Move headers from server/include to include/maxscale
- Headers now to be included as <maxscale/xyz.h> - First step, no cleanup of headers has been made. Only moving from one place to another + necessary modifications.
This commit is contained in:
Johan Wikman
138
include/maxscale/gw_authenticator.h
Normal file
138
include/maxscale/gw_authenticator.h
Normal file
@ -0,0 +1,138 @@
|
||||
#ifndef GW_AUTHENTICATOR_H
|
||||
#define GW_AUTHENTICATOR_H
|
||||
/*
|
||||
* Copyright (c) 2016 MariaDB Corporation Ab
|
||||
*
|
||||
* Use of this software is governed by the Business Source License included
|
||||
* in the LICENSE.TXT file and at www.mariadb.com/bsl.
|
||||
*
|
||||
* Change Date: 2019-07-01
|
||||
*
|
||||
* On the date above, in accordance with the Business Source License, use
|
||||
* of this software will be governed by version 2 or later of the General
|
||||
* Public License.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @file protocol.h
|
||||
*
|
||||
* The authenticator module interface definitions for MaxScale
|
||||
*
|
||||
* @verbatim
|
||||
* Revision History
|
||||
*
|
||||
* Date Who Description
|
||||
* 17/02/16 Martin Brampton Initial implementation
|
||||
*
|
||||
* @endverbatim
|
||||
*/
|
||||
|
||||
#include <maxscale/buffer.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/dh.h>
|
||||
|
||||
/** Maximum number of authenticator options */
|
||||
#define AUTHENTICATOR_MAX_OPTIONS 256
|
||||
|
||||
struct dcb;
|
||||
struct server;
|
||||
struct session;
|
||||
struct servlistener;
|
||||
|
||||
/**
|
||||
* @verbatim
|
||||
* The operations that can be performed on the descriptor
|
||||
*
|
||||
* initialize Initialize the authenticator instance. The return value
|
||||
* of this function will be given to the `create` entry point.
|
||||
* If a module does not implement this entry point, the value
|
||||
* given to the `create` is NULL.
|
||||
*
|
||||
* create Create a data structure unique to this DCB, stored in
|
||||
* `dcb->authenticator_data`. If a module does not implement
|
||||
* this entry point, `dcb->authenticator_data` will be set to NULL.
|
||||
*
|
||||
* extract Extract the data from a buffer and place in a structure
|
||||
* shared at the session level, stored in `dcb->data`
|
||||
*
|
||||
* connectSSL Determine whether the connection can support SSL
|
||||
*
|
||||
* authenticate Carry out the authentication
|
||||
*
|
||||
* free Free extracted data. This is only called for the client
|
||||
* side authenticators so backend authenticators should not
|
||||
* implement it.
|
||||
*
|
||||
* destroy Destroy the unique DCB data returned by the `create`
|
||||
* entry point.
|
||||
*
|
||||
* loadUsers Load or update authenticator user data
|
||||
* @endverbatim
|
||||
*
|
||||
* This forms the "module object" for authenticator modules within the gateway.
|
||||
*
|
||||
* @see load_module
|
||||
*/
|
||||
typedef struct gw_authenticator
|
||||
{
|
||||
void* (*initialize)(char **options);
|
||||
void* (*create)(void* instance);
|
||||
int (*extract)(struct dcb *, GWBUF *);
|
||||
bool (*connectssl)(struct dcb *);
|
||||
int (*authenticate)(struct dcb *);
|
||||
void (*free)(struct dcb *);
|
||||
void (*destroy)(void *);
|
||||
int (*loadusers)(struct servlistener *);
|
||||
} GWAUTHENTICATOR;
|
||||
|
||||
/** Return values for extract and authenticate entry points */
|
||||
#define MXS_AUTH_SUCCEEDED 0 /**< Authentication was successful */
|
||||
#define MXS_AUTH_FAILED 1 /**< Authentication failed */
|
||||
#define MXS_AUTH_FAILED_DB 2 /**< Authentication failed, database not found */
|
||||
#define MXS_AUTH_FAILED_SSL 3 /**< SSL authentication failed */
|
||||
#define MXS_AUTH_INCOMPLETE 4 /**< Authentication is not yet complete */
|
||||
#define MXS_AUTH_SSL_INCOMPLETE 5 /**< SSL connection is not yet complete */
|
||||
#define MXS_AUTH_NO_SESSION 6
|
||||
|
||||
/** Return values for the loadusers entry point */
|
||||
#define MXS_AUTH_LOADUSERS_OK 0 /**< Users loaded successfully */
|
||||
#define MXS_AUTH_LOADUSERS_ERROR 1 /**< Failed to load users */
|
||||
|
||||
/**
|
||||
* Authentication states
|
||||
*
|
||||
* The state usually goes from INIT to CONNECTED and alternates between
|
||||
* MESSAGE_READ and RESPONSE_SENT until ending up in either FAILED or COMPLETE.
|
||||
*
|
||||
* If the server immediately rejects the connection, the state ends up in
|
||||
* HANDSHAKE_FAILED. If the connection creation would block, instead of going to
|
||||
* the CONNECTED state, the connection will be in PENDING_CONNECT state until
|
||||
* the connection can be created.
|
||||
*/
|
||||
typedef enum
|
||||
{
|
||||
MXS_AUTH_STATE_INIT, /**< Initial authentication state */
|
||||
MXS_AUTH_STATE_PENDING_CONNECT,/**< Connection creation is underway */
|
||||
MXS_AUTH_STATE_CONNECTED, /**< Network connection to server created */
|
||||
MXS_AUTH_STATE_MESSAGE_READ, /**< Read a authentication message from the server */
|
||||
MXS_AUTH_STATE_RESPONSE_SENT, /**< Responded to the read authentication message */
|
||||
MXS_AUTH_STATE_FAILED, /**< Authentication failed */
|
||||
MXS_AUTH_STATE_HANDSHAKE_FAILED, /**< Authentication failed immediately */
|
||||
MXS_AUTH_STATE_COMPLETE /**< Authentication is complete */
|
||||
} mxs_auth_state_t;
|
||||
|
||||
/**
|
||||
* The GWAUTHENTICATOR version data. The following should be updated whenever
|
||||
* the GWAUTHENTICATOR structure is changed. See the rules defined in modinfo.h
|
||||
* that define how these numbers should change.
|
||||
*/
|
||||
#define GWAUTHENTICATOR_VERSION {1, 1, 0}
|
||||
|
||||
|
||||
bool authenticator_init(void **instance, const char *authenticator, const char *options);
|
||||
char* get_default_authenticator(const char *protocol);
|
||||
|
||||
#endif /* GW_AUTHENTICATOR_H */
|
||||
|
||||
Reference in New Issue
Block a user