Logo Search packages:      
Sourcecode: sofia-sip version File versions

auth_plugin.h

Go to the documentation of this file.
/*
 * This file is part of the Sofia-SIP package
 *
 * Copyright (C) 2005 Nokia Corporation.
 *
 * Contact: Pekka Pessi <pekka.pessi@nokia.com>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA
 *
 */

#ifndef AUTH_PLUGIN_H
/** Defined when <sofia-sip/auth_plugin.h> has been included. */
#define AUTH_PLUGIN_H 

/**@file sofia-sip/auth_plugin.h
 * @brief Plugin interface for authentication verification modules.
 * 
 * @author Pekka Pessi <Pekka.Pessi@nokia.com>
 * 
 * @date Created: Tue Apr 27 15:22:07 2004 ppessi
 */

#ifndef AUTH_MODULE_H
#include "sofia-sip/auth_module.h"
#endif

#ifndef AUTH_DIGEST_H
#include "sofia-sip/auth_digest.h"
#endif

#ifndef AUTH_COMMON_H
#include "sofia-sip/auth_common.h"
#endif

#ifndef MSG_DATE_H
#include <sofia-sip/msg_date.h>
#endif

#ifndef SU_MD5_H
#include <sofia-sip/su_md5.h>
#endif

#include <sofia-sip/htable.h>

SOFIA_BEGIN_DECLS

/* ====================================================================== */
/* Plugin interface for authentication */

/** Authentication scheme */
00065 struct auth_scheme
{
  /** Name */
00068   char const *asch_method;

  /** Size of module object */
00071   usize_t asch_size;

  /** Initialize module. Invoked by auth_mod_create(). */
  int (*asch_init)(auth_mod_t *am,
               auth_scheme_t *base,
               su_root_t *root,
               tag_type_t tag, tag_value_t value, ...);

  /** Check authentication. Invoked by auth_mod_method(). */
  void (*asch_check)(auth_mod_t *am, 
                 auth_status_t *as,
                 msg_auth_t *auth,
                 auth_challenger_t const *ch);

  /** Create a challenge. Invoked by auth_mod_challenge(). */
  void (*asch_challenge)(auth_mod_t *am, 
                   auth_status_t *as,
                   auth_challenger_t const *ch);

  /** Cancel an asynchronous authentication request. 
   * Invoked by auth_mod_cancel().
   */
  void (*asch_cancel)(auth_mod_t *am, 
                  auth_status_t *as);

  /** Reclaim resources an authentication module.
   *
   * Invoked by auth_mod_destroy()/auth_mod_unref().
   */
  void (*asch_destroy)(auth_mod_t *am);

};

/** User data structure */
00105 typedef struct
{
00107   unsigned        apw_index;  /**< Key to hash table */
00108   void const     *apw_type;   /**< Magic identifier */

00110   char const       *apw_user; /**< Username */
00111   char const     *apw_realm;  /**< Realm */
00112   char const       *apw_pass; /**< Password */
00113   char const     *apw_hash;   /**< MD5 of the username, realm and pass */
00114   char const     *apw_ident;  /**< Identity information */
00115   auth_uplugin_t *apw_extended;     /**< Method-specific extension */
} auth_passwd_t;


HTABLE_DECLARE_WITH(auth_htable, aht, auth_passwd_t, usize_t, unsigned);

struct stat;

/** Common data for authentication module */
00124 struct auth_mod_t
{
  su_home_t      am_home[1];
00127   unsigned       _am_refcount;      /**< Not used */

  /* User database / cache */
00130   char const    *am_db;       /**< User database file name */
00131   struct stat   *am_stat;     /**< State of user file when read */
00132   auth_htable_t  am_users[1]; /**< Table of users */

00134   void          *am_buffer;   /**< Buffer for database */
00135   auth_passwd_t *am_locals;   /**< Entries from local user file */
00136   size_t         am_local_count; /**< Number of entries from local user file */

00138   auth_passwd_t *am_anon_user;      /**< Special entry for anonymous user */

