Browse code

auth(k): module removed

- use modules/auth insted of this one

Daniel-Constantin Mierla authored on 25/07/2010 20:14:12
Showing 1 changed files
1 1
deleted file mode 100644
... ...
@@ -1,467 +0,0 @@
1
-/*
2
- * $Id$ 
3
- *
4
- * Copyright (C) 2001-2003 FhG Fokus
5
- *
6
- * This file is part of Kamailio, a free SIP server.
7
- *
8
- * Kamailio is free software; you can redistribute it and/or modify
9
- * it under the terms of the GNU General Public License as published by
10
- * the Free Software Foundation; either version 2 of the License, or
11
- * (at your option) any later version
12
- *
13
- * Kamailio is distributed in the hope that it will be useful,
14
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
15
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16
- * GNU General Public License for more details.
17
- *
18
- * You should have received a copy of the GNU General Public License 
19
- * along with this program; if not, write to the Free Software 
20
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21
- *
22
- * History:
23
- * --------
24
- * 2003-02-26 checks and group moved to separate modules (janakj)
25
- * 2003-03-10 New module interface (janakj)
26
- * 2003-03-16 flags export parameter added (janakj)
27
- * 2003-03-19 all mallocs/frees replaced w/ pkg_malloc/pkg_free (andrei)
28
- * 2003-04-28 rpid contributed by Juha Heinanen added (janakj) 
29
- * 2005-05-31 general avp specification added for rpid (bogdan)
30
- * 2006-03-01 pseudo variables support for domain name (bogdan)
31
- */
32
-
33
-/*!
34
- * \file
35
- * \brief Digest Authentication Module
36
- * \ingroup auth
37
- * - Module: \ref auth
38
- */
39
-
40
-/*!
41
- * \defgroup auth AUTH :: The Kamailio auth Module
42
- * The module provides functions to authentificate users.
43
- * It also exports a API that can be used from other modules.
44
- */
45
-
46
-#include <stdio.h>
47
-#include <stdlib.h>
48
-#include <time.h>
49
-#include "../../sr_module.h"
50
-#include "../../dprint.h"
51
-#include "../../mem/mem.h"
52
-#include "../../error.h"
53
-#include "../../pvar.h"
54
-#include "../../ut.h"
55
-#include "../../mod_fix.h"
56
-#include "../../lock_alloc.h"
57
-#include "auth_mod.h"
58
-#include "challenge.h"
59
-#include "api.h"
60
-
61
-MODULE_VERSION
62
-
63
-/*! length of the random secret */
64
-#define RAND_SECRET_LEN 32
65
-
66
-#define DEF_STRIP_REALM ""
67
-
68
-/*!
69
- * Module destroy function prototype
70
- */
71
-static void destroy(void);
72
-
73
-/*!
74
- * Module initialization function prototype
75
- */
76
-static int mod_init(void);
77
-
78
-int pv_proxy_authorize(struct sip_msg* msg, char* realm, char* str2);
79
-int pv_www_authorize(struct sip_msg* msg, char* realm, char* str2);
80
-
81
-/*! SL API structure */
82
-sl_api_t slb;
83
-
84
-
85
-/*
86
- * Module parameter variables
87
- */
88
-char* sec_param    = 0;   /*!< If the parameter is not used, the secret phrase will be auto-generated */
89
-unsigned int   nonce_expire = 30; /*!< Nonce lifetime - default 30 seconds */
90
-
91
-str secret;
92
-char* sec_rand = 0;
93
-
94
-int auth_calc_ha1 = 0;
95
-
96
-/*! Prefix to strip from realm */
97
-str realm_prefix = {DEF_STRIP_REALM, sizeof(DEF_STRIP_REALM) - 1};
98
-
99
-/*! definition of AVP containing username value */
100
-char* user_spec_param = 0;
101
-static pv_spec_t user_spec;
102
-
103
-
104
-/*! definition of AVP containing password value */
105
-char* passwd_spec_param = 0;
106
-static pv_spec_t passwd_spec;
107
-
108
-/*! nonce index */
109
-gen_lock_t* nonce_lock= NULL;
110
-char* nonce_buf= NULL;
111
-int* sec_monit= NULL;
112
-int* second= NULL;
113
-int* next_index= NULL;
114
-
115
-/*! control nonce usage checking */
116
-int nonce_reuse = 0;
117
-
118
-/*
119
- * Exported functions
120
- */
121
-static cmd_export_t cmds[] = {
122
-	{"www_challenge",       (cmd_function)www_challenge,           2,
123
-		fixup_spve_uint, 0, REQUEST_ROUTE},
124
-	{"proxy_challenge",     (cmd_function)proxy_challenge,         2,
125
-		fixup_spve_uint, 0, REQUEST_ROUTE},
126
-	{"pv_www_authorize",    (cmd_function)pv_www_authorize,        1,
127
-		fixup_spve_null, 0, REQUEST_ROUTE},
128
-	{"pv_proxy_authorize",  (cmd_function)pv_proxy_authorize,      1,
129
-		fixup_spve_null, 0, REQUEST_ROUTE},
130
-	{"consume_credentials", (cmd_function)consume_credentials,     0, 0,
131
-			0, REQUEST_ROUTE},
132
-	{"bind_auth_k",           (cmd_function)bind_auth_k, 0, 0,
133
-			0, 0},
134
-	{0, 0, 0, 0, 0, 0}
135
-};
136
-
137
-
138
-/*
139
- * Exported parameters
140
- */
141
