Moving NSCP Directory Server from DirectoryBranch to TRUNK, initial drop. (foxworth)ldapserver7x

1 files changed, 288 insertions, 0 deletions

diff --git a/include/libaccess/nsauth.h b/include/libaccess/nsauth.h
new file mode 100644
index 00000000..8f5ce877
--- /dev/null
+++ b/include/libaccess/nsauth.h
@@ -0,0 +1,288 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nsauth_h
+#define __nsauth_h
+
+/*
+ * Description (nsauth.h)
+ *
+ *	This file defines types and interfaces which pertain to client
+ *	authentication.  The key types are Realm_t, which describes a
+ *	context for authentication, and ClAuth_t, which is used to
+ *	pass authentication information about a particular client
+ *	into and out of authentication interface functions.
+ */
+
+#ifdef CLIENT_AUTH
+
+#include "ssl.h"
+
+#if 0
+/* Removed for new ns security */
+#include "sec.h"		/* SECCertificate */
+#endif
+#include "cert.h"               /* CERTCertificate for new ns security bin */
+#endif /* CLIENT_AUTH */
+
+#include "usi.h"		/* identifier list support */
+#include "attrec.h"		/* attribute record types */
+#include "nserror.h"		/* error frame list support */
+#include "nsautherr.h"		/* authentication error codes */
+
+/* Define a scalar IP address value */
+#ifndef __IPADDR_T_
+#define __IPADDR_T_
+typedef unsigned long IPAddr_t;
+#endif /* __IPADDR_T_ */
+
+/*
+ * Description (UserObj_t)
+ *
+ *	This type defines the structure of a user object.  A user object
+ *	contains information about a user which might be contained in
+ *	an authentication database, including user name, password, user id,
+ *	and group membership.
+ */
+
+typedef struct UserObj_s UserObj_t;
+struct UserObj_s {
+    NTS_t uo_name;		/* user account name */
+    NTS_t uo_pwd;		/* encrypted password */
+    USI_t uo_uid;		/* user id */
+    USI_t uo_flags;		/* bit flags */
+#define UOF_DBFLAGS	0x1f	/* mask for flags stored in DB file */
+#define UOF_ERROR	0x20	/* error on last operation */
+#define UOF_NEW		0x40	/* new user object */
+#define UOF_MODIFIED	0x80	/* internal object modified */
+#define UOF_DELPEND	0x100	/* delete pending */
+
+    NTS_t uo_rname;		/* real user name (gecos string) */
+    USIList_t uo_groups;	/* list of group ids containing user */
+};
+
+/*
+ * Description (GroupObj_t)
+ *
+ *	This type defines the structure of a group object.  A group object
+ *	contains information about a group which might be contained in
+ *	an authentication database, including group name, group id, and
+ *	relationships to other groups.
+ */
+
+typedef struct GroupObj_s GroupObj_t;
+struct GroupObj_s {
+    NTS_t go_name;		/* group name */
+    USI_t go_gid;		/* group id */
+    USI_t go_flags;		/* bit flags */
+#define GOF_DBFLAGS	0x3f	/* mask for flags stored in DB file */
+#define GOF_NEW		0x40	/* new group object */
+#define GOF_MODIFIED	0x80	/* internal object modified */
+#define GOF_DELPEND	0x100	/* delete pending */
+
+    NTS_t go_desc;		/* group description */
+    USIList_t go_users;		/* list of user members (uids) */
+    USIList_t go_groups;	/* list of group members (gids) */
+    USIList_t go_pgroups;	/* list of parent groups (gids) */
+};
+
+/*
+ * Description (AuthIF_t)
+ *
+ *	This type describes a structure containing pointers to functions
+ *	which provide a standard interface to an authentication database.
+ *	The functions are described below.
+ *
+ *   Description (aif_close)
+ *
+ *	The referenced function closes an authentication database which
+ *	was previously opened via the aif_open function.
+ *
+ *   Arguments:
+ *
+ *	authdb			- handle for database returned by aif_open
+ *	flags			- close flags (unused - must be zero)
+ *
+ *
+ *   Description (aif_findid)
+ *
+ *	The referenced function looks up a specified user or group id
+ *	in a given authentication database.  Flags can be specified to
+ *	search for only matching user ids, only matching group ids,
+ *	or both.  The result value for a successful search indicates
+ *	whether a matching user or group id was found, and a pointer to
+ *	a user or group object is returned accordingly.
+ *
+ *   Arguments:
+ *
+ *	authdb			- handle for database returned by aif_open
+ *	id			- user/group id value
+ *	flags			- bit flags to control search
+ *	rptr			- pointer to returned user or group object
+ *				  pointer (may be null)
+ *
+ *   Returns:
+ *
+ *	If successful, the result value is greater than zero, and contains
+ *	a subset of the search flags, indicating what was found, and a user
+ *	or group object pointer is returned through 'rptr' if it is non-null.
+ *	An unsuccessful search is indicated by a return value of zero.  An
+ *	error is indicated by a negative return value (defined in
+ *	nsautherr.h).
+ *
+ *
+ *   Description (aif_findname)
+ *
+ *	The referenced function looks up a specified user or group name
+ *	in a given authentication database.  Flags can be specified to
+ *	search for only matching user names, only matching group names,
+ *	or both.  The result value for a successful search indicates
+ *	whether a matching user or group was found, and a pointer to a
+ *	user or group object is returned accordingly.
