auth_plugin.h 7.61 KB
Newer Older
Pekka Pessi's avatar
Pekka Pessi committed
1 2 3 4 5 6 7
/*
 * This file is part of the Sofia-SIP package
 *
 * Copyright (C) 2005 Nokia Corporation.
 *
 * Contact: Pekka Pessi <pekka.pessi@nokia.com>
 *
8
 * This library is free software; you can redistribute it and/or
Pekka Pessi's avatar
Pekka Pessi committed
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA
 *
 */

Pekka Pessi's avatar
Pekka Pessi committed
25 26
#ifndef AUTH_PLUGIN_H
/** Defined when <sofia-sip/auth_plugin.h> has been included. */
Pekka Pessi's avatar
Pekka Pessi committed
27 28
#define AUTH_PLUGIN_H 

Pekka Pessi's avatar
Pekka Pessi committed
29
/**@file sofia-sip/auth_plugin.h
Pekka Pessi's avatar
Pekka Pessi committed
30 31 32 33 34 35 36 37
 * @brief Plugin interface for authentication verification modules.
 * 
 * @author Pekka Pessi <Pekka.Pessi@nokia.com>
 * 
 * @date Created: Tue Apr 27 15:22:07 2004 ppessi
 */

#ifndef AUTH_MODULE_H
38
#include "sofia-sip/auth_module.h"
Pekka Pessi's avatar
Pekka Pessi committed
39 40 41
#endif

#ifndef AUTH_DIGEST_H
42
#include "sofia-sip/auth_digest.h"
Pekka Pessi's avatar
Pekka Pessi committed
43 44
#endif

45 46 47 48
#ifndef AUTH_COMMON_H
#include "sofia-sip/auth_common.h"
#endif

Pekka Pessi's avatar
Pekka Pessi committed
49
#ifndef MSG_DATE_H
50
#include <sofia-sip/msg_date.h>
Pekka Pessi's avatar
Pekka Pessi committed
51 52 53
#endif

#ifndef SU_MD5_H
54
#include <sofia-sip/su_md5.h>
Pekka Pessi's avatar
Pekka Pessi committed
55 56
#endif

57
#include <sofia-sip/htable.h>
Pekka Pessi's avatar
Pekka Pessi committed
58

59 60
SOFIA_BEGIN_DECLS

Pekka Pessi's avatar
Pekka Pessi committed
61 62 63 64
/* ====================================================================== */
/* Plugin interface for authentication */

/** Authentication scheme */
65
struct auth_scheme
Pekka Pessi's avatar
Pekka Pessi committed
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142
{
  /** Name */
  char const *asch_method;

  /** Size of module object */
  unsigned asch_size;

  /** Initialize module. Invoked by auth_mod_create(). */
  int (*asch_init)(auth_mod_t *am,
		   auth_scheme_t *base,
		   su_root_t *root,
		   tag_type_t tag, tag_value_t value, ...);

  /** Check authentication. Invoked by auth_mod_method(). */
  void (*asch_check)(auth_mod_t *am, 
		     auth_status_t *as,
		     msg_auth_t *auth,
		     auth_challenger_t const *ch);

  /** Create a challenge. Invoked by auth_mod_challenge(). */
  void (*asch_challenge)(auth_mod_t *am, 
			 auth_status_t *as,
			 auth_challenger_t const *ch);

  /** Cancel an asynchronous authentication request. 
   * Invoked by auth_mod_cancel().
   */
  void (*asch_cancel)(auth_mod_t *am, 
		      auth_status_t *as);

  /** Reclaim resources an authentication module.
   *
   * Invoked by auth_mod_destroy()/auth_mod_unref().
   */
  void (*asch_destroy)(auth_mod_t *am);

};

/** User data structure */
typedef struct
{
  unsigned        apw_index;	/**< Key to hash table */
  void const     *apw_type;	/**< Magic pointer */

  char const   	 *apw_user;	/**< Username */
  char const     *apw_realm;	/**< Realm */
  char const   	 *apw_pass;	/**< Password */
  char const     *apw_hash;	/**< MD5 of the username, realm and pass */
  auth_uplugin_t *apw_extended;	/**< Method-specific extension */
} auth_passwd_t;