-static param_export_t params[] = {
142
-	{"secret",          STR_PARAM, &sec_param      },
143
-	{"nonce_expire",    INT_PARAM, &nonce_expire   },
144
-	{"realm_prefix",    STR_PARAM, &realm_prefix.s },
145
-	{"username_spec",   STR_PARAM, &user_spec_param   },
146
-	{"password_spec",   STR_PARAM, &passwd_spec_param },
147
-	{"calculate_ha1",   INT_PARAM, &auth_calc_ha1     },
148
-	{"nonce_reuse",     INT_PARAM, &nonce_reuse       },
149
-	{0, 0, 0}
150
-};
151
-
152
-
153
-/*
154
- * Module interface
155
- */
156
-struct module_exports exports = {
157
-	"auth", 
158
-	DEFAULT_DLFLAGS, /* dlopen flags */
159
-	cmds,
160
-	params,
161
-	0,          /* exported statistics */
162
-	0,          /* exported MI functions */
163
-	0,          /* exported pseudo-variables */
164
-	0,          /* extra processes */
165
-	mod_init,   /* module initialization function */
166
-	0,          /* response function */
167
-	destroy,    /* destroy function */
168
-	0           /* child initialization function */
169
-};
170
-
171
-
172
-/*!
173
- * \brief Generate a random secret
174
- *
175
- * Generate a random secret. A secret parameter was not used so we
176
- * generate a random value here.
177
- * \return 0 on success, -1 on failure
178
- */
179
-static inline int generate_random_secret(void)
180
-{
181
-	int i;
182
-
183
-	sec_rand = (char*)pkg_malloc(RAND_SECRET_LEN);
184
-	if (!sec_rand) {
185
-		LM_ERR("no pkg memory left\n");
186
-		return -1;
187
-	}
188
-
189
-	/* the generator is seeded from the core */
190
-
191
-	for(i = 0; i < RAND_SECRET_LEN; i++) {
192
-		sec_rand[i] = 32 + (int)(95.0 * rand() / (RAND_MAX + 1.0));
193
-	}
194
-
195
-	secret.s = sec_rand;
196
-	secret.len = RAND_SECRET_LEN;
197
-
198
-	/*LM_DBG("Generated secret: '%.*s'\n", secret.len, secret.s); */
199
-
200
-	return 0;
201
-}
202
-
203
-
204
-static int mod_init(void)
205
-{
206
-	str stmp;
207
-	
208
-	/* bind the SL API */
209
-	if (sl_load_api(&slb)!=0) {
210
-		LM_ERR("cannot bind to SL API\n");
211
-		return -1;
212
-	}
213
-
214
-	/* If the parameter was not used */
215
-	if (sec_param == 0) {
216
-		/* Generate secret using random generator */
217
-		if (generate_random_secret() < 0) {
218
-			LM_ERR("failed to generate random secret\n");
219
-			return -3;
220
-		}
221
-	} else {
222
-		/* Otherwise use the parameter's value */
223
-		secret.s = sec_param;
224
-		secret.len = strlen(secret.s);
225
-	}
226
-
227
-	realm_prefix.len = strlen(realm_prefix.s);
228
-
229
-	if(user_spec_param!=0)
230
-	{
231
-		stmp.s = user_spec_param; stmp.len = strlen(stmp.s);
232
-		if(pv_parse_spec(&stmp, &user_spec)==NULL)
233
-		{
234
-			LM_ERR("failed to parse username spec\n");
235
-			return -5;
236
-		}
237
-		switch(user_spec.type) {
238
-			case PVT_NONE:
239
-			case PVT_EMPTY:
240
-			case PVT_NULL:
241
-			case PVT_MARKER:
242
-			case PVT_COLOR:
243
-				LM_ERR("invalid username spec\n");
244
-				return -6;
245
-			default: ;
246
-		}
247
-	}
248
-	if(passwd_spec_param!=0)
249
-	{
250
-		stmp.s = passwd_spec_param; stmp.len = strlen(stmp.s);
251
-		if(pv_parse_spec(&stmp, &passwd_spec)==NULL)
252
-		{
253
-			LM_ERR("failed to parse password spec\n");
254
-			return -7;
255
-		}
256
-		switch(passwd_spec.type) {
257
-			case PVT_NONE:
258
-			case PVT_EMPTY:
259
-			case PVT_NULL:
260
-			case PVT_MARKER:
261
-			case PVT_COLOR:
262
-				LM_ERR("invalid password spec\n");
263
-				return -8;
264
-			default: ;
265
-		}
266
-	}
267
-
268
-	if(nonce_reuse==0)
269
-	{
270
-	    nonce_lock = (gen_lock_t*)lock_alloc();
271
-		if(nonce_lock== NULL)
272
-	    {
273
-		    LM_ERR("no more shared memory\n");
274
-			return -1;
275
-	    }
276
-
277
-		/* initialize lock_nonce */
278
-	    if(lock_init(nonce_lock)== 0)
279
-		{
280
-	        LM_ERR("failed to init lock\n");
281
-		    return -9;
282
-	    }
283
-
284
-		nonce_buf= (char*)shm_malloc(NBUF_LEN);
285
-		if(nonce_buf== NULL)
286
-	    {
287
-		    LM_ERR("no more share memory\n");
288
-			return -10;
289
-	    }
290
-		memset(nonce_buf, 255, NBUF_LEN);
291
-
292
-		sec_monit= (int*)shm_malloc((nonce_expire +1)* sizeof(int));
293
-		if(sec_monit== NULL)
294
-		{
295
-			LM_ERR("no more share memory\n");
296
-	        return -10;
297
-		}
298
-		memset(sec_monit, -1, (nonce_expire +1)* sizeof(int));
299
-		second= (int*)shm_malloc(sizeof(int));
300
-		next_index= (int*)shm_malloc(sizeof(int));
301
-		if(second==  NULL || next_index== NULL)
302
-	    {
303
-		    LM_ERR("no more share memory\n");
304
-	        return -10;
305
-		}
306
-		*next_index= -1;
307
-	}
308
