if (cons->authenticationplugin){
legacy_auth = false;
Dmsg1(dbglvl, "authenticate with Plugin=%s\n", cons->authenticationplugin);
+ // TLS will be started during the plugin authentication process
if (ua_version < UA_VERSION_PLUGINAUTH || !authenticate_with_plugin(cons)){
auth_success = false;
goto auth_done;
* @brief This function perform user authentication procedure augmented with Auth Plugin API.
* All bconsole network chatting and interaction is forwarded to dir_authplugins module
* and we just provide a required framework and resources, i.e. jcr or bsock to ua.
+ * TLS is started before the authentication exchange. If TLS is not available, the
+ * authentication exchange is aborted.
*
* @param cons a Console resource required for auth plugin registration
* @return true when authentication process finish with success and we can proceed next operations
* 4. when all interactions were handled without problem then do authenticate with plugin
* 5. if plugin return authentication OK? return true, Not? return false
*/
-
bDirAuthenticationRegister *authData;
- authData = (bDirAuthenticationRegister*) dir_authplugin_getauthenticationData(uac->jcr, cons->authenticationplugin);
+ authData = (bDirAuthenticationRegister*) dir_authplugin_getauthenticationData(uac->jcr, cons->hdr.name, cons->authenticationplugin);
if (authData == NULL)
{
return false;
{
return false;
}
-
+ // We require to have TLS setup to use authentication plugins
+ if (!tls_started) {
+ Dmsg0(dbglvl, "Unable to use Plugin Authentication because TLS is not available\n");
+ return false;
+ }
// send auth plugin start packet and optional welcome string to console
- Dmsg1(dbglvl, "send: auth interactive %s\n", NPRT(authData->welcome));
if (!bsock->fsend("auth interactive %s\n", NPRTB(authData->welcome))) {
Dmsg1(dbglvl, "Send interactive start comm error. ERR=%s\n", bsock->bstrerror());
return false;
* @return void* a `NULL` is returned on any error and a pointer to bDirAuthenticationRegister
* struct (casted to void*) on success
*/
-void * dir_authplugin_getauthenticationData(JCR *jcr, const char * param)
+void *dir_authplugin_getauthenticationData(JCR *jcr, const char *console, const char *param)
{
bpContext *plugin_ctx;
Plugin *plugin;
continue;
}
- if (dirplug_func(plugin)->getPluginAuthenticationData(plugin_ctx, param, (void**)&data) != bRC_OK){
+ if (dirplug_func(plugin)->getPluginAuthenticationData(plugin_ctx, console, param, (void**)&data) != bRC_OK){
// getting authdata operations failed
return NULL;
}
*/
typedef struct s_bDirAuthenticationData {
const bDirAuthenticationOperation operation;
- const char * question;
+ const char *question;
const uint32_t seqdata;
} bDirAuthenticationData;
typedef struct s_bDirAuthenticationRegister {
- const char * name;
- const char * welcome;
- const uint32_t num;
- const bDirAuthenticationData *data;
- const int32_t nsTTL;
+ const char *name;
+ const char *welcome;
+ uint32_t num;
+ bDirAuthenticationData *data;
+ int32_t nsTTL;
} bDirAuthenticationRegister;
typedef struct s_bDirAuthenticationValue {
union {
- void * rawdata; // future extension
- const bDirAuthenticationData * authdata; // a pointer to single bDirAuthenticationData as a dynamic operation
+ void *rawdata; // future extension
+ bDirAuthenticationData *authdata; // a pointer to single bDirAuthenticationData as a dynamic operation
const char *response;
};
uint32_t seqdata;
} bDirAuthValue;
typedef struct s_bDirAuthorizationACLRegister {
- const char * name;
+ const char *name;
// *TBD* - Incomplete
const int32_t nsTTL;
} bDirAuthorizationACLRegister;
#define DIR_PLUGIN_MAGIC "*DirPluginData*"
-#define DIR_PLUGIN_INTERFACE_VERSION 1
+#define DIR_PLUGIN_INTERFACE_VERSION 2
typedef struct s_dirpluginInfo {
uint32_t size;
bRC (*getPluginValue)(bpContext *ctx, pDirVariable var, void *value);