+ *
+ *   Arguments:
+ *
+ *	authdb			- handle for database returned by aif_open
+ *	name			- user/group name string pointer
+ *	flags			- bit flags to control search
+ *	rptr			- pointer to returned user or group object
+ *				  pointer (may be null)
+ *
+ *   Returns:
+ *
+ *	If successful, the result value is greater than zero, and contains
+ *	a subset of the search flags, indicating what was found, and a user
+ *	or group object pointer is returned through 'rptr' if it is non-null.
+ *	An unsuccessful search is indicated by a return value of zero.  An
+ *	error is indicated by a negative return value (defined in
+ *	nsautherr.h).
+ *
+ *
+ *   Description (aif_idtoname)
+ *
+ *	The referenced function looks up a specified user or group id
+ *	in a given authentication database, and returns the associated
+ *	user or group name.  Flags can be specified to search for only
+ *	matching user ids, only matching group ids, or both.  The result
+ *	value for a successful search indicates whether a matching user
+ *	or group id was found, and a pointer to the user or group name
+ *	is returned accordingly.
+ *
+ *   Arguments:
+ *
+ *	authdb			- handle for database returned by aif_open
+ *	id			- user/group id value
+ *	flags			- bit flags to control search
+ *	rptr			- pointer to returned user or group name
+ *				  pointer (may be null)
+ *
+ *   Returns:
+ *
+ *	If successful, the result value is greater than zero, and contains
+ *	a subset of the search flags, indicating what was found, and a user
+ *	or group name pointer is returned through 'rptr' if it is non-null.
+ *	An unsuccessful search is indicated by a return value of zero.  An
+ *	error is indicated by a negative return value (defined in
+ *	nsautherr.h).
+ *
+ *
+ *   Description (aif_open)
+ *
+ *	The referenced function opens a named authentication database of
+ *	the type supported by this interface.  The actual effect of the
+ *	open function depends on the particular type of database, but a
+ *	call to the aif_open function should generally be followed by a
+ *	call to the aif_close function at some point.
+ *
+ *   Arguments:
+ *
+ *	adbname			- authentication database name string pointer
+ *	flags			- open flags (definitions below)
+ *	rptr			- pointer to returned handle for the database
+ *
+ *   Returns:
+ *
+ *	The return value is zero if the operation is successful, and a
+ *	handle for the authentication database is returned through 'rptr'.
+ *	An error is indicated by a negative return value (defined in
+ *	nsautherr.h).
+ */
+
+typedef struct AuthIF_s AuthIF_t;
+struct AuthIF_s {
+    int (*aif_findid)(NSErr_t * errp,
+		      void * authdb, USI_t id, int flags, void **rptr);
+    int (*aif_findname)(NSErr_t * errp,
+			void * authdb, char * name, int flags, void **rptr);
+    int (*aif_idtoname)(NSErr_t * errp,
+			void * authdb, USI_t id, int flags, char **rptr);
+    int (*aif_open)(NSErr_t * errp, char * adbname, int flags, void **rptr);
+    void (*aif_close)(void * authdb, int flags);
+    int (*aif_addmember)(void **pmlist, char * name, int flags);
+    int (*aif_ismember)(void * mlist, char * name, int flags);
+};
+
+/* Define flags for the aif_open function */
+#define AIF_CREATE	0x1		/* new database (create it) */
+
+/*
+ * Define bits for flags and return value of aif_findid, aif_findid,
+ * and aif_idtoname functions.
+ */
+#define AIF_NONE	0		/* no matching group or user name */
+#define AIF_GROUP	0x1		/* matching group name/id found */
+#define AIF_USER	0x2		/* matching user name/id found */
+
+/*
+ * Description (Realm_t)
+ *
+ *	This type defines a structure which represents an authentication
+ *	realm.  Each realm has a unique name, which is accessed through
+ *	a Symbol_t structure, which in turn references a Realm_t as the
+ *	symbol value.  This structure specifies an authentication
+ *	method and an authentication database.
+ */
+
+typedef struct Realm_s Realm_t;
+struct Realm_s {
+    int rlm_ameth;		/* authentication method type */
+    char * rlm_dbname;		/* authentication database name */
+    AuthIF_t * rlm_aif;		/* authentication interface pointer */
+    void * rlm_authdb;		/* authentication database handle */
+    char * rlm_prompt;		/* realm prompt string */
+};
+
+/* Define supported authentication method codes for rlm_ameth */
+#define AUTH_METHOD_BASIC	1	/* basic authentication */
+#define AUTH_METHOD_SSL		2	/* SSL client authentication */
+
+/*
+ * Description (ClAuth_t)
+ *
+ *	This type describes a structure containing information about a
+ *	particular client.  It is used to pass information into and out
+ *	of authentication support functions, as well as to other functions
+ *	needing access to client authentication information.
+ * FUTURE:
+ *	- add client certificate pointer
+ */
+
+typedef struct ClAuth_s ClAuth_t;
+struct ClAuth_s {
+    Realm_t * cla_realm;	/* authentication realm pointer */
+    IPAddr_t cla_ipaddr;	/* IP address */
+    char * cla_dns;		/* DNS name string pointer */
+    UserObj_t * cla_uoptr;	/* authenticated user object pointer */
+    GroupObj_t * cla_goptr;	/* pointer to list of group objects */
+#ifdef CLIENT_AUTH
+#if 0
+  /* Removed for new ns security  */
+    SECCertificate * cla_cert;	/* certificate from SSL client auth */
+#endif
+    CERTCertificate * cla_cert;	/* certificate from SSL client auth */
+#endif /* CLIENT_AUTH */
+};
+
+#endif /* __nsauth_h */