-
309
-	return 0;
310
-}
311
-
312
-
313
-static void destroy(void)
314
-{
315
-	if (sec_rand) pkg_free(sec_rand);
316
-
317
-	if(nonce_reuse==0)
318
-	{
319
-	    if(nonce_lock)
320
-		{
321
-			lock_destroy(nonce_lock);
322
-	        lock_dealloc(nonce_lock);
323
-		}
324
-
325
-	    if(nonce_buf)
326
-		    shm_free(nonce_buf);
327
-	    if(second)
328
-		    shm_free(second);
329
-	    if(sec_monit)
330
-		    shm_free(sec_monit);
331
-	    if(next_index)
332
-		    shm_free(next_index);
333
-	}
334
-}
335
-
336
-
337
-/*!
338
- * \brief Generate a HA1 response from username and domain
339
- * \param msg SIP message
340
- * \param _username user name
341
- * \param _domain domain
342
- * \param _ha1 generated HA1
343
- * \return 0 on success, 1 on error and when the user could not found
344
- */
345
-static inline int auth_get_ha1(struct sip_msg *msg, struct username* _username,
346
-		str* _domain, char* _ha1)
347
-{
348
-	pv_value_t sval;
349
-	
350
-	/* get username from PV */
351
-	memset(&sval, 0, sizeof(pv_value_t));
352
-	if(pv_get_spec_value(msg, &user_spec, &sval)==0)
353
-	{
354
-		if(sval.flags==PV_VAL_NONE || (sval.flags&PV_VAL_NULL)
355
-				|| (sval.flags&PV_VAL_EMPTY) || (!(sval.flags&PV_VAL_STR)))
356
-		{
357
-			pv_value_destroy(&sval);
358
-			return 1;
359
-		}
360
-		if(sval.rs.len!= _username->user.len
361
-				|| strncasecmp(sval.rs.s, _username->user.s, sval.rs.len))
362
-		{
363
-			LM_DBG("username mismatch [%.*s] [%.*s]\n",
364
-				_username->user.len, _username->user.s, sval.rs.len, sval.rs.s);
365
-			pv_value_destroy(&sval);
366
-			return 1;
367
-		}
368
-	} else {
369
-		return 1;
370
-	}
371
-	/* get password from PV */
372
-	memset(&sval, 0, sizeof(pv_value_t));
373
-	if(pv_get_spec_value(msg, &passwd_spec, &sval)==0)
374
-	{
375
-		if(sval.flags==PV_VAL_NONE || (sval.flags&PV_VAL_NULL)
376
-				|| (sval.flags&PV_VAL_EMPTY) || (!(sval.flags&PV_VAL_STR)))
377
-		{
378
-			pv_value_destroy(&sval);
379
-			return 1;
380
-		}
381
-	} else {
382
-		return 1;
383
-	}
384
-	if (auth_calc_ha1) {
385
-		/* Only plaintext passwords are stored in database,
386
-		 * we have to calculate HA1 */
387
-		calc_HA1(HA_MD5, &_username->whole, _domain, &sval.rs, 0, 0, _ha1);
388
-		LM_DBG("HA1 string calculated: %s\n", _ha1);
389
-	} else {
390
-		memcpy(_ha1, sval.rs.s, sval.rs.len);
391
-		_ha1[sval.rs.len] = '\0';
392
-	}
393
-
394
-	return 0;
395
-}
396
-
397
-
398
-/*!
399
- * \brief Check authorization from a pseudo-variable
400
- * \param msg SIP message
401
- * \param realm authentification realm
402
- * \param hftype type of the header field
403
- * \return 1 when authorized, null on errors, negative on authentification failure
404
- */
405
-static inline int pv_authorize(struct sip_msg* msg, gparam_p realm,
406
-										hdr_types_t hftype)
407
-{
408
-	static char ha1[256];
409
-	struct hdr_field* h;
410
-	auth_body_t* cred;
411
-	auth_result_t ret;
412
-	str domain;
413
-
414
-	if(fixup_get_svalue(msg, realm, &domain)!=0)
415
-	{
416
-		LM_ERR("invalid realm parameter\n");
417
-		return -1;
418
-	}
419
-
420
-	if (domain.len==0)
421
-		domain.s = 0;
422
-
423
-	ret = pre_auth(msg, &domain, hftype, &h);
424
-
425
-	if (ret != DO_AUTHORIZATION)
426
-		return ret;
427
-
428
-	cred = (auth_body_t*)h->parsed;
429
-
430
-	if ((auth_get_ha1(msg, &cred->digest.username, &domain, ha1)) > 0) {
431
-		/* Username not found */
432
-		return USER_UNKNOWN;
433
-	}
434
-
435
-	/* Recalculate response, it must be same to authorize successfully */
436
-	if (!check_response(&(cred->digest),&msg->first_line.u.request.method,ha1))
437
-	{
438
-		return post_auth(msg, h);
439
-	}
440
-	return AUTH_ERROR;
441
-}
442
-
443
-
444
-/*!
445
- * \brief Small wrapper around pv_authorize, use proxy challenge
446
- * \param msg SIP message
447
- * \param realm authenfication realm
448
- * \param str2 unused
449
- * \return 1 on sucess, 0 on errors, negative on authentification failures
450
- */
451
-int pv_proxy_authorize(struct sip_msg* msg, char* realm, char* str2)
452
-{
453
-	return pv_authorize(msg, (gparam_p)realm, HDR_PROXYAUTH_T);
454
-}
455
-
456
-
457
-/*!
458
- * \brief Small wrapper around pv_authorize, use www challenge
459
- * \param msg SIP message
460
- * \param realm authenfication realm
461
- * \param str2 unused
462
- * \return 1 on sucess, 0 on errors, negative on authentification failures
463
- */
464
-int pv_www_authorize(struct sip_msg* msg, char* realm, char* str2)
465
-{
466
-	return pv_authorize(msg, (gparam_p)realm, HDR_AUTHORIZATION_T);
467
-}
Browse code

