|
Collaboration diagram for Nuauth Modules:
|
|
Files | |
| file | modules.c |
| Take care of interaction with modules. | |
Modules | |
| Authentication and acls checking modules | |
| These type modules permit user authentication and acl checking. | |
| Logging modules | |
| X509 Checking modules | |
| Period definition modules | |
Data Structures | |
| struct | mark_flag_config_t |
| G_MODULE_EXPORT uint32_t | get_api_version () |
| G_MODULE_EXPORT gboolean | unload_module_with_params (gpointer params_p) |
| G_MODULE_EXPORT gboolean | init_module_from_conf (module_t *module) |
| G_MODULE_EXPORT nu_error_t | finalize_packet (connection_t *connection, gpointer params) |
Defines | |
| #define | IP_AUTH_GUEST_USERNAME "guest" |
Typedefs | |
| typedef gboolean | init_module_from_conf_t (module_t *module) |
| typedef int | user_check_callback (const char *user, const char *pass, unsigned passlen, user_session_t *session, gpointer params) |
| typedef GSList * | get_user_groups_callback (const char *user, gpointer params) |
| typedef uint32_t | get_user_id_callback (const char *user, gpointer params) |
| typedef GSList * | acl_check_callback (connection_t *element, gpointer params) |
| typedef void | define_period_callback (GHashTable *periods, gpointer params) |
| typedef gchar * | ip_auth_callback (tracking_t *header, gpointer params) |
| typedef int | user_logs_callback (void *element, tcp_state_t state, gpointer params) |
| typedef int | user_session_logs_callback (user_session_t *element, session_state_t state, gpointer params) |
| typedef int | certificate_check_callback (nussl_session *nussl, gpointer params) |
| typedef gchar * | certificate_to_uid_callback (nussl_session *nussl, gpointer params) |
| typedef nu_error_t | user_session_modify_callback (user_session_t *session, gpointer params) |
| typedef nu_error_t | finalize_packet_callback (connection_t *session, gpointer params) |
| typedef void | auth_error_log_callback (user_session_t *session, nuauth_auth_error_t error, const char *message, gpointer params) |
Functions | |
| int | modules_user_check (const char *user, const char *pass, unsigned passlen, user_session_t *session) |
| GSList * | modules_get_user_groups (const char *user) |
| uint32_t | modules_get_user_id (const char *user) |
| GSList * | modules_acl_check (connection_t *element) |
| gchar * | modules_ip_auth (tracking_t *header) |
| nu_error_t | modules_user_logs (void *element, tcp_state_t state) |
| int | modules_user_session_logs (user_session_t *user, session_state_t state) |
| void | modules_parse_periods (GHashTable *periods) |
| int | modules_check_certificate (nussl_session *nussl) |
| gchar * | modules_certificate_to_uid (nussl_session *nussl) |
| int | modules_user_session_modify (user_session_t *c_session) |
| nu_error_t | modules_finalize_packet (connection_t *connection) |
| void | modules_auth_error_log (user_session_t *session, nuauth_auth_error_t error, const char *message) |
| void | clean_module_t (module_t *module) |
| void | free_module_t (module_t *module) |
| int | init_modules_system () |
| int | check_module_version (GModule *module) |
| static int | load_modules_from (gchar *confvar, gchar *func, GSList **target, module_hook_t hook) |
| static char * | module_default_value (int type) |
| int | load_modules () |
| void | unload_modules () |
| gboolean | nuauth_is_reloading () |
| Test if this is initial start of nuauth. | |
| void | block_on_conf_reload () |
| Block till reload is over. | |
Variables | |
| static hook_t | hooks [MOD_END] |
| GMutex * | modules_mutex |
A module has to export a set of functions to be able to initialize :
After this, it has to export the functions that are used by hook :
| #define IP_AUTH_GUEST_USERNAME "guest" |
| typedef GSList* acl_check_callback(connection_t *element, gpointer params) |
Definition at line 44 of file modules_definition.h.
| typedef void auth_error_log_callback(user_session_t *session, nuauth_auth_error_t error, const char *message, gpointer params) |
Definition at line 72 of file modules_definition.h.
| typedef int certificate_check_callback(nussl_session *nussl, gpointer params) |
Definition at line 60 of file modules_definition.h.
| typedef gchar* certificate_to_uid_callback(nussl_session *nussl, gpointer params) |
Definition at line 63 of file modules_definition.h.
| typedef void define_period_callback(GHashTable *periods, gpointer params) |
Definition at line 47 of file modules_definition.h.
