Browse code

auth,auth_ephemeral: return code for expired username

- added AUTH_USERNAME_EXPIRED auth api return code and used it in auth
ephemeral authentication, when username is expired

Juha Heinanen authored on 27/03/2019 09:10:16 • Daniel-Constantin Mierla committed on 29/03/2019 09:10:29
Showing 1 changed files
... ...
@@ -39,6 +39,7 @@
39 39
  */
40 40
 typedef enum auth_cfg_result {
41 41
 	AUTH_USER_MISMATCH = -8,    /*!< Auth user != From/To user */
42
+	AUTH_USERNAME_EXPIRED = -7, /*!< Ephemeral auth username expired */
42 43
 	AUTH_NONCE_REUSED = -6,     /*!< Returned if nonce is used more than once */
43 44
 	AUTH_NO_CREDENTIALS = -5,   /*!< Credentials missing */
44 45
 	AUTH_STALE_NONCE = -4,      /*!< Stale nonce */
Browse code

core, lib, modules: updated include paths for header files

Daniel-Constantin Mierla authored on 07/12/2016 11:07:22
Showing 1 changed files
... ...
@@ -25,12 +25,12 @@
25 25
 #define API_H
26 26
 
27 27
 
28
-#include "../../parser/msg_parser.h"
29
-#include "../../parser/digest/digest.h"
30
-#include "../../sr_module.h"
31
-#include "../../usr_avp.h"
32
-#include "../../parser/hf.h"
33
-#include "../../str.h"
28
+#include "../../core/parser/msg_parser.h"
29
+#include "../../core/parser/digest/digest.h"
30
+#include "../../core/sr_module.h"
31
+#include "../../core/usr_avp.h"
32
+#include "../../core/parser/hf.h"
33
+#include "../../core/str.h"
34 34
 #include "challenge.h"
35 35
 #include "rfc2617.h"
36 36
 
Browse code

core, lib, modules: restructured source code tree

- new folder src/ to hold the source code for main project applications
- main.c is in src/
- all core files are subfolder are in src/core/
- modules are in src/modules/
- libs are in src/lib/
- application Makefiles are in src/
- application binary is built in src/ (src/kamailio)