auth(k) and siputils: moved rpid operations

- rpid operations moved to siputils module
- it is not much relation between authentication and rpid
- auth(k) is to be removed, functionality replaced by modules/auth

Daniel-Constantin Mierla authored on 25/07/2010 20:10:00
Showing 1 changed files
... ...
@@ -56,7 +56,6 @@
56 56
 #include "../../lock_alloc.h"
57 57
 #include "auth_mod.h"
58 58
 #include "challenge.h"
59
-#include "rpid.h"
60 59
 #include "api.h"
61 60
 
62 61
 MODULE_VERSION
... ...
@@ -64,11 +63,7 @@ MODULE_VERSION
64 63
 /*! length of the random secret */
65 64
 #define RAND_SECRET_LEN 32
66 65
 
67
-#define DEF_RPID_PREFIX ""
68
-#define DEF_RPID_SUFFIX ";party=calling;id-type=subscriber;screen=yes"
69 66
 #define DEF_STRIP_REALM ""
70
-#define DEF_RPID_AVP "$avp(s:rpid)"
71
-
72 67
 
73 68
 /*!
74 69
  * Module destroy function prototype
... ...
@@ -98,16 +93,9 @@ char* sec_rand = 0;
98 93
 
99 94
 int auth_calc_ha1 = 0;
100 95
 
101
-/*! Default Remote-Party-ID prefix */
102
-str rpid_prefix = {DEF_RPID_PREFIX, sizeof(DEF_RPID_PREFIX) - 1};
103
-/*! Default Remote-Party-IDD suffix */
104
-str rpid_suffix = {DEF_RPID_SUFFIX, sizeof(DEF_RPID_SUFFIX) - 1};
105 96
 /*! Prefix to strip from realm */
106 97
 str realm_prefix = {DEF_STRIP_REALM, sizeof(DEF_STRIP_REALM) - 1};
107 98
 
