>Dnia 2014-08-14, czw o godzinie 16:20 +0000, Shawn Debnath pisze:
>> I would change all the APIs and to pass in a pointer to the sess_t as
>> I also need it in check_passsword.
>
>I would advise to include sess_t* in authreg_private then.
>
>It's OK for authreg to dig around session data, but the API should be
>flexible enough to give option to pass anything as authreg_private, not
>only sess_t*.
authreg_private is opaque as far as c2s is concerned. I have modified the
APIs to pass sess_t and then the implementation can choose to pack it in
their private authreg_private data if they so choose. c2s shouldn¹t dictate
what¹s in authreg_private as its a void * member and implementation
dependent.
Once they have sess_t, they can initialize authreg_private as they wish or
leave it NULL. On session closure, c2s checks if the pointer is NULL, if
so,
calls free().
Here¹s what it looks like:
Struct sess_t {
[...
/* Per user session authreg private data */
void *authreg_private;
};
/** returns 1 if the user exists, 0 if not */
int (*user_exists)(authreg_t ar, sess_t sess, const char
*username,const char *realm);
/** return this users cleartext password in the array (digest auth,
password auth) */
int (*get_password)(authreg_t ar, sess_t sess, const char
*username, const char *realm, char password[257]);
/** check the given password against the stored password, 0 if equal,
!0 if not equal (password auth) */
int (*check_password)(authreg_t ar, sess_t sess, const char
*username, const char *realm, char password[257]);
/** store this password (register) */
int (*set_password)(authreg_t ar, sess_t sess, const char
*username, const char *realm, char password[257]);
/** make or break the user (register / register remove) */
int (*create_user)(authreg_t ar, sess_t sess, const char
*username, const char *realm);
int (*delete_user)(authreg_t ar, sess_t sess, const char
*username, const char *realm);
void (*free)(authreg_t ar);
/* Additions at the end - to preserve offsets for existing modules */
/** returns 1 if the user is permitted to authorize as the
requested_user, 0 if not. requested_user is a JID */
int (*user_authz_allowed)(authreg_t ar, sess_t sess, const
char *username, const char *realm, const char *requested_user);
/** Apple extensions for challenge/response authentication methods */
int (*create_challenge)(authreg_t ar, sess_t sess, const char
*username, const char *realm, const char *challenge, int maxlen);
int (*check_response)(authreg_t ar, sess_t sess, const char
*username, const char *realm, const char *challenge, const char *response);
};