| typedef nu_error_t finalize_packet_callback(connection_t *session, gpointer params) |
Definition at line 69 of file modules_definition.h.
| typedef GSList* get_user_groups_callback(const char *user, gpointer params) |
Definition at line 39 of file modules_definition.h.
| typedef uint32_t get_user_id_callback(const char *user, gpointer params) |
Definition at line 42 of file modules_definition.h.
| typedef gboolean init_module_from_conf_t(module_t *module) |
callback definition
Definition at line 34 of file modules_definition.h.
| typedef gchar* ip_auth_callback(tracking_t *header, gpointer params) |
Definition at line 50 of file modules_definition.h.
| typedef int user_check_callback(const char *user, const char *pass, unsigned passlen, user_session_t *session, gpointer params) |
Definition at line 36 of file modules_definition.h.
| typedef int user_logs_callback(void *element, tcp_state_t state, gpointer params) |
Definition at line 52 of file modules_definition.h.
| typedef int user_session_logs_callback(user_session_t *element, session_state_t state, gpointer params) |
Definition at line 54 of file modules_definition.h.
| typedef nu_error_t user_session_modify_callback(user_session_t *session, gpointer params) |
Definition at line 66 of file modules_definition.h.
| void block_on_conf_reload | ( | ) |
Block till reload is over.
Definition at line 733 of file modules.c.
References nuauth_datas::need_reload, nuauthdatas, nuauth_datas::reload_cond, and nuauth_datas::reload_cond_mutex.
Referenced by modules_acl_check(), modules_auth_error_log(), modules_certificate_to_uid(), modules_check_certificate(), modules_finalize_packet(), modules_get_user_groups(), modules_get_user_id(), modules_ip_auth(), modules_user_check(), modules_user_logs(), modules_user_session_logs(), modules_user_session_modify(), and thread_pool_push().
| int check_module_version | ( | GModule * | module | ) |
Check API version of a module: should be NUAUTH_API_VERSION. Use the function 'get_api_version' of the module.
Definition at line 430 of file modules.c.
References NUAUTH_API_VERSION.
Referenced by load_modules_from().
| void clean_module_t | ( | module_t * | module | ) |
Definition at line 372 of file modules.c.
References DEBUG_AREA_MAIN, module_t::free_params, log_message, module_t::name, and module_t::params.
Referenced by unload_modules().
| G_MODULE_EXPORT nu_error_t finalize_packet | ( | connection_t * | connection, | |
| gpointer | params | |||
| ) |
Check if one of the user groups of the connection match our group with mark. If yes use the mark, otherwise use default mark.
Change the mark of the packet in all cases.
Definition at line 51 of file mark_uid.c.
References connection_t::app_name, DEBUG_AREA_MAIN, debug_log_message, mark_field_config_t::default_mark, mark_field_config_t::fields, log_message, field_mark_t::mark, connection_t::mark, mark_field_config_t::mask, NU_EXIT_ERROR, NU_EXIT_OK, connection_t::os_sysname, mark_field_config_t::shift, mark_field_config_t::type, and connection_t::user_id.
| void free_module_t | ( | module_t * | module | ) |
Definition at line 385 of file modules.c.
References module_t::configfile, DEBUG_AREA_MAIN, log_message, module_t::module, module_t::module_name, and module_t::name.
Referenced by load_modules_from(), and unload_modules().
| G_MODULE_EXPORT uint32_t get_api_version | ( | ) |
| G_MODULE_EXPORT gboolean init_module_from_conf | ( | module_t * | module | ) |
| int init_modules_system | ( | ) |
Initialise module system
Please note it has only to be called once
Definition at line 415 of file modules.c.
References modules_mutex.
Referenced by init_nuauthdata().
| int load_modules | ( | ) |
Load modules for user and acl checking as well as for user logging and ip authentication
Definition at line 631 of file modules.c.
References hook_t::config, nuauth_params::do_ip_authentication, hooks, MOD_IP_AUTH, MOD_OPTIONAL, MOD_SIMPLE, MOD_USER_CHECK, module_default_value(), nuauthconf, and nubase_config_table_get_or_default().
Referenced by init_nuauthdata(), and nuauth_reload().
Here is the call graph for this function:
| static int load_modules_from | ( | gchar * | confvar, | |
| gchar * | func, | |||
| GSList ** | target, | |||
| module_hook_t | hook | |||
| ) | [static] |
Load module for a task
Please note that last args is a pointer of pointer
Definition at line 460 of file modules.c.