108
-/*! definition of AVP containing rpid value */
109
-char* rpid_avp_param = DEF_RPID_AVP;
110
-
111 99
 /*! definition of AVP containing username value */
112 100
 char* user_spec_param = 0;
113 101
 static pv_spec_t user_spec;
... ...
@@ -141,13 +129,6 @@ static cmd_export_t cmds[] = {
141 129
 		fixup_spve_null, 0, REQUEST_ROUTE},
142 130
 	{"consume_credentials", (cmd_function)consume_credentials,     0, 0,
143 131
 			0, REQUEST_ROUTE},
144
-	{"is_rpid_user_e164",   (cmd_function)is_rpid_user_e164,       0, 0,
145
-			0, REQUEST_ROUTE},
146
-	{"append_rpid_hf",      (cmd_function)append_rpid_hf,          0, 0,
147
-			0, REQUEST_ROUTE|BRANCH_ROUTE|FAILURE_ROUTE},
148
-	{"append_rpid_hf",      (cmd_function)append_rpid_hf_p,        2,
149
-			fixup_str_str,
150
-			0, REQUEST_ROUTE|BRANCH_ROUTE|FAILURE_ROUTE},
151 132
 	{"bind_auth_k",           (cmd_function)bind_auth_k, 0, 0,
152 133
 			0, 0},
153 134
 	{0, 0, 0, 0, 0, 0}
... ...
@@ -160,10 +141,7 @@ static cmd_export_t cmds[] = {
160 141
 static param_export_t params[] = {
161 142
 	{"secret",          STR_PARAM, &sec_param      },
162 143
 	{"nonce_expire",    INT_PARAM, &nonce_expire   },
163
-	{"rpid_prefix",     STR_PARAM, &rpid_prefix.s  },
164
-	{"rpid_suffix",     STR_PARAM, &rpid_suffix.s  },
165 144
 	{"realm_prefix",    STR_PARAM, &realm_prefix.s },
166
-	{"rpid_avp",        STR_PARAM, &rpid_avp_param },
167 145
 	{"username_spec",   STR_PARAM, &user_spec_param   },
168 146
 	{"password_spec",   STR_PARAM, &passwd_spec_param },
169 147
 	{"calculate_ha1",   INT_PARAM, &auth_calc_ha1     },
... ...
@@ -246,13 +224,6 @@ static int mod_init(void)
246 224
 		secret.len = strlen(secret.s);
247 225
 	}
248 226
 
249
-	if ( init_rpid_avp(rpid_avp_param)<0 ) {
250
-		LM_ERR("failed to process rpid AVPs\n");
251
-		return -4;
252
-	}
253
-
254
-	rpid_prefix.len = strlen(rpid_prefix.s);
255
-	rpid_suffix.len = strlen(rpid_suffix.s);
256 227
 	realm_prefix.len = strlen(realm_prefix.s);
257 228
 
258 229
 	if(user_spec_param!=0)
Browse code

auth: updated to use common sl module

Daniel-Constantin Mierla authored on 24/07/2010 11:00:49
Showing 1 changed files
... ...
@@ -54,7 +54,6 @@
54 54
 #include "../../ut.h"
55 55
 #include "../../mod_fix.h"
56 56
 #include "../../lock_alloc.h"
57
-#include "../sl/sl_api.h"
58 57
 #include "auth_mod.h"
59 58
 #include "challenge.h"
60 59
 #include "rpid.h"
... ...
@@ -84,8 +83,8 @@ static int mod_init(void);
84 83
 int pv_proxy_authorize(struct sip_msg* msg, char* realm, char* str2);
85 84
 int pv_www_authorize(struct sip_msg* msg, char* realm, char* str2);
86 85
 
87
-/*! SL binds */
88
-struct sl_binds slb;
86
+/*! SL API structure */
87
+sl_api_t slb;
89 88
 
90 89
 
91 90
 /*
... ...
@@ -228,9 +227,9 @@ static int mod_init(void)
228 227
 {
229 228
 	str stmp;
230 229
 	
231
-	/* load the SL API */
232
-	if (load_sl_api(&slb)!=0) {
233
-		LM_ERR("can't load SL API\n");
230
+	/* bind the SL API */
231
+	if (sl_load_api(&slb)!=0) {
232
+		LM_ERR("cannot bind to SL API\n");
234 233
 		return -1;
235 234
 	}
236 235
 
Browse code

auth(k): s/auth_api/auth_api_k & s/bind_auth/bind_auth_k

Rename auth_api_t and bind_auth (add _k), to avoid possible
runtime problems when mixing ser and kamailio auth_api using
modules.

Andrei Pelinescu-Onciul authored on 14/06/2010 15:15:50
Showing 1 changed files
... ...
@@ -149,7 +149,7 @@ static cmd_export_t cmds[] = {
149 149
 	{"append_rpid_hf",      (cmd_function)append_rpid_hf_p,        2,
150 150
 			fixup_str_str,
151 151
 			0, REQUEST_ROUTE|BRANCH_ROUTE|FAILURE_ROUTE},
152
-	{"bind_auth",           (cmd_function)bind_auth, 0, 0,
152
+	{"bind_auth_k",           (cmd_function)bind_auth_k, 0, 0,
153 153
 			0, 0},
154 154
 	{0, 0, 0, 0, 0, 0}
155 155
 };
Browse code

- port from opensips, commit 5042, credits to Anca - fixed an error in nonce generation( using wrong macro) - adjust default nonce_expires to 30 seconds - small spelling fix in docs

git-svn-id: https://openser.svn.sourceforge.net/svnroot/openser/trunk@5367 689a6050-402a-0410-94f2-e92a70836424

Henning Westerholt authored on 16/12/2008 10:19:53
Showing 1 changed files
... ...
@@ -92,7 +92,7 @@ struct sl_binds slb;
92 92
  * Module parameter variables
93 93
  */
94 94
 char* sec_param    = 0;   /*!< If the parameter is not used, the secret phrase will be auto-generated */
95
-unsigned int   nonce_expire = 300; /*!< Nonce lifetime */
95
+unsigned int   nonce_expire = 30; /*!< Nonce lifetime - default 30 seconds */
96 96
 