bRC (*setPluginValue)(bpContext *ctx, pDirVariable var, void *value);
bRC (*handlePluginEvent)(bpContext *ctx, bDirEvent *event, void *value);
- bRC (*getPluginAuthenticationData)(bpContext *ctx, const char *param, void **data);
- bRC (*getPluginAuthorizationData)(bpContext *ctx, const char *param, void **data);
+ bRC (*getPluginAuthenticationData)(bpContext *ctx, const char *console, const char *param, void **data);
+ bRC (*getPluginAuthorizationData)(bpContext *ctx, const char *console, const char *param, void **data);
} pDirFuncs;
#define dirplug_func(plugin) ((pDirFuncs *)(plugin->pfuncs))
bool is_dedup_ref(DEV_RECORD *rec, bool lazy);
/* dir_authplugins.c */
-void *dir_authplugin_getauthenticationData(JCR *jcr, const char *param);
+void * dir_authplugin_getauthenticationData(JCR *jcr, const char *console, const char *param);
bRC dir_authplugin_do_interaction(JCR *jcr, BSOCK *bsock, const char *pluginname, void *data, bool pluginall = false);
bRC dir_authplugin_authenticate(JCR *jcr, BSOCK *bsock, const char *pluginname);
static bRC newPlugin(bpContext *ctx);
static bRC freePlugin(bpContext *ctx);
static bRC handlePluginEvent(bpContext *ctx, bDirEvent *event, void *value);
-static bRC getAuthenticationData(bpContext *ctx, const char *param, void **data);
-static bRC getAuthorizationData(bpContext *ctx, const char *param, void **data);
+static bRC getAuthenticationData(bpContext *ctx, const char *console, const char *param, void **data);
+static bRC getAuthorizationData(bpContext *ctx, const char *console, const char *param, void **data);
/* Pointers to Bacula functions */
bDirFuncs *bfuncs = NULL;
return self->handlePluginEvent(event, value);
}
-static bRC getAuthenticationData(bpContext *ctx, const char *param, void **data)
+static bRC getAuthenticationData(bpContext *ctx, const char *console, const char *param, void **data)
{
DMSG(ctx, D1, "getAuthenticationData (%s)\n", param);
BPAMLDAP *self = (BPAMLDAP*)ctx->pContext;
return self->getAuthenticationData(param, data);
}
-static bRC getAuthorizationData(bpContext *ctx, const char *param, void **data)
+static bRC getAuthorizationData(bpContext *ctx, const char *console, const char *param, void **data)
{
DMSG(ctx, D1, "getAuthorizationData (%s)\n", param);
BPAMLDAP *self = (BPAMLDAP*)ctx->pContext;
static bRC getPluginValue(bpContext *ctx, pDirVariable var, void *value);
static bRC setPluginValue(bpContext *ctx, pDirVariable var, void *value);
static bRC handlePluginEvent(bpContext *ctx, bDirEvent *event, void *value);
-static bRC getAuthenticationData(bpContext *ctx, const char *param, void **data);
-static bRC getAuthorizationData(bpContext *ctx, const char *param, void **data);
+static bRC getAuthenticationData(bpContext *ctx, const char *console, const char *param, void **data);
+static bRC getAuthorizationData(bpContext *ctx, const char *console, const char *param, void **data);
/* Plugin compile time variables */
#define PLUGINPREFIX "authapi:"
return bRC_OK;
}
-static bRC getAuthenticationData(bpContext *ctx, const char *param, void **data)
+static bRC getAuthenticationData(bpContext *ctx, const char *console, const char *param, void **data)
{
test_api *self = (test_api *)ctx->pContext;
bDirAuthenticationRegister **padata = (bDirAuthenticationRegister **)data;
self->mode = 0; // this is a default
- DMSG1(ctx, DINFO, "registering with: %s\n", NPRT(param));
+ DMSG2(ctx, DINFO, "registering with: console=%s %s\n", console, NPRT(param));
sscanf(param, PLUGIN_NAME ":%d", &self->mode);
switch (self->mode)
{
return bRC_OK;
}
-static bRC getAuthorizationData(bpContext *ctx, const char *param, void **data)
+static bRC getAuthorizationData(bpContext *ctx, const char *console, const char *param, void **data)
{
return bRC_OK;
projects / thirdparty / bacula.git / commitdiff
