[BACK]Return to cookieauth.h CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libpdel / http / servlet
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / libpdel / http / servlet / cookieauth.h
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 23:25:53 2012 UTC (13 years, 1 month ago) by misho
Branches: libpdel, MAIN
CVS tags: v0_5_3, HEAD
libpdel

    1: 
    2: /*
    3:  * Copyright (c) 2001-2002 Packet Design, LLC.
    4:  * All rights reserved.
    5:  * 
    6:  * Subject to the following obligations and disclaimer of warranty,
    7:  * use and redistribution of this software, in source or object code
    8:  * forms, with or without modifications are expressly permitted by
    9:  * Packet Design; provided, however, that:
   10:  * 
   11:  *    (i)  Any and all reproductions of the source or object code
   12:  *         must include the copyright notice above and the following
   13:  *         disclaimer of warranties; and
   14:  *    (ii) No rights are granted, in any manner or form, to use
   15:  *         Packet Design trademarks, including the mark "PACKET DESIGN"
   16:  *         on advertising, endorsements, or otherwise except as such
   17:  *         appears in the above copyright notice or in the software.
   18:  * 
   19:  * THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND
   20:  * TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO
   21:  * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING
   22:  * THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED
   23:  * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
   24:  * OR NON-INFRINGEMENT.  PACKET DESIGN DOES NOT WARRANT, GUARANTEE,
   25:  * OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS
   26:  * OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY,
   27:  * RELIABILITY OR OTHERWISE.  IN NO EVENT SHALL PACKET DESIGN BE
   28:  * LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE
   29:  * OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT,
   30:  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL
   31:  * DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF
   32:  * USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF
   33:  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   34:  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
   35:  * THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF
   36:  * THE POSSIBILITY OF SUCH DAMAGE.
   37:  *
   38:  * Author: Archie Cobbs <archie@freebsd.org>
   39:  */
   40: 
   41: #ifndef _PDEL_HTTP_SERVLET_COOKIEAUTH_H_
   42: #define _PDEL_HTTP_SERVLET_COOKIEAUTH_H_
   43: 
   44: /*
   45:  * Function that should return non-zero if access to
   46:  * the supplied URL path requires a valid login cookie.
   47:  */
   48: typedef int	http_servlet_cookieauth_reqd_t(void *arg,
   49: 			struct http_request *req);
   50: 
   51: __BEGIN_DECLS
   52: 
   53: /*
   54:  * Create a new cookieauth servlet that will redirect any requests
   55:  * not having a valid cookie to the "redirect" URL (presumably a
   56:  * login page); "append" functions as with http_servlet_redirect_create().
   57:  *
   58:  * "privkey" should point to the PEM-encoded RSA private key file.
   59:  *
   60:  * The opaque "id" must uniquely identify this server. Cookies created
   61:  * with different id's (e.g., different machines) are incompatible.
   62:  */
   63: extern struct	http_servlet *http_servlet_cookieauth_create(
   64: 			const char *redirect, int append,
   65: 			http_servlet_cookieauth_reqd_t *authreqd,
   66: 			void *arg, void (*destroy)(void *),
   67: 			const char *privkey, const void *id, size_t idlen,
   68: 			const char *cookiename);
   69: 
   70: /*
   71:  * Add a cookie that will cause the servlet to not redirect.
   72:  * That is, make the browser appear logged in as "username".
   73:  *
   74:  * The servlet returned by http_servlet_cookieauth_create() must be
   75:  * supplied.
   76:  *
   77:  * The cookie remains valid until time "expire". If "session_only"
   78:  * is set, the browser is instructed to delete the cookie when it
   79:  * exits (though from a security point of view you can't trust the
   80:  * browser to actually do that; use "expire" as a backup).
   81:  *
   82:  * If "linger" is non zero, force a re-login if the last time the servlet
   83:  * was run was longer than "linger" seconds ago.
   84:  *
   85:  * "path" and "domain" may be NULL to omit (i.e., leave as default).
   86:  *
   87:  * Returns zero if success, -1 if error.
   88:  */
   89: extern int	http_servlet_cookieauth_login(struct http_response *resp,
   90: 			const char *privkey, const char *username,
   91: 			u_int max_linger, time_t expire, int session_only,
   92: 			const u_char *id, size_t idlen, const char *cookiename,
   93: 			const char *path, const char *domain, int secure);
   94: 
   95: /*
   96:  * Invalidate authorization cookie.
   97:  */
   98: extern int	http_servlet_cookieauth_logout(const char *cookiename,
   99: 			const char *path, const char *domain,
  100: 			struct http_response *resp);
  101: 
  102: /*
  103:  * Get the username from the authorization cookie.
  104:  *
  105:  * Returns the username, or NULL if not logged in (EACCES) or error.
  106:  */
  107: extern char	*http_servlet_cookieauth_user(const char *privkey,
  108: 			const void *id, size_t idlen, const char *cookiename,
  109: 			struct http_request *req, const char *mtype);
  110: 
  111: __END_DECLS
  112: 
  113: #endif	/* _PDEL_HTTP_SERVLET_COOKIEAUTH_H_ */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>