97 97
 str secret;
98 98
 char* sec_rand = 0;
Browse code

- fix a bunch of doxygen errors (mostly in modules, some in the core) - credits belongs to Frederick Bullik, frederick dot bullik at 1und1 dot de

git-svn-id: https://openser.svn.sourceforge.net/svnroot/openser/trunk@5299 689a6050-402a-0410-94f2-e92a70836424

Henning Westerholt authored on 04/12/2008 18:12:33
Showing 1 changed files
... ...
@@ -487,7 +487,7 @@ int pv_proxy_authorize(struct sip_msg* msg, char* realm, char* str2)
487 487
 /*!
488 488
  * \brief Small wrapper around pv_authorize, use www challenge
489 489
  * \param msg SIP message
490
- * \param ream authenfication realm
490
+ * \param realm authenfication realm
491 491
  * \param str2 unused
492 492
  * \return 1 on sucess, 0 on errors, negative on authentification failures
493 493
  */
Browse code

- remove unused parameter 'index' from build_auth_hf() - fix logic in pv_authorize, it checks for auth_get_ha1() < 0, which can not happen, remove then unneeded 'res' variable too - make get_nonce_expires() static, this is only used internally

git-svn-id: https://openser.svn.sourceforge.net/svnroot/openser/trunk@5259 689a6050-402a-0410-94f2-e92a70836424

Henning Westerholt authored on 25/11/2008 10:05:16
Showing 1 changed files
... ...
@@ -70,8 +70,6 @@ MODULE_VERSION
70 70
 #define DEF_STRIP_REALM ""
71 71
 #define DEF_RPID_AVP "$avp(s:rpid)"
72 72
 
73
-/*! error string for code 500 */
74
-static str auth_500_err = str_init("Server Internal Error");
75 73
 
76 74
 /*!
77 75
  * Module destroy function prototype
... ...
@@ -433,13 +431,11 @@ static inline int auth_get_ha1(struct sip_msg *msg, struct username* _username,
433 431
  * \param realm authentification realm
434 432
  * \param hftype type of the header field
435 433
  * \return 1 when authorized, null on errors, negative on authentification failure
436
- * \todo rework logic to not check for auth_get_ha1 < 0, this can not happen
437 434
  */
438 435
 static inline int pv_authorize(struct sip_msg* msg, gparam_p realm,
439 436
 										hdr_types_t hftype)
440 437
 {
441 438
 	static char ha1[256];
442
-	int res;
443 439
 	struct hdr_field* h;
444 440
 	auth_body_t* cred;
445 441
 	auth_result_t ret;
... ...
@@ -461,15 +457,7 @@ static inline int pv_authorize(struct sip_msg* msg, gparam_p realm,
461 457
 
462 458
 	cred = (auth_body_t*)h->parsed;
463 459
 
464
-	res = auth_get_ha1(msg, &cred->digest.username, &domain, ha1);
465
-	if (res < 0) {
466
-		/* Error */
467
-		if (slb.reply(msg, 500, &auth_500_err) == -1) {
468
-			LM_ERR("failed to send 500 reply\n");
469
-		}
470
-		return ERROR;
471
-	}
472
-	if (res > 0) {
460
+	if ((auth_get_ha1(msg, &cred->digest.username, &domain, ha1)) > 0) {
473 461
 		/* Username not found */
474 462
 		return USER_UNKNOWN;
475 463
 	}
Browse code

- smaller cleanups, fix indentions in some files

git-svn-id: https://openser.svn.sourceforge.net/svnroot/openser/trunk@5258 689a6050-402a-0410-94f2-e92a70836424

Henning Westerholt authored on 25/11/2008 09:53:17
Showing 1 changed files
... ...
@@ -313,7 +313,7 @@ static int mod_init(void)
313 313
 		    return -9;
314 314
 	    }
315 315
 
316
-	    nonce_buf= (char*)shm_malloc(NBUF_LEN);
316
+		nonce_buf= (char*)shm_malloc(NBUF_LEN);
317 317
 		if(nonce_buf== NULL)
318 318
 	    {
319 319
 		    LM_ERR("no more share memory\n");
... ...
@@ -321,21 +321,21 @@ static int mod_init(void)
321 321
 	    }
322 322
 		memset(nonce_buf, 255, NBUF_LEN);
323 323
 
324
-	    sec_monit= (int*)shm_malloc((nonce_expire +1)* sizeof(int));
325
-	    if(sec_monit== NULL)
324
+		sec_monit= (int*)shm_malloc((nonce_expire +1)* sizeof(int));
325
+		if(sec_monit== NULL)
326 326
 		{
327 327
 			LM_ERR("no more share memory\n");
328 328
 	        return -10;
329 329
 		}
330
-	    memset(sec_monit, -1, (nonce_expire +1)* sizeof(int));
330
+		memset(sec_monit, -1, (nonce_expire +1)* sizeof(int));
331 331
 		second= (int*)shm_malloc(sizeof(int));
332
-	    next_index= (int*)shm_malloc(sizeof(int));
332
+		next_index= (int*)shm_malloc(sizeof(int));
333 333
 		if(second==  NULL || next_index== NULL)
334 334
 	    {
335 335
 		    LM_ERR("no more share memory\n");
336 336
 	        return -10;
337 337
 		}
338
-	    *next_index= -1;
338
+		*next_index= -1;
339 339
 	}
340 340
 
