src/modules/auth/api.h
5d7bdf0b
 /*
  * Digest Authentication Module
c4b6428c
  *
95072403
  * Copyright (C) 2001-2003 FhG Fokus
c4b6428c
  *
4ca850ad
  * This file is part of Kamailio, a free SIP server.
c4b6428c
  *
4ca850ad
  * Kamailio is free software; you can redistribute it and/or modify
5d7bdf0b
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version
c4b6428c
  *
4ca850ad
  * Kamailio is distributed in the hope that it will be useful,
5d7bdf0b
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
c4b6428c
  *
  * You should have received a copy of the GNU General Public License
4ca850ad
  * along with this program; if not, write to the Free Software
9e1ff448
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
4ca850ad
  *
5d7bdf0b
  */
 
 #ifndef API_H
 #define API_H
 
 
cf83221d
 #include "../../core/parser/msg_parser.h"
 #include "../../core/parser/digest/digest.h"
 #include "../../core/sr_module.h"
 #include "../../core/usr_avp.h"
 #include "../../core/parser/hf.h"
 #include "../../core/str.h"
8ee734e1
 #include "challenge.h"
1babd807
 #include "rfc2617.h"
5d7bdf0b
 
9c2c336d
 /**
  * return codes to config by auth functions
  */
 typedef enum auth_cfg_result {
7ea685c4
 	AUTH_USER_MISMATCH = -8,    /*!< Auth user != From/To user */
d354446a
 	AUTH_USERNAME_EXPIRED = -7, /*!< Ephemeral auth username expired */
5ec0e422
 	AUTH_NONCE_REUSED = -6,     /*!< Returned if nonce is used more than once */
 	AUTH_NO_CREDENTIALS = -5,   /*!< Credentials missing */
 	AUTH_STALE_NONCE = -4,      /*!< Stale nonce */
9c2c336d
 	AUTH_USER_UNKNOWN = -3,     /*!< User not found */
 	AUTH_INVALID_PASSWORD = -2, /*!< Invalid password */
 	AUTH_ERROR = -1,            /*!< Error occurred */
 	AUTH_DROP = 0,              /*!< Error, stop config execution */
 	AUTH_OK = 1                 /*!< Success */
 } auth_cfg_result_t;
 
5d7bdf0b
 
8de2a607
 /**
  * flags for checks in auth functions
  */
 #define AUTH_CHECK_ID_F 1<<0
8c98ff64
 #define AUTH_CHECK_SKIPFWD_F 1<<1
8de2a607
 
9c2c336d
 /**
  * return codes to auth API functions
  */
5d7bdf0b
 typedef enum auth_result {
5ec0e422
 	NONCE_REUSED = -5,  /* Returned if nonce is used more than once */
 	NO_CREDENTIALS,     /* Credentials missing */
 	STALE_NONCE,        /* Stale nonce */
 	ERROR,              /* Error occurred, a reply has been sent out -> return 0 to the ser core */
f6beb702
 	NOT_AUTHENTICATED,  /* Don't perform authentication, credentials missing */
 	DO_AUTHENTICATION,  /* Perform digest authentication */
1babd807
 	AUTHENTICATED,      /* Authenticated by default, no digest authentication necessary */
 	BAD_CREDENTIALS,    /* Digest credentials are malformed */
 	CREATE_CHALLENGE,   /* when AKAv1-MD5 is used first request does not contain credentials,
c4b6428c
 						 * only usename, realm and algorithm. Server should get Authentication
 						 * Vector from AuC/HSS, create challenge and send it to the UE. */
1babd807
 	DO_RESYNCHRONIZATION   /* When AUTS is received we need do resynchronization
c4b6428c
 							* of sequnce numbers with mobile station. */
5d7bdf0b
 } auth_result_t;
 
5ec0e422
 
b3f0a3f0
 typedef int (*check_auth_hdr_t)(struct sip_msg* msg, auth_body_t* auth_body,
 		auth_result_t* auth_res);
 int check_auth_hdr(struct sip_msg* msg, auth_body_t* auth_body,
 		auth_result_t* auth_res);
5d7bdf0b
 