HTABLE_DECLARE(auth_htable, aht, auth_passwd_t);

struct stat;

/** Common data for authentication module */
struct auth_mod_t
{
  su_home_t      am_home[1];
  unsigned       am_refcount;	/**< Number of references to this module */

  /* User database / cache */
  char const    *am_db;		/**< User database file name */
  struct stat   *am_stat;	/**< State of user file when read */
  auth_htable_t  am_users[1];	/**< Table of users */

  void          *am_buffer;	/**< Buffer for database */
  auth_passwd_t *am_locals;	/**< Entries from local user file */
  size_t         am_local_count; /**< Number of entries from local user file */

  auth_passwd_t *am_anon_user;	/**< Special entry for anonymous user */

  /* Attributes */
  url_t         *am_remote;	/**< Remote authenticator */
  char const    *am_realm;	/**< Our realm */
  char const    *am_opaque;	/**< Opaque identification data */
143 144
  char const    *am_gssapi_data; /**< NTLM data */
  char const    *am_targetname; /**< NTLM target name */
Pekka Pessi's avatar
Pekka Pessi committed
145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167
  auth_scheme_t *am_scheme;	/**< Authentication scheme (Digest, Basic). */
  char const   **am_allow;	/**< Methods to allow without authentication */
  msg_param_t    am_algorithm;	/**< Defauilt algorithm */
  msg_param_t    am_qop;	/**< Default qop (quality-of-protection) */
  unsigned       am_expires;	/**< Nonce lifetime */
  unsigned       am_next_exp;	/**< Next nonce lifetime */
  unsigned       am_blacklist;	/**< Extra delay if bad credentials. */
  unsigned       am_forbidden:1;/**< Respond with 403 if bad credentials */
  unsigned       am_anonymous:1;/**< Allow anonymous access */
  unsigned       am_challenge:1;/**< Challenge even if successful */
  unsigned       am_nextnonce:1;/**< Send next nonce in responses */
  unsigned       am_mutual:1;   /**< Mutual authentication */
  unsigned       am_fake:1;	/**< Fake authentication */

  unsigned :0;			/**< Pad */
  unsigned       am_count;	/**< Nonce counter */

  uint8_t        am_master_key[16]; /**< Private master key */
  
  su_md5_t       am_hmac_ipad;	/**< MD5 with inner pad */
  su_md5_t       am_hmac_opad;	/**< MD5 with outer pad */
};

Pekka Pessi's avatar
Pekka Pessi committed
168
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
169 170 171 172
auth_passwd_t *auth_mod_getpass(auth_mod_t *am,
				char const *user,
				char const *realm);

Pekka Pessi's avatar
Pekka Pessi committed
173
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
174 175 176 177
auth_passwd_t *auth_mod_addpass(auth_mod_t *am,
				char const *user,
				char const *realm);

Pekka Pessi's avatar
Pekka Pessi committed
178
SOFIAPUBFUN int auth_readdb_if_needed(auth_mod_t *am);
Pekka Pessi's avatar
Pekka Pessi committed
179

Pekka Pessi's avatar
Pekka Pessi committed
180
SOFIAPUBFUN int auth_readdb(auth_mod_t *am);
Pekka Pessi's avatar
Pekka Pessi committed
181

Pekka Pessi's avatar
Pekka Pessi committed
182 183 184
SOFIAPUBFUN msg_auth_t *auth_mod_credentials(msg_auth_t *auth, 
					     char const *scheme,
					     char const *realm);
Pekka Pessi's avatar
Pekka Pessi committed
185

Pekka Pessi's avatar
Pekka Pessi committed
186 187
SOFIAPUBFUN auth_mod_t *auth_mod_alloc(auth_scheme_t *scheme, 
				       tag_type_t, tag_value_t, ...);
Pekka Pessi's avatar
Pekka Pessi committed
188 189 190