341 341
 	return 0;
Browse code

- fix a few errors in doxygen documentation - sync one function definitions variables with declaration

git-svn-id: https://openser.svn.sourceforge.net/svnroot/openser/trunk@5254 689a6050-402a-0410-94f2-e92a70836424

Henning Westerholt authored on 25/11/2008 09:34:15
Showing 1 changed files
... ...
@@ -486,7 +486,7 @@ static inline int pv_authorize(struct sip_msg* msg, gparam_p realm,
486 486
 /*!
487 487
  * \brief Small wrapper around pv_authorize, use proxy challenge
488 488
  * \param msg SIP message
489
- * \param ream authenfication realm
489
+ * \param realm authenfication realm
490 490
  * \param str2 unused
491 491
  * \return 1 on sucess, 0 on errors, negative on authentification failures
492 492
  */
Browse code

- fix a bunch of doxygen errors

git-svn-id: https://openser.svn.sourceforge.net/svnroot/openser/trunk@5239 689a6050-402a-0410-94f2-e92a70836424

Henning Westerholt authored on 21/11/2008 10:24:44
Showing 1 changed files
... ...
@@ -366,11 +366,11 @@ static void destroy(void)
366 366
 }
367 367
 
368 368
 
369
-/*! 
369
+/*!
370 370
  * \brief Generate a HA1 response from username and domain
371 371
  * \param msg SIP message
372 372
  * \param _username user name
373
- * \param domain domain
373
+ * \param _domain domain
374 374
  * \param _ha1 generated HA1
375 375
  * \return 0 on success, 1 on error and when the user could not found
376 376
  */
Browse code

- add doxygen documentation

git-svn-id: https://openser.svn.sourceforge.net/svnroot/openser/trunk@5211 689a6050-402a-0410-94f2-e92a70836424

Henning Westerholt authored on 17/11/2008 20:05:27
Showing 1 changed files
... ...
@@ -1,8 +1,6 @@
1
-/* 
1
+/*
2 2
  * $Id$ 
3 3
  *
4
- * Digest Authentication Module
5
- *
6 4
  * Copyright (C) 2001-2003 FhG Fokus
7 5
  *
8 6
  * This file is part of Kamailio, a free SIP server.
... ...
@@ -32,6 +30,18 @@
32 30
  * 2006-03-01 pseudo variables support for domain name (bogdan)
33 31
  */
34 32
 
33
+/*!
34
+ * \file
35
+ * \brief Digest Authentication Module
36
+ * \ingroup auth
37
+ * - Module: \ref auth
38
+ */
39
+
40
+/*!
41
+ * \defgroup auth AUTH :: The Kamailio auth Module
42
+ * The module provides functions to authentificate users.
43
+ * It also exports a API that can be used from other modules.
44
+ */
35 45
 
36 46
 #include <stdio.h>
37 47
 #include <stdlib.h>
... ...
@@ -52,6 +62,7 @@
52 62
 
53 63
 MODULE_VERSION
54 64
 
65
+/*! length of the random secret */
55 66
 #define RAND_SECRET_LEN 32
56 67
 
57 68
 #define DEF_RPID_PREFIX ""
... ...
@@ -59,15 +70,15 @@ MODULE_VERSION
59 70
 #define DEF_STRIP_REALM ""
60 71
 #define DEF_RPID_AVP "$avp(s:rpid)"
61 72
 
62
-
73
+/*! error string for code 500 */
63 74
 static str auth_500_err = str_init("Server Internal Error");
64 75
 
65
-/*
76
+/*!
66 77
  * Module destroy function prototype
67 78
  */
68 79
 static void destroy(void);
69 80
 
70
-/*
81
+/*!
71 82
  * Module initialization function prototype
72 83
  */
73 84
 static int mod_init(void);
... ...
@@ -75,52 +86,52 @@ static int mod_init(void);
75 86
 int pv_proxy_authorize(struct sip_msg* msg, char* realm, char* str2);
76 87
 int pv_www_authorize(struct sip_msg* msg, char* realm, char* str2);
77 88
 
78
-/** SL binds */
89
+/*! SL binds */
79 90
 struct sl_binds slb;
80 91
 
81 92
 
82 93
 /*
83 94
  * Module parameter variables
84 95
  */
85
-char* sec_param    = 0;   /* If the parameter was not used, the secret phrase will be auto-generated */
86
-unsigned int   nonce_expire = 300; /* Nonce lifetime */
96
+char* sec_param    = 0;   /*!< If the parameter is not used, the secret phrase will be auto-generated */
97
+unsigned int   nonce_expire = 300; /*!< Nonce lifetime */
87 98
 
