File: authorize.h

package info (click to toggle)
kamailio 4.2.0-2
  • links: PTS, VCS
  • area: main
  • in suites: jessie-kfreebsd
  • size: 56,100 kB
  • sloc: ansic: 552,832; xml: 166,484; sh: 8,659; makefile: 7,676; sql: 6,235; perl: 3,487; yacc: 3,428; python: 1,457; cpp: 1,219; php: 1,047; java: 449; pascal: 194; cs: 40; awk: 27
file content (192 lines) | stat: -rw-r--r-- 6,733 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
 
/*
 * $Id$
 *
 * Copyright (C) 2012 Smile Communications, jason.penton@smilecoms.com
 * Copyright (C) 2012 Smile Communications, richard.good@smilecoms.com
 * 
 * The initial version of this code was written by Dragos Vingarzan
 * (dragos(dot)vingarzan(at)fokus(dot)fraunhofer(dot)de and the
 * Fruanhofer Institute. It was and still is maintained in a separate
 * branch of the original SER. We are therefore migrating it to
 * Kamailio/SR and look forward to maintaining it from here on out.
 * 2011/2012 Smile Communications, Pty. Ltd.
 * ported/maintained/improved by 
 * Jason Penton (jason(dot)penton(at)smilecoms.com and
 * Richard Good (richard(dot)good(at)smilecoms.com) as part of an 
 * effort to add full IMS support to Kamailio/SR using a new and
 * improved architecture
 * 
 * NB: Alot of this code was originally part of OpenIMSCore,
 * FhG Fokus. 
 * Copyright (C) 2004-2006 FhG Fokus
 * Thanks for great work! This is an effort to 
 * break apart the various CSCF functions into logically separate
 * components. We hope this will drive wider use. We also feel
 * that in this way the architecture is more complete and thereby easier
 * to manage in the Kamailio/SR environment
 *
 * This file is part of Kamailio, a free SIP server.
 *
 * Kamailio is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version
 *
 * Kamailio is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with this program; if not, write to the Free Software 
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 * 
 */


#ifndef AUTHORIZE_H
#define AUTHORIZE_H


#include "../../parser/msg_parser.h"
#include "api.h"
#include "conversion.h"
#include "rfc2617.h"
#include "sip_messages.h"
#include "cxdx_mar.h"


#define NONCE_LEN 16
#define RAND_LEN  16



enum authorization_types {
	AUTH_UNKNOWN			= 0,
/* 3GPP */	
	AUTH_AKAV1_MD5			= 1,
	AUTH_AKAV2_MD5			= 2,
	AUTH_EARLY_IMS			= 3,
/* FOKUS */
	AUTH_MD5				= 4,
/* CableLabs */	
	AUTH_DIGEST				= 5,
/* 3GPP */	
	AUTH_SIP_DIGEST			= 6,
/* TISPAN */	
	AUTH_HTTP_DIGEST_MD5	= 7,	
	AUTH_NASS_BUNDLED		= 8
};

/** Enumeration for the Authorization Vector status */
enum auth_vector_status {
	AUTH_VECTOR_UNUSED = 0,
	AUTH_VECTOR_SENT = 1,
	AUTH_VECTOR_USELESS = 2,	/**< invalidated, marked for deletion 		*/
	AUTH_VECTOR_USED = 3		/**< the vector has been successfully used	*/
} ;

/** Authorization Vector storage structure */
typedef struct _auth_vector {
	int item_number;	/**< index of the auth vector		*/
	unsigned char type;	/**< type of authentication vector 	*/
	str authenticate;	/**< challenge (rand|autn in AKA)	*/
	str authorization; 	/**< expected response				*/
	str ck;				/**< Cypher Key						*/
	str ik;				/**< Integrity Key					*/
	time_t expires;/**< expires in (after it is sent)	*/
	uint32_t use_nb;		/**< number of use (nonce count)*/
	
	enum auth_vector_status status;/**< current status		*/
	struct _auth_vector *next;/**< next av in the list		*/
	struct _auth_vector *prev;/**< previous av in the list	*/
} auth_vector;

/** Set of auth_vectors used by a private id */
typedef struct _auth_userdata{
	unsigned int hash;		/**< hash of the auth data		*/
	str private_identity;	/**< authorization username		*/
	str public_identity;	/**< public identity linked to	*/
	time_t expires;			/**< expires in					*/

	auth_vector *head;		/**< first auth vector in list	*/
	auth_vector *tail;		/**< last auth vector in list	*/
	
	struct _auth_userdata *next;/**< next element in list	*/
	struct _auth_userdata *prev;/**< previous element in list*/
} auth_userdata;

/** Authorization user data hash slot */
typedef struct {
	auth_userdata *head;				/**< first in the slot			*/ 
	auth_userdata *tail;				/**< last in the slot			*/
	gen_lock_t *lock;			/**< slot lock 							*/	
} auth_hash_slot_t;



int auth_db_init(const str* db_url);
int auth_db_bind(const str* db_url);
void auth_db_close(void);

/*
 * Authorize using Proxy-Authorization header field
 */
int proxy_authenticate(struct sip_msg* _msg, char* _realm, char* _table);
int proxy_challenge(struct sip_msg* msg, char* route, char* _realm, char* str2);

/*
 * Authorize using WWW-Authorization header field
 */
int www_authenticate(struct sip_msg* _msg, char* _realm, char* _table);
int www_challenge2(struct sip_msg* msg, char* route, char* _realm, char* str2);
int www_challenge3(struct sip_msg* msg, char* route, char* _realm, char* str2);
int www_resync_auth(struct sip_msg* msg, char* _route, char* str1, char* str2);


/*
 * Bind to IMS_AUTH API
 */
int bind_ims_auth(ims_auth_api_t* api);

auth_vector* get_auth_vector(str private_identity,str public_identity,int status,str *nonce,unsigned int *hash);
/*
 * Storage of authentication vectors
 */

inline void auth_data_lock(unsigned int hash);
inline void auth_data_unlock(unsigned int hash);
 
int auth_data_init(int size);

void auth_data_destroy();

auth_vector *new_auth_vector(int item_number,str auth_scheme,str authenticate,
			str authorization,str ck,str ik);
void free_auth_vector(auth_vector *av);

auth_userdata *new_auth_userdata(str private_identity,str public_identity);
void free_auth_userdata(auth_userdata *aud);					

inline unsigned int get_hash_auth(str private_identity,str public_identity);

int add_auth_vector(str private_identity,str public_identity,auth_vector *av);
auth_vector* get_auth_vector(str private_identity,str public_identity,int status,str *nonce,unsigned int *hash);

int drop_auth_userdata(str private_identity,str public_identity);
auth_userdata* get_auth_userdata(str private_identity,str public_identity);

int stateful_request_reply(struct sip_msg *msg, int code,  char *text);
int stateful_request_reply_async(struct cell* t, struct sip_msg *msg, int code, char *text);

int multimedia_auth_request(struct sip_msg *msg, str public_identity, str private_identity,
					int count,str auth_scheme,str nonce,str auts,str servername, saved_transaction_t* transaction_data);
int pack_challenge(struct sip_msg *msg,str realm,auth_vector *av, int is_proxy_auth);
int add_authinfo_resp_hdr(struct sip_msg *msg, str nextnonce, str qop, HASHHEX rspauth, str cnonce, str nc);

inline void start_reg_await_timer(auth_vector *av);
void reg_await_timer(unsigned int ticks, void* param);

unsigned char get_algorithm_type(str algorithm);

#endif /* AUTHORIZE_H */