#define AUTH_PLUGIN(am) (auth_plugin_t *)((am) + 1)

Pekka Pessi's avatar
Pekka Pessi committed
191
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
192 193 194 195 196 197
int auth_init_default(auth_mod_t *am,
		      auth_scheme_t *base,
		      su_root_t *root,
		      tag_type_t tag, tag_value_t value, ...);

/** Default cancel method */
Pekka Pessi's avatar
Pekka Pessi committed
198
SOFIAPUBFUN void auth_cancel_default(auth_mod_t *am, auth_status_t *as);
Pekka Pessi's avatar
Pekka Pessi committed
199 200

/** Default destroy method */
Pekka Pessi's avatar
Pekka Pessi committed
201
SOFIAPUBFUN void auth_destroy_default(auth_mod_t *am);
Pekka Pessi's avatar
Pekka Pessi committed
202 203

/** Basic scheme */
Pekka Pessi's avatar
Pekka Pessi committed
204
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
205 206 207 208 209
void auth_method_basic(auth_mod_t *am,
		       auth_status_t *as,
		       msg_auth_t *auth,
		       auth_challenger_t const *ach);

Pekka Pessi's avatar
Pekka Pessi committed
210
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
211 212 213 214 215
void auth_challenge_basic(auth_mod_t *am, 
			  auth_status_t *as,
			  auth_challenger_t const *ach);

/** Digest scheme */
Pekka Pessi's avatar
Pekka Pessi committed
216
SOFIAPUBFUN
217 218 219 220
msg_auth_t *auth_digest_credentials(msg_auth_t *auth, 
				    char const *realm,
				    char const *opaque);

Pekka Pessi's avatar
Pekka Pessi committed
221
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
222 223 224 225 226
void auth_method_digest(auth_mod_t *am,
			auth_status_t *as,
			msg_auth_t *au,
			auth_challenger_t const *ach);

Pekka Pessi's avatar
Pekka Pessi committed
227
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
228 229 230 231
void auth_info_digest(auth_mod_t *am, 
		      auth_status_t *as,
		      auth_challenger_t const *ach);

Pekka Pessi's avatar
Pekka Pessi committed
232
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
233 234 235 236 237
void auth_check_digest(auth_mod_t *am,
		       auth_status_t *as,
		       auth_response_t *ar,
		       auth_challenger_t const *ach);

Pekka Pessi's avatar
Pekka Pessi committed
238
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
239 240 241 242
void auth_challenge_digest(auth_mod_t *am, 
			   auth_status_t *as,
			   auth_challenger_t const *ach);

Pekka Pessi's avatar
Pekka Pessi committed
243
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
244 245 246 247 248 249
int auth_generate_digest_nonce(auth_mod_t *am, 
			       char buffer[],
			       size_t buffer_len,
			       int nextnonce,
			       msg_time_t now);

Pekka Pessi's avatar
Pekka Pessi committed
250
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
251 252 253 254 255
int auth_validate_digest_nonce(auth_mod_t *am, 
			       auth_status_t *as,
			       auth_response_t *ar,
			       msg_time_t now);

256
SOFIAPUBFUN int auth_allow_check(auth_mod_t *am, auth_status_t *as);
Pekka Pessi's avatar
Pekka Pessi committed
257 258

/** Init md5 for MD5-based HMAC */
Pekka Pessi's avatar
Pekka Pessi committed
259 260 261
SOFIAPUBFUN void auth_md5_hmac_init(auth_mod_t *am, su_md5_t *md5);
SOFIAPUBFUN void auth_md5_hmac_digest(auth_mod_t *am, su_md5_t *md5, 
				      void *hmac, size_t size);
Pekka Pessi's avatar
Pekka Pessi committed
262

263 264
SOFIA_END_DECLS

Pekka Pessi's avatar
Pekka Pessi committed
265
#endif /* !defined AUTH_PLUGIN_H */