diff options
| author | Glenn Strauss <gstrauss@gluelogic.com> | 2016-08-18 13:54:53 -0400 |
|---|---|---|
| committer | Glenn Strauss <gstrauss@gluelogic.com> | 2016-08-20 13:42:08 -0400 |
| commit | 4b3a91e64b098d4209f9d865b64d019cd8aa7c6a (patch) | |
| tree | a2fe8f984715cd5d1837b9ac57a42de195fd3176 /src/http_auth.h | |
| parent | 3dcca966f475e0b10559613125df6749611fa543 (diff) | |
| download | lighttpd-git-4b3a91e64b098d4209f9d865b64d019cd8aa7c6a.tar.gz | |
[mod_auth] extensible interface for auth backends
create new, extensible interface for (additional) auth backends
attempt to handle HANDLER_WAIT_FOR_EVENT returned by auth backends
to allow for async auth backends (e.g. to mysql database)
separate auth backends from mod_auth and http_auth
mod_authn_file.c htdigest, htpasswd, plain auth backends
mod_authn_ldap.c ldap auth backend
add http_auth.c to common_sources for auth backend registration
(mod_authn_file could be three separate modules, but no need for now)
Diffstat (limited to 'src/http_auth.h')
| -rw-r--r-- | src/http_auth.h | 81 |
1 files changed, 9 insertions, 72 deletions
diff --git a/src/http_auth.h b/src/http_auth.h index 7fdf57ff..4fea63bb 100644 --- a/src/http_auth.h +++ b/src/http_auth.h @@ -2,79 +2,16 @@ #define _HTTP_AUTH_H_ #include "first.h" -#include "server.h" -#include "plugin.h" +#include "base.h" -#if defined(HAVE_LDAP_H) && defined(HAVE_LBER_H) && defined(HAVE_LIBLDAP) && defined(HAVE_LIBLBER) -# define USE_LDAP -# include <ldap.h> -#endif - -typedef enum { - AUTH_BACKEND_UNSET, - AUTH_BACKEND_PLAIN, - AUTH_BACKEND_LDAP, - AUTH_BACKEND_HTPASSWD, - AUTH_BACKEND_HTDIGEST -} auth_backend_t; - -typedef struct { - /* auth */ - array *auth_require; - - buffer *auth_plain_groupfile; - buffer *auth_plain_userfile; - - buffer *auth_htdigest_userfile; - buffer *auth_htpasswd_userfile; - - buffer *auth_backend_conf; - - buffer *auth_ldap_hostname; - buffer *auth_ldap_basedn; - buffer *auth_ldap_binddn; - buffer *auth_ldap_bindpw; - buffer *auth_ldap_filter; - buffer *auth_ldap_cafile; - unsigned short auth_ldap_starttls; - unsigned short auth_ldap_allow_empty_pw; - - unsigned short auth_debug; - - /* generated */ - auth_backend_t auth_backend; - -#ifdef USE_LDAP - LDAP *ldap; +typedef struct http_auth_backend_t { + const char *name; + handler_t(*basic)(server *srv, connection *con, void *p_d, const buffer *username, const buffer *realm, const char *pw); + handler_t(*digest)(server *srv, connection *con, void *p_d, const char *username, const char *realm, unsigned char HA1[16]); + void *p_d; +} http_auth_backend_t; - buffer *ldap_filter_pre; - buffer *ldap_filter_post; -#endif -} mod_auth_plugin_config; - -typedef struct { - PLUGIN_DATA; - buffer *tmp_buf; - - buffer *auth_user; - -#ifdef USE_LDAP - buffer *ldap_filter; -#endif - - mod_auth_plugin_config **config_storage; - - mod_auth_plugin_config conf, *anon_conf; /* this is only used as long as no handler_ctx is setup */ -} mod_auth_plugin_data; - -int mod_authn_htdigest_digest(server *srv, connection *con, void *p_d, const char *username, const char *realm, unsigned char HA1[16]); -int mod_authn_htdigest_basic(server *srv, connection *con, void *p_d, const buffer *username, const buffer *realm, const char *pw); -int mod_authn_plain_digest(server *srv, connection *con, void *p_d, const char *username, const char *realm, unsigned char HA1[16]); -int mod_authn_plain_basic(server *srv, connection *con, void *p_d, const buffer *username, const buffer *realm, const char *pw); -int mod_authn_htpasswd_basic(server *srv, connection *con, void *p_d, const buffer *username, const buffer *realm, const char *pw); -#ifdef USE_LDAP -int mod_authn_ldap_basic(server *srv, connection *con, void *p_d, const buffer *username, const buffer *realm, const char *pw); -handler_t mod_authn_ldap_init(server *srv, mod_auth_plugin_config *s); -#endif +const http_auth_backend_t * http_auth_backend_get (const buffer *name); +void http_auth_backend_set (const http_auth_backend_t *backend); #endif |