Daniel-Constantin Mierla authored on 07/12/2016 11:03:51
Showing 1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,162 @@
1
+/*
2
+ * Digest Authentication Module
3
+ *
4
+ * Copyright (C) 2001-2003 FhG Fokus
5
+ *
6
+ * This file is part of Kamailio, a free SIP server.
7
+ *
8
+ * Kamailio is free software; you can redistribute it and/or modify
9
+ * it under the terms of the GNU General Public License as published by
10
+ * the Free Software Foundation; either version 2 of the License, or
11
+ * (at your option) any later version
12
+ *
13
+ * Kamailio is distributed in the hope that it will be useful,
14
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16
+ * GNU General Public License for more details.
17
+ *
18
+ * You should have received a copy of the GNU General Public License
19
+ * along with this program; if not, write to the Free Software
20
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
21
+ *
22
+ */
23
+
24
+#ifndef API_H
25
+#define API_H
26
+
27
+
28
+#include "../../parser/msg_parser.h"
29
+#include "../../parser/digest/digest.h"
30
+#include "../../sr_module.h"
31
+#include "../../usr_avp.h"
32
+#include "../../parser/hf.h"
33
+#include "../../str.h"
34
+#include "challenge.h"
35
+#include "rfc2617.h"
36
+
37
+/**
38
+ * return codes to config by auth functions
39
+ */
40
+typedef enum auth_cfg_result {
41
+	AUTH_USER_MISMATCH = -8,    /*!< Auth user != From/To user */
42
+	AUTH_NONCE_REUSED = -6,     /*!< Returned if nonce is used more than once */
43
+	AUTH_NO_CREDENTIALS = -5,   /*!< Credentials missing */
44
+	AUTH_STALE_NONCE = -4,      /*!< Stale nonce */
45
+	AUTH_USER_UNKNOWN = -3,     /*!< User not found */
46
+	AUTH_INVALID_PASSWORD = -2, /*!< Invalid password */
47
+	AUTH_ERROR = -1,            /*!< Error occurred */
48
+	AUTH_DROP = 0,              /*!< Error, stop config execution */
49
+	AUTH_OK = 1                 /*!< Success */
50
+} auth_cfg_result_t;
51
+
52
+
53
+/**
54
+ * flags for checks in auth functions
55
+ */
56
+#define AUTH_CHECK_ID_F 1<<0
57
+#define AUTH_CHECK_SKIPFWD_F 1<<1
58
+
59
+/**
60
+ * return codes to auth API functions
61
+ */
62
+typedef enum auth_result {
63
+	NONCE_REUSED = -5,  /* Returned if nonce is used more than once */
64
+	NO_CREDENTIALS,     /* Credentials missing */
65
+	STALE_NONCE,        /* Stale nonce */
66
+	ERROR,              /* Error occurred, a reply has been sent out -> return 0 to the ser core */
67
+	NOT_AUTHENTICATED,  /* Don't perform authentication, credentials missing */
68
+	DO_AUTHENTICATION,  /* Perform digest authentication */
69
+	AUTHENTICATED,      /* Authenticated by default, no digest authentication necessary */
70
+	BAD_CREDENTIALS,    /* Digest credentials are malformed */
71
+	CREATE_CHALLENGE,   /* when AKAv1-MD5 is used first request does not contain credentials,
72
+						 * only usename, realm and algorithm. Server should get Authentication
73
+						 * Vector from AuC/HSS, create challenge and send it to the UE. */
74
+	DO_RESYNCHRONIZATION   /* When AUTS is received we need do resynchronization
75
+							* of sequnce numbers with mobile station. */
76
+} auth_result_t;
77
+
78
+
79
+typedef int (*check_auth_hdr_t)(struct sip_msg* msg, auth_body_t* auth_body,
80
+		auth_result_t* auth_res);
81
+int check_auth_hdr(struct sip_msg* msg, auth_body_t* auth_body,
82
+		auth_result_t* auth_res);
83
+
84
+/*
85
+ * Purpose of this function is to find credentials with given realm,
86
+ * do sanity check, validate credential correctness and determine if
87
+ * we should really authenticate (there must be no authentication for
88
+ * ACK and CANCEL
89
+ */
90
+typedef auth_result_t (*pre_auth_t)(struct sip_msg* msg, str* realm,
91
+					hdr_types_t hftype, struct hdr_field** hdr,
92
+					check_auth_hdr_t check_auth_hdr);
93
+auth_result_t pre_auth(struct sip_msg* msg, str* realm, hdr_types_t hftype,
94
+			struct hdr_field** hdr, check_auth_hdr_t check_auth_hdr);
95
+
96
+
97
+/*
98
+ * Purpose of this function is to do post authentication steps like
99
+ * marking authorized credentials and so on.
100
+ */
101
+typedef auth_result_t (*post_auth_t)(struct sip_msg* msg,
102
+		struct hdr_field* hdr, char* ha1);
103
+auth_result_t post_auth(struct sip_msg* msg, struct hdr_field* hdr, char* ha1);
104
+
105
+typedef int (*check_response_t)(dig_cred_t* cred, str* method, char* ha1);
106
+int auth_check_response(dig_cred_t* cred, str* method, char* ha1);
107
+
108
+typedef int (*auth_challenge_hftype_f)(struct sip_msg *msg, str *realm, int flags,
109
+		int hftype);
110
+int auth_challenge_hftype(struct sip_msg *msg, str *realm, int flags,
111
+		int hftype);
112
+
113
+typedef int (*pv_authenticate_f)(struct sip_msg *msg, str *realm, str *passwd,
114
+		int flags, int hftype, str *method);
115
+int pv_authenticate(struct sip_msg *msg, str *realm, str *passwd,
116
+		int flags, int hftype, str *method);
117
+
118
+typedef int (*consume_credentials_f)(struct sip_msg* msg);
119
+int consume_credentials(struct sip_msg* msg);
120
+
121
+/*
122
+ * Auth module API
123
+ */
124
+typedef struct auth_api_s {
125
+	pre_auth_t pre_auth;                  /* The function to be called before authentication */
126
+	post_auth_t post_auth;                /* The function to be called after authentication */
127
+	build_challenge_hf_t build_challenge; /* Function to build digest challenge header */
128
+	struct qp* qop;                       /* qop module parameter */
129
+	calc_HA1_t         calc_HA1;
130
+	calc_response_t    calc_response;
131
+	check_response_t   check_response;
132
+	auth_challenge_hftype_f   auth_challenge_hftype;
133
+	pv_authenticate_f  pv_authenticate;
134
+	consume_credentials_f consume_credentials;
135
+} auth_api_s_t;
136
+
137
+typedef int (*bind_auth_s_t)(auth_api_s_t* api);
138
+int bind_auth_s(auth_api_s_t* api);
139
+
140
+/**
141
+ * load AUTH module API
142
+ */
143
+static inline int auth_load_api(auth_api_s_t* api)
144
+{
145
+	bind_auth_s_t bind_auth;
146
+
147
+	/* bind to auth module and import the API */
148
+	bind_auth = (bind_auth_s_t)find_export("bind_auth_s", 0, 0);
149
+	if (!bind_auth) {
150
+		LM_ERR("unable to find bind_auth function. Check if you load"
151
+				" the auth module.\n");
152
+		return -1;
153
+	}
154
+
155
+	if (bind_auth(api) < 0) {
156
+		LM_ERR("unable to bind auth module\n");
157
+		return -1;
158
+	}
159
+	return 0;
160
+}
161
+
162
+#endif /* API_H */