aboutsummaryrefslogtreecommitdiff
path: root/src/include/anastasis_authorization_plugin.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/anastasis_authorization_plugin.h')
-rw-r--r--src/include/anastasis_authorization_plugin.h183
1 files changed, 183 insertions, 0 deletions
diff --git a/src/include/anastasis_authorization_plugin.h b/src/include/anastasis_authorization_plugin.h
new file mode 100644
index 0000000..5985f52
--- /dev/null
+++ b/src/include/anastasis_authorization_plugin.h
@@ -0,0 +1,183 @@
1/*
2 This file is part of Anastasis
3 Copyright (C) 2019 Taler Systems SA
4
5 Anastasis is free software; you can redistribute it and/or modify it under the
6 terms of the GNU Lesser General Public License as published by the Free Software
7 Foundation; either version 3, or (at your option) any later version.
8
9 Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
11 A PARTICULAR PURPOSE. See the GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License along with
14 Anastasis; see the file COPYING.GPL. If not, see <http://www.gnu.org/licenses/>
15*/
16/**
17 * @file include/anastasis_authorization_plugin.h
18 * @brief authorization access for Anastasis
19 * @author Christian Grothoff
20 */
21#ifndef ANASTASIS_AUTHORIZATION_PLUGIN_H
22#define ANASTASIS_AUTHORIZATION_PLUGIN_H
23
24#include "anastasis_service.h"
25#include <taler/taler_util.h>
26
27
28/**
29 * Plugin-specific state for an authorization operation.
30 */
31struct ANASTASIS_AUTHORIZATION_State;
32
33
34/**
35 * Enumeration values indicating the various possible
36 * outcomes of the plugin's `process` function.
37 */
38enum ANASTASIS_AUTHORIZATION_Result
39{
40 /**
41 * We successfully sent the authorization challenge
42 * and queued a reply to MHD.
43 */
44 ANASTASIS_AUTHORIZATION_RES_SUCCESS = 0,
45
46 /**
47 * We failed to transmit the authorization challenge,
48 * but successfully queued a failure response to MHD.
49 */
50 ANASTASIS_AUTHORIZATION_RES_FAILED = 1,
51
52 /**
53 * The plugin suspended the MHD connection as it needs some more
54 * time to do its (asynchronous) work before we can proceed. The
55 * plugin will resume the MHD connection when its work is done, and
56 * then the `process` function should be called again.
57 */
58 ANASTASIS_AUTHORIZATION_RES_SUSPENDED = 2,
59
60 /**
61 * The plugin tried to queue a reply on the MHD connection and
62 * failed to do so. We should return #MHD_NO to MHD to cause the
63 * HTTP connection to be closed without any reply.
64 *
65 * However, we were successful at transmitting the challenge,
66 * so the challenge should be marked as sent.
67 */
68 ANASTASIS_AUTHORIZATION_RES_SUCCESS_REPLY_FAILED = 4,
69
70 /**
71 * The plugin tried to queue a reply on the MHD connection and
72 * failed to do so. We should return #MHD_NO to MHD to cause the
73 * HTTP connection to be closed without any reply.
74 *
75 * Additionally, we failed to transmit the challenge.
76 */
77 ANASTASIS_AUTHORIZATION_RES_FAILED_REPLY_FAILED = 5
78};
79
80
81/**
82 * Handle to interact with a authorization backend.
83 */
84struct ANASTASIS_AuthorizationPlugin
85{
86
87 /**
88 * Closure for all callbacks.
89 */
90 void *cls;
91
92 /**
93 * How long should a generated challenge be valid for this type of method.
94 */
95 struct GNUNET_TIME_Relative code_validity_period;
96
97 /**
98 * How long before we should rotate a challenge for this type of method.
99 */
100 struct GNUNET_TIME_Relative code_rotation_period;
101
102 /**
103 * How long before we should retransmit a code.
104 */
105 struct GNUNET_TIME_Relative code_retransmission_frequency;
106
107 /**
108 * Validate @a data is a well-formed input into the challenge method,
109 * i.e. @a data is a well-formed phone number for sending an SMS, or
110 * a well-formed e-mail address for sending an e-mail. Not expected to
111 * check that the phone number or e-mail account actually exists.
112 *
113 * To be possibly used before issuing a 402 payment required to the client.
114 *
115 * @param cls closure
116 * @param connection HTTP client request (for queuing response)
117 * @param truth_mime mime type of @e data
118 * @param data input to validate (i.e. is it a valid phone number, etc.)
119 * @param data_length number of bytes in @a data
120 * @return #GNUNET_OK if @a data is valid,
121 * #GNUNET_NO if @a data is invalid and a reply was successfully queued on @a connection
122 * #GNUNET_SYSERR if @a data invalid but we failed to queue a reply on @a connection
123 */
124 enum GNUNET_GenericReturnValue
125 (*validate)(void *cls,
126 struct MHD_Connection *connection,
127 const char *truth_mime,
128 const char *data,
129 size_t data_length);
130
131
132 /**
133 * Begin issuing authentication challenge to user based on @a data.
134 * I.e. start to send SMS or e-mail or launch video identification,
135 * or at least setup our authorization state (actual processing
136 * may also be startedin the @e process function).
137 *
138 * @param cls closure
139 * @param trigger function to call when we made progress
140 * @param trigger_cls closure for @a trigger
141 * @param truth_public_key Identifier of the challenge, to be (if possible) included in the
142 * interaction with the user
143 * @param code secret code that the user has to provide back to satisfy the challenge in
144 * the main anastasis protocol
145 * @param auth_command authentication command which is executed
146 * @param data input to validate (i.e. is it a valid phone number, etc.)
147 * @return state to track progress on the authorization operation, NULL on failure
148 */
149 struct ANASTASIS_AUTHORIZATION_State *
150 (*start)(void *cls,
151 GNUNET_SCHEDULER_TaskCallback trigger,
152 void *trigger_cls,
153 const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_public_key,
154 uint64_t code,
155 const void *data,
156 size_t data_length);
157
158
159 /**
160 * Continue issuing authentication challenge to user based on @a data.
161 * I.e. check if the transmission of the challenge via SMS or e-mail
162 * has completed and/or manipulate @a connection to redirect the client
163 * to a video identification site.
164 *
165 * @param as authorization state
166 * @param connection HTTP client request (for queuing response, such as redirection to video portal)
167 * @return state of the request
168 */
169 enum ANASTASIS_AUTHORIZATION_Result
170 (*process)(struct ANASTASIS_AUTHORIZATION_State *as,
171 struct MHD_Connection *connection);
172
173
174 /**
175 * Free internal state associated with @a as.
176 *
177 * @param as state to clean up
178 */
179 void
180 (*cleanup)(struct ANASTASIS_AUTHORIZATION_State *as);
181
182};
183#endif