88 99
 str secret;
89 100
 char* sec_rand = 0;
90 101
 
91 102
 int auth_calc_ha1 = 0;
92 103
 
93
-/* Default Remote-Party-ID prefix */
104
+/*! Default Remote-Party-ID prefix */
94 105
 str rpid_prefix = {DEF_RPID_PREFIX, sizeof(DEF_RPID_PREFIX) - 1};
95
-/* Default Remote-Party-IDD suffix */
106
+/*! Default Remote-Party-IDD suffix */
96 107
 str rpid_suffix = {DEF_RPID_SUFFIX, sizeof(DEF_RPID_SUFFIX) - 1};
97
-/* Prefix to strip from realm */
108
+/*! Prefix to strip from realm */
98 109
 str realm_prefix = {DEF_STRIP_REALM, sizeof(DEF_STRIP_REALM) - 1};
99 110
 
100
-/* definition of AVP containing rpid value */
111
+/*! definition of AVP containing rpid value */
101 112
 char* rpid_avp_param = DEF_RPID_AVP;
102 113
 
103
-/* definition of AVP containing username value */
114
+/*! definition of AVP containing username value */
104 115
 char* user_spec_param = 0;
105 116
 static pv_spec_t user_spec;
106 117
 
107 118
 
108
-/* definition of AVP containing password value */
119
+/*! definition of AVP containing password value */
109 120
 char* passwd_spec_param = 0;
110 121
 static pv_spec_t passwd_spec;
111 122
 
112
-/* nonce index */
123
+/*! nonce index */
113 124
 gen_lock_t* nonce_lock= NULL;
114 125
 char* nonce_buf= NULL;
115 126
 int* sec_monit= NULL;
116 127
 int* second= NULL;
117 128
 int* next_index= NULL;
118 129
 
119
-/* control nonce usage checking */
130
+/*! control nonce usage checking */
120 131
 int nonce_reuse = 0;
121 132
 
122 133
 /*
123
- * Exported functions 
134
+ * Exported functions
124 135
  */
125 136
 static cmd_export_t cmds[] = {
126 137
 	{"www_challenge",       (cmd_function)www_challenge,           2,
... ...
@@ -183,9 +194,12 @@ struct module_exports exports = {
183 194
 };
184 195
 
185 196
 
186
-/*
187
- * Secret parameter was not used so we generate
188
- * a random value here
197
+/*!
198
+ * \brief Generate a random secret
199
+ *
200
+ * Generate a random secret. A secret parameter was not used so we
201
+ * generate a random value here.
202
+ * \return 0 on success, -1 on failure
189 203
  */
190 204
 static inline int generate_random_secret(void)
191 205
 {
... ...
@@ -282,7 +296,7 @@ static int mod_init(void)
282 296
 			default: ;
283 297
 		}
284 298
 	}
285
-    
299
+
286 300
 	if(nonce_reuse==0)
287 301
 	{
288 302
 	    nonce_lock = (gen_lock_t*)lock_alloc();
... ...
@@ -306,7 +320,7 @@ static int mod_init(void)
306 320
 			return -10;
307 321
 	    }
308 322
 		memset(nonce_buf, 255, NBUF_LEN);
309
-   
323
+
310 324
 	    sec_monit= (int*)shm_malloc((nonce_expire +1)* sizeof(int));
311 325
 	    if(sec_monit== NULL)
312 326
 		{
... ...
@@ -328,11 +342,10 @@ static int mod_init(void)
328 342
 }
329 343
 
330 344
 
331
-
332 345
 static void destroy(void)
333 346
 {
334 347
 	if (sec_rand) pkg_free(sec_rand);
335
-    
348
+
336 349
 	if(nonce_reuse==0)
337 350
 	{
338 351
 	    if(nonce_lock)
... ...
@@ -352,6 +365,15 @@ static void destroy(void)
352 365
 	}
353 366
 }
354 367
 
368
+
369
+/*! 
370
+ * \brief Generate a HA1 response from username and domain
371
+ * \param msg SIP message
372
+ * \param _username user name
373
+ * \param domain domain
374
+ * \param _ha1 generated HA1
375
+ * \return 0 on success, 1 on error and when the user could not found
376
+ */
355 377
 static inline int auth_get_ha1(struct sip_msg *msg, struct username* _username,
356 378
 		str* _domain, char* _ha1)
357 379
 {
... ...
@@ -400,10 +422,19 @@ static inline int auth_get_ha1(struct sip_msg *msg, struct username* _username,
400 422
 		memcpy(_ha1, sval.rs.s, sval.rs.len);
401 423
 		_ha1[sval.rs.len] = '\0';
402 424
 	}
403
-    
425
+
404 426
 	return 0;
405 427
 }
406 428
 
429
+
430
+/*!
431
+ * \brief Check authorization from a pseudo-variable
432
+ * \param msg SIP message
433
+ * \param realm authentification realm
434
+ * \param hftype type of the header field
435
+ * \return 1 when authorized, null on errors, negative on authentification failure
436
+ * \todo rework logic to not check for auth_get_ha1 < 0, this can not happen
437