diff options
Diffstat (limited to 'src/include/anastasis_authorization_plugin.h')
-rw-r--r-- | src/include/anastasis_authorization_plugin.h | 183 |
1 files changed, 183 insertions, 0 deletions
diff --git a/src/include/anastasis_authorization_plugin.h b/src/include/anastasis_authorization_plugin.h new file mode 100644 index 0000000..5985f52 --- /dev/null +++ b/src/include/anastasis_authorization_plugin.h | |||
@@ -0,0 +1,183 @@ | |||
1 | /* | ||
2 | This file is part of Anastasis | ||
3 | Copyright (C) 2019 Taler Systems SA | ||
4 | |||
5 | Anastasis is free software; you can redistribute it and/or modify it under the | ||
6 | terms of the GNU Lesser General Public License as published by the Free Software | ||
7 | Foundation; either version 3, or (at your option) any later version. | ||
8 | |||
9 | Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY | ||
10 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR | ||
11 | A PARTICULAR PURPOSE. See the GNU General Public License for more details. | ||
12 | |||
13 | You should have received a copy of the GNU General Public License along with | ||
14 | Anastasis; see the file COPYING.GPL. If not, see <http://www.gnu.org/licenses/> | ||
15 | */ | ||
16 | /** | ||
17 | * @file include/anastasis_authorization_plugin.h | ||
18 | * @brief authorization access for Anastasis | ||
19 | * @author Christian Grothoff | ||
20 | */ | ||
21 | #ifndef ANASTASIS_AUTHORIZATION_PLUGIN_H | ||
22 | #define ANASTASIS_AUTHORIZATION_PLUGIN_H | ||
23 | |||
24 | #include "anastasis_service.h" | ||
25 | #include <taler/taler_util.h> | ||
26 | |||
27 | |||
28 | /** | ||
29 | * Plugin-specific state for an authorization operation. | ||
30 | */ | ||
31 | struct ANASTASIS_AUTHORIZATION_State; | ||
32 | |||
33 | |||
34 | /** | ||
35 | * Enumeration values indicating the various possible | ||
36 | * outcomes of the plugin's `process` function. | ||
37 | */ | ||
38 | enum ANASTASIS_AUTHORIZATION_Result | ||
39 | { | ||
40 | /** | ||
41 | * We successfully sent the authorization challenge | ||
42 | * and queued a reply to MHD. | ||
43 | */ | ||
44 | ANASTASIS_AUTHORIZATION_RES_SUCCESS = 0, | ||
45 | |||
46 | /** | ||
47 | * We failed to transmit the authorization challenge, | ||
48 | * but successfully queued a failure response to MHD. | ||
49 | */ | ||
50 | ANASTASIS_AUTHORIZATION_RES_FAILED = 1, | ||
51 | |||
52 | /** | ||
53 | * The plugin suspended the MHD connection as it needs some more | ||
54 | * time to do its (asynchronous) work before we can proceed. The | ||
55 | * plugin will resume the MHD connection when its work is done, and | ||
56 | * then the `process` function should be called again. | ||
57 | */ | ||
58 | ANASTASIS_AUTHORIZATION_RES_SUSPENDED = 2, | ||
59 | |||
60 | /** | ||
61 | * The plugin tried to queue a reply on the MHD connection and | ||
62 | * failed to do so. We should return #MHD_NO to MHD to cause the | ||
63 | * HTTP connection to be closed without any reply. | ||
64 | * | ||
65 | * However, we were successful at transmitting the challenge, | ||
66 | * so the challenge should be marked as sent. | ||
67 | */ | ||
68 | ANASTASIS_AUTHORIZATION_RES_SUCCESS_REPLY_FAILED = 4, | ||
69 | |||
70 | /** | ||
71 | * The plugin tried to queue a reply on the MHD connection and | ||
72 | * failed to do so. We should return #MHD_NO to MHD to cause the | ||
73 | * HTTP connection to be closed without any reply. | ||
74 | * | ||
75 | * Additionally, we failed to transmit the challenge. | ||
76 | */ | ||
77 | ANASTASIS_AUTHORIZATION_RES_FAILED_REPLY_FAILED = 5 | ||
78 | }; | ||
79 | |||
80 | |||
81 | /** | ||
82 | * Handle to interact with a authorization backend. | ||
83 | */ | ||
84 | struct ANASTASIS_AuthorizationPlugin | ||
85 | { | ||
86 | |||
87 | /** | ||
88 | * Closure for all callbacks. | ||
89 | */ | ||
90 | void *cls; | ||
91 | |||
92 | /** | ||
93 | * How long should a generated challenge be valid for this type of method. | ||
94 | */ | ||
