock@xiph.org>,
 *                      Karl Heyes <karl@xiph.org>
 *                      and others (see AUTHORS for details).
11
 * Copyright 2014-2018, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
12 13
 */

Michael Smith's avatar
Michael Smith committed
14 15 16
#ifndef __AUTH_H__
#define __AUTH_H__

Karl Heyes's avatar
Karl Heyes committed
17 18 19 20
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

21 22 23
#include <libxml/xmlmemory.h>
#include <libxml/parser.h>
#include <libxml/tree.h>
24

Marvin Scholz's avatar
Marvin Scholz committed
25
#include "common/thread/thread.h"
26 27 28
#include "common/httpp/httpp.h"

#include "icecasttypes.h"
Michael Smith's avatar
Michael Smith committed
29

Philipp Schafft's avatar
Philipp Schafft committed
30 31 32 33 34 35 36
/* implemented */
#define AUTH_TYPE_ANONYMOUS       "anonymous"
#define AUTH_TYPE_STATIC          "static"
#define AUTH_TYPE_LEGACY_PASSWORD "legacy-password"
#define AUTH_TYPE_URL             "url"
#define AUTH_TYPE_HTPASSWD        "htpasswd"

37 38
#define MAX_ADMIN_COMMANDS 32

Michael Smith's avatar
Michael Smith committed
39 40
typedef enum
{
41
    /* XXX: ??? */
42
    AUTH_UNDEFINED,
43
    /* user authed successfull */
Michael Smith's avatar
Michael Smith committed
44
    AUTH_OK,
45
    /* user authed failed */
Michael Smith's avatar
Michael Smith committed
46
    AUTH_FAILED,
Philipp Schafft's avatar
Philipp Schafft committed
47 48
    /* session got terminated */
    AUTH_RELEASED,
49
    /* XXX: ??? */
50
    AUTH_FORBIDDEN,
51 52 53
    /* No match for given username or other identifier found */
    AUTH_NOMATCH,
    /* status codes for database changes */
54 55
    AUTH_USERADDED,
    AUTH_USEREXISTS,
56
    AUTH_USERDELETED
Michael Smith's avatar
Michael Smith committed
57 58
} auth_result;

59 60 61 62 63 64 65 66 67
typedef enum {
    /* The slot is not used */
    AUTH_MATCHTYPE_UNUSED,
    /* Match on this slot */
    AUTH_MATCHTYPE_MATCH,
    /* Do not match on this slot */
    AUTH_MATCHTYPE_NOMATCH
} auth_matchtype_t;

68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84
typedef enum {
    /* Used internally by auth system. */
    AUTH_ALTER_NOOP = 0,
    /* Internal rewrite of URI */
    AUTH_ALTER_REWRITE,
    /* Redirect to another location. */
    AUTH_ALTER_REDIRECT,
    /* See some other resource */
    AUTH_ALTER_REDIRECT_SEE_OTHER,
    /* This resource is currently located elsewhere */
    AUTH_ALTER_REDIRECT_TEMPORARY,
    /* This resource is now located at new location */
    AUTH_ALTER_REDIRECT_PERMANENT,
    /* Send an error report to the client */
    AUTH_ALTER_SEND_ERROR
} auth_alter_t;

Philipp Schafft's avatar
Philipp Schafft committed
85 86
typedef struct auth_client_tag auth_client;
struct auth_client_tag {
Philipp Schafft's avatar
Philipp Schafft committed
87
    client_t     *client;
Philipp Schafft's avatar
Philipp Schafft committed
88
    auth_result (*process)(auth_t *auth, auth_client *auth_user);
Philipp Schafft's avatar
Philipp Schafft committed
89 90 91
    void        (*on_no_match)(client_t *client, void (*on_result)(client_t *client, void *userdata, auth_result result), void *userdata);
    void        (*on_result)(client_t *client, void *userdata, auth_result result);
    void         *userdata;
92
    void         *authbackend_userdata;
93 94
    auth_alter_t  alter_client_action;
    char         *alter_client_arg;
Philipp Schafft's avatar
Philipp Schafft committed
95 96
    auth_client  *next;
};
97 98


99
struct auth_tag
Michael Smith's avatar
Michael Smith committed
100
{
101 102 103
    /* unique ID */
    unsigned long id;

104 105 106
    /* URL for any kind of UI used to configure this or NULL. */
    char *management_url;

107 108
    char *mount;