References check_module_version(), module_t::configfile, DEBUG_AREA_MAIN, free_module_t(), module_t::free_params, module_t::func, module_t::hook, INIT_MODULE_FROM_CONF, log_message, module_t::module, module_t::module_name, MODULE_PATH, nuauth_datas::modules, MODULES_CONF_DIR, MODULES_CONF_EXTENSION, module_t::name, nuauthdatas, and module_t::params.
Here is the call graph for this function:
| static char* module_default_value | ( | int | type | ) | [static] |
Definition at line 587 of file modules.c.
References DEFAULT_ACLS_MODULE, DEFAULT_CERTIFICATE_CHECK_MODULE, DEFAULT_CERTIFICATE_TO_UID_MODULE, DEFAULT_FINALIZE_PACKET_MODULE, DEFAULT_IPAUTH_MODULE, DEFAULT_LOGS_MODULE, DEFAULT_PERIODS_MODULE, DEFAULT_USER_SESSION_MODIFY_MODULE, DEFAULT_USERAUTH_MODULE, MOD_ACL_CHECK, MOD_CERT_CHECK, MOD_CERT_TO_UID, MOD_FINALIZE_PACKET, MOD_IP_AUTH, MOD_LOG_PACKETS, MOD_LOG_SESSION, MOD_PERIOD, MOD_SESSION_MODIFY, MOD_USER_CHECK, MOD_USER_FAIL, MOD_USER_GROUPS, and MOD_USER_ID.
Referenced by load_modules().
| GSList* modules_acl_check | ( | connection_t * | element | ) |
Check a connection and return a list of acl that match the information contained in the connection.
Definition at line 156 of file modules.c.
References block_on_conf_reload(), hooks, MOD_ACL_CHECK, and hook_t::modules.
Referenced by acl_check_and_decide(), and get_acls_from_cache().
Here is the call graph for this function:
| void modules_auth_error_log | ( | user_session_t * | session, | |
| nuauth_auth_error_t | error, | |||
| const char * | message | |||
| ) |
Log authentication error
Definition at line 357 of file modules.c.
References block_on_conf_reload(), hooks, MOD_USER_FAIL, hook_t::modules, and session.
Referenced by sasl_user_check().
Here is the call graph for this function:
| gchar* modules_certificate_to_uid | ( | nussl_session * | nussl | ) |
certificate to uid
| nussl | NuSSL connection |
Definition at line 291 of file modules.c.
References block_on_conf_reload(), hooks, MOD_CERT_TO_UID, and hook_t::modules.
Referenced by tls_sasl_connect().
Here is the call graph for this function:
| int modules_check_certificate | ( | nussl_session * | nussl | ) |
Check certificate
| nussl | NuSSL connection |
Definition at line 264 of file modules.c.
References block_on_conf_reload(), DEBUG_AREA_MAIN, hooks, log_message, MOD_CERT_CHECK, and hook_t::modules.
Here is the call graph for this function:
| nu_error_t modules_finalize_packet | ( | connection_t * | connection | ) |
Compute packet mark
Definition at line 338 of file modules.c.
References block_on_conf_reload(), hooks, MOD_FINALIZE_PACKET, hook_t::modules, and NU_EXIT_OK.
Referenced by take_decision().
Here is the call graph for this function:
| GSList* modules_get_user_groups | ( | const char * | user | ) |
Get group for a given user
Definition at line 108 of file modules.c.
References block_on_conf_reload(), hooks, MOD_USER_GROUPS, and hook_t::modules.
Referenced by external_ip_auth(), get_users_from_cache(), mysasl_negotiate(), mysasl_negotiate_v3(), and tls_sasl_connect().
Here is the call graph for this function:
| uint32_t modules_get_user_id | ( | const char * | user | ) |
Definition at line 130 of file modules.c.
References block_on_conf_reload(), hooks, MOD_USER_ID, and hook_t::modules.
Referenced by external_ip_auth(), get_users_from_cache(), mysasl_negotiate(), mysasl_negotiate_v3(), and tls_sasl_connect().
Here is the call graph for this function:
| gchar* modules_ip_auth | ( | tracking_t * | header | ) |
Definition at line 178 of file modules.c.
References block_on_conf_reload(), hooks, MOD_IP_AUTH, and hook_t::modules.
Referenced by external_ip_auth().
Here is the call graph for this function:
| void modules_parse_periods | ( | GHashTable * | periods | ) |
parse time period configuration for each module and fille the given hash (first argument)
Definition at line 245 of file modules.c.