  /* Attributes */
00141   url_t         *am_remote;   /**< Remote authenticator */
00142   char const    *am_realm;    /**< Our realm */
00143   char const    *am_opaque;   /**< Opaque identification data */
00144   char const    *am_gssapi_data; /**< NTLM data */
00145   char const    *am_targetname; /**< NTLM target name */
00146   auth_scheme_t *am_scheme;   /**< Authentication scheme (Digest, Basic). */
00147   char const   **am_allow;    /**< Methods to allow without authentication */
00148   msg_param_t    am_algorithm;      /**< Defauilt algorithm */
00149   msg_param_t    am_qop;      /**< Default qop (quality-of-protection) */
00150   unsigned       am_expires;  /**< Nonce lifetime */
00151   unsigned       am_next_exp; /**< Next nonce lifetime */
00152   unsigned       am_blacklist;      /**< Extra delay if bad credentials. */
00153   unsigned       am_forbidden:1;/**< Respond with 403 if bad credentials */
00154   unsigned       am_anonymous:1;/**< Allow anonymous access */
00155   unsigned       am_challenge:1;/**< Challenge even if successful */
00156   unsigned       am_nextnonce:1;/**< Send next nonce in responses */
00157   unsigned       am_mutual:1;   /**< Mutual authentication */
00158   unsigned       am_fake:1;   /**< Fake authentication */

00160   unsigned :0;                /**< Pad */
00161   unsigned       am_count;    /**< Nonce counter */

00163   uint8_t        am_master_key[16]; /**< Private master key */
  
00165   su_md5_t       am_hmac_ipad;      /**< MD5 with inner pad */
00166   su_md5_t       am_hmac_opad;      /**< MD5 with outer pad */
};

SOFIAPUBFUN
auth_passwd_t *auth_mod_getpass(auth_mod_t *am,
                        char const *user,
                        char const *realm);

SOFIAPUBFUN
auth_passwd_t *auth_mod_addpass(auth_mod_t *am,
                        char const *user,
                        char const *realm);

SOFIAPUBFUN int auth_readdb_if_needed(auth_mod_t *am);

SOFIAPUBFUN int auth_readdb(auth_mod_t *am);

SOFIAPUBFUN msg_auth_t *auth_mod_credentials(msg_auth_t *auth, 
                                   char const *scheme,
                                   char const *realm);

SOFIAPUBFUN auth_mod_t *auth_mod_alloc(auth_scheme_t *scheme, 
                               tag_type_t, tag_value_t, ...);

#define AUTH_PLUGIN(am) (auth_plugin_t *)((am) + 1)

SOFIAPUBFUN
int auth_init_default(auth_mod_t *am,
                  auth_scheme_t *base,
                  su_root_t *root,
                  tag_type_t tag, tag_value_t value, ...);

/** Default cancel method */
SOFIAPUBFUN void auth_cancel_default(auth_mod_t *am, auth_status_t *as);

/** Default destroy method */
SOFIAPUBFUN void auth_destroy_default(auth_mod_t *am);

/** Basic scheme */
SOFIAPUBFUN
void auth_method_basic(auth_mod_t *am,
                   auth_status_t *as,
                   msg_auth_t *auth,
                   auth_challenger_t const *ach);

SOFIAPUBFUN
void auth_challenge_basic(auth_mod_t *am, 
                    auth_status_t *as,
                    auth_challenger_t const *ach);

/** Digest scheme */
SOFIAPUBFUN
msg_auth_t *auth_digest_credentials(msg_auth_t *auth, 
                            char const *realm,
                            char const *opaque);

SOFIAPUBFUN
void auth_method_digest(auth_mod_t *am,
                  auth_status_t *as,
                  msg_auth_t *au,
                  auth_challenger_t const *ach);

SOFIAPUBFUN
void auth_info_digest(auth_mod_t *am, 
                  auth_status_t *as,
                  auth_challenger_t const *ach);

SOFIAPUBFUN
void auth_check_digest(auth_mod_t *am,
                   auth_status_t *as,
                   auth_response_t *ar,
                   auth_challenger_t const *ach);

SOFIAPUBFUN
void auth_challenge_digest(auth_mod_t *am, 
                     auth_status_t *as,
                     auth_challenger_t const *ach);

SOFIAPUBFUN
isize_t auth_generate_digest_nonce(auth_mod_t *am, 
                           char buffer[],
                           size_t buffer_len,
                           int nextnonce,
                           msg_time_t now);

SOFIAPUBFUN
int auth_validate_digest_nonce(auth_mod_t *am, 
                         auth_status_t *as,
                         auth_response_t *ar,
                         msg_time_t now);

SOFIAPUBFUN int auth_allow_check(auth_mod_t *am, auth_status_t *as);

/** Init md5 for MD5-based HMAC */
SOFIAPUBFUN void auth_md5_hmac_init(auth_mod_t *am, su_md5_t *md5);
SOFIAPUBFUN void auth_md5_hmac_digest(auth_mod_t *am, su_md5_t *md5, 
                              void *hmac, size_t size);

SOFIA_END_DECLS

#endif /* !defined AUTH_PLUGIN_H */

Generated by  Doxygen 1.6.0   Back to index