[MINOR] generic auth support with groups and encrypted passwords
Add generic authentication & authorization support.
Groups are implemented as bitmaps so the count is limited to
sizeof(int)*8 == 32.
Encrypted passwords are supported with libcrypt and crypt(3), so it is
possible to use any method supported by your system. For example modern
Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic,
DES-based encryption.
diff --git a/include/common/cfgparse.h b/include/common/cfgparse.h
index 3b376a0..a67f0d1 100644
--- a/include/common/cfgparse.h
+++ b/include/common/cfgparse.h
@@ -32,6 +32,7 @@
#define CFG_NONE 0
#define CFG_GLOBAL 1
#define CFG_LISTEN 2
+#define CFG_USERLIST 3
struct cfg_keyword {
int section; /* section type for this keyword */
diff --git a/include/common/uri_auth.h b/include/common/uri_auth.h
index 64f818b..b4c297c 100644
--- a/include/common/uri_auth.h
+++ b/include/common/uri_auth.h
@@ -15,6 +15,8 @@
#include <common/config.h>
+#include <types/auth.h>
+
/* here we find a very basic list of base64-encoded 'user:passwd' strings */
struct user_auth {
struct user_auth *next; /* next entry, NULL if none */
@@ -46,6 +48,7 @@
int flags; /* some flags describing the statistics page */
struct user_auth *users; /* linked list of valid user:passwd couples */
struct stat_scope *scope; /* linked list of authorized proxies */
+ struct list req_acl; /* */
struct uri_auth *next; /* Used at deinit() to build a list of unique elements */
};
diff --git a/include/proto/auth.h b/include/proto/auth.h
new file mode 100644
index 0000000..9808621
--- /dev/null
+++ b/include/proto/auth.h
@@ -0,0 +1,36 @@
+/*
+ * User authentication & authorization.
+ *
+ * Copyright 2010 Krzysztof Piotr Oledzki <ole@ans.pl>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ */
+
+#ifndef _PROTO_AUTH_H
+#define _PROTO_AUTH_H
+
+#include <common/config.h>
+#include <types/auth.h>
+
+extern struct userlist *userlist;
+
+struct userlist *auth_find_userlist(char *name);
+unsigned int auth_resolve_groups(struct userlist *l, char *groups);
+struct req_acl_rule *parse_auth_cond(const char **args, const char *file, int linenum, struct list *known_acl, int *acl_requires);
+void userlist_free(struct userlist *ul);
+void req_acl_free(struct list *r);
+int acl_match_auth(struct acl_test *test, struct acl_pattern *pattern);
+
+#endif /* _PROTO_AUTH_H */
+
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
+
diff --git a/include/types/auth.h b/include/types/auth.h
new file mode 100644
index 0000000..d278de6
--- /dev/null
+++ b/include/types/auth.h
@@ -0,0 +1,73 @@
+/*
+ * User authentication & authorization.
+ *
+ * Copyright 2010 Krzysztof Piotr Oledzki <ole@ans.pl>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ */
+
+#ifndef _TYPES_AUTH_H
+#define _TYPES_AUTH_H
+
+#include <common/config.h>
+#include <common/mini-clist.h>
+
+#include <types/auth.h>
+
+#define MAX_AUTH_GROUPS (unsigned int)(sizeof(int)*8)
+
+#define AU_O_INSECURE 0x00000001 /* insecure, unencrypted password */
+
+enum {
+ PR_REQ_ACL_ACT_UNKNOWN = 0,
+ PR_REQ_ACL_ACT_ALLOW,
+ PR_REQ_ACL_ACT_DENY,
+ PR_REQ_ACL_ACT_HTTP_AUTH,
+
+ PR_REQ_ACL_ACT_MAX
+};
+
+
+struct req_acl_rule {
+ struct list list;
+ struct acl_cond *cond; /* acl condition to meet */
+ unsigned int action;
+ union {
+ struct {
+ char *realm;
+ } http_auth;
+ };
+};
+
+struct auth_users {
+ struct auth_users *next;
+ unsigned int flags;
+ char *user, *pass;
+ union {
+ char *groups;
+ unsigned int group_mask;
+ };
+};
+
+struct userlist {
+ struct userlist *next;
+ char *name;
+ struct auth_users *users;
+ int grpcnt;
+ char *groups[MAX_AUTH_GROUPS];
+ char **groupusers;
+};
+
+#endif /* _TYPES_AUTH_H */
+
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
+