sipwise
/
kamailio
mirror of https://github.com/sipwise/kamailio.git
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cf5d9b74b0'
${ noResults }
kamailio/modules/auth/api.h

163 lines
5.5 KiB
Raw Blame History

/*
* Digest Authentication Module
*
* Copyright (C) 2001-2003 FhG Fokus
*
* This file is part of Kamailio, a free SIP server.
*
* Kamailio is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version
*
* Kamailio is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#ifndef API_H
#define API_H
#include "../../parser/msg_parser.h"
#include "../../parser/digest/digest.h"
#include "../../sr_module.h"
#include "../../usr_avp.h"
#include "../../parser/hf.h"
#include "../../str.h"
#include "challenge.h"
#include "rfc2617.h"
/**
* return codes to config by auth functions
*/
typedef enum auth_cfg_result {
AUTH_USER_MISMATCH = -8, /*!< Auth user != From/To user */
AUTH_NONCE_REUSED = -6, /*!< Returned if nonce is used more than once */
AUTH_NO_CREDENTIALS = -5, /*!< Credentials missing */
AUTH_STALE_NONCE = -4, /*!< Stale nonce */
AUTH_USER_UNKNOWN = -3, /*!< User not found */
AUTH_INVALID_PASSWORD = -2, /*!< Invalid password */
AUTH_ERROR = -1, /*!< Error occurred */
AUTH_DROP = 0, /*!< Error, stop config execution */
AUTH_OK = 1 /*!< Success */
} auth_cfg_result_t;
/**
* flags for checks in auth functions
*/
#define AUTH_CHECK_ID_F 1<<0
#define AUTH_CHECK_SKIPFWD_F 1<<1
/**
* return codes to auth API functions
*/
typedef enum auth_result {
NONCE_REUSED = -5, /* Returned if nonce is used more than once */
NO_CREDENTIALS, /* Credentials missing */
STALE_NONCE, /* Stale nonce */
ERROR, /* Error occurred, a reply has been sent out -> return 0 to the ser core */
NOT_AUTHENTICATED, /* Don't perform authentication, credentials missing */
DO_AUTHENTICATION, /* Perform digest authentication */
AUTHENTICATED, /* Authenticated by default, no digest authentication necessary */
BAD_CREDENTIALS, /* Digest credentials are malformed */
CREATE_CHALLENGE, /* when AKAv1-MD5 is used first request does not contain credentials,
* only usename, realm and algorithm. Server should get Authentication
* Vector from AuC/HSS, create challenge and send it to the UE. */
DO_RESYNCHRONIZATION /* When AUTS is received we need do resynchronization
* of sequnce numbers with mobile station. */
} auth_result_t;
typedef int (*check_auth_hdr_t)(struct sip_msg* msg, auth_body_t* auth_body,
auth_result_t* auth_res);
int check_auth_hdr(struct sip_msg* msg, auth_body_t* auth_body,
auth_result_t* auth_res);
/*
* Purpose of this function is to find credentials with given realm,
* do sanity check, validate credential correctness and determine if
* we should really authenticate (there must be no authentication for
* ACK and CANCEL
*/
typedef auth_result_t (*pre_auth_t)(struct sip_msg* msg, str* realm,
hdr_types_t hftype, struct hdr_field** hdr,
check_auth_hdr_t check_auth_hdr);
auth_result_t pre_auth(struct sip_msg* msg, str* realm, hdr_types_t hftype,
struct hdr_field** hdr, check_auth_hdr_t check_auth_hdr);
/*
* Purpose of this function is to do post authentication steps like
* marking authorized credentials and so on.
*/
typedef auth_result_t (*post_auth_t)(struct sip_msg* msg,
struct hdr_field* hdr);
auth_result_t post_auth(struct sip_msg* msg, struct hdr_field* hdr);
typedef int (*check_response_t)(dig_cred_t* cred, str* method, char* ha1);
int auth_check_response(dig_cred_t* cred, str* method, char* ha1);
typedef int (*auth_challenge_f)(struct sip_msg *msg, str *realm, int flags,
int hftype);
int auth_challenge(struct sip_msg *msg, str *realm, int flags,
int hftype);
typedef int (*pv_authenticate_f)(struct sip_msg *msg, str *realm, str *passwd,
int flags, int hftype, str *method);
int pv_authenticate(struct sip_msg *msg, str *realm, str *passwd,
int flags, int hftype, str *method);
typedef int (*consume_credentials_f)(struct sip_msg* msg);
int consume_credentials(struct sip_msg* msg);
/*
* Auth module API
*/
typedef struct auth_api_s {
pre_auth_t pre_auth; /* The function to be called before authentication */
post_auth_t post_auth; /* The function to be called after authentication */
build_challenge_hf_t build_challenge; /* Function to build digest challenge header */
struct qp* qop; /* qop module parameter */
calc_HA1_t calc_HA1;
calc_response_t calc_response;
check_response_t check_response;
auth_challenge_f auth_challenge;
pv_authenticate_f pv_authenticate;
consume_credentials_f consume_credentials;
} auth_api_s_t;
typedef int (*bind_auth_s_t)(auth_api_s_t* api);
int bind_auth_s(auth_api_s_t* api);
/**
* load AUTH module API
*/
static inline int auth_load_api(auth_api_s_t* api)
{
bind_auth_s_t bind_auth;
/* bind to auth module and import the API */
bind_auth = (bind_auth_s_t)find_export("bind_auth_s", 0, 0);
if (!bind_auth) {
LM_ERR("unable to find bind_auth function. Check if you load"
" the auth module.\n");
return -1;
}
if (bind_auth(api) < 0) {
LM_ERR("unable to bind auth module\n");
return -1;
}
return 0;
}
#endif /* API_H */
Reference in new issue View Git Blame Copy Permalink