Philipp Schafft's avatar
Philipp Schafft committed
109
    /* filters */
110
    auth_matchtype_t filter_method[httpp_req_unknown+1];
111 112 113 114 115 116
    auth_matchtype_t filter_web_policy;
    auth_matchtype_t filter_admin_policy;
    struct {
        auth_matchtype_t type;
        admin_command_id_t command;
    } filter_admin[MAX_ADMIN_COMMANDS];
117

118 119 120
    /* permissions */
    auth_matchtype_t permission_alter[AUTH_ALTER_SEND_ERROR+1];

121 122 123 124 125
    /* whether authenticate_client() and release_client() will return immediate.
     * Setting this will result in no thread being started for this.
     */
    int immediate;

Philipp Schafft's avatar
Philipp Schafft committed
126 127 128
    /* Authenticate using the given username and password */
    auth_result (*authenticate_client)(auth_client *aclient);
    auth_result (*release_client)(auth_client *auth_user);
129

130
    /* auth state-specific free call */
131
    void (*free)(auth_t *self);
132

133 134 135
    auth_result (*adduser)(auth_t *auth, const char *username, const char *password);
    auth_result (*deleteuser)(auth_t *auth, const char *username);
    auth_result (*listuser)(auth_t *auth, xmlNodePtr srcnode);
136

137
    mutex_t lock;
138
    int running;
Philipp Schafft's avatar
Philipp Schafft committed
139
    size_t refcount;
140

141 142 143 144 145 146
    thread_type *thread;

    /* per-auth queue for clients */
    auth_client *head, **tailp;
    int pending_count;

Michael Smith's avatar
Michael Smith committed
147
    void *state;
148
    char *type;
Philipp Schafft's avatar
Philipp Schafft committed
149 150 151 152 153 154
    char *unique_tag;

    /* acl to set on succsessful auth */
    acl_t *acl;
    /* role name for later matching, may be NULL if no role name was given in config */
    char  *role;
155
};
Michael Smith's avatar
Michael Smith committed
156

157
/* prototypes for auths that do not need own header file */
Marvin Scholz's avatar
Marvin Scholz committed
158 159 160
int auth_get_anonymous_auth(auth_t *auth, config_options_t *options);
int auth_get_static_auth(auth_t *auth, config_options_t *options);
int auth_get_url_auth(auth_t *authenticator, config_options_t *options);
161 162 163
int auth_get_htpasswd_auth(auth_t *auth, config_options_t *options);

/* prototypes for auth.c */
Marvin Scholz's avatar
Marvin Scholz committed
164 165
void auth_initialise(void);
void auth_shutdown(void);
166

167 168
auth_result auth_str2result(const char *str);

Marvin Scholz's avatar
Marvin Scholz committed
169 170 171
auth_t  *auth_get_authenticator(xmlNodePtr node);
void    auth_release(auth_t *authenticator);
void    auth_addref(auth_t *authenticator);
172

Marvin Scholz's avatar
Marvin Scholz committed
173
int auth_release_client(client_t *client);
Michael Smith's avatar
Michael Smith committed
174

Marvin Scholz's avatar
Marvin Scholz committed
175 176 177 178 179 180
void auth_stack_add_client(auth_stack_t  *stack,
                           client_t      *client,
                           void         (*on_result)(client_t      *client,
                                                     void          *userdata,
                                                     auth_result   result),
                           void          *userdata);
181

182
int auth_alter_client(auth_t *auth, auth_client *auth_user, auth_alter_t action, const char *arg);
183
auth_alter_t auth_str2alter(const char *str);
184

Philipp Schafft's avatar
Philipp Schafft committed
185 186 187 188 189 190
void          auth_stack_release(auth_stack_t *stack);
void          auth_stack_addref(auth_stack_t *stack);
int           auth_stack_next(auth_stack_t **stack); /* returns -1 on error, 0 on success, +1 if no next element is present */
int           auth_stack_push(auth_stack_t **stack, auth_t *auth);
int           auth_stack_append(auth_stack_t *stack, auth_stack_t *tail);
auth_t       *auth_stack_get(auth_stack_t *stack);
191
auth_t       *auth_stack_getbyid(auth_stack_t *stack, unsigned long id);
192
acl_t        *auth_stack_get_anonymous_acl(auth_stack_t *stack, httpp_request_type_e method);
Michael Smith's avatar
Michael Smith committed
193 194

#endif