 /*
  * Purpose of this function is to find credentials with given realm,
  * do sanity check, validate credential correctness and determine if
  * we should really authenticate (there must be no authentication for
  * ACK and CANCEL
  */
f6beb702
 typedef auth_result_t (*pre_auth_t)(struct sip_msg* msg, str* realm,
c4b6428c
 					hdr_types_t hftype, struct hdr_field** hdr,
b3f0a3f0
 					check_auth_hdr_t check_auth_hdr);
f6beb702
 auth_result_t pre_auth(struct sip_msg* msg, str* realm, hdr_types_t hftype,
c4b6428c
 			struct hdr_field** hdr, check_auth_hdr_t check_auth_hdr);
5d7bdf0b
 
 
 /*
  * Purpose of this function is to do post authentication steps like
  * marking authorized credentials and so on.
  */
b3f0a3f0
 typedef auth_result_t (*post_auth_t)(struct sip_msg* msg,
e2ee8b57
 		struct hdr_field* hdr, char* ha1);
 auth_result_t post_auth(struct sip_msg* msg, struct hdr_field* hdr, char* ha1);
5782beda
 
b3f0a3f0
 typedef int (*check_response_t)(dig_cred_t* cred, str* method, char* ha1);
 int auth_check_response(dig_cred_t* cred, str* method, char* ha1);
8477b7f3
 
019637af
 typedef int (*auth_challenge_hftype_f)(struct sip_msg *msg, str *realm, int flags,
dc15caf8
 		int hftype);
019637af
 int auth_challenge_hftype(struct sip_msg *msg, str *realm, int flags,
dc15caf8
 		int hftype);
 
 typedef int (*pv_authenticate_f)(struct sip_msg *msg, str *realm, str *passwd,
3f35106f
 		int flags, int hftype, str *method);
dc15caf8
 int pv_authenticate(struct sip_msg *msg, str *realm, str *passwd,
3f35106f
 		int flags, int hftype, str *method);
dc15caf8
 
 typedef int (*consume_credentials_f)(struct sip_msg* msg);
 int consume_credentials(struct sip_msg* msg);
 
8477b7f3
 /*
  * Auth module API
  */
f93a3d56
 typedef struct auth_api_s {
c4b6428c
 	pre_auth_t pre_auth;                  /* The function to be called before authentication */
 	post_auth_t post_auth;                /* The function to be called after authentication */
 	build_challenge_hf_t build_challenge; /* Function to build digest challenge header */
 	struct qp* qop;                       /* qop module parameter */
dc15caf8
 	calc_HA1_t         calc_HA1;
 	calc_response_t    calc_response;
 	check_response_t   check_response;
019637af
 	auth_challenge_hftype_f   auth_challenge_hftype;
dc15caf8
 	pv_authenticate_f  pv_authenticate;
 	consume_credentials_f consume_credentials;
f93a3d56
 } auth_api_s_t;
8477b7f3
 
f93a3d56
 typedef int (*bind_auth_s_t)(auth_api_s_t* api);
 int bind_auth_s(auth_api_s_t* api);
8477b7f3
 
dc15caf8
 /**
  * load AUTH module API
  */
 static inline int auth_load_api(auth_api_s_t* api)
 {
 	bind_auth_s_t bind_auth;
 
 	/* bind to auth module and import the API */
 	bind_auth = (bind_auth_s_t)find_export("bind_auth_s", 0, 0);
 	if (!bind_auth) {
 		LM_ERR("unable to find bind_auth function. Check if you load"
 				" the auth module.\n");
 		return -1;
 	}
 
 	if (bind_auth(api) < 0) {
 		LM_ERR("unable to bind auth module\n");
 		return -1;
 	}
 	return 0;
 }
8477b7f3
 
5d7bdf0b
 #endif /* API_H */