References hooks, MOD_PERIOD, and hook_t::modules.
Referenced by init_periods().
| int modules_user_check | ( | const char * | user, | |
| const char * | pass, | |||
| unsigned | passlen, | |||
| user_session_t * | session | |||
| ) |
Check a user/password against the list of modules used for user authentication It returns the decision using SASL defined return value.
Definition at line 83 of file modules.c.
References block_on_conf_reload(), hooks, MOD_USER_CHECK, hook_t::modules, and session.
Referenced by userdb_checkpass().
Here is the call graph for this function:
| nu_error_t modules_user_logs | ( | void * | element, | |
| tcp_state_t | state | |||
| ) |
log authenticated packets
Definition at line 199 of file modules.c.
References block_on_conf_reload(), DECISION_DROP, nuauth_params::drop_if_no_logging, hooks, MOD_LOG_PACKETS, hook_t::modules, NU_EXIT_ERROR, NU_EXIT_OK, and nuauthconf.
Referenced by log_user_packet(), and real_log_user_packet().
Here is the call graph for this function:
| int modules_user_session_logs | ( | user_session_t * | user, | |
| session_state_t | state | |||
| ) |
log user connection and disconnection
Definition at line 226 of file modules.c.
References block_on_conf_reload(), hooks, MOD_LOG_SESSION, and hook_t::modules.
Referenced by log_user_session_thread().
Here is the call graph for this function:
| int modules_user_session_modify | ( | user_session_t * | c_session | ) |
Modify user session
Definition at line 314 of file modules.c.
References block_on_conf_reload(), hooks, MOD_SESSION_MODIFY, and hook_t::modules.
Referenced by tls_sasl_connect().
Here is the call graph for this function:
| gboolean nuauth_is_reloading | ( | ) |
Test if this is initial start of nuauth.
Definition at line 715 of file modules.c.
References FALSE, nuauth_datas::is_starting, nuauth_datas::need_reload, nuauthdatas, nuauth_datas::reload_cond_mutex, and TRUE.
Referenced by init_module_from_conf(), and unload_module_with_params().
| G_MODULE_EXPORT gboolean unload_module_with_params | ( | gpointer | params_p | ) |
| void unload_modules | ( | ) |
Unload all modules of NuAuth (variable nuauthdatas->modules).
Definition at line 678 of file modules.c.
References clean_module_t(), free_module_t(), hooks, nuauth_datas::modules, modules_mutex, and nuauthdatas.
Referenced by nuauth_deinit(), and nuauth_reload().
Here is the call graph for this function:
Initial value:
{
{ "nuauth_user_check_module", NULL, NULL, "user_check", "user checking" },
{ "nuauth_get_user_id_module", NULL, NULL, "get_user_id", "user id fetching" },
{ "nuauth_get_user_groups_module", NULL, NULL, "get_user_groups", "user groups fetching" },
{ "nuauth_auth_error_log_module", NULL, NULL, "auth_error_log", "auth error log" },
{ "nuauth_acl_check_module", NULL, NULL, "acl_check", "acls checking" },
{ "nuauth_user_session_modify_module", NULL, NULL, "user_session_modify", "user session modify" },
{ "nuauth_user_logs_module", NULL, NULL, "user_packet_logs", "user packet logging" },
{ "nuauth_user_session_logs_module", NULL, NULL, "user_session_logs", "user session logging" },
{ "nuauth_finalize_packet_module", NULL, NULL, "finalize_packet", "finalize packet" },
{ "nuauth_periods_module", NULL, NULL, "define_periods", "define periods checking" },
{ "nuauth_certificate_check_module", NULL, NULL, "certificate_check", "certificate check" },
{ "nuauth_certificate_to_uid_module", NULL, NULL, "certificate_to_uid", "certificate to uid" },
{ "nuauth_ip_authentication_module", NULL, NULL, "ip_authentication", "ip authentication" },
}
Definition at line 63 of file modules.c.
Referenced by load_modules(), modules_acl_check(), modules_auth_error_log(), modules_certificate_to_uid(), modules_check_certificate(), modules_finalize_packet(), modules_get_user_groups(), modules_get_user_id(), modules_ip_auth(), modules_parse_periods(), modules_user_check(), modules_user_logs(), modules_user_session_logs(), modules_user_session_modify(), and unload_modules().
| GMutex* modules_mutex |
Definition at line 30 of file modules_definition.h.
Referenced by init_modules_system(), and unload_modules().
1.4.7