95 | struct GNUNET_TIME_Relative code_validity_period; | ||
96 | |||
97 | /** | ||
98 | * How long before we should rotate a challenge for this type of method. | ||
99 | */ | ||
100 | struct GNUNET_TIME_Relative code_rotation_period; | ||
101 | |||
102 | /** | ||
103 | * How long before we should retransmit a code. | ||
104 | */ | ||
105 | struct GNUNET_TIME_Relative code_retransmission_frequency; | ||
106 | |||
107 | /** | ||
108 | * Validate @a data is a well-formed input into the challenge method, | ||
109 | * i.e. @a data is a well-formed phone number for sending an SMS, or | ||
110 | * a well-formed e-mail address for sending an e-mail. Not expected to | ||
111 | * check that the phone number or e-mail account actually exists. | ||
112 | * | ||
113 | * To be possibly used before issuing a 402 payment required to the client. | ||
114 | * | ||
115 | * @param cls closure | ||
116 | * @param connection HTTP client request (for queuing response) | ||
117 | * @param truth_mime mime type of @e data | ||
118 | * @param data input to validate (i.e. is it a valid phone number, etc.) | ||
119 | * @param data_length number of bytes in @a data | ||
120 | * @return #GNUNET_OK if @a data is valid, | ||
121 | * #GNUNET_NO if @a data is invalid and a reply was successfully queued on @a connection | ||
122 | * #GNUNET_SYSERR if @a data invalid but we failed to queue a reply on @a connection | ||
123 | */ | ||
124 | enum GNUNET_GenericReturnValue | ||
125 | (*validate)(void *cls, | ||
126 | struct MHD_Connection *connection, | ||
127 | const char *truth_mime, | ||
128 | const char *data, | ||
129 | size_t data_length); | ||
130 | |||
131 | |||
132 | /** | ||
133 | * Begin issuing authentication challenge to user based on @a data. | ||
134 | * I.e. start to send SMS or e-mail or launch video identification, | ||
135 | * or at least setup our authorization state (actual processing | ||
136 | * may also be startedin the @e process function). | ||
137 | * | ||
138 | * @param cls closure | ||
139 | * @param trigger function to call when we made progress | ||
140 | * @param trigger_cls closure for @a trigger | ||
141 | * @param truth_public_key Identifier of the challenge, to be (if possible) included in the | ||
142 | * interaction with the user | ||
143 | * @param code secret code that the user has to provide back to satisfy the challenge in | ||
144 | * the main anastasis protocol | ||
145 | * @param auth_command authentication command which is executed | ||
146 | * @param data input to validate (i.e. is it a valid phone number, etc.) | ||
147 | * @return state to track progress on the authorization operation, NULL on failure | ||
148 | */ | ||
149 | struct ANASTASIS_AUTHORIZATION_State * | ||
150 | (*start)(void *cls, | ||
151 | GNUNET_SCHEDULER_TaskCallback trigger, | ||
152 | void *trigger_cls, | ||
153 | const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_public_key, | ||
154 | uint64_t code, | ||
155 | const void *data, | ||
156 | size_t data_length); | ||
157 | |||
158 | |||
159 | /** | ||
160 | * Continue issuing authentication challenge to user based on @a data. | ||
161 | * I.e. check if the transmission of the challenge via SMS or e-mail | ||
162 | * has completed and/or manipulate @a connection to redirect the client | ||
163 | * to a video identification site. | ||
164 | * | ||
165 | * @param as authorization state | ||
166 | * @param connection HTTP client request (for queuing response, such as redirection to video portal) | ||
167 | * @return state of the request | ||
168 | */ | ||
169 | enum ANASTASIS_AUTHORIZATION_Result | ||
170 | (*process)(struct ANASTASIS_AUTHORIZATION_State *as, | ||
171 | struct MHD_Connection *connection); | ||
172 | |||
173 | |||
174 | /** | ||
175 | * Free internal state associated with @a as. | ||
176 | * | ||
177 | * @param as state to clean up | ||
178 | */ | ||
179 | void | ||
180 | (*cleanup)(struct ANASTASIS_AUTHORIZATION_State *as); | ||
181 | |||
182 | }; | ||
183 | #endif | ||